rkhunter found this...

Rick Stevens ricks at nerd.com
Fri Mar 27 01:03:02 UTC 2009 

Daniel B. Thurman wrote:
> Tom Horsley wrote:
>> On Thu, 26 Mar 2009 20:07:54 -0400
>> brian wrote:
>>
>>  
>>>> It means some script somewhere did an rm -f on /dev/null
>>>> then later some other script redirected output to /dev/null
>>>> thus creating it as a regular file.
>>>>         
>>> It looks more like a typo, as another poster said (one L).
>>>     
>>
>> Could be, but I had /dev/null deleted on a machine once and
>> the ensuing fun was really spectacular :-).
>>
>> Doing "whatever > /dev/null" wasn't too bad, but when
>> someone said "whatever < /dev/null" amazingly random things
>> could happen.
>>
>>   
> The point is, it is not MY scripts doing this!  I have had
> this bugger for quite some time on F9 and it does not
> go away!  Grr.  I just deleted it every time rkhunter
> reports it.  Probably just ignore the darn thing....

Do NOT ignore it.  I don't think you quite understand what /dev/null
is.  It is supposed to be a device, not a file.  Somehow it got deleted
and now whenever a script or something does a redirect of its output to
/dev/null, instead of going to a device (and thence into the bit 
bucket), it creates a file called /dev/null.

To fix it:

1. Do an "ls -Z /dev/null" and make sure there is no _regular_ file,
directory, symlink, pipe or anything else called "/dev/null".  Check the
first character of the permissions.  If it's anything other than a "c"
then delete the file (you may need to do an "rm -rf /dev/null" to kill
it).

2. As root, run "MAKEDEV -x null".  That should recreate the device
file.

3. Run "ls -Z /dev/null" again and you should see something like:

crw-rw-rw-  root root system_u:object_r:null_device_t:s0 /dev/null

displayed.  If the first character of the permissions is NOT a "c", it
didn't work.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-      "Microsoft is a cross between The Borg and the Ferengi.       -
-  Unfortunately they use Borg to do their marketing and Ferengi to  -
-               do their programming."  -- Simon Slavin              -
----------------------------------------------------------------------

More information about the fedora-list mailing list