Bug#1059769: marked as done (chkrootkit-daily : filtering out empty lines to prevent unnecessary empty alert emails.)

Debian Bug Tracking System Sun, 31 Dec 2023 21:57:15 -0800

Your message dated Mon, 1 Jan 2024 06:48:44 +0100
with message-id <[email protected]>
and subject line Re: Bug#1059769: chkrootkit-daily : filtering out empty lines 
to prevent unnecessary empty alert emails.
has caused the Debian Bug report #1059769,
regarding chkrootkit-daily : filtering out empty lines to prevent unnecessary 
empty alert emails.
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1059769: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059769
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: chkrootkit
Version: 0.57-2+b1
Severity: wishlist
Tags: patch

Dear Maintainer,

Currently chkrootkit-daily send me emails even if I ignore all false positives 
using chkrootkit.ignore.
Because chkrootkit outputs empty lines that cannot be excluded via 
chkrootkit.ignore.

It can be solved by adding to the filter in /etc/chkrootkit/chkrootkit.conf
  -e '/^$/d'

ie replacing:
FILTER="sed -re 's![[:alnum:]]+: PACKET 
SNIFFER\(((/lib/systemd/systemd-networkd|(/usr)?/sbin/(dhclient|dhcpc?d[0-9]*|wpa_supplicant|NetworkManager))\[[0-9]+\](,
 )?)+\)!<interface>: PACKET 
SNIFFER\([systemd-networkd|dhclient|dhcpd|dhcpcd|wpa_supplicant|NetworkManager]{PID}\)!'
 -e 's/(! [[:alnum:]+-]+)\s+[0-9]+/\1 {PID}/'"
by
FILTER="sed -e '/^$/d' -re 's![[:alnum:]]+: PACKET 
SNIFFER\(((/lib/systemd/systemd-networkd|(/usr)?/sbin/(dhclient|dhcpc?d[0-9]*|wpa_supplicant|NetworkManager))\[[0-9]+\](,
 )?)+\)!<interface>: PACKET 
SNIFFER\([systemd-networkd|dhclient|dhcpd|dhcpcd|wpa_supplicant|NetworkManager]{PID}\)!'
 -e 's/(! [[:alnum:]+-]+)\s+[0-9]+/\1 {PID}/'"

Would it make sense to put that in default chkrootkit.conf ?

Examples on bookworm:
1-chkrootkit-daily.log-no_ignore-no_empty_line_filtering.txt
2-using_this_chkrootkit.ignore.txt
3-chkrootkit-daily.log-with_ignore-no_empty_line_filtering.txt
As one can see 3- contains only 2 empty lines made of line feeds.
Using above filter, checkrootkit-daily.log becomes empty and no alert email is 
sent.

Kind regards,
Franck Richter


-- System Information:
Debian Release: 12.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-16-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages chkrootkit depends on:
ii  libc6  2.36-9+deb12u3

Versions of packages chkrootkit recommends:
ii  anacron                                    2.3-36
ii  binutils                                   2.40-2
ii  bsd-mailx [mailx]                          8.1.2-0.20220412cvs-1
ii  cron [cron-daemon]                         3.0pl1-162
ii  exim4-daemon-light [mail-transport-agent]  4.96-15+deb12u3
ii  iproute2                                   6.1.0-3
ii  mailutils [mailx]                          1:3.15-4
ii  net-tools                                  2.10-0.1
ii  procps                                     2:4.0.2-3
ii  systemd-sysv                               252.19-1~deb12u1

chkrootkit suggests no packages.

-- Configuration Files:
/etc/chkrootkit/chkrootkit.conf changed [not included]
/etc/chkrootkit/chkrootkit.ignore changed [not included]

-- no debconf information

WARNING: The following suspicious files and directories were found:
/usr/lib/libreoffice/share/.registry
/usr/lib/python3/dist-packages/numpy/f2py/tests/src/assumed_shape/.f2py_f2cmap
/usr/lib/python3/dist-packages/numpy/f2py/tests/src/f2cmap/.f2py_f2cmap
/usr/lib/python3/dist-packages/numpy/core/include/numpy/.doxyfile
/usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.prettierrc
/usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.prettierignore
/usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.eslintrc.js
/usr/lib/python3/dist-packages/matplotlib/tests/baseline_images/.keep
/usr/lib/python3/dist-packages/matplotlib/tests/tinypages/_static/.gitignore
/usr/lib/python3/dist-packages/matplotlib/tests/tinypages/.gitignore
/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document
/usr/lib/ruby/vendor_ruby/rubygems/tsort/.document
/usr/lib/ruby/vendor_ruby/rubygems/optparse/.document
/usr/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/.vscode
/usr/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/.vscodeignore
/usr/lib/ruby/gems/3.1.0/gems/typeprof-0.21.2/vscode/.gitignore
/usr/lib/jvm/.java-1.17.0-openjdk-amd64.jinfo

WARNING: Output from ifpromisc:
<interface>: PACKET 
SNIFFER([systemd-networkd|dhclient|dhcpd|dhcpcd|wpa_supplicant|NetworkManager]{PID})

WARNING: The following suspicious files and directories were found:
\/usr\/lib\/libreoffice\/share\/.registry
\/usr\/lib\/python3\/dist-packages\/numpy\/f2py\/tests\/src\/assumed_shape\/.f2py_f2cmap
\/usr\/lib\/python3\/dist-packages\/numpy\/f2py\/tests\/src\/f2cmap\/.f2py_f2cmap
\/usr\/lib\/python3\/dist-packages\/numpy\/core\/include\/numpy\/.doxyfile
\/usr\/lib\/python3\/dist-packages\/matplotlib\/backends\/web_backend\/.prettierrc
\/usr\/lib\/python3\/dist-packages\/matplotlib\/backends\/web_backend\/.prettierignore
\/usr\/lib\/python3\/dist-packages\/matplotlib\/backends\/web_backend\/.eslintrc.js
\/usr\/lib\/python3\/dist-packages\/matplotlib\/tests\/baseline_images\/.keep
\/usr\/lib\/python3\/dist-packages\/matplotlib\/tests\/tinypages\/_static\/.gitignore
\/usr\/lib\/python3\/dist-packages\/matplotlib\/tests\/tinypages\/.gitignore
\/usr\/lib\/ruby\/vendor_ruby\/rubygems\/ssl_certs\/.document
\/usr\/lib\/ruby\/vendor_ruby\/rubygems\/tsort\/.document
\/usr\/lib\/ruby\/vendor_ruby\/rubygems\/optparse\/.document
\/usr\/lib\/ruby\/gems\/3.1.0\/gems\/typeprof-0.21.2\/vscode\/.vscode
\/usr\/lib\/ruby\/gems\/3.1.0\/gems\/typeprof-0.21.2\/vscode\/.vscodeignore
\/usr\/lib\/ruby\/gems\/3.1.0\/gems\/typeprof-0.21.2\/vscode\/.gitignore
\/usr\/lib\/jvm\/.java-1.17.0-openjdk-amd64.jinfo
WARNING: Output from ifpromisc:
<interface>: PACKET 
SNIFFER\(\[systemd-networkd|dhclient|dhcpd|dhcpcd|wpa_supplicant|NetworkManager\]\{PID\}\)

--- End Message ---

--- Begin Message ---
Done, thanks to Richard Lewis.
Franck
--- End Message ---

Bug#1059769: marked as done (chkrootkit-daily : filtering out empty lines to prevent unnecessary empty alert emails.)

Reply via email to