On Thu, 21 Jan 2010 15:54:01 -0600 Rodolfo Martínez <rmt...@gmail.com> wrote:
> Hi Alan, > > You can find what package provides the ldd program, and then verify > the integrity of the package. If it really changed I think you should > look for any suspicious activity in your server. > > I think you can find the package with dpkg -S $(which ldd) and you can > check its integrity with debsum. > > ldd shouldn't change, unless you have updated your system. Just checking the Debian Security site ( http://www.debian.org/security/) I see that it was updated for the amd64 architecture. Thanks for the lesson on how to check out this sort of thing. Cheers, Alan > > Rodolfo Martínez > Dirección de Proyectos > Aleux México | http://www.aleux.com > > > > On Thu, Jan 21, 2010 at 3:27 PM, Alan L Tyree <a...@austlii.edu.au> > wrote: > > Dear SLUGGERS, > > > > I just got this report from rkhunter on my machine: > > > > Warning: The file properties have changed: > > File: /usr/bin/ldd > > Current inode: 331476 Stored inode: 17196 > > Current file modification time: 1263451668 > > Stored file modification time : 1231069314 > > > > > > I see that ldd prints the shared libraries required by each program, > > but I don't understand why it should have been changed or if I > > should be worried about it. > > > > I ran chkrootkit and it showed no warnings. System is Debian Lenny > > amd64. > > > > What does it all mean? Thanks for help. > > > > Alan > > > > > > -- > > Alan L Tyree http://www2.austlii.edu.au/~alan > > Tel: 04 2748 6206 > > > > -- > > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > > > -- Alan L Tyree http://www2.austlii.edu.au/~alan Tel: 04 2748 6206 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html