LinuxQuestions.org - rkhunter message

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - rkhunter message (https://www.linuxquestions.org/questions/linux-security-4/rkhunter-message-848808/)

skoinga

12-07-2010 03:33 AM

rkhunter message

Quote:

[06:26:08] Checking for TCP port 2006 [ Warning ]
[06:26:08] Warning: Network TCP port 2006 is being used by /usr/sbin/apache2. Possible rootkit: CB Rootkit or w00tkit Rootkit SSH server
Use the 'lsof -i' or 'netstat -an' command to check this.

..but neither netstat or lsof show me any process which is using 2006 tcp port.
Any suggestion?

prodev05

12-07-2010 03:36 AM

Where did you got this message ? from the error log ?

try the below command

ps -aef | grep -i apache2
pidof /usr/sbin/apache2

reg

skoinga

12-07-2010 05:23 AM

Quote:

Originally Posted by prodev05 (Post 4183255)

Where did you got this message ? from the error log ?

try the below command

ps -aef | grep -i apache2
pidof /usr/sbin/apache2

reg

Hi,
from /var/log/rkhunter.log

eSelix

12-07-2010 05:52 AM

If you have rootkit, it will be invisible to system and every command can be already changed by hacker to not show his existance. First you must cold restart your system from safe boot image (LiveCD or image dowloaded from other PC) and check your suspected disk (with antivirus software and by binary comparison with not infected files).

All times are GMT -5. The time now is 08:03 AM.