Bug#866373: rkhunter: /dev/null is recognized as an ASCII file

Subject: Bug#866373: rkhunter: /dev/null is recognized as an ASCII file
From: a.schwarz@netleaders.de (Andreas Schwarz)
Date: Thu, 29 Jun 2017 11:04:31 +0200
Message-id: <[🔎] 149872707171.30144.12394489529567742051.reportbug@uxnlWeb1.netleaders.de>

Package: rkhunter
Version: 1.4.2-6
Severity: normal

Dear Maintainer,

we get strange warnings from rkhunter on debian stretch.
Minimal command to reproduce: rkhunter --check --enable filesystem

Result: 
Info: Starting test name 'filesystem'
Performing filesystem checks
Info: SCAN_MODE_DEV set to 'THOROUGH'
  Checking /dev for suspicious file types         [ Warning ]
Warning: Suspicious file types found in /dev:
         /dev/null?: ASCII text

Debug Output (--debug):
[...]
+ /usr/bin/find /dev ! -type d -a ! -type l
+ [ 0 -eq 1 ]
+ echo /dev/null^M
+ grep /\.[^/]*$
+ test -z 
+ do_dev_whitelist_check
+ /usr/bin/file /dev/null^M
+ awk -F: { print $NF } 
+ cut -c2-
+ FTYPE=ASCII text
+ echo ASCII text
+ grep universal binary
+ [ 0 -eq 1 -a -n  ] 
+ echo ASCII text
+ egrep -v (character special|block special|socket|fifo \(named pipe\)|symbolic link to|empty|directory|/MAKEDEV:)
+ [ -z ASCII text ]
+ echo /dev/null^M
+ sed -e s/\([.$*?\]\)/\\\1/g; s/\[/\\[/g; s/\]/\\]/g
+ FNAMEGREP=/dev/null^M
+ echo  
+ grep ^/dev/null^M$
+ [ -n  ] 
+ FOUNDFILES=
/dev/null^M: ASCII text
[...]

Manual check:
/usr/bin/file /dev/null
/dev/null: character special (1/3)

/usr/bin/file /dev/null|awk -F: '{ print $NF }'|cut -c2-
character special (1/3)

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/16 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rkhunter depends on:
ii  binutils               2.28-5
ii  debconf [debconf-2.0]  1.5.61
ii  file                   1:5.30-1
ii  lsof                   4.89+dfsg-0.1
ii  net-tools              1.60+git20161116.90da8a0-1
ii  perl                   5.24.1-3
ii  ucf                    3.0036

Versions of packages rkhunter recommends:
pn  bsd-mailx | mailutils | heirloom-mailx | mailx  <none>
ii  curl                                            7.52.1-5
ii  iproute2                                        4.9.0-1
ii  postfix [mail-transport-agent]                  3.1.4-7
ii  unhide                                          20130526-1
ii  unhide.rb                                       22-2
ii  wget                                            1.18-5

Versions of packages rkhunter suggests:
ii  liburi-perl     1.71-1
ii  libwww-perl     6.15-1
pn  powermgmt-base  <none>

-- Configuration Files:
/etc/rkhunter.conf changed [not included]

-- debconf information excluded

Reply to:

Prev by Date: [pkg] CurveDNS - review
Next by Date: Processing of openvas-manager_7.0.2-1_amd64.changes
Previous by thread: yara 3.6.1+dfsg-1 MIGRATED to testing
Next by thread: Processing of openvas-manager_7.0.2-1_amd64.changes
Index(es):
- Date
- Thread