[Rkhunter-users] Question on fixing an issue just saw in rkhunter log

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Rkhunter reports

[04:21:27] Warning: Network TCP port 47018 is being used by /usr/bin/boinc. 
Possible rootkit: Possible Universal Rootkit (URK) component
           Use the 'lsof -i' or 'netstat -an' command to check this.

Using lsof -i get this.

lsof -i | grep boinc
boinc       2766       msetzerii    7u  IPv4   35501      0t0  TCP localhost:xqosd 
(LISTEN)
boinc       2766       msetzerii   10u  IPv4 1331117      0t0  TCP 
setzconote.dyndns.org:47032->einstein10.aei.uni-hannover.de:https 
(CLOSE_WAIT)
boinc       2766       msetzerii   14u  IPv4 1331116      0t0  TCP 
setzconote.dyndns.org:47018->einstein10.aei.uni-hannover.de:https 
(CLOSE_WAIT)

The address shows router that doesn't forward this port 
to machines behind it so don't think it would go 
anywhere. So note sure if this is an issue, or if it would be 
something with rkhunter or with boinc einstein project..

(Also, saw an issue in report with /usr/libexec/gawk 
linking to /usr/libexec/awk which is a directory with two 
files. The gawk is new from earlier this month, the files in 
awk date to 7/2021?)
Fedora 35.

# ls -l | grep awk
drwxr-xr-x. 2 root root                   4096 Jun  6 16:36 awk
lrwxrwxrwx. 1 root root                      3 Sep 18 01:19 gawk -> awk
# ls -l awk
total 32
-rwxr-xr-x. 1 root root 15944 Jul 22  2021 grcat
-rwxr-xr-x. 1 root root 15928 Jul 22  2021 pwcat

+------------------------------------------------------------+
 Michael D. Setzer II - Computer Science Instructor 
(Retired)     
 mailto:mi...@gu...                            
 mailto:mse...@gm...
 Guam - Where America's Day Begins                        
 G4L Disk Imaging Project maintainer 
 http://sourceforge.net/projects/g4l/
+------------------------------------------------------------+