This How To Fix Rkhunter Error Message helps you to fix possible false positives caused by rkhunter. You should however be careful and double check whether its really a false positive or whether you deal with a newly installed root kit.

Rkhunter warnings could have different root causes. Whatever the reason is, you do not like to ignore it. The message(s) or warning(s) are to be taken very serious because there could indeed cybercriminals be the root cause.

Before you start: I strongly recommend you make a full backup of your system! This how to gives you no warranty for success. If you do not understand what you do, you take the risk of destroying or harming your system.


Software Update turning into the need of Rkhunter – How To Fix Rkhunter Error

A normal regular software update could cause rkhunter warnings. This is one of the very frequent use cases. This issue could be caused by a so called headless software update or also automatic software update configurations. If this is the case, than this how to will help you. Otherwise, you should research the internet further and take the warning serious.

If your system files will be replaced by an automatic or also called headless software update, whilst rkhunter is not updating its hashes then rkhunter will send you an alert. This because once rkhunter is running the next time thru your file system, rhunter rightly figures out that hash values have changed. You could also call this false positive, as you did like your system to update automatically. Such a warning message could look like the below example:

rkhunter warning message example - How To Fix Rkhunter Warning

Rkhunter – How to Fix Rkhunter Error Message

First of all, you like to double check your system whether a software update has taken place between the last rkhunter run in which you did receive no warning message and the new rkhunter run where you did receive the warning message.

The history log gives you a good view on this. Execute (on Debian Linux) the following command to check for software updates:

sudo more /var/log/apt/history.log

If you find out, that indeed there was a software update, then you like to execute the next step, allowing to update the rkhunter database with the new facts caused by the software update:

sudo rkhunter --update --propupd

Further information that you like to consider

There are various sources in the internet that allow you to further deep dive into the rkhunter specifics. In the below you find some links that maybe help you:

I wrote some other rkhunter used cases. You maybe like to check out these as well:

