In its "shell history anomalies" part chkrootkit collects two lists of anomalous history files: - $files: file size is zero - $files1: is linked to another file But when the according warning is written both times $files is used. For details see the attached diff. Reproducible: Always Steps to Reproduce: None of the files target, .link-history and .empty-history should exist. 1. echo Hallo > target 2. ln target .link-history 3. touch .empty-history 4. chkrootkit Actual Results: ... Searching for anomalies in shell history files... Warning: `//root/.empty-history' file size is zero Warning: `//root/.empty-history' is linked to another file ... Expected Results: ... Searching for anomalies in shell history files... Warning: `//root/.empty-history' file size is zero Warning: `//root/.link-history' is linked to another file ...
Created attachment 156497 [details, diff] diff between the original and corrected chkrootkit script
Fixed in chkrootkit-0.48. Thank you for report and fix.
