Date: prev next · Thread: first prev next last
2012 Archives by date, by thread · List index

On 08/17/2012 01:27 PM, NoOp wrote:
On 08/17/2012 12:04 AM, Philippe Naudin wrote:
Thanks for your reply. I'm using a rpm ;), it is rkhunter-1.4.0-1.el5.

I'm installing that now on Fedora 17 to test.

Of course I can get rkhunter silent with something like
DISABLE_TESTS="hidden_ports" or ALLOWPROCLISTEN="soffice.bin".
In this case it will not complain about LibreOffice listening on
the network... even when I open a file with some malware inside.

Can you check the output of this command :
lsof -U | grep soffice

With LibreOffice-3.5, I get only one line (/tmp/OSL_PIPE_...), but
with LibreOffice-3.6 I get two more lines, two unix sockets.


$ lsof -U | grep soffice
soffice.b 10636   gg    3u  unix 0x00000000      0t0 3994910 socket
soffice.b 10636   gg    7u  unix 0x00000000      0t0 3994914 socket
soffice.b 10636   gg    9u  unix 0x00000000      0t0 3994918
soffice.b 10636   gg   12u  unix 0x00000000      0t0 3994992 socket
soffice.b 10636   gg   26u  unix 0x00000000      0t0 4004457 socket
soffice.b 10636   gg   28u  unix 0x00000000      0t0 4004462 socket
soffice.b 10636   gg   29u  unix 0x00000000      0t0 4005488 socket
soffice.b 10636   gg   33u  unix 0x00000000      0t0 4005654 socket

$ lsof -U | grep soffice
soffice.b 10807   gg    6u  unix 0x00000000      0t0 4079489 socket
soffice.b 10807   gg   10u  unix 0x00000000      0t0 4079493 socket
soffice.b 10807   gg   13u  unix 0x00000000      0t0 4079497
soffice.b 10807   gg   15u  unix 0x00000000      0t0 4079499 socket
soffice.b 10807   gg   24u  unix 0x00000000      0t0 4079581 socket
soffice.b 10807   gg   26u  unix 0x00000000      0t0 4079663 socket
soffice.b 10807   gg   27u  unix 0x00000000      0t0 4079762 socket
soffice.b 10807   gg   32u  unix 0x00000000      0t0 4079938 socket

And from Fedora 17 (rpm)
$ lsof -U | grep soffice
soffice.b 30094   gg    6u  unix 0xf4440b40      0t0 116738 socket
soffice.b 30094   gg   10u  unix 0xf4441d40      0t0 116742
soffice.b 30094   gg   27u  unix 0xf44406c0      0t0 116776 socket
soffice.b 30094   gg   28u  unix 0xf4441680      0t0 116778 socket
soffice.b 30094   gg   33u  unix 0xdb205680      0t0 116782 socket

$ rkhunter --version
Rootkit Hunter 1.4.0

No warnings regarding anything 'soffice' in the rkhunter logs.

For unsubscribe instructions e-mail to:
Posting guidelines + more:
List archive:
All messages sent to this list will be publicly archived and cannot be deleted


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.