This How To helps you to fix Rkhunter – The following processes are using deleted files! If you get an rkhunter SSH warning, then you should immediately react and check your system. This How to provides you a way for how to do this.
Rkhunter – The following processes are using deleted files
Warning!
Never ignore rkhunter warnings, as your system indeed could be impacted by cyber criminals. You better double check!
Before you start with this how to: I strongly recommend you make a full backup of your system! This how to gives you no warranty for success. If you do not understand what you do, you take the risk of destroying or harming your system.
If this how to does not help you, search for other sources in the internet! There are some other resources for rkhunter for example on myhowto.blog.
Index:
- Rkhunter Rkhunter – The following processes are using deleted files
- How to Fix Rkhunter – The following processes are using deleted files
- Further information that you like to consider
Rkhunter – The following processes are using deleted files
To find this sort of error message, also after you maybe got an email alert, you can execute a simple command that is:
rkhunter -c --enable all --disable none --rwo
This maybe turns into the warnings as displayed in the below.
root@Jon:~# rkhunter -c --enable all --disable none --rwo Warning: The following processes are using deleted files: Process: /usr/bin/dbus-daemon PID: 429 File: /usr/bin/dbus-daemon Process: /usr/lib/systemd/systemd-logind PID: 432 File: /usr/lib/systemd/systemd-logind Process: /usr/bin/python3.7 PID: 514 File: /usr/bin/python3.7 Process: /usr/bin/python3.7 PID: 518 File: /usr/bin/python3.7 Process: /usr/bin/journalctl PID: 531 File: /usr/bin/journalctl Process: /usr/lib/systemd/systemd PID: 22090 File: /usr/lib/systemd/systemd Process: /usr/lib/systemd/systemd PID: 22092 File: /usr/lib/systemd/systemd Process: /usr/bin/cpulimit PID: 22136 File: /dev/pts/0
This warning is to be taken serious. Now, in my case the system has been up and running for maybe a very long time. This in Linux is not something that is special because Linux systems are very stable. But let’s check this assumption. I simply fire the command “uptime”:
root@Jon:~# uptime 22:05:21 up 343 days, 3:18, 1 user, load average: 0.49, 0.55, 0.71
Wow! My system is up and running since 343 days! Amazing! I guess, but that’s my guess, a reboot could help to fix the error and let processes not using deleted files anymore. Certainly, there is a risk! If the new configuration is not as proper as with the deleted files, then, I have more work to do. But this is, why I said in the beginning to make a backup of the system! If you in this moment have no backup, than you better backup now!
How to Fix Rkhunter – The following processes are using deleted files
As of the above, it looks like a reboot could potentially help my system because it will allow impacted processes to not use deleted files anymore. Alternatively, of course, I could restart each of the processes. In this case, I am too lazy, even it would potentially be the better option. To reboot, I fire:
sudo reboot
After successful reboot, I check if I have still this error by shooting the below command:
rkhunter -c --enable all --disable none --rwo
Great, the result does not show these errors anymore. Basically, the processes use now the new and not the deleted files anymore. The result of the command looks like this:
root@Jon:~# rkhunter -c --enable all --disable none --rwo root@Jon:~#
Further information that you like to consider
There are various sources in the internet that allow you to further deep dive into the rkhunter specifics. In the below you find some links that maybe help you:
- Rkhunter – How To Fix Rkhunter Warning
- Rkhunter Error Message
- Fix Rkhunter Error
- rkhunter Suspect Files
- Rkhunter: File Properties Have Changed
- How To Fix Rkhunter sudo Warning
- How To’s that help!
- Rkhunter Linux man page – man page including rkhunter description and command options
- Debian Linux rkhunter man page – specific Debian Linux man page about rkhunter
