while the *netstat *use more cpu and time, change the code belows:
ossec-hids-2.7/src/rootcheck/check_rc_ports.c
...
#elif defined(Linux)
#define NETSTAT_LIST "*ss *-na%s | grep -v \"[s:]:\" |cut -d ':' -f 2 | cut
-d ' ' -f 1"
#define NETSTAT "*ss *-na%s | grep \"[^0-9]%d \" > /dev/null 2>&1"
#endif
#ifndef NETSTAT
#define NETSTAT "*ss *-na%s | grep \"[^0-9]%d \" > /dev/null 2>&1"
...
int run_netstat(int proto, int port)
{
int ret;
char nt[OS_SIZE_1024 +1];
if(proto == IPPROTO_TCP)
snprintf(nt, OS_SIZE_1024, NETSTAT, "*t*", port);
else if(proto == IPPROTO_UDP)
snprintf(nt, OS_SIZE_1024, NETSTAT, "*u*", port);
anywhere else need to be modified?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
