Description of problem: msec always returns that chkrootkit check failed. But if you analyse all individual chkrootkit check result, you can see only "not found", "not infected", "not tested", "no suspect files"⦠So all test are good and the global status should be "passed". I do not know if the problem comes from msec or chkrootkit. So I arbitrary choose msec (/usr/share/msec/scripts/04_rootkit.sh). Version-Release number of selected component (if applicable): Valid on Mageia 5 and Cauldron How reproducible: Steps to Reproduce: 1. Configure msec at "secure" level 2. Launch msec 3. Check result in "/var/log/security/mail.daily.today". You can found the string "Chkrootkit check: failed" in the summary at the beginning.
CC: (none) => mageia
Summary: msec chkrootkit result is always => msec chkrootkit result is always "failed"
Well, chkrootkit has a registered maintainer, and msec doesn't.... Shlomi, I'm assigning this one to you, but please feel free to reassign to pkg-bugs@ml ;-)
CC: (none) => marja11Assignee: bugsquad => shlomif
Hi all! Here is what I found so far: it appears that the chkrootkit invocation returns a non-zero (and false) exit value which causes the bash wrapper ( /usr/share/msec/scripts/04_rootkit.sh ) to report failure: root@telaviv1:~$ /usr/sbin/chkrootkit -n > ~/chkroot.out && echo passed || echo failed failed -n is a flag that tells chkrootkit to ignore NFS mounts. Next I'll try to run chkrootkit under sh -x and see where it fails but first I need to reboot for the new mageia v6 kernel. Stay tuned.
Created attachment 8291 [details] Patch against chkrootkit to hopefully fix the problem. This patch fixes the error code of chkrootkit. Original reporter: can you please apply it and test if it fixes the problem for you? My chkrootkit seems to misbehave here.
Created attachment 8296 [details] test result Hi Slomi, it looks not good here after patching. In msec result: Chkrootkit check: failed I attach my chkrootkit result file.
(In reply to Yann Ciret from comment #4) > Created attachment 8296 [details] > test result > > Hi Slomi, > > it looks not good here after patching. > In msec result: Chkrootkit check: failed > > I attach my chkrootkit result file. Hi Yann! Please try running chkrootkit using "bash -x" and attach the result after compressing with xz or whatever. Thanks! P.S: my name is "Shlomi" - not "Slomi".
Created attachment 8298 [details] bash -x result Sorry for my mistake on your name. I will pay attention in the future. There is the requested file.
Hi Shlomi, any update on this bug?
Hello, I know this is old, but is this bug still valid?
CC: (none) => yves.brungard_mageia
Hello papoteur, I just check on my cauldron VM and the issue seems to be go away. Now the result is « Chkrootkit check: passed ». This bug can be closed. Regards Yann
Status: NEW => RESOLVEDResolution: (none) => FIXED