Package: chkrootkit
Version: 0.49-3
Severity: normal
When running chkrootkit with options
RUN_DAILY_OPTS="-n -q -e false-positive-path"
it finds the false positive. It isn't reported (which is OK) but the banner
The following suspicious files and directories were found:
is printed (and, e.g., sent by mail to the sysadmin). The banner is followed
by an empty list if the false positive is the only element it
finds. Cf. chkrootkit's script near line 725 (my comments start in column 1):
if [ "${files}" = "" -a "${dirs}" = "" ]
then
if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
else
At this point the banner is printed, but all files/dirs might be excluded,
resulting in an empty list. Then chkrootkit merely displays the banner:
if [ "${QUIET}" = "t" ]; then
printn "The following suspicious files and directories were found:"
fi
echo
if [ -n "${EXCLUDES}" ]; then
for name in $files; do
for exclude in $EXCLUDES; do
if [ $name = $exclude ]; then continue 2; fi
done
This might never be reached...
echo $name
done
for name in $dirs; do
for exclude in $EXCLUDES; do
if [ $name = $exclude ]; then continue 2; fi
done
This might never be reached...
echo $name
done
else
echo ${files}
echo ${dirs}
fi
fi
A simple (not the most elegant) fix would be to check for the banner having
been displayed and display it only once. Easy to do by putting its code in a
function and call that function before files/dirs are displayed. Assuming the
function is called showBanner() then the above could become:
if [ "${files}" = "" -a "${dirs}" = "" ]
then
if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
else
if [ -n "${EXCLUDES}" ]; then
for name in $files; do
for exclude in $EXCLUDES; do
if [ $name = $exclude ]; then continue 2; fi
done
showBanner
echo $name
done
for name in $dirs; do
for exclude in $EXCLUDES; do
if [ $name = $exclude ]; then continue 2; fi
done
showbanner
echo $name
done
else
showbanner
echo ${files}
echo ${dirs}
fi
fi
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.30-1-686 (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=POSIX (charmap=ANSI_X3.4-1968) (ignored: LC_ALL
set to POSIX)
Shell: /bin/sh linked to /bin/bash
Versions of packages chkrootkit depends on:
ii binutils 2.19.91.20090910-1 The GNU assembler, linker and bina
ii debconf [debconf-2.0] 1.5.27 Debian configuration management sy
ii libc6 2.9-25 GNU C Library: Shared libraries
ii net-tools 1.60-23 The NET-3 networking toolkit
ii procps 1:3.2.8-1 /proc file system utilities
chkrootkit recommends no packages.
chkrootkit suggests no packages.
-- debconf information excluded
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
