On Mon, 2010-11-29 at 11:26 -0800, Al Varnell wrote: > On 11/29/10 9:12 AM, "Dimitri Yioulos" <dyiou...@firstbhph.com> wrote: > > > Greetz, all. > > > > I'm in the process of upgrading RKH from version > > 1.3.6 to 1.3.8 via RPM from Dag repository. > > Everything has gone fine, but I note a couple > > of "changes" regarding "Performing checks on > > network ports". Specifically "Checking for > > backdoor ports" simply returns "None found", > > rather than listing each port individually. I > > actually preferred to see the ports listed > > individually. > > > Ports checked are listed in rkhunter.log > That is correct.
The previous output from the test was not in accordance with the general output of RKH tests. For example, why are not all the strings checked in the 'strings' test displayed, why are not all the files and directories checked by the 'rootkits' test displayed and so on? Basically the output would be too verbose, and generally not informative. Users (admins) generally only want to know when something is found/not found/wrong, not when things are okay. So the 'ports' test output was modified just to show the overall result. The actual ports checked are logged. The only exceptions to the above are the file properties check, which will list all the files checked, the rootkits check, which will list the rootkits searched for, and the apps test which will list the apps being checked. For all the other tests, a summary result is shown. > > > And, "Checking for hidden ports" > > returns "Skipped". Is there a way to enable > > seen the ports individually, and not having the > > hidden ports directive skipped? Apologies if > > this has already been answered; I haven't found > > any posts relating to it. > > > It is disabled by default, but I'm not sure why. You may be able to enable > it with "sudo rkhunter --enable hidden_ports" but in my case that gave me: > "Info: Unable to find the 'unhide-tcp' command" > Exactly. If your system doesn't have the unhide-tcp command then the check cannot run. It is disabled by default because most people won't have that command installed. If they do, then they can modify the list of enabled tests in the config file. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
