LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page rkhunter message
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-07-2010, 03:33 AM   #1
skoinga
Member
 
Registered: May 2010
Posts: 87

Rep: Reputation: 0
rkhunter message

Quote:
[06:26:08] Checking for TCP port 2006 [ Warning ]
[06:26:08] Warning: Network TCP port 2006 is being used by /usr/sbin/apache2. Possible rootkit: CB Rootkit or w00tkit Rootkit SSH server
Use the 'lsof -i' or 'netstat -an' command to check this.

..but neither netstat or lsof show me any process which is using 2006 tcp port.
Any suggestion?
 
Old 12-07-2010, 03:36 AM   #2
prodev05
Member
 
Registered: Jul 2009
Location: Planet Earth
Distribution: Unix & Linux Variants
Posts: 304

Rep: Reputation: 20
Where did you got this message ? from the error log ?

try the below command

ps -aef | grep -i apache2
pidof /usr/sbin/apache2

reg
Last edited by prodev05; 12-07-2010 at 03:48 AM. Reason: small corrections
 
Old 12-07-2010, 05:23 AM   #3
skoinga
Member
 
Registered: May 2010
Posts: 87

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by prodev05 View Post
Where did you got this message ? from the error log ?

try the below command

ps -aef | grep -i apache2
pidof /usr/sbin/apache2

reg
Hi,
from /var/log/rkhunter.log
 
Old 12-07-2010, 05:52 AM   #4
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,281

Rep: Reputation: 320Reputation: 320Reputation: 320Reputation: 320
If you have rootkit, it will be invisible to system and every command can be already changed by hacker to not show his existance. First you must cold restart your system from safe boot image (LiveCD or image dowloaded from other PC) and check your suspected disk (with antivirus software and by binary comparison with not infected files).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
RKhunter Help please Golgo13 Linux - Software 3 01-16-2008 04:27 PM
rkhunter lumiwa Linux - Newbie 1 09-17-2007 08:51 PM
rkhunter displaying warning message Michael_aust Linux - Newbie 4 04-30-2006 05:24 PM
rkhunter atlaika Linux - Security 7 11-29-2005 10:47 AM
rkhunter phatbastard Linux - Security 3 12-08-2004 09:44 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:44 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration