Are thes files usually scripts in Ubuntu?
derek at pointerstop.ca
Thu Jan 1 05:04:09 UTC 2009
Leonard Chatagnier wrote:
> --- On Wed, 12/31/08, Ray Parrish <crp at cmc.net> wrote:
>> I was reading article from some of the magazines I get in
>> email today and ran across one about Root Kit Hunter for Linus, so I
>> decided to install and run it just to see what it said. It found no
>> root kits, but did give me a warning on the following five files.
>> [13:17:33] /bin/which
>> [ Warning ]
>> [13:17:33] Warning: The command '/bin/which' has
>> been replaced by a
>> script: /bin/which: POSIX shell script text executable
>> Since this Root Kit Hunter isn't specifically designed for Ubuntu but
>> claimed to be cross platform for all Linux machines I would like to know
>> if it's normal for the preceding files to be scripts in
>> Ubuntu Hardy Heron instead of binary files.
> Ray, the warnings are just informational messages telling you the files
> were replaced by the scripts. It's of no consequence and nothing to be
> concerned about.
> You go have a very inquisitive mind, sigh. Don't you believe what the
> program is telling you? Maybe you could learn more about it by googling
> for "rootkithunter+ubuntu+linux".
Huh? Most of what the rootkit hunters do is of a warning nature - they
can't ever really be certain that a file is bogus. That said, the only thing
you can do is read the scripts. Even if it _is_ normal (the couple I just
checked - which & groups - seem right), it's still possible that somebody
replaced a proper script with their own ...
More information about the ubuntu-users