I run RKHunter on Ubuntu as well as as automated system / package updates. Last night I started receiving RKHunter warnings as listed below and whilst it's obviously easy for me to just do:
rkhunter --propupd
That could potentially mask someone having hacked my server and put a new version of sudo in place (which I wouldn't like). I tried to find the new MD5 hash on Google but I'm not able to so could someone tell me what the correct procedure is to either:
1) Conclude that this update is fine and I can run rkhunter --propupd OR 2) Determine that someone has hacked my server and I should get really worried!
Thanks in advance
Warning: The file properties have changed:
File: /usr/bin/sudo
Current hash: 1dcc3aa8a670d39ec8b6ee8881c7f58dc5b8dbd7
Stored hash : f7a8cc9c75c4550cf3f98f9ffb45853faf02dfde
Current inode: 8923256 Stored inode: 8916208
Current file modification time: 1361998758 (27-Feb-2013 20:59:18)
Stored file modification time : 1337145923 (16-May-2012 06:25:23)
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
