Re: [PLUG] rkhunter on two fresh installs

Jonathan Caicedo via plug on 27 May 2024 09:33:07 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] rkhunter on two fresh installs

From: Jonathan Caicedo via plug <plug@lists.phillylinux.org>
To: Michael Lazin <microlaser@gmail.com>
Subject: Re: [PLUG] rkhunter on two fresh installs
Date: Mon, 27 May 2024 12:32:57 -0400
Authentication-results: mail.jcaicedo.com; auth=pass smtp.mailfrom=jonathan@jcaicedo.com
Cc: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jcaicedo.com; s=dkim; t=1716827580; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gXBoJ0wX39J9EhemyH+CotzgcjjXcEG7qPxgY7P+iGo=; b=IpJgtnZ7hWTCFTG4RR9SXHqxQ1GrN82MWQnQltJqP/T3XHsMOvtsOIowrmiMzq69vVqwr7 ZnA8X4sv3kZoQp0sVvIv07GgpMCS1SBf1h2odIQn2hnuYfZwGxBm2cvUvWlouy+5kG3780 ozUHuWyHSsm8UJswhgZxTnuEUheA3M1RZ2+AgOe67YPr4vcSbMOKsCkm/QRcTTA8fp8EBI D42YMll6zHWln7tM0vPe1UYJLvJWDj0JJCIQMNbLKdS/AVutvar16DPLzqguQmUTiwrUMP DzzRwwkkjoVuVy6MLqhKZogtt/nq05qREhTVuhGnseuHi9MxkDuIF3TB6PjXI18K1y5BcG glF6P+3ilZ/oNDTwOeShVzudb6feSIkM5HyWrN3ONAnw20cREn8C0z/Sb5/d2L9WlDhnHU vXrL3w6xdu2H6OOaii0l3xUD21AQ5JuD+TVAjbD6WN3ZoDrhw/xIMXpNH4eg7A7uZcNNES dBKApAQxldnsrQojo9hGsO+X/VH/HPh0VJSlKMRdvKb1gkTsBr6eIMT+Avm7UleTRx/ay8 RTdt/ZHUGdxxUfdSFoZ1G2R8jtXMI7rTy9pp1aY6k/MURKj83p7hxovMHB+Z1u28oReQta f7BYm52yQajff0EZbJMQk0GERF1Qo+jOKye0UzLNCcXeEZ8jkfR3s=
Reply-to: Jonathan Caicedo <jonathan@jcaicedo.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

apple-touch-icon@2.png

rkhunter gives me a warning for "/usr/bin/lwp-request" - what should I do? [Debian 9]

unix.stackexchange.com

— Jonathan

On May 27, 2024, at 12:26, Michael Lazin via plug <plug@lists.phillylinux.org> wrote:

I did two fresh installs of Ubuntu this morning and ran rkhunter on them and it found this:

root@michael-IdeaPad-Slim-3-15IRU8:/var/log# grep Warning rkhunter.log
[11:47:15] /usr/bin/lwp-request [ Warning ]
[11:47:15] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: Perl script text executable
root@michael-IdeaPad-Slim-3-15IRU8:/var/log#

It said I had one possible rootkit due to this detection. This file is a script and not a binary file.

I am trying to lock down these boxes, I want a good blend of ease of use and security. I would use OpenBSD if I wanted max security but I wanted a wired general Linux desktop and laptop. I just want to make sure that this is a known false positive.

Thanks,

Michael Lazin

.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] rkhunter on two fresh installs
  - From: Michael Lazin via plug <plug@lists.phillylinux.org>
- Re: [PLUG] rkhunter on two fresh installs
  - From: "Rich Mingin \(PLUG\) via plug" <plug@lists.phillylinux.org>

References:
- [PLUG] rkhunter on two fresh installs
  - From: Michael Lazin via plug <plug@lists.phillylinux.org>

Prev by Date: [PLUG] rkhunter on two fresh installs
Next by Date: Re: [PLUG] rkhunter on two fresh installs
Previous by thread: [PLUG] rkhunter on two fresh installs
Next by thread: Re: [PLUG] rkhunter on two fresh installs
Index(es):
- Date
- Thread