On Mon, 2010-01-25 at 23:08 -0500, gumper wrote:
> When running rkhunter I'm getting the following message:
>
> "Warning: The command '/usr/bin/rkhunter' has been replaced and is not
> a script: /usr/bin/rkhunter: a /bin/sh script text executable"
>
> Does this mean that my system has been compromised? I'm running Arch
> Linux and I don't see any recent updates that would have changed this
> bin file. Also, when I look at the file type it tells me "unknown".
>
'rkhunter' is a script, not a bin file. Hence the test is to simply
ensure that the rkhunter command hasn't been replaced by a non-script
file.
However, if your 'file' command is returning 'unknown' then that will
probably trip it. Can you send me the output of 'file /usr/bin/rkhunter'
please, and if possible the version of file command you are using ('file
-v' should show it and the magic file it is using).
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
