Re: [Rkhunter-users] rkhunter on AIX

Fri, 22 Nov 2013 14:02:55 -0800 

On Fri, 2013-11-22 at 14:43 -0600, Josh Peacock wrote:
> I work mostly on AIX servers.  I can account for most of the
> differences with whitelists and allows.  I am however running into an
> issue with the strings command test.  It fails to find any of the test
> strings on AIX.
>
> I end up with the following messages in the log file.
>
> [12:23:54] Warning: Scanning for string /usr/sbin/ntpsx      [ Warning
> ]
>            String not found in 'strings' command
> [12:23:54] Warning: Scanning for string /usr/sbin/.../bkit-ava
> [ Warning ]
>            String not found in 'strings' command
> [12:23:54] Warning: Scanning for string /usr/sbin/.../bkit-d [ Warning
> ]
>            String not found in 'strings' command
>
> There are more I just figured you probably didn't need all of them.
>
> I propose a change to the strings_check function.
>
> On line 8603 I would like to see it changed From:
> STRING_SEEN=`echo "${STRING}" | ${STRINGS_CMD} | grep "${STRINGNAME}"
> | tr -d ' '`
>
> To:
> STRING_SEEN=`echo "${STRING}" | ${STRINGS_CMD} -a | grep
> "${STRINGNAME}" | tr -d ' '`
>
> Adding the -a argument works in both AIX and Linux.  If that isn't
> satisfactory there should be a check to see if its on aix and the
> command should include the "-a" or "-" as an argument to the strings
> command.
>
Hello,

I see no problem with adding the '-a' option as it seems to be
universally recognised in Linux and UNIX.

I am, however, a bit curious as to why AIX doesn't work with this test.
The test itself is something like: echo "abc" | strings
It should just echo what it is passed (the test being that if it doesn't
then the 'strings' command itself could be corrupt).




John.

-- 
----------------------------------------------------
John Horne                   Tel: +44 (0)1752 587287
Plymouth University, UK      Fax: +44 (0)1752 587001


------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing 
conversations that shape the rapidly evolving mobile landscape. Sign up now. 
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to