RKHunter reported processes that are using deleted files or are listening on the network

Solution 1:

Firstly, these are not "false-positives". rkhunter is reporting facts; it is not applying any interpretation to those facts.

Does this report means that each of these processes is trying to use a file that has been deleted, or that it has used at some point a file that existed at the time but got deleted afterwards?

The report is showing you processes that had a file open at the time it was deleted. You need to determine if that is legitimate/acceptable behaviour for those processes.

...is there something in this report that indicates that these 4 processes are an error (instead of having just one)?

What do you think the error is? There are 4 separate processes (as shown by the different PID numbers) so that is what rkhunter is reporting.

Is it normal that RKHunter reports a warning about it?

rkhunter come with a generic configuration; there is no way for it to know that you expect dhcpd to be running on that particular machine -- you have to do some configuration. Section 6 of the rkhunter FAQ details how to whitelist a process/daemon/etc

Solution 2:

As far as I can tell, it is normal for programs on Unix-like systems to open a file and then delete it. You can disable that check (DISABLE_TESTS=deleted_files) in /etc/rkhunter.conf or /etc/rkhunter.conf.local.

Also as far as I can tell, it is normal for dhclient to be listening on the network. And /sbin/ is the usual location for that program. So I would whitelist dhclient too. (ALLOWPROCLISTEN=/sbin/dhclient)