Bug#631342: Warning: Found enabled inetd service: /usr/sbin/tcpd
Ben Hildred
ben at appliedplastic.com
Thu Jun 23 00:23:17 UTC 2011
Package: rkhunter
Version: 1.3.6-4
Severity: wishlist
This paticular error message is not helpfull on a system with multiple servers active, and is hard to whitelist.
In asmuch as when tcpd is started from initd, its behavior and security implications can vary widely. we should as a special case when observing tcpd in inetd and friends configuration file look at what service is actualy started and respond as needed from there. We may want seperate whitelists for services that are wraped from unwraped. See example lines below, good and bad:
9572 stream tcp nowait nobody /usr/sbin/tcpd /usr/sbin/nbdswapd
9573 stream tcp nowait nobody /usr/sbin/tcpd /usr/bin/perl -pe BEGIN{$|=1}eval($_)
More information about the forensics-devel
mailing list