On 08/17/2012 01:27 PM, NoOp wrote: > On 08/17/2012 12:04 AM, Philippe Naudin wrote: ... >> Thanks for your reply. I'm using a rpm ;), it is rkhunter-1.4.0-1.el5. > > I'm installing that now on Fedora 17 to test. > >> >> Of course I can get rkhunter silent with something like >> DISABLE_TESTS="hidden_ports" or ALLOWPROCLISTEN="soffice.bin". >> In this case it will not complain about LibreOffice listening on >> the network... even when I open a file with some malware inside. >> >> Can you check the output of this command : >> lsof -U | grep soffice >> >> With LibreOffice-3.5, I get only one line (/tmp/OSL_PIPE_...), but >> with LibreOffice-3.6 I get two more lines, two unix sockets. >> >> Regards, >> > > LO3.5: > $ lsof -U | grep soffice > soffice.b 10636 gg 3u unix 0x00000000 0t0 3994910 socket > soffice.b 10636 gg 7u unix 0x00000000 0t0 3994914 socket > soffice.b 10636 gg 9u unix 0x00000000 0t0 3994918 > /tmp/OSL_PIPE_1000_SingleOfficeIPC_5fb899de7f8c215610dccf91954a6c > soffice.b 10636 gg 12u unix 0x00000000 0t0 3994992 socket > soffice.b 10636 gg 26u unix 0x00000000 0t0 4004457 socket > soffice.b 10636 gg 28u unix 0x00000000 0t0 4004462 socket > soffice.b 10636 gg 29u unix 0x00000000 0t0 4005488 socket > soffice.b 10636 gg 33u unix 0x00000000 0t0 4005654 socket > > LO3.6: > $ lsof -U | grep soffice > soffice.b 10807 gg 6u unix 0x00000000 0t0 4079489 socket > soffice.b 10807 gg 10u unix 0x00000000 0t0 4079493 socket > soffice.b 10807 gg 13u unix 0x00000000 0t0 4079497 > /tmp/OSL_PIPE_1000_SingleOfficeIPC_cc556045c3355e1abfd1d44ea4ee4532 > soffice.b 10807 gg 15u unix 0x00000000 0t0 4079499 socket > soffice.b 10807 gg 24u unix 0x00000000 0t0 4079581 socket > soffice.b 10807 gg 26u unix 0x00000000 0t0 4079663 socket > soffice.b 10807 gg 27u unix 0x00000000 0t0 4079762 socket > soffice.b 10807 gg 32u unix 0x00000000 0t0 4079938 socket
And from Fedora 17 (rpm) LO3.6: $ lsof -U | grep soffice soffice.b 30094 gg 6u unix 0xf4440b40 0t0 116738 socket soffice.b 30094 gg 10u unix 0xf4441d40 0t0 116742 /tmp/OSL_PIPE_1000_SingleOfficeIPC_5d6a40e77981cf59bf3a90df38dfa5f7 soffice.b 30094 gg 27u unix 0xf44406c0 0t0 116776 socket soffice.b 30094 gg 28u unix 0xf4441680 0t0 116778 socket soffice.b 30094 gg 33u unix 0xdb205680 0t0 116782 socket $ rkhunter --version Rootkit Hunter 1.4.0 No warnings regarding anything 'soffice' in the rkhunter logs. -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted