On Sat, 2010-01-02 at 08:00 +0100, Jens Schuessler wrote:
>
> So I looked at /usr/bin/rkhunter what these suspicious files could be and
> tested it on my machine with
>
> r...@algol:~# lsof -wnlP -F n| grep '^n/' | sed -e 's/^n//' | sort | uniq
> | grep "${SUSP_FILES}"
>
No, that is not the correct test. The grep test is preceded by a '/',
and has the '$' anchor. So your test should more be like:
... | grep -E "/($SUSP_FILES)\$"
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
