Am 2013-09-01 10:48, schrieb elrippo: > "Warning: Network TCP port 60922 is being used by /usr/sbin/tor. Possible > rootkit: zaRwT.KiT > Use the 'lsof -i' or 'netstat -an' command to check this." > > I guess this is a false positive in conjucntion to the massive raid of > traffic > increase in the past 3 weeks, were Tor opens these Ports to manage the > massive > circuit building requests.
I had similar warnings several times, even before the recent increase in the number of users. As I'm pretty sure it's a false positive, I whitelisted tor in rkhunter's configuration file (/etc/rkhunter.conf): PORT_WHITELIST="/usr/sbin/tor" Paul _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
