Re: NFS creates hidden port

To: debian-user@lists.debian.org
Subject: Re: NFS creates hidden port
From: Rob van der Putten <rob@sput.nl>
Date: Tue, 22 Aug 2017 17:12:21 +0200
Message-id: <[🔎] onhhke$mkq$1@blaine.gmane.org>
In-reply-to: <[🔎] 23007758717266593503@scdbackup.webframe.org>
References: <[🔎] onh591$is1$1@blaine.gmane.org> <[🔎] 23007758717266593503@scdbackup.webframe.org>

Hi there


On 22/08/17 15:23, Thomas Schmitt wrote:

It seems that it was fixed or suppressed intermediately.
The newer post says "It's back!".

I already stated my enthusiasm on occasion of your post about DVD ejecting.
It is discouraging to get ignored after having invested substantial
effort in diagnosing or at least reliably reproducing a kernel problem.


Well, complaining is futile. Try to work around in user space.
E.g. try to patch unhide-tcp so that it reads the NFS port number from
a file which you create before the Rkhunter run.

You could let function checkoneport() return "ok" if "port" is the
registered NFS zombie. This would be done before the function runs
netstat by
    if (NULL != (fich_tmp=popen (command, "r")))
in
   https://sources.debian.net/src/unhide/20130526-1/unhide-tcp.c/#L190

I would have to find out when NFS does a callback an then dump the localport into a file.



Regards,
Rob

Reply to:

Follow-Ups:
- Re: NFS creates hidden port
  - From: "Thomas Schmitt" <scdbackup@gmx.net>

References:
- Re: NFS creates hidden port
  - From: Rob van der Putten <rob@sput.nl>
- Re: NFS creates hidden port
  - From: "Thomas Schmitt" <scdbackup@gmx.net>

Prev by Date: Re: No ifconfig
Next by Date: Re: No ifconfig
Previous by thread: Re: NFS creates hidden port
Next by thread: Re: NFS creates hidden port
Index(es):
- Date
- Thread