Lynis and rkhunter both work

Lynis and rkhunter both work well… I could also get cli running. I’m not super good at Lynis, but I think it’s saying things are okay. And I’ve yet to find malware or rootkit with rkhunter. I hope to add a cronjob for rkhunter to update, then run at lease once every two weeks at midnight.

Update: I found (not sure if it’s accurate) evidence of the Mokes backdoor… Anyone who can validate this?

I think I will post my logs a little later today… I have a suspicion of the Android kernel from Xperia being the issue… Or, possibly since this device was bought used, there may have been a chance for a bad actor to do something to it… Irrespective, I think this needs a good set of eyes placed on it. I’m not sure if people ever considered to scan for malware with tools like Lynis and Rkhunter… Although, it could be a false-positive, and those do occur…

ClamAV does not currently function in 4.x that I know of. I think there is work being done to allow adapting to function on 4.x.

Stop doing things you don’t understand.


A bit blunt, but looking at the log shows that it found a lot of files (mostly in /dev/ that list off ASCII). I was just taking a look, but, it at least appears that it was a false alarm after all (especially since the utility (rkhunter) expressly stated within the backdoor list that Mokeswas not found

I won’t lie that I don’t understand much of it, but that’s how people learn. I see it as an opportunity to learn something new.


rkhunter has in 15 years not once reported anything but false positives.

What are you trying to achieve?

1 Like