rkhunter found this...
Rick Stevens
ricks at nerd.com
Fri Mar 27 01:03:02 UTC 2009
Daniel B. Thurman wrote:
> Tom Horsley wrote:
>> On Thu, 26 Mar 2009 20:07:54 -0400
>> brian wrote:
>>
>>
>>>> It means some script somewhere did an rm -f on /dev/null
>>>> then later some other script redirected output to /dev/null
>>>> thus creating it as a regular file.
>>>>
>>> It looks more like a typo, as another poster said (one L).
>>>
>>
>> Could be, but I had /dev/null deleted on a machine once and
>> the ensuing fun was really spectacular :-).
>>
>> Doing "whatever > /dev/null" wasn't too bad, but when
>> someone said "whatever < /dev/null" amazingly random things
>> could happen.
>>
>>
> The point is, it is not MY scripts doing this! I have had
> this bugger for quite some time on F9 and it does not
> go away! Grr. I just deleted it every time rkhunter
> reports it. Probably just ignore the darn thing....
Do NOT ignore it. I don't think you quite understand what /dev/null
is. It is supposed to be a device, not a file. Somehow it got deleted
and now whenever a script or something does a redirect of its output to
/dev/null, instead of going to a device (and thence into the bit
bucket), it creates a file called /dev/null.
To fix it:
1. Do an "ls -Z /dev/null" and make sure there is no _regular_ file,
directory, symlink, pipe or anything else called "/dev/null". Check the
first character of the permissions. If it's anything other than a "c"
then delete the file (you may need to do an "rm -rf /dev/null" to kill
it).
2. As root, run "MAKEDEV -x null". That should recreate the device
file.
3. Run "ls -Z /dev/null" again and you should see something like:
crw-rw-rw- root root system_u:object_r:null_device_t:s0 /dev/null
displayed. If the first character of the permissions is NOT a "c", it
didn't work.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks at nerd.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- "Microsoft is a cross between The Borg and the Ferengi. -
- Unfortunately they use Borg to do their marketing and Ferengi to -
- do their programming." -- Simon Slavin -
----------------------------------------------------------------------
More information about the fedora-list
mailing list