I get this in the rkhunter log /usr/bin/awk [ Warning ] /usr/bin/GET [ Warning ] /usr/bin/gawk [ Warning ] /usr/bin/lwp-request [ Warning ] /usr/sbin/inetd [ Warning ] /usr/sbin/unhide [ Warning ] /usr/sbin/unhide-linux26 [ Warning ] All others are OK. Should these few worry me?
Are these warnings new? Did you run an update recently? If you have more than one server with the same OS, do you get these warnings on the other servers as well? On http://www.debian.org/distrib/packages and http://packages.ubuntu.com/ you can search for packages (if you use Debian/Ubuntu) and also check out the contents of packages. I think they also show the MD5 sum of each file. I guess you can compare this with the MD5 sum of your own files.
now I look at the other server yes they also show there - the one i was looking at initially consistently emails me about it! I'm pretty sure they were showing like that from the day I built it. It's debian lenny. Do you have the same warnings Falko?
its telling you that those files have been modified since it last did a checksum. from: http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/FAQ
Thanks - i'll run the updates. I'm pretty sure the warnings have always been there. It's just taken me two years to do something about it. Ta