Rich Mingin (PLUG) via plug on 27 May 2024 09:57:35 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] rkhunter on two fresh installs


Don’t outsource security, even to rkhunter. If rkhunter pings something, investigate. Establish trusted hardware, run a more paranoid distro there like Qubes. Self audit regularly. If you can’t or won’t do that, you’ll have to trust the apps or services you outsourced your trust to, at some point.

It’s not advice specific to this situation, it’s general security philosophy.

On Mon, May 27, 2024 at 12:33 Jonathan Caicedo via plug <plug@lists.phillylinux.org> wrote:

— Jonathan

On May 27, 2024, at 12:26, Michael Lazin via plug <plug@lists.phillylinux.org> wrote:


I did two fresh installs of Ubuntu this morning and ran rkhunter on them and it found this:

root@michael-IdeaPad-Slim-3-15IRU8:/var/log# grep Warning rkhunter.log
[11:47:15]   /usr/bin/lwp-request                            [ Warning ]
[11:47:15] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: Perl script text executable
root@michael-IdeaPad-Slim-3-15IRU8:/var/log#

It said I had one possible rootkit due to this detection.  This file is a script and not a binary file. 

I am trying to lock down these boxes, I want a good blend of ease of use and security.  I would use OpenBSD if I wanted max security but I wanted a wired general Linux desktop and laptop.  I just want to make sure that this is a known false positive.

Thanks,

Michael Lazin

.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug