Re: [Rkhunter-users] Inetd services whitelisting?

Thu, 08 Oct 2009 07:12:42 -0700 

Hallo, unspawn,

Du meintest am 07.10.09:

>>> Does anyone use inetd (not Xinetd) whitelisting? If so, could you
>>> please report if it works with Rootkit Hunter version 1.3.4?

>> Works. Since many versions, up to 1.3.4

[imported from e-mail]

> I'm
> trying to troubleshoot an issue with a user using inetd
> whitelisting. Unfortunately I do not posess a machine with inetd
> running. Could you please assist us and supply me with one line
> from your inetd conf with a /path/tobinary name and the
> corresponding rkhunter.conf whitelisting line?

# ------------ rkhunter.conf --------------------
# --------------- partial -----------------------

INETD_CONF_PATH=/etc/inetd.conf

#
# Allow the following enabled xinetd services.
# Only one service per line (use multiple INETD_ALLOWED_SVC lines).
#
# Below are some Solaris 9 and 10 services that may want to be whitelisted.
#
#INETD_ALLOWED_SVC=echo
#INETD_ALLOWED_SVC=/network/rpc-100235_1/rpc_ticotsord
#INETD_ALLOWED_SVC=/network/rpc-100083_1/rpc_tcp
#INETD_ALLOWED_SVC=/network/rpc-100068_2-5/rpc_udp

INETD_ALLOWED_SVC=time
INETD_ALLOWED_SVC=ftp
INETD_ALLOWED_SVC=tftp
INETD_ALLOWED_SVC=telnet
INETD_ALLOWED_SVC=auth
INETD_ALLOWED_SVC=finger
INETD_ALLOWED_SVC=pop3
INETD_ALLOWED_SVC=imap2

# INETD_ALLOWED_SVC=rembo
# INETD_ALLOWED_SVC=swat
# INETD_ALLOWED_SVC=cvs



# --------------- inetd.conf -----------
# --------------- partial --------------
time    stream  tcp     nowait  root    internal
time    dgram   udp     wait    root    internal

ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  /usr/sbin/proftpd
telnet  stream  tcp     nowait  root    /usr/sbin/tcpd  /usr/sbin/in.telnetd

finger  stream  tcp     nowait  daemon  /usr/sbin/tcpd  /usr/sbin/in.fingerd -s 
-l
auth    stream  tcp     nowait.200      nobody  /usr/sbin/in.identd     
in.identd -N
pop3    stream  tcp nowait  root    /usr/sbin/tcpd  /usr/sbin/popa3d
imap2   stream  tcp nowait  root    /usr/sbin/tcpd  /usr/sbin/imapd

# --------------------------------------

Viele Gruesse!
Helmut

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to