On 12/5/2009, John Horne (john.ho...@plymouth.ac.uk) wrote: >> Again - is there anything special about port 2006 that makes >> rkhunter single it out?
> Yes, it is known to be used by the CB and w00tkit rootkits. That's > why RKH is warning you about it. Ah, ok, now that makes sense. Thinking about this, it seems to me that whitelisting couriertls makes more sense than whitelisting the port. What do you think? > You can either whitelist the port itself (PORT_WHITELIST=TCP:2006), > or whitelist a particular application to use known bad ports > (PORT_WHITELIST=couriertls). One question - the commented line has quotes around empty contents: PORT_WHITELIST="" Is this another case of it works either way? Or maybe this time the gentoo maintainer got it wrong? -- Best regards, Charles ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
