We have found that chkrootkit now complains after each reboot, with a message
similar to:
-eth0: PACKET SNIFFER(/sbin/dhclient[895])
+eth0: PACKET SNIFFER(/sbin/dhclient[888])
---[ END: diff -u /var/log/chkrootkit/log.expected
/var/log/chkrootkit/log.today ] ---
Looking at /etc/cron.daily/chkrootkit, I noticed that there is logic that
attempts to avoid such warnings:
# the sed expression replaces the messages about /sbin/dhclient3
/usr/sbin/dhcpd3
# with a message that is the same whatever order eth0 and eth1 were scanned
sed -r -e 's,eth(0|1)(:[0-9])?: PACKET
SNIFFER\((/sbin/dhclient3|/usr/sbin/dhcpd3)\[[0-9]+\]\),eth\[0|1\]: PACKET
SNIFFER\([dhclient3|dhcpd3]{PID}\),' \
-e 's/(! \w+\s+)[ 0-9]{4}[0-9]/\1#####/'
$LOG_DIR/log.today.raw > $LOG_DIR/log.today
... but this no longer works as expected, since the exact name of the
"dhclient' binary has changed.
** Bug watch added: Debian Bug tracker #600109
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600109
** Also affects: chkrootkit via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600109
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/1303893
Title:
cron.daily/chkrootkit log filtering needs to include current names for
dhcpcd and dhclient binaries
To manage notifications about this bug go to:
https://bugs.launchpad.net/chkrootkit/+bug/1303893/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
