[rkhunter]Please inspect this machine, because it may be infected.

Linux/18 Jul, 16/1956/0
Linux

[rkhunter] Warnings found for server. Please inspect this machine, because it may be infected.

 

Please inspect this machine, because it may be infected.

Rkhunter Warning Email.

You received the above email because rkhunter (rootkit hunter) software is installed on your server and it detected some issues on the server. RKHunter is a widely used scanner on linux servers for detecting rootkits on the server. Rootkit is a malicious program that helps the hacker to gain access to server and it is very difficult to detect it.

1. Log into your Linux Server via SSH as root user

2. Check rkhunter logs using cat ot tail command

rkhunter logs on a Linux server is saved in /var/log directory. Use cat or tail command to view the rkhunter scan log.

Rkhunter scan log file location: /var/log/rkhunter.log
 

[root@server ~]# tail -f /var/log/rkhunter.log

[00:00:55] System checks summary
[00:00:55] =====================
[00:00:55]
[00:00:55] File properties checks…
[00:00:55] Files checked: 0
[00:00:55] Suspect files: 0
[00:00:55]
[00:00:55] Rootkit checks…
[00:00:55] Rootkits checked : 380
[00:00:55] Possible rootkits: 0
[00:00:55]
[00:00:55] Applications checks…
[00:00:55] Applications checked: 8
[00:00:55] Suspect applications: 2
[00:00:55]
[00:00:55] The system checks took: 49 seconds

 

On my server it shows “Possible rootkits: 0” so there are no rootkits on the server. I received the above email because there is two suspect applications on my server (Suspect applications: 2).

The rkhunter logs shows openssl and httpd application was out-of-date and that is the reason why I got rkhunter warning from the server. Updating the applications to latest version will fix the rkhunter warning.

 

rkhunter log file

rkhunter log file

Leave a Reply