Package: chkrootkit Version: 0.52-3 Severity: normal File: /etc/cron.daily/chkrootkit Tags: patch
Dear Maintainer, As of Buster, chkrootkit's cron.daily script contains the following line [0] eval $CHKROOTKIT $RUN_DAILY_OPTS | egrep -v -f "${IGNORE_FILE}" > $LOG_DIR/log.today.raw 2>&1 egrep(1) exits with status 1 when it does not select any line (because the left hand-side of the pipe produces no output, or because each output line was matching a pattern from $IGNORE_FILE). Since the script is run under `set -e`, it causes the entire cronjob to fail. Adding a trailing ‘|| true’ fixes this (though one might argue it's changing the semantics if $IGNORE_FILE is not a readable file.). Cheers, -- Guilhem. [0] https://salsa.debian.org/pkg-security-team/chkrootkit/blob/debian/0.52-3/debian/cron.daily#L25
--- a/etc/cron.daily/chkrootkit +++ b/etc/cron.daily/chkrootkit @@ -22,7 +22,7 @@ if [ "$RUN_DAILY" = "true" ]; then if [ "$DIFF_MODE" = "true" ]; then - eval $CHKROOTKIT $RUN_DAILY_OPTS | egrep -v -f "${IGNORE_FILE}" > $LOG_DIR/log.today.raw 2>&1 + eval $CHKROOTKIT $RUN_DAILY_OPTS | { egrep -v -f "${IGNORE_FILE}" || true; } > $LOG_DIR/log.today.raw 2>&1 # the sed expression replaces the messages about /sbin/dhclient3 /usr/sbin/dhcpd3 # with a message that is the same whatever order eth0 and eth1 were scanned sed -r -e 's,eth(0|1)(:[0-9])?: PACKET SNIFFER\((/sbin/dhclient|/usr/sbin/dhcpd)\[[0-9]+\]\),eth\[0|1\]: PACKET SNIFFER\([dhclient|dhcpd]{PID}\),' \
signature.asc
Description: PGP signature