Linux, rkhunter rootkit check, malicious files or false alarm?

M

Moolzv Rivers2019-07-03 04:44:53

linux

Moolzv Rivers, 2019-07-03 04:44:53

I launched rkhunter to check rootkits, to be honest, I launched it for the sake of interest, I monitor the security of my system very carefully, but it wasn’t there, I still found suspicious files, please help, is this a rootkit or a false alarm?
Suspicious files:
/usr/bin/lwp-request [ Warning ]
/usr/bin/which [ Warning ]
/usr/bin/fgrep [ Warning ]
/usr/bin/egrep [ Warning ]
/usr/sbin/prelink [ Warning ]
Checking for suspicious (large) shared memory segments [ Warning ]
Checking if SSH root access is allowed [ Warning ]
Checking for hidden files and directories [ Warning ]
As for logging in via SSH to the root account, drop the link where to fix it?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

C

chupasaurus, 2019-07-03
@SaddledSharp

is this a rootkit or a false alarm?

Download the actual packages of the installed versions that the suspicious files supply and compare the hashes.

About logging in via SSH to the root account

The config file is usually located at /etc/ssh/sshd_config, the parameter PermitRootLoginmust be uncommented and have a value of no. Before changing, it is worth remembering that you need to provide SSH access from another account in advance if there is no direct terminal.