> On Jul 31, 2017, at 11:05 AM, SteveJarvis via Rkhunter-users > <rkhunter-users@lists.sourceforge.net> wrote: > Rkhunter has produced the following Warning "Warning: The command > '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: a > /usr/bin/perl -w script, ASCII text executable" > > From what I have been able to find out this is perhaps some sort of false > positive but if anyone knows if it represents a problem any advice would be > much appreciated.
Rkhunter is checking the commands installed on your system to see if they are executable binaries or shell scripts. In the old days of UNIX, everything in, say, ‘/usr/bin’, might be expected to be an executable binary file (i.e. a compiled C program). If it’s a shell script instead, that might be a sign that hackers have been tampering with your system. Today, many modern Linux distributions will implement certain common commands using shell scripts rather than executable binaries. That’s normal. But Rkhunter doesn’t know for every version of every distro which commands should be executables and which should be shell scripts, so it warns you about all the ones it finds. That’s why you’re getting that warning. The best thing you can do is to install Rkhunter right after you set up your system, then run it and see which files it warns you about. If you’re starting from a clean install, you can usually assume that the warnings you get at this point are false positives. You can then whitelist those files, as described in the Rkhunter documentation, telling Rkhunter “It’s OK for that file to be a shell script; don’t worry about it.” If you’ve just installed Rkhunter on a system that’s been around for a while, it’s a little harder to know whether a given command is supposed to be a shell script or not. If you’re really worried, you could spin up a VM on something like DigitalOcean or Linode and inspect a freshly-installed system to see what’s supposed to be what (destroy the VM when you’re done and it will only cost you pennies). For reference, ‘lwp-request’ is indeed typically (always?) a Perl script, so you’re probably fine. > Just one more thing, can anyone recommend a book about Linux security that > would be a good introduction? I’m a big fan of O’Reilly’s technical books generally, but most of their Linux security titles seem to be a bit elderly. You could also try http://packtpub.com/, as they have more recent titles (and are having a sale currently). Some articles that you may find helpful include: https://www.linux.com/news/webinar/2017/how-keep-hackers-out-your-linux-machine-part-1-top-two-security-tips https://www.codelitt.com/blog/my-first-10-minutes-on-a-server-primer-for-securing-ubuntu/ https://github.com/lfit/itpol/blob/master/linux-workstation-security.md Angus ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
