On Fri, 2010-03-26 at 07:42 -0500, Sean Carolan wrote: > >> We've noticed some occasional rkhunter warning emails regarding high > >> numbered ports in use by httpd. Has anyone else experienced this? Is > >> there a way to ignore these? > >> > > Look at whitelisting them with PORT_WHITELIST in your config file. > > What if it's a different, random numbered port each time? I'm not > sure what these are, perhaps outbound connections? > The check is of a local port being used. Look in the config file, it will tell you that you can whitelist the application name instead of the port number if required. As far as I remember the warning message will advise using lsof to check if the port is supposed to be in use or not, so it will be for you to determine if httpd is supposed to be using the port(s) or not.
John. -- John Horne Tel: +44 (0)1752 587287 University of Plymouth, UK Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
