On Wed, 2010-01-06 at 00:29 +0200, Nerijus Baliunas wrote:
> On Tue, 5 Jan 2010 21:41:39 +0100 Jens Schuessler <j...@trash.net> wrote:
>
> > I only wanna know what causes the rkhunter message, Wouldn't it be
> > better if rkhunter tells me exactly which of this susp files he had found,
> > rather than a list of possible files?
>
> for RKHTMPVAR in ${SUSP_FILES_INFO}; do
> RKHTMPVAR=`echo ${RKHTMPVAR} | sed -e 's/^[ ]*//'`
>
> FILENAME=`echo ${RKHTMPVAR} | cut -d: -f1 | sed -e
> 's/\./\\\./g'`
> SUSP_FILES="${SUSP_FILES}|${FILENAME}"
> done
>
> Here instead of adding files to SUSP_FILES the grep itself should run -
> it will take more time to complete, but it really would be more convenient.
>
As far as I remember the problem was that the lsof command could produce
a lot of output. As such RKH only runs it once and tests the output once
directly. We could still run lsof once, but it would probably be better
to store the output in a file rather than a variable (in case that
causes the shell a problem). Hence we would need to change the code a
bit. I'll make a note of it.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
