Your message dated Tue, 06 Oct 2020 21:48:29 +0000
with message-id <[email protected]>
and subject line Bug#580491: fixed in chkrootkit 0.53-2
has caused the Debian Bug report #580491,
regarding chkrootkit: 1)with nfs mounted the silent don't work 2)can't exclude
legacy sniffer (dhcpd, snort, ntop etc)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
580491: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580491
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: chkrootkit
Version: 0.48-8
Severity: important
Tags: patch
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30.3service
Locale: LANG=it_IT@euro, LC_CTYPE=it_IT@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages chkrootkit depends on:
ii binutils 2.18.1~cvs20080103-7 The GNU assembler, linker and bina
ii debconf [debconf-2. 1.5.24 Debian configuration management sy
ii libc6 2.7-18lenny2 GNU C Library: Shared libraries
ii net-tools 1.60-22 The NET-3 networking toolkit
ii procps 1:3.2.7-11 /proc file system utilities
chkrootkit recommends no packages.
chkrootkit suggests no packages.
-- debconf information:
* chkrootkit/run_daily: true
* chkrootkit/run_daily_opts: -q -n
* chkrootkit/diff_mode: false
Ciao Giuseppe,
Two problem :
1) With some nfs mounted, every day the chkrootkit send a messages with the
mounted directory. Also putting this dir in -e don't work
2) Every day chkrootkit send me a messages with some legacy sniffer and
in the current version i can't exclude this daemon (ex. dhcpd3, ntop,
snort etc). For this problem i've created a new exclusion switch (-s for
"sniffer") and i this is the best syntax to put in the RUN_DAILY_OPTS
sample with one sniffer to exclude :
-s '(\/usr\/sbin\/ntop\[[:0-9]+\])'"
sample with two sniffer to exclude :
-s '(\/usr\/sbin\/ntop\[[:0-9]+\], \/usr\/sbin\/snort\[[:0-9]+\])'
i suggest to capture the last report from chkrootkit for settings your
rules
I've solved the two problem with the attached the patch
bye
--- chkrootkit.ori 2008-11-27 08:10:54.000000000 +0100
+++ chkrootkit 2010-05-06 12:07:27.000000000 +0200
@@ -177,7 +177,15 @@
echo "not tested: can't exec ./ifpromisc"
return ${NOT_TESTED}
else
- [ "${QUIET}" != "t" ] && ./ifpromisc -v || ./ifpromisc -q
+# [ "${QUIET}" != "t" ] && ./ifpromisc -v || ./ifpromisc -q
+ outmsg=`[ "${QUIET}" != "t" ] && ./ifpromisc -v || ./ifpromisc -q`
+ [ "$EXCLUDES_SNIF" ] && {
+ for exclude in $EXCLUDES_SNIF
+ do
+ outmsg=`echo $outmsg | egrep -v $exclude`
+ done
+ }
+ echo $outmsg
fi
}
@@ -734,28 +742,26 @@
then
if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
else
- if [ "${QUIET}" = "t" ]; then
- printn "The following suspicious files and directories were found:"
- fi
- echo
-
+ outmsg=""
if [ -n "${EXCLUDES}" ]; then
for name in $files; do
for exclude in $EXCLUDES; do
if [ $name = $exclude ]; then continue 2; fi
done
- echo $name
+ outmsg="$outmsg$name\n"
done
for name in $dirs; do
for exclude in $EXCLUDES; do
if [ $name = $exclude ]; then continue 2; fi
done
- echo $name
+ outmsg="$outmsg$name\n"
done
else
- echo ${files}
- echo ${dirs}
+ outmsg="${files}\n${dirs}"
fi
+ if [ "${QUIET}" = "t" -a "$outmsg" ]; then
+ echo -e "The following suspicious files and directories were
found:\n\n $outmsg"
+ fi
fi
### LPD Worm
@@ -1227,10 +1233,12 @@
findargs=""
if find /etc -maxdepth 0 >/dev/null 2>&1; then
find /etc ! -fstype nfs -maxdepth 0 >/dev/null 2>&1 && \
- findargs=" -fstype nfs -prune -o "
+ findargs=" -fstype nfs -prune "
+# findargs=" -fstype nfs -prune -o "
elif find /etc -prune > /dev/null 2>&1; then
find /etc ! -fstype nfs -prune > /dev/null 2>&1 && \
- findargs=" -fstype nfs -prune -o "
+ findargs=" -fstype nfs -prune "
+# findargs=" -fstype nfs -prune -o "
fi
}
@@ -2647,6 +2655,9 @@
-e) shift
EXCLUDES="$1 $EXCLUDES";;
+ -s) shift
+ EXCLUDES_SNIF="$1 $EXCLUDES_SNIF";;
+
-q) QUIET=t
QUIET_ARG="-q"
;;
@@ -2669,6 +2680,8 @@
-x expert mode
-e exclude known false positive files/dirs, quoted,
space separated, READ WARNING IN README
+ -s exclude known false positive sniffer (dhcpd, ntop
etc)
+ quoted, space separated
-r dir use dir as the root directory
-p dir1:dir2:dirN path for the external commands used by chkrootkit
-n skip NFS mounted dirs"
--- End Message ---
--- Begin Message ---
Source: chkrootkit
Source-Version: 0.53-2
Done: Marcos Fouces <[email protected]>
We believe that the bug you reported is fixed in the latest version of
chkrootkit, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Marcos Fouces <[email protected]> (supplier of updated chkrootkit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 06 Oct 2020 23:08:55 +0200
Source: chkrootkit
Architecture: source
Version: 0.53-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Security Tools <[email protected]>
Changed-By: Marcos Fouces <[email protected]>
Closes: 535942 548582 580491 586897 901557 919911 934486 943727
Changes:
chkrootkit (0.53-2) unstable; urgency=medium
.
[ Debian Janitor ]
* Fix day-of-week for changelog entries 0.31-2.
.
[ Marcos Fouces ]
* Change section of binary manpages from 1 to 8 as they are
administrator tools.
* Bump to Standards-Version: 4.5.0 (no changes required).
* Add Rules-Requires-Root: no in d/control.
* d/chkrootkit.cron.daily:
~ Remove outdated sed filtering based on old network
interface name scheme.
~ Rename properly.
~ Redirect poperly chkrootkit stderr. (Closes: #934486).
~ Set exit status always to zero using " || true". (Closes: #943727)
* d/chkrootkit.8:
~ Update and improve man page.
* d/patches:
~ Add 25_fix-nfs-legacy-snifers.patch. (Closes: #580491, #548582, #919911).
~ Add 26_improve-info-help-display.patch. Add more info on "-e"
and "-s" options (Closes: #586897).
~ Add 27_fix-race-condition-ps-proc.patch (Closes: #535942).
~ Fix 17_Suckitfalse.patch for non-systemd init systems. (Closes: #901557).
~ Refresh patches.
* Update uploader email to @debian.org
.
[ Christian Göttsche ]
* Improve 27_fix-race-condition-ps-proc.patch
* Add patches handling compiler and static analyzer issues
* Add some default compiler warnings
* Bump to debhelper compat level 13
Checksums-Sha1:
589a310c60f20487ecd202c915ed2a130bdbc3c6 1934 chkrootkit_0.53-2.dsc
64e5d25d5be42188fbdd7299006de510623345c3 44212 chkrootkit_0.53-2.debian.tar.xz
3f58cd89000478e529450ebc44de78bfd965ba14 5501
chkrootkit_0.53-2_source.buildinfo
Checksums-Sha256:
cc72bb1e2400662a727c8f3158a7a80cb7064a44951188e3574e027c7f0b5395 1934
chkrootkit_0.53-2.dsc
1b14a7e6f07d5649a5eb67ab7ed2b832172d62ec3241165f7d1a3ca236912cc5 44212
chkrootkit_0.53-2.debian.tar.xz
b20b9dbb3eb87207e0728e908ec72cb49b59292c0d3f8d96b584dc5e63924b02 5501
chkrootkit_0.53-2_source.buildinfo
Files:
ec1453df5e7b0cb87bd8731346400c10 1934 misc optional chkrootkit_0.53-2.dsc
24c2a57682208fd5627562e12b23662e 44212 misc optional
chkrootkit_0.53-2.debian.tar.xz
68dd5ec57f7b5cf56785d781a8f3a2ac 5501 misc optional
chkrootkit_0.53-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfLiv/VYDL+NaNH0uasy9D6O3RHwFAl983xEACgkQasy9D6O3
RHxFBhAAkJcOqlKsRsssgetqLxSKgEn7SbXTJE6DDKJ7fB67pyidgxX+1vzGcNdh
HooVGkg/mV86GjnqaChShv+yBDrKcE0BU+0BpfAFs9vRchbSTY7qGehtrZRX71QX
p9yvGEWJHJKwHCjY7buAatRlJMioGAqbgCbuQpwV2WNd4i0kpd5nOBvYRa/MVz+g
ViWmpeH2/REfhjrpOePu9pC/OG2n3oxKEkKOtDvHUBv5hgehXM3KzCepBChC1isc
kM2jEjzKZPhUvaECSK7edsOaLqqcHisdH2xvSf11enZNu4mNK4QWO65a2M7jhIh4
YN0qIAf8Zyumg7a8ocolPjaVzrIiVPqYYSQNOnBBWzrRfhPpObAvd+AOKTFkvOOZ
csVBEGm0/iGXU9hcrLjkSPLZxKZ2FKvJF8rx/srasNtiML6UzlVA4jt24VOXTK/8
wOgT/C8+zQrIR7Qyq3ijyWmWZh8WE4Ej3VTC7vR/6OCw6QkJbDME1IFxBTfDk18J
WxleR0ZxrAzxlPkyZX1FnQYfJ9GdcWhRYQ8CR35nMmW7HxskQ9iKO00DVMdiYTbp
zSjViStvctqyJuPmofWyZIhe6G7KF23SB96S2jpm/ZQ+kK2v7/oE8CnGVVDNvuLl
koyjq61eZe2sLS4mvRAq8oyP9loVAEVnYb5YTDk5lKh093EYK04=
=4Wkx
-----END PGP SIGNATURE-----
--- End Message ---
