File: 17_Suckitfalse.patch

package info (click to toggle)
chkrootkit 0.52-3
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 1,860 kB
  • sloc: sh: 36,448; ansic: 4,498; makefile: 155
file content (23 lines) | stat: -rw-r--r-- 999 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
Description: ignore false positive for Suckit rootkit when systemd is /sbin/init
Author Giuseppe Iuculano <iuculano@debian.org>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740898
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/

--- a/chkrootkit
+++ b/chkrootkit
@@ -1021,7 +1021,13 @@
       if [ ${SYSTEM} != "HP-UX" ] && ( ${strings} ${ROOTDIR}sbin/init | ${egrep} '\.sniffer'   || \
 	      cat ${ROOTDIR}/proc/1/maps | ${egrep} "init." ) >/dev/null 2>&1
         then
-        echo "Warning: ${ROOTDIR}sbin/init INFECTED"
+        # ignore false positive  bug #740898
+        readlink -f  ${ROOTDIR}sbin/init|${egrep} -q "/sbin/upstart$|/systemd$"
+        if [ $? -eq 0 ]; then
+          if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
+        else
+          echo "Warning: ${ROOTDIR}sbin/init INFECTED"
+        fi
       else
          if [ -d ${ROOTDIR}/dev/.golf ]; then
             echo "Warning: Suspect directory ${ROOTDIR}dev/.golf"