Package: chkrootkit
Version: 0.49-4.1
Severity: normal
Dear Maintainer,
Since a couple of days chkrootkit reports the following problem in its e-mail
message:
/etc/cron.daily/chkrootkit:
ERROR: chkrootkit output was not as expected.
The difference is:
---[ BEGIN: diff -u /var/log/chkrootkit/log.expected
+/var/log/chkrootkit/log.today ] ---
--- /var/log/chkrootkit/log.expected 2012-05-24 08:39:08.000000000 +0200
+++ /var/log/chkrootkit/log.today 2012-06-13 07:35:13.000000000 +0200
@@ -4,4 +4,4 @@
The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
-! root ##### tty7 /usr/bin/X :0 vt7 -nolisten tcp -auth
+/var/lib/xdm/authdir/authfiles/A:0-5iDcpG
+! root ##### tty7 /usr/bin/X :0 vt7 -nolisten tcp -auth
+/var/lib/xdm/authdir/authfiles/A:0-CdMT49
---[ END: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today
+] ---
To update the expected output, run (as root)
# cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
According to a google search the problem apppears to have occurred in the past
as well, so maybe this is a old bug popping up again. I ran
chkrootkit -e /usr/bin/X
which doesn't solve the problem.
Maybe I overlooked something? I couldn't find a suggestion about how to prevent
the problem in chkroot's docs in /usr/share/doc/chkrootkit.
Cheers,
Frank Brokken.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=POSIX (charmap=ANSI_X3.4-1968) (ignored: LC_ALL
set to POSIX)
Shell: /bin/sh linked to /bin/dash
Versions of packages chkrootkit depends on:
ii binutils 2.22-6.1
ii debconf [debconf-2.0] 1.5.43
ii libc6 2.13-33
ii net-tools 1.60-24.1
ii procps 1:3.3.2-3
chkrootkit recommends no packages.
chkrootkit suggests no packages.
-- debconf information:
chkrootkit/run_daily_opts: -q
chkrootkit/run_daily: false
chkrootkit/diff_mode: false
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]