Bug#607224: Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: a /usr/bin/ruby -w script text executable
Jozef Riha
jose1711 at gmail.com
Wed Nov 16 12:22:39 UTC 2011
> Hi Julien,> Thank you for maintaining rkhunter.
>
> Rootkit protection is good.>
> The main reason I'm writing is that I happened to> notice that version 1.3.8-6 reported a warning> similar to the bug reported in 607224.>
> Maybe my email will help you improve rkhunter.>
> Here's how I got the warning:>
> 1.) Install rkhunter> > $ aptitude install rkhunter>
> 2.) run >
> $ rkhunter --propupd>
> 3.) run>
> $ rkhunter -c -sk --vl>
> 4.) Look in >
> /var/log/rkhunter.log>
> and see>
> [14:21:03] Warning: The command '/usr/bin/unhide.rb' > has been replaced by a script: /usr/bin/unhide.rb: a /usr/bin/ruby -w > script text executable>
>
> I looked in /usr/bin/unhide.rb.>
> It looks OK to me.>
> It's part of the package named "unhide.rb".>
> I'm worried that rkhunter may have reported a> false positive, but I'll trust your judgement.>
> Thanks,> Kingsley
hi kingsley, you may want to fix this manually by removing unhide.rb
from /usr/bin/rkhunter (variable PROP_FILE_LIST) near line 16015 and
running rkhunter --propupd.
i. e.
Linux)
PROP_FILE_LIST="${PROP_FILE_LIST} unhide unhide-tcp unhide.rb"
change to
Linux)
PROP_FILE_LIST="${PROP_FILE_LIST} unhide unhide-tcp"
jose
More information about the forensics-devel
mailing list