Bug#890635: chkrootkit: Errors when trying to exclude known false positives
Lorenzo "Palinuro" Faletra
palinuro at parrotsec.org
Sun Feb 18 15:21:59 UTC 2018
On 02/18/2018 03:10 PM, Lorenzo "Palinuro" Faletra wrote:
> On 02/17/2018 02:35 AM, Maxim Biro wrote:
> Package: chkrootkit
> Version: 0.50-4+b2
> Severity: important
>
> Dear Maintainer,
>
> I have installed both fail2ban and chkrootkit on Debian Stretch. It is not the
> system I'm writing this report from. When running chkrootkit, it complains
> about hidden files from fail2ban:
>
>
> The issue seems to be that chkrootkit doesn't parse its arguments correctly or
> it has a limit on how long the -e argument can be. In fact, if you remove
> several file paths from either the beginning or the end of the -e argument,
> chkrootkit works as intended and lists just the removed file paths as false
> positives. Ideally users should be able to specify any number of file paths to
> be excluded.
Sorry, in my previous message i have misunderstood the real problem (i
was on my mobile phone).
I did a test on my computer (debian buster testing) and i was able to
put a string of 20722 characters in the exclusion list (-e) and have all
the files blacklisted properly.
Don't forget that stretch includes chkrootkit 0.50, while buster
provides the 0.52 version which worked properly for me.
Try the 0.52 version from buster and let me know if it works for you.
More information about the Pkg-security-team
mailing list