On Tue, 2007-02-27 at 01:45 +0100, [EMAIL PROTECTED] wrote:
> Hello JJ,
>
> On Mon, 26 Feb 2007 21:39:37 +0100 John Fitzgerald
> <[EMAIL PROTECTED]> wrote:
> >A quick heads-up/note/question regarding syslog remote logging
> >detection
> >with rkhunter.
>
> >ps -auwwx | grep syslogd
> >
> >to find out if syslogd is running with the -f parameter pointing
> >to another syslog.conf file which might have remote logging
> specified.
>
This is probably a bit more of a general problem. The xinetd check
should maybe also check to see if xinetd has started with the '-f'
option?
At present I have modifed my local RKH to allow users to specify the
xinetd configuration file pathname in the RKH config file. This may be a
better solution since it avoids determining the 'ps' options to use for
differing O/S's ('ps -auwwx' won't work on Solaris). Secondly, if the
sysadmin is deliberately starting xinetd/syslogd with a non-default
config file pathname, then they should modify the RKH config file
accordingly. Thirdly, other software we might want to check may use some
other option than '-f', so we then get into the 'if software = ... do
this; else if software = ... do that' etc situation. Along with point 1
above ('ps' options), it starts to get a bit messy.
That's my thinking anyway :-)
John.
--
---------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
