I performed an nmap scan first via nmap 127.0.0.1(loopback address). It returned 999 ports closed, port 631 is open(correct since netstat -tlpn also shows port 631 is listening). Then I did a port scan via nmap my ip address. It then returned the result that all 1000 ports are closed. Why the difference between the two results when they are just scanning my local PC?
I configured a new Ubuntu Installation and set up the firewall. All incoming was denied and all outgoing was denied as well(with exception for port 8080, as I am behind a proxy). I then tried an online port scan and found that my ssh port(22) was open. I double checked but the problem remained. I specifically denied port 22 in the firewall, but the port is still shown as open(all other ports are closed). What is the reason behind this?
Output of netstat -tlpn is
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp6 0 0 ::1:631 :::* LISTEN -
Running rkhunter showed the following error message-"Invalid SCRIPTWHITELIST configuration option: Non-existent pathname: /usr/bin/lwp-request". A quick search showed that I could get away with it by "commenting" the line "SCRIPTWHITELIST=/usr/bin/lwp-request" in the rkhunter.conf file though I will need to change the file permissions to do so. Should I do it or there is any other way to run rkhunter?
As for chkrootkit, it threw up a warning "The tty of the following user process(es) were not found in /var/run/utmp !" and followed it up with a PID and a process name running under root. What does it mean?