Date: prev next · Thread: first prev next last
2012 Archives by date, by thread · List index

On 08/17/2012 12:04 AM, Philippe Naudin wrote:
Le jeu. 16 août 2012 19:38:31 CEST, NoOp a écrit:

I can't replicate on the deb version with:
Rootkit Hunter version 1.3.8

What version of rkhunter & have you:
 rkhunter --update
to ensure that your rkhunter is up to date?

Version (Build ID: 932b512)

I won't be able to check an rpm version until later - sorry.


Thanks for your reply. I'm using a rpm ;), it is rkhunter-1.4.0-1.el5.

I'm installing that now on Fedora 17 to test.

Of course I can get rkhunter silent with something like
DISABLE_TESTS="hidden_ports" or ALLOWPROCLISTEN="soffice.bin".
In this case it will not complain about LibreOffice listening on
the network... even when I open a file with some malware inside.

Can you check the output of this command :
lsof -U | grep soffice

With LibreOffice-3.5, I get only one line (/tmp/OSL_PIPE_...), but
with LibreOffice-3.6 I get two more lines, two unix sockets.


$ lsof -U | grep soffice
soffice.b 10636   gg    3u  unix 0x00000000      0t0 3994910 socket
soffice.b 10636   gg    7u  unix 0x00000000      0t0 3994914 socket
soffice.b 10636   gg    9u  unix 0x00000000      0t0 3994918
soffice.b 10636   gg   12u  unix 0x00000000      0t0 3994992 socket
soffice.b 10636   gg   26u  unix 0x00000000      0t0 4004457 socket
soffice.b 10636   gg   28u  unix 0x00000000      0t0 4004462 socket
soffice.b 10636   gg   29u  unix 0x00000000      0t0 4005488 socket
soffice.b 10636   gg   33u  unix 0x00000000      0t0 4005654 socket

$ lsof -U | grep soffice
soffice.b 10807   gg    6u  unix 0x00000000      0t0 4079489 socket
soffice.b 10807   gg   10u  unix 0x00000000      0t0 4079493 socket
soffice.b 10807   gg   13u  unix 0x00000000      0t0 4079497
soffice.b 10807   gg   15u  unix 0x00000000      0t0 4079499 socket
soffice.b 10807   gg   24u  unix 0x00000000      0t0 4079581 socket
soffice.b 10807   gg   26u  unix 0x00000000      0t0 4079663 socket
soffice.b 10807   gg   27u  unix 0x00000000      0t0 4079762 socket
soffice.b 10807   gg   32u  unix 0x00000000      0t0 4079938 socket

For unsubscribe instructions e-mail to:
Posting guidelines + more:
List archive:
All messages sent to this list will be publicly archived and cannot be deleted


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.