Bug#751347: grep: write error
Francois Marier
francois at debian.org
Sat Jul 19 23:22:53 UTC 2014
Adding "set +x" to the top of /usr/bin/rkhunter, here's where that error
comes from:
+ [ -n /usr/bin/lsof ]
+ FOUND=0
+ WHITEPROC=
+ BLACKPROC=
+ /usr/bin/lsof -wnlP +c 0
+ grep (dele
+ head -n 1
grep: write error
+ DELE_FILES=git 4132 1000 2u CHR 136,0 0t0 3 /dev/pts/0 (deleted)
+ [ -n git 4132 1000 2u CHR 136,0 0t0 3 /dev/pts/0 (deleted) ]
+ PIDLIST=
+ get_option 2 multi ALLOWPROCDELFILE
+ OPTTYPE=2
+ OPTMULTI=multi
+ OPTV=ALLOWPROCDELFILE
+ grep -h ^ALLOWPROCDELFILE= /etc/rkhunter.conf /etc/rkhunter.conf.local
It looks like it comes from the optional PROCDEL module (which I have turned
ON). However, if I run the offending command manually:
/usr/bin/lsof -wnlP +c 0 | grep '(dele' | head -n 1
that works just fine.
I don't know what that error even means. There's plenty of free space on all
of my disk partitions.
Francois
--
Francois Marier identi.ca/fmarier
http://fmarier.org twitter.com/fmarier
More information about the forensics-devel
mailing list