How to Verify Rkhunter False Positives

I have a fresh install of CentOS 7 server with a fressh install of cpanel/whm. I checked / verified everything was clean, prior to restoring my cpanel backup from a different server. After the cpanel restoration I received [warning] for the following files: /usr/sbin/adduser /usr/sbin/depmod /usr/sbin/ifdown /usr/sbin/ifup /usr/sbin/init /usr/sbin/insmod /usr/sbin/lsmod /usr/sbin/modinfo /usr/sbin/modprobe /usr/sbin/rmmod /usr/sbin/runlevel /usr/bin/awk /usr/bin/egrep /usr/bin/fgrep /usr/bin/links /usr/bin/mail /usr/bin/passwd /usr/bin/sh /usr/bin/sudo I ran sha256sum checksums and compared the values to corresponding on a virtualbox test server that I setup and al of the checksums match. From there I ran ls -ld against all the files on production & test servers.. and the group/usr permissions all matched. At this point, I am reasonably sure that these are false positives. My question is a "noobie" question, what is rkhunter seeing that causes the warning? And how can I verify what it is causing the warning against my test server? **UPDATE** After some digging found a different (more useful way) to run a rkhunter check that tells you why the warning was being generated (essentially a reflection of what is in the rkhunter.log file) [root@host2 ~]# rkhunter -c --rwo Warning: No hash value found for file '/usr/sbin/adduser' in the 'rkhunter.dat' file. Warning: The file properties have changed: File: /usr/sbin/adduser Current file modification time: 1613637774 (18-Feb-2021 16:42:54) Stored file modification time : 1565319054 (09-Aug-2019 10:50:54) Warning: No hash value found for file '/usr/sbin/depmod' in the 'rkhunter.dat' file. Warning: The file properties have changed: File: /usr/sbin/depmod Current file modification time: 1613637781 (18-Feb-2021 16:43:01) Stored file modification time : 1585709895 (01-Apr-2020 10:58:15) Warning: The file properties have changed: File: /usr/sbin/ifdown Current hash: 69026ac688e78a6f54406fd4a4b92bb655fa9795cb043cafb1ebf7782985a38b Stored hash : e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Current size: 1651 Stored size: 0 Current file modification time: 1590144273 (22-May-2020 18:44:33) Stored file modification time : 1605543307 (17-Nov-2020 00:15:07) Warning: The command '/usr/sbin/ifdown' has been replaced by a script: /usr/sbin/ifdown: Bourne-Again shell script, ASCII text executable Warning: The file properties have changed: File: /usr/sbin/ifup Current hash: f5ce9f5f014159aa479a88a4754b4a1980f307fac68863477341e62787f8e52c Stored hash : e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Current size: 5010 Stored size: 0 Current file modification time: 1590144273 (22-May-2020 18:44:33) Stored file modification time : 1605543307 (17-Nov-2020 00:15:07) Warning: The command '/usr/sbin/ifup' has been replaced by a script: /usr/sbin/ifup: Bourne-Again shell script, ASCII text executable Warning: No hash value found for file '/usr/sbin/init' in the 'rkhunter.dat' file. Warning: The file properties have changed: File: /usr/sbin/init Current file modification time: 1613637783 (18-Feb-2021 16:43:03) Stored file modification time : 1612283656 (03-Feb-2021 00:34:16) Warning: No hash value found for file '/usr/sbin/insmod' in the 'rkhunter.dat' file. Warning: The file properties have changed: File: /usr/sbin/insmod Current file modification time: 1613637781 (18-Feb-2021 16:43:01) Stored file modification time : 1585709895 (01-Apr-2020 10:58:15) Warning: No hash value found for file '/usr/sbin/lsmod' in the 'rkhunter.dat' file. Warning: The file properties have changed: File: /usr/sbin/lsmod Current file modification time: 1613637781 (18-Feb-2021 16:43:01) Stored file modification time : 1585709895 (01-Apr-2020 10:58:15) Warning: No hash value found for file '/usr/sbin/modinfo' in the 'rkhunter.dat' file. Warning: The file properties have changed: File: /usr/sbin/modinfo Current file modification time: 1613637781 (18-Feb-2021 16:43:01) Stored file modification time : 1585709895 (01-Apr-2020 10:58:15) Warning: No hash value found for file '/usr/sbin/modprobe' in the 'rkhunter.dat' file. Warning: The file properties have changed: File: /usr/sbin/modprobe Current file modification time: 1613637781 (18-Feb-2021 16:43:01) Stored file modification time : 1585709895 (01-Apr-2020 10:58:15) Warning: No hash value found for file '/usr/sbin/rmmod' in the 'rkhunter.dat' file. Warning: The file properties have changed: File: /usr/sbin/rmmod Current file modification time: 1613637781 (18-Feb-2021 16:43:01) Stored file modification time : 1585709895 (01-Apr-2020 10:58:15) Warning: No hash value found for file '/usr/sbin/runlevel' in the 'rkhunter.dat' file. Warning: The file properties have changed: File: /usr/sbin/runlevel Current file modification time: 1613637783 (18-Feb-2021 16:43:03) Stored file modification time : 1612283656 (03-Feb-2021 00:34:16) Warning: No hash value found for file '/usr/bin/awk' in the 'rkhunter.dat' file. Warning: The file properties have changed: File: /usr/bin/awk Current file modification time: 1562813534 (11-Jul-2019 10:52:14) Stored file modification time : 1498686765 (29-Jun-2017 05:52:45) Warning: The command '/usr/bin/egrep' has been replaced by a script: /usr/bin/egrep: POSIX shell script, ASCII text executable Warning: The command '/usr/bin/fgrep' has been replaced by a script: /usr/bin/fgrep: POSIX shell script, ASCII text executable Warning: The file properties have changed: File: /usr/bin/links Current hash: 52d888a65f7e8c4e9837eb98d0c617af3ffbf5c51426036f69deeb31e93a2d37 Stored hash : e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Current permissions: 0777 Stored permissions: 0644 Current size: 23 Stored size: 0 Current file modification time: 1613662786 (18-Feb-2021 23:39:46) Stored file modification time : 1547139654 (11-Jan-2019 01:00:54) Current symbolic link target: '/usr/bin/links' -> '/usr/bin/elinks' Stored symbolic link target : '/usr/bin/links' -> '/usr/bin' Warning: No hash value found for file '/usr/bin/mail' in the 'rkhunter.dat' file. Warning: The file properties have changed: File: /usr/bin/mail Current file modification time: 1562814013 (11-Jul-2019 11:00:13) Stored file modification time : 1523430473 (11-Apr-2018 15:07:53) Warning: The file properties have changed: File: /usr/bin/passwd Current permissions: 4755 Stored permissions: 04755 Warning: No hash value found for file '/usr/bin/sh' in the 'rkhunter.dat' file. Warning: The file properties have changed: File: /usr/bin/sh Current file modification time: 1613637759 (18-Feb-2021 16:42:39) Stored file modification time : 1585707450 (01-Apr-2020 10:17:30) Warning: The file properties have changed: File: /usr/bin/sudo Current permissions: 4111 Stored permissions: 04111 Warning: The following processes are using deleted files: Process: /usr/local/cpanel/libexec/tailwatch/tailwatchd PID: 1973 File: /var/cpanel/apnspush.sqlite3-wal What is especially confusing is the current vs stored hash values for some files like /usr/sbin/ifup because I verified the hash in a clean virtualbox install. Is this a case of simply runnin rkhunter --propupd?