View previous topic :: View next topic |
Author |
Message |
Seron Apprentice
Joined: 31 Dec 2002 Posts: 293 Location: Malmö, Sweden
|
Posted: Wed Oct 15, 2014 10:03 pm Post subject: rkhunter hidden port UDP:68 |
|
|
I've used dhcpcd for some time and have PORT_PATH_WHITELIST=/sbin/dhcpcd:UDP:68 set in /etc/rkhunter.conf so rkhunter doesn't report it as a hidden port, or so it has been until recently. I now have rkhunter report hidden port 68 without any particular binary path attached to it.
Code: | # rkhunter --check --report-warnings-only
Warning: Hidden ports found:
Port number: UDP:68
|
I'm not sure what to make of it. How can I find what's using this port, and why isn't rkhunter reporting the binary using it like it did before PORT_PATH_WHITELIST was set? _________________ man cannot be brave without being afraid |
|
Back to top |
|
|
patrix_neo Guru
Joined: 08 Jan 2004 Posts: 520 Location: The Maldives
|
Posted: Wed Oct 22, 2014 8:03 pm Post subject: Re: rkhunter hidden port UDP:68 |
|
|
Seron wrote: | I've used dhcpcd for some time and have PORT_PATH_WHITELIST=/sbin/dhcpcd:UDP:68 set in /etc/rkhunter.conf so rkhunter doesn't report it as a hidden port, or so it has been until recently. I now have rkhunter report hidden port 68 without any particular binary path attached to it.
Code: | # rkhunter --check --report-warnings-only
Warning: Hidden ports found:
Port number: UDP:68
|
I'm not sure what to make of it. How can I find what's using this port, and why isn't rkhunter reporting the binary using it like it did before PORT_PATH_WHITELIST was set? |
You might have netstat installed. This app can display processes using certain ports. I usually use netstat -tulpn for such occasions. ( -tulipan - a memory mind game )
patrix_neo's processes using ports wrote: |
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2540/master
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 4943/mysqld
tcp6 0 0 :::443 :::* LISTEN 1339/apache2
tcp6 0 0 :::80 :::* LISTEN 1339/apache2
udp 0 0 0.0.0.0:68 0.0.0.0:* 2059/dhcpcd
udp 0 0 0.0.0.0:514 0.0.0.0:* 2241/syslog-ng
|
|
|
Back to top |
|
|
|