Are thes files usually scripts in Ubuntu?
Brian McKee
brian.mckee at gmail.com
Thu Jan 1 16:16:24 UTC 2009
On Wed, Dec 31, 2008 at 11:14 PM, Ray Parrish <crp at cmc.net> wrote:
> Hello,
>
> I was reading article from some of the magazines I get in email today
> and ran across one about Root Kit Hunter for Linus, so I decided to
> install and run it just to see what it said. It found no root kits, but
> did give me a warning on the following five files.
>
> [13:17:33] /bin/which [ Warning ]
> [13:17:33] Warning: The command '/bin/which' has been replaced by a
> script: /bin/which: POSIX shell script text executable
> [13:17:35] /usr/bin/groups [ Warning ]
> [13:17:35] Warning: The command '/usr/bin/groups' has been replaced by a
> script: /usr/bin/groups: POSIX shell script text executable
> [13:17:36] /usr/bin/ldd [ Warning ]
> [13:17:36] Warning: The command '/usr/bin/ldd' has been replaced by a
> script: /usr/bin/ldd: Bourne-Again shell script text executable
> [13:17:40] /usr/bin/lwp-request [ Warning ]
> [13:17:41] Warning: The command '/usr/bin/lwp-request' has been replaced
> by a script: /usr/bin/lwp-request: perl script text executable
> [13:17:43] /usr/sbin/adduser [ Warning ]
> [13:17:43] Warning: The command '/usr/sbin/adduser' has been replaced by
> a script: /usr/sbin/adduser: perl script text executable
>
> Since this Root Kit Hunter isn't specifically designed for Ubuntu but
> claimed to be cross platform for all Linux machines I would like to know
> if it's normal for the preceding files to be scripts in Ubuntu Hardy
> Heron instead of binary files.
Hi Ray
I run rkhunter on all the desktops at work, and once you tune it up it
is reassuring :-)
Hopefully you installed it from the repositories, the ubuntu version
has some nice additions that the vanilla one on the sourceforge site
doesn't - e.g. it automatically runs the update script when you
install things so it doesn't warn you about them etc.
You should also have seen warnings about some hidden files and directories.
I think the best way for you to be comfortable is to check all the
files it warns about when you are booted from a fresh install or the
live cd.
If you'd prefer something less reliable, shoot me an email tomorrow
and I'll send you my config file I use with all the relevant files
approved.
Brian
You should also have seen
More information about the ubuntu-users
mailing list