Hello My Fedora Core 5 server has same message since updated to version 2006092302. It may be a prelink issue. Vikram Goyal wrote: > Hello, > > I'm using FC5 and recently I started getting warnings from rkhunter cron > check. I manually also updated the hashes with same results. > > What may be the reason??? Any ideas...Anything to worry... > > I'm pasting some relevant portions from the mail. > > --------------------- Start Rootkit Hunter Update --------------------- > > Running rkhunter updater... Tue, 10 Oct 2006 04:02:02 +0530 > > Mirrorfile /var/rkhunter/db/mirrors.dat rotated > Using mirror http://mirror11.mirror.rkhunter.org > [DB] Mirror file : Mirror outdated. Skipped > Info (current version: 2006092302, version of mirror: 2006041300) > [DB] MD5 hashes system binaries : Mirror outdated. Skipped > Info (current version: 2006100500, version of mirror: 2006022800) > [DB] Operating System information : Mirror outdated. Skipped > Info (current version: 2006100500, version of mirror: 2006051200) > [DB] MD5 blacklisted tools/binaries : Up to date > [DB] Known good program versions : Up to date > [DB] Known bad program versions : Up to date > > Finished rkhunter updater.. Tue, 10 Oct 2006 04:15:45 +0530 > Ready. > > ---------------------- Start Rootkit Hunter Scan ---------------------- > > Rootkit Hunter 1.2.8 is running > Tue, 10 Oct 2006 04:15:45 +0530 > Determining OS... Ready > > > Checking binaries > * Selftests > Strings (command) [ OK ] > > > * System tools > Info: prelinked files found > Performing 'known good' check... > /bin/cat [ BAD ] > /bin/chmod [ BAD ] > /bin/chown [ BAD ] > /bin/date [ BAD ] > /bin/dmesg [ BAD ] > /bin/env [ BAD ] > /bin/grep [ BAD ] > /bin/kill [ BAD ] > /bin/login [ BAD ] > <snip> > /usr/bin/whoami [ BAD ] > -------------------------------------------------------------------------------- > Rootkit Hunter found some bad or unknown hashes. This can be happen due replaced > binaries or updated packages (which give other hashes). Be sure your hashes are > fully updated (rkhunter --update). If you're in doubt about these hashes, contact > the author (fill in the contact form). > -------------------------------------------------------------------------------- > <snip> > ---------------------------- Scan results ---------------------------- > > MD5 > MD5 compared: 51 > Incorrect MD5 checksums: 51 > > File scan > Scanned files: 342 > Possible infected files: 0 > > Application scan > Scanning took 174 seconds > > ------------------- Tue, 10 Oct 2006 04:18:39 +0530 ------------------- > > Do you have some problems, undetected rootkits, false positives, ideas > or suggestions? > Please e-mail me by filling in the contact form (@http://www.rootkit.nl) > > ----------------------------------------------------------------------- > Thanks! -- Raina Otoni <ro3159@xxxxxxxxx> -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
