First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 205419
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Forensics Herd <forensics@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Alon Bar-Lev (RETIRED) <alonbl@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
chkrootkit-0.48.ebuild.diff chkrootkit-0.48.ebuild.diff patch Alon Bar-Lev (RETIRED) 2008-01-12 11:39 0000 1.36 KB Details | Diff
chkrootkit-0.48-gentoo.diff chkrootkit-0.48-gentoo.diff patch Alon Bar-Lev (RETIRED) 2008-01-12 11:41 0000 35.28 KB Details | Diff
chkrootkit-0.48-gentoo2.diff bugfixes; make reports ease to read patch Alex Efros 2008-04-12 10:53 0000 1.29 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 205419 depends on: Show dependency tree
Show dependency graph
Bug 205419 blocks:
Votes: 5    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-01-12 11:38 0000 
Hello,
New version is out!

------- Comment #1 From Alon Bar-Lev (RETIRED) 2008-01-12 11:39:07 0000 ------- 
Created an attachment (id=140785) [edit]
chkrootkit-0.48.ebuild.diff

------- Comment #2 From Alon Bar-Lev (RETIRED) 2008-01-12 11:41:51 0000 ------- 
Created an attachment (id=140790) [edit]
chkrootkit-0.48-gentoo.diff

------- Comment #3 From Alex Efros 2008-04-12 10:53:58 0000 ------- 
Created an attachment (id=149469) [edit]
bugfixes; make reports ease to read

Patch changes:
- fix: failed to execute chkdirs
- fix: incorrectly detect crontab for nobody (at least for dcron)
- improvement: don't include in report
  1. empty files
  2. .packlist files (huge amount of such files in /usr/lib/perl/ make
chkrootkit reports nearly unreadable and so useless!)
  3. /usr/lib/nessus/plugins/.desc/ directory
  4. duplicate directories

Actually only questionable change is exclude .packlist files. I think it's
better to miss possible malicious files with this name than ignore chkrootkit
reports at all because they are huge and unreadable. But perl's .packlist files
have well-defined format, so it's ease to check their content if needed (but
this may slowdown chkrootkit).

------- Comment #4 From boris64 2008-09-06 08:00:57 0000 ------- 
It's been half a year now, can anybody expect an update in the near future?

------- Comment #5 From Peter Volkov 2008-10-06 19:38:30 0000 ------- 
Was added to the tree. "improvement: don't include in report" was dropped, see
my mail for discussion. Fixed.
First Last Prev Next    No search results available      Search page      Enter new bug