Package: chkrootkit Version: 0.52-3 Severity: normal File: /etc/cron.daily/chkrootkit Tags: patch
Dear Maintainer,
As of Buster, chkrootkit's cron.daily script contains the following line [0]
eval $CHKROOTKIT $RUN_DAILY_OPTS | egrep -v -f "${IGNORE_FILE}" >
$LOG_DIR/log.today.raw 2>&1
egrep(1) exits with status 1 when it does not select any line (because
the left hand-side of the pipe produces no output, or because each
output line was matching a pattern from $IGNORE_FILE).
Since the script is run under `set -e`, it causes the entire cronjob to
fail. Adding a trailing ‘|| true’ fixes this (though one might argue
it's changing the semantics if $IGNORE_FILE is not a readable file.).
Cheers,
--
Guilhem.
[0]
https://salsa.debian.org/pkg-security-team/chkrootkit/blob/debian/0.52-3/debian/cron.daily#L25
--- a/etc/cron.daily/chkrootkit
+++ b/etc/cron.daily/chkrootkit
@@ -22,7 +22,7 @@
if [ "$RUN_DAILY" = "true" ]; then
if [ "$DIFF_MODE" = "true" ]; then
- eval $CHKROOTKIT $RUN_DAILY_OPTS | egrep -v -f "${IGNORE_FILE}" > $LOG_DIR/log.today.raw 2>&1
+ eval $CHKROOTKIT $RUN_DAILY_OPTS | { egrep -v -f "${IGNORE_FILE}" || true; } > $LOG_DIR/log.today.raw 2>&1
# the sed expression replaces the messages about /sbin/dhclient3 /usr/sbin/dhcpd3
# with a message that is the same whatever order eth0 and eth1 were scanned
sed -r -e 's,eth(0|1)(:[0-9])?: PACKET SNIFFER\((/sbin/dhclient|/usr/sbin/dhcpd)\[[0-9]+\]\),eth\[0|1\]: PACKET SNIFFER\([dhclient|dhcpd]{PID}\),' \
signature.asc
Description: PGP signature
