Unknown binary file named "0" in /usr/local/src/

Question

I was cleaning my server today and found a file in directory /usr/local/src/

File Attributes:
Name: 0
Size: 975MBs
Type: Binary (I tried to cat the file)
Location: /usr/local/src/

Permissions:

-rw-r--r--  1 root root 1005054631 Nov 19  2000 0

I also tried to check if that file is used by any of the process using

fuser 0

but that returned nothing.

I have not added this file manually. I don't know how that file was created in the server. Is the server infected or does Ubuntu write these kinds of files automatically?

How can I check how that file was created & what that file is doing there?

Tried binwalk command to check the file, Below is the output.

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
168065817     0xA047B19       MySQL ISAM compressed data file Version 5
220920175     0xD2AF96F       IMG0 (VxWorks) header, size: 1088485285
304382083     0x12248083      MySQL ISAM index file Version 7
358147067     0x1558E3FB      MySQL ISAM index file Version 8
362565535     0x159C4F9F      MySQL ISAM compressed data file Version 2
487768270     0x1D12C0CE      COBALT boot rom data (Flat boot rom or file system)
529883861     0x1F9562D5      rzip compressed data - version 112.123 (-1629463256 bytes)
718008653     0x2ACBF14D      MySQL MISAM compressed data file Version 1
778034453     0x2E5FDD15      MySQL ISAM compressed data file Version 4
778229381     0x2E62D685      MySQL MISAM index file Version 10
784771028     0x2EC6A7D4      MySQL MISAM compressed data file Version 10

Answer 1

Generally that directory is empty as it is used to install local sources of software: /usr/local/ is reserved for software installed locally by the sysadmin so we probably will not be able to tell you. You need to ask your sysadmin (and if that is you ... ).

I would assume it will be harmless to remove it.

od -c 0

will show the ASCII characters inside the file. Maybe the results from that can tell you what it is from.

---

edit on comments:

How about mounting the file as it seems to be an ISO.

sudo mkdir /media/0
sudo mount -o loop /usr/local/src/0 /media/0
cd /media/0
ls  

and unmounting:

sudo umount /media/0

Answer 2

Although it does not replace the file utility, you can often get more information about binary files with binwalk (which hildred has suggested elsewhere). This is especially useful for large archives and disk images.

Ubuntu doesn't come with the binwalk command installed so you'll have to install it:

sudo apt update
sudo apt install binwalk

Then run it on your file:

binwalk /usr/local/src/0

Or if you have already cd'd to the /usr/local/src directory you can just run:

binwalk 0

The binwalk command will often reveal enough to figure out what the file is. Sometimes the output is long and it can take a long time. You can interrupt it with Ctrl+C.

Occasionally it's not helpful and doesn't tell you anything at all. Sometimes you get more information from file than binwalk. But especially for files that serve as containers for other files, such as archives those that would ordinarily be named .tar, .zip, and .7z, packages that would be named .deb, .rpm, .msi, executable archives like .run files and even .exe files that install Windows programs, and disk images that you might expect to be named .iso, .img, or .dmg, you will usually get useful output.

binwalk accepts several command-line options to control its behavior. See man binwalk. For the most part you don't have to use them, though--just pass it the file you're interested in.

---

Another option specifically for ISO images, which is useful if you don't want to install binwalk or just to get another view of an ISO image, is the isoinfo utility.

isoinfo uses somewhat odd syntax--to read from a file (the other option is an optical drive) you need the -i flag, you must always pass a flag to specify what kind of information you want, and--unlike with most Unix commands--flags cannot be grouped together after the same -.

• isoinfo -f -i filename and isoinfo -l -i filename list the files inside the ISO, either as a list of hierarchically organized filenames and metadata (-l, like ls -R) or as a list of full paths (-f, like find).
• isoinfo -d -i filename shows metadata that applies to the whole ISO image, reading it from its primary volume descriptor.

There are other options, though you'll probably mainly use those two, especially when you're just trying to figure out what your ISO image is for and where it came from. For more information see man isoinfo.