Servers are FreeBSD 9.0 and and 9.1 with rkhunter installed. Rkhunter is throwing up a warning:
So netstat is showing an open port of 889 which sockstat is not showing. I tracked this port down to NFS but regardless the sockstat/netstat port difference is causing a daily warning email which is annoying.
I see others had this problem but I was unable to find a solution:
http://forums.freebsd.org/showthread.php?t=19890
I don't want to disable rkhunter's check to make this warning go away and am hoping someone has solved this before
Code:
[04:01:22] Info: Starting test name 'os_specific'
[04:01:22] Performing FreeBSD specific checks
[04:01:22] Checking sockstat and netstat commands [ Warning ]
[04:01:22] Warning: Differences found between sockstat and netstat output:
[04:01:22] Sockstat output (ports in use): 1018 111 123 2049 21 25 50012 514 670 848
[04:01:22] Netstat output (ports in use): 1018 111 123 2049 21 25 50012 514 670 848 889So netstat is showing an open port of 889 which sockstat is not showing. I tracked this port down to NFS but regardless the sockstat/netstat port difference is causing a daily warning email which is annoying.
I see others had this problem but I was unable to find a solution:
http://forums.freebsd.org/showthread.php?t=19890
I don't want to disable rkhunter's check to make this warning go away and am hoping someone has solved this before