Bug 132541 - rkhunter 1.3.4 False positives fix
Summary: rkhunter 1.3.4 False positives fix
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Martin Wilke
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-11 13:20 UTC by Lukasz Wasikowski
Modified: 2009-03-16 22:10 UTC (History)
0 users

See Also:


Attachments
file.diff (1.40 KB, patch)
2009-03-11 13:20 UTC, Lukasz Wasikowski
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Lukasz Wasikowski 2009-03-11 13:20:01 UTC
When rkhunter does FreeBSD's specific checks it compares output of sockstat and netstat and if there's a difference it reports warning. The problem is that sockstat command returns ports as numbers, and netstat command returns it as numbers with dot sign in front.

Fix: Patch attached.

Patch attached with submission follows:
How-To-Repeat: Install rkhunter 1.3.4 from ports and run rkhunter --propupd -c --rwo

If some services are listening on some ports you'll get:

Warning: Differences found between sockstat and netstat output:
         Sockstat output: 110
22

         Netstat output: .110
.22
Comment 1 Martin Wilke freebsd_committer 2009-03-11 14:33:37 UTC
Responsible Changed
From-To: freebsd-ports-bugs->miwi

I'll take it.
Comment 2 Martin Wilke freebsd_committer 2009-03-16 22:01:43 UTC
State Changed
From-To: open->closed

Committed. Thanks!
Comment 3 dfilter service freebsd_committer 2009-03-16 22:01:48 UTC
miwi        2009-03-16 22:01:34 UTC

  FreeBSD ports repository

  Modified files:
    security/rkhunter/files patch-rkhunter 
  Log:
  - Fix warning output
  
  PR:             132541
  Submitted by:   Lukasz Wasikowski <lukasz@wasikowski.net>
  
  Revision  Changes    Path
  1.3       +1 -1      ports/security/rkhunter/files/patch-rkhunter
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"