the output of chkrootkit looks fine until... ... Searching for suspect PHP files... /usr/bin/find: `head' terminated by signal 13 /usr/bin/find: `head' termikitnated by signal 13 /usr/bin/find: `head' terminated by signal 13 /usr/bin/find: `head' terminated by signal 13 /usr/bin/find: `head' terminated by signal 13 /usr/bin/find: `head' terminated by signal 13 /usr/bin/find: `head' terminated by signal 13 /usr/bin/find: `head' terminated by signal 13 /usr/bin/find: `head' terminated by signal 13 /usr/bin/find: `head' terminated by signal 13 ... > 200 lines... Reproducible: Always
seems that I'm not the only one with this problem ;-) http://sidux.com/PNphpBB2-viewtopic-t-11837.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505718
Same problem here. Since A WHOLE FREAKING YEAR! I guess the maintainer is dead. ^^ Hey “Forensics Herd”. Please either mark it masked because it is not maintained, or fix it. I bet it is very easy. Also, how good can that tool be, if it has such big bugs and is not updated for a whole year?
I also get this, every time i run that thing: /usr/lib/nfs/sm/.keep_net-fs_nfs-utils-0 /usr/lib/nfs/sm.bak/.keep_net-fs_nfs-utils-0 /usr/lib/.keep /usr/lib/perl5/5.8.8/i686-linux/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/RRDp/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/RRDs/.packlist /usr/lib/perl5/site_perl/5.8.8/i686-linux/auto/Image/Magick/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/GD/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/DBD/mysql/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/DBI/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/LWP/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Net/Daemon/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Net/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/RPC/PlServer/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Pod/Parser/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Pod/Simple/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Pod/Escapes/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/URI/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/XML/Parser/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Data/DumpXML/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Date/Manip/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/HTML/Tagset/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/List/Util/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Term/ReadKey/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Test/Pod/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Test/Simple/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Test/Harness/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Text/DelimMatch/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Authen/SASL/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Digest/HMAC/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Digest/SHA1/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Digest/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Curses/UI/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Curses/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Array/RefElem/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Crypt/SSLeay/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Irssi/UI/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Irssi/Irc/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Irssi/TextUI/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Irssi/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Locale/gettext/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/HTML-Tree/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Storable/.packlist /usr/lib/perl5/vendor_perl/5.8.8/i686-linux/auto/Foomatic/.packlist /usr/lib/samba/rpc/.keep_net-fs_samba-0 /usr/lib/samba/auth/.keep_net-fs_samba-0 /usr/lib/samba/idmap/.keep_net-fs_samba-0 /usr/lib/latex2html/docs/.latex2html-init /usr/lib/ccache/bin/.keep_dev-util_ccache-0 /usr/lib/locale/.keep_sys-libs_glibc-2.2 /lib/udev/devices/.keep_sys-fs_udev-0 /lib/udev/state/.keep_sys-fs_udev-0 /lib/.keep /lib/dev-state/.keep /lib/rcscripts/sh/.keep /lib/rcscripts/awk/.keep /lib/rcscripts/.keep /lib/rcscripts/net.modules.d/.keep /lib/rcscripts/net.modules.d/helpers.d/.keep It happens a bit before the find-bug. With “-q”, there is nothing but one empty line between those two outputs.
Created attachment 212985 [details] Updated chkrootkit ebuild I've just done a very crude ebuild for the latest version of chkrootkit. Its really just a compile and install of the original package. It seems to run OK but I haven't looked at it in any detail. It fixes the problem listed above. Sadly nobody has updated this package since the beginning of the year. Maybe somebody can help here???
My guess: The maintainer is dead. ^^ Sometimes money revives them. Sometimes Bawls does. ;) But beware of the flesh-eating Gentoo zombie. :P
Somebody has put a few diffs at https://bugs.gentoo.org/show_bug.cgi?id=280332 but I couldn't get these to work. Any ideas? Maybe I just don't know much about the diff command.
Please retry with 0.51 version