Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 205419 - app-forensics/chkrootkit-0.48 - version bump
Summary: app-forensics/chkrootkit-0.48 - version bump
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Forensics Herd [disbanded]
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-01-12 11:38 UTC by Alon Bar-Lev (RETIRED)
Modified: 2008-10-06 19:38 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
chkrootkit-0.48.ebuild.diff (chkrootkit-0.48.ebuild.diff,1.36 KB, patch)
2008-01-12 11:39 UTC, Alon Bar-Lev (RETIRED) 		Details | Diff
chkrootkit-0.48-gentoo.diff (chkrootkit-0.48-gentoo.diff,35.28 KB, patch)
2008-01-12 11:41 UTC, Alon Bar-Lev (RETIRED) 		Details | Diff
bugfixes; make reports ease to read (chkrootkit-0.48-gentoo2.diff,1.29 KB, patch)
2008-04-12 10:53 UTC, Alex Efros 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alon Bar-Lev (RETIRED) gentoo-dev 2008-01-12 11:38:26 UTC 
Hello,
New version is out!
Comment 1 Alon Bar-Lev (RETIRED) gentoo-dev 2008-01-12 11:39:07 UTC 
Created attachment 140785 [details, diff]
chkrootkit-0.48.ebuild.diff
Comment 2 Alon Bar-Lev (RETIRED) gentoo-dev 2008-01-12 11:41:51 UTC 
Created attachment 140790 [details, diff]
chkrootkit-0.48-gentoo.diff
Comment 3 Alex Efros 2008-04-12 10:53:58 UTC 
Created attachment 149469 [details, diff]
bugfixes; make reports ease to read

Patch changes:
- fix: failed to execute chkdirs
- fix: incorrectly detect crontab for nobody (at least for dcron)
- improvement: don't include in report
  1. empty files
  2. .packlist files (huge amount of such files in /usr/lib/perl/ make chkrootkit reports nearly unreadable and so useless!)
  3. /usr/lib/nessus/plugins/.desc/ directory
  4. duplicate directories

Actually only questionable change is exclude .packlist files. I think it's better to miss possible malicious files with this name than ignore chkrootkit reports at all because they are huge and unreadable. But perl's .packlist files have well-defined format, so it's ease to check their content if needed (but this may slowdown chkrootkit).
Comment 4 boris64 2008-09-06 08:00:57 UTC 
It's been half a year now, can anybody expect an update in the near future?
Comment 5 Peter Volkov (RETIRED) gentoo-dev 2008-10-06 19:38:30 UTC 
Was added to the tree. "improvement: don't include in report" was dropped, see my mail for discussion. Fixed.