I followed the Perfect Server setup for Debian Lenny and ISPConfig3. Part of this tutorial installs rkhunter. Not being a user of that program before, I am not accustomed to the error reporting. Here is a sample report from the daily check: Code: Warning: The O/S name or version has changed since the last run: Old O/S value: Debian 5.0.1 New value: Debian 5.0.3 Because of the change(s) the file properties checks may give some false-positive results. You may need to re-run rkhunter with the '--propupd' option. Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option is used, all the files on their system are known to be genuine, and installed from a reliable source. The rkhunter '--check' option will compare the current file properties against previously stored values, and report if any values differ. However, rkhunter cannot determine what has caused the change, that is for the user to do. Warning: The file properties have changed: File: /usr/bin/awk Current hash: [sanitized hash value1] Stored hash : [sanitized hash value2] Warning: The file '/usr/bin/GET' exists on the system, but it is not present in the rkhunter.dat file. Warning: The file '/usr/bin/less' exists on the system, but it is not present in the rkhunter.dat file. Warning: The file properties have changed: File: /usr/bin/perl Current hash: [sanitized hash value 3] Stored hash : [sanitized hash value 4] Current inode: 2172966 Stored inode: 2172657 Current size: 6848 Stored size: 6856 Current file modification time: 1251499071 Stored file modification time : 1230825459 Warning: The file '/usr/bin/gawk' exists on the system, but it is not present in the rkhunter.dat file. Warning: The file '/usr/bin/lwp-request' exists on the system, but it is not present in the rkhunter.dat file. Warning: Suspicious file types found in /dev: /dev/shm/network/ifstate: ASCII text One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter.log) I know that I performed an apt-get upgrade which likely upgraded the Debian version. The instructions imply that I can run rkhunter with the extra parameter propupd to fix the issue. But it implies that I am OK with the rest of the errors and deem them as safe. I think they are, but I am looking for input. I installed less on the system. So I think that is safe. I also did some work with Perl for implementing dkimproxy (which has been abandoned since). So I think that too is safe. I may have installed GET after the initial installation too. I don't recall. I am unsure of the others listed in the file however.
