Bug#607224: Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: a /usr/bin/ruby -w script text executable
Kingsley G. Morse Jr.
kingsley at loaner.com
Sun Jul 3 21:51:33 UTC 2011
Hi Julien,
Thank you for maintaining rkhunter.
Rootkit protection is good.
The main reason I'm writing is that I happened to
notice that version 1.3.8-6 reported a warning
similar to the bug reported in 607224.
Maybe my email will help you improve rkhunter.
Here's how I got the warning:
1.) Install rkhunter
$ aptitude install rkhunter
2.) run
$ rkhunter --propupd
3.) run
$ rkhunter -c -sk --vl
4.) Look in
/var/log/rkhunter.log
and see
[14:21:03] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: a /usr/bin/ruby -w script text executable
I looked in /usr/bin/unhide.rb.
It looks OK to me.
It's part of the package named "unhide.rb".
I'm worried that rkhunter may have reported a
false positive, but I'll trust your judgement.
Thanks,
Kingsley
More information about the forensics-devel
mailing list