Bug#607224: Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: a /usr/bin/ruby -w script text executable

Kingsley G. Morse Jr. kingsley at loaner.com
Sun Jul 3 21:51:33 UTC 2011


Hi Julien,

Thank you for maintaining rkhunter.

Rootkit protection is good.

The main reason I'm writing is that I happened to
notice that version 1.3.8-6 reported a warning
similar to the bug reported in 607224.

Maybe my email will help you improve rkhunter.

Here's how I got the warning:

    1.) Install rkhunter
        
        $ aptitude install rkhunter

    2.) run 

            $ rkhunter --propupd

    3.) run

            $ rkhunter -c -sk --vl

    4.) Look in 

            /var/log/rkhunter.log

        and see

            [14:21:03] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: a /usr/bin/ruby -w script text executable


I looked in /usr/bin/unhide.rb.

It looks OK to me.

It's part of the package named "unhide.rb".

I'm worried that rkhunter may have reported a
false positive, but I'll trust your judgement.

Thanks,
Kingsley







More information about the forensics-devel mailing list