I got a few
...exists on the system, but it is not present in the rkhunter.dat file.
...it is whitelisted for the 'script replacement' check.
The only other thing out of place is this:
I do not understand. I did a fresh install from a newly downloaded ISO directly from Ubuntu. I enabled ufw and only allowed ports 80 and 443 from the out side world. I did allow ports 22, 21 and 8888 (for ispConfig) from two of my local computers only. I made sure that ssh did not allow root login. I changed my login passwords to totally different strings with alphanumeric characters as well as symbols. Last night I disallowed ssh login with password altogether and created RSA pairs. While apache has been running for a few days, the sites themselves were only last night put back online....
[23:05:15] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text