chkrootkit

cron.daily/chkrootkit log filtering needs to include current names for dhcpcd and dhclient binaries

Bug #1303893 reported by Nathan Stratton Treadway on 2014-04-07

This bug affects 1 person

Affects		Status	Importance	Assigned to
	chkrootkit	Fix Released	Unknown	debbugs #600109
	chkrootkit (Ubuntu)	Fix Released	Low	Unassigned
Nominated for Bionic by Andreas Hasenack

Bug Description

the cron.daily/chkrootkit script's current logic for simplifying the PACKET SNIFFER lines for dhclient and dhcpcd processes needs to be updated to include the names of current versions of those binaries.

Tags:

Revision history for this message

Nathan Stratton Treadway (nathanst) wrote on 2014-04-07:

We have found that chkrootkit now complains after each reboot, with a message similar to:
-eth0: PACKET SNIFFER(/sbin/dhclient[895])
+eth0: PACKET SNIFFER(/sbin/dhclient[888])
---[ END: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---

Looking at /etc/cron.daily/chkrootkit, I noticed that there is logic that attempts to avoid such warnings:
     # the sed expression replaces the messages about /sbin/dhclient3 /usr/sbin/dhcpd3
     # with a message that is the same whatever order eth0 and eth1 were scanned
     sed -r -e 's,eth(0|1)(:[0-9])?: PACKET SNIFFER$(/sbin/dhclient3|/usr/sbin/dhcpd3)\[[0-9]+\]$,eth\[0|1\]: PACKET SNIFFER$[dhclient3|dhcpd3]{PID}$,' \
                                -e 's/(! \w+\s+)[ 0-9]{4}[0-9]/\1#####/' $LOG_DIR/log.today.raw > $LOG_DIR/log.today

... but this no longer works as expected, since the exact name of the "dhclient' binary has changed.

Bug Watch Updater (bug-watch-updater) on 2014-04-07

Changed in chkrootkit:
status:	Unknown → New

Bug Watch Updater (bug-watch-updater) on 2017-09-22

Changed in chkrootkit:
status:	New → Fix Committed

Bug Watch Updater (bug-watch-updater) on 2018-04-20

Changed in chkrootkit:
status:	Fix Committed → Fix Released

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2018-04-24:

Note: Will be picked up by auto-syncing packages once 18.04 is fully released and the freeze lifted

Andreas Hasenack (ahasenack) on 2018-04-30

Changed in chkrootkit (Ubuntu):
status:	New → Triaged
importance:	Undecided → Low
tags:	added: server-next

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2018-07-02:

This is fixed in Cosmic, which now has 0.52-2

Changed in chkrootkit (Ubuntu):
status:	Triaged → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #600109
[done normal] Edit

Bug watches keep track of this bug in other bug trackers.