Package: rkhunter
Version: 1.3.6-4
Severity: wishlist
This paticular error message is not helpfull on a system with multiple servers
active, and is hard to whitelist.
In asmuch as when tcpd is started from initd, its behavior and security
implications can vary widely. we should as a special case when observing tcpd
in inetd and friends configuration file look at what service is actualy started
and respond as needed from there. We may want seperate whitelists for services
that are wraped from unwraped. See example lines below, good and bad:
9572 stream tcp nowait nobody /usr/sbin/tcpd /usr/sbin/nbdswapd
9573 stream tcp nowait nobody /usr/sbin/tcpd /usr/bin/perl -pe
BEGIN{$|=1}eval($_)
_______________________________________________
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
