Answer the question
In order to leave comments, you need to log in
Linux, rkhunter rootkit check, malicious files or false alarm?
I launched rkhunter to check rootkits, to be honest, I launched it for the sake of interest, I monitor the security of my system very carefully, but it wasn’t there, I still found suspicious files, please help, is this a rootkit or a false alarm?
Suspicious files:
/usr/bin/lwp-request [ Warning ]
/usr/bin/which [ Warning ]
/usr/bin/fgrep [ Warning ]
/usr/bin/egrep [ Warning ]
/usr/sbin/prelink [ Warning ]
Checking for suspicious (large) shared memory segments [ Warning ]
Checking if SSH root access is allowed [ Warning ]
Checking for hidden files and directories [ Warning ]
As for logging in via SSH to the root account, drop the link where to fix it?
Answer the question
In order to leave comments, you need to log in
is this a rootkit or a false alarm?Download the actual packages of the installed versions that the suspicious files supply and compare the hashes.
About logging in via SSH to the root accountThe config file is usually located at
/etc/ssh/sshd_config
, the parameter PermitRootLogin
must be uncommented and have a value of no
. Before changing, it is worth remembering that you need to provide SSH access from another account in advance if there is no direct terminal.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question