* John Horne <[email protected]> [04-01-10 23:36]:
> On Sat, 2010-01-02 at 08:00 +0100, Jens Schuessler wrote:
>>
>> So I looked at /usr/bin/rkhunter what these suspicious files could be and
>> tested it on my machine with
>>
>> r...@algol:~# lsof -wnlP -F n| grep '^n/' | sed -e 's/^n//' | sort | uniq
>> | grep "${SUSP_FILES}"
>>
> No, that is not the correct test. The grep test is preceded by a '/',
> and has the '$' anchor. So your test should more be like:
>
> ... | grep -E "/($SUSP_FILES)\$"
Okay, my fault, but with this I get "egrep: Unmatched ( or \(". Is this
the expected behaviour or an sytax error from grep?
I only wanna know what causes the rkhunter message, Wouldn't it be
better if rkhunter tells me exactly which of this susp files he had found,
rather than a list of possible files? When the cronjob is running at
night I receive an email the next morning, then I look at the output of
lsof -F n -w -n| egrep "/($SUSP_FILES)\$" and see nothing suspicious.
Maybe I should start a regular cronjob in short intervals with these
lsof-command to see what happens?
Greetings
Jens
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
