rkhunter found this...
Aaron Konstam
akonstam at sbcglobal.net
Fri Mar 27 14:23:06 UTC 2009
On Thu, 2009-03-26 at 18:03 -0700, Rick Stevens wrote:
> Daniel B. Thurman wrote:
> > Tom Horsley wrote:
> >> On Thu, 26 Mar 2009 20:07:54 -0400
> >> brian wrote:
> >>
> >>
> >>>> It means some script somewhere did an rm -f on /dev/null
> >>>> then later some other script redirected output to /dev/null
> >>>> thus creating it as a regular file.
> >>>>
> >>> It looks more like a typo, as another poster said (one L).
> >>>
> >>
> >> Could be, but I had /dev/null deleted on a machine once and
> >> the ensuing fun was really spectacular :-).
> >>
> >> Doing "whatever > /dev/null" wasn't too bad, but when
> >> someone said "whatever < /dev/null" amazingly random things
> >> could happen.
> >>
> >>
> > The point is, it is not MY scripts doing this! I have had
> > this bugger for quite some time on F9 and it does not
> > go away! Grr. I just deleted it every time rkhunter
> > reports it. Probably just ignore the darn thing....
>
> Do NOT ignore it. I don't think you quite understand what /dev/null
> is. It is supposed to be a device, not a file. Somehow it got deleted
> and now whenever a script or something does a redirect of its output to
> /dev/null, instead of going to a device (and thence into the bit
> bucket), it creates a file called /dev/null.
>
> To fix it:
>
> 1. Do an "ls -Z /dev/null" and make sure there is no _regular_ file,
> directory, symlink, pipe or anything else called "/dev/null". Check the
> first character of the permissions. If it's anything other than a "c"
> then delete the file (you may need to do an "rm -rf /dev/null" to kill
> it).
>
> 2. As root, run "MAKEDEV -x null". That should recreate the device
> file.
>
> 3. Run "ls -Z /dev/null" again and you should see something like:
>
> crw-rw-rw- root root system_u:object_r:null_device_t:s0 /dev/null
>
> displayed. If the first character of the permissions is NOT a "c", it
> didn't work.
You didn't ask if he was running selinux. ls -Z is overkill over ls -l
and will not work if selinux in disabled.
--
=======================================================================
Q: What is purple and concord the world? A: Alexander the Grape.
=======================================================================
Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam at sbcglobal.net
More information about the fedora-list
mailing list