In a general safety awareness upgrade on one of my test servers, I added in a few security extras and auditing tools (eg. lynis, rkhunter, chkrootkit etc). The rkhunter produces this warning:
Warning: Network TCP port 13000 is being used by /usr/bin/redis-server. Possible rootkit: Possible Universal Rootkit (URK) SSH server
I am assuming ('cos I don’t actually know for sure) that it is only because the port matches a “known backdoor” port [chkrootkit did not find the same problem]. Perhaps someone with cybersecurity experience could comment?
This is a non-live server which I can trash if needed, and the listener is only on 127.0.0.1, so it shouldn’t be able to do much, but still… I’d rather know for sure.