From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QbCZd-0003EU-5H for garchives@archives.gentoo.org; Mon, 27 Jun 2011 14:14:01 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1AFBF1C0F0; Mon, 27 Jun 2011 14:12:39 +0000 (UTC) Received: from homiemail-a47.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by pigeon.gentoo.org (Postfix) with ESMTP id DEECE1C0ED for ; Mon, 27 Jun 2011 14:12:38 +0000 (UTC) Received: from homiemail-a47.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a47.g.dreamhost.com (Postfix) with ESMTP id 21B2B28405B for ; Mon, 27 Jun 2011 07:12:38 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=libertytrek.org; h=message-id :date:from:mime-version:to:subject:content-type: content-transfer-encoding; q=dns; s=libertytrek.org; b=IyA19g3bu 3DLqpI3Zi6nsHnJmAwFBALP57hOJT0DA08JjIUw7I6B9sdr49uhD1C8omeRIQPqd PL9j0EbtMlGPQ6PgQGvEeQEJqwL7lEgOg831cGDZrxwYTGvoDqQ12gyjaDPYM/Xm Z54VixUqr5oSKsT74yt7xt5C8DnRV3gcSU= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=libertytrek.org; h= message-id:date:from:mime-version:to:subject:content-type: content-transfer-encoding; s=libertytrek.org; bh=PV4E/BkWRIfE/wV cT6yaz7a6rm8=; b=IfoI1xbDCq7NH3E05D+w0ZhBjfuvCBjd6WzgKRaSV59ZFIB zczLnwf2QSddysjqDFNyZt85LVNtGKbs9ebmRyTBMLc40upea+FcrhYLy+VkL371 gEpG0a1otr3QbFAjkrIhEFQzTM5d9oEMvKBxf8AXFuzHj7ctOCAQeQKEpCX0= Received: from [127.0.0.1] (smtp.media-brokers.com [70.43.81.99]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: tanstaafl@libertytrek.org) by homiemail-a47.g.dreamhost.com (Postfix) with ESMTPSA id D92B4284058 for ; Mon, 27 Jun 2011 07:12:37 -0700 (PDT) Message-ID: <4E088FD4.3090301@libertytrek.org> Date: Mon, 27 Jun 2011 10:12:36 -0400 From: Tanstaafl User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.18) Gecko/20110616 Lightning/1.0b3pre Thunderbird/3.1.11 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] rkhunter --propupd not working since last updates installed X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: X-Archives-Hash: d66070c56f1088cb55d98dd8d93312e8 Hello, I have had rkhunter installed for a long time, been working well, system was reporting clean... On Saturday I did an emerge -uDN world and installed the available updates (not a huge amount), then on Sunday morning, got a report about 6 files whose properties had changed, and I realized I forgot to run --propupd command, so I did - but got the same email again, so it isn't working (doesn't reset the files database so that it thinks they are ok). I still get the same email/message about the same 6 files properties being changed. I've tried running it 3 times now. System checks summary ===================== File properties checks... Files checked: 144 Suspect files: 6 and from the log: myhost : Mon Jun 27, 08:17:17 : ~ # grep Warn /var/log/rkhunter.log [08:05:04] Info: Emailing warnings to 'root' using command '/bin/mail -s "[rkhunter] Warnings found for ${HOST_NAME}"' [08:05:30] /usr/bin/logger [ Warning ] [08:05:30] Warning: The file properties have changed: [08:05:38] /usr/bin/whereis [ Warning ] [08:05:38] Warning: The file properties have changed: [08:05:40] /sbin/fsck [ Warning ] [08:05:40] Warning: The file properties have changed: [08:05:47] /bin/dmesg [ Warning ] [08:05:47] Warning: The file properties have changed: [08:05:51] /bin/more [ Warning ] [08:05:51] Warning: The file properties have changed: [08:05:51] /bin/mount [ Warning ] [08:05:51] Warning: The file properties have changed: myhost : Mon Jun 27, 08:17:25 : ~ # Anyone got any idea what could be causing this?