Find the answer to your Linux question:
Results 1 to 3 of 3
hye there... just want to ask..i finally get my server reformat and replace with redhat server v 5.5 ... so my last problem was here www dot linuxforums dot org/forum/red-hat-fedora-linux/170847-what-processing.html ...
  1. 10-20-2010 #1
    shamcs
    shamcs is offline
    Just Joined!
    Join Date
    Oct 2010
    Posts
    11

    RKHunter

    hye there...

    just want to ask..i finally get my server reformat and replace with redhat server v 5.5 ...

    so my last problem was here www dot linuxforums dot org/forum/red-hat-fedora-linux/170847-what-processing.html

    and the same thing show in rkhunter log..

    like this

    "
    [18:00:36] /sbin/ifdown [ Warning ]
    [18:00:36] Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
    [18:00:36] /sbin/ifup [ Warning ]
    [18:00:36] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
    [18:00:32] /usr/bin/whatis [ Warning ]
    [18:00:32] Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
    [18:00:17] /usr/bin/ldd [ Warning ]
    [18:00:17] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
    [18:00:14] /usr/bin/GET [ Warning ]
    [18:00:14] Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable
    [18:00:14] /usr/bin/groups [ Warning ]
    [18:00:15] Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable

    "
    :
    :
    :

    any idea..is it false positive by scanning using rkhunter...??
    Reply With Quote Reply With Quote
  2. 10-20-2010 #2
    Irithori
    Irithori is offline
    Linux Guru Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    2,097
    hmm,
    open the files with less or use file on them.

    If they are indeed shell scripts, then either your install dvd is somehow corrupted
    or redhat indeed uses shell wrappers for these binaries.
    Which would be very weird, as the centos 5.5 I have at hand (which is almost 100% identical to redhat) does have binaries there:

    Code:
    file /sbin/ifconfig 
/sbin/ifconfig: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, stripped
    You must always face the curtain with a bow.
    Reply With Quote Reply With Quote
  3. 10-20-2010 #3
    shamcs
    shamcs is offline
    Just Joined!
    Join Date
    Oct 2010
    Posts
    11
    hye Irithori..

    i did search google on this topic..and i found this on the forum..

    see here www dot webhostingtalk dot com/showthread.php?t=639921

    so is it false detect by rkhunter..??sigh..
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...