On 3/18/2014 11:14 AM, Viktor Dukhovni wrote: > On Tue, Mar 18, 2014 at 11:09:44AM -0400, Ben Johnson wrote: > >> A daily rkhunter scan produced the following warning, which >> mentions Postfix. Is this a false-positive? > > What is the anonymous port range on this system? Does proxymap > perform LDAP, MySQL or other lookups making client TCP connections? > Add 2+2 to get 4. >
Thanks, Viktor and li...@rhsoft.net. Ephemeral port range is 32768 to 61000. And yes, proxymap performs MySQL lookups via TCP. So, I guess this is no cause for concern. Just surprised that I haven't seem it before. Perhaps there is a marginal chance of this occurring, because this pseudo-randomly-selected port would have to be in use during the 50-something-second window during which rkhunter is scanning on any given day. (Right?) Thanks for allaying my concerns. :) Cheers, -Ben
