Peter M. Abraham wrote: > Greetings Steve: > > I finally got around to installing the latest nmap and checking nmap. > > PORT STATE SERVICE VERSION > 21/tcp open ftp ProFTPD 1.3.0a > 22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0) > 25/tcp open smtp qmail smtpd > 53/tcp open domain > 80/tcp open http Apache httpd > 110/tcp open pop3 qmail pop3d > 143/tcp open imap Courier Imapd (released 2005) > 443/tcp open http Apache httpd > 587/tcp open smtp qmail smtpd > 953/tcp open rndc? > 3306/tcp open mysql MySQL 5.0.45-community-log > 5001/tcp open apc-agent APC PowerChute agent > 5432/tcp open postgresql PostgreSQL DB > 8009/tcp open ajp13? > 8080/tcp open http Apache httpd > 8443/tcp open http Apache httpd > > Yet, ossec-rootcheck shows > > [FAILED]: Port '40773'(tcp) hidden. Kernel-level rootkit or trojaned > version of netstat. > > Thank you. >
What were the arguments you passed to nmap? The default port range for nmap is 1-1024 and any additional ports defined by the nmap services file. This could be one reason why nmap only shows those ports open yet ossec reports a higher port in use. -- -dave
