Bug#607224: Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: a /usr/bin/ruby -w script text executable
> Hi Julien,> Thank you for maintaining rkhunter.
>
> Rootkit protection is good.>
> The main reason I'm writing is that I happened to> notice that version 1.3.8-6 reported a warning> similar to the bug reported in 607224.>
> Maybe my email will help you improve rkhunter.>
> Here's how I got the warning:>
> ? ? 1.) Install rkhunter> ? ? ? ??> ? ? ? ? $ aptitude install rkhunter>
> ? ? 2.) run?>
> ? ? ? ? ? ? $ rkhunter --propupd>
> ? ? 3.) run>
> ? ? ? ? ? ? $ rkhunter -c -sk --vl>
> ? ? 4.) Look in?>
> ? ? ? ? ? ? /var/log/rkhunter.log>
> ? ? ? ? and see>
> ? ? ? ? ? ? [14:21:03] Warning: The command '/usr/bin/unhide.rb' > has been replaced by a script: /usr/bin/unhide.rb: a /usr/bin/ruby -w > script text executable>
>
> I looked in /usr/bin/unhide.rb.>
> It looks OK to me.>
> It's part of the package named "unhide.rb".>
> I'm worried that rkhunter may have reported a> false positive, but I'll trust your judgement.>
> Thanks,> Kingsley
hi kingsley, you may want to fix this manually by removing unhide.rb
from /usr/bin/rkhunter (variable PROP_FILE_LIST) near line 16015 and
running rkhunter --propupd.
i. e.
Linux)
PROP_FILE_LIST="${PROP_FILE_LIST} unhide unhide-tcp unhide.rb"
change to
Linux)
PROP_FILE_LIST="${PROP_FILE_LIST} unhide unhide-tcp"
jose
Reply to: