Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: rkhunter warning wget

2 views
Skip to first unread message

Eduardo M KALINOWSKI

unread,
Oct 15, 2009, 7:16:47 PM10/15/09
to
On Qui, 15 Out 2009, wrote:
> hello
>
> after updateing wget on
>
> Linux version 2.6.26-2-686 (Debian 2.6.26-19) Lenny
>
> i received a waring from rkhunter:
>
> Warning: The file properties have changed:
> File: /usr/bin/wget
> Current hash: 2d5d175c449eecfda43401a7a66b8a369859524d
> Stored hash : 1725543768f7e1b2a32136ca1799213a8bdb886b
> Current inode: 137892 Stored inode: 140983
> Current size: 226292 Stored size: 226260
> Current file modification time: 1255005510
> Stored file modification time : 1220829421
>
> could this be serious?

Depends. Did you upgrade wget? In this case it's normal (even
expected) that the file changes.

There was a security update for wget recently.


--
QOTD:
"I used to be an idealist, but I got mugged by reality."

Eduardo M KALINOWSKI
edu...@kalinowski.com.br


--
To UNSUBSCRIBE, email to debian-secu...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

ma...@firstfloor.org

unread,
Oct 15, 2009, 7:17:03 PM10/15/09
to
hello

thanks eduardo jens and steve for the fast answers.
i was guessing that but i wanted to make it shure.

thanks!

best
maex


On Thu, Oct 15, 2009 at 05:24:11PM +0100, Steve Kemp wrote:


> On Thu Oct 15, 2009 at 17:55:39 +0200, ma...@firstfloor.org wrote:
>
> > after updateing wget on
> >
> > Linux version 2.6.26-2-686 (Debian 2.6.26-19) Lenny
> >
> > i received a waring from rkhunter:
> >
> > Warning: The file properties have changed:
> > File: /usr/bin/wget
> > Current hash: 2d5d175c449eecfda43401a7a66b8a369859524d
> > Stored hash : 1725543768f7e1b2a32136ca1799213a8bdb886b
> > Current inode: 137892 Stored inode: 140983
> > Current size: 226292 Stored size: 226260
> > Current file modification time: 1255005510
> > Stored file modification time : 1220829421
>
>

> You've applied a security update, which has changed
> the binary /usr/bin/wget.
>
> The alert is telling you that the binary has changed,
> and since this is expected (because you've applied the security update)
> the alert is informational not a real report.
>
> Steve
> --
> Debian GNU/Linux System Administration
> http://www.debian-administration.org/

Paul M. Maxim

unread,
Oct 15, 2009, 7:18:21 PM10/15/09
to
--------------------------------------------------
From: <ma...@firstfloor.org>
Sent: Thursday, October 15, 2009 10:53 AM
To: "Steve Kemp" <s...@debian.org>
Cc: <debian-...@lists.debian.org>
Subject: Re: rkhunter warning wget

> hello
>
> thanks eduardo jens and steve for the fast answers.
> i was guessing that but i wanted to make it shure.
>
> thanks!
>
> best
> maex
>
>

You may want to update rkhunter's data file to prevent this exact alert from
showing up in the future (rkhunter --propupd).

Paul

Steve Kemp

unread,
Oct 15, 2009, 7:18:27 PM10/15/09
to
On Thu Oct 15, 2009 at 17:55:39 +0200, ma...@firstfloor.org wrote:

> after updateing wget on
>
> Linux version 2.6.26-2-686 (Debian 2.6.26-19) Lenny
>
> i received a waring from rkhunter:
>
> Warning: The file properties have changed:
> File: /usr/bin/wget
> Current hash: 2d5d175c449eecfda43401a7a66b8a369859524d
> Stored hash : 1725543768f7e1b2a32136ca1799213a8bdb886b
> Current inode: 137892 Stored inode: 140983
> Current size: 226292 Stored size: 226260
> Current file modification time: 1255005510
> Stored file modification time : 1220829421


You've applied a security update, which has changed
the binary /usr/bin/wget.

The alert is telling you that the binary has changed,
and since this is expected (because you've applied the security update)
the alert is informational not a real report.

Steve
--
Debian GNU/Linux System Administration
http://www.debian-administration.org/

ma...@firstfloor.org

unread,
Oct 15, 2009, 7:18:41 PM10/15/09
to
hello

after updateing wget on

Linux version 2.6.26-2-686 (Debian 2.6.26-19) Lenny

i received a waring from rkhunter:

Warning: The file properties have changed:
File: /usr/bin/wget
Current hash: 2d5d175c449eecfda43401a7a66b8a369859524d
Stored hash : 1725543768f7e1b2a32136ca1799213a8bdb886b
Current inode: 137892 Stored inode: 140983
Current size: 226292 Stored size: 226260
Current file modification time: 1255005510
Stored file modification time : 1220829421


could this be serious?

m

Jens Schüßler

unread,
Oct 15, 2009, 7:19:08 PM10/15/09
to
* ma...@firstfloor.org <ma...@firstfloor.org> wrote:
> hello
>
> after updateing wget on
>
> Linux version 2.6.26-2-686 (Debian 2.6.26-19) Lenny
>
> i received a waring from rkhunter:
>
> Warning: The file properties have changed:
> File: /usr/bin/wget
> Current hash: 2d5d175c449eecfda43401a7a66b8a369859524d
> Stored hash : 1725543768f7e1b2a32136ca1799213a8bdb886b
> Current inode: 137892 Stored inode: 140983
> Current size: 226292 Stored size: 226260
> Current file modification time: 1255005510
> Stored file modification time : 1220829421
>
>
> could this be serious?

It's normal that the hash change after an upgrade.
Take a look at
,----[ /usr/share/doc/rkhunter/README.Debian ]-
| * HASH CHECKS
| By default, all hashes checks are now ENABLED in the standard daily cron
| job.
|
| Add the 'hashes' and 'attributes' tests to the DISABLED_TESTS option in
| /etc/rkhunter.conf if you wish to disable them.
|
| If enabled, each time a base package is upgraded, you will have to run:
| 'rkhunter --propupd' to update the file properties database located
| in /var/lib/rkhunter/db/rkhunter.dat.
|
| This can be done automatically after each install/remove. Please run:
| # dpkg-reconfigure rkhunter
| to enable this feature.
|
`----

HTH
Jens

0 new messages