On Thu, 2 May 2024, 03:45 Vincent Lefevre, <vinc...@vinc17.net> wrote:
> On 2024-05-01 19:05:06 +0100, Richard Lewis wrote: > > I agree that you should be able to filter out duplicate lines. And i > think > > this is possible with a custom filter. > > Yes, but "sed" may not be the best tool for that. With sed, removing > lines containing only the usual network managers is easier. > you dont have to use sed, you can set anything. id use awk or sort. but then you dont know if things have disappeared. > > I dont think it should be the default - most chkrootkit users have a more > > static network setup, > > If they have a static network setup, why hiding the interface name? > i believe this was because if you have multiple interfaces they may not have static names (in the days where these were eth0 vs eth1 ) and because eg dhcpcd was set up to listen on eth0 and wlan0 even if eth0 wasnt used. maybe some of these assumptions are out of date? Doing that makes the output more confusing, and the replacement of > an interface by another one would not be detected. > > > and the alert shows something has changed. For laptops where > > networking is more dynamic it's hard to design something that works > > for everyone without also hiding information for other people. > > But are lines containing *only* the usual network managers suspicious? no, but it is suspicious is anything changed. Please also see the manpage which tells you how to use -s to remove these lines. The config file can easily be used to use -s each time.
