Package: rkhunter
Version: 1.2.7-15
Severity: normal
Tags: patch
Hi,
the lsof test does not escape dots of filename patterns, which results
in false positives on my system. Attached is a patch that escapes
the dot of filenames for the egrep call. Other special characters than
that are currently not in the filelist, so I didn't handle them.
Regards,
Bastian
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (900, 'unstable'), (800, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13-treasure1
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages rkhunter depends on:
ii debconf [debconf 1.4.58 Debian configuration management sy
ii file 4.15-2 Determines file type using "magic"
ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii wget 1.10.2-1 retrieves files from the web
rkhunter recommends no packages.
-- debconf information:
* rkhunter/cron_daily_run: true
* rkhunter/cron_db_update: false
--- /usr/bin/rkhunter.orig 2005-10-18 15:37:35.351177593 +0200
+++ /usr/bin/rkhunter 2005-10-18 15:38:07.936249318 +0200
@@ -3088,7 +3088,7 @@
SUSP_FILES="backdoor"
# Add more suspicious files to the check
for I in ${SUSP_FILES_INFO}; do
- FILENAME=`echo ${I} | cut -d':' -f1`
+ FILENAME=`echo ${I} | cut -d':' -f1 | sed 's/\./\\./g'`
SUSP_FILES="${SUSP_FILES}|${FILENAME}"
done
logtext "Check for strings (filenames): ${SUSP_FILES}"
