Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

rkhunter hidden port UDP:68
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Seron
Apprentice
Apprentice


Joined: 31 Dec 2002
Posts: 293
Location: Malmö, Sweden
PostPosted: Wed Oct 15, 2014 10:03 pm    Post subject: rkhunter hidden port UDP:68 Reply with quote
I've used dhcpcd for some time and have PORT_PATH_WHITELIST=/sbin/dhcpcd:UDP:68 set in /etc/rkhunter.conf so rkhunter doesn't report it as a hidden port, or so it has been until recently. I now have rkhunter report hidden port 68 without any particular binary path attached to it.
Code:
# rkhunter --check --report-warnings-only
Warning: Hidden ports found:
         Port number: UDP:68

I'm not sure what to make of it. How can I find what's using this port, and why isn't rkhunter reporting the binary using it like it did before PORT_PATH_WHITELIST was set?
_________________
man cannot be brave without being afraid
Back to top
View user's profile Send private message
patrix_neo
Guru
Guru


Joined: 08 Jan 2004
Posts: 520
Location: The Maldives
PostPosted: Wed Oct 22, 2014 8:03 pm    Post subject: Re: rkhunter hidden port UDP:68 Reply with quote
Seron wrote:
I've used dhcpcd for some time and have PORT_PATH_WHITELIST=/sbin/dhcpcd:UDP:68 set in /etc/rkhunter.conf so rkhunter doesn't report it as a hidden port, or so it has been until recently. I now have rkhunter report hidden port 68 without any particular binary path attached to it.
Code:
# rkhunter --check --report-warnings-only
Warning: Hidden ports found:
         Port number: UDP:68

I'm not sure what to make of it. How can I find what's using this port, and why isn't rkhunter reporting the binary using it like it did before PORT_PATH_WHITELIST was set?


You might have netstat installed. This app can display processes using certain ports. I usually use netstat -tulpn for such occasions. ( -tulipan - a memory mind game )

patrix_neo's processes using ports wrote:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2540/master
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 4943/mysqld
tcp6 0 0 :::443 :::* LISTEN 1339/apache2
tcp6 0 0 :::80 :::* LISTEN 1339/apache2
udp 0 0 0.0.0.0:68 0.0.0.0:* 2059/dhcpcd
udp 0 0 0.0.0.0:514 0.0.0.0:* 2241/syslog-ng
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy