Sorry, I have written Debian 8.1, actually it is Debian 8.6...

--

Andrea Boccaccio


Il 19/09/16 12:01, Andrea Boccaccio ha scritto:
> I have a proxy server, a GNU/Linux Debian 8.1 64bits with installed 
> Squid 3.4.8-6+deb8u3 and Rkhunter 1.4.2-0.4, both installed via the 
> packet manager.
>
> As check I run "rkhunter --check --enable all --disable none --rwo", 
> sometimes it gives me some warnings about some possible rootkit 
> checking a network port used by /usr/sbin/squid, that is the proxy. I 
> have iptables in action and the input is permitted only if toward the 
> proxy server port or any other only if established or related, more, 
> if I repeat the check after some time it gives me no warning at all.
>
> They seems this bug already reported for SME Server and it seems they 
> have already resolved these warnings: 
> https://bugs.contribs.org/show_bug.cgi?id=4614
>
> I think they are just false positive, and they are given to me because 
> sometimes squid uses the ports checked by rkhunter, what do you think 
> about? Have I to worry about these warnings? If I have not to worry 
> about, and actually they are false positives, is there a way to 
> minimize these false positives without to compromise rkhunter scan 
> reliability?
>
>


------------------------------------------------------------------------------
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to