control: tags -1 + moreinfo overall this looks like the intended behaviour, based on the information provided, rather than something that needs fixing. Or is there another reason you considered this a bug?
On Mon, 27 Mar 2023, 07:51 antonio wrote: > > It seems that chkrootkit returns a false positive... or not? > $ /usr/lib/chkrootkit/ifpromisc > lo: not promisc and no packet sniffer sockets > eth0: PACKET SNIFFER(/usr/sbin/NetworkManager[1056]) > eth2: PACKET SNIFFER(/usr/sbin/NetworkManager[1056]) > If you run ifpromisc directly im not sure quite what output you expected, but the above looks correct, based on the information provided. Network manager can be reasonably classed as a 'packet sniffer' as it has the ability to read network traffic. If network manager was not started intentionally (standard for a server) you would want to know about it. If it was started by you because you are running a standard gnome desktop then it is indeed a false positive ...but there is no way software can reliably tell which of these circumstances apply. See the document about false positives in /usr/share/doc/chkrootkit for more information on how to filter out such messages from the daily report.
