On Tue, 2007-02-27 at 01:45 +0100, [EMAIL PROTECTED] wrote: > Hello JJ, > > On Mon, 26 Feb 2007 21:39:37 +0100 John Fitzgerald > <[EMAIL PROTECTED]> wrote: > >A quick heads-up/note/question regarding syslog remote logging > >detection > >with rkhunter. > > >ps -auwwx | grep syslogd > > > >to find out if syslogd is running with the -f parameter pointing > >to another syslog.conf file which might have remote logging > specified. > This is probably a bit more of a general problem. The xinetd check should maybe also check to see if xinetd has started with the '-f' option?
At present I have modifed my local RKH to allow users to specify the xinetd configuration file pathname in the RKH config file. This may be a better solution since it avoids determining the 'ps' options to use for differing O/S's ('ps -auwwx' won't work on Solaris). Secondly, if the sysadmin is deliberately starting xinetd/syslogd with a non-default config file pathname, then they should modify the RKH config file accordingly. Thirdly, other software we might want to check may use some other option than '-f', so we then get into the 'if software = ... do this; else if software = ... do that' etc situation. Along with point 1 above ('ps' options), it starts to get a bit messy. That's my thinking anyway :-) John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users