chkrootkit daily report accuses PACKET SNIFFER for /usr/sbin/dhcpd3
Bug #602734 reported by
Christian Reis
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chkrootkit |
Fix Released
|
Unknown
|
|||
chkrootkit (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: chkrootkit
This seems to be a regression from previous versions. Here's what I am seeing on Lucid:
ii chkrootkit 0.49-3 rootkit detector
kiko@anthem:~$ sudo /usr/lib/
lo: not promisc and no packet sniffer sockets
eth2: not promisc and no packet sniffer sockets
eth1: PACKET SNIFFER(
eth0: not promisc and no packet sniffer sockets
I think dhcpd3 is safe to run, and based on what I've seen in a debian bug report, this has been fixed before. I just wonder if it's regressed or if this is a new problem in old clothing.
Changed in chkrootkit: | |
status: | Unknown → Fix Released |
To post a comment you must log in.
Thanks for reporting this.
The README. FALSE-POSITIVES file does document that dhcp will come up as a false positive.
Although chkrootkit does display dhcpd3, the cron.daily job in the chkrootkit package filters it out before sending the report.
What version were you running before that makes this seem like a regression? What Debian bug report did you see that mentioned this being fixed?