What does means this warnings in rk hunter

Discussion in 'Linux Beginners' started by pecka33, Apr 4, 2022.

  1. pecka33

    pecka33 Member


    i run rk hunter and i get this summary:

    System checks summary
    File properties checks...
        Files checked: 144
        Suspect files: 1
    Rootkit checks...
        Rootkits checked : 496
        Possible rootkits: 1
    Applications checks...
        All checks skipped
    In all list i can see this warnings
    /usr/bin/lwp-request                                     [ Warning ]
        Checking for suspicious (large) shared memory segments   [ Warning ]
        Checking if SSH root access is allowed                   [ Warning ]
    Everything else is fine.
    But in summary i can not found which file is suspect. I have there just theese 3 warnings.

    Have you any idea?
  2. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    probably the lwp-request. i believe it's expecting it to be a binary file, whilst it's now a script (on ubuntu at least)

    change the commenting for it in /etc/rkhunter.conf

    the large shared memory segments will be apache.

    ALLOWIPCPROC=/usr/sbin/apache2 in the same /etc/rkhunter.conf file.

    ssh root access check depends on entries in /etc/ssh/sshd_config and ALLOW_SSH_ROOT_USER= in /etc/rkhunter.conf

    possible rootkit, may be if you have wp-cli installed on that server. if so, you need, in /etc/rkhunter.conf
    (or whatever path and filename you changed the wp-cli.phar file to if different)

    also, you should be able to find out exactly what's giving the warnings by reading through the log file /var/log/rkhunter.log
  3. andyhelid

    andyhelid New Member

    Thank you

Share This Page