FedoraForum.org - Fedora Support Forums and Community
Results 1 to 3 of 3
  1. #1
    Join Date
    Feb 2007
    Location
    UK
    Posts
    108

    rkhunter - ZaRwt.KiT

    I have been running rkhunter for a while now and all's been fine.
    This morning I have rkhunter reporting:

    ...Warning: Network TCP port 60922 is being used by /usr/lib/firefox/firefox. Possible rootkit: zaRwT.KiT
    Use the 'lsof -i' or 'netstat -an' command to check this....

    I have run the lsof and netstat -an, but to be honest I'm not sure what I am looking for!
    The lsof (run as sudo) shows firefox entries of:
    firefox 2865 xxxxxx 59u IPv4 430275 0t0 TCP E6540:44482->lhr35s03-in-f14.1e100.net:https (ESTABLISHED)
    firefox 2865 xxxxxx 70u IPv4 126728 0t0 TCP E6540:60172->e1.ycpi.vip.amb.yahoo.com:https (ESTABLISHED)
    firefox 2865 xxxxxx 72u IPv4 429788 0t0 TCP E6540:40924->a23-44-102-186.deploy.static.akamaitechnologies.com:http (ESTABLISHED)
    firefox 2865 xxxxxx 75u IPv4 401725 0t0 TCP E6540:51866->a23-44-102-186.deploy.static.akamaitechnologies.com:https (ESTABLISHED)
    firefox 2865 xxxxxx 144u IPv4 96547 0t0 TCP E6540:41706->185-19-40-106.rdns.rtap.net:https (ESTABLISHED)


    netstat -an does not appear to show anything specific for firefox or for port 60922.

    Is this report from rkhunter a report of a serious threat?

  2. #2
    Join Date
    May 2017
    Location
    www
    Posts
    135

    Re: rkhunter - ZaRwt.KiT

    Have you had any repeat alerts, if it was a one-off I would imagine it was just firefox (or addon) connecting to port 60922, the same time rkhunter was running.

  3. #3
    Join Date
    Feb 2007
    Location
    UK
    Posts
    108

    Re: rkhunter - ZaRwt.KiT

    It persisted for a few days and then stopped and I haven't had it since - whether that's good or bad I don't know!

Similar Threads

  1. rkhunter
    By lauwers in forum Using Fedora
    Replies: 2
    Last Post: 6th January 2009, 02:06 PM
  2. Yum update rkhunter 'Could not find update match for rkhunter'
    By open4biz in forum Security and Privacy
    Replies: 7
    Last Post: 11th October 2007, 02:42 AM
  3. rkHunter
    By aids in forum Using Fedora
    Replies: 14
    Last Post: 24th February 2007, 12:41 AM
  4. rkhunter says Bad
    By jim in forum Servers & Networking
    Replies: 6
    Last Post: 6th May 2005, 04:39 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •