On Sat, 2009-12-05 at 10:22 -0500, Tanstaafl wrote: > Again - is there anything special about port 2006 that makes rkhunter > single it out? > Yes, it is known to be used by the CB and w00tkit rootkits. That's why RKH is warning you about it. You can either whitelist the port itself (PORT_WHITELIST=TCP:2006), or whitelist a particular application to use known bad ports (PORT_WHITELIST=couriertls).
John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
