Re: [Rkhunter-users] rkhunter on AIX
Brought to you by:
dogsbody
Menu
▾
▴
Re: [Rkhunter-users] rkhunter on AIX
|
From: John H. <joh...@pl...> - 2013-11-22 22:00:27
|
On Fri, 2013-11-22 at 14:43 -0600, Josh Peacock wrote:
> I work mostly on AIX servers. I can account for most of the
> differences with whitelists and allows. I am however running into an
> issue with the strings command test. It fails to find any of the test
> strings on AIX.
>
> I end up with the following messages in the log file.
>
> [12:23:54] Warning: Scanning for string /usr/sbin/ntpsx [ Warning
> ]
> String not found in 'strings' command
> [12:23:54] Warning: Scanning for string /usr/sbin/.../bkit-ava
> [ Warning ]
> String not found in 'strings' command
> [12:23:54] Warning: Scanning for string /usr/sbin/.../bkit-d [ Warning
> ]
> String not found in 'strings' command
>
> There are more I just figured you probably didn't need all of them.
>
> I propose a change to the strings_check function.
>
> On line 8603 I would like to see it changed From:
> STRING_SEEN=`echo "${STRING}" | ${STRINGS_CMD} | grep "${STRINGNAME}"
> | tr -d ' '`
>
> To:
> STRING_SEEN=`echo "${STRING}" | ${STRINGS_CMD} -a | grep
> "${STRINGNAME}" | tr -d ' '`
>
> Adding the -a argument works in both AIX and Linux. If that isn't
> satisfactory there should be a check to see if its on aix and the
> command should include the "-a" or "-" as an argument to the strings
> command.
>
Hello,
I see no problem with adding the '-a' option as it seems to be
universally recognised in Linux and UNIX.
I am, however, a bit curious as to why AIX doesn't work with this test.
The test itself is something like: echo "abc" | strings
It should just echo what it is passed (the test being that if it doesn't
then the 'strings' command itself could be corrupt).
John.
--
----------------------------------------------------
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001
|