rkhunter has given several warnings (“One or more warnings have been found while checking the system.”) lately and this has forced me to check the installations repeatedly only to determine the fact that it was a false positive.
On Redhat systems and their derivatives (Fedora, CentOS…) a easy check can be performed to determine if a file has been tampered with. I’ve made this little oneliner to help me determine if any RPM packages has been altered

rpm -qas | grep -v normal > ~/rpm_check.txt

If everything is OK you should end up with a file containing a file like this

(contains no files)
(contains no files)
(contains no files)
(contains no files)
(contains no files)
(contains no files)
(contains no files)
(contains no files)