Your message dated Wed, 24 Nov 2021 21:48:32 +0000 with message-id <[email protected]> and subject line Bug#872379: fixed in chkrootkit 0.55-2 has caused the Debian Bug report #872379, regarding chkrootkit hangs when egrepping files in /dev in lxc containers to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 872379: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872379 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: chkrootkit Version: 0.50-4+b2 Severity: normal lxc bind-mounts pts devices over files in /dev when starting a container, but "find" ignores bind mounts when evaluating file types. Therefore, a bind-mounted device like this: $ ls -l /dev/console c--x--x--x 1 root tty 136, 1 Aug 16 15:53 /dev/console Still shows up when running "find" to look for regular files: $ find /dev -type f /dev/console Because of this behaviour, the chkrootkit command: files=`${find} ${ROOTDIR}dev -type f -exec ${egrep} -l "^[0-5] " {} \;` ends up hanging while trying to egrep /dev/console This can be avoided by adding an -fstype argument to the find command: files=`${find} ${ROOTDIR}dev -type f ! -fstype devpts -exec ${egrep} -l "^[0-5] " {} \;` -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (990, 'stable'), (500, 'proposed-updates') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8), LANGUAGE=en_CA:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages chkrootkit depends on: ii binutils 2.28-5 ii debconf [debconf-2.0] 1.5.61 ii libc6 2.24-11+deb9u1 ii net-tools 1.60+git20161116.90da8a0-1 ii openssh-client 1:7.4p1-10+deb9u1 ii procps 2:3.3.12-3 chkrootkit recommends no packages. chkrootkit suggests no packages.
--- End Message ---
--- Begin Message ---Source: chkrootkit Source-Version: 0.55-2 Done: Marcos Fouces <[email protected]> We believe that the bug you reported is fixed in the latest version of chkrootkit, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Marcos Fouces <[email protected]> (supplier of updated chkrootkit package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 09 Nov 2021 22:44:33 +0100 Source: chkrootkit Architecture: source Version: 0.55-2 Distribution: unstable Urgency: medium Maintainer: Debian Security Tools <[email protected]> Changed-By: Marcos Fouces <[email protected]> Closes: 488558 630880 666989 669333 677315 745431 872379 877666 982998 994153 Changes: chkrootkit (0.55-2) unstable; urgency=medium . [ Richard Lewis ] * Move configuration to /etc/chkrootkit/chkrootkit.conf and manage it as a conffile rather than via debconf * This enables various improvements to /etc/cron.daily/chkrootkit: - Improved default filtering and make filtering fully customisable (Closes: #630880, #666989, #669333, #677315, #877666, #488558). - run under ionice if possible (Closes: #745431) * Remove messages "OooPS, not expected" messages from chkproc by re-increasing MAX_PROCESSES to the upstream value (Closes: #982998) and preventing chkproc sending kill signals to processes to see if they might be malicious. (patches 55, 55a) This does re-disable a test for Enye LKM. * Prevent ckrootkit hanging when invoked from an LXC container (Closes: #872379), thanks to Scott Barker for identifying the issue (patch 61). * Various improvement to the output of chkrootkit - stop merging output of sniffer test into a single line so '-s' can be used as intended (patch 60) - fix the test of sshd so it runs when sshd is found instead of when it is not (patch 56) - ensure rexedcs tests produces any output when it finds something suspicious (patch 60) - ensure output lines up, especially if '-q' is not present - remove spurious spaces (patch 53, 54, 55a,57, 58) - do not list directories twice in list of 'suspicious' files (patch 59) and show output when -q not given (patch 25a) - fix spelling error in chkdirs output (patch 52) - further improvements to output of 'chkrootkit -h' (edits to patch 26, patch 26a) * Remove bashism from d/25_fix-nfs-legacy-sniffers.patch. (Closes: #994153). * Documentation copy-edited for grammar (and occaisional accuracy) * Update dependencies so that packages whose binaries are tested are listed in 'Enhances' and add iproute2 as a preferred alternative to net-tools * Update documentation of earlier patches (1-51), recording which have been sent upstream * Add some autopkgtests . [ Marcos Fouces ] * Update copyright file. Checksums-Sha1: bdacfb408ab42b7f70adf8da154880d72da8d167 2003 chkrootkit_0.55-2.dsc e3550706cdaad98733eea355f02ac9e37cc4d191 52796 chkrootkit_0.55-2.debian.tar.xz 371de47723918b5aeb3e071073aca4135a3ca2db 5825 chkrootkit_0.55-2_source.buildinfo Checksums-Sha256: 6812e4820ebca20ac05f669523c1ce901c23f8c5f3b4ccb592b602b1975b9e3c 2003 chkrootkit_0.55-2.dsc e82094ffe93209bb30a4dfe3b761c296538e7c30a813e342a39e44182fbf5e2a 52796 chkrootkit_0.55-2.debian.tar.xz 3630c8207ea4de13a3e3bc9e0703ee587112166396fae7637f5aa07091134200 5825 chkrootkit_0.55-2_source.buildinfo Files: 21d757c9ff5b03423847b934b2c59379 2003 misc optional chkrootkit_0.55-2.dsc d72fe06c67e3804f69c19611ce4c8e22 52796 misc optional chkrootkit_0.55-2.debian.tar.xz c0616cccf385a1b9408ce3a6454eb792 5825 misc optional chkrootkit_0.55-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfLiv/VYDL+NaNH0uasy9D6O3RHwFAmGesGYACgkQasy9D6O3 RHxDlw/8C9//Fleq3G2eshpSXDgAfG7zAOdJC5dfIZrSkBeukYZ5ZPPbw0m7rqAw VWS9xyy6uey49Nx6XD9w1OB9uQvt/5EfMU8ysnO0nrT3q6UPvZa1kVTwaP9KCPuJ jANCqGVNWHuP6RR0yR98l0YEheU1z+qsl+RFh2/3fwlfvtQZmpA9m1Vg9jfiVQ6V uQEyDD5ylA0Y41XGiVRXrdKzDfQIDBaNr/epgXZRVYXDmiW0iouAPkHmZGoVcxey +hTOzrrajbV5EwyoWqpAneE48iKxO21YMJOQT5M0Nzgo0xdlGAuN/y9SQVZSx02g mwxzWsr0SEDohDviPHAELwXdd4xZYwZTUO9Ah7vOc7aVky2rqm+tQPQI9keI3DTK P3S1AuYDfCXLID8S9HoC5/do/Ezb/6P3L9ZBrux3MXUtEEtPTjguO8jjnYCifaJF LP95atCuFHT8W4GsGbMz6E3I3xpOp7U1fpop/7r1znfFefV0BT7Qz6Ca/x5MNJAm MlacI3mmLBfqtQjM49OWHauSd339vbWi8xM7j/BYrsPlsK167tw8zkGPC/QMalj6 ldrGrEeEFAYHuEArsv4rx+pgRHkiRKPjjzoNJW2JoyF3mQ4qRKTwJ2tGsDoeph4r Fye/CHv7OlrTBO8c434IwMrkQSITYCPCvfq6QI2N4lqfLxFqrgY= =PWWB -----END PGP SIGNATURE-----
--- End Message ---
