Topic: rkhunter warning message query

[janet]

I received these messages in the daily rkhunter report.
A search of the forums & google did not find a conclusive answer.
Is this a problem, or a system occurrence that can be ignored ?
I have never seen these messages before.

Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.
Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.
Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.
Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.
Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.
Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.
Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.
Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.
Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.

Immediately following this entry was advice that a new user was added.
I checked and the new user was a valid entry made by a local admin user via user-manager.

htop shows that process (PID 24468) no longer running

Thanks

[cactus]

I received these messages in the daily rkhunter report.
A search of the forums & google did not find a conclusive answer.
Is this a problem, or a system occurrence that can be ignored ?
I have never seen these messages before.

Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.
Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.
Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.
Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.
Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.
Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.
Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.
Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.
Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.

This I have not come across before.

Immediately following this entry was advice that a new user was added.
I checked and the new user was a valid entry made by a local admin user via user-manager.

That should be normal behavior, it is even mentioned in the README.txt on the 7.3 ISO.

[CharlieBrady]

Warning: Process '/usr/sbin/httpd' (PID 24468) is listening on the network.

It would be surprising to me if /usr/sbin/httpd were not listening on the network.

I have no idea why rkhunter bothers to tell you about this.

google for rkhunter and 'false positive' and I expect you'll find lots of hits.

[janet]

cactus

That should be normal behavior...

Yes I understand that valid system changes will be notified in the next rkhunter report.

Charlie & cactus

It seems that the report about /usr/sbin/httpd is simply a false positive of a valid process.
If Charlie doesn't know why rkhunter generated it, then it's not likely any of us will know.

As it appears to be a "one off", I'll ignore it with safety.
Thanks all.