Hello, i run rk hunter and i get this summary: Code: System checks summary ===================== File properties checks... Files checked: 144 Suspect files: 1 Rootkit checks... Rootkits checked : 496 Possible rootkits: 1 Applications checks... All checks skipped In all list i can see this warnings Code: /usr/bin/lwp-request [ Warning ] Code: Checking for suspicious (large) shared memory segments [ Warning ] Code: Checking if SSH root access is allowed [ Warning ] Everything else is fine. But in summary i can not found which file is suspect. I have there just theese 3 warnings. Have you any idea?
probably the lwp-request. i believe it's expecting it to be a binary file, whilst it's now a script (on ubuntu at least) change the commenting for it in /etc/rkhunter.conf the large shared memory segments will be apache. ALLOWIPCPROC=/usr/sbin/apache2 in the same /etc/rkhunter.conf file. ssh root access check depends on entries in /etc/ssh/sshd_config and ALLOW_SSH_ROOT_USER= in /etc/rkhunter.conf possible rootkit, may be if you have wp-cli installed on that server. if so, you need, in /etc/rkhunter.conf RTKT_FILE_WHITELIST="/usr/bin/wp" (or whatever path and filename you changed the wp-cli.phar file to if different) also, you should be able to find out exactly what's giving the warnings by reading through the log file /var/log/rkhunter.log
