For the possible IRC bot in httpd.bin I found that it is due how rkhunter does the checking. In our bitnami solutions, /opt/bitnami/apache2/bin/httpd is a shell script that allow us to set the needed env vars and then it runs /opt/bitnami/apache2/bin/httpd.bin that is the real apache binary executable file. If you rename httpd as httpd_bak and httpd.bin as httpd, and then run rkhunter again you will get no problems in that file.
For the other warnings, I have done the following test:
- Download debian 9.5 netinstall iso
- Install debian 9.5 netinstall in a Virtual Machine, the only options were enabled was SSH and system tools
- Install rkhunter with apt-get
- run as root rkhunter --check
This will give OK in all the checks but in SSH. If now I do rkhunter --propupd --pkgmgr DPKG and then run the check again, I will get tons of warning.
Could this be what is happening to you ?
Rafael Rios Saavedra