Your message dated Sat, 27 Dec 2008 22:36:10 +0100
with message-id <[email protected]>
and subject line Re: the chkrootkit package should provide a means to eliminate 
false positives, with other packages
has caused the Debian Bug report #498072,
regarding the chkrootkit package should provide a means to eliminate false 
positives with other packages
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
498072: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498072
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: chkrootkit
Version: 0.48-5
Severity: wishlist


I suggest:

Install a standard directory like
/usr/share/chkrootkit/files-excluded/.  Any files in that directory
would contain names of files which should be excluded from chkrootkit
reports.  These would be in addition to any files named with "-e"
options.  Likewise for /usr/share/chkrootkit/dirs-excluded/.  (An
option could be added to ignore those directories.)

Some Debian packages install files that generate false positives.  For
each such package, invite the maintainer to install a file in the
above directory containing the name of the offending file.  For
example, the slice package would install a file
/usr/share/chkrootkit/files-excluded/slice.

Alternatively, any file installed by a Debian package should be
excluded.  The names could be cached by a chkrootkit config script
called in postinst or later.

Preferably, check the md5sum of any excluded file from a Debian package.

Ideally, filenames should be null separated.

                - Jim Van Zandt


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'oldstable'), (500, 'testing'), (500, 
'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.25 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages chkrootkit depends on:
ii  binutils            2.18.1~cvs20080103-7 The GNU assembler, linker and bina
ii  debconf [debconf-2. 1.5.23               Debian configuration management sy
ii  libc6               2.7-13               GNU C Library: Shared libraries
ii  net-tools           1.60-19              The NET-3 networking toolkit
ii  procps              1:3.2.7-9            /proc file system utilities

chkrootkit recommends no packages.

chkrootkit suggests no packages.

-- debconf information excluded



--- End Message ---
--- Begin Message ---
Hi,

James R. Van Zandt wrote:
> I suggest:
> 
> Install a standard directory like
> /usr/share/chkrootkit/files-excluded/.  Any files in that directory
> would contain names of files which should be excluded from chkrootkit
> reports.  These would be in addition to any files named with "-e"
> options.  Likewise for /usr/share/chkrootkit/dirs-excluded/.  (An
> option could be added to ignore those directories.)

Quoting upstream FAQ[1]:

Ignoring some files and dirs could impair chkrootkit's accuracy. An attacker
might use this, since he knows that chkrootkit will ignore certain files and 
dirs.
Closing this bug.

[1]http://www.chkrootkit.org/faq/#8

Cheers,
Giuseppe.

Attachment: signature.asc
Description: OpenPGP digital signature


--- End Message ---

Reply via email to