Package: chkrootkit Version: 0.49-4.1+deb7u2 Severity: normal Upgrading to new kernel from backports repository chkrootkit report an error detected from email report:
/etc/cron.daily/chkrootkit: ERROR: chkrootkit output was not as expected. The difference is: ---[ BEGIN: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] --- --- /var/log/chkrootkit/log.expected 2014-04-16 08:57:44.834470074 +0200 +++ /var/log/chkrootkit/log.today 2014-07-13 15:41:30.477359828 +0200 @@ -0,0 +1 @@ +/usr/sbin/chkrootkit: 27: [: Illegal number: 14-0 ---[ END: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] --- To update the expected output, run (as root) # cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected # (note that unedited output is in /var/log/chkrootkit/log.today.raw) It seems that for new kernel (3.14-0.bpo.1-amd64) the script fail to detect the version at line 27: >>>if [ `uname -r | cut -d. -f2` -lt 6 ] ;<<< then KALLSYMS=ksyms ; else KALLSYMS=kallsyms ; fi ; copying the new expected log as suggested no error is reported. System Information: uname -a Linux hostname 3.14-0.bpo.1-amd64 #1 SMP Debian 3.14.7-1~bpo70+1 (2014-06-21) x86_64 GNU/Linux lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 7.6 (wheezy) Release: 7.6 Codename: wheezy dpkg --list chkrootkit Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-=============================-===================-===================-================= ii chkrootkit 0.49-4.1+deb7u2 amd64 rootkit detector dpkg --status chkrootkit Package: chkrootkit Status: install ok installed Priority: optional Section: misc Installed-Size: 931 Maintainer: Giuseppe Iuculano <iucul...@debian.org> Architecture: amd64 Version: 0.49-4.1+deb7u2 Depends: libc6 (>= 2.7), debconf (>= 0.5) | debconf-2.0, binutils, net-tools, debconf, procps Conffiles: /etc/cron.daily/chkrootkit f1aad4f9042a8595e68e7ecfde1c10f6 Description: rootkit detector The chkrootkit security scanner searches the local system for signs that it is infected with a 'rootkit'. Rootkits are set of programs and hacks designed to take control of a target machine by using known security flaws. . Types that chkrootkit can identify are listed on the project's home page. . Please note that where chkrootkit detects no intrusions, this does not guarantee that the system is uncompromised. In addition to running chkrootkit, more specific tests should always be performed. Homepage: http://www.chkrootkit.org/ chkrootkit.conf RUN_DAILY="true" RUN_DAILY_OPTS="-q | mail -s \"[chkrootkit] `hostname` - daily report\" root@localhost" DIFF_MODE="true" -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
