So rkhunter gives me these warnings (in the logfile) beyond this one (which seems to be a false positive):
Checking for passwd file changes [ Warning ]
Warning: User 'logcheck' has been added to the passwd fileInfo: Starting test name 'group_changes'
Checking for group file changes [ Warning ]
Warning: Changes found in the group file for group 'adm':
User 'logcheck' has been added to the group
Warning: Group 'logcheck' has been added to the group file.Checking for hidden files and directories [ Warning ]
Warning: Hidden directory found: /etc/.java
on one of my machines.
Another also shows me the warnings:
Checking for passwd file changes [ Warning ]
Warning: User 'clamav' has been added to the passwd file
Warning: User 'geoclue' has been added to the passwd file
Checking for group file changes [ Warning ]
Warning: Group 'clamav' has been added to the group file
Warning: Group 'geoclue' has been added to the group file
I guess these warnings are due to when I made the last earlier scan and due to package updates (e.g. openjde) and package-installations (clamtk)?
I'm not sure about geoclue and logcheck though as I can't remember installing logcheck and it doesn't display anything under "required by" in Apper.
Is there a way to display when packages were installed and updated and by whom?
Should package-updates and new installations maybe be coupled with other tools (too?) beyond rkhunter such as automatically doing some specific scan/update before a new installation or update etc?
Is there some way, tool or best practice to account for package updates and new installations?
I'm running a recently installed Debian 9.1 with KDE.