Are thes files usually scripts in Ubuntu?

Derek Broughton derek at
Thu Jan 1 05:04:09 UTC 2009

Leonard Chatagnier wrote:

> --- On Wed, 12/31/08, Ray Parrish <crp at> wrote:
>> I was reading article from some of the magazines I get in
>> email today and ran across one about Root Kit Hunter for Linus, so I
>> decided to install and run it just to see what it said. It found no
>> root kits, but did give me a warning on the following five files.
>> [13:17:33] /bin/which
>>  [ Warning ]
>> [13:17:33] Warning: The command '/bin/which' has
>> been replaced by a
>> script: /bin/which: POSIX shell script text executable


>> Since this Root Kit Hunter isn't specifically designed for Ubuntu but
>> claimed to be cross platform for all Linux machines I would like to know
>> if it's normal for the preceding files to be scripts in
>> Ubuntu Hardy Heron instead of binary files.
>  Ray, the warnings are just informational messages telling you the files
>  were replaced by the scripts.  It's of no consequence and nothing to be
>  concerned about.
> You go have a very inquisitive mind, sigh.  Don't you believe what the
> program is telling you?  Maybe you could learn more about it by googling
> for "rootkithunter+ubuntu+linux".

Huh?  Most of what the rootkit hunters do is of a warning nature - they 
can't ever really be certain that a file is bogus.  That said, the only thing 
you can do is read the scripts.  Even if it _is_ normal (the couple I just 
checked - which & groups - seem right), it's still possible that somebody 
replaced a proper script with their own ...

More information about the ubuntu-users mailing list