Package: tiger Version: 1:3.2.1-29 Severity: normal
When lsof is not installed and tiger falls back on netstat for check_listeningprocesses then a false positive (or disturbing log line) can be generated when there is a udp6 process. e.g. -=- # Checking listening processes OLD: --WARN-- [lin003w] The process `' is listening on socket (udp6 on interface) is run by 8671514. -=- the empty `' process name and non existant user id can look pretty scary. In fact tiger is failing to parse the output of the command netstat -lpeutw --numeric-hosts --numeric-ports which, among other things on my system produces a single udp6 line: udp6 0 0 :::123 :::* root 12850 5870/ntpd that causes the parsing error above. The script seems to check for "tcp" and "udp" and so doesn't see "udp6" correctly. Workaround: install lsof, which then causes everything to report correctly. CT. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages tiger depends on: ii binutils 2.16.1cvs20060413-1 The GNU assembler, linker and bina ii coreutils [fileutils 5.94-1 The GNU core utilities ii debconf [debconf-2.0 1.5.1 Debian configuration management sy ii diff 2.8.1-11 File comparison utilities ii fileutils 5.94-1 The GNU file management utilities ii libc6 2.3.6-13 GNU C Library: Shared libraries ii net-tools 1.60-17 The NET-3 networking toolkit ii shellutils 5.94-1 The GNU shell programming utilitie ii textutils 5.94-1 The GNU text file processing utili Versions of packages tiger recommends: ii chkrootkit 0.46a-3 Checks for signs of rootkits on th ii exim4-daemon-heavy [mail-tran 4.62-1 exim MTA (v4) daemon with extended ii john 1.6-40 active password cracking tool -- debconf information: * tiger/mail_rcpt: root tiger/remove_mess: true * tiger/policy_adapt: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
