On 2024-09-29 19:52:24 +0100, Richard Lewis wrote:
> On Thu, 26 Sept 2024 at 11:21, Vincent Lefevre <vinc...@vinc17.net> wrote:
> > For instance, one should be able to use
> >
> > { /usr/bin/ss -anp | /usr/bin/grep -v
> > '^udp.*:60001[[:space:]].*"mosh-server"'; }
>
>
> Indeed --- $netstat and $OPT are implementation details - you
> wouldn't be able to put a pipe in a variable anyway.
There would be 2 solutions for that: either the chkrootkit code could
eval the variable or chkrootkit could be modified to source a config
file (just like what chkrootkit-daily already does), in which case
the user could define shell functions (where there could be the pipe).
> But i suppose there could be a separate option to exclude things from
> this check: the options are:
> - an option to change the range of ports that are checked (ie to
> change $PORT to a list that does not include 6001): easy, but it would
> be a blanket "dont check that port"
This would be an easy solution, though limited.
> - an option to do custom filtering of the results -- this would be
> likely be limited eg, to one word arguments to grep
That and being able to override OPT (e.g. by setting BINDSHELL_OPT)
would be interesting.
--
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
