Hello, I'm using FC5 and recently I started getting warnings from rkhunter cron check. I manually also updated the hashes with same results. What may be the reason??? Any ideas...Anything to worry... I'm pasting some relevant portions from the mail. --------------------- Start Rootkit Hunter Update --------------------- Running rkhunter updater... Tue, 10 Oct 2006 04:02:02 +0530 Mirrorfile /var/rkhunter/db/mirrors.dat rotated Using mirror http://mirror11.mirror.rkhunter.org [DB] Mirror file : Mirror outdated. Skipped Info (current version: 2006092302, version of mirror: 2006041300) [DB] MD5 hashes system binaries : Mirror outdated. Skipped Info (current version: 2006100500, version of mirror: 2006022800) [DB] Operating System information : Mirror outdated. Skipped Info (current version: 2006100500, version of mirror: 2006051200) [DB] MD5 blacklisted tools/binaries : Up to date [DB] Known good program versions : Up to date [DB] Known bad program versions : Up to date Finished rkhunter updater.. Tue, 10 Oct 2006 04:15:45 +0530 Ready. ---------------------- Start Rootkit Hunter Scan ---------------------- Rootkit Hunter 1.2.8 is running Tue, 10 Oct 2006 04:15:45 +0530 Determining OS... Ready Checking binaries * Selftests Strings (command) [ OK ] * System tools Info: prelinked files found Performing 'known good' check... /bin/cat [ BAD ] /bin/chmod [ BAD ] /bin/chown [ BAD ] /bin/date [ BAD ] /bin/dmesg [ BAD ] /bin/env [ BAD ] /bin/grep [ BAD ] /bin/kill [ BAD ] /bin/login [ BAD ] <snip> /usr/bin/whoami [ BAD ] -------------------------------------------------------------------------------- Rootkit Hunter found some bad or unknown hashes. This can be happen due replaced binaries or updated packages (which give other hashes). Be sure your hashes are fully updated (rkhunter --update). If you're in doubt about these hashes, contact the author (fill in the contact form). -------------------------------------------------------------------------------- <snip> ---------------------------- Scan results ---------------------------- MD5 MD5 compared: 51 Incorrect MD5 checksums: 51 File scan Scanned files: 342 Possible infected files: 0 Application scan Scanning took 174 seconds ------------------- Tue, 10 Oct 2006 04:18:39 +0530 ------------------- Do you have some problems, undetected rootkits, false positives, ideas or suggestions? Please e-mail me by filling in the contact form (@http://www.rootkit.nl) ----------------------------------------------------------------------- Thanks! -- vikram... |||||||| |||||||| ^^'''''^^||root||^^^'''''''^^ // \\ )) //(( \\// \\ // /\\ || \\ || / )) (( \\ -- "If that man in the PTL is such a healer, why can't he make his wife's hairdo go down?" -- Robin Williams -- * ~|~ = Registered Linux User #285795