Ubuntu
rkhunter package

reporting high ports as rootkit

Bug #861195 reported by Ralf Hildebrandt on 2011-09-28

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	rkhunter (Ubuntu)	New	Undecided	Unassigned

Bug Description

From a daily mail:

Warning: Network TCP port 47018 is being used by /usr/sbin/squid. Possible rootkit: Possible Universal
Rootkit (URK) component
Use the 'lsof -i' or 'netstat -an' command to check this.

in this case squid has a high port open, which is quite commonplace for a proxy.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: rkhunter 1.3.6-5
ProcVersionSignature: Ubuntu 2.6.38-11.48-generic-pae 2.6.38.8
Uname: Linux 2.6.38-11-generic-pae i686
Architecture: i386
Date: Wed Sep 28 09:28:35 2011
PackageArchitecture: all
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: rkhunter
UpgradeStatus: Upgraded to natty on 2011-04-28 (152 days ago)

Tags:

Revision history for this message

Ralf Hildebrandt (ralf-hildebrandt) wrote on 2011-09-28:

Dependencies.txt Edit (821 bytes, text/plain; charset="utf-8")

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Dependencies.txt Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubunturkhunter package