Bug#1002522: chkrootkit: autopkgtest failure everywhere except amd64

To: submit@bugs.debian.org
Subject: Bug#1002522: chkrootkit: autopkgtest failure everywhere except amd64
From: Paul Gevers <elbrus@debian.org>
Date: Thu, 23 Dec 2021 19:52:50 +0100
Message-id: <[🔎] 22579a88-5406-2e7a-9cd6-10d25b30edfe@debian.org>
Reply-to: Paul Gevers <elbrus@debian.org>, 1002522@bugs.debian.org

Source: chkrootkit
Version: 0.55-3
X-Debbugs-CC: debian-ci@lists.debian.org
Severity: serious
User: debian-ci@lists.debian.org
Usertags: fails-always

Dear maintainer(s),

You recently added an autopkgtest to your package chkrootkit, great.However, it fails on most architectures. Currently this failure isblocking the migration to testing [1]. Can you please investigate thesituation and fix it?


I copied some of the output at the bottom of this report.

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=chkrootkit

https://ci.debian.net/data/autopkgtest/testing/arm64/c/chkrootkit/17384537/log.gz

* Running test-chkrootkit (from:/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests)...

** env
SHELL=/bin/bash
AUTOPKGTEST_NORMAL_USER=debci
AUTOPKGTEST_TMP=/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp
PWD=/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src
XDG_SESSION_TYPE=unspecified
HOME=/root
LANG=C.UTF-8
ADTTMP=/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp
AUTOPKGTEST_ARTIFACTS=/tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts
XDG_SESSION_CLASS=background
USER=root
DEB_BUILD_OPTIONS=parallel=4
SHLVL=3
ADT_NORMAL_USER=debci
XDG_SESSION_ID=c2
XDG_RUNTIME_DIR=/run/user/0
ADT_ARTIFACTS=/tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
MAIL=/var/mail/root
DEBIAN_FRONTEND=noninteractive
OLDPWD=/
_=/usr/bin/env
MY_BUILD_DIR=/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi
* Setting up the testsuite
** README

The purpose of this tests is to check that the actual output is as weexpect.


This tests that both chkrootkit (directly invoked) and its cron.daily
cronjob work with various combinations of options.

- Each test has a file listing regexps: each listed regexp must match
  against the output or the test will fail: the 'fix' will often be
  to update the .expected file
- (these are in debian/test/*.expected)
- Output not matched by any such regexp is listed (with some known
  exceptions removed), but does not cause failure
- This testsuite is designed to run in a sbuild schroot or via the CI
  pipeline on salsa.debian.org: you might need to adjust the
  debian/test/*.expected files if running in some other way.

** Ensuring chkrootkit finds as much to test as we can
Making /bin/amd
Making /sbin/amd
Making /etc/amd.conf
Making /bin/biff
Making /sbin/biff
Making /etc/biff.conf
Making /bin/cron
Making /sbin/cron
Making /etc/cron.conf
Making /bin/crontab
Making /sbin/crontab
Making /etc/crontab.conf
Making /bin/fingerd
Making /sbin/fingerd
Making /etc/fingerd.conf
Making /bin/in.fingerd
Making /sbin/in.fingerd
Making /etc/in.fingerd.conf
Making /bin/gpm
Making /sbin/gpm
Making /etc/gpm.conf
Making /bin/hdparm
Making /sbin/hdparm
Making /etc/hdparm.conf
Making /bin/inetd
Making /sbin/inetd
Making /etc/inetd.conf
Making /bin/in.identd
Making /sbin/in.identd
Making /etc/in.identd.conf
Making /bin/inetdconf
Making /sbin/inetdconf
Making /etc/inetdconf.conf
Making /bin/init
/sbin/init: exists
Making /etc/init.conf
Making /bin/killall
Making /sbin/killall
Making /etc/killall.conf
Making /bin/lsdopreload
Making /sbin/lsdopreload
Making /etc/lsdopreload.conf
Making /bin/lsof
Making /sbin/lsof
Making /etc/lsof.conf
Making /bin/mail
Making /sbin/mail
Making /etc/mail.conf
Making /bin/mingetty
Making /sbin/mingetty
Making /etc/mingetty.conf
Making /bin/named
Making /sbin/named
Making /etc/named.conf
Making /bin/in.pop2d
Making /sbin/in.pop2d
Making /etc/in.pop2d.conf
Making /bin/in.pop3d
Making /sbin/in.pop3d
Making /etc/in.pop3d.conf
Making /bin/write
Making /sbin/write
Making /etc/write.conf
Making /bin/pstree
Making /sbin/pstree
Making /etc/pstree.conf
Making /bin/rpcinfo
Making /sbin/rpcinfo
Making /etc/rpcinfo.conf
Making /bin/rlogind
Making /sbin/rlogind
Making /etc/rlogind.conf
Making /bin/in.rshd
Making /sbin/in.rshd
Making /etc/in.rshd.conf
/bin/slogin: exists
Making /sbin/slogin
Making /etc/slogin.conf
Making /bin/sendmail
Making /sbin/sendmail
Making /etc/sendmail.conf
Making /bin/sshd
/sbin/sshd: exists
Making /etc/sshd.conf
Making /bin/syslogd
Making /sbin/syslogd
Making /etc/syslogd.conf
Making /bin/tcpd
Making /sbin/tcpd
Making /etc/tcpd.conf
Making /bin/tcpdump
Making /sbin/tcpdump
Making /etc/tcpdump.conf
Making /bin/telnetd
Making /sbin/telnetd
Making /etc/telnetd.conf
Making /bin/timed
Making /sbin/timed
Making /etc/timed.conf
Making /bin/traceroute
Making /sbin/traceroute
Making /etc/traceroute.conf
Done

Preserving existing /etc/chkrootkit/chkrootkit.conf as/etc/chkrootkit/chkrootkit.conf.origPreserving existing /etc/chkrootkit/chkrootkit.ignore as/etc/chkrootkit/chkrootkit.ignore.orig

* Testing: the main binary
** Testing: chkrootkit-0-full (/usr/sbin/chkrootkit) ...
*** Output
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        no suspect files
Searching for sniffer's logs, it may take a while...        nothing found
Searching for rootkit HiDrootkit's default files...         nothing found
Searching for rootkit t0rn's default files...               nothing found
Searching for t0rn's v8 defaults...                         nothing found
Searching for rootkit Lion's default files...               nothing found
Searching for rootkit RSHA's default files...               nothing found
Searching for rootkit RH-Sharpe's default files...          nothing found

Searching for Ambient's rootkit (ark) default files and dirs... nothingfoundSearching for suspicious files and dirs, it may take a while... nothingfound

Searching for LPD Worm files and dirs...                    nothing found
Searching for Ramen Worm files and dirs...                  nothing found
Searching for Maniac files and dirs...                      nothing found
Searching for RK17 files and dirs...                        nothing found
Searching for Ducoci rootkit...                             nothing found
Searching for Adore Worm...                                 nothing found
Searching for ShitC Worm...                                 nothing found
Searching for Omega Worm...                                 nothing found
Searching for Sadmind/IIS Worm...                           nothing found
Searching for MonKit...                                     nothing found
Searching for Showtee...                                    nothing found
Searching for OpticKit...                                   nothing found
Searching for T.R.K...                                      nothing found
Searching for Mithra...                                     nothing found
Searching for OBSD rk v1...                                 nothing found
Searching for LOC rootkit...                                nothing found
Searching for Romanian rootkit...                           nothing found
Searching for HKRK rootkit...                               nothing found
Searching for Suckit rootkit...                             nothing found
Searching for Volc rootkit...                               nothing found
Searching for Gold2 rootkit...                              nothing found
Searching for TC2 Worm default files and dirs...            nothing found
Searching for Anonoying rootkit default files and dirs...   nothing found
Searching for ZK rootkit default files and dirs...          nothing found
Searching for ShKit rootkit default files and dirs...       nothing found
Searching for AjaKit rootkit default files and dirs...      nothing found
Searching for zaRwT rootkit default files and dirs...       nothing found
Searching for Madalin rootkit default files...              nothing found
Searching for Fu rootkit default files...                   nothing found
Searching for ESRK rootkit default files...                 nothing found
Searching for rootedoor...                                  nothing found
Searching for ENYELKM rootkit default files...              nothing found
Searching for common ssh-scanners default files...          nothing found
Searching for Linux/Ebury - Operation Windigo ssh...        not tested
Searching for 64-bit Linux Rootkit ...                      nothing found
Searching for 64-bit Linux Rootkit modules...               nothing found
Searching for Mumblehard Linux ...                          nothing found
Searching for Backdoor.Linux.Mokes.a ...                    nothing found
Searching for Malicious TinyDNS ...                         nothing found

Searching for Linux.Xor.DDoS ... INFECTED:Possible Malicious Linux.Xor.DDoS installed

/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/08_unidentified.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26_improve-info-help-display.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/17_Suckitfalse.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/13_exitcode.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26a_chkrootkit-further-improvement-to-help-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/06_quiet.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/04_backslashes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/19_openssh.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/09_excludes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25a_fix_patch_25.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/02_workingdir.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/21_fix_loc_function.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/16_php.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/03_linedup_reports.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/find-debs-that-are-enhanced
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/rules
/tmp/test-chkrootkit-false-positive
/tmp/autopkgtest-reboot
/tmp/autopkgtest-reboot-prepare
Searching for Linux.Proxy.1.0 ...                           nothing found
Searching for CrossRAT ...                                  nothing found
Searching for Hidden Cobra ...                              nothing found
Searching for Rocke Miner ...                               nothing found
Searching for PWNLNX4 lkm...                                nothing found
Searching for PWNLNX6 lkm...                                nothing found
Searching for Umbreon lrk...                                nothing found
Searching for Kinsing.a backdoor...                         nothing found
Searching for RotaJakiro backdoor...                        nothing found
Searching for suspect PHP files...                          nothing found
Searching for anomalies in shell history files...           nothing found
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not infected

Checking `lkm'... chkproc:nothing detected

chkdirs: nothing detected
Checking `rexedcs'...                                       not found

Checking `sniffer'... Output fromifpromisc:

lo: not promisc and no packet sniffer sockets
eth0: PACKET SNIFFER(/usr/sbin/dhclient[69])
Checking `w55808'...                                        not infected

Checking `wted'... chkwtmp:nothing deleted

Checking `scalper'...                                       not infected
Checking `slapper'...                                       not infected

Checking `z2'... chklastlog:nothing deletedChecking `chkutmp'... The tty ofthe following process(es) was not found in /var/run/utmp:

! RUID          PID TTY    CMD

!AUTOPKGTEST_ARTIFACTS="/tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts";export ADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp";exp 0 artifacts";gtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts"; exportADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exp! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! INT 0 ipt_pid" QUIT PIPE; cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout /tmp

chkutmp: nothing deleted
Checking `OSX_RSPLUG'...                                    not tested
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec  7 23:01 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK

**** Test for '^Checking `amd'\.\.\.not infected$'

Checking `amd'...                                           not infected
OK

**** Test for '^Checking `basename'\.\.\.not infected$'

Checking `basename'...                                      not infected
OK

**** Test for '^Checking `biff'\.\.\.not infected$'

Checking `biff'...                                          not infected
OK

**** Test for '^Checking `chfn'\.\.\.not infected$'

Checking `chfn'...                                          not infected
OK

**** Test for '^Checking `chsh'\.\.\.not infected$'

Checking `chsh'...                                          not infected
OK

**** Test for '^Checking `cron'\.\.\.not infected$'

Checking `cron'...                                          not infected
OK

**** Test for '^Checking `crontab'\.\.\.not infected$'

Checking `crontab'...                                       not infected
OK

**** Test for '^Checking `date'\.\.\.not infected$'

Checking `date'...                                          not infected
OK

**** Test for '^Checking `du'\.\.\.not infected$'

Checking `du'...                                            not infected
OK

**** Test for '^Checking `dirname'\.\.\.not infected$'

Checking `dirname'...                                       not infected
OK

**** Test for '^Checking `echo'\.\.\.not infected$'

Checking `echo'...                                          not infected
OK

**** Test for '^Checking `egrep'\.\.\.not infected$'

Checking `egrep'...                                         not infected
OK

**** Test for '^Checking `env'\.\.\.not infected$'

Checking `env'...                                           not infected
OK

**** Test for '^Checking `find'\.\.\.not infected$'

Checking `find'...                                          not infected
OK

**** Test for '^Checking `fingerd'\.\.\.not infected$'

Checking `fingerd'...                                       not infected
OK

**** Test for '^Checking `gpm'\.\.\.not infected$'

Checking `gpm'...                                           not infected
OK

**** Test for '^Checking `grep'\.\.\.not infected$'

Checking `grep'...                                          not infected
OK

**** Test for '^Checking `hdparm'\.\.\.not infected$'

Checking `hdparm'...                                        not infected
OK

**** Test for '^Checking `su'\.\.\.not infected$'

Checking `su'...                                            not infected
OK

**** Test for '^Checking `ifconfig'\.\.\.not infected$'

Checking `ifconfig'...                                      not infected
OK

**** Test for '^Checking `inetd'\.\.\.not infected$'

Checking `inetd'...                                         not infected
OK

**** Test for '^Checking `inetdconf'\.\.\.not infected$'

Checking `inetdconf'...                                     not infected
OK

**** Test for '^Checking `identd'\.\.\.not infected$'

Checking `identd'...                                        not infected
OK

**** Test for '^Checking `init'\.\.\.not infected$'

Checking `init'...                                          not infected
OK

**** Test for '^Checking `killall'\.\.\.not infected$'

Checking `killall'...                                       not infected
OK

**** Test for '^Checking `ldsopreload'\.\.\.not infected$'

Checking `ldsopreload'...                                   not infected
OK

**** Test for '^Checking `login'\.\.\.not infected$'

Checking `login'...                                         not infected
OK

**** Test for '^Checking `ls'\.\.\.not infected$'

Checking `ls'...                                            not infected
OK

**** Test for '^Checking `lsof'\.\.\.not infected$'

Checking `lsof'...                                          not infected
OK

**** Test for '^Checking `mail'\.\.\.not infected$'

Checking `mail'...                                          not infected
OK

**** Test for '^Checking `mingetty'\.\.\.not infected$'

Checking `mingetty'...                                      not infected
OK

**** Test for '^Checking `netstat'\.\.\.not infected$'

Checking `netstat'...                                       not infected
OK

**** Test for '^Checking `named'\.\.\.not infected$'

Checking `named'...                                         not infected
OK

**** Test for '^Checking `passwd'\.\.\.not infected$'

Checking `passwd'...                                        not infected
OK

**** Test for '^Checking `pidof'\.\.\.not infected$'

Checking `pidof'...                                         not infected
OK

**** Test for '^Checking `pop2'\.\.\.not infected$'

Checking `pop2'...                                          not infected
OK

**** Test for '^Checking `pop3'\.\.\.not infected$'

Checking `pop3'...                                          not infected
OK

**** Test for '^Checking `ps'\.\.\.not infected$'

Checking `ps'...                                            not infected
OK

**** Test for '^Checking `pstree'\.\.\.not infected$'

Checking `pstree'...                                        not infected
OK

**** Test for '^Checking `rpcinfo'\.\.\.not infected$'

Checking `rpcinfo'...                                       not infected
OK

**** Test for '^Checking `rlogind'\.\.\.not infected$'

Checking `rlogind'...                                       not infected
OK

**** Test for '^Checking `rshd'\.\.\.not infected$'

Checking `rshd'...                                          not infected
OK

**** Test for '^Checking `slogin'\.\.\.not infected$'

Checking `slogin'...                                        not infected
OK

**** Test for '^Checking `sendmail'\.\.\.not infected$'

Checking `sendmail'...                                      not infected
OK

**** Test for '^Checking `sshd'\.\.\.not infected$'

Checking `sshd'...                                          not infected
OK

**** Test for '^Checking `syslogd'\.\.\.not infected$'

Checking `syslogd'...                                       not infected
OK

**** Test for '^Checking `tar'\.\.\.not infected$'

Checking `tar'...                                           not infected
OK

**** Test for '^Checking `tcpd'\.\.\.not infected$'

Checking `tcpd'...                                          not infected
OK

**** Test for '^Checking `tcpdump'\.\.\.not infected$'

Checking `tcpdump'...                                       not infected
OK

**** Test for '^Checking `top'\.\.\.not infected$'

Checking `top'...                                           not infected
OK

**** Test for '^Checking `telnetd'\.\.\.not infected$'

Checking `telnetd'...                                       not infected
OK

**** Test for '^Checking `timed'\.\.\.not infected$'

Checking `timed'...                                         not infected
OK

**** Test for '^Checking `traceroute'\.\.\.not infected$'

Checking `traceroute'...                                    not infected
OK

**** Test for '^Checking `vdir'\.\.\.not infected$'

Checking `vdir'...                                          not infected
OK

**** Test for '^Checking `w'\.\.\.not infected$'

Checking `w'...                                             not infected
OK

**** Test for '^Checking `write'\.\.\.not infected$'

Checking `write'...                                         not infected
OK

**** Test for '^Checking `aliens'\.\.\.no suspect files$'

Checking `aliens'...                                        no suspect files
OK

**** Test for '^Searching for sniffer's logs, it may take a while\.\.\.nothing found$'

Searching for sniffer's logs, it may take a while...        nothing found
OK

**** Test for '^Searching for rootkit HiDrootkit's default files\.\.\.nothing found$'

Searching for rootkit HiDrootkit's default files...         nothing found
OK

**** Test for '^Searching for rootkit t0rn's default files\.\.\.nothing found$'

Searching for rootkit t0rn's default files...               nothing found
OK

**** Test for '^Searching for t0rn's v8 defaults\.\.\.nothing found$'

Searching for t0rn's v8 defaults...                         nothing found
OK

**** Test for '^Searching for rootkit Lion's default files\.\.\.nothing found$'

Searching for rootkit Lion's default files...               nothing found
OK

**** Test for '^Searching for rootkit RSHA's default files\.\.\.nothing found$'

Searching for rootkit RSHA's default files...               nothing found
OK

**** Test for '^Searching for rootkit RH-Sharpe's default files\.\.\.nothing found$'

Searching for rootkit RH-Sharpe's default files...          nothing found
OK

**** Test for '^Searching for Ambient's rootkit $ark$ default filesand dirs\.\.\. nothing found$'Searching for Ambient's rootkit (ark) default files and dirs... nothingfound

OK

**** Test for '^Searching for suspicious files and dirs, it may take awhile\.\.\. nothing found$'Searching for suspicious files and dirs, it may take a while... nothingfound

OK

**** Test for '^Searching for LPD Worm files and dirs\.\.\.nothing found$'

Searching for LPD Worm files and dirs...                    nothing found
OK

**** Test for '^Searching for Ramen Worm files and dirs\.\.\.nothing found$'

Searching for Ramen Worm files and dirs...                  nothing found
OK

**** Test for '^Searching for Maniac files and dirs\.\.\.nothing found$'

Searching for Maniac files and dirs...                      nothing found
OK

**** Test for '^Searching for RK17 files and dirs\.\.\.nothing found$'

Searching for RK17 files and dirs...                        nothing found
OK

**** Test for '^Searching for Ducoci rootkit\.\.\.nothing found$'

Searching for Ducoci rootkit...                             nothing found
OK

**** Test for '^Searching for Adore Worm\.\.\.nothing found$'

Searching for Adore Worm...                                 nothing found
OK

**** Test for '^Searching for ShitC Worm\.\.\.nothing found$'

Searching for ShitC Worm...                                 nothing found
OK

**** Test for '^Searching for Omega Worm\.\.\.nothing found$'

Searching for Omega Worm...                                 nothing found
OK

**** Test for '^Searching for Sadmind/IIS Worm\.\.\.nothing found$'

Searching for Sadmind/IIS Worm...                           nothing found
OK

**** Test for '^Searching for MonKit\.\.\.nothing found$'

Searching for MonKit...                                     nothing found
OK

**** Test for '^Searching for Showtee\.\.\.nothing found$'

Searching for Showtee...                                    nothing found
OK

**** Test for '^Searching for OpticKit\.\.\.nothing found$'

Searching for OpticKit...                                   nothing found
OK

**** Test for '^Searching for T\.R\.K\.\.\.nothing found$'

Searching for T.R.K...                                      nothing found
OK

**** Test for '^Searching for Mithra\.\.\.nothing found$'

Searching for Mithra...                                     nothing found
OK

**** Test for '^Searching for OBSD rk v1\.\.\.nothing found$'

Searching for OBSD rk v1...                                 nothing found
OK

**** Test for '^Searching for LOC rootkit\.\.\.nothing found$'

Searching for LOC rootkit...                                nothing found
OK

**** Test for '^Searching for Romanian rootkit\.\.\.nothing found$'

Searching for Romanian rootkit...                           nothing found
OK

**** Test for '^Searching for HKRK rootkit\.\.\.nothing found$'

Searching for HKRK rootkit...                               nothing found
OK

**** Test for '^Searching for Suckit rootkit\.\.\.nothing found$'

Searching for Suckit rootkit...                             nothing found
OK

**** Test for '^Searching for Volc rootkit\.\.\.nothing found$'

Searching for Volc rootkit...                               nothing found
OK

**** Test for '^Searching for Gold2 rootkit\.\.\.nothing found$'

Searching for Gold2 rootkit...                              nothing found
OK

**** Test for '^Searching for TC2 Worm default files and dirs\.\.\.nothing found$'

Searching for TC2 Worm default files and dirs...            nothing found
OK

**** Test for '^Searching for Anonoying rootkit default files anddirs\.\.\. nothing found$'

Searching for Anonoying rootkit default files and dirs...   nothing found
OK

**** Test for '^Searching for ZK rootkit default files and dirs\.\.\.nothing found$'

Searching for ZK rootkit default files and dirs...          nothing found
OK

**** Test for '^Searching for ShKit rootkit default files and dirs\.\.\.nothing found$'

Searching for ShKit rootkit default files and dirs...       nothing found
OK

**** Test for '^Searching for AjaKit rootkit default files anddirs\.\.\. nothing found$'

Searching for AjaKit rootkit default files and dirs...      nothing found
OK

**** Test for '^Searching for zaRwT rootkit default files and dirs\.\.\.nothing found$'

Searching for zaRwT rootkit default files and dirs...       nothing found
OK

**** Test for '^Searching for Madalin rootkit default files\.\.\.nothing found$'

Searching for Madalin rootkit default files...              nothing found
OK

**** Test for '^Searching for Fu rootkit default files\.\.\.nothing found$'

Searching for Fu rootkit default files...                   nothing found
OK

**** Test for '^Searching for ESRK rootkit default files\.\.\.nothing found$'

Searching for ESRK rootkit default files...                 nothing found
OK

**** Test for '^Searching for rootedoor\.\.\.nothing found$'

Searching for rootedoor...                                  nothing found
OK

**** Test for '^Searching for ENYELKM rootkit default files\.\.\.nothing found$'

Searching for ENYELKM rootkit default files...              nothing found
OK

**** Test for '^Searching for common ssh-scanners default files\.\.\.nothing found$'

Searching for common ssh-scanners default files...          nothing found
OK

**** Test for '^Searching for Linux/Ebury - Operation Windigo ssh\.\.\.nothing found$'

<No match (FAIL)>

**** Test for '^Searching for 64-bit Linux Rootkit \.\.\.nothing found$'

Searching for 64-bit Linux Rootkit ...                      nothing found
OK

**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\.nothing found$'

Searching for 64-bit Linux Rootkit modules...               nothing found
OK

**** Test for '^Searching for Mumblehard Linux \.\.\.nothing found$'

Searching for Mumblehard Linux ...                          nothing found
OK

**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a \.\.\.nothing found$'

Searching for Backdoor.Linux.Mokes.a ...                    nothing found
OK

**** Test for '^Searching for Malicious TinyDNS \.\.\.nothing found$'

Searching for Malicious TinyDNS ...                         nothing found
OK

**** Test for '^Searching for Linux\.Xor\.DDoS \.\.\.INFECTED: Possible Malicious Linux\.Xor\.DDoS installed$'Searching for Linux.Xor.DDoS ... INFECTED:Possible Malicious Linux.Xor.DDoS installed

OK
**** Test for '^/tmp/test-chkrootkit-false-positive$'
/tmp/test-chkrootkit-false-positive
OK

**** Test for '^Searching for Linux\.Proxy\.1\.0 \.\.\.nothing found$'

Searching for Linux.Proxy.1.0 ...                           nothing found
OK

**** Test for '^Searching for CrossRAT \.\.\.nothing found$'

Searching for CrossRAT ...                                  nothing found
OK

**** Test for '^Searching for Hidden Cobra \.\.\.nothing found$'

Searching for Hidden Cobra ...                              nothing found
OK

**** Test for '^Searching for Rocke Miner \.\.\.nothing found$'

Searching for Rocke Miner ...                               nothing found
OK

**** Test for '^Searching for PWNLNX4 lkm\.\.\.nothing found$'

Searching for PWNLNX4 lkm...                                nothing found
OK

**** Test for '^Searching for PWNLNX6 lkm\.\.\.nothing found$'

Searching for PWNLNX6 lkm...                                nothing found
OK

**** Test for '^Searching for Umbreon lrk\.\.\.nothing found$'

Searching for Umbreon lrk...                                nothing found
OK

**** Test for '^Searching for Kinsing\.a backdoor\.\.\.nothing found$'

Searching for Kinsing.a backdoor...                         nothing found
OK

**** Test for '^Searching for RotaJakiro backdoor\.\.\.nothing found$'

Searching for RotaJakiro backdoor...                        nothing found
OK

**** Test for '^Searching for suspect PHP files\.\.\.nothing found$'

Searching for suspect PHP files...                          nothing found
OK

**** Test for '^Searching for anomalies in shell history files\.\.\.nothing found$'

Searching for anomalies in shell history files...           nothing found
OK

**** Test for '^Checking `asp'\.\.\.not infected$'

Checking `asp'...                                           not infected
OK

**** Test for '^Checking `bindshell'\.\.\.not infected$'

Checking `bindshell'...                                     not infected
OK

**** Test for '^Checking `lkm'\.\.\.chkproc: nothing detected$'Checking `lkm'... chkproc:nothing detected

OK
**** Test for '^chkdirs:'
chkdirs: nothing detected
OK

**** Test for '^Checking `rexedcs'\.\.\.not found$'

Checking `rexedcs'...                                       not found
OK

**** Test for '^Checking `sniffer'\.\.\.Output from ifpromisc:$'Checking `sniffer'... Output fromifpromisc:

OK
**** Test for '^lo: not promisc and no packet sniffer sockets$'
lo: not promisc and no packet sniffer sockets
OK

**** Test for '^Checking `w55808'\.\.\.not infected$'

Checking `w55808'...                                        not infected
OK

**** Test for '^Checking `wted'\.\.\.chkwtmp: nothing deleted$'Checking `wted'... chkwtmp:nothing deleted

OK

**** Test for '^Checking `scalper'\.\.\.not infected$'

Checking `scalper'...                                       not infected
OK

**** Test for '^Checking `slapper'\.\.\.not infected$'

Checking `slapper'...                                       not infected
OK

**** Test for '^Checking `z2'\.\.\.chklastlog: nothing deleted$'Checking `z2'... chklastlog:nothing deleted

OK
**** Test for '^Checking `chkutmp'\.\.\.'

Checking `chkutmp'... The tty ofthe following process(es) was not found in /var/run/utmp:

OK

**** Test for '^Checking `OSX_RSPLUG'\.\.\.not tested$'

Checking `OSX_RSPLUG'...                                    not tested
OK
**** Test for '^chkutmp: nothing deleted$'
chkutmp: nothing deleted
OK
** FAIL: Testing: chkrootkit-0-full (/usr/sbin/chkrootkit) done: FAIL
*** FAIL was with config set to:
cat: /etc/chkrootkit/chkrootkit.conf: No such file or directory
total 12
drwxr-xr-x  2 root root 4096 Dec  8 03:12 .
drwxr-xr-x 51 root root 4096 Dec  8 03:12 ..
-rw-r--r--  1 root root 3762 Dec  7 23:01 chkrootkit.conf.orig
-rw-r--r--  1 root root    0 Dec  7 23:01 chkrootkit.ignore.orig
*** Reason(s) for failure follows
Result: FAIL

Missing: ^Searching for Linux/Ebury - Operation Windigo ssh\.\.\.nothing found$

Unexpected (unmatched) lines follow (for info):
Searching for Linux/Ebury - Operation Windigo ssh...        not tested
** Testing: chkrootkit-1-full (/usr/sbin/chkrootkit) ...
*** Output
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        no suspect files
Searching for sniffer's logs, it may take a while...        nothing found
Searching for rootkit HiDrootkit's default files...         nothing found
Searching for rootkit t0rn's default files...               nothing found
Searching for t0rn's v8 defaults...                         nothing found
Searching for rootkit Lion's default files...               nothing found
Searching for rootkit RSHA's default files...               nothing found
Searching for rootkit RH-Sharpe's default files...          nothing found

Searching for Ambient's rootkit (ark) default files and dirs... nothingfoundSearching for suspicious files and dirs, it may take a while... Thefollowing suspicious files and directories were found:

/usr/lib/...DIR
/usr/lib/.1DIR
/usr/lib/.bbb
/usr/lib/.1
/usr/lib/...
/usr/lib/.aaa
/usr/lib/.DIR-aaa

Searching for LPD Worm files and dirs...                    nothing found
Searching for Ramen Worm files and dirs...                  nothing found
Searching for Maniac files and dirs...                      nothing found
Searching for RK17 files and dirs...                        nothing found
Searching for Ducoci rootkit...                             nothing found
Searching for Adore Worm...                                 nothing found
Searching for ShitC Worm...                                 nothing found
Searching for Omega Worm...                                 nothing found
Searching for Sadmind/IIS Worm...                           nothing found
Searching for MonKit...                                     nothing found
Searching for Showtee...                                    nothing found
Searching for OpticKit...                                   nothing found
Searching for T.R.K...                                      nothing found
Searching for Mithra...                                     nothing found
Searching for OBSD rk v1...                                 nothing found
Searching for LOC rootkit...                                nothing found
Searching for Romanian rootkit...                           nothing found
Searching for HKRK rootkit...                               nothing found
Searching for Suckit rootkit...                             nothing found
Searching for Volc rootkit...                               nothing found
Searching for Gold2 rootkit...                              nothing found
Searching for TC2 Worm default files and dirs...            nothing found
Searching for Anonoying rootkit default files and dirs...   nothing found
Searching for ZK rootkit default files and dirs...          nothing found
Searching for ShKit rootkit default files and dirs...       nothing found
Searching for AjaKit rootkit default files and dirs...      nothing found
Searching for zaRwT rootkit default files and dirs...       nothing found
Searching for Madalin rootkit default files...              nothing found
Searching for Fu rootkit default files...                   nothing found
Searching for ESRK rootkit default files...                 nothing found
Searching for rootedoor...                                  nothing found
Searching for ENYELKM rootkit default files...              nothing found
Searching for common ssh-scanners default files...          nothing found
Searching for Linux/Ebury - Operation Windigo ssh...        not tested
Searching for 64-bit Linux Rootkit ...                      nothing found
Searching for 64-bit Linux Rootkit modules...               nothing found
Searching for Mumblehard Linux ...                          nothing found
Searching for Backdoor.Linux.Mokes.a ...                    nothing found
Searching for Malicious TinyDNS ...                         nothing found

Searching for Linux.Xor.DDoS ... INFECTED:Possible Malicious Linux.Xor.DDoS installed

/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/08_unidentified.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26_improve-info-help-display.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/17_Suckitfalse.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/13_exitcode.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26a_chkrootkit-further-improvement-to-help-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/06_quiet.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/04_backslashes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/19_openssh.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/09_excludes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25a_fix_patch_25.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/02_workingdir.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/21_fix_loc_function.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/16_php.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/03_linedup_reports.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/find-debs-that-are-enhanced
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/rules
/tmp/test-chkrootkit-false-positive
/tmp/autopkgtest-reboot
/tmp/autopkgtest-reboot-prepare
Searching for Linux.Proxy.1.0 ...                           nothing found
Searching for CrossRAT ...                                  nothing found
Searching for Hidden Cobra ...                              nothing found
Searching for Rocke Miner ...                               nothing found
Searching for PWNLNX4 lkm...                                nothing found
Searching for PWNLNX6 lkm...                                nothing found
Searching for Umbreon lrk...                                nothing found
Searching for Kinsing.a backdoor...                         nothing found
Searching for RotaJakiro backdoor...                        nothing found
Searching for suspect PHP files...                          nothing found
Searching for anomalies in shell history files...           nothing found
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not infected

Checking `lkm'... chkproc:nothing detected

chkdirs: nothing detected
Checking `rexedcs'...                                       not found

Checking `sniffer'... Output fromifpromisc:

lo: not promisc and no packet sniffer sockets
eth0: PACKET SNIFFER(/usr/sbin/dhclient[69])
Checking `w55808'...                                        not infected

Checking `wted'... chkwtmp:nothing deleted

Checking `scalper'...                                       not infected
Checking `slapper'...                                       not infected

Checking `z2'... chklastlog:nothing deletedChecking `chkutmp'... The tty ofthe following process(es) was not found in /var/run/utmp:

! RUID          PID TTY    CMD

chkutmp: nothing deleted
Checking `OSX_RSPLUG'...                                    not tested
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec  7 23:01 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK

**** Test for '^Checking `amd'\.\.\.not infected$'

Checking `amd'...                                           not infected
OK

**** Test for '^Checking `basename'\.\.\.not infected$'

Checking `basename'...                                      not infected
OK

**** Test for '^Checking `biff'\.\.\.not infected$'

Checking `biff'...                                          not infected
OK

**** Test for '^Checking `chfn'\.\.\.not infected$'

Checking `chfn'...                                          not infected
OK

**** Test for '^Checking `chsh'\.\.\.not infected$'

Checking `chsh'...                                          not infected
OK

**** Test for '^Checking `cron'\.\.\.not infected$'

Checking `cron'...                                          not infected
OK

**** Test for '^Checking `crontab'\.\.\.not infected$'

Checking `crontab'...                                       not infected
OK

**** Test for '^Checking `date'\.\.\.not infected$'

Checking `date'...                                          not infected
OK

**** Test for '^Checking `du'\.\.\.not infected$'

Checking `du'...                                            not infected
OK

**** Test for '^Checking `dirname'\.\.\.not infected$'

Checking `dirname'...                                       not infected
OK

**** Test for '^Checking `echo'\.\.\.not infected$'

Checking `echo'...                                          not infected
OK

**** Test for '^Checking `egrep'\.\.\.not infected$'

Checking `egrep'...                                         not infected
OK

**** Test for '^Checking `env'\.\.\.not infected$'

Checking `env'...                                           not infected
OK

**** Test for '^Checking `find'\.\.\.not infected$'

Checking `find'...                                          not infected
OK

**** Test for '^Checking `fingerd'\.\.\.not infected$'

Checking `fingerd'...                                       not infected
OK

**** Test for '^Checking `gpm'\.\.\.not infected$'

Checking `gpm'...                                           not infected
OK

**** Test for '^Checking `grep'\.\.\.not infected$'

Checking `grep'...                                          not infected
OK

**** Test for '^Checking `hdparm'\.\.\.not infected$'

Checking `hdparm'...                                        not infected
OK

**** Test for '^Checking `su'\.\.\.not infected$'

Checking `su'...                                            not infected
OK

**** Test for '^Checking `ifconfig'\.\.\.not infected$'

Checking `ifconfig'...                                      not infected
OK

**** Test for '^Checking `inetd'\.\.\.not infected$'

Checking `inetd'...                                         not infected
OK

**** Test for '^Checking `inetdconf'\.\.\.not infected$'

Checking `inetdconf'...                                     not infected
OK

**** Test for '^Checking `identd'\.\.\.not infected$'

Checking `identd'...                                        not infected
OK

**** Test for '^Checking `init'\.\.\.not infected$'

Checking `init'...                                          not infected
OK

**** Test for '^Checking `killall'\.\.\.not infected$'

Checking `killall'...                                       not infected
OK

**** Test for '^Checking `ldsopreload'\.\.\.not infected$'

Checking `ldsopreload'...                                   not infected
OK

**** Test for '^Checking `login'\.\.\.not infected$'

Checking `login'...                                         not infected
OK

**** Test for '^Checking `ls'\.\.\.not infected$'

Checking `ls'...                                            not infected
OK

**** Test for '^Checking `lsof'\.\.\.not infected$'

Checking `lsof'...                                          not infected
OK

**** Test for '^Checking `mail'\.\.\.not infected$'

Checking `mail'...                                          not infected
OK

**** Test for '^Checking `mingetty'\.\.\.not infected$'

Checking `mingetty'...                                      not infected
OK

**** Test for '^Checking `netstat'\.\.\.not infected$'

Checking `netstat'...                                       not infected
OK

**** Test for '^Checking `named'\.\.\.not infected$'

Checking `named'...                                         not infected
OK

**** Test for '^Checking `passwd'\.\.\.not infected$'

Checking `passwd'...                                        not infected
OK

**** Test for '^Checking `pidof'\.\.\.not infected$'

Checking `pidof'...                                         not infected
OK

**** Test for '^Checking `pop2'\.\.\.not infected$'

Checking `pop2'...                                          not infected
OK

**** Test for '^Checking `pop3'\.\.\.not infected$'

Checking `pop3'...                                          not infected
OK

**** Test for '^Checking `ps'\.\.\.not infected$'

Checking `ps'...                                            not infected
OK

**** Test for '^Checking `pstree'\.\.\.not infected$'

Checking `pstree'...                                        not infected
OK

**** Test for '^Checking `rpcinfo'\.\.\.not infected$'

Checking `rpcinfo'...                                       not infected
OK

**** Test for '^Checking `rlogind'\.\.\.not infected$'

Checking `rlogind'...                                       not infected
OK

**** Test for '^Checking `rshd'\.\.\.not infected$'

Checking `rshd'...                                          not infected
OK

**** Test for '^Checking `slogin'\.\.\.not infected$'

Checking `slogin'...                                        not infected
OK

**** Test for '^Checking `sendmail'\.\.\.not infected$'

Checking `sendmail'...                                      not infected
OK

**** Test for '^Checking `sshd'\.\.\.not infected$'

Checking `sshd'...                                          not infected
OK

**** Test for '^Checking `syslogd'\.\.\.not infected$'

Checking `syslogd'...                                       not infected
OK

**** Test for '^Checking `tar'\.\.\.not infected$'

Checking `tar'...                                           not infected
OK

**** Test for '^Checking `tcpd'\.\.\.not infected$'

Checking `tcpd'...                                          not infected
OK

**** Test for '^Checking `tcpdump'\.\.\.not infected$'

Checking `tcpdump'...                                       not infected
OK

**** Test for '^Checking `top'\.\.\.not infected$'

Checking `top'...                                           not infected
OK

**** Test for '^Checking `telnetd'\.\.\.not infected$'

Checking `telnetd'...                                       not infected
OK

**** Test for '^Checking `timed'\.\.\.not infected$'

Checking `timed'...                                         not infected
OK

**** Test for '^Checking `traceroute'\.\.\.not infected$'

Checking `traceroute'...                                    not infected
OK

**** Test for '^Checking `vdir'\.\.\.not infected$'

Checking `vdir'...                                          not infected
OK

**** Test for '^Checking `w'\.\.\.not infected$'

Checking `w'...                                             not infected
OK

**** Test for '^Checking `write'\.\.\.not infected$'

Checking `write'...                                         not infected
OK

**** Test for '^Checking `aliens'\.\.\.no suspect files$'

Checking `aliens'...                                        no suspect files
OK

**** Test for '^Searching for sniffer's logs, it may take a while\.\.\.nothing found$'

Searching for sniffer's logs, it may take a while...        nothing found
OK

**** Test for '^Searching for rootkit HiDrootkit's default files\.\.\.nothing found$'

Searching for rootkit HiDrootkit's default files...         nothing found
OK

**** Test for '^Searching for rootkit t0rn's default files\.\.\.nothing found$'

Searching for rootkit t0rn's default files...               nothing found
OK

**** Test for '^Searching for t0rn's v8 defaults\.\.\.nothing found$'

Searching for t0rn's v8 defaults...                         nothing found
OK

**** Test for '^Searching for rootkit Lion's default files\.\.\.nothing found$'

Searching for rootkit Lion's default files...               nothing found
OK

**** Test for '^Searching for rootkit RSHA's default files\.\.\.nothing found$'

Searching for rootkit RSHA's default files...               nothing found
OK

**** Test for '^Searching for rootkit RH-Sharpe's default files\.\.\.nothing found$'

Searching for rootkit RH-Sharpe's default files...          nothing found
OK

**** Test for '^Searching for Ambient's rootkit $ark$ default filesand dirs\.\.\. nothing found$'Searching for Ambient's rootkit (ark) default files and dirs... nothingfound

OK

**** Test for '^Searching for suspicious files and dirs, it may take awhile\.\.\. The following suspicious files and directories were found:$'Searching for suspicious files and dirs, it may take a while... Thefollowing suspicious files and directories were found:

OK
**** Test for '^/usr/lib/\.1$'
/usr/lib/.1
OK
**** Test for '^/usr/lib/\.aaa$'
/usr/lib/.aaa
OK
**** Test for '^/usr/lib/\.1DIR$'
/usr/lib/.1DIR
OK
**** Test for '^/usr/lib/\.\.\.DIR$'
/usr/lib/...DIR
OK
**** Test for '^/usr/lib/\.bbb$'
/usr/lib/.bbb
OK
**** Test for '^/usr/lib/\.DIR-aaa$'
/usr/lib/.DIR-aaa
OK
**** Test for '^/usr/lib/\.\.\.$'
/usr/lib/...
OK
**** Test for '^$'

OK

**** Test for '^Searching for LPD Worm files and dirs\.\.\.nothing found$'

Searching for LPD Worm files and dirs...                    nothing found
OK

**** Test for '^Searching for Ramen Worm files and dirs\.\.\.nothing found$'

Searching for Ramen Worm files and dirs...                  nothing found
OK

**** Test for '^Searching for Maniac files and dirs\.\.\.nothing found$'

Searching for Maniac files and dirs...                      nothing found
OK

**** Test for '^Searching for RK17 files and dirs\.\.\.nothing found$'

Searching for RK17 files and dirs...                        nothing found
OK

**** Test for '^Searching for Ducoci rootkit\.\.\.nothing found$'

Searching for Ducoci rootkit...                             nothing found
OK

**** Test for '^Searching for Adore Worm\.\.\.nothing found$'

Searching for Adore Worm...                                 nothing found
OK

**** Test for '^Searching for ShitC Worm\.\.\.nothing found$'

Searching for ShitC Worm...                                 nothing found
OK

**** Test for '^Searching for Omega Worm\.\.\.nothing found$'

Searching for Omega Worm...                                 nothing found
OK

**** Test for '^Searching for Sadmind/IIS Worm\.\.\.nothing found$'

Searching for Sadmind/IIS Worm...                           nothing found
OK

**** Test for '^Searching for MonKit\.\.\.nothing found$'

Searching for MonKit...                                     nothing found
OK

**** Test for '^Searching for Showtee\.\.\.nothing found$'

Searching for Showtee...                                    nothing found
OK

**** Test for '^Searching for OpticKit\.\.\.nothing found$'

Searching for OpticKit...                                   nothing found
OK

**** Test for '^Searching for T\.R\.K\.\.\.nothing found$'

Searching for T.R.K...                                      nothing found
OK

**** Test for '^Searching for Mithra\.\.\.nothing found$'

Searching for Mithra...                                     nothing found
OK

**** Test for '^Searching for OBSD rk v1\.\.\.nothing found$'

Searching for OBSD rk v1...                                 nothing found
OK

**** Test for '^Searching for LOC rootkit\.\.\.nothing found$'

Searching for LOC rootkit...                                nothing found
OK

**** Test for '^Searching for Romanian rootkit\.\.\.nothing found$'

Searching for Romanian rootkit...                           nothing found
OK

**** Test for '^Searching for HKRK rootkit\.\.\.nothing found$'

Searching for HKRK rootkit...                               nothing found
OK

**** Test for '^Searching for Suckit rootkit\.\.\.nothing found$'

Searching for Suckit rootkit...                             nothing found
OK

**** Test for '^Searching for Volc rootkit\.\.\.nothing found$'

Searching for Volc rootkit...                               nothing found
OK

**** Test for '^Searching for Gold2 rootkit\.\.\.nothing found$'

Searching for Gold2 rootkit...                              nothing found
OK

**** Test for '^Searching for TC2 Worm default files and dirs\.\.\.nothing found$'

Searching for TC2 Worm default files and dirs...            nothing found
OK

**** Test for '^Searching for Anonoying rootkit default files anddirs\.\.\. nothing found$'

Searching for Anonoying rootkit default files and dirs...   nothing found
OK

**** Test for '^Searching for ZK rootkit default files and dirs\.\.\.nothing found$'

Searching for ZK rootkit default files and dirs...          nothing found
OK

**** Test for '^Searching for ShKit rootkit default files and dirs\.\.\.nothing found$'

Searching for ShKit rootkit default files and dirs...       nothing found
OK

**** Test for '^Searching for AjaKit rootkit default files anddirs\.\.\. nothing found$'

Searching for AjaKit rootkit default files and dirs...      nothing found
OK

**** Test for '^Searching for zaRwT rootkit default files and dirs\.\.\.nothing found$'

Searching for zaRwT rootkit default files and dirs...       nothing found
OK

**** Test for '^Searching for Madalin rootkit default files\.\.\.nothing found$'

Searching for Madalin rootkit default files...              nothing found
OK

**** Test for '^Searching for Fu rootkit default files\.\.\.nothing found$'

Searching for Fu rootkit default files...                   nothing found
OK

**** Test for '^Searching for ESRK rootkit default files\.\.\.nothing found$'

Searching for ESRK rootkit default files...                 nothing found
OK

**** Test for '^Searching for rootedoor\.\.\.nothing found$'

Searching for rootedoor...                                  nothing found
OK

**** Test for '^Searching for ENYELKM rootkit default files\.\.\.nothing found$'

Searching for ENYELKM rootkit default files...              nothing found
OK

**** Test for '^Searching for common ssh-scanners default files\.\.\.nothing found$'

Searching for common ssh-scanners default files...          nothing found
OK

**** Test for '^Searching for Linux/Ebury - Operation Windigo ssh\.\.\.nothing found$'

<No match (FAIL)>

**** Test for '^Searching for 64-bit Linux Rootkit \.\.\.nothing found$'

Searching for 64-bit Linux Rootkit ...                      nothing found
OK

**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\.nothing found$'

Searching for 64-bit Linux Rootkit modules...               nothing found
OK

**** Test for '^Searching for Mumblehard Linux \.\.\.nothing found$'

Searching for Mumblehard Linux ...                          nothing found
OK

**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a \.\.\.nothing found$'

Searching for Backdoor.Linux.Mokes.a ...                    nothing found
OK

**** Test for '^Searching for Malicious TinyDNS \.\.\.nothing found$'

Searching for Malicious TinyDNS ...                         nothing found
OK

**** Test for '^Searching for Linux\.Xor\.DDoS \.\.\.INFECTED: Possible Malicious Linux\.Xor\.DDoS installed$'Searching for Linux.Xor.DDoS ... INFECTED:Possible Malicious Linux.Xor.DDoS installed

OK
**** Test for '^/tmp/test-chkrootkit-false-positive$'
/tmp/test-chkrootkit-false-positive
OK

**** Test for '^Searching for Linux\.Proxy\.1\.0 \.\.\.nothing found$'

Searching for Linux.Proxy.1.0 ...                           nothing found
OK

**** Test for '^Searching for CrossRAT \.\.\.nothing found$'

Searching for CrossRAT ...                                  nothing found
OK

**** Test for '^Searching for Hidden Cobra \.\.\.nothing found$'

Searching for Hidden Cobra ...                              nothing found
OK

**** Test for '^Searching for Rocke Miner \.\.\.nothing found$'

Searching for Rocke Miner ...                               nothing found
OK

**** Test for '^Searching for PWNLNX4 lkm\.\.\.nothing found$'

Searching for PWNLNX4 lkm...                                nothing found
OK

**** Test for '^Searching for PWNLNX6 lkm\.\.\.nothing found$'

Searching for PWNLNX6 lkm...                                nothing found
OK

**** Test for '^Searching for Umbreon lrk\.\.\.nothing found$'

Searching for Umbreon lrk...                                nothing found
OK

**** Test for '^Searching for Kinsing\.a backdoor\.\.\.nothing found$'

Searching for Kinsing.a backdoor...                         nothing found
OK

**** Test for '^Searching for RotaJakiro backdoor\.\.\.nothing found$'

Searching for RotaJakiro backdoor...                        nothing found
OK

**** Test for '^Searching for suspect PHP files\.\.\.nothing found$'

Searching for suspect PHP files...                          nothing found
OK

**** Test for '^Searching for anomalies in shell history files\.\.\.nothing found$'

Searching for anomalies in shell history files...           nothing found
OK

**** Test for '^Checking `asp'\.\.\.not infected$'

Checking `asp'...                                           not infected
OK

**** Test for '^Checking `bindshell'\.\.\.not infected$'

Checking `bindshell'...                                     not infected
OK

**** Test for '^Checking `lkm'\.\.\.chkproc: nothing detected$'Checking `lkm'... chkproc:nothing detected

OK
**** Test for '^chkdirs:'
chkdirs: nothing detected
OK

**** Test for '^Checking `rexedcs'\.\.\.not found$'

Checking `rexedcs'...                                       not found
OK

**** Test for '^Checking `sniffer'\.\.\.Output from ifpromisc:$'Checking `sniffer'... Output fromifpromisc:

OK
**** Test for '^lo: not promisc and no packet sniffer sockets$'
lo: not promisc and no packet sniffer sockets
OK

**** Test for '^Checking `w55808'\.\.\.not infected$'

Checking `w55808'...                                        not infected
OK

**** Test for '^Checking `wted'\.\.\.chkwtmp: nothing deleted$'Checking `wted'... chkwtmp:nothing deleted

OK

**** Test for '^Checking `scalper'\.\.\.not infected$'

Checking `scalper'...                                       not infected
OK

**** Test for '^Checking `slapper'\.\.\.not infected$'

Checking `slapper'...                                       not infected
OK

**** Test for '^Checking `z2'\.\.\.chklastlog: nothing deleted$'Checking `z2'... chklastlog:nothing deleted

OK
**** Test for '^Checking `chkutmp'\.\.\.'

Checking `chkutmp'... The tty ofthe following process(es) was not found in /var/run/utmp:

OK

**** Test for '^Checking `OSX_RSPLUG'\.\.\.not tested$'

Checking `OSX_RSPLUG'...                                    not tested
OK
**** Test for '^chkutmp: nothing deleted$'
chkutmp: nothing deleted
OK
** FAIL: Testing: chkrootkit-1-full (/usr/sbin/chkrootkit) done: FAIL
*** FAIL was with config set to:
cat: /etc/chkrootkit/chkrootkit.conf: No such file or directory
total 12
drwxr-xr-x  2 root root 4096 Dec  8 03:12 .
drwxr-xr-x 51 root root 4096 Dec  8 03:12 ..
-rw-r--r--  1 root root 3762 Dec  7 23:01 chkrootkit.conf.orig
-rw-r--r--  1 root root    0 Dec  7 23:01 chkrootkit.ignore.orig
*** Reason(s) for failure follows
Result: FAIL

Missing: ^Searching for Linux/Ebury - Operation Windigo ssh\.\.\.nothing found$

Unexpected (unmatched) lines follow (for info):
Searching for Linux/Ebury - Operation Windigo ssh...        not tested
** Testing: chkrootkit-2-quiet (/usr/sbin/chkrootkit -q) ...
*** Output
The following suspicious files and directories were found:
/usr/lib/...DIR
/usr/lib/.1DIR
/usr/lib/.bbb
/usr/lib/.1
/usr/lib/...
/usr/lib/.aaa
/usr/lib/.DIR-aaa

INFECTED: Possible Malicious Linux.Xor.DDoS installed
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/08_unidentified.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26_improve-info-help-display.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/17_Suckitfalse.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/13_exitcode.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26a_chkrootkit-further-improvement-to-help-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/06_quiet.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/04_backslashes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/19_openssh.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/09_excludes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25a_fix_patch_25.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/02_workingdir.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/21_fix_loc_function.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/16_php.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/03_linedup_reports.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/find-debs-that-are-enhanced
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/rules
/tmp/test-chkrootkit-false-positive
/tmp/autopkgtest-reboot
/tmp/autopkgtest-reboot-prepare
Output from ifpromisc:
eth0: PACKET SNIFFER(/usr/sbin/dhclient[69])
The tty of the following process(es) was not found in /var/run/utmp:
! RUID          PID TTY    CMD

**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec  7 23:01 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
*** Test of content of output follows...
**** Test for '^The following suspicious files and directories were found:$'
The following suspicious files and directories were found:
OK
**** Test for '^/usr/lib/\.1$'
/usr/lib/.1
OK
**** Test for '^/usr/lib/\.aaa$'
/usr/lib/.aaa
OK
**** Test for '^/usr/lib/\.1DIR$'
/usr/lib/.1DIR
OK
**** Test for '^/usr/lib/\.\.\.DIR$'
/usr/lib/...DIR
OK
**** Test for '^/usr/lib/\.bbb$'
/usr/lib/.bbb
OK
**** Test for '^/usr/lib/\.DIR-aaa$'
/usr/lib/.DIR-aaa
OK
**** Test for '^/usr/lib/\.\.\.$'
/usr/lib/...
OK
**** Test for '^$'

OK
**** Test for '^INFECTED: Possible Malicious Linux.Xor.DDoS installed$'
INFECTED: Possible Malicious Linux.Xor.DDoS installed
OK
**** Test for '^/tmp/test-chkrootkit-false-positive$'
/tmp/test-chkrootkit-false-positive
OK
** PASS: Testing: chkrootkit-2-quiet (/usr/sbin/chkrootkit -q) done: PASS
* Testing: filtering of sniffer (-s)
** Testing: chkrootkit-sniffer-01-full (chkrootkit sniffer) ...
*** Output
ROOTDIR is `/'

Checking `sniffer'... Output fromifpromisc:

lo: not promisc and no packet sniffer sockets
eth0: PACKET SNIFFER(/usr/sbin/dhclient[69])
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec  7 23:01 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK

**** Test for '^Checking `sniffer'\.\.\.Output from ifpromisc:$'Checking `sniffer'... Output fromifpromisc:

OK
**** Test for '^lo: not promisc and no packet sniffer sockets$'
lo: not promisc and no packet sniffer sockets
OK
** PASS: Testing: chkrootkit-sniffer-01-full (chkrootkit sniffer) done: PASS

** Testing: chkrootkit-sniffer-02-full-with-s (chkrootkit -s (PACKETSNIFFER|not promisc) sniffer) ...

*** Output
ROOTDIR is `/'
Checking `sniffer'...                                       not found
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec  7 23:01 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK

**** Test for '^Checking `sniffer'\.\.\.not found$'

Checking `sniffer'...                                       not found
OK

** PASS: Testing: chkrootkit-sniffer-02-full-with-s (chkrootkit -s(PACKET SNIFFER|not promisc) sniffer) done: PASS** Testing: chkrootkit-sniffer-03-quiet-with-s (chkrootkit -q -s PACKETSNIFFER sniffer) ...

*** Output
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec  7 23:01 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS

** PASS: Testing: chkrootkit-sniffer-03-quiet-with-s (chkrootkit -q -sPACKET SNIFFER sniffer) done: PASS

* Testing: the daily cron job gives no output when disabled
** Testing: cron-1-with-no-config (/etc/cron.daily/chkrootkit) ...
*** Output
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec  7 23:01 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS

** PASS: Testing: cron-1-with-no-config (/etc/cron.daily/chkrootkit)done: PASS

** Testing: cron-2-disabled (/etc/cron.daily/chkrootkit) ...
*** Output
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec  7 23:01 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS
** PASS: Testing: cron-2-disabled (/etc/cron.daily/chkrootkit) done: PASS
* Testing: the daily cron job (without diff mode, full output)
** Testing: cron-no-diff-mode-01-full (/etc/cron.daily/chkrootkit) ...
*** Output
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        no suspect files
Searching for sniffer's logs, it may take a while...        nothing found
Searching for rootkit HiDrootkit's default files...         nothing found
Searching for rootkit t0rn's default files...               nothing found
Searching for t0rn's v8 defaults...                         nothing found
Searching for rootkit Lion's default files...               nothing found
Searching for rootkit RSHA's default files...               nothing found
Searching for rootkit RH-Sharpe's default files...          nothing found

Searching for Ambient's rootkit (ark) default files and dirs... nothingfoundSearching for suspicious files and dirs, it may take a while... Thefollowing suspicious files and directories were found:

/usr/lib/...DIR
/usr/lib/.1DIR
/usr/lib/.bbb
/usr/lib/.1
/usr/lib/...
/usr/lib/.aaa
/usr/lib/.DIR-aaa

Searching for LPD Worm files and dirs...                    nothing found
Searching for Ramen Worm files and dirs...                  nothing found
Searching for Maniac files and dirs...                      nothing found
Searching for RK17 files and dirs...                        nothing found
Searching for Ducoci rootkit...                             nothing found
Searching for Adore Worm...                                 nothing found
Searching for ShitC Worm...                                 nothing found
Searching for Omega Worm...                                 nothing found
Searching for Sadmind/IIS Worm...                           nothing found
Searching for MonKit...                                     nothing found
Searching for Showtee...                                    nothing found
Searching for OpticKit...                                   nothing found
Searching for T.R.K...                                      nothing found
Searching for Mithra...                                     nothing found
Searching for OBSD rk v1...                                 nothing found
Searching for LOC rootkit...                                nothing found
Searching for Romanian rootkit...                           nothing found
Searching for HKRK rootkit...                               nothing found
Searching for Suckit rootkit...                             nothing found
Searching for Volc rootkit...                               nothing found
Searching for Gold2 rootkit...                              nothing found
Searching for TC2 Worm default files and dirs...            nothing found
Searching for Anonoying rootkit default files and dirs...   nothing found
Searching for ZK rootkit default files and dirs...          nothing found
Searching for ShKit rootkit default files and dirs...       nothing found
Searching for AjaKit rootkit default files and dirs...      nothing found
Searching for zaRwT rootkit default files and dirs...       nothing found
Searching for Madalin rootkit default files...              nothing found
Searching for Fu rootkit default files...                   nothing found
Searching for ESRK rootkit default files...                 nothing found
Searching for rootedoor...                                  nothing found
Searching for ENYELKM rootkit default files...              nothing found
Searching for common ssh-scanners default files...          nothing found
Searching for Linux/Ebury - Operation Windigo ssh...        not tested
Searching for 64-bit Linux Rootkit ...                      nothing found
Searching for 64-bit Linux Rootkit modules...               nothing found
Searching for Mumblehard Linux ...                          nothing found
Searching for Backdoor.Linux.Mokes.a ...                    nothing found
Searching for Malicious TinyDNS ...                         nothing found

Searching for Linux.Xor.DDoS ... INFECTED:Possible Malicious Linux.Xor.DDoS installed

/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/08_unidentified.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26_improve-info-help-display.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/17_Suckitfalse.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/13_exitcode.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26a_chkrootkit-further-improvement-to-help-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/06_quiet.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/04_backslashes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/19_openssh.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/09_excludes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25a_fix_patch_25.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/02_workingdir.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/21_fix_loc_function.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/16_php.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/03_linedup_reports.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/find-debs-that-are-enhanced
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/rules
/tmp/test-chkrootkit-false-positive
/tmp/autopkgtest-reboot
/tmp/autopkgtest-reboot-prepare
Searching for Linux.Proxy.1.0 ...                           nothing found
Searching for CrossRAT ...                                  nothing found
Searching for Hidden Cobra ...                              nothing found
Searching for Rocke Miner ...                               nothing found
Searching for PWNLNX4 lkm...                                nothing found
Searching for PWNLNX6 lkm...                                nothing found
Searching for Umbreon lrk...                                nothing found
Searching for Kinsing.a backdoor...                         nothing found
Searching for RotaJakiro backdoor...                        nothing found
Searching for suspect PHP files...                          nothing found
Searching for anomalies in shell history files...           nothing found
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not infected

Checking `lkm'... chkproc:nothing detected

chkdirs: nothing detected
Checking `rexedcs'...                                       not found

Checking `sniffer'... Output fromifpromisc:

lo: not promisc and no packet sniffer sockets

<interface>: PACKETSNIFFER([systemd-networkd|dhclient|dhcpd|dhcpcd|wpa_supplicant|NetworkManager]{PID})

Checking `w55808'...                                        not infected

Checking `wted'... chkwtmp:nothing deleted

Checking `scalper'...                                       not infected
Checking `slapper'...                                       not infected

Checking `z2'... chklastlog:nothing deletedChecking `chkutmp'... The tty ofthe following process(es) was not found in /var/run/utmp:

! RUID          PID TTY    CMD

!AUTOPKGTEST_ARTIFACTS="/tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts";export ADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp";exp 0 artifacts";gtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts"; exportADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exp! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! INT {PID} ipt_pid" QUIT PIPE; cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout /tmp

chkutmp: nothing deleted
Checking `OSX_RSPLUG'...                                    not tested
**** Files in log
total 40K
drwxr-xr-x 2 root root 4.0K Dec  8 03:12 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
-rw-r--r-- 1 root root  15K Dec  8 03:12 log.today
-rw-r--r-- 1 root root  15K Dec  8 03:12 log.today.raw
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK

**** Test for '^Checking `amd'\.\.\.not infected$'

Checking `amd'...                                           not infected
OK

**** Test for '^Checking `basename'\.\.\.not infected$'

Checking `basename'...                                      not infected
OK

**** Test for '^Checking `biff'\.\.\.not infected$'

Checking `biff'...                                          not infected
OK

**** Test for '^Checking `chfn'\.\.\.not infected$'

Checking `chfn'...                                          not infected
OK

**** Test for '^Checking `chsh'\.\.\.not infected$'

Checking `chsh'...                                          not infected
OK

**** Test for '^Checking `cron'\.\.\.not infected$'

Checking `cron'...                                          not infected
OK

**** Test for '^Checking `crontab'\.\.\.not infected$'

Checking `crontab'...                                       not infected
OK

**** Test for '^Checking `date'\.\.\.not infected$'

Checking `date'...                                          not infected
OK

**** Test for '^Checking `du'\.\.\.not infected$'

Checking `du'...                                            not infected
OK

**** Test for '^Checking `dirname'\.\.\.not infected$'

Checking `dirname'...                                       not infected
OK

**** Test for '^Checking `echo'\.\.\.not infected$'

Checking `echo'...                                          not infected
OK

**** Test for '^Checking `egrep'\.\.\.not infected$'

Checking `egrep'...                                         not infected
OK

**** Test for '^Checking `env'\.\.\.not infected$'

Checking `env'...                                           not infected
OK

**** Test for '^Checking `find'\.\.\.not infected$'

Checking `find'...                                          not infected
OK

**** Test for '^Checking `fingerd'\.\.\.not infected$'

Checking `fingerd'...                                       not infected
OK

**** Test for '^Checking `gpm'\.\.\.not infected$'

Checking `gpm'...                                           not infected
OK

**** Test for '^Checking `grep'\.\.\.not infected$'

Checking `grep'...                                          not infected
OK

**** Test for '^Checking `hdparm'\.\.\.not infected$'

Checking `hdparm'...                                        not infected
OK

**** Test for '^Checking `su'\.\.\.not infected$'

Checking `su'...                                            not infected
OK

**** Test for '^Checking `ifconfig'\.\.\.not infected$'

Checking `ifconfig'...                                      not infected
OK

**** Test for '^Checking `inetd'\.\.\.not infected$'

Checking `inetd'...                                         not infected
OK

**** Test for '^Checking `inetdconf'\.\.\.not infected$'

Checking `inetdconf'...                                     not infected
OK

**** Test for '^Checking `identd'\.\.\.not infected$'

Checking `identd'...                                        not infected
OK

**** Test for '^Checking `init'\.\.\.not infected$'

Checking `init'...                                          not infected
OK

**** Test for '^Checking `killall'\.\.\.not infected$'

Checking `killall'...                                       not infected
OK

**** Test for '^Checking `ldsopreload'\.\.\.not infected$'

Checking `ldsopreload'...                                   not infected
OK

**** Test for '^Checking `login'\.\.\.not infected$'

Checking `login'...                                         not infected
OK

**** Test for '^Checking `ls'\.\.\.not infected$'

Checking `ls'...                                            not infected
OK

**** Test for '^Checking `lsof'\.\.\.not infected$'

Checking `lsof'...                                          not infected
OK

**** Test for '^Checking `mail'\.\.\.not infected$'

Checking `mail'...                                          not infected
OK

**** Test for '^Checking `mingetty'\.\.\.not infected$'

Checking `mingetty'...                                      not infected
OK

**** Test for '^Checking `netstat'\.\.\.not infected$'

Checking `netstat'...                                       not infected
OK

**** Test for '^Checking `named'\.\.\.not infected$'

Checking `named'...                                         not infected
OK

**** Test for '^Checking `passwd'\.\.\.not infected$'

Checking `passwd'...                                        not infected
OK

**** Test for '^Checking `pidof'\.\.\.not infected$'

Checking `pidof'...                                         not infected
OK

**** Test for '^Checking `pop2'\.\.\.not infected$'

Checking `pop2'...                                          not infected
OK

**** Test for '^Checking `pop3'\.\.\.not infected$'

Checking `pop3'...                                          not infected
OK

**** Test for '^Checking `ps'\.\.\.not infected$'

Checking `ps'...                                            not infected
OK

**** Test for '^Checking `pstree'\.\.\.not infected$'

Checking `pstree'...                                        not infected
OK

**** Test for '^Checking `rpcinfo'\.\.\.not infected$'

Checking `rpcinfo'...                                       not infected
OK

**** Test for '^Checking `rlogind'\.\.\.not infected$'

Checking `rlogind'...                                       not infected
OK

**** Test for '^Checking `rshd'\.\.\.not infected$'

Checking `rshd'...                                          not infected
OK

**** Test for '^Checking `slogin'\.\.\.not infected$'

Checking `slogin'...                                        not infected
OK

**** Test for '^Checking `sendmail'\.\.\.not infected$'

Checking `sendmail'...                                      not infected
OK

**** Test for '^Checking `sshd'\.\.\.not infected$'

Checking `sshd'...                                          not infected
OK

**** Test for '^Checking `syslogd'\.\.\.not infected$'

Checking `syslogd'...                                       not infected
OK

**** Test for '^Checking `tar'\.\.\.not infected$'

Checking `tar'...                                           not infected
OK

**** Test for '^Checking `tcpd'\.\.\.not infected$'

Checking `tcpd'...                                          not infected
OK

**** Test for '^Checking `tcpdump'\.\.\.not infected$'

Checking `tcpdump'...                                       not infected
OK

**** Test for '^Checking `top'\.\.\.not infected$'

Checking `top'...                                           not infected
OK

**** Test for '^Checking `telnetd'\.\.\.not infected$'

Checking `telnetd'...                                       not infected
OK

**** Test for '^Checking `timed'\.\.\.not infected$'

Checking `timed'...                                         not infected
OK

**** Test for '^Checking `traceroute'\.\.\.not infected$'

Checking `traceroute'...                                    not infected
OK

**** Test for '^Checking `vdir'\.\.\.not infected$'

Checking `vdir'...                                          not infected
OK

**** Test for '^Checking `w'\.\.\.not infected$'

Checking `w'...                                             not infected
OK

**** Test for '^Checking `write'\.\.\.not infected$'

Checking `write'...                                         not infected
OK

**** Test for '^Checking `aliens'\.\.\.no suspect files$'

Checking `aliens'...                                        no suspect files
OK

**** Test for '^Searching for sniffer's logs, it may take a while\.\.\.nothing found$'

Searching for sniffer's logs, it may take a while...        nothing found
OK

**** Test for '^Searching for rootkit HiDrootkit's default files\.\.\.nothing found$'

Searching for rootkit HiDrootkit's default files...         nothing found
OK

**** Test for '^Searching for rootkit t0rn's default files\.\.\.nothing found$'

Searching for rootkit t0rn's default files...               nothing found
OK

**** Test for '^Searching for t0rn's v8 defaults\.\.\.nothing found$'

Searching for t0rn's v8 defaults...                         nothing found
OK

**** Test for '^Searching for rootkit Lion's default files\.\.\.nothing found$'

Searching for rootkit Lion's default files...               nothing found
OK

**** Test for '^Searching for rootkit RSHA's default files\.\.\.nothing found$'

Searching for rootkit RSHA's default files...               nothing found
OK

**** Test for '^Searching for rootkit RH-Sharpe's default files\.\.\.nothing found$'

Searching for rootkit RH-Sharpe's default files...          nothing found
OK

**** Test for '^Searching for Ambient's rootkit $ark$ default filesand dirs\.\.\. nothing found$'Searching for Ambient's rootkit (ark) default files and dirs... nothingfound

OK

OK
**** Test for '^/usr/lib/\.1$'
/usr/lib/.1
OK
**** Test for '^/usr/lib/\.aaa$'
/usr/lib/.aaa
OK
**** Test for '^/usr/lib/\.1DIR$'
/usr/lib/.1DIR
OK
**** Test for '^/usr/lib/\.\.\.DIR$'
/usr/lib/...DIR
OK
**** Test for '^/usr/lib/\.bbb$'
/usr/lib/.bbb
OK
**** Test for '^/usr/lib/\.DIR-aaa$'
/usr/lib/.DIR-aaa
OK
**** Test for '^/usr/lib/\.\.\.$'
/usr/lib/...
OK
**** Test for '^$'

OK

**** Test for '^Searching for LPD Worm files and dirs\.\.\.nothing found$'

Searching for LPD Worm files and dirs...                    nothing found
OK

**** Test for '^Searching for Ramen Worm files and dirs\.\.\.nothing found$'

Searching for Ramen Worm files and dirs...                  nothing found
OK

**** Test for '^Searching for Maniac files and dirs\.\.\.nothing found$'

Searching for Maniac files and dirs...                      nothing found
OK

**** Test for '^Searching for RK17 files and dirs\.\.\.nothing found$'

Searching for RK17 files and dirs...                        nothing found
OK

**** Test for '^Searching for Ducoci rootkit\.\.\.nothing found$'

Searching for Ducoci rootkit...                             nothing found
OK

**** Test for '^Searching for Adore Worm\.\.\.nothing found$'

Searching for Adore Worm...                                 nothing found
OK

**** Test for '^Searching for ShitC Worm\.\.\.nothing found$'

Searching for ShitC Worm...                                 nothing found
OK

**** Test for '^Searching for Omega Worm\.\.\.nothing found$'

Searching for Omega Worm...                                 nothing found
OK

**** Test for '^Searching for Sadmind/IIS Worm\.\.\.nothing found$'

Searching for Sadmind/IIS Worm...                           nothing found
OK

**** Test for '^Searching for MonKit\.\.\.nothing found$'

Searching for MonKit...                                     nothing found
OK

**** Test for '^Searching for Showtee\.\.\.nothing found$'

Searching for Showtee...                                    nothing found
OK

**** Test for '^Searching for OpticKit\.\.\.nothing found$'

Searching for OpticKit...                                   nothing found
OK

**** Test for '^Searching for T\.R\.K\.\.\.nothing found$'

Searching for T.R.K...                                      nothing found
OK

**** Test for '^Searching for Mithra\.\.\.nothing found$'

Searching for Mithra...                                     nothing found
OK

**** Test for '^Searching for OBSD rk v1\.\.\.nothing found$'

Searching for OBSD rk v1...                                 nothing found
OK

**** Test for '^Searching for LOC rootkit\.\.\.nothing found$'

Searching for LOC rootkit...                                nothing found
OK

**** Test for '^Searching for Romanian rootkit\.\.\.nothing found$'

Searching for Romanian rootkit...                           nothing found
OK

**** Test for '^Searching for HKRK rootkit\.\.\.nothing found$'

Searching for HKRK rootkit...                               nothing found
OK

**** Test for '^Searching for Suckit rootkit\.\.\.nothing found$'

Searching for Suckit rootkit...                             nothing found
OK

**** Test for '^Searching for Volc rootkit\.\.\.nothing found$'

Searching for Volc rootkit...                               nothing found
OK

**** Test for '^Searching for Gold2 rootkit\.\.\.nothing found$'

Searching for Gold2 rootkit...                              nothing found
OK

**** Test for '^Searching for TC2 Worm default files and dirs\.\.\.nothing found$'

Searching for TC2 Worm default files and dirs...            nothing found
OK

**** Test for '^Searching for Anonoying rootkit default files anddirs\.\.\. nothing found$'

Searching for Anonoying rootkit default files and dirs...   nothing found
OK

**** Test for '^Searching for ZK rootkit default files and dirs\.\.\.nothing found$'

Searching for ZK rootkit default files and dirs...          nothing found
OK

**** Test for '^Searching for ShKit rootkit default files and dirs\.\.\.nothing found$'

Searching for ShKit rootkit default files and dirs...       nothing found
OK

**** Test for '^Searching for AjaKit rootkit default files anddirs\.\.\. nothing found$'

Searching for AjaKit rootkit default files and dirs...      nothing found
OK

**** Test for '^Searching for zaRwT rootkit default files and dirs\.\.\.nothing found$'

Searching for zaRwT rootkit default files and dirs...       nothing found
OK

**** Test for '^Searching for Madalin rootkit default files\.\.\.nothing found$'

Searching for Madalin rootkit default files...              nothing found
OK

**** Test for '^Searching for Fu rootkit default files\.\.\.nothing found$'

Searching for Fu rootkit default files...                   nothing found
OK

**** Test for '^Searching for ESRK rootkit default files\.\.\.nothing found$'

Searching for ESRK rootkit default files...                 nothing found
OK

**** Test for '^Searching for rootedoor\.\.\.nothing found$'

Searching for rootedoor...                                  nothing found
OK

**** Test for '^Searching for ENYELKM rootkit default files\.\.\.nothing found$'

Searching for ENYELKM rootkit default files...              nothing found
OK

**** Test for '^Searching for common ssh-scanners default files\.\.\.nothing found$'

Searching for common ssh-scanners default files...          nothing found
OK

**** Test for '^Searching for Linux/Ebury - Operation Windigo ssh\.\.\.nothing found$'

<No match (FAIL)>

**** Test for '^Searching for 64-bit Linux Rootkit \.\.\.nothing found$'

Searching for 64-bit Linux Rootkit ...                      nothing found
OK

**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\.nothing found$'

Searching for 64-bit Linux Rootkit modules...               nothing found
OK

**** Test for '^Searching for Mumblehard Linux \.\.\.nothing found$'

Searching for Mumblehard Linux ...                          nothing found
OK

**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a \.\.\.nothing found$'

Searching for Backdoor.Linux.Mokes.a ...                    nothing found
OK

**** Test for '^Searching for Malicious TinyDNS \.\.\.nothing found$'

Searching for Malicious TinyDNS ...                         nothing found
OK

**** Test for '^Searching for Linux\.Xor\.DDoS \.\.\.INFECTED: Possible Malicious Linux\.Xor\.DDoS installed$'Searching for Linux.Xor.DDoS ... INFECTED:Possible Malicious Linux.Xor.DDoS installed

OK
**** Test for '^/tmp/test-chkrootkit-false-positive$'
/tmp/test-chkrootkit-false-positive
OK

**** Test for '^Searching for Linux\.Proxy\.1\.0 \.\.\.nothing found$'

Searching for Linux.Proxy.1.0 ...                           nothing found
OK

**** Test for '^Searching for CrossRAT \.\.\.nothing found$'

Searching for CrossRAT ...                                  nothing found
OK

**** Test for '^Searching for Hidden Cobra \.\.\.nothing found$'

Searching for Hidden Cobra ...                              nothing found
OK

**** Test for '^Searching for Rocke Miner \.\.\.nothing found$'

Searching for Rocke Miner ...                               nothing found
OK

**** Test for '^Searching for PWNLNX4 lkm\.\.\.nothing found$'

Searching for PWNLNX4 lkm...                                nothing found
OK

**** Test for '^Searching for PWNLNX6 lkm\.\.\.nothing found$'

Searching for PWNLNX6 lkm...                                nothing found
OK

**** Test for '^Searching for Umbreon lrk\.\.\.nothing found$'

Searching for Umbreon lrk...                                nothing found
OK

**** Test for '^Searching for Kinsing\.a backdoor\.\.\.nothing found$'

Searching for Kinsing.a backdoor...                         nothing found
OK

**** Test for '^Searching for RotaJakiro backdoor\.\.\.nothing found$'

Searching for RotaJakiro backdoor...                        nothing found
OK

**** Test for '^Searching for suspect PHP files\.\.\.nothing found$'

Searching for suspect PHP files...                          nothing found
OK

**** Test for '^Searching for anomalies in shell history files\.\.\.nothing found$'

Searching for anomalies in shell history files...           nothing found
OK

**** Test for '^Checking `asp'\.\.\.not infected$'

Checking `asp'...                                           not infected
OK

**** Test for '^Checking `bindshell'\.\.\.not infected$'

Checking `bindshell'...                                     not infected
OK

**** Test for '^Checking `lkm'\.\.\.chkproc: nothing detected$'Checking `lkm'... chkproc:nothing detected

OK
**** Test for '^chkdirs:'
chkdirs: nothing detected
OK

**** Test for '^Checking `rexedcs'\.\.\.not found$'

Checking `rexedcs'...                                       not found
OK

**** Test for '^Checking `sniffer'\.\.\.Output from ifpromisc:$'Checking `sniffer'... Output fromifpromisc:

OK
**** Test for '^lo: not promisc and no packet sniffer sockets$'
lo: not promisc and no packet sniffer sockets
OK

**** Test for '^Checking `w55808'\.\.\.not infected$'

Checking `w55808'...                                        not infected
OK

**** Test for '^Checking `wted'\.\.\.chkwtmp: nothing deleted$'Checking `wted'... chkwtmp:nothing deleted

OK

**** Test for '^Checking `scalper'\.\.\.not infected$'

Checking `scalper'...                                       not infected
OK

**** Test for '^Checking `slapper'\.\.\.not infected$'

Checking `slapper'...                                       not infected
OK

**** Test for '^Checking `z2'\.\.\.chklastlog: nothing deleted$'Checking `z2'... chklastlog:nothing deleted

OK
**** Test for '^Checking `chkutmp'\.\.\.'

Checking `chkutmp'... The tty ofthe following process(es) was not found in /var/run/utmp:

OK

**** Test for '^Checking `OSX_RSPLUG'\.\.\.not tested$'

Checking `OSX_RSPLUG'...                                    not tested
OK
**** Test for '^chkutmp: nothing deleted$'
chkutmp: nothing deleted
OK

** FAIL: Testing: cron-no-diff-mode-01-full (/etc/cron.daily/chkrootkit)done: FAIL

*** FAIL was with config set to:
RUN_DAILY=true
DIFF_MODE=false

*** Reason(s) for failure follows
Result: FAIL

Missing: ^Searching for Linux/Ebury - Operation Windigo ssh\.\.\.nothing found$

Unexpected (unmatched) lines follow (for info):
Searching for Linux/Ebury - Operation Windigo ssh...        not tested

** Testing: cron-no-diff-mode-02-full-filter-and-ignore(/etc/cron.daily/chkrootkit) ...

*** Output
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        no suspect files
Searching for sniffer's logs, it may take a while...        nothing found
Searching for rootkit HiDrootkit's default files...         nothing found
Searching for rootkit t0rn's default files...               nothing found
Searching for t0rn's v8 defaults...                         nothing found
Searching for rootkit Lion's default files...               nothing found
Searching for rootkit RSHA's default files...               nothing found
Searching for rootkit RH-Sharpe's default files...          nothing found

Searching for Ambient's rootkit (ark) default files and dirs... nothingfoundSearching for suspicious files and dirs, it may take a while... Thefollowing suspicious files and directories were found:

/usr/lib/...DIR
/usr/lib/.1DIR
CHANGED-IN-FILTER_bb
/usr/lib/.1
/usr/lib/...

Searching for LPD Worm files and dirs...                    nothing found
Searching for Ramen Worm files and dirs...                  nothing found
Searching for Maniac files and dirs...                      nothing found
Searching for RK17 files and dirs...                        nothing found
Searching for Ducoci rootkit...                             nothing found
Searching for Adore Worm...                                 nothing found
Searching for ShitC Worm...                                 nothing found
Searching for Omega Worm...                                 nothing found
Searching for Sadmind/IIS Worm...                           nothing found
Searching for MonKit...                                     nothing found
Searching for Showtee...                                    nothing found
Searching for OpticKit...                                   nothing found
Searching for T.R.K...                                      nothing found
Searching for Mithra...                                     nothing found
Searching for OBSD rk v1...                                 nothing found
Searching for LOC rootkit...                                nothing found
Searching for Romanian rootkit...                           nothing found
Searching for HKRK rootkit...                               nothing found
Searching for Suckit rootkit...                             nothing found
Searching for Volc rootkit...                               nothing found
Searching for Gold2 rootkit...                              nothing found
Searching for TC2 Worm default files and dirs...            nothing found
Searching for Anonoying rootkit default files and dirs...   nothing found
Searching for ZK rootkit default files and dirs...          nothing found
Searching for ShKit rootkit default files and dirs...       nothing found
Searching for AjaKit rootkit default files and dirs...      nothing found
Searching for zaRwT rootkit default files and dirs...       nothing found
Searching for Madalin rootkit default files...              nothing found
Searching for Fu rootkit default files...                   nothing found
Searching for ESRK rootkit default files...                 nothing found
Searching for rootedoor...                                  nothing found
Searching for ENYELKM rootkit default files...              nothing found
Searching for common ssh-scanners default files...          nothing found
Searching for Linux/Ebury - Operation Windigo ssh...        not tested
Searching for 64-bit Linux Rootkit ...                      nothing found
Searching for 64-bit Linux Rootkit modules...               nothing found
Searching for Mumblehard Linux ...                          nothing found
Searching for Backdoor.Linux.Mokes.a ...                    nothing found
Searching for Malicious TinyDNS ...                         nothing found

Searching for Linux.Xor.DDoS ... INFECTED:Possible Malicious Linux.Xor.DDoS installed

/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/08_unidentified.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26_improve-info-help-display.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/17_Suckitfalse.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/13_exitcode.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26a_chkrootkit-further-improvement-to-help-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/06_quiet.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/04_backslashes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/19_openssh.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/09_excludes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25a_fix_patch_25.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/02_workingdir.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/21_fix_loc_function.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/16_php.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/03_linedup_reports.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/find-debs-that-are-enhanced
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/rules
/tmp/test-chkrootkit-false-positive
/tmp/autopkgtest-reboot
/tmp/autopkgtest-reboot-prepare
Searching for Linux.Proxy.1.0 ...                           nothing found
Searching for CrossRAT ...                                  nothing found
Searching for Hidden Cobra ...                              nothing found
Searching for Rocke Miner ...                               nothing found
Searching for PWNLNX4 lkm...                                nothing found
Searching for PWNLNX6 lkm...                                nothing found
Searching for Umbreon lrk...                                nothing found
Searching for Kinsing.a backdoor...                         nothing found
Searching for RotaJakiro backdoor...                        nothing found
Searching for suspect PHP files...                          nothing found
Searching for anomalies in shell history files...           nothing found
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not infected

Checking `lkm'... chkproc:nothing detected

chkdirs: nothing detected
Checking `rexedcs'...                                       not found

Checking `sniffer'... Output fromifpromisc:

lo: not promisc and no packet sniffer sockets
eth0: PACKET SNIFFER(/usr/sbin/dhclient[69])
Checking `w55808'...                                        not infected

Checking `wted'... chkwtmp:nothing deleted

Checking `scalper'...                                       not infected
Checking `slapper'...                                       not infected

Checking `z2'... chklastlog:nothing deletedChecking `chkutmp'... The tty ofthe following process(es) was not found in /var/run/utmp:

! RUID          PID TTY    CMD

chkutmp: nothing deleted
Checking `OSX_RSPLUG'...                                    not tested
**** Files in log
total 40K
drwxr-xr-x 2 root root 4.0K Dec  8 03:12 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
-rw-r--r-- 1 root root  15K Dec  8 03:12 log.today
-rw-r--r-- 1 root root  15K Dec  8 03:12 log.today.raw
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK

**** Test for '^Checking `amd'\.\.\.not infected$'

Checking `amd'...                                           not infected
OK

**** Test for '^Checking `basename'\.\.\.not infected$'

Checking `basename'...                                      not infected
OK

**** Test for '^Checking `biff'\.\.\.not infected$'

Checking `biff'...                                          not infected
OK

**** Test for '^Checking `chfn'\.\.\.not infected$'

Checking `chfn'...                                          not infected
OK

**** Test for '^Checking `chsh'\.\.\.not infected$'

Checking `chsh'...                                          not infected
OK

**** Test for '^Checking `cron'\.\.\.not infected$'

Checking `cron'...                                          not infected
OK

**** Test for '^Checking `crontab'\.\.\.not infected$'

Checking `crontab'...                                       not infected
OK

**** Test for '^Checking `date'\.\.\.not infected$'

Checking `date'...                                          not infected
OK

**** Test for '^Checking `du'\.\.\.not infected$'

Checking `du'...                                            not infected
OK

**** Test for '^Checking `dirname'\.\.\.not infected$'

Checking `dirname'...                                       not infected
OK

**** Test for '^Checking `echo'\.\.\.not infected$'

Checking `echo'...                                          not infected
OK

**** Test for '^Checking `egrep'\.\.\.not infected$'

Checking `egrep'...                                         not infected
OK

**** Test for '^Checking `env'\.\.\.not infected$'

Checking `env'...                                           not infected
OK

**** Test for '^Checking `find'\.\.\.not infected$'

Checking `find'...                                          not infected
OK

**** Test for '^Checking `fingerd'\.\.\.not infected$'

Checking `fingerd'...                                       not infected
OK

**** Test for '^Checking `gpm'\.\.\.not infected$'

Checking `gpm'...                                           not infected
OK

**** Test for '^Checking `grep'\.\.\.not infected$'

Checking `grep'...                                          not infected
OK

**** Test for '^Checking `hdparm'\.\.\.not infected$'

Checking `hdparm'...                                        not infected
OK

**** Test for '^Checking `su'\.\.\.not infected$'

Checking `su'...                                            not infected
OK

**** Test for '^Checking `ifconfig'\.\.\.not infected$'

Checking `ifconfig'...                                      not infected
OK

**** Test for '^Checking `inetd'\.\.\.not infected$'

Checking `inetd'...                                         not infected
OK

**** Test for '^Checking `inetdconf'\.\.\.not infected$'

Checking `inetdconf'...                                     not infected
OK

**** Test for '^Checking `identd'\.\.\.not infected$'

Checking `identd'...                                        not infected
OK

**** Test for '^Checking `init'\.\.\.not infected$'

Checking `init'...                                          not infected
OK

**** Test for '^Checking `killall'\.\.\.not infected$'

Checking `killall'...                                       not infected
OK

**** Test for '^Checking `ldsopreload'\.\.\.not infected$'

Checking `ldsopreload'...                                   not infected
OK

**** Test for '^Checking `login'\.\.\.not infected$'

Checking `login'...                                         not infected
OK

**** Test for '^Checking `ls'\.\.\.not infected$'

Checking `ls'...                                            not infected
OK

**** Test for '^Checking `lsof'\.\.\.not infected$'

Checking `lsof'...                                          not infected
OK

**** Test for '^Checking `mail'\.\.\.not infected$'

Checking `mail'...                                          not infected
OK

**** Test for '^Checking `mingetty'\.\.\.not infected$'

Checking `mingetty'...                                      not infected
OK

**** Test for '^Checking `netstat'\.\.\.not infected$'

Checking `netstat'...                                       not infected
OK

**** Test for '^Checking `named'\.\.\.not infected$'

Checking `named'...                                         not infected
OK

**** Test for '^Checking `passwd'\.\.\.not infected$'

Checking `passwd'...                                        not infected
OK

**** Test for '^Checking `pidof'\.\.\.not infected$'

Checking `pidof'...                                         not infected
OK

**** Test for '^Checking `pop2'\.\.\.not infected$'

Checking `pop2'...                                          not infected
OK

**** Test for '^Checking `pop3'\.\.\.not infected$'

Checking `pop3'...                                          not infected
OK

**** Test for '^Checking `ps'\.\.\.not infected$'

Checking `ps'...                                            not infected
OK

**** Test for '^Checking `pstree'\.\.\.not infected$'

Checking `pstree'...                                        not infected
OK

**** Test for '^Checking `rpcinfo'\.\.\.not infected$'

Checking `rpcinfo'...                                       not infected
OK

**** Test for '^Checking `rlogind'\.\.\.not infected$'

Checking `rlogind'...                                       not infected
OK

**** Test for '^Checking `rshd'\.\.\.not infected$'

Checking `rshd'...                                          not infected
OK

**** Test for '^Checking `slogin'\.\.\.not infected$'

Checking `slogin'...                                        not infected
OK

**** Test for '^Checking `sendmail'\.\.\.not infected$'

Checking `sendmail'...                                      not infected
OK

**** Test for '^Checking `sshd'\.\.\.not infected$'

Checking `sshd'...                                          not infected
OK

**** Test for '^Checking `syslogd'\.\.\.not infected$'

Checking `syslogd'...                                       not infected
OK

**** Test for '^Checking `tar'\.\.\.not infected$'

Checking `tar'...                                           not infected
OK

**** Test for '^Checking `tcpd'\.\.\.not infected$'

Checking `tcpd'...                                          not infected
OK

**** Test for '^Checking `tcpdump'\.\.\.not infected$'

Checking `tcpdump'...                                       not infected
OK

**** Test for '^Checking `top'\.\.\.not infected$'

Checking `top'...                                           not infected
OK

**** Test for '^Checking `telnetd'\.\.\.not infected$'

Checking `telnetd'...                                       not infected
OK

**** Test for '^Checking `timed'\.\.\.not infected$'

Checking `timed'...                                         not infected
OK

**** Test for '^Checking `traceroute'\.\.\.not infected$'

Checking `traceroute'...                                    not infected
OK

**** Test for '^Checking `vdir'\.\.\.not infected$'

Checking `vdir'...                                          not infected
OK

**** Test for '^Checking `w'\.\.\.not infected$'

Checking `w'...                                             not infected
OK

**** Test for '^Checking `write'\.\.\.not infected$'

Checking `write'...                                         not infected
OK

**** Test for '^Checking `aliens'\.\.\.no suspect files$'

Checking `aliens'...                                        no suspect files
OK

**** Test for '^Searching for sniffer's logs, it may take a while\.\.\.nothing found$'

Searching for sniffer's logs, it may take a while...        nothing found
OK

**** Test for '^Searching for rootkit HiDrootkit's default files\.\.\.nothing found$'

Searching for rootkit HiDrootkit's default files...         nothing found
OK

**** Test for '^Searching for rootkit t0rn's default files\.\.\.nothing found$'

Searching for rootkit t0rn's default files...               nothing found
OK

**** Test for '^Searching for t0rn's v8 defaults\.\.\.nothing found$'

Searching for t0rn's v8 defaults...                         nothing found
OK

**** Test for '^Searching for rootkit Lion's default files\.\.\.nothing found$'

Searching for rootkit Lion's default files...               nothing found
OK

**** Test for '^Searching for rootkit RSHA's default files\.\.\.nothing found$'

Searching for rootkit RSHA's default files...               nothing found
OK

**** Test for '^Searching for rootkit RH-Sharpe's default files\.\.\.nothing found$'

Searching for rootkit RH-Sharpe's default files...          nothing found
OK

**** Test for '^Searching for Ambient's rootkit $ark$ default filesand dirs\.\.\. nothing found$'Searching for Ambient's rootkit (ark) default files and dirs... nothingfound

OK

OK
**** Test for '^/usr/lib/\.1$'
/usr/lib/.1
OK
**** Test for '^/usr/lib/\.1DIR$'
/usr/lib/.1DIR
OK
**** Test for '^/usr/lib/\.\.\.DIR$'
/usr/lib/...DIR
OK
**** Test for '^CHANGED-IN-FILTER_bb$'
CHANGED-IN-FILTER_bb
OK
**** Test for '^/usr/lib/\.\.\.$'
/usr/lib/...
OK
**** Test for '^$'

OK

**** Test for '^Searching for LPD Worm files and dirs\.\.\.nothing found$'

Searching for LPD Worm files and dirs...                    nothing found
OK

**** Test for '^Searching for Ramen Worm files and dirs\.\.\.nothing found$'

Searching for Ramen Worm files and dirs...                  nothing found
OK

**** Test for '^Searching for Maniac files and dirs\.\.\.nothing found$'

Searching for Maniac files and dirs...                      nothing found
OK

**** Test for '^Searching for RK17 files and dirs\.\.\.nothing found$'

Searching for RK17 files and dirs...                        nothing found
OK

**** Test for '^Searching for Ducoci rootkit\.\.\.nothing found$'

Searching for Ducoci rootkit...                             nothing found
OK

**** Test for '^Searching for Adore Worm\.\.\.nothing found$'

Searching for Adore Worm...                                 nothing found
OK

**** Test for '^Searching for ShitC Worm\.\.\.nothing found$'

Searching for ShitC Worm...                                 nothing found
OK

**** Test for '^Searching for Omega Worm\.\.\.nothing found$'

Searching for Omega Worm...                                 nothing found
OK

**** Test for '^Searching for Sadmind/IIS Worm\.\.\.nothing found$'

Searching for Sadmind/IIS Worm...                           nothing found
OK

**** Test for '^Searching for MonKit\.\.\.nothing found$'

Searching for MonKit...                                     nothing found
OK

**** Test for '^Searching for Showtee\.\.\.nothing found$'

Searching for Showtee...                                    nothing found
OK

**** Test for '^Searching for OpticKit\.\.\.nothing found$'

Searching for OpticKit...                                   nothing found
OK

**** Test for '^Searching for T\.R\.K\.\.\.nothing found$'

Searching for T.R.K...                                      nothing found
OK

**** Test for '^Searching for Mithra\.\.\.nothing found$'

Searching for Mithra...                                     nothing found
OK

**** Test for '^Searching for OBSD rk v1\.\.\.nothing found$'

Searching for OBSD rk v1...                                 nothing found
OK

**** Test for '^Searching for LOC rootkit\.\.\.nothing found$'

Searching for LOC rootkit...                                nothing found
OK

**** Test for '^Searching for Romanian rootkit\.\.\.nothing found$'

Searching for Romanian rootkit...                           nothing found
OK

**** Test for '^Searching for HKRK rootkit\.\.\.nothing found$'

Searching for HKRK rootkit...                               nothing found
OK

**** Test for '^Searching for Suckit rootkit\.\.\.nothing found$'

Searching for Suckit rootkit...                             nothing found
OK

**** Test for '^Searching for Volc rootkit\.\.\.nothing found$'

Searching for Volc rootkit...                               nothing found
OK

**** Test for '^Searching for Gold2 rootkit\.\.\.nothing found$'

Searching for Gold2 rootkit...                              nothing found
OK

**** Test for '^Searching for TC2 Worm default files and dirs\.\.\.nothing found$'

Searching for TC2 Worm default files and dirs...            nothing found
OK

**** Test for '^Searching for Anonoying rootkit default files anddirs\.\.\. nothing found$'

Searching for Anonoying rootkit default files and dirs...   nothing found
OK

**** Test for '^Searching for ZK rootkit default files and dirs\.\.\.nothing found$'

Searching for ZK rootkit default files and dirs...          nothing found
OK

**** Test for '^Searching for ShKit rootkit default files and dirs\.\.\.nothing found$'

Searching for ShKit rootkit default files and dirs...       nothing found
OK

**** Test for '^Searching for AjaKit rootkit default files anddirs\.\.\. nothing found$'

Searching for AjaKit rootkit default files and dirs...      nothing found
OK

**** Test for '^Searching for zaRwT rootkit default files and dirs\.\.\.nothing found$'

Searching for zaRwT rootkit default files and dirs...       nothing found
OK

**** Test for '^Searching for Madalin rootkit default files\.\.\.nothing found$'

Searching for Madalin rootkit default files...              nothing found
OK

**** Test for '^Searching for Fu rootkit default files\.\.\.nothing found$'

Searching for Fu rootkit default files...                   nothing found
OK

**** Test for '^Searching for ESRK rootkit default files\.\.\.nothing found$'

Searching for ESRK rootkit default files...                 nothing found
OK

**** Test for '^Searching for rootedoor\.\.\.nothing found$'

Searching for rootedoor...                                  nothing found
OK

**** Test for '^Searching for ENYELKM rootkit default files\.\.\.nothing found$'

Searching for ENYELKM rootkit default files...              nothing found
OK

**** Test for '^Searching for common ssh-scanners default files\.\.\.nothing found$'

Searching for common ssh-scanners default files...          nothing found
OK

**** Test for '^Searching for Linux/Ebury - Operation Windigo ssh\.\.\.nothing found$'

<No match (FAIL)>

**** Test for '^Searching for 64-bit Linux Rootkit \.\.\.nothing found$'

Searching for 64-bit Linux Rootkit ...                      nothing found
OK

**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\.nothing found$'

Searching for 64-bit Linux Rootkit modules...               nothing found
OK

**** Test for '^Searching for Mumblehard Linux \.\.\.nothing found$'

Searching for Mumblehard Linux ...                          nothing found
OK

**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a \.\.\.nothing found$'

Searching for Backdoor.Linux.Mokes.a ...                    nothing found
OK

**** Test for '^Searching for Malicious TinyDNS \.\.\.nothing found$'

Searching for Malicious TinyDNS ...                         nothing found
OK

**** Test for '^Searching for Linux\.Xor\.DDoS \.\.\.INFECTED: Possible Malicious Linux\.Xor\.DDoS installed$'Searching for Linux.Xor.DDoS ... INFECTED:Possible Malicious Linux.Xor.DDoS installed

OK
**** Test for '^/tmp/test-chkrootkit-false-positive$'
/tmp/test-chkrootkit-false-positive
OK

**** Test for '^Searching for Linux\.Proxy\.1\.0 \.\.\.nothing found$'

Searching for Linux.Proxy.1.0 ...                           nothing found
OK

**** Test for '^Searching for CrossRAT \.\.\.nothing found$'

Searching for CrossRAT ...                                  nothing found
OK

**** Test for '^Searching for Hidden Cobra \.\.\.nothing found$'

Searching for Hidden Cobra ...                              nothing found
OK

**** Test for '^Searching for Rocke Miner \.\.\.nothing found$'

Searching for Rocke Miner ...                               nothing found
OK

**** Test for '^Searching for PWNLNX4 lkm\.\.\.nothing found$'

Searching for PWNLNX4 lkm...                                nothing found
OK

**** Test for '^Searching for PWNLNX6 lkm\.\.\.nothing found$'

Searching for PWNLNX6 lkm...                                nothing found
OK

**** Test for '^Searching for Umbreon lrk\.\.\.nothing found$'

Searching for Umbreon lrk...                                nothing found
OK

**** Test for '^Searching for Kinsing\.a backdoor\.\.\.nothing found$'

Searching for Kinsing.a backdoor...                         nothing found
OK

**** Test for '^Searching for RotaJakiro backdoor\.\.\.nothing found$'

Searching for RotaJakiro backdoor...                        nothing found
OK

**** Test for '^Searching for suspect PHP files\.\.\.nothing found$'

Searching for suspect PHP files...                          nothing found
OK

**** Test for '^Searching for anomalies in shell history files\.\.\.nothing found$'

Searching for anomalies in shell history files...           nothing found
OK

**** Test for '^Checking `asp'\.\.\.not infected$'

Checking `asp'...                                           not infected
OK

**** Test for '^Checking `bindshell'\.\.\.not infected$'

Checking `bindshell'...                                     not infected
OK

**** Test for '^Checking `lkm'\.\.\.chkproc: nothing detected$'Checking `lkm'... chkproc:nothing detected

OK
**** Test for '^chkdirs:'
chkdirs: nothing detected
OK

**** Test for '^Checking `rexedcs'\.\.\.not found$'

Checking `rexedcs'...                                       not found
OK

**** Test for '^Checking `sniffer'\.\.\.Output from ifpromisc:$'Checking `sniffer'... Output fromifpromisc:

OK
**** Test for '^lo: not promisc and no packet sniffer sockets$'
lo: not promisc and no packet sniffer sockets
OK

**** Test for '^Checking `w55808'\.\.\.not infected$'

Checking `w55808'...                                        not infected
OK

**** Test for '^Checking `wted'\.\.\.chkwtmp: nothing deleted$'Checking `wted'... chkwtmp:nothing deleted

OK

**** Test for '^Checking `scalper'\.\.\.not infected$'

Checking `scalper'...                                       not infected
OK

**** Test for '^Checking `slapper'\.\.\.not infected$'

Checking `slapper'...                                       not infected
OK

**** Test for '^Checking `z2'\.\.\.chklastlog: nothing deleted$'Checking `z2'... chklastlog:nothing deleted

OK
**** Test for '^Checking `chkutmp'\.\.\.'

Checking `chkutmp'... The tty ofthe following process(es) was not found in /var/run/utmp:

OK

**** Test for '^Checking `OSX_RSPLUG'\.\.\.not tested$'

Checking `OSX_RSPLUG'...                                    not tested
OK
**** Test for '^chkutmp: nothing deleted$'
chkutmp: nothing deleted
OK

** FAIL: Testing: cron-no-diff-mode-02-full-filter-and-ignore(/etc/cron.daily/chkrootkit) done: FAIL

*** FAIL was with config set to:
RUN_DAILY=true
DIFF_MODE=false

FILTER='sed s!^/usr/lib/.b!CHANGED-IN-FILTER_!'
IGNORE_FILE=/etc/test-ignore
DIFF_MODE=false

*** Reason(s) for failure follows
Result: FAIL

Missing: ^Searching for Linux/Ebury - Operation Windigo ssh\.\.\.nothing found$

Unexpected (unmatched) lines follow (for info):
Searching for Linux/Ebury - Operation Windigo ssh...        not tested
* Testing: the daily cron job (without diff mode, quiet output)
** Testing: cron-no-diff-mode-03-quiet (/etc/cron.daily/chkrootkit) ...
*** Output
The following suspicious files and directories were found:
/usr/lib/...DIR
/usr/lib/.1DIR
/usr/lib/.bbb
/usr/lib/.1
/usr/lib/...
/usr/lib/.aaa
/usr/lib/.DIR-aaa

INFECTED: Possible Malicious Linux.Xor.DDoS installed
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/08_unidentified.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26_improve-info-help-display.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/17_Suckitfalse.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/13_exitcode.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26a_chkrootkit-further-improvement-to-help-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/06_quiet.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/04_backslashes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/19_openssh.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/09_excludes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25a_fix_patch_25.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/02_workingdir.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/21_fix_loc_function.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/16_php.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/03_linedup_reports.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/find-debs-that-are-enhanced
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/rules
/tmp/test-chkrootkit-false-positive
/tmp/autopkgtest-reboot
/tmp/autopkgtest-reboot-prepare
Output from ifpromisc:

<interface>: PACKETSNIFFER([systemd-networkd|dhclient|dhcpd|dhcpcd|wpa_supplicant|NetworkManager]{PID})

The tty of the following process(es) was not found in /var/run/utmp:
! RUID          PID TTY    CMD

!AUTOPKGTEST_ARTIFACTS="/tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts";export ADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp";exp 0 artifacts";gtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts"; exportADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exp! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! INT {PID} ipt_pid" QUIT PIPE; cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout /tmp

**** Files in log
total 24K
drwxr-xr-x 2 root root 4.0K Dec  8 03:12 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
-rw-r--r-- 1 root root 5.1K Dec  8 03:12 log.today
-rw-r--r-- 1 root root 5.1K Dec  8 03:12 log.today.raw
*** Test of content of output follows...
**** Test for '^The following suspicious files and directories were found:$'
The following suspicious files and directories were found:
OK
**** Test for '^/usr/lib/\.1$'
/usr/lib/.1
OK
**** Test for '^/usr/lib/\.aaa$'
/usr/lib/.aaa
OK
**** Test for '^/usr/lib/\.1DIR$'
/usr/lib/.1DIR
OK
**** Test for '^/usr/lib/\.\.\.DIR$'
/usr/lib/...DIR
OK
**** Test for '^/usr/lib/\.bbb$'
/usr/lib/.bbb
OK
**** Test for '^/usr/lib/\.DIR-aaa$'
/usr/lib/.DIR-aaa
OK
**** Test for '^/usr/lib/\.\.\.$'
/usr/lib/...
OK
**** Test for '^$'

OK
**** Test for '^INFECTED: Possible Malicious Linux.Xor.DDoS installed$'
INFECTED: Possible Malicious Linux.Xor.DDoS installed
OK
**** Test for '^/tmp/test-chkrootkit-false-positive$'
/tmp/test-chkrootkit-false-positive
OK

** PASS: Testing: cron-no-diff-mode-03-quiet(/etc/cron.daily/chkrootkit) done: PASS** Testing: cron-no-diff-mode-04-quiet-no-ionice(/etc/cron.daily/chkrootkit) ...

*** Output
The following suspicious files and directories were found:
/usr/lib/...DIR
/usr/lib/.1DIR
/usr/lib/.bbb
/usr/lib/.1
/usr/lib/...
/usr/lib/.aaa
/usr/lib/.DIR-aaa

INFECTED: Possible Malicious Linux.Xor.DDoS installed
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/08_unidentified.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26_improve-info-help-display.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/17_Suckitfalse.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/13_exitcode.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26a_chkrootkit-further-improvement-to-help-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/06_quiet.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/04_backslashes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/19_openssh.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/09_excludes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25a_fix_patch_25.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/02_workingdir.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/21_fix_loc_function.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/16_php.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/03_linedup_reports.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/find-debs-that-are-enhanced
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/rules
/tmp/test-chkrootkit-false-positive
/tmp/autopkgtest-reboot
/tmp/autopkgtest-reboot-prepare
Output from ifpromisc:

<interface>: PACKETSNIFFER([systemd-networkd|dhclient|dhcpd|dhcpcd|wpa_supplicant|NetworkManager]{PID})

The tty of the following process(es) was not found in /var/run/utmp:
! RUID          PID TTY    CMD

!AUTOPKGTEST_ARTIFACTS="/tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts";export ADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp";exp 0 artifacts";gtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts"; exportADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exp! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! INT {PID} ipt_pid" QUIT PIPE; cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout /tmp

**** Files in log
total 24K
drwxr-xr-x 2 root root 4.0K Dec  8 03:12 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
-rw-r--r-- 1 root root 5.1K Dec  8 03:12 log.today
-rw-r--r-- 1 root root 5.1K Dec  8 03:12 log.today.raw
*** Test of content of output follows...
**** Test for '^The following suspicious files and directories were found:$'
The following suspicious files and directories were found:
OK
**** Test for '^/usr/lib/\.1$'
/usr/lib/.1
OK
**** Test for '^/usr/lib/\.aaa$'
/usr/lib/.aaa
OK
**** Test for '^/usr/lib/\.1DIR$'
/usr/lib/.1DIR
OK
**** Test for '^/usr/lib/\.\.\.DIR$'
/usr/lib/...DIR
OK
**** Test for '^/usr/lib/\.bbb$'
/usr/lib/.bbb
OK
**** Test for '^/usr/lib/\.DIR-aaa$'
/usr/lib/.DIR-aaa
OK
**** Test for '^/usr/lib/\.\.\.$'
/usr/lib/...
OK
**** Test for '^$'

OK
**** Test for '^INFECTED: Possible Malicious Linux.Xor.DDoS installed$'
INFECTED: Possible Malicious Linux.Xor.DDoS installed
OK
**** Test for '^/tmp/test-chkrootkit-false-positive$'
/tmp/test-chkrootkit-false-positive
OK

** PASS: Testing: cron-no-diff-mode-04-quiet-no-ionice(/etc/cron.daily/chkrootkit) done: PASS** Testing: cron-no-diff-mode-05-quiet-filter-and-ignore(/etc/cron.daily/chkrootkit) ...

*** Output
The following suspicious files and directories were found:
/usr/lib/...DIR
/usr/lib/.1DIR
CHANGED-IN-FILTER_bb
/usr/lib/.1
/usr/lib/...
/usr/lib/.DIR-aaa

INFECTED: Possible Malicious Linux.Xor.DDoS installed
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/08_unidentified.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26_improve-info-help-display.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/17_Suckitfalse.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/13_exitcode.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26a_chkrootkit-further-improvement-to-help-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/06_quiet.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/04_backslashes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/19_openssh.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/09_excludes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25a_fix_patch_25.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/02_workingdir.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/21_fix_loc_function.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/16_php.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/03_linedup_reports.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/find-debs-that-are-enhanced
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/rules
/tmp/test-chkrootkit-false-positive
/tmp/autopkgtest-reboot
/tmp/autopkgtest-reboot-prepare
Output from ifpromisc:
eth0: PACKET SNIFFER(/usr/sbin/dhclient[69])
The tty of the following process(es) was not found in /var/run/utmp:
! RUID          PID TTY    CMD

**** Files in log
total 24K
drwxr-xr-x 2 root root 4.0K Dec  8 03:12 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
-rw-r--r-- 1 root root 5.1K Dec  8 03:12 log.today
-rw-r--r-- 1 root root 5.1K Dec  8 03:12 log.today.raw
*** Test of content of output follows...
**** Test for 'The following suspicious files and directories were found:$'
The following suspicious files and directories were found:
OK
**** Test for '^/usr/lib/\.1$'
/usr/lib/.1
OK
**** Test for '^/usr/lib/\.1DIR$'
/usr/lib/.1DIR
OK
**** Test for '^/usr/lib/\.\.\.DIR$'
/usr/lib/...DIR
OK
**** Test for '^CHANGED-IN-FILTER_bb$'
CHANGED-IN-FILTER_bb
OK
**** Test for '^/usr/lib/\.DIR-aaa$'
/usr/lib/.DIR-aaa
OK
**** Test for '^/usr/lib/\.\.\.$'
/usr/lib/...
OK
**** Test for '^$'

OK
**** Test for '^INFECTED: Possible Malicious Linux.Xor.DDoS installed$'
INFECTED: Possible Malicious Linux.Xor.DDoS installed
OK
**** Test for '^/tmp/test-chkrootkit-false-positive$'
/tmp/test-chkrootkit-false-positive
OK

** PASS: Testing: cron-no-diff-mode-05-quiet-filter-and-ignore(/etc/cron.daily/chkrootkit) done: PASS** Testing: cron-no-diff-mode-06-quiet-invalid-filter-is-ignored(/etc/cron.daily/chkrootkit) ...

*** Output
Ignoring invalid $FILTER='sed s/this/is/invalid/sed/and/will/be/ignored'
The following suspicious files and directories were found:
/usr/lib/...DIR
/usr/lib/.1DIR
/usr/lib/.bbb
/usr/lib/.1
/usr/lib/...
/usr/lib/.DIR-aaa

INFECTED: Possible Malicious Linux.Xor.DDoS installed
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/08_unidentified.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26_improve-info-help-display.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/17_Suckitfalse.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/13_exitcode.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26a_chkrootkit-further-improvement-to-help-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/06_quiet.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/04_backslashes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/19_openssh.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/09_excludes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25a_fix_patch_25.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/02_workingdir.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/21_fix_loc_function.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/16_php.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/03_linedup_reports.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/find-debs-that-are-enhanced
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/rules
/tmp/test-chkrootkit-false-positive
/tmp/autopkgtest-reboot
/tmp/autopkgtest-reboot-prepare
Output from ifpromisc:
eth0: PACKET SNIFFER(/usr/sbin/dhclient[69])
The tty of the following process(es) was not found in /var/run/utmp:
! RUID          PID TTY    CMD

**** Files in log
total 24K
drwxr-xr-x 2 root root 4.0K Dec  8 03:12 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
-rw-r--r-- 1 root root 5.1K Dec  8 03:12 log.today
-rw-r--r-- 1 root root 5.1K Dec  8 03:12 log.today.raw
*** Test of content of output follows...

**** Test for '^Ignoring invalid \$FILTER='seds/this/is/invalid/sed/and/will/be/ignored'$'

Ignoring invalid $FILTER='sed s/this/is/invalid/sed/and/will/be/ignored'
OK
**** Test for '^The following suspicious files and directories were found:$'
The following suspicious files and directories were found:
OK
**** Test for '^/usr/lib/\.1$'
/usr/lib/.1
OK
**** Test for '^/usr/lib/\.1DIR$'
/usr/lib/.1DIR
OK
**** Test for '^/usr/lib/\.\.\.DIR$'
/usr/lib/...DIR
OK
**** Test for '^/usr/lib/.bbb$'
/usr/lib/.bbb
OK
**** Test for '^/usr/lib/\.DIR-aaa$'
/usr/lib/.DIR-aaa
OK
**** Test for '^/usr/lib/\.\.\.$'
/usr/lib/...
OK
**** Test for '^$'

OK
**** Test for '^INFECTED: Possible Malicious Linux.Xor.DDoS installed$'
INFECTED: Possible Malicious Linux.Xor.DDoS installed
OK
**** Test for '^/tmp/test-chkrootkit-false-positive$'
/tmp/test-chkrootkit-false-positive
OK

** PASS: Testing: cron-no-diff-mode-06-quiet-invalid-filter-is-ignored(/etc/cron.daily/chkrootkit) done: PASS

* Testing: the daily cron job (with DIFF_MODE, full output)
** Testing: cron-with-diff-mode-01-full (/etc/cron.daily/chkrootkit) ...
*** Output
No file /var/log/chkrootkit/log.expected
This file should contain expected output from chkrootkit

Today's run produced the following output:
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        no suspect files
Searching for sniffer's logs, it may take a while...        nothing found
Searching for rootkit HiDrootkit's default files...         nothing found
Searching for rootkit t0rn's default files...               nothing found
Searching for t0rn's v8 defaults...                         nothing found
Searching for rootkit Lion's default files...               nothing found
Searching for rootkit RSHA's default files...               nothing found
Searching for rootkit RH-Sharpe's default files...          nothing found

Searching for Ambient's rootkit (ark) default files and dirs... nothingfoundSearching for suspicious files and dirs, it may take a while... Thefollowing suspicious files and directories were found:

/usr/lib/...DIR
/usr/lib/.1DIR
/usr/lib/.bbb
/usr/lib/.1
/usr/lib/...
/usr/lib/.aaa
/usr/lib/.DIR-aaa

Searching for LPD Worm files and dirs...                    nothing found
Searching for Ramen Worm files and dirs...                  nothing found
Searching for Maniac files and dirs...                      nothing found
Searching for RK17 files and dirs...                        nothing found
Searching for Ducoci rootkit...                             nothing found
Searching for Adore Worm...                                 nothing found
Searching for ShitC Worm...                                 nothing found
Searching for Omega Worm...                                 nothing found
Searching for Sadmind/IIS Worm...                           nothing found
Searching for MonKit...                                     nothing found
Searching for Showtee...                                    nothing found
Searching for OpticKit...                                   nothing found
Searching for T.R.K...                                      nothing found
Searching for Mithra...                                     nothing found
Searching for OBSD rk v1...                                 nothing found
Searching for LOC rootkit...                                nothing found
Searching for Romanian rootkit...                           nothing found
Searching for HKRK rootkit...                               nothing found
Searching for Suckit rootkit...                             nothing found
Searching for Volc rootkit...                               nothing found
Searching for Gold2 rootkit...                              nothing found
Searching for TC2 Worm default files and dirs...            nothing found
Searching for Anonoying rootkit default files and dirs...   nothing found
Searching for ZK rootkit default files and dirs...          nothing found
Searching for ShKit rootkit default files and dirs...       nothing found
Searching for AjaKit rootkit default files and dirs...      nothing found
Searching for zaRwT rootkit default files and dirs...       nothing found
Searching for Madalin rootkit default files...              nothing found
Searching for Fu rootkit default files...                   nothing found
Searching for ESRK rootkit default files...                 nothing found
Searching for rootedoor...                                  nothing found
Searching for ENYELKM rootkit default files...              nothing found
Searching for common ssh-scanners default files...          nothing found
Searching for Linux/Ebury - Operation Windigo ssh...        not tested
Searching for 64-bit Linux Rootkit ...                      nothing found
Searching for 64-bit Linux Rootkit modules...               nothing found
Searching for Mumblehard Linux ...                          nothing found
Searching for Backdoor.Linux.Mokes.a ...                    nothing found
Searching for Malicious TinyDNS ...                         nothing found

Searching for Linux.Xor.DDoS ... INFECTED:Possible Malicious Linux.Xor.DDoS installed

/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/08_unidentified.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26_improve-info-help-display.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/17_Suckitfalse.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/13_exitcode.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26a_chkrootkit-further-improvement-to-help-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/06_quiet.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/04_backslashes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/19_openssh.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/09_excludes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25a_fix_patch_25.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/02_workingdir.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/21_fix_loc_function.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/16_php.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/03_linedup_reports.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/find-debs-that-are-enhanced
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/rules
/tmp/test-chkrootkit-false-positive
/tmp/autopkgtest-reboot
/tmp/autopkgtest-reboot-prepare
Searching for Linux.Proxy.1.0 ...                           nothing found
Searching for CrossRAT ...                                  nothing found
Searching for Hidden Cobra ...                              nothing found
Searching for Rocke Miner ...                               nothing found
Searching for PWNLNX4 lkm...                                nothing found
Searching for PWNLNX6 lkm...                                nothing found
Searching for Umbreon lrk...                                nothing found
Searching for Kinsing.a backdoor...                         nothing found
Searching for RotaJakiro backdoor...                        nothing found
Searching for suspect PHP files...                          nothing found
Searching for anomalies in shell history files...           nothing found
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not infected

Checking `lkm'... chkproc:nothing detected

chkdirs: nothing detected
Checking `rexedcs'...                                       not found

Checking `sniffer'... Output fromifpromisc:

lo: not promisc and no packet sniffer sockets

<interface>: PACKETSNIFFER([systemd-networkd|dhclient|dhcpd|dhcpcd|wpa_supplicant|NetworkManager]{PID})

Checking `w55808'...                                        not infected

Checking `wted'... chkwtmp:nothing deleted

Checking `scalper'...                                       not infected
Checking `slapper'...                                       not infected

Checking `z2'... chklastlog:nothing deletedChecking `chkutmp'... The tty ofthe following process(es) was not found in /var/run/utmp:

! RUID          PID TTY    CMD

!AUTOPKGTEST_ARTIFACTS="/tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts";export ADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp";exp 0 artifacts";gtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts"; exportADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exp! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! INT {PID} ipt_pid" QUIT PIPE; cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout /tmp

chkutmp: nothing deleted
Checking `OSX_RSPLUG'...                                    not tested
--- [ END: cat /var/log/chkrootkit/log.today ] ---

To create this file containing all output from today's run, do (as root)
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 40K
drwxr-xr-x 2 root root 4.0K Dec  8 03:12 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
-rw-r--r-- 1 root root  15K Dec  8 03:12 log.today
-rw-r--r-- 1 root root  15K Dec  8 03:12 log.today.raw
*** Test of content of output follows...
**** Test for '^No file /var/log/chkrootkit/log\.expected$'
No file /var/log/chkrootkit/log.expected
OK
**** Test for '^This file should contain expected output from chkrootkit$'
This file should contain expected output from chkrootkit
OK
**** Test for '^$'



OK
**** Test for '^Today's run produced the following output:$'
Today's run produced the following output:
OK
**** Test for '^--- \[ BEGIN: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK

**** Test for '^Checking `amd'\.\.\.not infected$'

Checking `amd'...                                           not infected
OK

**** Test for '^Checking `basename'\.\.\.not infected$'

Checking `basename'...                                      not infected
OK

**** Test for '^Checking `biff'\.\.\.not infected$'

Checking `biff'...                                          not infected
OK

**** Test for '^Checking `chfn'\.\.\.not infected$'

Checking `chfn'...                                          not infected
OK

**** Test for '^Checking `chsh'\.\.\.not infected$'

Checking `chsh'...                                          not infected
OK

**** Test for '^Checking `cron'\.\.\.not infected$'

Checking `cron'...                                          not infected
OK

**** Test for '^Checking `crontab'\.\.\.not infected$'

Checking `crontab'...                                       not infected
OK

**** Test for '^Checking `date'\.\.\.not infected$'

Checking `date'...                                          not infected
OK

**** Test for '^Checking `du'\.\.\.not infected$'

Checking `du'...                                            not infected
OK

**** Test for '^Checking `dirname'\.\.\.not infected$'

Checking `dirname'...                                       not infected
OK

**** Test for '^Checking `echo'\.\.\.not infected$'

Checking `echo'...                                          not infected
OK

**** Test for '^Checking `egrep'\.\.\.not infected$'

Checking `egrep'...                                         not infected
OK

**** Test for '^Checking `env'\.\.\.not infected$'

Checking `env'...                                           not infected
OK

**** Test for '^Checking `find'\.\.\.not infected$'

Checking `find'...                                          not infected
OK

**** Test for '^Checking `fingerd'\.\.\.not infected$'

Checking `fingerd'...                                       not infected
OK

**** Test for '^Checking `gpm'\.\.\.not infected$'

Checking `gpm'...                                           not infected
OK

**** Test for '^Checking `grep'\.\.\.not infected$'

Checking `grep'...                                          not infected
OK

**** Test for '^Checking `hdparm'\.\.\.not infected$'

Checking `hdparm'...                                        not infected
OK

**** Test for '^Checking `su'\.\.\.not infected$'

Checking `su'...                                            not infected
OK

**** Test for '^Checking `ifconfig'\.\.\.not infected$'

Checking `ifconfig'...                                      not infected
OK

**** Test for '^Checking `inetd'\.\.\.not infected$'

Checking `inetd'...                                         not infected
OK

**** Test for '^Checking `inetdconf'\.\.\.not infected$'

Checking `inetdconf'...                                     not infected
OK

**** Test for '^Checking `identd'\.\.\.not infected$'

Checking `identd'...                                        not infected
OK

**** Test for '^Checking `init'\.\.\.not infected$'

Checking `init'...                                          not infected
OK

**** Test for '^Checking `killall'\.\.\.not infected$'

Checking `killall'...                                       not infected
OK

**** Test for '^Checking `ldsopreload'\.\.\.not infected$'

Checking `ldsopreload'...                                   not infected
OK

**** Test for '^Checking `login'\.\.\.not infected$'

Checking `login'...                                         not infected
OK

**** Test for '^Checking `ls'\.\.\.not infected$'

Checking `ls'...                                            not infected
OK

**** Test for '^Checking `lsof'\.\.\.not infected$'

Checking `lsof'...                                          not infected
OK

**** Test for '^Checking `mail'\.\.\.not infected$'

Checking `mail'...                                          not infected
OK

**** Test for '^Checking `mingetty'\.\.\.not infected$'

Checking `mingetty'...                                      not infected
OK

**** Test for '^Checking `netstat'\.\.\.not infected$'

Checking `netstat'...                                       not infected
OK

**** Test for '^Checking `named'\.\.\.not infected$'

Checking `named'...                                         not infected
OK

**** Test for '^Checking `passwd'\.\.\.not infected$'

Checking `passwd'...                                        not infected
OK

**** Test for '^Checking `pidof'\.\.\.not infected$'

Checking `pidof'...                                         not infected
OK

**** Test for '^Checking `pop2'\.\.\.not infected$'

Checking `pop2'...                                          not infected
OK

**** Test for '^Checking `pop3'\.\.\.not infected$'

Checking `pop3'...                                          not infected
OK

**** Test for '^Checking `ps'\.\.\.not infected$'

Checking `ps'...                                            not infected
OK

**** Test for '^Checking `pstree'\.\.\.not infected$'

Checking `pstree'...                                        not infected
OK

**** Test for '^Checking `rpcinfo'\.\.\.not infected$'

Checking `rpcinfo'...                                       not infected
OK

**** Test for '^Checking `rlogind'\.\.\.not infected$'

Checking `rlogind'...                                       not infected
OK

**** Test for '^Checking `rshd'\.\.\.not infected$'

Checking `rshd'...                                          not infected
OK

**** Test for '^Checking `slogin'\.\.\.not infected$'

Checking `slogin'...                                        not infected
OK

**** Test for '^Checking `sendmail'\.\.\.not infected$'

Checking `sendmail'...                                      not infected
OK

**** Test for '^Checking `sshd'\.\.\.not infected$'

Checking `sshd'...                                          not infected
OK

**** Test for '^Checking `syslogd'\.\.\.not infected$'

Checking `syslogd'...                                       not infected
OK

**** Test for '^Checking `tar'\.\.\.not infected$'

Checking `tar'...                                           not infected
OK

**** Test for '^Checking `tcpd'\.\.\.not infected$'

Checking `tcpd'...                                          not infected
OK

**** Test for '^Checking `tcpdump'\.\.\.not infected$'

Checking `tcpdump'...                                       not infected
OK

**** Test for '^Checking `top'\.\.\.not infected$'

Checking `top'...                                           not infected
OK

**** Test for '^Checking `telnetd'\.\.\.not infected$'

Checking `telnetd'...                                       not infected
OK

**** Test for '^Checking `timed'\.\.\.not infected$'

Checking `timed'...                                         not infected
OK

**** Test for '^Checking `traceroute'\.\.\.not infected$'

Checking `traceroute'...                                    not infected
OK

**** Test for '^Checking `vdir'\.\.\.not infected$'

Checking `vdir'...                                          not infected
OK

**** Test for '^Checking `w'\.\.\.not infected$'

Checking `w'...                                             not infected
OK

**** Test for '^Checking `write'\.\.\.not infected$'

Checking `write'...                                         not infected
OK

**** Test for '^Checking `aliens'\.\.\.no suspect files$'

Checking `aliens'...                                        no suspect files
OK

**** Test for '^Searching for sniffer's logs, it may take a while\.\.\.nothing found$'

Searching for sniffer's logs, it may take a while...        nothing found
OK

**** Test for '^Searching for rootkit HiDrootkit's default files\.\.\.nothing found$'

Searching for rootkit HiDrootkit's default files...         nothing found
OK

**** Test for '^Searching for rootkit t0rn's default files\.\.\.nothing found$'

Searching for rootkit t0rn's default files...               nothing found
OK

**** Test for '^Searching for t0rn's v8 defaults\.\.\.nothing found$'

Searching for t0rn's v8 defaults...                         nothing found
OK

**** Test for '^Searching for rootkit Lion's default files\.\.\.nothing found$'

Searching for rootkit Lion's default files...               nothing found
OK

**** Test for '^Searching for rootkit RSHA's default files\.\.\.nothing found$'

Searching for rootkit RSHA's default files...               nothing found
OK

**** Test for '^Searching for rootkit RH-Sharpe's default files\.\.\.nothing found$'

Searching for rootkit RH-Sharpe's default files...          nothing found
OK

**** Test for '^Searching for Ambient's rootkit $ark$ default filesand dirs\.\.\. nothing found$'Searching for Ambient's rootkit (ark) default files and dirs... nothingfound

OK

OK
**** Test for '^/usr/lib/\.1$'
/usr/lib/.1
OK
**** Test for '^/usr/lib/\.aaa$'
/usr/lib/.aaa
OK
**** Test for '^/usr/lib/\.1DIR$'
/usr/lib/.1DIR
OK
**** Test for '^/usr/lib/\.\.\.DIR$'
/usr/lib/...DIR
OK
**** Test for '^/usr/lib/\.bbb$'
/usr/lib/.bbb
OK
**** Test for '^/usr/lib/\.DIR-aaa$'
/usr/lib/.DIR-aaa
OK
**** Test for '^/usr/lib/\.\.\.$'
/usr/lib/...
OK
**** Test for '^$'



OK

**** Test for '^Searching for LPD Worm files and dirs\.\.\.nothing found$'

Searching for LPD Worm files and dirs...                    nothing found
OK

**** Test for '^Searching for Ramen Worm files and dirs\.\.\.nothing found$'

Searching for Ramen Worm files and dirs...                  nothing found
OK

**** Test for '^Searching for Maniac files and dirs\.\.\.nothing found$'

Searching for Maniac files and dirs...                      nothing found
OK

**** Test for '^Searching for RK17 files and dirs\.\.\.nothing found$'

Searching for RK17 files and dirs...                        nothing found
OK

**** Test for '^Searching for Ducoci rootkit\.\.\.nothing found$'

Searching for Ducoci rootkit...                             nothing found
OK

**** Test for '^Searching for Adore Worm\.\.\.nothing found$'

Searching for Adore Worm...                                 nothing found
OK

**** Test for '^Searching for ShitC Worm\.\.\.nothing found$'

Searching for ShitC Worm...                                 nothing found
OK

**** Test for '^Searching for Omega Worm\.\.\.nothing found$'

Searching for Omega Worm...                                 nothing found
OK

**** Test for '^Searching for Sadmind/IIS Worm\.\.\.nothing found$'

Searching for Sadmind/IIS Worm...                           nothing found
OK

**** Test for '^Searching for MonKit\.\.\.nothing found$'

Searching for MonKit...                                     nothing found
OK

**** Test for '^Searching for Showtee\.\.\.nothing found$'

Searching for Showtee...                                    nothing found
OK

**** Test for '^Searching for OpticKit\.\.\.nothing found$'

Searching for OpticKit...                                   nothing found
OK

**** Test for '^Searching for T\.R\.K\.\.\.nothing found$'

Searching for T.R.K...                                      nothing found
OK

**** Test for '^Searching for Mithra\.\.\.nothing found$'

Searching for Mithra...                                     nothing found
OK

**** Test for '^Searching for OBSD rk v1\.\.\.nothing found$'

Searching for OBSD rk v1...                                 nothing found
OK

**** Test for '^Searching for LOC rootkit\.\.\.nothing found$'

Searching for LOC rootkit...                                nothing found
OK

**** Test for '^Searching for Romanian rootkit\.\.\.nothing found$'

Searching for Romanian rootkit...                           nothing found
OK

**** Test for '^Searching for HKRK rootkit\.\.\.nothing found$'

Searching for HKRK rootkit...                               nothing found
OK

**** Test for '^Searching for Suckit rootkit\.\.\.nothing found$'

Searching for Suckit rootkit...                             nothing found
OK

**** Test for '^Searching for Volc rootkit\.\.\.nothing found$'

Searching for Volc rootkit...                               nothing found
OK

**** Test for '^Searching for Gold2 rootkit\.\.\.nothing found$'

Searching for Gold2 rootkit...                              nothing found
OK

**** Test for '^Searching for TC2 Worm default files and dirs\.\.\.nothing found$'

Searching for TC2 Worm default files and dirs...            nothing found
OK

**** Test for '^Searching for Anonoying rootkit default files anddirs\.\.\. nothing found$'

Searching for Anonoying rootkit default files and dirs...   nothing found
OK

**** Test for '^Searching for ZK rootkit default files and dirs\.\.\.nothing found$'

Searching for ZK rootkit default files and dirs...          nothing found
OK

**** Test for '^Searching for ShKit rootkit default files and dirs\.\.\.nothing found$'

Searching for ShKit rootkit default files and dirs...       nothing found
OK

**** Test for '^Searching for AjaKit rootkit default files anddirs\.\.\. nothing found$'

Searching for AjaKit rootkit default files and dirs...      nothing found
OK

**** Test for '^Searching for zaRwT rootkit default files and dirs\.\.\.nothing found$'

Searching for zaRwT rootkit default files and dirs...       nothing found
OK

**** Test for '^Searching for Madalin rootkit default files\.\.\.nothing found$'

Searching for Madalin rootkit default files...              nothing found
OK

**** Test for '^Searching for Fu rootkit default files\.\.\.nothing found$'

Searching for Fu rootkit default files...                   nothing found
OK

**** Test for '^Searching for ESRK rootkit default files\.\.\.nothing found$'

Searching for ESRK rootkit default files...                 nothing found
OK

**** Test for '^Searching for rootedoor\.\.\.nothing found$'

Searching for rootedoor...                                  nothing found
OK

**** Test for '^Searching for ENYELKM rootkit default files\.\.\.nothing found$'

Searching for ENYELKM rootkit default files...              nothing found
OK

**** Test for '^Searching for common ssh-scanners default files\.\.\.nothing found$'

Searching for common ssh-scanners default files...          nothing found
OK

**** Test for '^Searching for Linux/Ebury - Operation Windigo ssh\.\.\.nothing found$'

<No match (FAIL)>

**** Test for '^Searching for 64-bit Linux Rootkit \.\.\.nothing found$'

Searching for 64-bit Linux Rootkit ...                      nothing found
OK

**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\.nothing found$'

Searching for 64-bit Linux Rootkit modules...               nothing found
OK

**** Test for '^Searching for Mumblehard Linux \.\.\.nothing found$'

Searching for Mumblehard Linux ...                          nothing found
OK

**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a \.\.\.nothing found$'

Searching for Backdoor.Linux.Mokes.a ...                    nothing found
OK

**** Test for '^Searching for Malicious TinyDNS \.\.\.nothing found$'

Searching for Malicious TinyDNS ...                         nothing found
OK

**** Test for '^Searching for Linux\.Xor\.DDoS \.\.\.INFECTED: Possible Malicious Linux\.Xor\.DDoS installed$'Searching for Linux.Xor.DDoS ... INFECTED:Possible Malicious Linux.Xor.DDoS installed

OK
**** Test for '^/tmp/test-chkrootkit-false-positive$'
/tmp/test-chkrootkit-false-positive
OK

**** Test for '^Searching for Linux\.Proxy\.1\.0 \.\.\.nothing found$'

Searching for Linux.Proxy.1.0 ...                           nothing found
OK

**** Test for '^Searching for CrossRAT \.\.\.nothing found$'

Searching for CrossRAT ...                                  nothing found
OK

**** Test for '^Searching for Hidden Cobra \.\.\.nothing found$'

Searching for Hidden Cobra ...                              nothing found
OK

**** Test for '^Searching for Rocke Miner \.\.\.nothing found$'

Searching for Rocke Miner ...                               nothing found
OK

**** Test for '^Searching for PWNLNX4 lkm\.\.\.nothing found$'

Searching for PWNLNX4 lkm...                                nothing found
OK

**** Test for '^Searching for PWNLNX6 lkm\.\.\.nothing found$'

Searching for PWNLNX6 lkm...                                nothing found
OK

**** Test for '^Searching for Umbreon lrk\.\.\.nothing found$'

Searching for Umbreon lrk...                                nothing found
OK

**** Test for '^Searching for Kinsing\.a backdoor\.\.\.nothing found$'

Searching for Kinsing.a backdoor...                         nothing found
OK

**** Test for '^Searching for RotaJakiro backdoor\.\.\.nothing found$'

Searching for RotaJakiro backdoor...                        nothing found
OK

**** Test for '^Searching for suspect PHP files\.\.\.nothing found$'

Searching for suspect PHP files...                          nothing found
OK

**** Test for '^Searching for anomalies in shell history files\.\.\.nothing found$'

Searching for anomalies in shell history files...           nothing found
OK

**** Test for '^Checking `asp'\.\.\.not infected$'

Checking `asp'...                                           not infected
OK

**** Test for '^Checking `bindshell'\.\.\.not infected$'

Checking `bindshell'...                                     not infected
OK

**** Test for '^Checking `lkm'\.\.\.chkproc: nothing detected$'Checking `lkm'... chkproc:nothing detected

OK
**** Test for '^chkdirs:'
chkdirs: nothing detected
OK

**** Test for '^Checking `rexedcs'\.\.\.not found$'

Checking `rexedcs'...                                       not found
OK

**** Test for '^Checking `sniffer'\.\.\.Output from ifpromisc:$'Checking `sniffer'... Output fromifpromisc:

OK
**** Test for '^lo: not promisc and no packet sniffer sockets$'
lo: not promisc and no packet sniffer sockets
OK

**** Test for '^Checking `w55808'\.\.\.not infected$'

Checking `w55808'...                                        not infected
OK

**** Test for '^Checking `wted'\.\.\.chkwtmp: nothing deleted$'Checking `wted'... chkwtmp:nothing deleted

OK

**** Test for '^Checking `scalper'\.\.\.not infected$'

Checking `scalper'...                                       not infected
OK

**** Test for '^Checking `slapper'\.\.\.not infected$'

Checking `slapper'...                                       not infected
OK

**** Test for '^Checking `z2'\.\.\.chklastlog: nothing deleted$'Checking `z2'... chklastlog:nothing deleted

OK
**** Test for '^Checking `chkutmp'\.\.\.'

Checking `chkutmp'... The tty ofthe following process(es) was not found in /var/run/utmp:

OK

**** Test for '^Checking `OSX_RSPLUG'\.\.\.not tested$'

Checking `OSX_RSPLUG'...                                    not tested
OK
**** Test for '^chkutmp: nothing deleted$'
chkutmp: nothing deleted
OK
**** Test for '^--- \[ END: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ END: cat /var/log/chkrootkit/log.today ] ---
OK

**** Test for '^To create this file containing all output from today'srun, do $as root$$'

To create this file containing all output from today's run, do (as root)
OK

**** Test for '^# cp -a /var/log/chkrootkit/log\.today/var/log/chkrootkit/log\.expected$'

# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK

**** Test for '^# $note that unedited output is in/var/log/chkrootkit/log\.today\.raw$$'

# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK

** FAIL: Testing: cron-with-diff-mode-01-full(/etc/cron.daily/chkrootkit) done: FAIL

*** FAIL was with config set to:
RUN_DAILY=true
DIFF_MODE=true

*** Reason(s) for failure follows
Result: FAIL

Missing: ^Searching for Linux/Ebury - Operation Windigo ssh\.\.\.nothing found$

Unexpected (unmatched) lines follow (for info):
Searching for Linux/Ebury - Operation Windigo ssh...        not tested

** Testing: cron-with-diff-mode-02-full-rerun(/etc/cron.daily/chkrootkit) ...

*** Output
No file /var/log/chkrootkit/log.expected
This file should contain expected output from chkrootkit

Today's run produced the following output:
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        no suspect files
Searching for sniffer's logs, it may take a while...        nothing found
Searching for rootkit HiDrootkit's default files...         nothing found
Searching for rootkit t0rn's default files...               nothing found
Searching for t0rn's v8 defaults...                         nothing found
Searching for rootkit Lion's default files...               nothing found
Searching for rootkit RSHA's default files...               nothing found
Searching for rootkit RH-Sharpe's default files...          nothing found

Searching for Ambient's rootkit (ark) default files and dirs... nothingfoundSearching for suspicious files and dirs, it may take a while... Thefollowing suspicious files and directories were found:

/usr/lib/...DIR
/usr/lib/.1DIR
/usr/lib/.bbb
/usr/lib/.1
/usr/lib/...
/usr/lib/.aaa
/usr/lib/.DIR-aaa

Searching for LPD Worm files and dirs...                    nothing found
Searching for Ramen Worm files and dirs...                  nothing found
Searching for Maniac files and dirs...                      nothing found
Searching for RK17 files and dirs...                        nothing found
Searching for Ducoci rootkit...                             nothing found
Searching for Adore Worm...                                 nothing found
Searching for ShitC Worm...                                 nothing found
Searching for Omega Worm...                                 nothing found
Searching for Sadmind/IIS Worm...                           nothing found
Searching for MonKit...                                     nothing found
Searching for Showtee...                                    nothing found
Searching for OpticKit...                                   nothing found
Searching for T.R.K...                                      nothing found
Searching for Mithra...                                     nothing found
Searching for OBSD rk v1...                                 nothing found
Searching for LOC rootkit...                                nothing found
Searching for Romanian rootkit...                           nothing found
Searching for HKRK rootkit...                               nothing found
Searching for Suckit rootkit...                             nothing found
Searching for Volc rootkit...                               nothing found
Searching for Gold2 rootkit...                              nothing found
Searching for TC2 Worm default files and dirs...            nothing found
Searching for Anonoying rootkit default files and dirs...   nothing found
Searching for ZK rootkit default files and dirs...          nothing found
Searching for ShKit rootkit default files and dirs...       nothing found
Searching for AjaKit rootkit default files and dirs...      nothing found
Searching for zaRwT rootkit default files and dirs...       nothing found
Searching for Madalin rootkit default files...              nothing found
Searching for Fu rootkit default files...                   nothing found
Searching for ESRK rootkit default files...                 nothing found
Searching for rootedoor...                                  nothing found
Searching for ENYELKM rootkit default files...              nothing found
Searching for common ssh-scanners default files...          nothing found
Searching for Linux/Ebury - Operation Windigo ssh...        not tested
Searching for 64-bit Linux Rootkit ...                      nothing found
Searching for 64-bit Linux Rootkit modules...               nothing found
Searching for Mumblehard Linux ...                          nothing found
Searching for Backdoor.Linux.Mokes.a ...                    nothing found
Searching for Malicious TinyDNS ...                         nothing found

Searching for Linux.Xor.DDoS ... INFECTED:Possible Malicious Linux.Xor.DDoS installed

/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/08_unidentified.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26_improve-info-help-display.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/17_Suckitfalse.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/13_exitcode.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26a_chkrootkit-further-improvement-to-help-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/06_quiet.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/04_backslashes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/19_openssh.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/09_excludes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25a_fix_patch_25.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/02_workingdir.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/21_fix_loc_function.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/16_php.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/03_linedup_reports.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/find-debs-that-are-enhanced
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/rules
/tmp/test-chkrootkit-false-positive
/tmp/autopkgtest-reboot
/tmp/autopkgtest-reboot-prepare
Searching for Linux.Proxy.1.0 ...                           nothing found
Searching for CrossRAT ...                                  nothing found
Searching for Hidden Cobra ...                              nothing found
Searching for Rocke Miner ...                               nothing found
Searching for PWNLNX4 lkm...                                nothing found
Searching for PWNLNX6 lkm...                                nothing found
Searching for Umbreon lrk...                                nothing found
Searching for Kinsing.a backdoor...                         nothing found
Searching for RotaJakiro backdoor...                        nothing found
Searching for suspect PHP files...                          nothing found
Searching for anomalies in shell history files...           nothing found
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not infected

Checking `lkm'... chkproc:nothing detected

chkdirs: nothing detected
Checking `rexedcs'...                                       not found

Checking `sniffer'... Output fromifpromisc:

lo: not promisc and no packet sniffer sockets

<interface>: PACKETSNIFFER([systemd-networkd|dhclient|dhcpd|dhcpcd|wpa_supplicant|NetworkManager]{PID})

Checking `w55808'...                                        not infected

Checking `wted'... chkwtmp:nothing deleted

Checking `scalper'...                                       not infected
Checking `slapper'...                                       not infected

Checking `z2'... chklastlog:nothing deletedChecking `chkutmp'... The tty ofthe following process(es) was not found in /var/run/utmp:

! RUID          PID TTY    CMD

!AUTOPKGTEST_ARTIFACTS="/tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts";export ADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp";exp 0 artifacts";gtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts"; exportADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exp! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! INT {PID} ipt_pid" QUIT PIPE; cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout /tmp

chkutmp: nothing deleted
Checking `OSX_RSPLUG'...                                    not tested
--- [ END: cat /var/log/chkrootkit/log.today ] ---

To create this file containing all output from today's run, do (as root)
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 40K
drwxr-xr-x 2 root root 4.0K Dec  8 03:12 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
-rw-r--r-- 1 root root  15K Dec  8 03:12 log.today
-rw-r--r-- 1 root root  15K Dec  8 03:12 log.today.raw
*** Test of content of output follows...
**** Test for '^No file /var/log/chkrootkit/log\.expected$'
No file /var/log/chkrootkit/log.expected
OK
**** Test for '^This file should contain expected output from chkrootkit$'
This file should contain expected output from chkrootkit
OK
**** Test for '^$'



OK
**** Test for '^Today's run produced the following output:$'
Today's run produced the following output:
OK
**** Test for '^--- \[ BEGIN: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK

**** Test for '^Checking `amd'\.\.\.not infected$'

Checking `amd'...                                           not infected
OK

**** Test for '^Checking `basename'\.\.\.not infected$'

Checking `basename'...                                      not infected
OK

**** Test for '^Checking `biff'\.\.\.not infected$'

Checking `biff'...                                          not infected
OK

**** Test for '^Checking `chfn'\.\.\.not infected$'

Checking `chfn'...                                          not infected
OK

**** Test for '^Checking `chsh'\.\.\.not infected$'

Checking `chsh'...                                          not infected
OK

**** Test for '^Checking `cron'\.\.\.not infected$'

Checking `cron'...                                          not infected
OK

**** Test for '^Checking `crontab'\.\.\.not infected$'

Checking `crontab'...                                       not infected
OK

**** Test for '^Checking `date'\.\.\.not infected$'

Checking `date'...                                          not infected
OK

**** Test for '^Checking `du'\.\.\.not infected$'

Checking `du'...                                            not infected
OK

**** Test for '^Checking `dirname'\.\.\.not infected$'

Checking `dirname'...                                       not infected
OK

**** Test for '^Checking `echo'\.\.\.not infected$'

Checking `echo'...                                          not infected
OK

**** Test for '^Checking `egrep'\.\.\.not infected$'

Checking `egrep'...                                         not infected
OK

**** Test for '^Checking `env'\.\.\.not infected$'

Checking `env'...                                           not infected
OK

**** Test for '^Checking `find'\.\.\.not infected$'

Checking `find'...                                          not infected
OK

**** Test for '^Checking `fingerd'\.\.\.not infected$'

Checking `fingerd'...                                       not infected
OK

**** Test for '^Checking `gpm'\.\.\.not infected$'

Checking `gpm'...                                           not infected
OK

**** Test for '^Checking `grep'\.\.\.not infected$'

Checking `grep'...                                          not infected
OK

**** Test for '^Checking `hdparm'\.\.\.not infected$'

Checking `hdparm'...                                        not infected
OK

**** Test for '^Checking `su'\.\.\.not infected$'

Checking `su'...                                            not infected
OK

**** Test for '^Checking `ifconfig'\.\.\.not infected$'

Checking `ifconfig'...                                      not infected
OK

**** Test for '^Checking `inetd'\.\.\.not infected$'

Checking `inetd'...                                         not infected
OK

**** Test for '^Checking `inetdconf'\.\.\.not infected$'

Checking `inetdconf'...                                     not infected
OK

**** Test for '^Checking `identd'\.\.\.not infected$'

Checking `identd'...                                        not infected
OK

**** Test for '^Checking `init'\.\.\.not infected$'

Checking `init'...                                          not infected
OK

**** Test for '^Checking `killall'\.\.\.not infected$'

Checking `killall'...                                       not infected
OK

**** Test for '^Checking `ldsopreload'\.\.\.not infected$'

Checking `ldsopreload'...                                   not infected
OK

**** Test for '^Checking `login'\.\.\.not infected$'

Checking `login'...                                         not infected
OK

**** Test for '^Checking `ls'\.\.\.not infected$'

Checking `ls'...                                            not infected
OK

**** Test for '^Checking `lsof'\.\.\.not infected$'

Checking `lsof'...                                          not infected
OK

**** Test for '^Checking `mail'\.\.\.not infected$'

Checking `mail'...                                          not infected
OK

**** Test for '^Checking `mingetty'\.\.\.not infected$'

Checking `mingetty'...                                      not infected
OK

**** Test for '^Checking `netstat'\.\.\.not infected$'

Checking `netstat'...                                       not infected
OK

**** Test for '^Checking `named'\.\.\.not infected$'

Checking `named'...                                         not infected
OK

**** Test for '^Checking `passwd'\.\.\.not infected$'

Checking `passwd'...                                        not infected
OK

**** Test for '^Checking `pidof'\.\.\.not infected$'

Checking `pidof'...                                         not infected
OK

**** Test for '^Checking `pop2'\.\.\.not infected$'

Checking `pop2'...                                          not infected
OK

**** Test for '^Checking `pop3'\.\.\.not infected$'

Checking `pop3'...                                          not infected
OK

**** Test for '^Checking `ps'\.\.\.not infected$'

Checking `ps'...                                            not infected
OK

**** Test for '^Checking `pstree'\.\.\.not infected$'

Checking `pstree'...                                        not infected
OK

**** Test for '^Checking `rpcinfo'\.\.\.not infected$'

Checking `rpcinfo'...                                       not infected
OK

**** Test for '^Checking `rlogind'\.\.\.not infected$'

Checking `rlogind'...                                       not infected
OK

**** Test for '^Checking `rshd'\.\.\.not infected$'

Checking `rshd'...                                          not infected
OK

**** Test for '^Checking `slogin'\.\.\.not infected$'

Checking `slogin'...                                        not infected
OK

**** Test for '^Checking `sendmail'\.\.\.not infected$'

Checking `sendmail'...                                      not infected
OK

**** Test for '^Checking `sshd'\.\.\.not infected$'

Checking `sshd'...                                          not infected
OK

**** Test for '^Checking `syslogd'\.\.\.not infected$'

Checking `syslogd'...                                       not infected
OK

**** Test for '^Checking `tar'\.\.\.not infected$'

Checking `tar'...                                           not infected
OK

**** Test for '^Checking `tcpd'\.\.\.not infected$'

Checking `tcpd'...                                          not infected
OK

**** Test for '^Checking `tcpdump'\.\.\.not infected$'

Checking `tcpdump'...                                       not infected
OK

**** Test for '^Checking `top'\.\.\.not infected$'

Checking `top'...                                           not infected
OK

**** Test for '^Checking `telnetd'\.\.\.not infected$'

Checking `telnetd'...                                       not infected
OK

**** Test for '^Checking `timed'\.\.\.not infected$'

Checking `timed'...                                         not infected
OK

**** Test for '^Checking `traceroute'\.\.\.not infected$'

Checking `traceroute'...                                    not infected
OK

**** Test for '^Checking `vdir'\.\.\.not infected$'

Checking `vdir'...                                          not infected
OK

**** Test for '^Checking `w'\.\.\.not infected$'

Checking `w'...                                             not infected
OK

**** Test for '^Checking `write'\.\.\.not infected$'

Checking `write'...                                         not infected
OK

**** Test for '^Checking `aliens'\.\.\.no suspect files$'

Checking `aliens'...                                        no suspect files
OK

**** Test for '^Searching for sniffer's logs, it may take a while\.\.\.nothing found$'

Searching for sniffer's logs, it may take a while...        nothing found
OK

**** Test for '^Searching for rootkit HiDrootkit's default files\.\.\.nothing found$'

Searching for rootkit HiDrootkit's default files...         nothing found
OK

**** Test for '^Searching for rootkit t0rn's default files\.\.\.nothing found$'

Searching for rootkit t0rn's default files...               nothing found
OK

**** Test for '^Searching for t0rn's v8 defaults\.\.\.nothing found$'

Searching for t0rn's v8 defaults...                         nothing found
OK

**** Test for '^Searching for rootkit Lion's default files\.\.\.nothing found$'

Searching for rootkit Lion's default files...               nothing found
OK

**** Test for '^Searching for rootkit RSHA's default files\.\.\.nothing found$'

Searching for rootkit RSHA's default files...               nothing found
OK

**** Test for '^Searching for rootkit RH-Sharpe's default files\.\.\.nothing found$'

Searching for rootkit RH-Sharpe's default files...          nothing found
OK

**** Test for '^Searching for Ambient's rootkit $ark$ default filesand dirs\.\.\. nothing found$'Searching for Ambient's rootkit (ark) default files and dirs... nothingfound

OK

OK
**** Test for '^/usr/lib/\.1$'
/usr/lib/.1
OK
**** Test for '^/usr/lib/\.aaa$'
/usr/lib/.aaa
OK
**** Test for '^/usr/lib/\.1DIR$'
/usr/lib/.1DIR
OK
**** Test for '^/usr/lib/\.\.\.DIR$'
/usr/lib/...DIR
OK
**** Test for '^/usr/lib/\.bbb$'
/usr/lib/.bbb
OK
**** Test for '^/usr/lib/\.DIR-aaa$'
/usr/lib/.DIR-aaa
OK
**** Test for '^/usr/lib/\.\.\.$'
/usr/lib/...
OK
**** Test for '^$'



OK

**** Test for '^Searching for LPD Worm files and dirs\.\.\.nothing found$'

Searching for LPD Worm files and dirs...                    nothing found
OK

**** Test for '^Searching for Ramen Worm files and dirs\.\.\.nothing found$'

Searching for Ramen Worm files and dirs...                  nothing found
OK

**** Test for '^Searching for Maniac files and dirs\.\.\.nothing found$'

Searching for Maniac files and dirs...                      nothing found
OK

**** Test for '^Searching for RK17 files and dirs\.\.\.nothing found$'

Searching for RK17 files and dirs...                        nothing found
OK

**** Test for '^Searching for Ducoci rootkit\.\.\.nothing found$'

Searching for Ducoci rootkit...                             nothing found
OK

**** Test for '^Searching for Adore Worm\.\.\.nothing found$'

Searching for Adore Worm...                                 nothing found
OK

**** Test for '^Searching for ShitC Worm\.\.\.nothing found$'

Searching for ShitC Worm...                                 nothing found
OK

**** Test for '^Searching for Omega Worm\.\.\.nothing found$'

Searching for Omega Worm...                                 nothing found
OK

**** Test for '^Searching for Sadmind/IIS Worm\.\.\.nothing found$'

Searching for Sadmind/IIS Worm...                           nothing found
OK

**** Test for '^Searching for MonKit\.\.\.nothing found$'

Searching for MonKit...                                     nothing found
OK

**** Test for '^Searching for Showtee\.\.\.nothing found$'

Searching for Showtee...                                    nothing found
OK

**** Test for '^Searching for OpticKit\.\.\.nothing found$'

Searching for OpticKit...                                   nothing found
OK

**** Test for '^Searching for T\.R\.K\.\.\.nothing found$'

Searching for T.R.K...                                      nothing found
OK

**** Test for '^Searching for Mithra\.\.\.nothing found$'

Searching for Mithra...                                     nothing found
OK

**** Test for '^Searching for OBSD rk v1\.\.\.nothing found$'

Searching for OBSD rk v1...                                 nothing found
OK

**** Test for '^Searching for LOC rootkit\.\.\.nothing found$'

Searching for LOC rootkit...                                nothing found
OK

**** Test for '^Searching for Romanian rootkit\.\.\.nothing found$'

Searching for Romanian rootkit...                           nothing found
OK

**** Test for '^Searching for HKRK rootkit\.\.\.nothing found$'

Searching for HKRK rootkit...                               nothing found
OK

**** Test for '^Searching for Suckit rootkit\.\.\.nothing found$'

Searching for Suckit rootkit...                             nothing found
OK

**** Test for '^Searching for Volc rootkit\.\.\.nothing found$'

Searching for Volc rootkit...                               nothing found
OK

**** Test for '^Searching for Gold2 rootkit\.\.\.nothing found$'

Searching for Gold2 rootkit...                              nothing found
OK

**** Test for '^Searching for TC2 Worm default files and dirs\.\.\.nothing found$'

Searching for TC2 Worm default files and dirs...            nothing found
OK

**** Test for '^Searching for Anonoying rootkit default files anddirs\.\.\. nothing found$'

Searching for Anonoying rootkit default files and dirs...   nothing found
OK

**** Test for '^Searching for ZK rootkit default files and dirs\.\.\.nothing found$'

Searching for ZK rootkit default files and dirs...          nothing found
OK

**** Test for '^Searching for ShKit rootkit default files and dirs\.\.\.nothing found$'

Searching for ShKit rootkit default files and dirs...       nothing found
OK

**** Test for '^Searching for AjaKit rootkit default files anddirs\.\.\. nothing found$'

Searching for AjaKit rootkit default files and dirs...      nothing found
OK

**** Test for '^Searching for zaRwT rootkit default files and dirs\.\.\.nothing found$'

Searching for zaRwT rootkit default files and dirs...       nothing found
OK

**** Test for '^Searching for Madalin rootkit default files\.\.\.nothing found$'

Searching for Madalin rootkit default files...              nothing found
OK

**** Test for '^Searching for Fu rootkit default files\.\.\.nothing found$'

Searching for Fu rootkit default files...                   nothing found
OK

**** Test for '^Searching for ESRK rootkit default files\.\.\.nothing found$'

Searching for ESRK rootkit default files...                 nothing found
OK

**** Test for '^Searching for rootedoor\.\.\.nothing found$'

Searching for rootedoor...                                  nothing found
OK

**** Test for '^Searching for ENYELKM rootkit default files\.\.\.nothing found$'

Searching for ENYELKM rootkit default files...              nothing found
OK

**** Test for '^Searching for common ssh-scanners default files\.\.\.nothing found$'

Searching for common ssh-scanners default files...          nothing found
OK

**** Test for '^Searching for Linux/Ebury - Operation Windigo ssh\.\.\.nothing found$'

<No match (FAIL)>

**** Test for '^Searching for 64-bit Linux Rootkit \.\.\.nothing found$'

Searching for 64-bit Linux Rootkit ...                      nothing found
OK

**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\.nothing found$'

Searching for 64-bit Linux Rootkit modules...               nothing found
OK

**** Test for '^Searching for Mumblehard Linux \.\.\.nothing found$'

Searching for Mumblehard Linux ...                          nothing found
OK

**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a \.\.\.nothing found$'

Searching for Backdoor.Linux.Mokes.a ...                    nothing found
OK

**** Test for '^Searching for Malicious TinyDNS \.\.\.nothing found$'

Searching for Malicious TinyDNS ...                         nothing found
OK

**** Test for '^Searching for Linux\.Xor\.DDoS \.\.\.INFECTED: Possible Malicious Linux\.Xor\.DDoS installed$'Searching for Linux.Xor.DDoS ... INFECTED:Possible Malicious Linux.Xor.DDoS installed

OK
**** Test for '^/tmp/test-chkrootkit-false-positive$'
/tmp/test-chkrootkit-false-positive
OK

**** Test for '^Searching for Linux\.Proxy\.1\.0 \.\.\.nothing found$'

Searching for Linux.Proxy.1.0 ...                           nothing found
OK

**** Test for '^Searching for CrossRAT \.\.\.nothing found$'

Searching for CrossRAT ...                                  nothing found
OK

**** Test for '^Searching for Hidden Cobra \.\.\.nothing found$'

Searching for Hidden Cobra ...                              nothing found
OK

**** Test for '^Searching for Rocke Miner \.\.\.nothing found$'

Searching for Rocke Miner ...                               nothing found
OK

**** Test for '^Searching for PWNLNX4 lkm\.\.\.nothing found$'

Searching for PWNLNX4 lkm...                                nothing found
OK

**** Test for '^Searching for PWNLNX6 lkm\.\.\.nothing found$'

Searching for PWNLNX6 lkm...                                nothing found
OK

**** Test for '^Searching for Umbreon lrk\.\.\.nothing found$'

Searching for Umbreon lrk...                                nothing found
OK

**** Test for '^Searching for Kinsing\.a backdoor\.\.\.nothing found$'

Searching for Kinsing.a backdoor...                         nothing found
OK

**** Test for '^Searching for RotaJakiro backdoor\.\.\.nothing found$'

Searching for RotaJakiro backdoor...                        nothing found
OK

**** Test for '^Searching for suspect PHP files\.\.\.nothing found$'

Searching for suspect PHP files...                          nothing found
OK

**** Test for '^Searching for anomalies in shell history files\.\.\.nothing found$'

Searching for anomalies in shell history files...           nothing found
OK

**** Test for '^Checking `asp'\.\.\.not infected$'

Checking `asp'...                                           not infected
OK

**** Test for '^Checking `bindshell'\.\.\.not infected$'

Checking `bindshell'...                                     not infected
OK

**** Test for '^Checking `lkm'\.\.\.chkproc: nothing detected$'Checking `lkm'... chkproc:nothing detected

OK
**** Test for '^chkdirs:'
chkdirs: nothing detected
OK

**** Test for '^Checking `rexedcs'\.\.\.not found$'

Checking `rexedcs'...                                       not found
OK

**** Test for '^Checking `sniffer'\.\.\.Output from ifpromisc:$'Checking `sniffer'... Output fromifpromisc:

OK
**** Test for '^lo: not promisc and no packet sniffer sockets$'
lo: not promisc and no packet sniffer sockets
OK

**** Test for '^Checking `w55808'\.\.\.not infected$'

Checking `w55808'...                                        not infected
OK

**** Test for '^Checking `wted'\.\.\.chkwtmp: nothing deleted$'Checking `wted'... chkwtmp:nothing deleted

OK

**** Test for '^Checking `scalper'\.\.\.not infected$'

Checking `scalper'...                                       not infected
OK

**** Test for '^Checking `slapper'\.\.\.not infected$'

Checking `slapper'...                                       not infected
OK

**** Test for '^Checking `z2'\.\.\.chklastlog: nothing deleted$'Checking `z2'... chklastlog:nothing deleted

OK
**** Test for '^Checking `chkutmp'\.\.\.'

Checking `chkutmp'... The tty ofthe following process(es) was not found in /var/run/utmp:

OK

**** Test for '^Checking `OSX_RSPLUG'\.\.\.not tested$'

Checking `OSX_RSPLUG'...                                    not tested
OK
**** Test for '^chkutmp: nothing deleted$'
chkutmp: nothing deleted
OK
**** Test for '^--- \[ END: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ END: cat /var/log/chkrootkit/log.today ] ---
OK

**** Test for '^To create this file containing all output from today'srun, do $as root$$'

To create this file containing all output from today's run, do (as root)
OK

**** Test for '^# cp -a /var/log/chkrootkit/log\.today/var/log/chkrootkit/log\.expected$'

# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK

**** Test for '^# $note that unedited output is in/var/log/chkrootkit/log\.today\.raw$$'

# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK

** FAIL: Testing: cron-with-diff-mode-02-full-rerun(/etc/cron.daily/chkrootkit) done: FAIL

*** FAIL was with config set to:
RUN_DAILY=true
DIFF_MODE=true

*** Reason(s) for failure follows
Result: FAIL

Missing: ^Searching for Linux/Ebury - Operation Windigo ssh\.\.\.nothing found$

Unexpected (unmatched) lines follow (for info):
Searching for Linux/Ebury - Operation Windigo ssh...        not tested

** Testing: cron-with-diff-mode-03-full-after-update(/etc/cron.daily/chkrootkit) ...

*** Output
**** Files in log
total 56K
drwxr-xr-x 2 root root 4.0K Dec  8 03:12 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
-rw-r--r-- 1 root root  15K Dec  8 03:12 log.expected
-rw-r--r-- 1 root root  15K Dec  8 03:12 log.today
-rw-r--r-- 1 root root  15K Dec  8 03:12 log.today.raw
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS

** PASS: Testing: cron-with-diff-mode-03-full-after-update(/etc/cron.daily/chkrootkit) done: PASS** Testing: cron-with-diff-mode-04-full-no-ionice(/etc/cron.daily/chkrootkit) ...

*** Output
**** Files in log
total 56K
drwxr-xr-x 2 root root 4.0K Dec  8 03:12 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
-rw-r--r-- 1 root root  15K Dec  8 03:12 log.expected
-rw-r--r-- 1 root root  15K Dec  8 03:12 log.today
-rw-r--r-- 1 root root  15K Dec  8 03:12 log.today.raw
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS

** PASS: Testing: cron-with-diff-mode-04-full-no-ionice(/etc/cron.daily/chkrootkit) done: PASS** Testing: cron-with-diff-mode-05-full-filter-and-ignore(/etc/cron.daily/chkrootkit) ...

*** Output
chkrootkit output was not as expected.

The difference is:

--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected/var/log/chkrootkit/log.today ] ---

--- /var/log/chkrootkit/log.expected	2021-12-08 03:12:48.903514005 +0000
+++ /var/log/chkrootkit/log.today	2021-12-08 03:13:01.603671889 +0000
@@ -67,10 +67,9 @@

Searching for suspicious files and dirs, it may take a while... Thefollowing suspicious files and directories were found:

 /usr/lib/...DIR
 /usr/lib/.1DIR
-/usr/lib/.bbb
+/usr/lib/.bCHANGED-IN-FILTER_
 /usr/lib/.1
 /usr/lib/...
-/usr/lib/.aaa
 /usr/lib/.DIR-aaa
  Searching for LPD Worm files and dirs...                    nothing found

--- [ END: diff -u /var/log/chkrootkit/log.expected/var/log/chkrootkit/log.today ] ---


To update the expected output, run (as root)
#  cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 56K
drwxr-xr-x 2 root root 4.0K Dec  8 03:12 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
-rw-r--r-- 1 root root  15K Dec  8 03:12 log.expected
-rw-r--r-- 1 root root  15K Dec  8 03:13 log.today
-rw-r--r-- 1 root root  15K Dec  8 03:13 log.today.raw
*** Test of content of output follows...
**** Test for '^chkrootkit output was not as expected\.$'
chkrootkit output was not as expected.
OK
**** Test for '^$'


OK
**** Test for '^The difference is:$'
The difference is:
OK

**** Test for '^--- \[ BEGIN: diff -u /var/log/chkrootkit/log\.expected/var/log/chkrootkit/log\.today \] ---$'--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected/var/log/chkrootkit/log.today ] ---

OK
**** Test for '^--- /var/log/chkrootkit/log\.expected'
--- /var/log/chkrootkit/log.expected	2021-12-08 03:12:48.903514005 +0000
OK
**** Test for '+^\++ /var/log/chkrootkit/log\.today'
+++ /var/log/chkrootkit/log.today	2021-12-08 03:13:01.603671889 +0000
OK
**** Test for '^@@[@0-9, +-]+$'
@@ -67,10 +67,9 @@
OK
**** Test for '^[[:space:]]'

Searching for suspicious files and dirs, it may take a while... Thefollowing suspicious files and directories were found:

 /usr/lib/...DIR
 /usr/lib/.1DIR
 /usr/lib/.1
 /usr/lib/...
 /usr/lib/.DIR-aaa
  Searching for LPD Worm files and dirs...                    nothing found
OK
**** Test for '^-/usr/lib/\.aaa$'
-/usr/lib/.aaa
OK
**** Test for '^-/usr/lib/\.bbb$'
-/usr/lib/.bbb
OK
**** Test for '^\+/usr/lib/\.bCHANGED-IN-FILTER_$'
+/usr/lib/.bCHANGED-IN-FILTER_
OK

**** Test for '^--- \[ END: diff -u /var/log/chkrootkit/log\.expected/var/log/chkrootkit/log\.today \] ---$'--- [ END: diff -u /var/log/chkrootkit/log.expected/var/log/chkrootkit/log.today ] ---

OK
**** Test for '^To update the expected output, run \(as root\)$'
To update the expected output, run (as root)
OK

**** Test for '^# cp -a -f /var/log/chkrootkit/log.today/var/log/chkrootkit/log\.expected$'

#  cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK

**** Test for '^# $note that unedited output is in/var/log/chkrootkit/log\.today\.raw$$'

# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK

** PASS: Testing: cron-with-diff-mode-05-full-filter-and-ignore(/etc/cron.daily/chkrootkit) done: PASS

* Testing: the daily cron job (diff mode, quiet output)
** Testing: cron-with-diff-mode-06-quiet (/etc/cron.daily/chkrootkit) ...
*** Output
No file /var/log/chkrootkit/log.expected
This file should contain expected output from chkrootkit

Today's run produced the following output:
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
The following suspicious files and directories were found:
/usr/lib/...DIR
/usr/lib/.1DIR
/usr/lib/.bbb
/usr/lib/.1
/usr/lib/...
/usr/lib/.aaa
/usr/lib/.DIR-aaa

INFECTED: Possible Malicious Linux.Xor.DDoS installed
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/08_unidentified.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26_improve-info-help-display.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/17_Suckitfalse.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/13_exitcode.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26a_chkrootkit-further-improvement-to-help-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/06_quiet.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/04_backslashes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/19_openssh.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/09_excludes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25a_fix_patch_25.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/02_workingdir.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/21_fix_loc_function.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/16_php.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/03_linedup_reports.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/find-debs-that-are-enhanced
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/rules
/tmp/test-chkrootkit-false-positive
/tmp/autopkgtest-reboot
/tmp/autopkgtest-reboot-prepare
Output from ifpromisc:

<interface>: PACKETSNIFFER([systemd-networkd|dhclient|dhcpd|dhcpcd|wpa_supplicant|NetworkManager]{PID})

The tty of the following process(es) was not found in /var/run/utmp:
! RUID          PID TTY    CMD

!AUTOPKGTEST_ARTIFACTS="/tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts";export ADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp";exp 0 artifacts";gtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts"; exportADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exp! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! INT {PID} ipt_pid" QUIT PIPE; cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout /tmp

--- [ END: cat /var/log/chkrootkit/log.today ] ---

To create this file containing all output from today's run, do (as root)
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 24K
drwxr-xr-x 2 root root 4.0K Dec  8 03:13 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
-rw-r--r-- 1 root root 5.1K Dec  8 03:13 log.today
-rw-r--r-- 1 root root 5.1K Dec  8 03:13 log.today.raw
*** Test of content of output follows...
**** Test for '^No file /var/log/chkrootkit/log\.expected$'
No file /var/log/chkrootkit/log.expected
OK
**** Test for '^This file should contain expected output from chkrootkit$'
This file should contain expected output from chkrootkit
OK
**** Test for '^$'



OK
**** Test for '^Today's run produced the following output:$'
Today's run produced the following output:
OK
**** Test for '^--- \[ BEGIN: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^The following suspicious files and directories were found:$'
The following suspicious files and directories were found:
OK
**** Test for '^/usr/lib/\.1$'
/usr/lib/.1
OK
**** Test for '^/usr/lib/\.aaa$'
/usr/lib/.aaa
OK
**** Test for '^/usr/lib/\.1DIR$'
/usr/lib/.1DIR
OK
**** Test for '^/usr/lib/\.\.\.DIR$'
/usr/lib/...DIR
OK
**** Test for '^/usr/lib/\.bbb$'
/usr/lib/.bbb
OK
**** Test for '^/usr/lib/\.DIR-aaa$'
/usr/lib/.DIR-aaa
OK
**** Test for '^/usr/lib/\.\.\.$'
/usr/lib/...
OK
**** Test for '^$'



OK
**** Test for '^INFECTED: Possible Malicious Linux.Xor.DDoS installed$'
INFECTED: Possible Malicious Linux.Xor.DDoS installed
OK
**** Test for '^/tmp/test-chkrootkit-false-positive$'
/tmp/test-chkrootkit-false-positive
OK
**** Test for '^--- \[ END: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ END: cat /var/log/chkrootkit/log.today ] ---
OK

**** Test for '^To create this file containing all output from today'srun, do $as root$$'

To create this file containing all output from today's run, do (as root)
OK

**** Test for '^# cp -a /var/log/chkrootkit/log\.today/var/log/chkrootkit/log\.expected$'

# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK

**** Test for '^# $note that unedited output is in/var/log/chkrootkit/log\.today\.raw$$'

# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK

** PASS: Testing: cron-with-diff-mode-06-quiet(/etc/cron.daily/chkrootkit) done: PASS** Testing: cron-with-diff-mode-07-quiet-rerun(/etc/cron.daily/chkrootkit) ...

*** Output
No file /var/log/chkrootkit/log.expected
This file should contain expected output from chkrootkit

Today's run produced the following output:
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
The following suspicious files and directories were found:
/usr/lib/...DIR
/usr/lib/.1DIR
/usr/lib/.bbb
/usr/lib/.1
/usr/lib/...
/usr/lib/.aaa
/usr/lib/.DIR-aaa

INFECTED: Possible Malicious Linux.Xor.DDoS installed
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/08_unidentified.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26_improve-info-help-display.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/17_Suckitfalse.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/13_exitcode.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/26a_chkrootkit-further-improvement-to-help-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/06_quiet.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/04_backslashes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/19_openssh.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/09_excludes.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25a_fix_patch_25.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/02_workingdir.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/21_fix_loc_function.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/16_php.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/03_linedup_reports.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/find-debs-that-are-enhanced
/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/rules
/tmp/test-chkrootkit-false-positive
/tmp/autopkgtest-reboot
/tmp/autopkgtest-reboot-prepare
Output from ifpromisc:

<interface>: PACKETSNIFFER([systemd-networkd|dhclient|dhcpd|dhcpcd|wpa_supplicant|NetworkManager]{PID})

The tty of the following process(es) was not found in /var/run/utmp:
! RUID          PID TTY    CMD

!AUTOPKGTEST_ARTIFACTS="/tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts";export ADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp";exp 0 artifacts";gtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts"; exportADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exp! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! INT {PID} ipt_pid" QUIT PIPE; cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout /tmp

--- [ END: cat /var/log/chkrootkit/log.today ] ---

To create this file containing all output from today's run, do (as root)
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 24K
drwxr-xr-x 2 root root 4.0K Dec  8 03:13 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
-rw-r--r-- 1 root root 5.1K Dec  8 03:13 log.today
-rw-r--r-- 1 root root 5.1K Dec  8 03:13 log.today.raw
*** Test of content of output follows...
**** Test for '^No file /var/log/chkrootkit/log\.expected$'
No file /var/log/chkrootkit/log.expected
OK
**** Test for '^This file should contain expected output from chkrootkit$'
This file should contain expected output from chkrootkit
OK
**** Test for '^$'



OK
**** Test for '^Today's run produced the following output:$'
Today's run produced the following output:
OK
**** Test for '^--- \[ BEGIN: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^The following suspicious files and directories were found:$'
The following suspicious files and directories were found:
OK
**** Test for '^/usr/lib/\.1$'
/usr/lib/.1
OK
**** Test for '^/usr/lib/\.aaa$'
/usr/lib/.aaa
OK
**** Test for '^/usr/lib/\.1DIR$'
/usr/lib/.1DIR
OK
**** Test for '^/usr/lib/\.\.\.DIR$'
/usr/lib/...DIR
OK
**** Test for '^/usr/lib/\.bbb$'
/usr/lib/.bbb
OK
**** Test for '^/usr/lib/\.DIR-aaa$'
/usr/lib/.DIR-aaa
OK
**** Test for '^/usr/lib/\.\.\.$'
/usr/lib/...
OK
**** Test for '^$'



OK
**** Test for '^INFECTED: Possible Malicious Linux.Xor.DDoS installed$'
INFECTED: Possible Malicious Linux.Xor.DDoS installed
OK
**** Test for '^/tmp/test-chkrootkit-false-positive$'
/tmp/test-chkrootkit-false-positive
OK
**** Test for '^--- \[ END: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ END: cat /var/log/chkrootkit/log.today ] ---
OK

**** Test for '^To create this file containing all output from today'srun, do $as root$$'

To create this file containing all output from today's run, do (as root)
OK

**** Test for '^# cp -a /var/log/chkrootkit/log\.today/var/log/chkrootkit/log\.expected$'

# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK

**** Test for '^# $note that unedited output is in/var/log/chkrootkit/log\.today\.raw$$'

# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK

** PASS: Testing: cron-with-diff-mode-07-quiet-rerun(/etc/cron.daily/chkrootkit) done: PASS** Testing: cron-with-diff-mode-08-quiet-after-update(/etc/cron.daily/chkrootkit) ...

*** Output
**** Files in log
total 32K
drwxr-xr-x 2 root root 4.0K Dec  8 03:13 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
-rw-r--r-- 1 root root 5.1K Dec  8 03:13 log.expected
-rw-r--r-- 1 root root 5.1K Dec  8 03:13 log.today
-rw-r--r-- 1 root root 5.1K Dec  8 03:13 log.today.raw
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS

** PASS: Testing: cron-with-diff-mode-08-quiet-after-update(/etc/cron.daily/chkrootkit) done: PASS** Testing: cron-with-diff-mode-09-quiet-filter-and-ignore(/etc/cron.daily/chkrootkit) ...

*** Output
chkrootkit output was not as expected.

The difference is:

--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected/var/log/chkrootkit/log.today ] ---

--- /var/log/chkrootkit/log.expected	2021-12-08 03:13:09.935775472 +0000
+++ /var/log/chkrootkit/log.today	2021-12-08 03:13:18.231878606 +0000
@@ -1,11 +1,9 @@
 The following suspicious files and directories were found:
 /usr/lib/...DIR
 /usr/lib/.1DIR
-/usr/lib/.bbb
+/usr/lib/.bCHANGED-IN-FILTER_
 /usr/lib/.1
 /usr/lib/...
-/usr/lib/.aaa
-/usr/lib/.DIR-aaa
  INFECTED: Possible Malicious Linux.Xor.DDoS installed
 /tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit

--- [ END: diff -u /var/log/chkrootkit/log.expected/var/log/chkrootkit/log.today ] ---


To update the expected output, run (as root)
#  cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 32K
drwxr-xr-x 2 root root 4.0K Dec  8 03:13 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
-rw-r--r-- 1 root root 5.1K Dec  8 03:13 log.expected
-rw-r--r-- 1 root root 5.1K Dec  8 03:13 log.today
-rw-r--r-- 1 root root 5.1K Dec  8 03:13 log.today.raw
*** Test of content of output follows...
**** Test for '^chkrootkit output was not as expected\.$'
chkrootkit output was not as expected.
OK
**** Test for '^$'


OK
**** Test for '^The difference is:$'
The difference is:
OK

**** Test for '^--- \[ BEGIN: diff -u /var/log/chkrootkit/log\.expected/var/log/chkrootkit/log\.today \] ---'--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected/var/log/chkrootkit/log.today ] ---

OK
**** Test for '^--- /var/log/chkrootkit/log\.expected'
--- /var/log/chkrootkit/log.expected	2021-12-08 03:13:09.935775472 +0000
OK
**** Test for '+^\++ /var/log/chkrootkit/log\.today'
+++ /var/log/chkrootkit/log.today	2021-12-08 03:13:18.231878606 +0000
OK
**** Test for '^@@[0-9, ++-+]++'
@@ -1,11 +1,9 @@
OK
**** Test for '^[[:space:]]'
 The following suspicious files and directories were found:
 /usr/lib/...DIR
 /usr/lib/.1DIR
 /usr/lib/.1
 /usr/lib/...
  INFECTED: Possible Malicious Linux.Xor.DDoS installed
 /tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit
OK
**** Test for '^-/usr/lib/\.aaa$'
-/usr/lib/.aaa
OK
**** Test for '^-/usr/lib/\.bbb$'
-/usr/lib/.bbb
OK
**** Test for '^-/usr/lib/\.DIR-aaa$'
-/usr/lib/.DIR-aaa
OK
**** Test for '^\+/usr/lib/\.bCHANGED-IN-FILTER_$'
+/usr/lib/.bCHANGED-IN-FILTER_
OK

**** Test for '^--- \[ END: diff -u /var/log/chkrootkit/log\.expected/var/log/chkrootkit/log\.today \] ---$'--- [ END: diff -u /var/log/chkrootkit/log.expected/var/log/chkrootkit/log.today ] ---

OK
**** Test for '^$'


OK
**** Test for '^To update the expected output, run \(as root\)$'
To update the expected output, run (as root)
OK

**** Test for '^# cp -a -f /var/log/chkrootkit/log\.today/var/log/chkrootkit/log\.expected$'

#  cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK

**** Test for '^# $note that unedited output is in/var/log/chkrootkit/log\.today\.raw$$'

# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK

** PASS: Testing: cron-with-diff-mode-09-quiet-filter-and-ignore(/etc/cron.daily/chkrootkit) done: PASS** Testing: cron-with-diff-mode-10-quiet-invalid-filter-is-ignored(/etc/cron.daily/chkrootkit) ...

*** Output

Ignoring invalid $FILTER='seds/this/is/invalid/sed/and/will/be/ignored/with/diff/mode'

chkrootkit output was not as expected.

The difference is:

--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected/var/log/chkrootkit/log.today ] ---

--- /var/log/chkrootkit/log.expected	2021-12-08 03:13:09.935775472 +0000
+++ /var/log/chkrootkit/log.today	2021-12-08 03:13:22.379930174 +0000
@@ -4,8 +4,6 @@
 /usr/lib/.bbb
 /usr/lib/.1
 /usr/lib/...
-/usr/lib/.aaa
-/usr/lib/.DIR-aaa
  INFECTED: Possible Malicious Linux.Xor.DDoS installed
 /tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit
@@ -41,11 +39,11 @@
 /tmp/autopkgtest-reboot
 /tmp/autopkgtest-reboot-prepare
 Output from ifpromisc:

-<interface>: PACKETSNIFFER([systemd-networkd|dhclient|dhcpd|dhcpcd|wpa_supplicant|NetworkManager]{PID})

+eth0: PACKET SNIFFER(/usr/sbin/dhclient[69])
 The tty of the following process(es) was not found in /var/run/utmp:
 ! RUID          PID TTY    CMD

!AUTOPKGTEST_ARTIFACTS="/tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts";export ADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp";exp 0 artifacts";gtest-lxc.n7d64mld/downtmp/test-chkrootkit-artifacts"; exportADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755"/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exportAUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.n7d64mld/downtmp/autopkgtest_tmp"; exp! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes! PIPE; 0 T cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout/tmp/autopkgtes-! INT {PID} ipt_pid" QUIT PIPE; cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout /tmp+! INT 0 ipt_pid" QUIT PIPE; cd "$buildtree"; exportAUTOPKGTEST_NORMAL_USER=debci; export ADT_NORMAL_USER=debci; chmod +x/tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/debian/tests/test-chkrootkit;touch /tmp/autopkgtest-lxc.n7d64mld/downtmp/test-chkrootkit-stdout /tmp--- [ END: diff -u /var/log/chkrootkit/log.expected/var/log/chkrootkit/log.today ] ---


To update the expected output, run (as root)
#  cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 32K
drwxr-xr-x 2 root root 4.0K Dec  8 03:13 .
drwxr-xr-x 7 root root 4.0K Dec  8 03:11 ..
-rw-r--r-- 1 root root 5.1K Dec  8 03:13 log.expected
-rw-r--r-- 1 root root 5.0K Dec  8 03:13 log.today
-rw-r--r-- 1 root root 5.1K Dec  8 03:13 log.today.raw
*** Test of content of output follows...

**** Test for '^Ignoring invalid \$FILTER='seds/this/is/invalid/sed/and/will/be/ignored/with/diff/mode'$'Ignoring invalid $FILTER='seds/this/is/invalid/sed/and/will/be/ignored/with/diff/mode'

OK
**** Test for '^chkrootkit output was not as expected\.$'
chkrootkit output was not as expected.
OK
**** Test for '^$'


OK
**** Test for '^The difference is:$'
The difference is:
OK

OK
**** Test for '^--- /var/log/chkrootkit/log\.expected'
--- /var/log/chkrootkit/log.expected	2021-12-08 03:13:09.935775472 +0000
OK
**** Test for '+^\++ /var/log/chkrootkit/log\.today'
+++ /var/log/chkrootkit/log.today	2021-12-08 03:13:22.379930174 +0000
OK
**** Test for '^@@[@0-9, ++-+]++'
@@ -4,8 +4,6 @@
@@ -41,11 +39,11 @@
OK
**** Test for '^[[:space:]]'
 /usr/lib/.bbb
 /usr/lib/.1
 /usr/lib/...
  INFECTED: Possible Malicious Linux.Xor.DDoS installed
 /tmp/autopkgtest-lxc.n7d64mld/downtmp/build.RQi/src/chkrootkit
 /tmp/autopkgtest-reboot
 /tmp/autopkgtest-reboot-prepare
 Output from ifpromisc:
 The tty of the following process(es) was not found in /var/run/utmp:
 ! RUID          PID TTY    CMD

OK
**** Test for '^-/usr/lib/\.aaa$'
-/usr/lib/.aaa
OK
**** Test for '^-/usr/lib/\.DIR-aaa$'
-/usr/lib/.DIR-aaa
OK

**** Test for '^--- \[ END: diff -u /var/log/chkrootkit/log\.expected/var/log/chkrootkit/log\.today \] ---$'--- [ END: diff -u /var/log/chkrootkit/log.expected/var/log/chkrootkit/log.today ] ---

OK
**** Test for '^$'


OK
**** Test for '^To update the expected output, run \(as root\)$'
To update the expected output, run (as root)
OK

**** Test for '^# cp -a -f /var/log/chkrootkit/log\.today/var/log/chkrootkit/log\.expected$'

#  cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK

**** Test for '^# $note that unedited output is in/var/log/chkrootkit/log\.today\.raw$$'

# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK

** PASS: Testing: cron-with-diff-mode-10-quiet-invalid-filter-is-ignored(/etc/cron.daily/chkrootkit) done: PASS

* Closing down the testsuite

Restoring /etc/chkrootkit/chkrootkit.conf from/etc/chkrootkit/chkrootkit.conf.origRestoring /etc/chkrootkit/chkrootkit.ignore from/etc/chkrootkit/chkrootkit.ignore.orig

DONE
* test-chkrootkit: FAIL
autopkgtest [11:13:22]: test test-chkrootkit

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to:

Prev by Date: Re: How to replicate the CI environment?
Next by Date: Bug#1002523: setuptools-scm: autopkgtest needs update for new version of setuptools: deprecation warning is treated as error
Previous by thread: Re: How to replicate the CI environment?
Next by thread: Bug#1002523: setuptools-scm: autopkgtest needs update for new version of setuptools: deprecation warning is treated as error
Index(es):
- Date
- Thread