No, unhide-tcp doesn't works like unhide. Unhide-tcp try to bind() in all possible ports and if they can't bind, it try to find the port using netstat, if netstat doesn't show this port as open, it prints the warning.
There aren't routines to find the program, but it could be an improve for next releases 2011/7/28 John Horne <john.ho...@plymouth.ac.uk>: > On Thu, 2011-07-28 at 11:11 -0400, Dimitri Yioulos wrote: > >> I understand perfectly that rkhunter depends on unhide to find >> hidden network ports, and I have no reason to believe that unhide >> doesn't work as advertised. I did update to the latest version, >> btw, put it still returns the same information. >> >> ANY assistance you or anyone can give me to try and resolve this >> would be greatly appreciated. >> > It may be overkill but you could try running unhide via strace to see > what is going on. Something like: strace -f unhide sys > > You may well want to capture all the output into a file. Use the > 'unhide' command rather than 'unhide-tcp' as 'unhide-tcp' does not look > for the program name associated with a found PID. > > Of course you could also try running strace on one of the found PIDs. > Eg: strace -p 900 > > > > > John. > > -- > John Horne, University of Plymouth, UK > Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 > > > ------------------------------------------------------------------------------ > Got Input? Slashdot Needs You. > Take our quick survey online. Come on, we don't ask for help often. > Plus, you'll get a chance to win $100 to spend on ThinkGeek. > http://p.sf.net/sfu/slashdot-survey > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users > ------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
