I have a proxy server, a GNU/Linux Debian 8.1 64bits with installed Squid 3.4.8-6+deb8u3 and Rkhunter 1.4.2-0.4, both installed via the packet manager.
As check I run "rkhunter --check --enable all --disable none --rwo", sometimes it gives me some warnings about some possible rootkit checking a network port used by /usr/sbin/squid, that is the proxy. I have iptables in action and the input is permitted only if toward the proxy server port or any other only if established or related, more, if I repeat the check after some time it gives me no warning at all. They seems this bug already reported for SME Server and it seems they have already resolved these warnings: https://bugs.contribs.org/show_bug.cgi?id=4614 I think they are just false positive, and they are given to me because sometimes squid uses the ports checked by rkhunter, what do you think about? Have I to worry about these warnings? If I have not to worry about, and actually they are false positives, is there a way to minimize these false positives without to compromise rkhunter scan reliability? -- Andrea Boccaccio ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
