On Sun, 15 Dec 2024 22:40:51 +0000 Julian Gilbey <j...@debian.org> wrote: > On Wed, Dec 11, 2024 at 11:43:18PM +0000, Richard Lewis wrote: > > [...] > > I think all it needs is > > /etc/systemd/system/chkrootkit.service.d/override.conf with > > > > [Service] > > ProtectSystem=strict > > > > (you can do "systemctl edit chkrootkit.service" and it will make such > > a file and reload it, > > you can then do systemctl start chkrootkit and it should be used) > > That should solve the problem for the daily check. Can you see if that > > it works. it's probably useful anyway) > > That works perfectly, thank you!
Quick update: I've been testing this, and whille it usually works it can prevent the output being emailed with the following: Dec 28 00:01:45 hostname chkrootkit-daily[4050677]: mail: mu_temp_file_stream_create() failed: Read-only file system Dec 28 00:01:45 hostname chkrootkit-daily[4050677]: mail: mu_temp_file_stream_create() failed: Read-only file system Dec 28 00:01:46 hostname exim[4050709]: 2024-12-28 00:01:46 1tRKH4-00Gzm1-00 Failed to create spool file /var/spool/exim4//input//1tRKH4-00Gzm1-00-D: Read-only file system Dec 28 00:01:46 hostname exim[4050709]: 2024-12-28 00:01:46 1tRKH4-00Gzm1-00 Cannot open main log file "/var/log/exim4/mainlog": Permission denied: euid=109 egid=113 Dec 28 00:01:46 hostname exim[4050709]: exim: could not open panic log - aborting: see message(s) above I believe this only(?) happens if the report is large enough. i assume we can allow more of /var to be read-write and avoid this possibly the first error is from mailutils -- i remember failing to identify this before, unfortunately without success.
