Are thes files usually scripts in Ubuntu?

Thu Jan 1 16:51:54 UTC 2009

Brian McKee wrote:
> On Wed, Dec 31, 2008 at 11:14 PM, Ray Parrish <crp at cmc.net> wrote:
>   
>> Hello,
>>
>> I was reading article from some of the magazines I get in email today
>> and ran across one about Root Kit Hunter for Linus, so I decided to
>> install and run it just to see what it said. It found no root kits, but
>> did give me a warning on the following five files.
>>
>> [13:17:33] /bin/which                                        [ Warning ]
>> [13:17:33] Warning: The command '/bin/which' has been replaced by a
>> script: /bin/which: POSIX shell script text executable
>> [13:17:35] /usr/bin/groups                                   [ Warning ]
>> [13:17:35] Warning: The command '/usr/bin/groups' has been replaced by a
>> script: /usr/bin/groups: POSIX shell script text executable
>> [13:17:36] /usr/bin/ldd                                      [ Warning ]
>> [13:17:36] Warning: The command '/usr/bin/ldd' has been replaced by a
>> script: /usr/bin/ldd: Bourne-Again shell script text executable
>> [13:17:40] /usr/bin/lwp-request                              [ Warning ]
>> [13:17:41] Warning: The command '/usr/bin/lwp-request' has been replaced
>> by a script: /usr/bin/lwp-request: perl script text executable
>> [13:17:43] /usr/sbin/adduser                                 [ Warning ]
>> [13:17:43] Warning: The command '/usr/sbin/adduser' has been replaced by
>> a script: /usr/sbin/adduser: perl script text executable
>>
>> Since this Root Kit Hunter isn't specifically designed for Ubuntu but
>> claimed to be cross platform for all Linux machines I would like to know
>> if it's normal for the preceding files to be scripts in Ubuntu Hardy
>> Heron instead of binary files.
>>     
>
> Hi Ray
>
> I run rkhunter on all the desktops at work, and once you tune it up it
> is reassuring :-)
>
> Hopefully you installed it from the repositories, the ubuntu version
> has some nice additions that the vanilla one on the sourceforge site
> doesn't - e.g. it automatically runs the update script when you
> install things so it doesn't warn you about them etc.
>
> You should also have seen warnings about some hidden files and directories.
>
> I think the best way for you to be comfortable is to check all the
> files it warns about when you are booted from a fresh install or the
> live cd.
>
> If you'd prefer something less reliable, shoot me an email tomorrow
> and I'll send you my config file I use with all the relevant files
> approved.
>
> Brian
>
> You should also have seen
>
>   
Hi there!

No, I couldn't find it in synaptic, so I installed the one from 
Sourceforge. I tried searching on root kit, and one package that only 
looked for around five versions of root kits showed up, and nothing 
else. I didn't think of searching on rkhunter instead, it just came to 
me while writing this.

Is there a way to make it search my mounted Windows drives? I'm more 
concerned about them, as I'm getting some strange behavior on that side 
of this box.

Later, Ray Parrish

-- 
http://www.rayslinks.com/ Web index of human reviewed links.
<http://www.rayslinks.com/Troubleshooting%20and%20fixing%20Windows.html>
Trouble shooting and Fixing Windows
http://www.writingsoftheschizophrenic.com My poetry in web pages