I checked the md5sum numbers of the script replacement errors and I dont see them match.
These are some of the md5sum numbers for a few suspect warnings
Code: Select all
slash@slash:~$ md5sum /bin/egrep
ef55d1537377114cc24cdc398fbdd930 /bin/egrep
slash@slash:~$ md5sum /bin/fgrep
3885488b9d1d10902c6b9c18e20bf952 /bin/fgrep
slash@slash:~$ md5sum /usr/bin/ldd
391741afba08eb43ea7425000d18eaa0 /usr/bin/ldd
Here is my scan log. Can I get some help with this ?
Code: Select all
slash@slash:~$ cat /var/log/rkhunter.log
[23:00:45] Running Rootkit Hunter version 1.4.6 on slash
[23:00:45]
[23:00:45] Info: Start date is Mon 29 May 2023 11:00:45 PM EDT
[23:00:45]
[23:00:45] Checking configuration file and command-line options...
[23:00:45] Info: Detected operating system is 'Linux'
[23:00:45] Info: Found O/S name: Linux Mint 21
[23:00:45] Info: Command line is /usr/bin/rkhunter --check
[23:00:45] Info: Environment shell is /bin/bash; rkhunter is using dash
[23:00:45] Info: Using configuration file '/etc/rkhunter.conf'
[23:00:45] Info: Installation directory is '/usr'
[23:00:45] Info: Using language 'en'
[23:00:45] Info: Using '/var/lib/rkhunter/db' as the database directory
[23:00:45] Info: Using '/usr/share/rkhunter/scripts' as the support script directory
[23:00:45] Info: Using '/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin /usr/libexec' as the command directories
[23:00:45] Info: Using '/var/lib/rkhunter/tmp' as the temporary directory
[23:00:45] Info: No mail-on-warning address configured
[23:00:45] Info: X will be automatically detected
[23:00:45] Info: Using second color set
[23:00:45] Info: Found the 'basename' command: /usr/bin/basename
[23:00:45] Info: Found the 'diff' command: /usr/bin/diff
[23:00:45] Info: Found the 'dirname' command: /usr/bin/dirname
[23:00:45] Info: Found the 'file' command: /usr/bin/file
[23:00:45] Info: Found the 'find' command: /usr/bin/find
[23:00:45] Info: Found the 'ifconfig' command: /usr/sbin/ifconfig
[23:00:45] Info: Found the 'ip' command: /usr/sbin/ip
[23:00:45] Info: Found the 'ipcs' command: /usr/bin/ipcs
[23:00:45] Info: Found the 'ldd' command: /usr/bin/ldd
[23:00:45] Info: Found the 'lsattr' command: /usr/bin/lsattr
[23:00:45] Info: Found the 'lsmod' command: /usr/sbin/lsmod
[23:00:45] Info: Found the 'lsof' command: /usr/bin/lsof
[23:00:45] Info: Found the 'mktemp' command: /usr/bin/mktemp
[23:00:45] Info: Found the 'netstat' command: /usr/bin/netstat
[23:00:45] Info: Found the 'numfmt' command: /usr/bin/numfmt
[23:00:45] Info: Found the 'perl' command: /usr/bin/perl
[23:00:45] Info: Found the 'pgrep' command: /usr/bin/pgrep
[23:00:45] Info: Found the 'ps' command: /usr/bin/ps
[23:00:45] Info: Found the 'pwd' command: /usr/bin/pwd
[23:00:45] Info: Found the 'readlink' command: /usr/bin/readlink
[23:00:45] Info: Found the 'stat' command: /usr/bin/stat
[23:00:45] Info: Found the 'strings' command: /usr/bin/strings
[23:00:45] Info: System is not using prelinking
[23:00:45] Info: Using the '/usr/bin/sha256sum' command for the file hash checks
[23:00:45] Info: Stored hash values used hash function '/usr/bin/sha256sum'
[23:00:45] Info: Stored hash values did not use a package manager
[23:00:45] Info: The hash function field index is set to 1
[23:00:45] Info: No package manager specified: using hash function '/usr/bin/sha256sum'
[23:00:45] Info: Previous file attributes were stored
[23:00:45] Info: Enabled tests are: all
[23:00:45] Info: Disabled tests are: suspscan hidden_ports hidden_procs deleted_files packet_cap_apps apps
[23:00:45] Info: Found kernel symbols file '/proc/kallsyms'
[23:00:45] Info: Using syslog for some logging - facility/priority level is 'authpriv.warning'.
[23:00:45] Info: Found the 'logger' command: /usr/bin/logger
[23:00:45] Info: Using 'date' to process epoch second times
[23:00:45]
[23:00:45] Checking if the O/S has changed since last time...
[23:00:45] Info: Nothing seems to have changed.
[23:00:45] Info: Locking is not being used
[23:00:45]
[23:00:45] Starting system checks...
[23:00:45]
[23:00:45] Info: Starting test name 'system_commands'
[23:00:45] Checking system commands...
[23:00:45]
[23:00:45] Info: Starting test name 'strings'
[23:00:45] Performing 'strings' command checks
[23:00:45] Scanning for string /usr/sbin/ntpsx [ OK ]
[23:00:46] Scanning for string /usr/sbin/.../bkit-ava [ OK ]
[23:00:46] Scanning for string /usr/sbin/.../bkit-d [ OK ]
[23:00:46] Scanning for string /usr/sbin/.../bkit-shd [ OK ]
[23:00:46] Scanning for string /usr/sbin/.../bkit-f [ OK ]
[23:00:46] Scanning for string /usr/include/.../proc.h [ OK ]
[23:00:46] Scanning for string /usr/include/.../.bash_history [ OK ]
[23:00:46] Scanning for string /usr/include/.../bkit-get [ OK ]
[23:00:46] Scanning for string /usr/include/.../bkit-dl [ OK ]
[23:00:46] Scanning for string /usr/include/.../bkit-screen [ OK ]
[23:00:46] Scanning for string /usr/include/.../bkit-sleep [ OK ]
[23:00:46] Scanning for string /usr/lib/.../bkit-adore.o [ OK ]
[23:00:46] Scanning for string /usr/lib/.../ls [ OK ]
[23:00:46] Scanning for string /usr/lib/.../netstat [ OK ]
[23:00:46] Scanning for string /usr/lib/.../lsof [ OK ]
[23:00:46] Scanning for string /usr/lib/.../bkit-ssh/bkit-shdcfg [ OK ]
[23:00:46] Scanning for string /usr/lib/.../bkit-ssh/bkit-shhk [ OK ]
[23:00:46] Scanning for string /usr/lib/.../bkit-ssh/bkit-pw [ OK ]
[23:00:46] Scanning for string /usr/lib/.../bkit-ssh/bkit-shrs [ OK ]
[23:00:46] Scanning for string /usr/lib/.../bkit-ssh/bkit-mots [ OK ]
[23:00:46] Scanning for string /usr/lib/.../uconf.inv [ OK ]
[23:00:46] Scanning for string /usr/lib/.../psr [ OK ]
[23:00:46] Scanning for string /usr/lib/.../find [ OK ]
[23:00:46] Scanning for string /usr/lib/.../pstree [ OK ]
[23:00:46] Scanning for string /usr/lib/.../slocate [ OK ]
[23:00:46] Scanning for string /usr/lib/.../du [ OK ]
[23:00:46] Scanning for string /usr/lib/.../top [ OK ]
[23:00:46] Scanning for string /usr/sbin/... [ OK ]
[23:00:46] Scanning for string /usr/include/... [ OK ]
[23:00:46] Scanning for string /usr/include/.../.tmp [ OK ]
[23:00:46] Scanning for string /usr/lib/... [ OK ]
[23:00:46] Scanning for string /usr/lib/.../.ssh [ OK ]
[23:00:46] Scanning for string /usr/lib/.../bkit-ssh [ OK ]
[23:00:46] Scanning for string /usr/lib/.bkit- [ OK ]
[23:00:46] Scanning for string /tmp/.bkp [ OK ]
[23:00:46] Scanning for string /tmp/.cinik [ OK ]
[23:00:46] Scanning for string /tmp/.font-unix/.cinik [ OK ]
[23:00:46] Scanning for string /lib/.sso [ OK ]
[23:00:46] Scanning for string /lib/.so [ OK ]
[23:00:46] Scanning for string /var/run/...dica/clean [ OK ]
[23:00:46] Scanning for string /var/run/...dica/dxr [ OK ]
[23:00:46] Scanning for string /var/run/...dica/read [ OK ]
[23:00:46] Scanning for string /var/run/...dica/write [ OK ]
[23:00:46] Scanning for string /var/run/...dica/lf [ OK ]
[23:00:46] Scanning for string /var/run/...dica/xl [ OK ]
[23:00:46] Scanning for string /var/run/...dica/xdr [ OK ]
[23:00:46] Scanning for string /var/run/...dica/psg [ OK ]
[23:00:46] Scanning for string /var/run/...dica/secure [ OK ]
[23:00:46] Scanning for string /var/run/...dica/rdx [ OK ]
[23:00:46] Scanning for string /var/run/...dica/va [ OK ]
[23:00:46] Scanning for string /var/run/...dica/cl.sh [ OK ]
[23:00:46] Scanning for string /var/run/...dica/last.log [ OK ]
[23:00:46] Scanning for string /usr/bin/.etc [ OK ]
[23:00:46] Scanning for string /etc/sshd_config [ OK ]
[23:00:46] Scanning for string /etc/ssh_host_key [ OK ]
[23:00:46] Scanning for string /etc/ssh_random_seed [ OK ]
[23:00:46] Scanning for string /dev/ptyp [ OK ]
[23:00:46] Scanning for string /dev/ptyq [ OK ]
[23:00:46] Scanning for string /dev/ptyr [ OK ]
[23:00:46] Scanning for string /dev/ptys [ OK ]
[23:00:46] Scanning for string /dev/ptyt [ OK ]
[23:00:46] Scanning for string /dev/fd/.88/freshb-bsd [ OK ]
[23:00:46] Scanning for string /dev/fd/.88/fresht [ OK ]
[23:00:46] Scanning for string /dev/fd/.88/zxsniff [ OK ]
[23:00:46] Scanning for string /dev/fd/.88/zxsniff.log [ OK ]
[23:00:46] Scanning for string /dev/fd/.99/.ttyf00 [ OK ]
[23:00:46] Scanning for string /dev/fd/.99/.ttyp00 [ OK ]
[23:00:46] Scanning for string /dev/fd/.99/.ttyq00 [ OK ]
[23:00:46] Scanning for string /dev/fd/.99/.ttys00 [ OK ]
[23:00:46] Scanning for string /dev/fd/.99/.pwsx00 [ OK ]
[23:00:46] Scanning for string /etc/.acid [ OK ]
[23:00:46] Scanning for string /usr/lib/.fx/sched_host.2 [ OK ]
[23:00:46] Scanning for string /usr/lib/.fx/random_d.2 [ OK ]
[23:00:46] Scanning for string /usr/lib/.fx/set_pid.2 [ OK ]
[23:00:46] Scanning for string /usr/lib/.fx/setrgrp.2 [ OK ]
[23:00:46] Scanning for string /usr/lib/.fx/TOHIDE [ OK ]
[23:00:46] Scanning for string /usr/lib/.fx/cons.saver [ OK ]
[23:00:46] Scanning for string /usr/lib/.fx/adore/ava/ava [ OK ]
[23:00:46] Scanning for string /usr/lib/.fx/adore/adore/adore.ko [ OK ]
[23:00:47] Scanning for string /bin/sysback [ OK ]
[23:00:47] Scanning for string /usr/local/bin/sysback [ OK ]
[23:00:47] Scanning for string /usr/lib/.tbd [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/t0rns [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/du [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/ls [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/t0rnsb [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/ps [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/t0rnp [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/find [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/ifconfig [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/pg [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/ssh.tgz [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/top [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/sz [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/login [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/in.fingerd [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/1i0n.sh [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/pstree [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/in.telnetd [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/mjy [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/sush [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/tfn [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/name [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/getip.sh [ OK ]
[23:00:47] Scanning for string /usr/info/.torn/sh* [ OK ]
[23:00:47] Scanning for string /usr/src/.puta/.1addr [ OK ]
[23:00:47] Scanning for string /usr/src/.puta/.1file [ OK ]
[23:00:47] Scanning for string /usr/src/.puta/.1proc [ OK ]
[23:00:47] Scanning for string /usr/src/.puta/.1logz [ OK ]
[23:00:47] Scanning for string /usr/info/.t0rn [ OK ]
[23:00:47] Scanning for string /dev/.lib [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/lib/dev [ OK ]
[23:00:47] Scanning for string /dev/.lib/lib/scan [ OK ]
[23:00:47] Scanning for string /usr/src/.puta [ OK ]
[23:00:47] Scanning for string /usr/man/man1/man1 [ OK ]
[23:00:47] Scanning for string /usr/man/man1/man1/lib [ OK ]
[23:00:47] Scanning for string /usr/man/man1/man1/lib/.lib [ OK ]
[23:00:47] Scanning for string /usr/man/man1/man1/lib/.lib/.backup [ OK ]
[23:00:47]
[23:00:47] Info: Starting test name 'shared_libs'
[23:00:47] Performing 'shared libraries' checks
[23:00:47] Checking for preloading variables [ None found ]
[23:00:47] Checking for preloaded libraries [ None found ]
[23:00:47]
[23:00:47] Info: Starting test name 'shared_libs_path'
[23:00:47] Checking LD_LIBRARY_PATH variable [ Not found ]
[23:00:47]
[23:00:47] Info: Starting test name 'properties'
[23:00:47] Performing file properties checks
[23:00:47] Checking for prerequisites [ OK ]
[23:00:49] /usr/sbin/adduser [ OK ]
[23:00:49] Info: Found file '/usr/sbin/adduser': it is whitelisted for the 'script replacement' check.
[23:00:49] /usr/sbin/chroot [ OK ]
[23:00:49] /usr/sbin/cron [ OK ]
[23:00:49] /usr/sbin/depmod [ OK ]
[23:00:50] /usr/sbin/fsck [ OK ]
[23:00:50] /usr/sbin/groupadd [ OK ]
[23:00:50] /usr/sbin/groupdel [ OK ]
[23:00:50] /usr/sbin/groupmod [ OK ]
[23:00:50] /usr/sbin/grpck [ OK ]
[23:00:50] /usr/sbin/ifconfig [ OK ]
[23:00:50] /usr/sbin/ifdown [ OK ]
[23:00:50] /usr/sbin/ifup [ OK ]
[23:00:50] /usr/sbin/init [ Warning ]
[23:00:50] Warning: The file properties have changed:
[23:00:50] File: /usr/sbin/init
[23:00:50] Current hash: 477209848fabcaf52c060d98287f880845cb07fc9696216dbcfe9b6ea8e72bcd
[23:00:50] Stored hash : c76a78e1572f62e0b28e0e5c459bd475917eb92177bdbeedf965d22c261b0f82
[23:00:50] Current inode: 25953647 Stored inode: 25953749
[23:00:50] Current file modification time: 1679322728 (20-Mar-2023 10:32:08)
[23:00:50] Stored file modification time : 1677761882 (02-Mar-2023 07:58:02)
[23:00:50] /usr/sbin/insmod [ OK ]
[23:00:50] /usr/sbin/ip [ OK ]
[23:00:50] /usr/sbin/lsmod [ OK ]
[23:00:50] /usr/sbin/modinfo [ OK ]
[23:00:50] /usr/sbin/modprobe [ OK ]
[23:00:51] /usr/sbin/nologin [ OK ]
[23:00:51] /usr/sbin/pwck [ OK ]
[23:00:51] /usr/sbin/rmmod [ OK ]
[23:00:51] /usr/sbin/route [ OK ]
[23:00:51] /usr/sbin/rsyslogd [ OK ]
[23:00:51] /usr/sbin/runlevel [ Warning ]
[23:00:51] Warning: The file properties have changed:
[23:00:51] File: /usr/sbin/runlevel
[23:00:51] Current hash: f48396b4d8fbf906a0a12ec5f9581a119fe266b0d61919c251e8320bd099327a
[23:00:51] Stored hash : a9c198f924de92ab40633d345c55b6e84986e6e58f5569220871af3edeaca069
[23:00:51] Current inode: 25954758 Stored inode: 25954035
[23:00:51] Current file modification time: 1679322728 (20-Mar-2023 10:32:08)
[23:00:51] Stored file modification time : 1677761882 (02-Mar-2023 07:58:02)
[23:00:51] /usr/sbin/sulogin [ OK ]
[23:00:51] /usr/sbin/sysctl [ OK ]
[23:00:51] /usr/sbin/useradd [ OK ]
[23:00:51] /usr/sbin/userdel [ OK ]
[23:00:51] /usr/sbin/usermod [ OK ]
[23:00:51] /usr/sbin/vipw [ OK ]
[23:00:52] /usr/sbin/unhide [ OK ]
[23:00:52] /usr/sbin/unhide-linux [ OK ]
[23:00:52] /usr/sbin/unhide-posix [ OK ]
[23:00:52] /usr/sbin/unhide-tcp [ OK ]
[23:00:52] /usr/bin/awk [ OK ]
[23:00:52] /usr/bin/basename [ OK ]
[23:00:52] /usr/bin/bash [ OK ]
[23:00:52] /usr/bin/cat [ OK ]
[23:00:52] /usr/bin/chattr [ OK ]
[23:00:52] /usr/bin/chmod [ OK ]
[23:00:52] /usr/bin/chown [ OK ]
[23:00:52] /usr/bin/cp [ OK ]
[23:00:52] /usr/bin/curl [ Warning ]
[23:00:52] Warning: The file properties have changed:
[23:00:52] File: /usr/bin/curl
[23:00:52] Current hash: 1a54929c2846d7062a8453ebd170cfb4f9dba80eb97edb3d48d68c8db0e5bbcb
[23:00:52] Stored hash : bf4707292c81934ecb2fec97a51519727511cb71b33ca379ee78a27cef6067fc
[23:00:52] Current inode: 25953739 Stored inode: 25955981
[23:00:52] Current file modification time: 1678811822 (14-Mar-2023 12:37:02)
[23:00:52] Stored file modification time : 1676467205 (15-Feb-2023 08:20:05)
[23:00:52] /usr/bin/cut [ OK ]
[23:00:52] /usr/bin/date [ OK ]
[23:00:52] /usr/bin/df [ OK ]
[23:00:53] /usr/bin/diff [ OK ]
[23:00:53] /usr/bin/dirname [ OK ]
[23:00:53] /usr/bin/dmesg [ OK ]
[23:00:53] /usr/bin/dpkg [ Warning ]
[23:00:53] Warning: The file properties have changed:
[23:00:53] File: /usr/bin/dpkg
[23:00:53] Current hash: 0da103b1b79cc04ed22e6627b5484fb503516ec9b8ee17cbb1eeb10f7c083785
[23:00:53] Stored hash : b4becd8e93ccfe388a25716a2f930fff5ebe452a0db644bc6d2ed8f228bcbf1c
[23:00:53] Current inode: 25954133 Stored inode: 25952584
[23:00:53] Current file modification time: 1680356622 (01-Apr-2023 09:43:42)
[23:00:53] Stored file modification time : 1653477111 (25-May-2022 07:11:51)
[23:00:53] /usr/bin/dpkg-query [ Warning ]
[23:00:53] Warning: The file properties have changed:
[23:00:53] File: /usr/bin/dpkg-query
[23:00:53] Current hash: 48e103a0020d92f68f8f23f3ffb597cee75db08db9de00992cb6fa7ded863267
[23:00:53] Stored hash : 629808fd2dea5d964f2693ff61920e5b0cd91ab9d7f41b4dfcaeb29bece10438
[23:00:53] Current inode: 25955147 Stored inode: 25952600
[23:00:53] Current file modification time: 1680356622 (01-Apr-2023 09:43:42)
[23:00:53] Stored file modification time : 1653477111 (25-May-2022 07:11:51)
[23:00:53] /usr/bin/du [ OK ]
[23:00:53] /usr/bin/echo [ OK ]
[23:00:53] /usr/bin/ed [ OK ]
[23:00:53] /usr/bin/egrep [ OK ]
[23:00:53] Info: Found file '/usr/bin/egrep': it is whitelisted for the 'script replacement' check.
[23:00:53] /usr/bin/env [ OK ]
[23:00:53] /usr/bin/fgrep [ OK ]
[23:00:53] Info: Found file '/usr/bin/fgrep': it is whitelisted for the 'script replacement' check.
[23:00:53] /usr/bin/file [ OK ]
[23:00:53] /usr/bin/find [ OK ]
[23:00:53] /usr/bin/fuser [ OK ]
[23:00:53] /usr/bin/GET [ OK ]
[23:00:53] /usr/bin/grep [ OK ]
[23:00:54] /usr/bin/groups [ OK ]
[23:00:54] /usr/bin/head [ OK ]
[23:00:54] /usr/bin/id [ OK ]
[23:00:54] /usr/bin/ip [ OK ]
[23:00:54] /usr/bin/ipcs [ OK ]
[23:00:54] /usr/bin/kill [ OK ]
[23:00:54] /usr/bin/killall [ OK ]
[23:00:54] /usr/bin/last [ OK ]
[23:00:54] /usr/bin/lastlog [ OK ]
[23:00:54] /usr/bin/ldd [ OK ]
[23:00:54] Info: Found file '/usr/bin/ldd': it is whitelisted for the 'script replacement' check.
[23:00:54] /usr/bin/less [ OK ]
[23:00:54] /usr/bin/locate [ OK ]
[23:00:54] /usr/bin/logger [ OK ]
[23:00:54] /usr/bin/login [ OK ]
[23:00:54] /usr/bin/ls [ OK ]
[23:00:54] /usr/bin/lsattr [ OK ]
[23:00:54] /usr/bin/lsmod [ OK ]
[23:00:54] /usr/bin/lsof [ OK ]
[23:00:55] /usr/bin/mail [ OK ]
[23:00:55] /usr/bin/md5sum [ OK ]
[23:00:55] /usr/bin/mktemp [ OK ]
[23:00:55] /usr/bin/more [ OK ]
[23:00:55] /usr/bin/mount [ OK ]
[23:00:55] /usr/bin/mv [ OK ]
[23:00:55] /usr/bin/netstat [ OK ]
[23:00:55] /usr/bin/newgrp [ OK ]
[23:00:55] /usr/bin/passwd [ OK ]
[23:00:55] /usr/bin/perl [ OK ]
[23:00:55] /usr/bin/pgrep [ OK ]
[23:00:55] /usr/bin/ping [ OK ]
[23:00:55] /usr/bin/pkill [ OK ]
[23:00:55] /usr/bin/ps [ OK ]
[23:00:55] /usr/bin/pstree [ OK ]
[23:00:55] /usr/bin/pwd [ OK ]
[23:00:55] /usr/bin/readlink [ OK ]
[23:00:55] /usr/bin/rkhunter [ OK ]
[23:00:56] /usr/bin/runcon [ OK ]
[23:00:56] /usr/bin/sed [ OK ]
[23:00:56] /usr/bin/sh [ OK ]
[23:00:56] /usr/bin/sha1sum [ OK ]
[23:00:56] /usr/bin/sha224sum [ OK ]
[23:00:56] /usr/bin/sha256sum [ OK ]
[23:00:56] /usr/bin/sha384sum [ OK ]
[23:00:56] /usr/bin/sha512sum [ OK ]
[23:00:56] /usr/bin/size [ Warning ]
[23:00:56] Warning: The file properties have changed:
[23:00:56] File: /usr/bin/size
[23:00:56] Current hash: 7a894308c8bc2acd7233beffb1367af0bacd23ab77fbf17b8e7384948a8182fe
[23:00:56] Stored hash : afaf68954e54f1822eb9cf48b9419eef7b6427cbeda9de5c4f9c3a6ba5d4bbe9
[23:00:56] Current inode: 25955186 Stored inode: 25958539
[23:00:56] Current file modification time: 1684739913 (22-May-2023 03:18:33)
[23:00:56] Stored file modification time : 1667397531 (02-Nov-2022 09:58:51)
[23:00:56] /usr/bin/sort [ OK ]
[23:00:56] /usr/bin/ssh [ OK ]
[23:00:56] /usr/bin/stat [ OK ]
[23:00:56] /usr/bin/strace [ OK ]
[23:00:56] /usr/bin/strings [ Warning ]
[23:00:56] Warning: The file properties have changed:
[23:00:56] File: /usr/bin/strings
[23:00:56] Current hash: 260035cf5919efd9852ef283c0f338137fff7c9be0dfec299dd079bf65bfbfa9
[23:00:56] Stored hash : f8981a4809881a54f12f176dc2e2e2d25a36b467f2d1dce5b19403470358b1f9
[23:00:56] Current inode: 25955188 Stored inode: 25958541
[23:00:56] Current file modification time: 1684739913 (22-May-2023 03:18:33)
[23:00:56] Stored file modification time : 1667397531 (02-Nov-2022 09:58:51)
[23:00:56] /usr/bin/su [ OK ]
[23:00:57] /usr/bin/sudo [ Warning ]
[23:00:57] Warning: The file properties have changed:
[23:00:57] File: /usr/bin/sudo
[23:00:57] Current hash: 7d3c2983ad2f278d9e799b5792f13f57bf890bd3b03d10b36e53bf0b6677895e
[23:00:57] Stored hash : 49278c0ebbc089cc04cfa6136a8011519fbaca9d99106443212e43c2141a7ff9
[23:00:57] Current inode: 25957682 Stored inode: 25953068
[23:00:57] Current file modification time: 1680544844 (03-Apr-2023 14:00:44)
[23:00:57] Stored file modification time : 1677679177 (01-Mar-2023 08:59:37)
[23:00:57] /usr/bin/tail [ OK ]
[23:00:57] /usr/bin/telnet [ OK ]
[23:00:57] /usr/bin/test [ OK ]
[23:00:57] /usr/bin/top [ OK ]
[23:00:57] /usr/bin/touch [ OK ]
[23:00:57] /usr/bin/tr [ OK ]
[23:00:57] /usr/bin/uname [ OK ]
[23:00:57] /usr/bin/uniq [ OK ]
[23:00:57] /usr/bin/users [ OK ]
[23:00:57] /usr/bin/vmstat [ OK ]
[23:00:57] /usr/bin/w [ OK ]
[23:00:57] /usr/bin/watch [ OK ]
[23:00:57] /usr/bin/wc [ OK ]
[23:00:57] /usr/bin/wget [ OK ]
[23:00:57] /usr/bin/whatis [ OK ]
[23:00:57] /usr/bin/whereis [ OK ]
[23:00:57] /usr/bin/which [ OK ]
[23:00:58] Info: Found file '/usr/bin/which': it is whitelisted for the 'script replacement' check.
[23:00:58] /usr/bin/who [ OK ]
[23:00:58] /usr/bin/whoami [ OK ]
[23:00:58] /usr/bin/numfmt [ OK ]
[23:00:58] /usr/bin/kmod [ OK ]
[23:00:58] /usr/bin/systemd [ Warning ]
[23:00:58] Warning: The file properties have changed:
[23:00:58] File: /usr/bin/systemd
[23:00:58] Current hash: 477209848fabcaf52c060d98287f880845cb07fc9696216dbcfe9b6ea8e72bcd
[23:00:58] Stored hash : c76a78e1572f62e0b28e0e5c459bd475917eb92177bdbeedf965d22c261b0f82
[23:00:58] Current inode: 25957781 Stored inode: 25956458
[23:00:58] Current file modification time: 1679322728 (20-Mar-2023 10:32:08)
[23:00:58] Stored file modification time : 1677761882 (02-Mar-2023 07:58:02)
[23:00:58] /usr/bin/systemctl [ Warning ]
[23:00:58] Warning: The file properties have changed:
[23:00:58] File: /usr/bin/systemctl
[23:00:58] Current hash: f48396b4d8fbf906a0a12ec5f9581a119fe266b0d61919c251e8320bd099327a
[23:00:58] Stored hash : a9c198f924de92ab40633d345c55b6e84986e6e58f5569220871af3edeaca069
[23:00:58] Current inode: 25953751 Stored inode: 25954081
[23:00:58] Current size: 1119856 Stored size: 1115760
[23:00:58] Current file modification time: 1679322728 (20-Mar-2023 10:32:08)
[23:00:58] Stored file modification time : 1677761882 (02-Mar-2023 07:58:02)
[23:00:58] /usr/bin/gawk [ OK ]
[23:00:58] /usr/bin/lwp-request [ Warning ]
[23:00:58] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: Perl script text executable
[23:00:58] /usr/bin/plocate [ OK ]
[23:00:58] /usr/bin/bsd-mailx [ OK ]
[23:00:58] /usr/bin/dash [ OK ]
[23:00:58] /usr/bin/x86_64-linux-gnu-size [ Warning ]
[23:00:58] Warning: The file properties have changed:
[23:00:58] File: /usr/bin/x86_64-linux-gnu-size
[23:00:58] Current hash: 7a894308c8bc2acd7233beffb1367af0bacd23ab77fbf17b8e7384948a8182fe
[23:00:58] Stored hash : afaf68954e54f1822eb9cf48b9419eef7b6427cbeda9de5c4f9c3a6ba5d4bbe9
[23:00:58] Current inode: 25955158 Stored inode: 25958519
[23:00:58] Current file modification time: 1684739913 (22-May-2023 03:18:33)
[23:00:58] Stored file modification time : 1667397531 (02-Nov-2022 09:58:51)
[23:00:58] /usr/bin/x86_64-linux-gnu-strings [ Warning ]
[23:00:58] Warning: The file properties have changed:
[23:00:58] File: /usr/bin/x86_64-linux-gnu-strings
[23:00:58] Current hash: 260035cf5919efd9852ef283c0f338137fff7c9be0dfec299dd079bf65bfbfa9
[23:00:58] Stored hash : f8981a4809881a54f12f176dc2e2e2d25a36b467f2d1dce5b19403470358b1f9
[23:00:58] Current inode: 25955159 Stored inode: 25958520
[23:00:58] Current file modification time: 1684739913 (22-May-2023 03:18:33)
[23:00:58] Stored file modification time : 1667397531 (02-Nov-2022 09:58:51)
[23:00:58] /usr/bin/telnet.netkit [ OK ]
[23:00:59] /usr/bin/which.debianutils [ OK ]
[23:00:59] Info: Found file '/usr/bin/which.debianutils': it is whitelisted for the 'script replacement' check.
[23:01:00] /usr/lib/systemd/systemd [ Warning ]
[23:01:00] Warning: The file properties have changed:
[23:01:00] File: /usr/lib/systemd/systemd
[23:01:00] Current hash: 477209848fabcaf52c060d98287f880845cb07fc9696216dbcfe9b6ea8e72bcd
[23:01:01] Stored hash : c76a78e1572f62e0b28e0e5c459bd475917eb92177bdbeedf965d22c261b0f82
[23:01:01] Current inode: 25954768 Stored inode: 25956371
[23:01:01] Current file modification time: 1679322728 (20-Mar-2023 10:32:08)
[23:01:01] Stored file modification time : 1677761882 (02-Mar-2023 07:58:02)
[23:01:03]