Mailinglist Archive: opensuse (3618 mails)

< Previous Next >
Re: [opensuse] rkhunter related question
  • From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
  • Date: Mon, 26 Jan 2009 04:46:11 +0100 (CET)
  • Message-id: <alpine.LSU.2.00.0901260437510.19825@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Sunday, 2009-01-25 at 19:19 -0800, Russ Fineman wrote:

Forgot to attach messages:
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/
bin/ldd: Bourne-Again shell script text

It's not been replaced, it is a script. You can check the original file on the rpm from the dvd - for instance, on 11.1:

/mnt/dvd/suse/i686/glibc-2.9-2.3.i686.rpm#rpm/CONTENTS.cpio#ucpio/usr/bin

Warning: The command '/sbin/chkconfig' has been replaced by a script: /s
bin/chkconfig: a /usr/bin/perl script text

same thing.


[11:23:37] Warning: The command '/sbin/ifup' has been replaced by a script:
/sbin/ifup: Bourne-Again shell script text

same thing.


Warning: Suspicious file types found in /dev:
[11:24:41] /dev/shm/sysconfig/ifup-eth0: ASCII text
[11:24:41] /dev/shm/sysconfig/if-eth0: ASCII text

My guess is that rkhunter is seriously flawed if it can not recognize normal files on a suse install. Further more, it should know when some thing has been replaced or has been a certain way always. :-/

- -- Cheers,
Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkl9MgkACgkQtTMYHG2NR9WoqACgi7VyGduz6SdIVk6cmuoq+Yh4
eD0AnRR1F0RreHsXm5FNHqDiF0q1OQ9L
=fKvw
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >