On 08/17/2012 12:04 AM, Philippe Naudin wrote: > Le jeu. 16 août 2012 19:38:31 CEST, NoOp a écrit: > ... >> I can't replicate on the deb version with: >> Rootkit Hunter version 1.3.8 >> >> What version of rkhunter & have you: >> rkhunter --update >> to ensure that your rkhunter is up to date? >> >> Version 3.6.0.4 (Build ID: 932b512) >> >> I won't be able to check an rpm version until later - sorry. > > Hi, > > Thanks for your reply. I'm using a rpm ;), it is rkhunter-1.4.0-1.el5.
I'm installing that now on Fedora 17 to test. > > Of course I can get rkhunter silent with something like > DISABLE_TESTS="hidden_ports" or ALLOWPROCLISTEN="soffice.bin". > In this case it will not complain about LibreOffice listening on > the network... even when I open a file with some malware inside. > > Can you check the output of this command : > lsof -U | grep soffice > > With LibreOffice-3.5, I get only one line (/tmp/OSL_PIPE_...), but > with LibreOffice-3.6 I get two more lines, two unix sockets. > > Regards, > LO3.5: $ lsof -U | grep soffice soffice.b 10636 gg 3u unix 0x00000000 0t0 3994910 socket soffice.b 10636 gg 7u unix 0x00000000 0t0 3994914 socket soffice.b 10636 gg 9u unix 0x00000000 0t0 3994918 /tmp/OSL_PIPE_1000_SingleOfficeIPC_5fb899de7f8c215610dccf91954a6c soffice.b 10636 gg 12u unix 0x00000000 0t0 3994992 socket soffice.b 10636 gg 26u unix 0x00000000 0t0 4004457 socket soffice.b 10636 gg 28u unix 0x00000000 0t0 4004462 socket soffice.b 10636 gg 29u unix 0x00000000 0t0 4005488 socket soffice.b 10636 gg 33u unix 0x00000000 0t0 4005654 socket LO3.6: $ lsof -U | grep soffice soffice.b 10807 gg 6u unix 0x00000000 0t0 4079489 socket soffice.b 10807 gg 10u unix 0x00000000 0t0 4079493 socket soffice.b 10807 gg 13u unix 0x00000000 0t0 4079497 /tmp/OSL_PIPE_1000_SingleOfficeIPC_cc556045c3355e1abfd1d44ea4ee4532 soffice.b 10807 gg 15u unix 0x00000000 0t0 4079499 socket soffice.b 10807 gg 24u unix 0x00000000 0t0 4079581 socket soffice.b 10807 gg 26u unix 0x00000000 0t0 4079663 socket soffice.b 10807 gg 27u unix 0x00000000 0t0 4079762 socket soffice.b 10807 gg 32u unix 0x00000000 0t0 4079938 socket -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted