[Bug 1303893] Re: cron.daily/chkrootkit log filtering needs to include current names for dhcpcd and dhclient binaries
Nathan Stratton Treadway
ubuntu.lp at nathanst.com
Mon Apr 7 16:18:29 UTC 2014
We have found that chkrootkit now complains after each reboot, with a message similar to:
-eth0: PACKET SNIFFER(/sbin/dhclient[895])
+eth0: PACKET SNIFFER(/sbin/dhclient[888])
---[ END: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
Looking at /etc/cron.daily/chkrootkit, I noticed that there is logic that attempts to avoid such warnings:
# the sed expression replaces the messages about /sbin/dhclient3 /usr/sbin/dhcpd3
# with a message that is the same whatever order eth0 and eth1 were scanned
sed -r -e 's,eth(0|1)(:[0-9])?: PACKET SNIFFER\((/sbin/dhclient3|/usr/sbin/dhcpd3)\[[0-9]+\]\),eth\[0|1\]: PACKET SNIFFER\([dhclient3|dhcpd3]{PID}\),' \
-e 's/(! \w+\s+)[ 0-9]{4}[0-9]/\1#####/' $LOG_DIR/log.today.raw > $LOG_DIR/log.today
... but this no longer works as expected, since the exact name of the
"dhclient' binary has changed.
** Bug watch added: Debian Bug tracker #600109
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600109
** Also affects: chkrootkit via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600109
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/1303893
Title:
cron.daily/chkrootkit log filtering needs to include current names for
dhcpcd and dhclient binaries
To manage notifications about this bug go to:
https://bugs.launchpad.net/chkrootkit/+bug/1303893/+subscriptions
More information about the Ubuntu-server-bugs
mailing list