Package: chkrootkit Version: 0.58b-1+b2 Severity: normal The "chkrootkit -s" example in the man page is
chkrootkit -s '(systemd-netword|NetworkManager|wpa_supplicant)' but if an unrecognized packet sniffer is added on one of the interfaces, it will not be detected. And "where the argument lists whicher managers you expect to be present" is confusing (BTW, "whicher" is wrong). The match is not done on individual managers, but on the whole line output by ifpromisc. If I understand correctly, it should be something more like chkrootkit -s '^[[:alnum:]]+: PACKET SNIFFER\(((/usr/lib/systemd/systemd-networkd|/usr/sbin/(dhclient|dhcpc?d[0-9]*|wpa_supplicant|NetworkManager))\[[0-9]+\](, )?)+\)$' (inspired by the default FILTER). Or the -s option could be "fixed" to match on individual managers. -- System Information: Debian Release: trixie/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.6.15-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages chkrootkit depends on: ii libc6 2.37-19 Versions of packages chkrootkit recommends: ii anacron 2.3-40 ii binutils 2.42-4 ii cron [cron-daemon] 3.0pl1-189 ii iproute2 6.8.0-1 ii mailutils [mailx] 1:3.17-1.1+b2 ii net-tools 2.10-1.1 ii postfix [mail-transport-agent] 3.9.0-2 ii procps 2:4.0.4-4 ii systemd-sysv 255.4-1+b1 chkrootkit suggests no packages. -- Configuration Files: /etc/chkrootkit/chkrootkit.conf changed [not included] -- no debconf information -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
