Bug#890635: chkrootkit: Errors when trying to exclude known false positives
Marcos Fouces
marcos.fouces at gmail.com
Sun Feb 18 20:42:16 UTC 2018
Hello Lorenzo and Maxim,
It also works fine with me.
Maxim, could you please try 0.52 release and see if it works fine?
Greetings,
Marcos
> On 02/18/2018 03:10 PM, Lorenzo "Palinuro" Faletra wrote:
>> On 02/17/2018 02:35 AM, Maxim Biro wrote:
>> Package: chkrootkit
>> Version: 0.50-4+b2
>> Severity: important
>>
>> Dear Maintainer,
>>
>> I have installed both fail2ban and chkrootkit on Debian Stretch. It is not the
>> system I'm writing this report from. When running chkrootkit, it complains
>> about hidden files from fail2ban:
>>
>>
>> The issue seems to be that chkrootkit doesn't parse its arguments correctly or
>> it has a limit on how long the -e argument can be. In fact, if you remove
>> several file paths from either the beginning or the end of the -e argument,
>> chkrootkit works as intended and lists just the removed file paths as false
>> positives. Ideally users should be able to specify any number of file paths to
>> be excluded.
> Sorry, in my previous message i have misunderstood the real problem (i
> was on my mobile phone).
>
> I did a test on my computer (debian buster testing) and i was able to
> put a string of 20722 characters in the exclusion list (-e) and have all
> the files blacklisted properly.
>
> Don't forget that stretch includes chkrootkit 0.50, while buster
> provides the 0.52 version which worked properly for me.
>
> Try the 0.52 version from buster and let me know if it works for you.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20180218/db021523/attachment-0001.html>
More information about the Pkg-security-team
mailing list