Ping a Specific Port

Question

Steffen

Asked: 2018-12-06 00:47:50 +0800 CST2018-12-06 00:47:50 +0800 CST 2018-12-06 00:47:50 +0800 CST

rkhunter: whitlist for test 'packet_cap_apps'

772

W have here a CentOS 7 server with rkhunter installed. Since yesterday we get following rkhunter warning:

[01:10:30] Info: Starting test name 'packet_cap_apps'
[01:10:30]   Checking for packet capturing applications      [ Warning ]
[01:10:30] Warning: Process '/usr/sbin/NetworkManager' (PID 4654) is listening on the network.

Is there a way to whitelist /usr/sbin/NetworkManager for the packet_cap_apps test?

2 Answers

Voted

AHT · Answer 1 · 2018-12-06T05:07:08+08:00

Best Answer

AHT

2018-12-06T05:07:08+08:002018-12-06T05:07:08+08:00

In the rkhunter.conf there is an option to disable tests on certain apps with the DISABLE_TESTS parameter where you can add the apps that you don't want to be tested as space separated value. Alternatively you can use SCRIPTWHITELIST option to whitelist /usr/sbin/NetworkManager in case you want to still run tests on packet_cap_apps.

1

mbw · Answer 2 · 2019-02-21T17:47:53+08:00

mbw

2019-02-21T17:47:53+08:002019-02-21T17:47:53+08:00

You'll want to use the ALLOWPROCLISTEN directive instead of SCRIPTWHITELIST:

ALLOWPROCLISTEN=/usr/sbin/NetworkManager

Regards,

Michael

1

rkhunter: whitlist for test 'packet_cap_apps'

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?