Bug#548582: chkrootkit: patch to improve the exclude feature (and make it quiet in case uf only excluded files were found)

Mon, 08 Feb 2010 06:21:18 -0800 

Package: chkrootkit
Version: 0.48-8
Followup-For: Bug #548582

the attached patch improves the excluded files handling and fixes the
issue for me

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.25.10-grsec (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages chkrootkit depends on:
ii  binutils            2.18.1~cvs20080103-7 The GNU assembler, linker and bina
ii  debconf [debconf-2. 1.5.24               Debian configuration management sy
ii  libc6               2.7-18lenny2         GNU C Library: Shared libraries
ii  net-tools           1.60-22              The NET-3 networking toolkit
ii  procps              1:3.2.7-11           /proc file system utilities

chkrootkit recommends no packages.

chkrootkit suggests no packages.

-- debconf information:
* chkrootkit/run_daily_opts: -q
* chkrootkit/run_daily: true
* chkrootkit/diff_mode: false

--- /root/chkrootkit.orig       2010-02-06 15:57:55.438505179 +0100
+++ /usr/sbin/chkrootkit        2010-02-06 16:29:50.250504495 +0100
@@ -730,6 +730,25 @@
 
    files=`${find} ${DIR} -name ".[A-Za-z]*" -o -name "...*" -o -name ".. *"`
    dirs=`${find} ${DIR} -type d -name ".*"`
+
+   # filter excludes
+   if [ -n "${EXCLUDES}" ]; then
+      for name in $files; do
+         for exclude in $EXCLUDES; do
+            if [ $name = $exclude ]; then
+               files="$(echo "$files"|grep -Ev "^$name\$")"
+           fi
+         done
+      done
+      for name in $dirs; do
+         for exclude in $EXCLUDES; do
+            if [ $name = $exclude ]; then
+               dirs="$(echo "$dirs"|grep -Ev "^$name\$")"
+           fi
+         done
+      done
+   fi
+
    if [ "${files}" = "" -a "${dirs}" = "" ]
       then
       if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
@@ -738,24 +757,8 @@
           printn "The following suspicious files and directories were found:"
       fi
       echo
-
-       if [ -n "${EXCLUDES}" ]; then
-           for name in $files; do
-             for exclude in $EXCLUDES; do
-                   if [ $name = $exclude ]; then continue 2; fi
-               done
-               echo $name
-           done
-           for name in $dirs; do
-             for exclude in $EXCLUDES; do
-                   if [ $name = $exclude ]; then continue 2; fi
-               done
-               echo $name
-           done
-       else
-           echo ${files}
-           echo ${dirs}
-       fi
+      echo ${files}
+      echo ${dirs}
    fi
 
    ### LPD Worm

Reply via email to