false positive on tcpd

Thanks for reporting this. Confirmed in disco (upcoming 19.04) too.

Here's a patch to fix this in the package. It's based on the solution from https://www.linuxquestions.org/questions/linux-security-4/chkrootkit-tcpd-521683/page2.html#post5788733

I also added a fixed package for 18.04 in my PPA: https://launchpad.net/~fmarier/+archive/ubuntu/ppa

The attachment "24_fix_chktcpd.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

This bug also exists in Disco and Cosmic. Nominating for all three series and adding tags accordingly. I will test if this is in Xenial as soon as I finish prepping my Xenial test VM.

(To help the Server Team with this, I'll grab this one and help prep the upload for Disco with a fix, but also help prep SRUs for Cosmic and Bionic)

Note that testing this in Xenial, I don't see this affecting Xenial 16.04. This seems to be something for Bionic, Cosmic, and Disco only.

Attached is the debdiff of the packaging changes that will fix this issue and apply the patch for Disco.

Note that the patch's number was renamed to 26 because we have other patches since the patch was suggested imported due to Debian syncs; this is reflected in the corresponding debdiffs.

Note that I do not have upload access for chkrootkit at this time, as such I am subscribing ubuntu-sponsors to this bug. Once the Disco patch is applied, I will provide additional debdiffs addressing this in Cosmic and Bionic.

Package builds of these changes are present in https://launchpad.net/~teward/+archive/ubuntu/packages/+packages with slightly different version strings for Disco, but are there nonetheless present for testing.

At Robie Basak's suggest, I am also uploading the Bionic and Cosmic debdiffs as well.

Bionic debdiff

Cosmic debdiff

I emailed upstream about this and they indicated that this issue is fixed in a future release of chkrootkit. This release does not have a timeline though, so I do not know when exactly this will land upstream.

Updated cosmic patch due to duplicate patch being included in d/patches.

Uploaded to Bionic, Cosmic and Disco. Thanks!

SRUs now awaiting SRU team review (I can't now do it because I sponsored).

This bug was fixed in the package chkrootkit - 0.52-2ubuntu1

---------------
chkrootkit (0.52-2ubuntu1) disco; urgency=medium

  * d/patches/26_fix_chktcpd.patch: Apply patch to fix tcpd false-positive
    detections. (LP: #1808882)
    Thanks to Francois Marier for the patch.

 -- Thomas Ward <email address hidden> Tue, 29 Jan 2019 16:32:49 -0500

Hello Ryan, or anyone else affected,

Accepted chkrootkit into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/chkrootkit/0.52-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Retested in Bionic and Cosmic, and the fix works. Note that the Cosmic request for testing never was added here; I've added the tags accordingly.

This bug was fixed in the package chkrootkit - 0.52-2ubuntu0.18.10.1

---------------
chkrootkit (0.52-2ubuntu0.18.10.1) cosmic; urgency=medium

  * d/patches/26_fix_chktcpd.patch: Apply patch to fix tcpd false-positive
    detections. (LP: #1808882)
    Thanks fo Francois Marier for the patch.

 -- Thomas Ward <email address hidden> Tue, 29 Jan 2019 16:34:15 -0500

The verification of the Stable Release Update for chkrootkit has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package chkrootkit - 0.52-1ubuntu0.1

---------------
chkrootkit (0.52-1ubuntu0.1) bionic; urgency=medium

  * d/patches/24_fix_chktcpd.patch: Apply patch to fix tcpd false-positive
    detections. (LP: #1808882)
    Thanks to Francois Marier for the patch.

 -- Thomas Ward <email address hidden> Tue, 29 Jan 2019 16:35:21 -0500