Hello community,
I'm hoping someone could help me with this. Recently I have installed
*RKhunter* (v1.4.2) on a couple of loadbalancers ( *Haproxy* 2.0.14 )
running on Debian 9. Stretch. While performing a full system check I'm
getting a lot or warnings about tcp ports being used by Haproxy. They look
like this:
Use the 'lsof -i' or 'netstat -an' command to check this.
Warning: Network TCP port 13000 is being used by /usr/sbin/haproxy.
Possible rootkit: Possible Universal Rootkit (URK) SSH server
Use the 'lsof -i' or 'netstat -an' command to check this.
Warning: Network TCP port 47018 is being used by /usr/sbin/haproxy.
Possible rootkit: Possible Universal Rootkit (URK) component
Use the 'lsof -i' or 'netstat -an' command to check this.*
*Also, it seems that I cannot simply whitelist those ports as they seem to
keep changing*. What one would do in this case ?
Cheers,
--
*Ciprian Parfon*
System & Network Engineer
+40 721879113
ciprian.par...@gmail.com
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
