Re: rkhunter found this...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2009-03-26 at 18:03 -0700, Rick Stevens wrote:
> Daniel B. Thurman wrote:
> > Tom Horsley wrote:
> >> On Thu, 26 Mar 2009 20:07:54 -0400
> >> brian wrote:
> >>
> >>  
> >>>> It means some script somewhere did an rm -f on /dev/null
> >>>> then later some other script redirected output to /dev/null
> >>>> thus creating it as a regular file.
> >>>>         
> >>> It looks more like a typo, as another poster said (one L).
> >>>     
> >>
> >> Could be, but I had /dev/null deleted on a machine once and
> >> the ensuing fun was really spectacular :-).
> >>
> >> Doing "whatever > /dev/null" wasn't too bad, but when
> >> someone said "whatever < /dev/null" amazingly random things
> >> could happen.
> >>
> >>   
> > The point is, it is not MY scripts doing this!  I have had
> > this bugger for quite some time on F9 and it does not
> > go away!  Grr.  I just deleted it every time rkhunter
> > reports it.  Probably just ignore the darn thing....
> 
> Do NOT ignore it.  I don't think you quite understand what /dev/null
> is.  It is supposed to be a device, not a file.  Somehow it got deleted
> and now whenever a script or something does a redirect of its output to
> /dev/null, instead of going to a device (and thence into the bit 
> bucket), it creates a file called /dev/null.
> 
> To fix it:
> 
> 1. Do an "ls -Z /dev/null" and make sure there is no _regular_ file,
> directory, symlink, pipe or anything else called "/dev/null".  Check the
> first character of the permissions.  If it's anything other than a "c"
> then delete the file (you may need to do an "rm -rf /dev/null" to kill
> it).
> 
> 2. As root, run "MAKEDEV -x null".  That should recreate the device
> file.
> 
> 3. Run "ls -Z /dev/null" again and you should see something like:
> 
> crw-rw-rw-  root root system_u:object_r:null_device_t:s0 /dev/null
> 
> displayed.  If the first character of the permissions is NOT a "c", it
> didn't work.
You didn't ask if he was running selinux. ls -Z is overkill over ls -l
and will not work if selinux in disabled.
--
=======================================================================
Q: What is purple and concord the world? A: Alexander the Grape.
=======================================================================
Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@xxxxxxxxxxxxx

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux