Open in app

Sign in

Write

Sign in

Update RKHunter & Fix False Positives

CodeZeus
1 min readJun 15, 2021

--

First, log in as root sudo su and edit the configuration file: sudo vim /etc/rkhunter.conf

Fix the Database Update

First, the rkhunter --updateNeeds to work, so change the existing file to the following entries to match what is listed below:

WEB_CMD=""
UPDATE_MIRRORS=1
MIRRORS_MODE=0

While still in the conf file, fix the lwp-request false-positive and uncomment the following line:

SCRIPTWHITELIST=/usr/bin/lwp-request

Run the Update

Save, exit, and run the update. After this, we run the propupd which updates the entire file properties database:

rkhunter — update && \
  rkhunter — propupd

Shared Memory Segments

These are a bit of a guess. I don’t know yet but all I’ve come up with searching is Nginx, Apache, or Mono — though it doesn’t seem to resolve the issue.

This step is not necessary.

ALLOWIPCPROC=/usr/sbin/nginx

Or for Apache:

# Debian/Ubuntu
ALLOWIPCPROC=/usr/sbin/apache2# CentOS/RHEL
ALLOWIPCPROC=/usr/sbin/httpd

Run Rootkit Hunter

The updates work and you should have removed several false positives.

rkhunter -c

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Rkhunter
Linux
Antivirus
Rootkit
Security

--

--

CodeZeus
CodeZeus

Written by CodeZeus

4 Followers
10 Following

Software Developer Jesse Boyer, known more by JREAM. Hobbyist and Professional Developer.

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams