[ossec-list] how to change linux command netstat to ss while rootcheck the ports

Sean Lin Wed, 17 Sep 2014 22:12:30 -0700

while the *netstat *use more cpu and time, change the code belows:

ossec-hids-2.7/src/rootcheck/check_rc_ports.c
...
#elif defined(Linux)
#define NETSTAT_LIST "*ss *-na%s | grep -v \"[s:]:\" |cut -d ':' -f 2 | cut 
-d ' ' -f 1"
#define NETSTAT "*ss *-na%s | grep \"[^0-9]%d \" > /dev/null 2>&1"
#endif


#ifndef NETSTAT
#define NETSTAT "*ss *-na%s | grep \"[^0-9]%d \" > /dev/null 2>&1"

...
int run_netstat(int proto, int port)
{
    int ret;
    char nt[OS_SIZE_1024 +1];

    if(proto == IPPROTO_TCP)
        snprintf(nt, OS_SIZE_1024, NETSTAT, "*t*", port);
    else if(proto == IPPROTO_UDP)
        snprintf(nt, OS_SIZE_1024, NETSTAT, "*u*", port);



anywhere else need to be modified?

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] how to change linux command netstat to ss while rootcheck the ports

Reply via email to