Sorry, I have written Debian 8.1, actually it is Debian 8.6... --
Andrea Boccaccio Il 19/09/16 12:01, Andrea Boccaccio ha scritto: > I have a proxy server, a GNU/Linux Debian 8.1 64bits with installed > Squid 3.4.8-6+deb8u3 and Rkhunter 1.4.2-0.4, both installed via the > packet manager. > > As check I run "rkhunter --check --enable all --disable none --rwo", > sometimes it gives me some warnings about some possible rootkit > checking a network port used by /usr/sbin/squid, that is the proxy. I > have iptables in action and the input is permitted only if toward the > proxy server port or any other only if established or related, more, > if I repeat the check after some time it gives me no warning at all. > > They seems this bug already reported for SME Server and it seems they > have already resolved these warnings: > https://bugs.contribs.org/show_bug.cgi?id=4614 > > I think they are just false positive, and they are given to me because > sometimes squid uses the ports checked by rkhunter, what do you think > about? Have I to worry about these warnings? If I have not to worry > about, and actually they are false positives, is there a way to > minimize these false positives without to compromise rkhunter scan > reliability? > > ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
