On Wed, 2010-01-06 at 00:29 +0200, Nerijus Baliunas wrote: > On Tue, 5 Jan 2010 21:41:39 +0100 Jens Schuessler <j...@trash.net> wrote: > > > I only wanna know what causes the rkhunter message, Wouldn't it be > > better if rkhunter tells me exactly which of this susp files he had found, > > rather than a list of possible files? > > for RKHTMPVAR in ${SUSP_FILES_INFO}; do > RKHTMPVAR=`echo ${RKHTMPVAR} | sed -e 's/^[ ]*//'` > > FILENAME=`echo ${RKHTMPVAR} | cut -d: -f1 | sed -e > 's/\./\\\./g'` > SUSP_FILES="${SUSP_FILES}|${FILENAME}" > done > > Here instead of adding files to SUSP_FILES the grep itself should run - > it will take more time to complete, but it really would be more convenient. > As far as I remember the problem was that the lsof command could produce a lot of output. As such RKH only runs it once and tests the output once directly. We could still run lsof once, but it would probably be better to store the output in a file rather than a variable (in case that causes the shell a problem). Hence we would need to change the code a bit. I'll make a note of it.
John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users