On Fri, Apr 26, 2024 at 08:06:15PM +0100, RL wrote: > the chkrootkit package provides several utilities for examining some of > these files: chkutmp chkwtmp and check_wtmpx and chklastlog [a] -- it does > not use pam but reads the files in /var/log > > How would I test these against the new files - i assume the new versions > are compatable but might need bigger variables in those utilities?
As briefly mentioned on the wiki page, TTBOMK the new files are sqlite3 databases. > https://salsa.debian.org/pkg-security-team/chkrootkit I took a quick look, but I'm not sure which of the checks would be applicable. For checks that do not rely on the implications of the old file structure, you can probably use libwtmpdb or use libsqlite3-0 directly. Chris
