rkhunter warning: real or false alarm?

[home user]

This morning, I got the following warning from rkhunter:
-----
---------------------- Start Rootkit Hunter Scan ----------------------
Warning: Network TCP port 60922 is being used by 
/usr/lib64/firefox/firefox. Possible rootkit: zaRwT.KiT
         Use the 'lsof -i' or 'netstat -an' command to check this.
----------------------- End Rootkit Hunter Scan -----------------------
-----
The output of lsof -i is here:
-----
bash.1[~]: lsof -i
COMMAND    PID    USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd      1    root   31u  IPv4   2530      0t0  TCP *:sunrpc (LISTEN)
systemd      1    root   32u  IPv4   2536      0t0  UDP *:sunrpc
systemd      1    root   33u  IPv6   2543      0t0  TCP *:sunrpc (LISTEN)
systemd      1    root   35u  IPv6   2550      0t0  UDP *:sunrpc
rpcbind    857     rpc    4u  IPv4   2530      0t0  TCP *:sunrpc (LISTEN)
rpcbind    857     rpc    5u  IPv4   2536      0t0  UDP *:sunrpc
rpcbind    857     rpc    6u  IPv6   2543      0t0  TCP *:sunrpc (LISTEN)
rpcbind    857     rpc    7u  IPv6   2550      0t0  UDP *:sunrpc
rpcbind    857     rpc   11u  IPv6  22909      0t0  UDP *:50041
avahi-dae  890   avahi   12u  IPv4  24285      0t0  UDP *:mdns
avahi-dae  890   avahi   13u  IPv6  24286      0t0  UDP *:mdns
avahi-dae  890   avahi   14u  IPv4  24287      0t0  UDP *:57958
avahi-dae  890   avahi   15u  IPv6  24288      0t0  UDP *:39302
chronyd    917  chrony    5u  IPv4  27077      0t0  UDP localhost:323
chronyd    917  chrony    6u  IPv6  27078      0t0  UDP localhost:323
dhclient  1091    root    6u  IPv4  31071      0t0  UDP *:bootpc
cupsd     1110    root    7u  IPv4  32911      0t0  TCP *:ipp (LISTEN)
cupsd     1110    root    8u  IPv6  32912      0t0  TCP *:ipp (LISTEN)
dhclient  1168    root    5u  IPv6  29353      0t0  UDP 
coyote:dhcpv6-client
dnsmasq   1285 dnsmasq    3u  IPv4  36958      0t0  UDP *:bootps
dnsmasq   1285 dnsmasq    5u  IPv4  36961      0t0  UDP coyote:domain
dnsmasq   1285 dnsmasq    6u  IPv4  36962      0t0  TCP coyote:domain 
(LISTEN)
sendmail  2061    root    4u  IPv4  40777      0t0  TCP localhost:smtp 
(LISTEN)
bash.2[~]:
-----
The output from "netstat -an" is too long to put here.  I don't know 
what to look for in all that.
1. What specifically should I be looking for?
2. Is rkhunter's warning a false alarm or a real problem?

thanks,
Bill.
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org