I was hoping to avoid that ;) We have a situation where the developers applications changes the directory path with each version, and one of the ports they use is being detected as a rootkit,
So I was hoping to wildcard all possible underlaying release versions. ie: /software/10.1/application /software/10.2/application Of course… the port itself is not static, so I can’t just whitelist the port, as it could shift. Luckily there are not that many version, however it still means a manual change that needs to be done with each new release. Guess On 05 Oct 2015, at 17:45, John Horne <john.ho...@plymouth.ac.uk> wrote: > On Mon, 2015-10-05 at 17:34 +0200, Chris Lee wrote: >> Thanks John >> >> I am assuming as well that wild cards can be used as well here ? >> >> i.e. /software/version*/bin/application.sh >> > I don't think so. If you had a wildcard then which command has the port > in use? You may well need to specify the command more than once if > there is more than one possible command using a port. > > > > John. > > -- > John Horne Tel: +44 (0)1752 587287 > Plymouth University, UK > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users
------------------------------------------------------------------------------
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
