Bug#1099871: chkrootkit: some issues with ifpromisc

Sat, 08 Mar 2025 23:51:33 -0800 

Package: chkrootkit
Version: 0.58b-3+b2
Severity: normal

Hi,

when running chkrootkit using `chkrootkit-daily` in diff mode, ifpromisc
sometimes raised an alert because of its output appears in a different order.
To avoid those false alerts, it would be good if the output of `ifpromisc`
would be sorted - at least for the non-EXPERT case.

If I saw it correctly in Debian's git repo, this should be a simple change in
'debian/patches/chkrootkit-sniffer.patch':

--- a/debian/patches/chkrootkit-sniffer.patch
+++ b/debian/patches/chkrootkit-sniffer.patch
@@ -48,10 +48,10 @@ index d1d84e4..9f2d0b4 100755
 -      [ "${QUIET}" != "t" ] && ./ifpromisc -v || ./ifpromisc -q
 +              status=0
 +              if [ "${QUIET}" != "t" ]; then
-+                      outmsg=$(./ifpromisc -v 2>&1)
++                      outmsg=$(./ifpromisc 2>&1 | sort)
 +                      status=$?
 +              else
-+                      outmsg=$(./ifpromisc -q 2>&1)
++                      outmsg=$(./ifpromisc -q 2>&1 | sort)
 +                      status=$?
 +              fi
 +              if [ "$status" = 0 ]; then


In addition I found that the ifpromisc included in chkrootkit supports exactly
oner commandline argument: "-q".
I.e. the calls of ifpromisc with "-v" as commandline argument should be adapted 
too.
I stumbled across it when trying to patch the above issue directly in reportbug
where I found the following call in export mode

        expertmode_output "./ifpromisc" -v

But `expertmode_output` only takes the first of its parameters into account.
Luckily this does not matter (because of "-v" not being supported by ifpromisc),
but it is very confusing.

The above patch includes thos fix already for the non-EXPERT case.


Thanks for maintaining chkrootkit in Debian!
Peter


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-security'), (500, 'unstable'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.12-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages chkrootkit depends on:
ii  libc6  2.40-7

Versions of packages chkrootkit recommends:
ii  anacron                         2.3-42
ii  binutils                        2.44-3
ii  bsd-mailx [mailx]               8.1.2-0.20220412cvs-1
ii  cron [cron-daemon]              3.0pl1-194
ii  iproute2                        6.13.0-1
ii  net-tools                       2.10-1.1
ii  postfix [mail-transport-agent]  3.10.1-1
ii  procps                          2:4.0.4-7
ii  systemd-sysv                    257.3-1

chkrootkit suggests no packages.

-- Configuration Files:
/etc/chkrootkit/chkrootkit.conf changed [not included]

-- no debconf information

Reply via email to