rkhunter and wpa_supplicant

Dave

6/24/24, 11:29 PM

I suspect my laptop being hacked. Here's one of the rkhunter log lines I do not like:

[11:01:45] Info: Starting test name 'packet_cap_apps' [11:01:46] Checking for packet capturing applications [ Warning ] [11:01:46] Warning: Process '/usr/sbin/wpa_supplicant' (PID 1201) is listening on the network.

Yes, I connect my latpop to WIFI. But I do not expect my device to listen to the network. My questions are:

is it a normal behavior?
If not, where is the default configuration file in use by wp_supplicant?

Thanks for your answers

Dave

0 + 6

networking

rkhunter

wpa-supplicant

Rinzwind

6/24/24, 11:35 PM

No it is not. rkhunter (and any of these tools) is a piece of crap: using WINDOWS rules to investigate LINUX is stupid "process '/usr/sbin/wpa_supplicant' (PID 1201) is listening on the network" That is the whole idea of wpa_supplicant. "It implements WPA key negotiation with a WPA Authenticator and EAP authentication with Authentication Server. In addition, it controls the roaming and IEEE 802.11 authentication/association of the wireless LAN driver." How to do that w/o listening the network is beyond me ...

guiverc

6/25/24, 12:26 AM

We have no OS/product/release details; so we'd be *guessing* anyway

Dave

6/26/24, 12:36 AM

uname -a Linux myhost 5.19.0-45-generic #46~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Jun 7 15:06:04 UTC 20 x86_64 x86_64 x86_64 GNU/Linux

guiverc

6/26/24, 12:38 AM

Dave - that provides kernel details, with that kernel being used by multiple OSes so you've still not said what OS/product you're using (no-one asked for what kernel you're using!). This also isn't a forum (but a Q&A site) so answers will be to your question that still has no OS/release, not even kernel details (*comments are just that, comments to the Original Poster or prior commenter*)

Dave

6/26/24, 12:40 AM

Maybe you could be more explicit then on which information you are looking for?

guiverc

6/26/24, 12:41 AM

What OS & release are you actually using. If it's Ubuntu, what Ubuntu product (eg. Ubuntu Server 20.04 LTS, Ubuntu Core 22 etc). The Server/Desktop/Core is the product & 20.04 being the release... FYI: Your provided kernel says 22.04.1, where 22.04.1 used the 5.15 kernel not 5.19 so if you're using 22.04.1 you're behind on security upgrades/fixes etc! however the 22.04.1 in the kernel isn't release details but packaging detail (which may/may-not represent the OS its used on!)

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: rkhunter and wpa_supplicant

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.