On 09.01.20 18:50, home user wrote:
This morning, I got the following warning from rkhunter:
-----
---------------------- Start Rootkit Hunter Scan ----------------------
Warning: Network TCP port 60922 is being used by
/usr/lib64/firefox/firefox. Possible rootkit: zaRwT.KiT
Use the 'lsof -i' or 'netstat -an' command to check this.
...
-----
The output from "netstat -an" is too long to put here. I don't know
what to look for in all that.
1. What specifically should I be looking for?
2. Is rkhunter's warning a false alarm or a real problem?
netstat -taupen | grep 60922
to 1.:
where the "rootkit"
- connects to,
- what it does,
- if it survives a reboot,
- what google says about zaRwT.KiT,
- ...
- what "rpm -Vv firefox" says
- if it happens after an "sudo dnf reinstall firefox"
- ...
--
sixpack13
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
