while the *netstat *use more cpu and time, change the code belows: ossec-hids-2.7/src/rootcheck/check_rc_ports.c ... #elif defined(Linux) #define NETSTAT_LIST "*ss *-na%s | grep -v \"[s:]:\" |cut -d ':' -f 2 | cut -d ' ' -f 1" #define NETSTAT "*ss *-na%s | grep \"[^0-9]%d \" > /dev/null 2>&1" #endif
#ifndef NETSTAT #define NETSTAT "*ss *-na%s | grep \"[^0-9]%d \" > /dev/null 2>&1" ... int run_netstat(int proto, int port) { int ret; char nt[OS_SIZE_1024 +1]; if(proto == IPPROTO_TCP) snprintf(nt, OS_SIZE_1024, NETSTAT, "*t*", port); else if(proto == IPPROTO_UDP) snprintf(nt, OS_SIZE_1024, NETSTAT, "*u*", port); anywhere else need to be modified? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.