Package: chkrootkit
Version: 0.48-8
Followup-For: Bug #549938
About the -e option, the man page for chkrootkit says:
-e Exclude known false positive files/dirs, quoted, space separated.
But, when using space separated filenames in the -e option:
$ cat /etc/chkrootkit.conf
RUN_DAILY="true"
RUN_DAILY_OPTS="-q -e '/lib/init/rw/.ramfs -e /lib/init/rw/.mdadm'"
DIFF_MODE="false"
the cronjob crashes:
# /etc/cron.daily/chkrootkit
/usr/sbin/chkrootkit: `/lib/init/rw/.mdadm'': not a known test
Likewise, when using a quoted single filename in the -e option,
(eg: RUN_DAILY_OPTS="-q -e '/lib/init/rw/.ramfs'"), the chkrootkit
command run by the cron job doesn't whitelist the file (as he's looking
for quotes in the filename).
However, using a -e option for each filename (without quote), the
cronjob proceeds as expected (thanks to #489334):
$ cat /etc/chkrootkit.conf
RUN_DAILY="true"
RUN_DAILY_OPTS="-q -e /lib/init/rw/.ramfs -e /lib/init/rw/.mdadm"
DIFF_MODE="false"
To have chkrootkit behave as described in the man page, we could change
the way the daily cronjob executes chkrootkit, and use 'eval':
--- /etc/cron.daily/chkrootkit.orig 2009-12-18 11:47:34.000000000 +0100
+++ /etc/cron.daily/chkrootkit 2009-12-18 11:47:40.000000000 +0100
@@ -14,13 +14,13 @@
if [ "$RUN_DAILY" = "true" ]; then
if [ "$DIFF_MODE" = "true" ]; then
- $CHKROOTKIT $RUN_DAILY_OPTS > $LOG_DIR/log.new 2>&1
+ eval $CHKROOTKIT $RUN_DAILY_OPTS > $LOG_DIR/log.new 2>&1
if [ ! -f $LOG_DIR/log.old ] \
|| ! diff -q $LOG_DIR/log.old $LOG_DIR/log.new > /dev/null 2>&1;
then
cat $LOG_DIR/log.new
fi
mv $LOG_DIR/log.new $LOG_DIR/log.old
else
- $CHKROOTKIT $RUN_DAILY_OPTS
+ eval $CHKROOTKIT $RUN_DAILY_OPTS
fi
fi
Using this patch, everything's fine when following the behaviour
described in the man page. I may be wrong, but AFAICT, this change
doesn't have any side effect.
Best regards,
Xavier.
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686-bigmem (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages chkrootkit depends on:
ii binutils 2.18.1~cvs20080103-7 The GNU assembler, linker and bina
ii debconf [debconf-2. 1.5.24 Debian configuration management sy
ii libc6 2.7-18 GNU C Library: Shared libraries
ii net-tools 1.60-22 The NET-3 networking toolkit
ii procps 1:3.2.7-11 /proc file system utilities
chkrootkit recommends no packages.
chkrootkit suggests no packages.
-- debconf information:
* chkrootkit/run_daily_opts: -q -e '/lib/init/rw/.ramfs /lib/init/rw/.mdadm'
* chkrootkit/run_daily: true
* chkrootkit/diff_mode: false
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
