Artifact debusine:work-request-debug-logs

Metadata

{}

File

cmd-output.log

cmd: autopkgtest --apt-upgrade --output-dir=artifact-dir --summary=artifact-dir/summary --no-built-binaries --needs-internet=run --copy=/etc/resolv.conf:/etc/resolv.conf /tmp/debusine-fetch-exec-upload-no12pftr/binutils-aarch64-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-aarch64-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-alpha-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-alpha-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-arc-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-arc-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-arm-linux-gnueabi-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-arm-linux-gnueabi_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-arm-linux-gnueabihf-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-arm-linux-gnueabihf_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-common_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-dev_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-doc_2.43.50.20250108-1.1_all.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-for-build_2.43.50.20250108-1.1_all.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-for-host_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-hppa-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-hppa-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-hppa64-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-hppa64-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-i686-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-i686-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-i686-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-i686-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-loongarch64-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-loongarch64-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-m68k-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-m68k-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-multiarch-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-multiarch-dev_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-multiarch_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-powerpc-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-powerpc-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-powerpc64-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-powerpc64-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-powerpc64le-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-powerpc64le-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-riscv64-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-riscv64-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-s390x-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-s390x-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-sh4-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-sh4-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-source_2.43.50.20250108-1.1_all.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-sparc-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-sparc-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-sparc64-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-sparc64-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-x86-64-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-x86-64-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-x86-64-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-x86-64-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-x86-64-linux-gnux32-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-x86-64-linux-gnux32_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/chkrootkit_0.58b-3+b1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libbinutils-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libbinutils_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libctf-nobfd0-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libctf-nobfd0_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libctf0-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libctf0_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libgprofng0-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libgprofng0_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libsframe1-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libsframe1_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/chkrootkit_0.58b-3.dsc -- unshare --arch amd64 --release sid --tarball /var/lib/debusine/worker/system-images/1140235/system.tar.xz
output (contains stdout and stderr):
autopkgtest [00:30:40]: starting date and time: 2025-01-17 00:30:40+0000
autopkgtest [00:30:40]: version 5.38~bpo12+1
autopkgtest [00:30:40]: host debusine-worker-amd64-hades-04; command line: /usr/bin/autopkgtest --apt-upgrade --output-dir=artifact-dir --summary=artifact-dir/summary --no-built-binaries --needs-internet=run --copy=/etc/resolv.conf:/etc/resolv.conf /tmp/debusine-fetch-exec-upload-no12pftr/binutils-aarch64-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-aarch64-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-alpha-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-alpha-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-arc-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-arc-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-arm-linux-gnueabi-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-arm-linux-gnueabi_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-arm-linux-gnueabihf-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-arm-linux-gnueabihf_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-common_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-dev_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-doc_2.43.50.20250108-1.1_all.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-for-build_2.43.50.20250108-1.1_all.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-for-host_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-hppa-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-hppa-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-hppa64-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-hppa64-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-i686-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-i686-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-i686-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-i686-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-loongarch64-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-loongarch64-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-m68k-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-m68k-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-multiarch-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-multiarch-dev_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-multiarch_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-powerpc-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-powerpc-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-powerpc64-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-powerpc64-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-powerpc64le-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-powerpc64le-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-riscv64-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-riscv64-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-s390x-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-s390x-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-sh4-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-sh4-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-source_2.43.50.20250108-1.1_all.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-sparc-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-sparc-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-sparc64-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-sparc64-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-x86-64-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-x86-64-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-x86-64-linux-gnu-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-x86-64-linux-gnu_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-x86-64-linux-gnux32-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils-x86-64-linux-gnux32_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/binutils_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/chkrootkit_0.58b-3+b1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libbinutils-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libbinutils_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libctf-nobfd0-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libctf-nobfd0_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libctf0-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libctf0_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libgprofng0-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libgprofng0_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libsframe1-dbg_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/libsframe1_2.43.50.20250108-1.1_amd64.deb /tmp/debusine-fetch-exec-upload-no12pftr/chkrootkit_0.58b-3.dsc -- unshare --arch amd64 --release sid --tarball /var/lib/debusine/worker/system-images/1140235/system.tar.xz
autopkgtest [00:30:45]: testbed dpkg architecture: amd64
autopkgtest [00:30:45]: testbed apt version: 2.9.20
autopkgtest [00:30:45]: @@@@@@@@@@@@@@@@@@@@ test bed setup
Get:1 http://deb.debian.org/debian sid InRelease [205 kB]
Get:2 http://deb.debian.org/debian sid/main amd64 Packages [10.0 MB]
Get:3 http://deb.debian.org/debian sid/main Translation-en [7322 kB]
Get:4 http://deb.debian.org/debian sid/main amd64 Components [5053 kB]
Fetched 22.6 MB in 2s (9790 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
The following package was automatically installed and is no longer required:
  libldap-2.5-0
Use 'apt autoremove' to remove it.
The following NEW packages will be installed:
  libldap-common libldap2 libtext-charwidth-perl libtext-wrapi18n-perl
The following packages will be upgraded:
  apt base-passwd binutils binutils-common binutils-x86-64-linux-gnu
  bsdextrautils bsdutils dash diffutils dpkg dpkg-dev e2fsprogs gcc-14-base
  gettext gettext-base gpg gpgconf init-system-helpers libapt-pkg6.0t64
  libatomic1 libaudit1 libbinutils libblkid1 libc-bin libc6 libcgi-pm-perl
  libcom-err2 libcpanel-json-xs-perl libctf-nobfd0 libctf0 libcurl3t64-gnutls
  libdebconfclient0 libdpkg-perl libext2fs2t64 libgcc-s1 libglib2.0-0t64
  libgomp1 libgprofng0 libhtml-parser-perl libicu72 liblz1 liblz4-1 libmount1
  libsasl2-2 libsasl2-modules-db libsframe1 libsmartcols1 libss2 libssl3t64
  libstdc++6 libsystemd0 libtext-markdown-discount-perl libudev1 libuuid1
  libxs-parse-keyword-perl libxxhash0 libzstd1 login logsave mount openssl
  openssl-provider-legacy sysvinit-utils tzdata ucf util-linux
66 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 40.9 MB of archives.
After this operation, 1295 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian sid/main amd64 bsdutils amd64 1:2.40.4-1 [106 kB]
Get:2 http://deb.debian.org/debian sid/main amd64 dash amd64 0.5.12-11 [95.5 kB]
Get:3 http://deb.debian.org/debian sid/main amd64 diffutils amd64 1:3.10-2 [384 kB]
Get:4 http://deb.debian.org/debian sid/main amd64 libatomic1 amd64 14.2.0-14 [9288 B]
Get:5 http://deb.debian.org/debian sid/main amd64 libgomp1 amd64 14.2.0-14 [137 kB]
Get:6 http://deb.debian.org/debian sid/main amd64 gcc-14-base amd64 14.2.0-14 [48.6 kB]
Get:7 http://deb.debian.org/debian sid/main amd64 libgcc-s1 amd64 14.2.0-14 [72.7 kB]
Get:8 http://deb.debian.org/debian sid/main amd64 libstdc++6 amd64 14.2.0-14 [713 kB]
Get:9 http://deb.debian.org/debian sid/main amd64 libc6 amd64 2.40-5 [2810 kB]
Get:10 http://deb.debian.org/debian sid/main amd64 libxxhash0 amd64 0.8.3-2 [27.1 kB]
Get:11 http://deb.debian.org/debian sid/main amd64 liblz4-1 amd64 1.9.4-4 [60.1 kB]
Get:12 http://deb.debian.org/debian sid/main amd64 openssl-provider-legacy amd64 3.4.0-2 [301 kB]
Get:13 http://deb.debian.org/debian sid/main amd64 libzstd1 amd64 1.5.6+dfsg-2 [300 kB]
Get:14 http://deb.debian.org/debian sid/main amd64 libssl3t64 amd64 3.4.0-2 [2302 kB]
Get:15 http://deb.debian.org/debian sid/main amd64 libsystemd0 amd64 257.2-1 [449 kB]
Get:16 http://deb.debian.org/debian sid/main amd64 libudev1 amd64 257.2-1 [148 kB]
Get:17 http://deb.debian.org/debian sid/main amd64 libapt-pkg6.0t64 amd64 2.9.22 [1115 kB]
Get:18 http://deb.debian.org/debian sid/main amd64 dpkg amd64 1.22.14 [1537 kB]
Get:19 http://deb.debian.org/debian sid/main amd64 bsdextrautils amd64 2.40.4-1 [92.2 kB]
Get:20 http://deb.debian.org/debian sid/main amd64 libblkid1 amd64 2.40.4-1 [169 kB]
Get:21 http://deb.debian.org/debian sid/main amd64 libmount1 amd64 2.40.4-1 [200 kB]
Get:22 http://deb.debian.org/debian sid/main amd64 libsmartcols1 amd64 2.40.4-1 [140 kB]
Get:23 http://deb.debian.org/debian sid/main amd64 mount amd64 2.40.4-1 [155 kB]
Get:24 http://deb.debian.org/debian sid/main amd64 libuuid1 amd64 2.40.4-1 [36.2 kB]
Get:25 http://deb.debian.org/debian sid/main amd64 util-linux amd64 2.40.4-1 [1213 kB]
Get:26 http://deb.debian.org/debian sid/main amd64 libdebconfclient0 amd64 0.277 [10.4 kB]
Get:27 http://deb.debian.org/debian sid/main amd64 base-passwd amd64 3.6.6 [53.1 kB]
Get:28 http://deb.debian.org/debian sid/main amd64 apt amd64 2.9.22 [1382 kB]
Get:29 http://deb.debian.org/debian sid/main amd64 init-system-helpers all 1.68 [38.7 kB]
Get:30 http://deb.debian.org/debian sid/main amd64 libc-bin amd64 2.40-5 [627 kB]
Get:31 http://deb.debian.org/debian sid/main amd64 sysvinit-utils amd64 3.13-1 [33.2 kB]
Get:32 http://deb.debian.org/debian sid/main amd64 logsave amd64 1.47.2-1 [23.9 kB]
Get:33 http://deb.debian.org/debian sid/main amd64 libext2fs2t64 amd64 1.47.2-1 [212 kB]
Get:34 http://deb.debian.org/debian sid/main amd64 e2fsprogs amd64 1.47.2-1 [590 kB]
Get:35 http://deb.debian.org/debian sid/main amd64 libaudit1 amd64 1:4.0.2-2+b1 [55.2 kB]
Get:36 http://deb.debian.org/debian sid/main amd64 login amd64 1:4.16.0-2+really2.40.4-1 [88.4 kB]
Get:37 http://deb.debian.org/debian sid/main amd64 tzdata all 2024b-6 [257 kB]
Get:38 http://deb.debian.org/debian sid/main amd64 gettext-base amd64 0.23.1-1 [243 kB]
Get:39 http://deb.debian.org/debian sid/main amd64 libtext-charwidth-perl amd64 0.04-11+b4 [9476 B]
Get:40 http://deb.debian.org/debian sid/main amd64 libtext-wrapi18n-perl all 0.06-10 [8808 B]
Get:41 http://deb.debian.org/debian sid/main amd64 ucf all 3.0048 [42.0 kB]
Get:42 http://deb.debian.org/debian sid/main amd64 libgprofng0 amd64 2.43.50.20250108-1 [807 kB]
Get:43 http://deb.debian.org/debian sid/main amd64 libctf0 amd64 2.43.50.20250108-1 [88.4 kB]
Get:44 http://deb.debian.org/debian sid/main amd64 libctf-nobfd0 amd64 2.43.50.20250108-1 [155 kB]
Get:45 http://deb.debian.org/debian sid/main amd64 binutils-x86-64-linux-gnu amd64 2.43.50.20250108-1 [2277 kB]
Get:46 http://deb.debian.org/debian sid/main amd64 libbinutils amd64 2.43.50.20250108-1 [532 kB]
Get:47 http://deb.debian.org/debian sid/main amd64 binutils amd64 2.43.50.20250108-1 [68.5 kB]
Get:48 http://deb.debian.org/debian sid/main amd64 binutils-common amd64 2.43.50.20250108-1 [2628 kB]
Get:49 http://deb.debian.org/debian sid/main amd64 libsframe1 amd64 2.43.50.20250108-1 [77.7 kB]
Get:50 http://deb.debian.org/debian sid/main amd64 dpkg-dev all 1.22.14 [1334 kB]
Get:51 http://deb.debian.org/debian sid/main amd64 libdpkg-perl all 1.22.14 [646 kB]
Get:52 http://deb.debian.org/debian sid/main amd64 gettext amd64 0.23.1-1 [1680 kB]
Get:53 http://deb.debian.org/debian sid/main amd64 gpg amd64 2.2.46-1+b1 [532 kB]
Get:54 http://deb.debian.org/debian sid/main amd64 gpgconf amd64 2.2.46-1+b1 [121 kB]
Get:55 http://deb.debian.org/debian sid/main amd64 libhtml-parser-perl amd64 3.83-1+b2 [99.7 kB]
Get:56 http://deb.debian.org/debian sid/main amd64 libcgi-pm-perl all 4.67-1 [217 kB]
Get:57 http://deb.debian.org/debian sid/main amd64 libcom-err2 amd64 1.47.2-1 [24.0 kB]
Get:58 http://deb.debian.org/debian sid/main amd64 libcpanel-json-xs-perl amd64 4.39-1 [130 kB]
Get:59 http://deb.debian.org/debian sid/main amd64 libsasl2-modules-db amd64 2.1.28+dfsg1-8+b1 [19.9 kB]
Get:60 http://deb.debian.org/debian sid/main amd64 libsasl2-2 amd64 2.1.28+dfsg1-8+b1 [57.6 kB]
Get:61 http://deb.debian.org/debian sid/main amd64 libldap2 amd64 2.6.9+dfsg-1 [192 kB]
Get:62 http://deb.debian.org/debian sid/main amd64 libcurl3t64-gnutls amd64 8.11.1-1+b1 [360 kB]
Get:63 http://deb.debian.org/debian sid/main amd64 libglib2.0-0t64 amd64 2.82.4-2 [1502 kB]
Get:64 http://deb.debian.org/debian sid/main amd64 libicu72 amd64 72.1-6 [9421 kB]
Get:65 http://deb.debian.org/debian sid/main amd64 libldap-common all 2.6.9+dfsg-1 [34.5 kB]
Get:66 http://deb.debian.org/debian sid/main amd64 liblz1 amd64 1.15-1 [38.9 kB]
Get:67 http://deb.debian.org/debian sid/main amd64 libss2 amd64 1.47.2-1 [28.7 kB]
Get:68 http://deb.debian.org/debian sid/main amd64 libtext-markdown-discount-perl amd64 0.17-1 [12.9 kB]
Get:69 http://deb.debian.org/debian sid/main amd64 libxs-parse-keyword-perl amd64 0.48-1 [65.6 kB]
Get:70 http://deb.debian.org/debian sid/main amd64 openssl amd64 3.4.0-2 [1422 kB]
Preconfiguring packages ...
Fetched 40.9 MB in 0s (83.5 MB/s)
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17038 files and directories currently installed.)
Preparing to unpack .../bsdutils_1%3a2.40.4-1_amd64.deb ...
Unpacking bsdutils (1:2.40.4-1) over (1:2.40.2-13) ...
Setting up bsdutils (1:2.40.4-1) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17038 files and directories currently installed.)
Preparing to unpack .../dash_0.5.12-11_amd64.deb ...
Unpacking dash (0.5.12-11) over (0.5.12-9) ...
Setting up dash (0.5.12-11) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17038 files and directories currently installed.)
Preparing to unpack .../diffutils_1%3a3.10-2_amd64.deb ...
Unpacking diffutils (1:3.10-2) over (1:3.10-1) ...
Setting up diffutils (1:3.10-2) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17038 files and directories currently installed.)
Preparing to unpack .../libatomic1_14.2.0-14_amd64.deb ...
Unpacking libatomic1:amd64 (14.2.0-14) over (14.2.0-11) ...
Preparing to unpack .../libgomp1_14.2.0-14_amd64.deb ...
Unpacking libgomp1:amd64 (14.2.0-14) over (14.2.0-11) ...
Preparing to unpack .../gcc-14-base_14.2.0-14_amd64.deb ...
Unpacking gcc-14-base:amd64 (14.2.0-14) over (14.2.0-11) ...
Setting up gcc-14-base:amd64 (14.2.0-14) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17038 files and directories currently installed.)
Preparing to unpack .../libgcc-s1_14.2.0-14_amd64.deb ...
Unpacking libgcc-s1:amd64 (14.2.0-14) over (14.2.0-11) ...
Setting up libgcc-s1:amd64 (14.2.0-14) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17038 files and directories currently installed.)
Preparing to unpack .../libstdc++6_14.2.0-14_amd64.deb ...
Unpacking libstdc++6:amd64 (14.2.0-14) over (14.2.0-11) ...
Setting up libstdc++6:amd64 (14.2.0-14) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17038 files and directories currently installed.)
Preparing to unpack .../libc6_2.40-5_amd64.deb ...
Unpacking libc6:amd64 (2.40-5) over (2.40-4) ...
Setting up libc6:amd64 (2.40-5) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17038 files and directories currently installed.)
Preparing to unpack .../libxxhash0_0.8.3-2_amd64.deb ...
Unpacking libxxhash0:amd64 (0.8.3-2) over (0.8.2-2+b2) ...
Setting up libxxhash0:amd64 (0.8.3-2) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17037 files and directories currently installed.)
Preparing to unpack .../liblz4-1_1.9.4-4_amd64.deb ...
Unpacking liblz4-1:amd64 (1.9.4-4) over (1.9.4-3+b1) ...
Setting up liblz4-1:amd64 (1.9.4-4) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17036 files and directories currently installed.)
Preparing to unpack .../openssl-provider-legacy_3.4.0-2_amd64.deb ...
Unpacking openssl-provider-legacy (3.4.0-2) over (3.3.2-2) ...
Setting up openssl-provider-legacy (3.4.0-2) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17036 files and directories currently installed.)
Preparing to unpack .../libzstd1_1.5.6+dfsg-2_amd64.deb ...
Unpacking libzstd1:amd64 (1.5.6+dfsg-2) over (1.5.6+dfsg-1+b1) ...
Setting up libzstd1:amd64 (1.5.6+dfsg-2) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17035 files and directories currently installed.)
Preparing to unpack .../libssl3t64_3.4.0-2_amd64.deb ...
Unpacking libssl3t64:amd64 (3.4.0-2) over (3.3.2-2) ...
Setting up libssl3t64:amd64 (3.4.0-2) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17035 files and directories currently installed.)
Preparing to unpack .../libsystemd0_257.2-1_amd64.deb ...
Unpacking libsystemd0:amd64 (257.2-1) over (257.1-5) ...
Setting up libsystemd0:amd64 (257.2-1) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17035 files and directories currently installed.)
Preparing to unpack .../libudev1_257.2-1_amd64.deb ...
Unpacking libudev1:amd64 (257.2-1) over (257.1-5) ...
Setting up libudev1:amd64 (257.2-1) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17035 files and directories currently installed.)
Preparing to unpack .../libapt-pkg6.0t64_2.9.22_amd64.deb ...
Unpacking libapt-pkg6.0t64:amd64 (2.9.22) over (2.9.20) ...
Setting up libapt-pkg6.0t64:amd64 (2.9.22) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17035 files and directories currently installed.)
Preparing to unpack .../dpkg_1.22.14_amd64.deb ...
Unpacking dpkg (1.22.14) over (1.22.11) ...
Setting up dpkg (1.22.14) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17034 files and directories currently installed.)
Preparing to unpack .../bsdextrautils_2.40.4-1_amd64.deb ...
Unpacking bsdextrautils (2.40.4-1) over (2.40.2-13) ...
Preparing to unpack .../libblkid1_2.40.4-1_amd64.deb ...
Unpacking libblkid1:amd64 (2.40.4-1) over (2.40.2-13) ...
Setting up libblkid1:amd64 (2.40.4-1) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17034 files and directories currently installed.)
Preparing to unpack .../libmount1_2.40.4-1_amd64.deb ...
Unpacking libmount1:amd64 (2.40.4-1) over (2.40.2-13) ...
Setting up libmount1:amd64 (2.40.4-1) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17034 files and directories currently installed.)
Preparing to unpack .../libsmartcols1_2.40.4-1_amd64.deb ...
Unpacking libsmartcols1:amd64 (2.40.4-1) over (2.40.2-13) ...
Setting up libsmartcols1:amd64 (2.40.4-1) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17034 files and directories currently installed.)
Preparing to unpack .../mount_2.40.4-1_amd64.deb ...
Unpacking mount (2.40.4-1) over (2.40.2-13) ...
Preparing to unpack .../libuuid1_2.40.4-1_amd64.deb ...
Unpacking libuuid1:amd64 (2.40.4-1) over (2.40.2-13) ...
Setting up libuuid1:amd64 (2.40.4-1) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17034 files and directories currently installed.)
Preparing to unpack .../util-linux_2.40.4-1_amd64.deb ...
Unpacking util-linux (2.40.4-1) over (2.40.2-13) ...
Setting up util-linux (2.40.4-1) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17036 files and directories currently installed.)
Preparing to unpack .../libdebconfclient0_0.277_amd64.deb ...
Unpacking libdebconfclient0:amd64 (0.277) over (0.276) ...
Setting up libdebconfclient0:amd64 (0.277) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17036 files and directories currently installed.)
Preparing to unpack .../base-passwd_3.6.6_amd64.deb ...
Unpacking base-passwd (3.6.6) over (3.6.5) ...
Setting up base-passwd (3.6.6) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17036 files and directories currently installed.)
Preparing to unpack .../archives/apt_2.9.22_amd64.deb ...
Unpacking apt (2.9.22) over (2.9.20) ...
Setting up apt (2.9.22) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17036 files and directories currently installed.)
Preparing to unpack .../init-system-helpers_1.68_all.deb ...
Unpacking init-system-helpers (1.68) over (1.67) ...
Setting up init-system-helpers (1.68) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17036 files and directories currently installed.)
Preparing to unpack .../libc-bin_2.40-5_amd64.deb ...
Unpacking libc-bin (2.40-5) over (2.40-4) ...
Setting up libc-bin (2.40-5) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17036 files and directories currently installed.)
Preparing to unpack .../sysvinit-utils_3.13-1_amd64.deb ...
Unpacking sysvinit-utils (3.13-1) over (3.11-1) ...
Setting up sysvinit-utils (3.13-1) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17036 files and directories currently installed.)
Preparing to unpack .../logsave_1.47.2-1_amd64.deb ...
Unpacking logsave (1.47.2-1) over (1.47.2~rc1-2) ...
Preparing to unpack .../libext2fs2t64_1.47.2-1_amd64.deb ...
Leaving 'diversion of /lib/x86_64-linux-gnu/libe2p.so.2 to /lib/x86_64-linux-gnu/libe2p.so.2.usr-is-merged by libext2fs2t64'
Leaving 'diversion of /lib/x86_64-linux-gnu/libe2p.so.2.3 to /lib/x86_64-linux-gnu/libe2p.so.2.3.usr-is-merged by libext2fs2t64'
Leaving 'diversion of /lib/x86_64-linux-gnu/libext2fs.so.2 to /lib/x86_64-linux-gnu/libext2fs.so.2.usr-is-merged by libext2fs2t64'
Leaving 'diversion of /lib/x86_64-linux-gnu/libext2fs.so.2.4 to /lib/x86_64-linux-gnu/libext2fs.so.2.4.usr-is-merged by libext2fs2t64'
Unpacking libext2fs2t64:amd64 (1.47.2-1) over (1.47.2~rc1-2) ...
Setting up libext2fs2t64:amd64 (1.47.2-1) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17036 files and directories currently installed.)
Preparing to unpack .../e2fsprogs_1.47.2-1_amd64.deb ...
Unpacking e2fsprogs (1.47.2-1) over (1.47.2~rc1-2) ...
Preparing to unpack .../libaudit1_1%3a4.0.2-2+b1_amd64.deb ...
Unpacking libaudit1:amd64 (1:4.0.2-2+b1) over (1:4.0.2-2) ...
Setting up libaudit1:amd64 (1:4.0.2-2+b1) ...
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17037 files and directories currently installed.)
Preparing to unpack .../00-login_1%3a4.16.0-2+really2.40.4-1_amd64.deb ...
Unpacking login (1:4.16.0-2+really2.40.4-1) over (1:4.16.0-2+really2.40.2-13) ...
Preparing to unpack .../01-tzdata_2024b-6_all.deb ...
Unpacking tzdata (2024b-6) over (2024b-4) ...
Preparing to unpack .../02-gettext-base_0.23.1-1_amd64.deb ...
Unpacking gettext-base (0.23.1-1) over (0.22.5-3) ...
Selecting previously unselected package libtext-charwidth-perl:amd64.
Preparing to unpack .../03-libtext-charwidth-perl_0.04-11+b4_amd64.deb ...
Unpacking libtext-charwidth-perl:amd64 (0.04-11+b4) ...
Selecting previously unselected package libtext-wrapi18n-perl.
Preparing to unpack .../04-libtext-wrapi18n-perl_0.06-10_all.deb ...
Unpacking libtext-wrapi18n-perl (0.06-10) ...
Preparing to unpack .../05-ucf_3.0048_all.deb ...
Unpacking ucf (3.0048) over (3.0046) ...
Preparing to unpack .../06-libgprofng0_2.43.50.20250108-1_amd64.deb ...
Unpacking libgprofng0:amd64 (2.43.50.20250108-1) over (2.43.50.20241221-1) ...
Preparing to unpack .../07-libctf0_2.43.50.20250108-1_amd64.deb ...
Unpacking libctf0:amd64 (2.43.50.20250108-1) over (2.43.50.20241221-1) ...
Preparing to unpack .../08-libctf-nobfd0_2.43.50.20250108-1_amd64.deb ...
Unpacking libctf-nobfd0:amd64 (2.43.50.20250108-1) over (2.43.50.20241221-1) ...
Preparing to unpack .../09-binutils-x86-64-linux-gnu_2.43.50.20250108-1_amd64.deb ...
Unpacking binutils-x86-64-linux-gnu (2.43.50.20250108-1) over (2.43.50.20241221-1) ...
Preparing to unpack .../10-libbinutils_2.43.50.20250108-1_amd64.deb ...
Unpacking libbinutils:amd64 (2.43.50.20250108-1) over (2.43.50.20241221-1) ...
Preparing to unpack .../11-binutils_2.43.50.20250108-1_amd64.deb ...
Unpacking binutils (2.43.50.20250108-1) over (2.43.50.20241221-1) ...
Preparing to unpack .../12-binutils-common_2.43.50.20250108-1_amd64.deb ...
Unpacking binutils-common:amd64 (2.43.50.20250108-1) over (2.43.50.20241221-1) ...
Preparing to unpack .../13-libsframe1_2.43.50.20250108-1_amd64.deb ...
Unpacking libsframe1:amd64 (2.43.50.20250108-1) over (2.43.50.20241221-1) ...
Preparing to unpack .../14-dpkg-dev_1.22.14_all.deb ...
Unpacking dpkg-dev (1.22.14) over (1.22.11) ...
Preparing to unpack .../15-libdpkg-perl_1.22.14_all.deb ...
Unpacking libdpkg-perl (1.22.14) over (1.22.11) ...
Preparing to unpack .../16-gettext_0.23.1-1_amd64.deb ...
Unpacking gettext (0.23.1-1) over (0.22.5-3) ...
Preparing to unpack .../17-gpg_2.2.46-1+b1_amd64.deb ...
Unpacking gpg (2.2.46-1+b1) over (2.2.45-2) ...
Preparing to unpack .../18-gpgconf_2.2.46-1+b1_amd64.deb ...
Unpacking gpgconf (2.2.46-1+b1) over (2.2.45-2) ...
Preparing to unpack .../19-libhtml-parser-perl_3.83-1+b2_amd64.deb ...
Unpacking libhtml-parser-perl:amd64 (3.83-1+b2) over (3.83-1+b1) ...
Preparing to unpack .../20-libcgi-pm-perl_4.67-1_all.deb ...
Unpacking libcgi-pm-perl (4.67-1) over (4.66-1) ...
Preparing to unpack .../21-libcom-err2_1.47.2-1_amd64.deb ...
Unpacking libcom-err2:amd64 (1.47.2-1) over (1.47.2~rc1-2) ...
Preparing to unpack .../22-libcpanel-json-xs-perl_4.39-1_amd64.deb ...
Unpacking libcpanel-json-xs-perl:amd64 (4.39-1) over (4.38-1+b1) ...
Preparing to unpack .../23-libsasl2-modules-db_2.1.28+dfsg1-8+b1_amd64.deb ...
Unpacking libsasl2-modules-db:amd64 (2.1.28+dfsg1-8+b1) over (2.1.28+dfsg1-8) ...
Preparing to unpack .../24-libsasl2-2_2.1.28+dfsg1-8+b1_amd64.deb ...
Unpacking libsasl2-2:amd64 (2.1.28+dfsg1-8+b1) over (2.1.28+dfsg1-8) ...
Selecting previously unselected package libldap2:amd64.
Preparing to unpack .../25-libldap2_2.6.9+dfsg-1_amd64.deb ...
Unpacking libldap2:amd64 (2.6.9+dfsg-1) ...
Preparing to unpack .../26-libcurl3t64-gnutls_8.11.1-1+b1_amd64.deb ...
Unpacking libcurl3t64-gnutls:amd64 (8.11.1-1+b1) over (8.11.1-1) ...
Preparing to unpack .../27-libglib2.0-0t64_2.82.4-2_amd64.deb ...
Unpacking libglib2.0-0t64:amd64 (2.82.4-2) over (2.82.4-1) ...
Preparing to unpack .../28-libicu72_72.1-6_amd64.deb ...
Unpacking libicu72:amd64 (72.1-6) over (72.1-5+b1) ...
Selecting previously unselected package libldap-common.
Preparing to unpack .../29-libldap-common_2.6.9+dfsg-1_all.deb ...
Unpacking libldap-common (2.6.9+dfsg-1) ...
Preparing to unpack .../30-liblz1_1.15-1_amd64.deb ...
Unpacking liblz1:amd64 (1.15-1) over (1.15~rc1-1) ...
Preparing to unpack .../31-libss2_1.47.2-1_amd64.deb ...
Unpacking libss2:amd64 (1.47.2-1) over (1.47.2~rc1-2) ...
Preparing to unpack .../32-libtext-markdown-discount-perl_0.17-1_amd64.deb ...
Unpacking libtext-markdown-discount-perl (0.17-1) over (0.16-1+b3) ...
Preparing to unpack .../33-libxs-parse-keyword-perl_0.48-1_amd64.deb ...
Unpacking libxs-parse-keyword-perl (0.48-1) over (0.47-1) ...
Preparing to unpack .../34-openssl_3.4.0-2_amd64.deb ...
Unpacking openssl (3.4.0-2) over (3.3.2-2) ...
Setting up liblz1:amd64 (1.15-1) ...
Setting up libtext-charwidth-perl:amd64 (0.04-11+b4) ...
Setting up libicu72:amd64 (72.1-6) ...
Setting up bsdextrautils (2.40.4-1) ...
Setting up libcpanel-json-xs-perl:amd64 (4.39-1) ...
Setting up binutils-common:amd64 (2.43.50.20250108-1) ...
Installing new version of config file /etc/gprofng.rc ...
Setting up libctf-nobfd0:amd64 (2.43.50.20250108-1) ...
Setting up gettext-base (0.23.1-1) ...
Setting up libtext-markdown-discount-perl (0.17-1) ...
Setting up libcom-err2:amd64 (1.47.2-1) ...
Setting up libgomp1:amd64 (14.2.0-14) ...
Setting up libldap-common (2.6.9+dfsg-1) ...
Setting up libtext-wrapi18n-perl (0.06-10) ...
Setting up libsframe1:amd64 (2.43.50.20250108-1) ...
Setting up libsasl2-modules-db:amd64 (2.1.28+dfsg1-8+b1) ...
Setting up tzdata (2024b-6) ...

Current default time zone: 'Etc/UTC'
Local time is now:      Fri Jan 17 00:31:03 UTC 2025.
Universal Time is now:  Fri Jan 17 00:31:03 UTC 2025.
Run 'dpkg-reconfigure tzdata' if you wish to change it.

Setting up libxs-parse-keyword-perl (0.48-1) ...
Setting up libatomic1:amd64 (14.2.0-14) ...
Setting up libss2:amd64 (1.47.2-1) ...
Setting up ucf (3.0048) ...
Setting up libdpkg-perl (1.22.14) ...
Setting up logsave (1.47.2-1) ...
Setting up libsasl2-2:amd64 (2.1.28+dfsg1-8+b1) ...
Setting up mount (2.40.4-1) ...
Setting up libhtml-parser-perl:amd64 (3.83-1+b2) ...
Setting up gpgconf (2.2.46-1+b1) ...
Setting up libbinutils:amd64 (2.43.50.20250108-1) ...
Setting up openssl (3.4.0-2) ...
Setting up libldap2:amd64 (2.6.9+dfsg-1) ...
Setting up gpg (2.2.46-1+b1) ...
Setting up login (1:4.16.0-2+really2.40.4-1) ...
Setting up libctf0:amd64 (2.43.50.20250108-1) ...
Setting up gettext (0.23.1-1) ...
Setting up libcgi-pm-perl (4.67-1) ...
Setting up libcurl3t64-gnutls:amd64 (8.11.1-1+b1) ...
Setting up e2fsprogs (1.47.2-1) ...
Setting up libglib2.0-0t64:amd64 (2.82.4-2) ...
No schema files found: doing nothing.
Setting up libgprofng0:amd64 (2.43.50.20250108-1) ...
Setting up binutils-x86-64-linux-gnu (2.43.50.20250108-1) ...
Setting up binutils (2.43.50.20250108-1) ...
Setting up dpkg-dev (1.22.14) ...
Processing triggers for libc-bin (2.40-5) ...
Processing triggers for man-db (2.13.0-1) ...
Processing triggers for debianutils (5.21) ...
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be REMOVED:
  libldap-2.5-0*
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 578 kB disk space will be freed.
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17092 files and directories currently installed.)
Removing libldap-2.5-0:amd64 (2.5.19+dfsg-1) ...
Processing triggers for libc-bin (2.40-5) ...
autopkgtest [00:31:06]: testbed running kernel: Linux 6.1.0-29-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.123-1 (2025-01-02)
autopkgtest [00:31:06]: @@@@@@@@@@@@@@@@@@@@ source /tmp/debusine-fetch-exec-upload-no12pftr/chkrootkit_0.58b-3.dsc
gpg: Signature made Mon Sep 30 14:15:58 2024 UTC
gpg:                using EDDSA key A3CC9C870B9D310ABAD4CF2F51722B08FE4745A2
gpg: Can't check signature: No public key
dpkg-source: warning: cannot verify inline signature for /tmp/autopkgtest.moK5bE/chkrootkit_0.58b-3.dsc: no acceptable signature found
dpkg-source: info: extracting chkrootkit in src
dpkg-source: info: unpacking chkrootkit_0.58b.orig.tar.gz
dpkg-source: info: unpacking chkrootkit_0.58b-3.debian.tar.xz
dpkg-source: info: using patch list from debian/patches/series
dpkg-source: info: applying 01_nostrip.patch
dpkg-source: info: applying 02_workingdir.patch
dpkg-source: info: applying 03_linedup_reports.patch
dpkg-source: info: applying 04_backslashes.patch
dpkg-source: info: applying 05_disable_enye.patch
dpkg-source: info: applying 06_quiet.patch
dpkg-source: info: applying 07_promisc.patch
dpkg-source: info: applying 08_unidentified.patch
dpkg-source: info: applying 09_excludes.patch
dpkg-source: info: applying 10_fixwarnings.patch
dpkg-source: info: applying 11_logpath.patch
dpkg-source: info: applying 12_procpsv3.patch
dpkg-source: info: applying 13_exitcode.patch
dpkg-source: info: applying 14_chkutmp.patch
dpkg-source: info: applying 15_kfreebsd.patch
dpkg-source: info: applying 16_php.patch
dpkg-source: info: applying 17_Suckitfalse.patch
dpkg-source: info: applying 18_fix-stack-smash.patch
dpkg-source: info: applying 19_openssh.patch
dpkg-source: info: applying 20_Proper-flags.patch
dpkg-source: info: applying 21_fix_loc_function.patch
dpkg-source: info: applying 24_ser2net_exception_in_scalper.patch
dpkg-source: info: applying 25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch
dpkg-source: info: applying 26_improve-info-help-display.patch
dpkg-source: info: applying 27_fix-race-condition-ps-proc.patch
dpkg-source: info: applying 28_chkdirs-fix-memory-leak.patch
dpkg-source: info: applying 29_chkdirs-fix-dead-code.patch
dpkg-source: info: applying 30_chklastlog-fix-out-of-bounds-access.patch
dpkg-source: info: applying 31_ifpromisc-always-null-terminate-interface-names.patch
dpkg-source: info: applying 32_chkdirs-use-strdup-to-avoid-stringop-overflow-warning.patch
dpkg-source: info: applying 33_chklastlog-silence-array-bounds-warning.patch
dpkg-source: info: applying 34_chkwtmp-silence-array-bounds-warning.patch
dpkg-source: info: applying 35_ifpromisc-solve-unused-result-warnings.patch
dpkg-source: info: applying 36_chkproc-silence-unused-result-warnings.patch
dpkg-source: info: applying 37_chkutmp-silence-unused-result-warnings.patch
dpkg-source: info: applying 38_chklastlog-resolve-signed-comparison.patch
dpkg-source: info: applying 39_chkproc-resolve-signed-comparison.patch
dpkg-source: info: applying 40_strings-resolve-signed-comparison.patch
dpkg-source: info: applying 41_chkutmp-silence-unused-parameter-warnings.patch
dpkg-source: info: applying 42_chkdirs-annotate-usage-with-noreturn.patch
dpkg-source: info: applying 43_chklastlog-remove-unused-and-shadowing-variable.patch
dpkg-source: info: applying 44_ifpromisc-do-not-discard-const-qualifier.patch
dpkg-source: info: applying 45_chkproc-do-not-discard-const-qualifier.patch
dpkg-source: info: applying 46_chkutmp-do-not-discard-const-qualifier.patch
dpkg-source: info: applying 47_chklastlog-remove-dead-assignment.patch
dpkg-source: info: applying 48_chkdirs-free-memory-on-failure.patch
dpkg-source: info: applying 49_chkdirs-fix-return-logic.patch
dpkg-source: info: applying 50_strings-drop-dead-assignment.patch
dpkg-source: info: applying 51_chkdirs-resolve-signed-comparison.patch
dpkg-source: info: applying 52_chkdirs-fix-spelling-error-and-whitespace.patch
dpkg-source: info: applying 54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch
dpkg-source: info: applying 56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch
dpkg-source: info: applying 57_chutmp-improve-message-if-processes-without-tty-are-found.patch
dpkg-source: info: applying 58_chkrootkit-improve-output.patch
dpkg-source: info: applying 59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch
dpkg-source: info: applying 60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch
dpkg-source: info: applying 61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch
dpkg-source: info: applying 62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch
dpkg-source: info: applying 63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch
dpkg-source: info: applying 53_chkrootkit-remove-trailing-whitespace.patch
dpkg-source: info: applying 64_chkrootkit-Define-egrep-later-to-support-p.patch
dpkg-source: info: applying 65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch
dpkg-source: info: applying 66_chkrootkit-Make-output-consistent.patch
dpkg-source: info: applying 67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch
dpkg-source: info: applying 68_checkrootkit-use-ROOTDIR-consistently.patch
dpkg-source: info: applying 69_chkrootkit-fix-syntax-errors-in-chk_login.patch
dpkg-source: info: applying 70_chkrootkit-fix-chk_date.patch
dpkg-source: info: applying 71_chkrootkit-use-grep-not-grep-in-tests.patch
dpkg-source: info: applying 72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch
dpkg-source: info: applying 73_chkrootkit-fix-netstat-and-ss-tests.patch
dpkg-source: info: applying 74_chkrootkit-Make-chkutmp-should-support-p.patch
dpkg-source: info: applying 75_chkrootkit-More-instances-where-x-should-be-x.patch
dpkg-source: info: applying 77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch
dpkg-source: info: applying 78_chkrootkit-fix-test-for-ebury-1.6.patch
dpkg-source: info: applying 80_chkrootkit-make-output-consistent-aliens.patch
dpkg-source: info: applying 81_chkrootkit-add-missing-braces-in-bindshell-test.patch
dpkg-source: info: applying 82_chkrootkit-clarify-output-from-lkm-test.patch
dpkg-source: info: applying 83_chkrotkit-Clarify-output-from-other-TOOLS.patch
dpkg-source: info: applying 84_chkrootkit-simplify-chk_inetdconf.patch
dpkg-source: info: applying 85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch
dpkg-source: info: applying 86_chkrootkit-usrmerge-fix.patch
dpkg-source: info: applying 87a_ifpromisc-Add-a-return-value.patch
dpkg-source: info: applying 87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch
dpkg-source: info: applying chkrootkit-Fix-most-shellcheck-issues.patch
dpkg-source: info: applying chkrootkit-fix-relative-dirs-in-PATH.patch
dpkg-source: info: applying chkrootkit-Fix-output-from-HKRK-if-r-set.patch
dpkg-source: info: applying chkrootkit-Fix-rootedir-check-when-r-set.patch
dpkg-source: info: applying chkrootkit-Fix-for-syslogk-test.patch
dpkg-source: info: applying chkrootkit-skip-test-for-syslogk-when-r-given.patch
dpkg-source: info: applying chkrootkit-improve-chkutmp-output-when-r-given.patch
dpkg-source: info: applying chkrootkit-Make-test-for-BPFDoor-work-with-r.patch
dpkg-source: info: applying chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch
dpkg-source: info: applying chkrootkit-check-reported-files-using-dpkg-query.patch
dpkg-source: info: applying chkrootkit-Make-e-apply-to-tests-using-find.patch
dpkg-source: info: applying chkrootkit-Use-e-on-more-tests.patch
dpkg-source: info: applying chkrootkit-Allow-running-as-non-root.patch
dpkg-source: info: applying chkrootkit-Better-error-messages.patch
dpkg-source: info: applying chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch
dpkg-source: info: applying chkrootkit-allow-chkdirs-to-be-used-with-r.patch
dpkg-source: info: applying chkrootkit-more-better-error-messages.patch
dpkg-source: info: applying chkrootkit-Make-test-for-.history-files-work-with-r.patch
dpkg-source: info: applying chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch
dpkg-source: info: applying chkrootkit-incomplete-fix-for-ldsopreload.patch
dpkg-source: info: applying chkrootkit-minor-fixup.patch
autopkgtest [00:31:07]: testing package chkrootkit version 0.58b-3
autopkgtest [00:31:07]: build not needed
autopkgtest [00:31:07]: test test-chkrootkit: preparing testbed
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
  apt-utils
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 329 kB of archives.
After this operation, 1100 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian sid/main amd64 apt-utils amd64 2.9.22 [329 kB]
Fetched 329 kB in 0s (5729 kB/s)
Selecting previously unselected package apt-utils.
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17082 files and directories currently installed.)
Preparing to unpack .../apt-utils_2.9.22_amd64.deb ...
Unpacking apt-utils (2.9.22) ...
Setting up apt-utils (2.9.22) ...
Processing triggers for man-db (2.13.0-1) ...
Ign:1 file:/tmp/autopkgtest.moK5bE/binaries  InRelease
Get:2 file:/tmp/autopkgtest.moK5bE/binaries  Release [816 B]
Get:2 file:/tmp/autopkgtest.moK5bE/binaries  Release [816 B]
Ign:3 file:/tmp/autopkgtest.moK5bE/binaries  Release.gpg
Get:4 file:/tmp/autopkgtest.moK5bE/binaries  Packages [68.9 kB]
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
Starting pkgProblemResolver with broken count: 0
Starting 2 pkgProblemResolver with broken count: 0
Done
The following packages will be upgraded:
  binutils binutils-common binutils-x86-64-linux-gnu libbinutils libctf-nobfd0
  libctf0 libgprofng0 libsframe1
8 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/6632 kB of archives.
After this operation, 4096 B disk space will be freed.
Get:1 file:/tmp/autopkgtest.moK5bE/binaries  libgprofng0 2.43.50.20250108-1.1 [806 kB]
Get:2 file:/tmp/autopkgtest.moK5bE/binaries  libctf0 2.43.50.20250108-1.1 [88.5 kB]
Get:3 file:/tmp/autopkgtest.moK5bE/binaries  libctf-nobfd0 2.43.50.20250108-1.1 [155 kB]
Get:4 file:/tmp/autopkgtest.moK5bE/binaries  binutils-x86-64-linux-gnu 2.43.50.20250108-1.1 [2277 kB]
Get:5 file:/tmp/autopkgtest.moK5bE/binaries  libbinutils 2.43.50.20250108-1.1 [533 kB]
Get:6 file:/tmp/autopkgtest.moK5bE/binaries  binutils 2.43.50.20250108-1.1 [68.5 kB]
Get:7 file:/tmp/autopkgtest.moK5bE/binaries  binutils-common 2.43.50.20250108-1.1 [2626 kB]
Get:8 file:/tmp/autopkgtest.moK5bE/binaries  libsframe1 2.43.50.20250108-1.1 [77.8 kB]
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17164 files and directories currently installed.)
Preparing to unpack .../0-libgprofng0.deb ...
Unpacking libgprofng0:amd64 (2.43.50.20250108-1.1) over (2.43.50.20250108-1) ...
Preparing to unpack .../1-libctf0.deb ...
Unpacking libctf0:amd64 (2.43.50.20250108-1.1) over (2.43.50.20250108-1) ...
Preparing to unpack .../2-libctf-nobfd0.deb ...
Unpacking libctf-nobfd0:amd64 (2.43.50.20250108-1.1) over (2.43.50.20250108-1) ...
Preparing to unpack .../3-binutils-x86-64-linux-gnu.deb ...
Unpacking binutils-x86-64-linux-gnu (2.43.50.20250108-1.1) over (2.43.50.20250108-1) ...
Preparing to unpack .../4-libbinutils.deb ...
Unpacking libbinutils:amd64 (2.43.50.20250108-1.1) over (2.43.50.20250108-1) ...
Preparing to unpack .../5-binutils.deb ...
Unpacking binutils (2.43.50.20250108-1.1) over (2.43.50.20250108-1) ...
Preparing to unpack .../6-binutils-common.deb ...
Unpacking binutils-common:amd64 (2.43.50.20250108-1.1) over (2.43.50.20250108-1) ...
Preparing to unpack .../7-libsframe1.deb ...
Unpacking libsframe1:amd64 (2.43.50.20250108-1.1) over (2.43.50.20250108-1) ...
Setting up binutils-common:amd64 (2.43.50.20250108-1.1) ...
Setting up libctf-nobfd0:amd64 (2.43.50.20250108-1.1) ...
Setting up libsframe1:amd64 (2.43.50.20250108-1.1) ...
Setting up libbinutils:amd64 (2.43.50.20250108-1.1) ...
Setting up libctf0:amd64 (2.43.50.20250108-1.1) ...
Setting up libgprofng0:amd64 (2.43.50.20250108-1.1) ...
Setting up binutils-x86-64-linux-gnu (2.43.50.20250108-1.1) ...
Setting up binutils (2.43.50.20250108-1.1) ...
Processing triggers for libc-bin (2.40-5) ...
Processing triggers for man-db (2.13.0-1) ...
W: --force-yes is deprecated, use one of the options starting with --allow instead.
Reading package lists...
Building dependency tree...
Reading state information...
Starting pkgProblemResolver with broken count: 0
Starting 2 pkgProblemResolver with broken count: 0
Done
The following NEW packages will be installed:
  chkrootkit iproute2 libbpf1 libcap2-bin libelf1t64 libmnl0 libtirpc-common
  libtirpc3t64 libxtables12 net-tools
0 upgraded, 10 newly installed, 0 to remove and 0 not upgraded.
Need to get 1851 kB/2169 kB of archives.
After this operation, 8026 kB of additional disk space will be used.
Get:1 file:/tmp/autopkgtest.moK5bE/binaries  chkrootkit 0.58b-3+b1 [317 kB]
Get:2 http://deb.debian.org/debian sid/main amd64 libelf1t64 amd64 0.192-4 [189 kB]
Get:3 http://deb.debian.org/debian sid/main amd64 libbpf1 amd64 1:1.5.0-2 [169 kB]
Get:4 http://deb.debian.org/debian sid/main amd64 libmnl0 amd64 1.0.5-3 [11.9 kB]
Get:5 http://deb.debian.org/debian sid/main amd64 libtirpc-common all 1.3.4+ds-1.3 [10.9 kB]
Get:6 http://deb.debian.org/debian sid/main amd64 libtirpc3t64 amd64 1.3.4+ds-1.3+b1 [83.1 kB]
Get:7 http://deb.debian.org/debian sid/main amd64 libxtables12 amd64 1.8.11-2 [31.9 kB]
Get:8 http://deb.debian.org/debian sid/main amd64 libcap2-bin amd64 1:2.66-5+b1 [35.3 kB]
Get:9 http://deb.debian.org/debian sid/main amd64 iproute2 amd64 6.12.0-1 [1077 kB]
Get:10 http://deb.debian.org/debian sid/main amd64 net-tools amd64 2.10-1.1 [243 kB]
Preconfiguring packages ...
Fetched 1851 kB in 0s (27.6 MB/s)
Selecting previously unselected package libelf1t64:amd64.
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 17164 files and directories currently installed.)
Preparing to unpack .../0-libelf1t64_0.192-4_amd64.deb ...
Unpacking libelf1t64:amd64 (0.192-4) ...
Selecting previously unselected package libbpf1:amd64.
Preparing to unpack .../1-libbpf1_1%3a1.5.0-2_amd64.deb ...
Unpacking libbpf1:amd64 (1:1.5.0-2) ...
Selecting previously unselected package libmnl0:amd64.
Preparing to unpack .../2-libmnl0_1.0.5-3_amd64.deb ...
Unpacking libmnl0:amd64 (1.0.5-3) ...
Selecting previously unselected package libtirpc-common.
Preparing to unpack .../3-libtirpc-common_1.3.4+ds-1.3_all.deb ...
Unpacking libtirpc-common (1.3.4+ds-1.3) ...
Selecting previously unselected package libtirpc3t64:amd64.
Preparing to unpack .../4-libtirpc3t64_1.3.4+ds-1.3+b1_amd64.deb ...
Adding 'diversion of /lib/x86_64-linux-gnu/libtirpc.so.3 to /lib/x86_64-linux-gnu/libtirpc.so.3.usr-is-merged by libtirpc3t64'
Adding 'diversion of /lib/x86_64-linux-gnu/libtirpc.so.3.0.0 to /lib/x86_64-linux-gnu/libtirpc.so.3.0.0.usr-is-merged by libtirpc3t64'
Unpacking libtirpc3t64:amd64 (1.3.4+ds-1.3+b1) ...
Selecting previously unselected package libxtables12:amd64.
Preparing to unpack .../5-libxtables12_1.8.11-2_amd64.deb ...
Unpacking libxtables12:amd64 (1.8.11-2) ...
Selecting previously unselected package libcap2-bin.
Preparing to unpack .../6-libcap2-bin_1%3a2.66-5+b1_amd64.deb ...
Unpacking libcap2-bin (1:2.66-5+b1) ...
Selecting previously unselected package iproute2.
Preparing to unpack .../7-iproute2_6.12.0-1_amd64.deb ...
Unpacking iproute2 (6.12.0-1) ...
Selecting previously unselected package chkrootkit.
Preparing to unpack .../8-chkrootkit.deb ...
Unpacking chkrootkit (0.58b-3+b1) ...
Selecting previously unselected package net-tools.
Preparing to unpack .../9-net-tools_2.10-1.1_amd64.deb ...
Unpacking net-tools (2.10-1.1) ...
Setting up net-tools (2.10-1.1) ...
Setting up libtirpc-common (1.3.4+ds-1.3) ...
Setting up libelf1t64:amd64 (0.192-4) ...
Setting up libcap2-bin (1:2.66-5+b1) ...
Setting up chkrootkit (0.58b-3+b1) ...
Setting up libmnl0:amd64 (1.0.5-3) ...
Setting up libxtables12:amd64 (1.8.11-2) ...
Setting up libbpf1:amd64 (1:1.5.0-2) ...
Setting up libtirpc3t64:amd64 (1.3.4+ds-1.3+b1) ...
Setting up iproute2 (6.12.0-1) ...
Processing triggers for man-db (2.13.0-1) ...
Processing triggers for libc-bin (2.40-5) ...
autopkgtest [00:31:19]: test test-chkrootkit: [-----------------------
copy: awk from /usr/bin/mawk to /tmp/clean
copy: cut from /usr/bin/cut to /tmp/clean
copy: echo from /usr/bin/echo to /tmp/clean
copy: grep from /usr/bin/grep to /tmp/clean
copy: find from /usr/bin/find to /tmp/clean
copy: head from /usr/bin/head to /tmp/clean
copy: id from /usr/bin/id to /tmp/clean
copy: ls from /usr/bin/ls to /tmp/clean
copy: ps from /usr/bin/ps to /tmp/clean
copy: sed from /usr/bin/sed to /tmp/clean
copy: strings from /usr/bin/x86_64-linux-gnu-strings to /tmp/clean
copy: uname from /usr/bin/uname to /tmp/clean
copy: ss from /usr/bin/ss to /tmp/clean
copy: netstat from /usr/bin/netstat to /tmp/clean
copy: dirname from /usr/bin/dirname to /tmp/clean
copy: xargs from /usr/bin/xargs to /tmp/clean
copy: dpkg-query from /usr/bin/dpkg-query to /tmp/clean
total 1944
drwxr-xr-x 2 root root   4096 Jan 17 00:31 .
drwxrwxrwt 5 root root   4096 Jan 17 00:31 ..
-rwxr-xr-x 1 root root 166568 Sep 12 21:55 awk
-rwxr-xr-x 1 root root  52240 Oct 23 15:36 cut
-rwxr-xr-x 1 root root  43856 Oct 23 15:36 dirname
-rwxr-xr-x 1 root root 166672 Jan 16 02:56 dpkg-query
-rwxr-xr-x 1 root root  43856 Oct 23 15:36 echo
-rwxr-xr-x 1 root root 233040 Aug 10 08:47 find
-rwxr-xr-x 1 root root 203152 Jan  4  2024 grep
-rwxr-xr-x 1 root root  52176 Oct 23 15:36 head
-rwxr-xr-x 1 root root  52240 Oct 23 15:36 id
-rwxr-xr-x 1 root root 155472 Oct 23 15:36 ls
-rwxr-xr-x 1 root root 155304 Apr 21  2024 netstat
-rwxr-xr-x 1 root root 154552 Sep 29 21:24 ps
-rwxr-xr-x 1 root root 126424 Jan  1  2024 sed
-rwxr-xr-x 1 root root 207872 Nov 21 14:16 ss
-rwxr-xr-x 1 root root  31808 Jan 16 12:28 strings
-rwxr-xr-x 1 root root  43888 Oct 23 15:36 uname
-rwxr-xr-x 1 root root  76232 Aug 10 08:47 xargs
* Running test-chkrootkit  (from: /tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests)...
** env
SHELL=/bin/bash
AUTOPKGTEST_NORMAL_USER=unshare
AUTOPKGTEST_TMP=/tmp/autopkgtest.moK5bE/autopkgtest_tmp
PWD=/tmp/autopkgtest.moK5bE/build.o4r/src
HOME=/root
LANG=C.UTF-8
ADTTMP=/tmp/autopkgtest.moK5bE/autopkgtest_tmp
AUTOPKGTEST_ARTIFACTS=/tmp/autopkgtest.moK5bE/test-chkrootkit-artifacts
USER=root
DEB_BUILD_OPTIONS=parallel=4
SHLVL=1
ADT_NORMAL_USER=unshare
ADT_ARTIFACTS=/tmp/autopkgtest.moK5bE/test-chkrootkit-artifacts
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
MAIL=/var/mail/root
DEBIAN_FRONTEND=noninteractive
OLDPWD=/
_=/usr/bin/env
MY_BUILD_DIR=/tmp/autopkgtest.moK5bE
** other info
ls /var/run/utmp
ls: cannot access '/var/run/utmp': No such file or directory
ls /var/log/wtmp
-rw-rw-r-- 1 root utmp 0 Dec 30 00:18 /var/log/wtmp
ls /var/log/lastlog
-rw-rw-r-- 1 root utmp 0 Dec 30 00:18 /var/log/lastlog
* Setting up the testsuite
** README
The purpose of this tests is to check that the actual output is as we expect.

This tests that both chkrootkit (directly invoked) and its chkrootkit-daily
(systemd timer/cronjob) work with various combinations of options.

- Each test has a file listing regexps: each listed regexp must match
  against the output or the test will fail: the 'fix' will often be
  to update the .expected file
- (these are in debian/test/*.expected)
- Output not matched by any such regexp is listed (with some known
  exceptions removed), but does not cause failure
- This testsuite is designed to run in a sbuild schroot or via the CI
  pipeline on salsa.debian.org: you might need to adjust the
  debian/test/*.expected files if running in some other way.

** Ensuring chkrootkit finds as much to test as we can
Making /usr/sbin/amd
Making /etc/amd.conf
Making /usr/sbin/biff
Making /etc/biff.conf
Making /usr/sbin/cron
Making /etc/cron.conf
Making /usr/sbin/crontab
Making /etc/crontab.conf
Making /usr/sbin/fingerd
Making /etc/fingerd.conf
Making /usr/sbin/in.fingerd
Making /etc/in.fingerd.conf
Making /usr/sbin/gpm
Making /etc/gpm.conf
Making /usr/sbin/hdparm
Making /etc/hdparm.conf
Making /usr/sbin/inetd
Making /etc/inetd.conf
Making /usr/sbin/in.identd
Making /etc/in.identd.conf
Making /usr/sbin/inetdconf
Making /etc/inetdconf.conf
Making /usr/sbin/init
Making /etc/init.conf
Making /usr/sbin/killall
Making /etc/killall.conf
Making /usr/sbin/lsof
Making /etc/lsof.conf
Making /usr/sbin/mail
Making /etc/mail.conf
Making /usr/sbin/mingetty
Making /etc/mingetty.conf
Making /usr/sbin/named
Making /etc/named.conf
Making /usr/sbin/in.pop2d
Making /etc/in.pop2d.conf
Making /usr/sbin/in.pop3d
Making /etc/in.pop3d.conf
Making /usr/sbin/write
Making /etc/write.conf
Making /usr/sbin/pstree
Making /etc/pstree.conf
Making /usr/sbin/rpcinfo
Making /etc/rpcinfo.conf
Making /usr/sbin/rlogind
Making /etc/rlogind.conf
Making /usr/sbin/in.rshd
Making /etc/in.rshd.conf
Making /usr/sbin/slogin
Making /etc/slogin.conf
Making /usr/sbin/sendmail
Making /etc/sendmail.conf
Making /usr/sbin/sshd
Making /etc/sshd.conf
Making /usr/sbin/syslogd
Making /etc/syslogd.conf
Making /usr/sbin/tcpd
Making /etc/tcpd.conf
Making /usr/sbin/tcpdump
Making /etc/tcpdump.conf
Making /usr/sbin/telnetd
Making /etc/telnetd.conf
Making /usr/sbin/timed
Making /etc/timed.conf
Making /usr/sbin/traceroute
Making /etc/traceroute.conf
MADE: /usr/sbin/amd /etc/amd.conf /usr/sbin/biff /etc/biff.conf /usr/sbin/cron /etc/cron.conf /usr/sbin/crontab /etc/crontab.conf /usr/sbin/fingerd /etc/fingerd.conf /usr/sbin/in.fingerd /etc/in.fingerd.conf /usr/sbin/gpm /etc/gpm.conf /usr/sbin/hdparm /etc/hdparm.conf /usr/sbin/inetd /etc/inetd.conf /usr/sbin/in.identd /etc/in.identd.conf /usr/sbin/inetdconf /etc/inetdconf.conf /usr/sbin/init /etc/init.conf /usr/sbin/killall /etc/killall.conf /usr/sbin/lsof /etc/lsof.conf /usr/sbin/mail /etc/mail.conf /usr/sbin/mingetty /etc/mingetty.conf /usr/sbin/named /etc/named.conf /usr/sbin/in.pop2d /etc/in.pop2d.conf /usr/sbin/in.pop3d /etc/in.pop3d.conf /usr/sbin/write /etc/write.conf /usr/sbin/pstree /etc/pstree.conf /usr/sbin/rpcinfo /etc/rpcinfo.conf /usr/sbin/rlogind /etc/rlogind.conf /usr/sbin/in.rshd /etc/in.rshd.conf /usr/sbin/slogin /etc/slogin.conf /usr/sbin/sendmail /etc/sendmail.conf /usr/sbin/sshd /etc/sshd.conf /usr/sbin/syslogd /etc/syslogd.conf /usr/sbin/tcpd /etc/tcpd.conf /usr/sbin/tcpdump /etc/tcpdump.conf /usr/sbin/telnetd /etc/telnetd.conf /usr/sbin/timed /etc/timed.conf /usr/sbin/traceroute /etc/traceroute.conf
MOVED to .orig: /usr/sbin/amd /etc/amd.conf /usr/sbin/biff /etc/biff.conf /usr/sbin/cron /etc/cron.conf /usr/sbin/crontab /etc/crontab.conf /usr/sbin/fingerd /etc/fingerd.conf /usr/sbin/in.fingerd /etc/in.fingerd.conf /usr/sbin/gpm /etc/gpm.conf /usr/sbin/hdparm /etc/hdparm.conf /usr/sbin/inetd /etc/inetd.conf /usr/sbin/in.identd /etc/in.identd.conf /usr/sbin/inetdconf /etc/inetdconf.conf /usr/sbin/init /etc/init.conf /usr/sbin/killall /etc/killall.conf /usr/sbin/lsof /etc/lsof.conf /usr/sbin/mail /etc/mail.conf /usr/sbin/mingetty /etc/mingetty.conf /usr/sbin/named /etc/named.conf /usr/sbin/in.pop2d /etc/in.pop2d.conf /usr/sbin/in.pop3d /etc/in.pop3d.conf /usr/sbin/write /etc/write.conf /usr/sbin/pstree /etc/pstree.conf /usr/sbin/rpcinfo /etc/rpcinfo.conf /usr/sbin/rlogind /etc/rlogind.conf /usr/sbin/in.rshd /etc/in.rshd.conf /usr/sbin/slogin /etc/slogin.conf /usr/sbin/sendmail /etc/sendmail.conf /usr/sbin/sshd /etc/sshd.conf /usr/sbin/syslogd /etc/syslogd.conf /usr/sbin/tcpd /etc/tcpd.conf /usr/sbin/tcpdump /etc/tcpdump.conf /usr/sbin/telnetd /etc/telnetd.conf /usr/sbin/timed /etc/timed.conf /usr/sbin/traceroute /etc/traceroute.conf
Done
Preserving existing /etc/chkrootkit/chkrootkit.conf as /etc/chkrootkit/chkrootkit.conf.orig
Preserving existing /etc/chkrootkit/chkrootkit.ignore as /etc/chkrootkit/chkrootkit.ignore.orig
* Testing: the main binary
** Testing: chkrootkit-0-full (/usr/sbin/chkrootkit) ...
*** Output
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        started
Searching for suspicious files in /dev...                   not found
Searching for known suspicious directories...               not found
Searching for known suspicious files...                     not found
Searching for sniffer's logs...                             not found
Searching for HiDrootkit rootkit...                         not found
Searching for t0rn rootkit...                               not found
Searching for t0rn v8 (or variation)...                     not found
Searching for Lion rootkit...                               not found
Searching for RSHA rootkit...                               not found
Searching for RH-Sharpe rootkit...                          not found
Searching for Ambient (ark) rootkit...                      not found
Searching for suspicious files and dirs...                  not found
Searching for LPD Worm...                                   not found
Searching for Ramen Worm rootkit...                         not found
Searching for Maniac rootkit...                             not found
Searching for RK17 rootkit...                               not found
Searching for Ducoci rootkit...                             not found
Searching for Adore Worm...                                 not found
Searching for ShitC Worm...                                 not found
Searching for Omega Worm...                                 not found
Searching for Sadmind/IIS Worm...                           not found
Searching for MonKit...                                     not found
Searching for Showtee rootkit...                            not found
Searching for OpticKit...                                   not found
Searching for T.R.K...                                      not found
Searching for Mithra rootkit...                             not found
Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                not found
Searching for Romanian rootkit...                           not found
Searching for HKRK rootkit...                               not found
Searching for Suckit rootkit...                             not found
Searching for Volc rootkit...                               not found
Searching for Gold2 rootkit...                              not found
Searching for TC2 rootkit...                                not found
Searching for Anonoying rootkit...                          not found
Searching for ZK rootkit...                                 not found
Searching for ShKit rootkit...                              not found
Searching for AjaKit rootkit...                             not found
Searching for zaRwT rootkit...                              not found
Searching for Madalin rootkit...                            not found
Searching for Fu rootkit...                                 not found
Searching for Kenga3 rootkit...                             not found
Searching for ESRK rootkit...                               not found
Searching for rootedoor...                                  not found
Searching for ENYELKM rootkit...                            not found
Searching for common ssh-scanners...                        not found
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
Searching for Linux/Ebury 1.6...                            not found
Searching for 64-bit Linux Rootkit...                       not found
Searching for 64-bit Linux Rootkit modules...               not found
Searching for Mumblehard...                                 not found
Searching for Backdoor.Linux.Mokes.a...                     not found
Searching for Malicious TinyDNS...                          not found
Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

Searching for Linux.Proxy.1.0...                            not found
Searching for CrossRAT...                                   not found
Searching for Hidden Cobra...                               not found
Searching for Rocke Miner rootkit...                        not found
Searching for PWNLNX4 lkm rootkit...                        not found
Searching for PWNLNX6 lkm rootkit...                        not found
Searching for Umbreon lrk...                                not found
Searching for Kinsing.a backdoor rootkit...                 not found
Searching for RotaJakiro backdoor rootkit...                not found
Searching for Syslogk LKM rootkit...                        not found
Searching for Kovid LKM rootkit...                          not tested
Searching for Tsunami DDoS Malware rootkit...               not found
Searching for Linux BPF Door...                             not found
Searching for suspect PHP files...                          not found
Searching for zero-size shell history files in /root...     not found
Searching for hardlinked shell history files in /root...    not found
Checking `aliens'...                                        finished
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not found
Checking `lkm'...                                           started
Searching for Adore LKM...                                  not tested
Searching for sebek LKM (Adore based)...                    not tested
Searching for knark LKM rootkit...                          not found
Searching for for hidden processes with chkproc...          not found
Searching for for hidden directories using chkdirs...       not found
Checking `lkm'...                                           finished
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       not found
Checking `w55808'...                                        not found
Checking `wted'...                                          not found
Checking `scalper'...                                       not found
Checking `slapper'...                                       not found
Checking `z2'...                                            not found
Checking `chkutmp'...                                       not tested
Checking `OSX_RSPLUG'...                                    not tested
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec 31 14:09 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `amd'\.\.\.                                           not infected$'
Checking `amd'...                                           not infected
OK
**** Test for '^Checking `basename'\.\.\.                                      not infected$'
Checking `basename'...                                      not infected
OK
**** Test for '^Checking `biff'\.\.\.                                          not infected$'
Checking `biff'...                                          not infected
OK
**** Test for '^Checking `chfn'\.\.\.                                          not infected$'
Checking `chfn'...                                          not infected
OK
**** Test for '^Checking `chsh'\.\.\.                                          not infected$'
Checking `chsh'...                                          not infected
OK
**** Test for '^Checking `cron'\.\.\.                                          not infected$'
Checking `cron'...                                          not infected
OK
**** Test for '^Checking `crontab'\.\.\.                                       not infected$'
Checking `crontab'...                                       not infected
OK
**** Test for '^Checking `date'\.\.\.                                          not infected$'
Checking `date'...                                          not infected
OK
**** Test for '^Checking `du'\.\.\.                                            not infected$'
Checking `du'...                                            not infected
OK
**** Test for '^Checking `dirname'\.\.\.                                       not infected$'
Checking `dirname'...                                       not infected
OK
**** Test for '^Checking `echo'\.\.\.                                          not infected$'
Checking `echo'...                                          not infected
OK
**** Test for '^Checking `egrep'\.\.\.                                         not infected$'
Checking `egrep'...                                         not infected
OK
**** Test for '^Checking `env'\.\.\.                                           not infected$'
Checking `env'...                                           not infected
OK
**** Test for '^Checking `find'\.\.\.                                          not infected$'
Checking `find'...                                          not infected
OK
**** Test for '^Checking `fingerd'\.\.\.                                       not infected$'
Checking `fingerd'...                                       not infected
OK
**** Test for '^Checking `gpm'\.\.\.                                           not infected$'
Checking `gpm'...                                           not infected
OK
**** Test for '^Checking `grep'\.\.\.                                          not infected$'
Checking `grep'...                                          not infected
OK
**** Test for '^Checking `hdparm'\.\.\.                                        not infected$'
Checking `hdparm'...                                        not infected
OK
**** Test for '^Checking `su'\.\.\.                                            not infected$'
Checking `su'...                                            not infected
OK
**** Test for '^Checking `ifconfig'\.\.\.                                      not infected$'
Checking `ifconfig'...                                      not infected
OK
**** Test for '^Checking `inetd'\.\.\.                                         not infected$'
Checking `inetd'...                                         not infected
OK
**** Test for '^Checking `inetdconf'\.\.\.                                     not infected$'
Checking `inetdconf'...                                     not infected
OK
**** Test for '^Checking `identd'\.\.\.                                        not infected$'
Checking `identd'...                                        not infected
OK
**** Test for '^Checking `init'\.\.\.                                          not infected$'
Checking `init'...                                          not infected
OK
**** Test for '^Checking `killall'\.\.\.                                       not infected$'
Checking `killall'...                                       not infected
OK
**** Test for '^Checking `ldsopreload'\.\.\.                                   not infected$'
Checking `ldsopreload'...                                   not infected
OK
**** Test for '^Checking `login'\.\.\.                                         not infected$'
Checking `login'...                                         not infected
OK
**** Test for '^Checking `ls'\.\.\.                                            not infected$'
Checking `ls'...                                            not infected
OK
**** Test for '^Checking `lsof'\.\.\.                                          not infected$'
Checking `lsof'...                                          not infected
OK
**** Test for '^Checking `mail'\.\.\.                                          not infected$'
Checking `mail'...                                          not infected
OK
**** Test for '^Checking `mingetty'\.\.\.                                      not infected$'
Checking `mingetty'...                                      not infected
OK
**** Test for '^Checking `netstat'\.\.\.                                       not infected$'
Checking `netstat'...                                       not infected
OK
**** Test for '^Checking `named'\.\.\.                                         not infected$'
Checking `named'...                                         not infected
OK
**** Test for '^Checking `passwd'\.\.\.                                        not infected$'
Checking `passwd'...                                        not infected
OK
**** Test for '^Checking `pidof'\.\.\.                                         not infected$'
Checking `pidof'...                                         not infected
OK
**** Test for '^Checking `pop2'\.\.\.                                          not infected$'
Checking `pop2'...                                          not infected
OK
**** Test for '^Checking `pop3'\.\.\.                                          not infected$'
Checking `pop3'...                                          not infected
OK
**** Test for '^Checking `ps'\.\.\.                                            not infected$'
Checking `ps'...                                            not infected
OK
**** Test for '^Checking `pstree'\.\.\.                                        not infected$'
Checking `pstree'...                                        not infected
OK
**** Test for '^Checking `rpcinfo'\.\.\.                                       not infected$'
Checking `rpcinfo'...                                       not infected
OK
**** Test for '^Checking `rlogind'\.\.\.                                       not infected$'
Checking `rlogind'...                                       not infected
OK
**** Test for '^Checking `rshd'\.\.\.                                          not infected$'
Checking `rshd'...                                          not infected
OK
**** Test for '^Checking `slogin'\.\.\.                                        not infected$'
Checking `slogin'...                                        not infected
OK
**** Test for '^Checking `sendmail'\.\.\.                                      not infected$'
Checking `sendmail'...                                      not infected
OK
**** Test for '^Checking `sshd'\.\.\.                                          not infected$'
Checking `sshd'...                                          not infected
OK
**** Test for '^Checking `syslogd'\.\.\.                                       not infected$'
Checking `syslogd'...                                       not infected
OK
**** Test for '^Checking `tar'\.\.\.                                           not infected$'
Checking `tar'...                                           not infected
OK
**** Test for '^Checking `tcpd'\.\.\.                                          not infected$'
Checking `tcpd'...                                          not infected
OK
**** Test for '^Checking `tcpdump'\.\.\.                                       not infected$'
Checking `tcpdump'...                                       not infected
OK
**** Test for '^Checking `top'\.\.\.                                           not infected$'
Checking `top'...                                           not infected
OK
**** Test for '^Checking `telnetd'\.\.\.                                       not infected$'
Checking `telnetd'...                                       not infected
OK
**** Test for '^Checking `timed'\.\.\.                                         not infected$'
Checking `timed'...                                         not infected
OK
**** Test for '^Checking `traceroute'\.\.\.                                    not infected$'
Checking `traceroute'...                                    not infected
OK
**** Test for '^Checking `vdir'\.\.\.                                          not infected$'
Checking `vdir'...                                          not infected
OK
**** Test for '^Checking `w'\.\.\.                                             not infected$'
Checking `w'...                                             not infected
OK
**** Test for '^Checking `write'\.\.\.                                         not infected$'
Checking `write'...                                         not infected
OK
**** Test for '^Checking `aliens'\.\.\.                                        started$'
Checking `aliens'...                                        started
OK
**** Test for '^Searching for suspicious files in /dev\.\.\.                   not found$'
Searching for suspicious files in /dev...                   not found
OK
**** Test for '^Searching for known suspicious directories\.\.\.               not found$'
Searching for known suspicious directories...               not found
OK
**** Test for '^Searching for known suspicious files\.\.\.                     not found$'
Searching for known suspicious files...                     not found
OK
**** Test for '^Searching for sniffer's logs\.\.\.                             not found$'
Searching for sniffer's logs...                             not found
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\.                         not found$'
Searching for HiDrootkit rootkit...                         not found
OK
**** Test for '^Searching for t0rn rootkit\.\.\.                               not found$'
Searching for t0rn rootkit...                               not found
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\.                     not found$'
Searching for t0rn v8 (or variation)...                     not found
OK
**** Test for '^Searching for Lion rootkit\.\.\.                               not found$'
Searching for Lion rootkit...                               not found
OK
**** Test for '^Searching for RSHA rootkit\.\.\.                               not found$'
Searching for RSHA rootkit...                               not found
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\.                          not found$'
Searching for RH-Sharpe rootkit...                          not found
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\.                      not found$'
Searching for Ambient (ark) rootkit...                      not found
OK
**** Test for '^Searching for suspicious files and dirs\.\.\.                  not found$'
Searching for suspicious files and dirs...                  not found
OK
**** Test for '^Searching for LPD Worm\.\.\.                                   not found$'
Searching for LPD Worm...                                   not found
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\.                         not found$'
Searching for Ramen Worm rootkit...                         not found
OK
**** Test for '^Searching for Maniac rootkit\.\.\.                             not found$'
Searching for Maniac rootkit...                             not found
OK
**** Test for '^Searching for RK17 rootkit\.\.\.                               not found$'
Searching for RK17 rootkit...                               not found
OK
**** Test for '^Searching for Ducoci rootkit\.\.\.                             not found$'
Searching for Ducoci rootkit...                             not found
OK
**** Test for '^Searching for Adore Worm\.\.\.                                 not found$'
Searching for Adore Worm...                                 not found
OK
**** Test for '^Searching for ShitC Worm\.\.\.                                 not found$'
Searching for ShitC Worm...                                 not found
OK
**** Test for '^Searching for Omega Worm\.\.\.                                 not found$'
Searching for Omega Worm...                                 not found
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\.                           not found$'
Searching for Sadmind/IIS Worm...                           not found
OK
**** Test for '^Searching for MonKit\.\.\.                                     not found$'
Searching for MonKit...                                     not found
OK
**** Test for '^Searching for Showtee rootkit\.\.\.                            not found$'
Searching for Showtee rootkit...                            not found
OK
**** Test for '^Searching for OpticKit\.\.\.                                   not found$'
Searching for OpticKit...                                   not found
OK
**** Test for '^Searching for T\.R\.K\.\.\.                                      not found$'
Searching for T.R.K...                                      not found
OK
**** Test for '^Searching for Mithra rootkit\.\.\.                             not found$'
Searching for Mithra rootkit...                             not found
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\.                            not tested$'
Searching for OBSD rootkit v1...                            not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\.                                not found$'
Searching for LOC rootkit...                                not found
OK
**** Test for '^Searching for Romanian rootkit\.\.\.                           not found$'
Searching for Romanian rootkit...                           not found
OK
**** Test for '^Searching for HKRK rootkit\.\.\.                               not found$'
Searching for HKRK rootkit...                               not found
OK
**** Test for '^Searching for Suckit rootkit\.\.\.                             not found$'
Searching for Suckit rootkit...                             not found
OK
**** Test for '^Searching for Volc rootkit\.\.\.                               not found$'
Searching for Volc rootkit...                               not found
OK
**** Test for '^Searching for Gold2 rootkit\.\.\.                              not found$'
Searching for Gold2 rootkit...                              not found
OK
**** Test for '^Searching for TC2 rootkit\.\.\.                                not found$'
Searching for TC2 rootkit...                                not found
OK
**** Test for '^Searching for Anonoying rootkit\.\.\.                          not found$'
Searching for Anonoying rootkit...                          not found
OK
**** Test for '^Searching for ZK rootkit\.\.\.                                 not found$'
Searching for ZK rootkit...                                 not found
OK
**** Test for '^Searching for ShKit rootkit\.\.\.                              not found$'
Searching for ShKit rootkit...                              not found
OK
**** Test for '^Searching for AjaKit rootkit\.\.\.                             not found$'
Searching for AjaKit rootkit...                             not found
OK
**** Test for '^Searching for zaRwT rootkit\.\.\.                              not found$'
Searching for zaRwT rootkit...                              not found
OK
**** Test for '^Searching for Madalin rootkit\.\.\.                            not found$'
Searching for Madalin rootkit...                            not found
OK
**** Test for '^Searching for Fu rootkit\.\.\.                                 not found$'
Searching for Fu rootkit...                                 not found
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\.                             not found$'
Searching for Kenga3 rootkit...                             not found
OK
**** Test for '^Searching for ESRK rootkit\.\.\.                               not found$'
Searching for ESRK rootkit...                               not found
OK
**** Test for '^Searching for rootedoor\.\.\.                                  not found$'
Searching for rootedoor...                                  not found
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\.                            not found$'
Searching for ENYELKM rootkit...                            not found
OK
**** Test for '^Searching for common ssh-scanners\.\.\.                        not found$'
Searching for common ssh-scanners...                        not found
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\.        (not found|not tested)$'
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\.                            (not found|not tested)$'
Searching for Linux/Ebury 1.6...                            not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\.                       not found$'
Searching for 64-bit Linux Rootkit...                       not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\.               not found$'
Searching for 64-bit Linux Rootkit modules...               not found
OK
**** Test for '^Searching for Mumblehard\.\.\.                                 not found$'
Searching for Mumblehard...                                 not found
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\.                     not found$'
Searching for Backdoor.Linux.Mokes.a...                     not found
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\.                          not found$'
Searching for Malicious TinyDNS...                          not found
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\.                             WARNING$'
Searching for Linux.Xor.DDoS...                             WARNING
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^$'


OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\.                            not found$'
Searching for Linux.Proxy.1.0...                            not found
OK
**** Test for '^Searching for CrossRAT\.\.\.                                   not found$'
Searching for CrossRAT...                                   not found
OK
**** Test for '^Searching for Hidden Cobra\.\.\.                               not found$'
Searching for Hidden Cobra...                               not found
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\.                        not found$'
Searching for Rocke Miner rootkit...                        not found
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\.                        not found$'
Searching for PWNLNX4 lkm rootkit...                        not found
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\.                        not found$'
Searching for PWNLNX6 lkm rootkit...                        not found
OK
**** Test for '^Searching for Umbreon lrk\.\.\.                                not found$'
Searching for Umbreon lrk...                                not found
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\.                 not found$'
Searching for Kinsing.a backdoor rootkit...                 not found
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\.                not found$'
Searching for RotaJakiro backdoor rootkit...                not found
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\.                        not found$'
Searching for Syslogk LKM rootkit...                        not found
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\.                          not tested$'
Searching for Kovid LKM rootkit...                          not tested
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\.               not found$'
Searching for Tsunami DDoS Malware rootkit...               not found
OK
**** Test for '^Searching for Linux BPF Door\.\.\.                             not found$'
Searching for Linux BPF Door...                             not found
OK
**** Test for '^Searching for suspect PHP files\.\.\.                          not found$'
Searching for suspect PHP files...                          not found
OK
**** Test for '^Searching for zero-size shell history files in /root\.\.\.     not found$'
Searching for zero-size shell history files in /root...     not found
OK
**** Test for '^Searching for hardlinked shell history files in /root\.\.\.    not found$'
Searching for hardlinked shell history files in /root...    not found
OK
**** Test for '^Checking `aliens'\.\.\.                                        finished$'
Checking `aliens'...                                        finished
OK
**** Test for '^Checking `asp'\.\.\.                                           not infected$'
Checking `asp'...                                           not infected
OK
**** Test for '^Checking `bindshell'\.\.\.                                     not found$'
Checking `bindshell'...                                     not found
OK
**** Test for '^Checking `lkm'\.\.\.                                           started$'
Checking `lkm'...                                           started
OK
**** Test for '^Searching for Adore LKM\.\.\.                                  not (tested|found)$'
Searching for Adore LKM...                                  not tested
OK
**** Test for '^Searching for sebek LKM \(Adore based\)\.\.\.                    not (tested|found)$'
Searching for sebek LKM (Adore based)...                    not tested
OK
**** Test for '^Searching for knark LKM rootkit\.\.\.                          not found$'
Searching for knark LKM rootkit...                          not found
OK
**** Test for '^Checking `lkm'\.\.\.                                           finished$'
Checking `lkm'...                                           finished
OK
**** Test for '^Searching for for hidden processes with chkproc\.\.\.          not found$'
Searching for for hidden processes with chkproc...          not found
OK
**** Test for '^Searching for for hidden directories using chkdirs\.\.\.'
Searching for for hidden directories using chkdirs...       not found
OK
**** Test for '^Checking `rexedcs'\.\.\.                                       not found$'
Checking `rexedcs'...                                       not found
OK
**** Test for '^Checking `sniffer'\.\.\.                                       WARNING$'
<No match (FAIL)>

**** Test for '^WARNING: Output from ifpromisc:$'
<No match (FAIL)>

**** Test for '^lo: not promisc and no packet sniffer sockets$'
<No match (FAIL)>

**** Test for '^Checking `w55808'\.\.\.                                        not found$'
Checking `w55808'...                                        not found
OK
**** Test for '^Checking `wted'\.\.\.                                          not (tested|found)$'
Checking `wted'...                                          not found
OK
**** Test for '^Checking `scalper'\.\.\.                                       not found$'
Checking `scalper'...                                       not found
OK
**** Test for '^Checking `slapper'\.\.\.                                       not found$'
Checking `slapper'...                                       not found
OK
**** Test for '^Checking `z2'\.\.\.                                            not (tested|found)$'
Checking `z2'...                                            not found
OK
**** Test for '^Checking `chkutmp'\.\.\.'
Checking `chkutmp'...                                       not tested
OK
**** Test for '^Checking `OSX_RSPLUG'\.\.\.                                    not tested$'
Checking `OSX_RSPLUG'...                                    not tested
OK
** FAIL: Testing: chkrootkit-0-full (/usr/sbin/chkrootkit) done: FAIL
*** FAIL was with config set to:
cat: /etc/chkrootkit/chkrootkit.conf: No such file or directory
total 12
drwxr-xr-x  2 root root 4096 Jan 17 00:31 .
drwxr-xr-x 39 root root 4096 Jan 17 00:31 ..
-rw-r--r--  1 root root 4074 Sep 26 06:10 chkrootkit.conf.orig
-rw-r--r--  1 root root    0 Sep 26 06:10 chkrootkit.ignore.orig
*** Reason(s) for failure follows
Result: FAIL

Missing: ^Checking `sniffer'\.\.\.                                       WARNING$
Missing: ^WARNING: Output from ifpromisc:$
Missing: ^lo: not promisc and no packet sniffer sockets$
*** Unexpected (unmatched) lines follow (for info):
Checking `sniffer'...                                       not found
** Testing: chkrootkit-1-full (/usr/sbin/chkrootkit) ...
*** Output
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        started
Searching for suspicious files in /dev...                   not found
Searching for known suspicious directories...               not found
Searching for known suspicious files...                     not found
Searching for sniffer's logs...                             not found
Searching for HiDrootkit rootkit...                         not found
Searching for t0rn rootkit...                               not found
Searching for t0rn v8 (or variation)...                     not found
Searching for Lion rootkit...                               not found
Searching for RSHA rootkit...                               not found
Searching for RH-Sharpe rootkit...                          not found
Searching for Ambient (ark) rootkit...                      not found
Searching for suspicious files and dirs...                  WARNING

WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

Searching for LPD Worm...                                   not found
Searching for Ramen Worm rootkit...                         not found
Searching for Maniac rootkit...                             not found
Searching for RK17 rootkit...                               not found
Searching for Ducoci rootkit...                             not found
Searching for Adore Worm...                                 not found
Searching for ShitC Worm...                                 not found
Searching for Omega Worm...                                 not found
Searching for Sadmind/IIS Worm...                           not found
Searching for MonKit...                                     not found
Searching for Showtee rootkit...                            not found
Searching for OpticKit...                                   not found
Searching for T.R.K...                                      not found
Searching for Mithra rootkit...                             not found
Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                not found
Searching for Romanian rootkit...                           not found
Searching for HKRK rootkit...                               not found
Searching for Suckit rootkit...                             not found
Searching for Volc rootkit...                               not found
Searching for Gold2 rootkit...                              not found
Searching for TC2 rootkit...                                not found
Searching for Anonoying rootkit...                          not found
Searching for ZK rootkit...                                 not found
Searching for ShKit rootkit...                              not found
Searching for AjaKit rootkit...                             not found
Searching for zaRwT rootkit...                              not found
Searching for Madalin rootkit...                            not found
Searching for Fu rootkit...                                 not found
Searching for Kenga3 rootkit...                             not found
Searching for ESRK rootkit...                               not found
Searching for rootedoor...                                  not found
Searching for ENYELKM rootkit...                            not found
Searching for common ssh-scanners...                        not found
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
Searching for Linux/Ebury 1.6...                            not found
Searching for 64-bit Linux Rootkit...                       not found
Searching for 64-bit Linux Rootkit modules...               not found
Searching for Mumblehard...                                 not found
Searching for Backdoor.Linux.Mokes.a...                     not found
Searching for Malicious TinyDNS...                          not found
Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

Searching for Linux.Proxy.1.0...                            not found
Searching for CrossRAT...                                   not found
Searching for Hidden Cobra...                               not found
Searching for Rocke Miner rootkit...                        not found
Searching for PWNLNX4 lkm rootkit...                        not found
Searching for PWNLNX6 lkm rootkit...                        not found
Searching for Umbreon lrk...                                not found
Searching for Kinsing.a backdoor rootkit...                 not found
Searching for RotaJakiro backdoor rootkit...                not found
Searching for Syslogk LKM rootkit...                        not found
Searching for Kovid LKM rootkit...                          not tested
Searching for Tsunami DDoS Malware rootkit...               not found
Searching for Linux BPF Door...                             not found
Searching for suspect PHP files...                          not found
Searching for zero-size shell history files in /root...     not found
Searching for hardlinked shell history files in /root...    not found
Checking `aliens'...                                        finished
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not found
Checking `lkm'...                                           started
Searching for Adore LKM...                                  not tested
Searching for sebek LKM (Adore based)...                    not tested
Searching for knark LKM rootkit...                          not found
Searching for for hidden processes with chkproc...          not found
Searching for for hidden directories using chkdirs...       not found
Checking `lkm'...                                           finished
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       not found
Checking `w55808'...                                        not found
Checking `wted'...                                          not found
Checking `scalper'...                                       not found
Checking `slapper'...                                       not found
Checking `z2'...                                            not found
Checking `chkutmp'...                                       not tested
Checking `OSX_RSPLUG'...                                    not tested
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec 31 14:09 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `amd'\.\.\.                                           not infected$'
Checking `amd'...                                           not infected
OK
**** Test for '^Checking `basename'\.\.\.                                      not infected$'
Checking `basename'...                                      not infected
OK
**** Test for '^Checking `biff'\.\.\.                                          not infected$'
Checking `biff'...                                          not infected
OK
**** Test for '^Checking `chfn'\.\.\.                                          not infected$'
Checking `chfn'...                                          not infected
OK
**** Test for '^Checking `chsh'\.\.\.                                          not infected$'
Checking `chsh'...                                          not infected
OK
**** Test for '^Checking `cron'\.\.\.                                          not infected$'
Checking `cron'...                                          not infected
OK
**** Test for '^Checking `crontab'\.\.\.                                       not infected$'
Checking `crontab'...                                       not infected
OK
**** Test for '^Checking `date'\.\.\.                                          not infected$'
Checking `date'...                                          not infected
OK
**** Test for '^Checking `du'\.\.\.                                            not infected$'
Checking `du'...                                            not infected
OK
**** Test for '^Checking `dirname'\.\.\.                                       not infected$'
Checking `dirname'...                                       not infected
OK
**** Test for '^Checking `echo'\.\.\.                                          not infected$'
Checking `echo'...                                          not infected
OK
**** Test for '^Checking `egrep'\.\.\.                                         not infected$'
Checking `egrep'...                                         not infected
OK
**** Test for '^Checking `env'\.\.\.                                           not infected$'
Checking `env'...                                           not infected
OK
**** Test for '^Checking `find'\.\.\.                                          not infected$'
Checking `find'...                                          not infected
OK
**** Test for '^Checking `fingerd'\.\.\.                                       not infected$'
Checking `fingerd'...                                       not infected
OK
**** Test for '^Checking `gpm'\.\.\.                                           not infected$'
Checking `gpm'...                                           not infected
OK
**** Test for '^Checking `grep'\.\.\.                                          not infected$'
Checking `grep'...                                          not infected
OK
**** Test for '^Checking `hdparm'\.\.\.                                        not infected$'
Checking `hdparm'...                                        not infected
OK
**** Test for '^Checking `su'\.\.\.                                            not infected$'
Checking `su'...                                            not infected
OK
**** Test for '^Checking `ifconfig'\.\.\.                                      not infected$'
Checking `ifconfig'...                                      not infected
OK
**** Test for '^Checking `inetd'\.\.\.                                         not infected$'
Checking `inetd'...                                         not infected
OK
**** Test for '^Checking `inetdconf'\.\.\.                                     not infected$'
Checking `inetdconf'...                                     not infected
OK
**** Test for '^Checking `identd'\.\.\.                                        not infected$'
Checking `identd'...                                        not infected
OK
**** Test for '^Checking `init'\.\.\.                                          not infected$'
Checking `init'...                                          not infected
OK
**** Test for '^Checking `killall'\.\.\.                                       not infected$'
Checking `killall'...                                       not infected
OK
**** Test for '^Checking `ldsopreload'\.\.\.                                   not infected$'
Checking `ldsopreload'...                                   not infected
OK
**** Test for '^Checking `login'\.\.\.                                         not infected$'
Checking `login'...                                         not infected
OK
**** Test for '^Checking `ls'\.\.\.                                            not infected$'
Checking `ls'...                                            not infected
OK
**** Test for '^Checking `lsof'\.\.\.                                          not infected$'
Checking `lsof'...                                          not infected
OK
**** Test for '^Checking `mail'\.\.\.                                          not infected$'
Checking `mail'...                                          not infected
OK
**** Test for '^Checking `mingetty'\.\.\.                                      not infected$'
Checking `mingetty'...                                      not infected
OK
**** Test for '^Checking `netstat'\.\.\.                                       not infected$'
Checking `netstat'...                                       not infected
OK
**** Test for '^Checking `named'\.\.\.                                         not infected$'
Checking `named'...                                         not infected
OK
**** Test for '^Checking `passwd'\.\.\.                                        not infected$'
Checking `passwd'...                                        not infected
OK
**** Test for '^Checking `pidof'\.\.\.                                         not infected$'
Checking `pidof'...                                         not infected
OK
**** Test for '^Checking `pop2'\.\.\.                                          not infected$'
Checking `pop2'...                                          not infected
OK
**** Test for '^Checking `pop3'\.\.\.                                          not infected$'
Checking `pop3'...                                          not infected
OK
**** Test for '^Checking `ps'\.\.\.                                            not infected$'
Checking `ps'...                                            not infected
OK
**** Test for '^Checking `pstree'\.\.\.                                        not infected$'
Checking `pstree'...                                        not infected
OK
**** Test for '^Checking `rpcinfo'\.\.\.                                       not infected$'
Checking `rpcinfo'...                                       not infected
OK
**** Test for '^Checking `rlogind'\.\.\.                                       not infected$'
Checking `rlogind'...                                       not infected
OK
**** Test for '^Checking `rshd'\.\.\.                                          not infected$'
Checking `rshd'...                                          not infected
OK
**** Test for '^Checking `slogin'\.\.\.                                        not infected$'
Checking `slogin'...                                        not infected
OK
**** Test for '^Checking `sendmail'\.\.\.                                      not infected$'
Checking `sendmail'...                                      not infected
OK
**** Test for '^Checking `sshd'\.\.\.                                          not infected$'
Checking `sshd'...                                          not infected
OK
**** Test for '^Checking `syslogd'\.\.\.                                       not infected$'
Checking `syslogd'...                                       not infected
OK
**** Test for '^Checking `tar'\.\.\.                                           not infected$'
Checking `tar'...                                           not infected
OK
**** Test for '^Checking `tcpd'\.\.\.                                          not infected$'
Checking `tcpd'...                                          not infected
OK
**** Test for '^Checking `tcpdump'\.\.\.                                       not infected$'
Checking `tcpdump'...                                       not infected
OK
**** Test for '^Checking `top'\.\.\.                                           not infected$'
Checking `top'...                                           not infected
OK
**** Test for '^Checking `telnetd'\.\.\.                                       not infected$'
Checking `telnetd'...                                       not infected
OK
**** Test for '^Checking `timed'\.\.\.                                         not infected$'
Checking `timed'...                                         not infected
OK
**** Test for '^Checking `traceroute'\.\.\.                                    not infected$'
Checking `traceroute'...                                    not infected
OK
**** Test for '^Checking `vdir'\.\.\.                                          not infected$'
Checking `vdir'...                                          not infected
OK
**** Test for '^Checking `w'\.\.\.                                             not infected$'
Checking `w'...                                             not infected
OK
**** Test for '^Checking `write'\.\.\.                                         not infected$'
Checking `write'...                                         not infected
OK
**** Test for '^Checking `aliens'\.\.\.                                        started$'
Checking `aliens'...                                        started
OK
**** Test for '^Searching for suspicious files in /dev\.\.\.                   not found$'
Searching for suspicious files in /dev...                   not found
OK
**** Test for '^Searching for known suspicious directories\.\.\.               not found$'
Searching for known suspicious directories...               not found
OK
**** Test for '^Searching for known suspicious files\.\.\.                     not found$'
Searching for known suspicious files...                     not found
OK
**** Test for '^Searching for sniffer's logs\.\.\.                             not found$'
Searching for sniffer's logs...                             not found
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\.                         not found$'
Searching for HiDrootkit rootkit...                         not found
OK
**** Test for '^Searching for t0rn rootkit\.\.\.                               not found$'
Searching for t0rn rootkit...                               not found
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\.                     not found$'
Searching for t0rn v8 (or variation)...                     not found
OK
**** Test for '^Searching for Lion rootkit\.\.\.                               not found$'
Searching for Lion rootkit...                               not found
OK
**** Test for '^Searching for RSHA rootkit\.\.\.                               not found$'
Searching for RSHA rootkit...                               not found
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\.                          not found$'
Searching for RH-Sharpe rootkit...                          not found
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\.                      not found$'
Searching for Ambient (ark) rootkit...                      not found
OK
**** Test for '^Searching for suspicious files and dirs\.\.\.                  WARNING$'
Searching for suspicious files and dirs...                  WARNING
OK
**** Test for '^$'




OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^Searching for LPD Worm\.\.\.                                   not found$'
Searching for LPD Worm...                                   not found
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\.                         not found$'
Searching for Ramen Worm rootkit...                         not found
OK
**** Test for '^Searching for Maniac rootkit\.\.\.                             not found$'
Searching for Maniac rootkit...                             not found
OK
**** Test for '^Searching for RK17 rootkit\.\.\.                               not found$'
Searching for RK17 rootkit...                               not found
OK
**** Test for '^Searching for Ducoci rootkit\.\.\.                             not found$'
Searching for Ducoci rootkit...                             not found
OK
**** Test for '^Searching for Adore Worm\.\.\.                                 not found$'
Searching for Adore Worm...                                 not found
OK
**** Test for '^Searching for ShitC Worm\.\.\.                                 not found$'
Searching for ShitC Worm...                                 not found
OK
**** Test for '^Searching for Omega Worm\.\.\.                                 not found$'
Searching for Omega Worm...                                 not found
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\.                           not found$'
Searching for Sadmind/IIS Worm...                           not found
OK
**** Test for '^Searching for MonKit\.\.\.                                     not found$'
Searching for MonKit...                                     not found
OK
**** Test for '^Searching for Showtee rootkit\.\.\.                            not found$'
Searching for Showtee rootkit...                            not found
OK
**** Test for '^Searching for OpticKit\.\.\.                                   not found$'
Searching for OpticKit...                                   not found
OK
**** Test for '^Searching for T\.R\.K\.\.\.                                      not found$'
Searching for T.R.K...                                      not found
OK
**** Test for '^Searching for Mithra rootkit\.\.\.                             not found$'
Searching for Mithra rootkit...                             not found
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\.                            not tested$'
Searching for OBSD rootkit v1...                            not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\.                                not found$'
Searching for LOC rootkit...                                not found
OK
**** Test for '^Searching for Romanian rootkit\.\.\.                           not found$'
Searching for Romanian rootkit...                           not found
OK
**** Test for '^Searching for HKRK rootkit\.\.\.                               not found$'
Searching for HKRK rootkit...                               not found
OK
**** Test for '^Searching for Suckit rootkit\.\.\.                             not found$'
Searching for Suckit rootkit...                             not found
OK
**** Test for '^Searching for Volc rootkit\.\.\.                               not found$'
Searching for Volc rootkit...                               not found
OK
**** Test for '^Searching for Gold2 rootkit\.\.\.                              not found$'
Searching for Gold2 rootkit...                              not found
OK
**** Test for '^Searching for TC2 rootkit\.\.\.                                not found$'
Searching for TC2 rootkit...                                not found
OK
**** Test for '^Searching for Anonoying rootkit\.\.\.                          not found$'
Searching for Anonoying rootkit...                          not found
OK
**** Test for '^Searching for ZK rootkit\.\.\.                                 not found$'
Searching for ZK rootkit...                                 not found
OK
**** Test for '^Searching for ShKit rootkit\.\.\.                              not found$'
Searching for ShKit rootkit...                              not found
OK
**** Test for '^Searching for AjaKit rootkit\.\.\.                             not found$'
Searching for AjaKit rootkit...                             not found
OK
**** Test for '^Searching for zaRwT rootkit\.\.\.                              not found$'
Searching for zaRwT rootkit...                              not found
OK
**** Test for '^Searching for Madalin rootkit\.\.\.                            not found$'
Searching for Madalin rootkit...                            not found
OK
**** Test for '^Searching for Fu rootkit\.\.\.                                 not found$'
Searching for Fu rootkit...                                 not found
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\.                             not found$'
Searching for Kenga3 rootkit...                             not found
OK
**** Test for '^Searching for ESRK rootkit\.\.\.                               not found$'
Searching for ESRK rootkit...                               not found
OK
**** Test for '^Searching for rootedoor\.\.\.                                  not found$'
Searching for rootedoor...                                  not found
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\.                            not found$'
Searching for ENYELKM rootkit...                            not found
OK
**** Test for '^Searching for common ssh-scanners\.\.\.                        not found$'
Searching for common ssh-scanners...                        not found
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\.        (not found|not tested)$'
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\.                            (not found|not tested)$'
Searching for Linux/Ebury 1.6...                            not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\.                       not found$'
Searching for 64-bit Linux Rootkit...                       not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\.               not found$'
Searching for 64-bit Linux Rootkit modules...               not found
OK
**** Test for '^Searching for Mumblehard\.\.\.                                 not found$'
Searching for Mumblehard...                                 not found
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\.                     not found$'
Searching for Backdoor.Linux.Mokes.a...                     not found
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\.                          not found$'
Searching for Malicious TinyDNS...                          not found
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\.                             WARNING$'
Searching for Linux.Xor.DDoS...                             WARNING
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\.                            not found$'
Searching for Linux.Proxy.1.0...                            not found
OK
**** Test for '^Searching for CrossRAT\.\.\.                                   not found$'
Searching for CrossRAT...                                   not found
OK
**** Test for '^Searching for Hidden Cobra\.\.\.                               not found$'
Searching for Hidden Cobra...                               not found
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\.                        not found$'
Searching for Rocke Miner rootkit...                        not found
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\.                        not found$'
Searching for PWNLNX4 lkm rootkit...                        not found
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\.                        not found$'
Searching for PWNLNX6 lkm rootkit...                        not found
OK
**** Test for '^Searching for Umbreon lrk\.\.\.                                not found$'
Searching for Umbreon lrk...                                not found
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\.                 not found$'
Searching for Kinsing.a backdoor rootkit...                 not found
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\.                not found$'
Searching for RotaJakiro backdoor rootkit...                not found
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\.                        not found$'
Searching for Syslogk LKM rootkit...                        not found
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\.                          not tested$'
Searching for Kovid LKM rootkit...                          not tested
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\.               not found$'
Searching for Tsunami DDoS Malware rootkit...               not found
OK
**** Test for '^Searching for Linux BPF Door\.\.\.                             not found$'
Searching for Linux BPF Door...                             not found
OK
**** Test for '^Searching for suspect PHP files\.\.\.                          not found$'
Searching for suspect PHP files...                          not found
OK
**** Test for '^Searching for zero-size shell history files in /root\.\.\.     not found$'
Searching for zero-size shell history files in /root...     not found
OK
**** Test for '^Searching for hardlinked shell history files in /root\.\.\.    not found$'
Searching for hardlinked shell history files in /root...    not found
OK
**** Test for '^Searching for suspect PHP files\.\.\.                          not found$'
Searching for suspect PHP files...                          not found
OK
**** Test for '^Checking `aliens'\.\.\.                                        finished$'
Checking `aliens'...                                        finished
OK
**** Test for '^Checking `asp'\.\.\.                                           not infected$'
Checking `asp'...                                           not infected
OK
**** Test for '^Checking `bindshell'\.\.\.                                     not found$'
Checking `bindshell'...                                     not found
OK
**** Test for '^Checking `lkm'\.\.\.                                           started$'
Checking `lkm'...                                           started
OK
**** Test for '^Searching for Adore LKM\.\.\.                                  not tested$'
Searching for Adore LKM...                                  not tested
OK
**** Test for '^Searching for sebek LKM \(Adore based\)\.\.\.                    not tested$'
Searching for sebek LKM (Adore based)...                    not tested
OK
**** Test for '^Searching for knark LKM rootkit\.\.\.                          not found$'
Searching for knark LKM rootkit...                          not found
OK
**** Test for '^Searching for for hidden processes with chkproc\.\.\.          not found$'
Searching for for hidden processes with chkproc...          not found
OK
**** Test for '^Searching for for hidden directories using chkdirs\.\.\.'
Searching for for hidden directories using chkdirs...       not found
OK
**** Test for '^Checking `lkm'\.\.\.                                           finished$'
Checking `lkm'...                                           finished
OK
**** Test for '^Checking `rexedcs'\.\.\.                                       not found$'
Checking `rexedcs'...                                       not found
OK
**** Test for '^Checking `sniffer'\.\.\.                                       WARNING$'
<No match (FAIL)>

**** Test for '^WARNING: Output from ifpromisc:$'
<No match (FAIL)>

**** Test for '^lo: not promisc and no packet sniffer sockets$'
<No match (FAIL)>

**** Test for '^Checking `w55808'\.\.\.                                        not found$'
Checking `w55808'...                                        not found
OK
**** Test for '^Checking `wted'\.\.\.                                          not (tested|found)$'
Checking `wted'...                                          not found
OK
**** Test for '^Checking `scalper'\.\.\.                                       not found$'
Checking `scalper'...                                       not found
OK
**** Test for '^Checking `slapper'\.\.\.                                       not found$'
Checking `slapper'...                                       not found
OK
**** Test for '^Checking `z2'\.\.\.                                            not (tested|found)$'
Checking `z2'...                                            not found
OK
**** Test for '^Checking `chkutmp'\.\.\.'
Checking `chkutmp'...                                       not tested
OK
**** Test for '^Checking `OSX_RSPLUG'\.\.\.                                    not tested$'
Checking `OSX_RSPLUG'...                                    not tested
OK
** FAIL: Testing: chkrootkit-1-full (/usr/sbin/chkrootkit) done: FAIL
*** FAIL was with config set to:
cat: /etc/chkrootkit/chkrootkit.conf: No such file or directory
total 12
drwxr-xr-x  2 root root 4096 Jan 17 00:31 .
drwxr-xr-x 39 root root 4096 Jan 17 00:31 ..
-rw-r--r--  1 root root 4074 Sep 26 06:10 chkrootkit.conf.orig
-rw-r--r--  1 root root    0 Sep 26 06:10 chkrootkit.ignore.orig
*** Reason(s) for failure follows
Result: FAIL

Missing: ^Checking `sniffer'\.\.\.                                       WARNING$
Missing: ^WARNING: Output from ifpromisc:$
Missing: ^lo: not promisc and no packet sniffer sockets$
*** Unexpected (unmatched) lines follow (for info):
Checking `sniffer'...                                       not found
** Testing: chkrootkit-2-quiet (/usr/sbin/chkrootkit -q) ...
*** Output
WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec 31 14:09 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
*** Test of content of output follows...
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'


OK
**** Test for '^WARNING: Possible Linux.Xor.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
OK
** PASS: Testing: chkrootkit-2-quiet (/usr/sbin/chkrootkit -q) done: PASS
* Testing: filtering of sniffer (-s)
** Testing: chkrootkit-sniffer-01-full (chkrootkit sniffer) ...
*** Output
ROOTDIR is `/'
Checking `sniffer'...                                       not found
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec 31 14:09 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `sniffer'\.\.\.                                       WARNING$'
<No match (FAIL)>

**** Test for '^$'
<No match (FAIL)>

**** Test for 'WARNING: Output from ifpromisc:$'
<No match (FAIL)>

**** Test for '^lo: not promisc and no packet sniffer sockets$'
<No match (FAIL)>

** FAIL: Testing: chkrootkit-sniffer-01-full (chkrootkit sniffer) done: FAIL
*** FAIL was with config set to:
cat: /etc/chkrootkit/chkrootkit.conf: No such file or directory
total 12
drwxr-xr-x  2 root root 4096 Jan 17 00:31 .
drwxr-xr-x 39 root root 4096 Jan 17 00:31 ..
-rw-r--r--  1 root root 4074 Sep 26 06:10 chkrootkit.conf.orig
-rw-r--r--  1 root root    0 Sep 26 06:10 chkrootkit.ignore.orig
*** Reason(s) for failure follows
Result: FAIL

Missing: ^Checking `sniffer'\.\.\.                                       WARNING$
Missing: ^$
Missing: WARNING: Output from ifpromisc:$
Missing: ^lo: not promisc and no packet sniffer sockets$
*** Unexpected (unmatched) lines follow (for info):
Checking `sniffer'...                                       not found
** Testing: chkrootkit-sniffer-02-full-with-s (chkrootkit -s (PACKET SNIFFER|not promisc) sniffer) ...
*** Output
ROOTDIR is `/'
Checking `sniffer'...                                       not found
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec 31 14:09 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `sniffer'\.\.\.                                       not found$'
Checking `sniffer'...                                       not found
OK
** PASS: Testing: chkrootkit-sniffer-02-full-with-s (chkrootkit -s (PACKET SNIFFER|not promisc) sniffer) done: PASS
** Testing: chkrootkit-sniffer-03-quiet-with-s (chkrootkit -q -s PACKET SNIFFER sniffer) ...
*** Output
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec 31 14:09 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS
** PASS: Testing: chkrootkit-sniffer-03-quiet-with-s (chkrootkit -q -s PACKET SNIFFER sniffer) done: PASS
* Testing: chkrootkit-daily - should give no output when disabled
** Testing: cron-1-with-no-config (chkrootkit-daily) ...
*** Output
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec 31 14:09 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS
** PASS: Testing: cron-1-with-no-config (chkrootkit-daily) done: PASS
** Testing: cron-2-disabled (chkrootkit-daily) ...
*** Output
**** Files in log
total 8.0K
drwxr-xr-x 2 root root 4.0K Dec 31 14:09 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS
** PASS: Testing: cron-2-disabled (chkrootkit-daily) done: PASS
* Testing: chkrootkit-daily (without diff mode, full output, no MAILTO)
** Testing: cron-no-diff-mode-01-full (chkrootkit-daily) ...
*** Output
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        started
Searching for suspicious files in /dev...                   not found
Searching for known suspicious directories...               not found
Searching for known suspicious files...                     not found
Searching for sniffer's logs...                             not found
Searching for HiDrootkit rootkit...                         not found
Searching for t0rn rootkit...                               not found
Searching for t0rn v8 (or variation)...                     not found
Searching for Lion rootkit...                               not found
Searching for RSHA rootkit...                               not found
Searching for RH-Sharpe rootkit...                          not found
Searching for Ambient (ark) rootkit...                      not found
Searching for suspicious files and dirs...                  WARNING

WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

Searching for LPD Worm...                                   not found
Searching for Ramen Worm rootkit...                         not found
Searching for Maniac rootkit...                             not found
Searching for RK17 rootkit...                               not found
Searching for Ducoci rootkit...                             not found
Searching for Adore Worm...                                 not found
Searching for ShitC Worm...                                 not found
Searching for Omega Worm...                                 not found
Searching for Sadmind/IIS Worm...                           not found
Searching for MonKit...                                     not found
Searching for Showtee rootkit...                            not found
Searching for OpticKit...                                   not found
Searching for T.R.K...                                      not found
Searching for Mithra rootkit...                             not found
Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                not found
Searching for Romanian rootkit...                           not found
Searching for HKRK rootkit...                               not found
Searching for Suckit rootkit...                             not found
Searching for Volc rootkit...                               not found
Searching for Gold2 rootkit...                              not found
Searching for TC2 rootkit...                                not found
Searching for Anonoying rootkit...                          not found
Searching for ZK rootkit...                                 not found
Searching for ShKit rootkit...                              not found
Searching for AjaKit rootkit...                             not found
Searching for zaRwT rootkit...                              not found
Searching for Madalin rootkit...                            not found
Searching for Fu rootkit...                                 not found
Searching for Kenga3 rootkit...                             not found
Searching for ESRK rootkit...                               not found
Searching for rootedoor...                                  not found
Searching for ENYELKM rootkit...                            not found
Searching for common ssh-scanners...                        not found
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
Searching for Linux/Ebury 1.6...                            not found
Searching for 64-bit Linux Rootkit...                       not found
Searching for 64-bit Linux Rootkit modules...               not found
Searching for Mumblehard...                                 not found
Searching for Backdoor.Linux.Mokes.a...                     not found
Searching for Malicious TinyDNS...                          not found
Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

Searching for Linux.Proxy.1.0...                            not found
Searching for CrossRAT...                                   not found
Searching for Hidden Cobra...                               not found
Searching for Rocke Miner rootkit...                        not found
Searching for PWNLNX4 lkm rootkit...                        not found
Searching for PWNLNX6 lkm rootkit...                        not found
Searching for Umbreon lrk...                                not found
Searching for Kinsing.a backdoor rootkit...                 not found
Searching for RotaJakiro backdoor rootkit...                not found
Searching for Syslogk LKM rootkit...                        not found
Searching for Kovid LKM rootkit...                          not tested
Searching for Tsunami DDoS Malware rootkit...               not found
Searching for Linux BPF Door...                             not found
Searching for suspect PHP files...                          not found
Searching for zero-size shell history files in /root...     not found
Searching for hardlinked shell history files in /root...    not found
Checking `aliens'...                                        finished
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not found
Checking `lkm'...                                           started
Searching for Adore LKM...                                  not tested
Searching for sebek LKM (Adore based)...                    not tested
Searching for knark LKM rootkit...                          not found
Searching for for hidden processes with chkproc...          not found
Searching for for hidden directories using chkdirs...       not found
Checking `lkm'...                                           finished
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       not found
Checking `w55808'...                                        not found
Checking `wted'...                                          not found
Checking `scalper'...                                       not found
Checking `slapper'...                                       not found
Checking `z2'...                                            not found
Checking `chkutmp'...                                       not tested
Checking `OSX_RSPLUG'...                                    not tested
**** Files in log
total 80K
drwxr-xr-x 2 root root 4.0K Jan 17 00:32 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root  21K Jan 17 00:32 chkrootkit-daily.log
-rw-r--r-- 1 root root  21K Jan 17 00:32 log.today
-rw-r--r-- 1 root root  21K Jan 17 00:32 log.today.raw
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `amd'\.\.\.                                           not infected$'
Checking `amd'...                                           not infected
OK
**** Test for '^Checking `basename'\.\.\.                                      not infected$'
Checking `basename'...                                      not infected
OK
**** Test for '^Checking `biff'\.\.\.                                          not infected$'
Checking `biff'...                                          not infected
OK
**** Test for '^Checking `chfn'\.\.\.                                          not infected$'
Checking `chfn'...                                          not infected
OK
**** Test for '^Checking `chsh'\.\.\.                                          not infected$'
Checking `chsh'...                                          not infected
OK
**** Test for '^Checking `cron'\.\.\.                                          not infected$'
Checking `cron'...                                          not infected
OK
**** Test for '^Checking `crontab'\.\.\.                                       not infected$'
Checking `crontab'...                                       not infected
OK
**** Test for '^Checking `date'\.\.\.                                          not infected$'
Checking `date'...                                          not infected
OK
**** Test for '^Checking `du'\.\.\.                                            not infected$'
Checking `du'...                                            not infected
OK
**** Test for '^Checking `dirname'\.\.\.                                       not infected$'
Checking `dirname'...                                       not infected
OK
**** Test for '^Checking `echo'\.\.\.                                          not infected$'
Checking `echo'...                                          not infected
OK
**** Test for '^Checking `egrep'\.\.\.                                         not infected$'
Checking `egrep'...                                         not infected
OK
**** Test for '^Checking `env'\.\.\.                                           not infected$'
Checking `env'...                                           not infected
OK
**** Test for '^Checking `find'\.\.\.                                          not infected$'
Checking `find'...                                          not infected
OK
**** Test for '^Checking `fingerd'\.\.\.                                       not infected$'
Checking `fingerd'...                                       not infected
OK
**** Test for '^Checking `gpm'\.\.\.                                           not infected$'
Checking `gpm'...                                           not infected
OK
**** Test for '^Checking `grep'\.\.\.                                          not infected$'
Checking `grep'...                                          not infected
OK
**** Test for '^Checking `hdparm'\.\.\.                                        not infected$'
Checking `hdparm'...                                        not infected
OK
**** Test for '^Checking `su'\.\.\.                                            not infected$'
Checking `su'...                                            not infected
OK
**** Test for '^Checking `ifconfig'\.\.\.                                      not infected$'
Checking `ifconfig'...                                      not infected
OK
**** Test for '^Checking `inetd'\.\.\.                                         not infected$'
Checking `inetd'...                                         not infected
OK
**** Test for '^Checking `inetdconf'\.\.\.                                     not infected$'
Checking `inetdconf'...                                     not infected
OK
**** Test for '^Checking `identd'\.\.\.                                        not infected$'
Checking `identd'...                                        not infected
OK
**** Test for '^Checking `init'\.\.\.                                          not infected$'
Checking `init'...                                          not infected
OK
**** Test for '^Checking `killall'\.\.\.                                       not infected$'
Checking `killall'...                                       not infected
OK
**** Test for '^Checking `ldsopreload'\.\.\.                                   not infected$'
Checking `ldsopreload'...                                   not infected
OK
**** Test for '^Checking `login'\.\.\.                                         not infected$'
Checking `login'...                                         not infected
OK
**** Test for '^Checking `ls'\.\.\.                                            not infected$'
Checking `ls'...                                            not infected
OK
**** Test for '^Checking `lsof'\.\.\.                                          not infected$'
Checking `lsof'...                                          not infected
OK
**** Test for '^Checking `mail'\.\.\.                                          not infected$'
Checking `mail'...                                          not infected
OK
**** Test for '^Checking `mingetty'\.\.\.                                      not infected$'
Checking `mingetty'...                                      not infected
OK
**** Test for '^Checking `netstat'\.\.\.                                       not infected$'
Checking `netstat'...                                       not infected
OK
**** Test for '^Checking `named'\.\.\.                                         not infected$'
Checking `named'...                                         not infected
OK
**** Test for '^Checking `passwd'\.\.\.                                        not infected$'
Checking `passwd'...                                        not infected
OK
**** Test for '^Checking `pidof'\.\.\.                                         not infected$'
Checking `pidof'...                                         not infected
OK
**** Test for '^Checking `pop2'\.\.\.                                          not infected$'
Checking `pop2'...                                          not infected
OK
**** Test for '^Checking `pop3'\.\.\.                                          not infected$'
Checking `pop3'...                                          not infected
OK
**** Test for '^Checking `ps'\.\.\.                                            not infected$'
Checking `ps'...                                            not infected
OK
**** Test for '^Checking `pstree'\.\.\.                                        not infected$'
Checking `pstree'...                                        not infected
OK
**** Test for '^Checking `rpcinfo'\.\.\.                                       not infected$'
Checking `rpcinfo'...                                       not infected
OK
**** Test for '^Checking `rlogind'\.\.\.                                       not infected$'
Checking `rlogind'...                                       not infected
OK
**** Test for '^Checking `rshd'\.\.\.                                          not infected$'
Checking `rshd'...                                          not infected
OK
**** Test for '^Checking `slogin'\.\.\.                                        not infected$'
Checking `slogin'...                                        not infected
OK
**** Test for '^Checking `sendmail'\.\.\.                                      not infected$'
Checking `sendmail'...                                      not infected
OK
**** Test for '^Checking `sshd'\.\.\.                                          not infected$'
Checking `sshd'...                                          not infected
OK
**** Test for '^Checking `syslogd'\.\.\.                                       not infected$'
Checking `syslogd'...                                       not infected
OK
**** Test for '^Checking `tar'\.\.\.                                           not infected$'
Checking `tar'...                                           not infected
OK
**** Test for '^Checking `tcpd'\.\.\.                                          not infected$'
Checking `tcpd'...                                          not infected
OK
**** Test for '^Checking `tcpdump'\.\.\.                                       not infected$'
Checking `tcpdump'...                                       not infected
OK
**** Test for '^Checking `top'\.\.\.                                           not infected$'
Checking `top'...                                           not infected
OK
**** Test for '^Checking `telnetd'\.\.\.                                       not infected$'
Checking `telnetd'...                                       not infected
OK
**** Test for '^Checking `timed'\.\.\.                                         not infected$'
Checking `timed'...                                         not infected
OK
**** Test for '^Checking `traceroute'\.\.\.                                    not infected$'
Checking `traceroute'...                                    not infected
OK
**** Test for '^Checking `vdir'\.\.\.                                          not infected$'
Checking `vdir'...                                          not infected
OK
**** Test for '^Checking `w'\.\.\.                                             not infected$'
Checking `w'...                                             not infected
OK
**** Test for '^Checking `write'\.\.\.                                         not infected$'
Checking `write'...                                         not infected
OK
**** Test for '^Checking `aliens'\.\.\.                                        started$'
Checking `aliens'...                                        started
OK
**** Test for '^Searching for suspicious files in /dev\.\.\.                   not found$'
Searching for suspicious files in /dev...                   not found
OK
**** Test for '^Searching for known suspicious directories\.\.\.               not found$'
Searching for known suspicious directories...               not found
OK
**** Test for '^Searching for known suspicious files\.\.\.                     not found$'
Searching for known suspicious files...                     not found
OK
**** Test for '^Searching for sniffer's logs\.\.\.                             not found$'
Searching for sniffer's logs...                             not found
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\.                         not found$'
Searching for HiDrootkit rootkit...                         not found
OK
**** Test for '^Searching for t0rn rootkit\.\.\.                               not found$'
Searching for t0rn rootkit...                               not found
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\.                     not found$'
Searching for t0rn v8 (or variation)...                     not found
OK
**** Test for '^Searching for Lion rootkit\.\.\.                               not found$'
Searching for Lion rootkit...                               not found
OK
**** Test for '^Searching for RSHA rootkit\.\.\.                               not found$'
Searching for RSHA rootkit...                               not found
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\.                          not found$'
Searching for RH-Sharpe rootkit...                          not found
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\.                      not found$'
Searching for Ambient (ark) rootkit...                      not found
OK
**** Test for '^Searching for suspicious files and dirs\.\.\.                  WARNING$'
Searching for suspicious files and dirs...                  WARNING
OK
**** Test for '^$'




OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^Searching for LPD Worm\.\.\.                                   not found$'
Searching for LPD Worm...                                   not found
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\.                         not found$'
Searching for Ramen Worm rootkit...                         not found
OK
**** Test for '^Searching for Maniac rootkit\.\.\.                             not found$'
Searching for Maniac rootkit...                             not found
OK
**** Test for '^Searching for RK17 rootkit\.\.\.                               not found$'
Searching for RK17 rootkit...                               not found
OK
**** Test for '^Searching for Ducoci rootkit\.\.\.                             not found$'
Searching for Ducoci rootkit...                             not found
OK
**** Test for '^Searching for Adore Worm\.\.\.                                 not found$'
Searching for Adore Worm...                                 not found
OK
**** Test for '^Searching for ShitC Worm\.\.\.                                 not found$'
Searching for ShitC Worm...                                 not found
OK
**** Test for '^Searching for Omega Worm\.\.\.                                 not found$'
Searching for Omega Worm...                                 not found
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\.                           not found$'
Searching for Sadmind/IIS Worm...                           not found
OK
**** Test for '^Searching for MonKit\.\.\.                                     not found$'
Searching for MonKit...                                     not found
OK
**** Test for '^Searching for Showtee rootkit\.\.\.                            not found$'
Searching for Showtee rootkit...                            not found
OK
**** Test for '^Searching for OpticKit\.\.\.                                   not found$'
Searching for OpticKit...                                   not found
OK
**** Test for '^Searching for T\.R\.K\.\.\.                                      not found$'
Searching for T.R.K...                                      not found
OK
**** Test for '^Searching for Mithra rootkit\.\.\.                             not found$'
Searching for Mithra rootkit...                             not found
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\.                            not tested$'
Searching for OBSD rootkit v1...                            not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\.                                not found$'
Searching for LOC rootkit...                                not found
OK
**** Test for '^Searching for Romanian rootkit\.\.\.                           not found$'
Searching for Romanian rootkit...                           not found
OK
**** Test for '^Searching for HKRK rootkit\.\.\.                               not found$'
Searching for HKRK rootkit...                               not found
OK
**** Test for '^Searching for Suckit rootkit\.\.\.                             not found$'
Searching for Suckit rootkit...                             not found
OK
**** Test for '^Searching for Volc rootkit\.\.\.                               not found$'
Searching for Volc rootkit...                               not found
OK
**** Test for '^Searching for Gold2 rootkit\.\.\.                              not found$'
Searching for Gold2 rootkit...                              not found
OK
**** Test for '^Searching for TC2 rootkit\.\.\.                                not found$'
Searching for TC2 rootkit...                                not found
OK
**** Test for '^Searching for Anonoying rootkit\.\.\.                          not found$'
Searching for Anonoying rootkit...                          not found
OK
**** Test for '^Searching for ZK rootkit\.\.\.                                 not found$'
Searching for ZK rootkit...                                 not found
OK
**** Test for '^Searching for ShKit rootkit\.\.\.                              not found$'
Searching for ShKit rootkit...                              not found
OK
**** Test for '^Searching for AjaKit rootkit\.\.\.                             not found$'
Searching for AjaKit rootkit...                             not found
OK
**** Test for '^Searching for zaRwT rootkit\.\.\.                              not found$'
Searching for zaRwT rootkit...                              not found
OK
**** Test for '^Searching for Madalin rootkit\.\.\.                            not found$'
Searching for Madalin rootkit...                            not found
OK
**** Test for '^Searching for Fu rootkit\.\.\.                                 not found$'
Searching for Fu rootkit...                                 not found
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\.                             not found$'
Searching for Kenga3 rootkit...                             not found
OK
**** Test for '^Searching for ESRK rootkit\.\.\.                               not found$'
Searching for ESRK rootkit...                               not found
OK
**** Test for '^Searching for rootedoor\.\.\.                                  not found$'
Searching for rootedoor...                                  not found
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\.                            not found$'
Searching for ENYELKM rootkit...                            not found
OK
**** Test for '^Searching for common ssh-scanners\.\.\.                        not found$'
Searching for common ssh-scanners...                        not found
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\.        (not found|not tested)$'
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\.                            (not found|not tested)$'
Searching for Linux/Ebury 1.6...                            not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\.                       not found$'
Searching for 64-bit Linux Rootkit...                       not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\.               not found$'
Searching for 64-bit Linux Rootkit modules...               not found
OK
**** Test for '^Searching for Mumblehard\.\.\.                                 not found$'
Searching for Mumblehard...                                 not found
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\.                     not found$'
Searching for Backdoor.Linux.Mokes.a...                     not found
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\.                          not found$'
Searching for Malicious TinyDNS...                          not found
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\.                             WARNING$'
Searching for Linux.Xor.DDoS...                             WARNING
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\.                            not found$'
Searching for Linux.Proxy.1.0...                            not found
OK
**** Test for '^Searching for CrossRAT\.\.\.                                   not found$'
Searching for CrossRAT...                                   not found
OK
**** Test for '^Searching for Hidden Cobra\.\.\.                               not found$'
Searching for Hidden Cobra...                               not found
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\.                        not found$'
Searching for Rocke Miner rootkit...                        not found
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\.                        not found$'
Searching for PWNLNX4 lkm rootkit...                        not found
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\.                        not found$'
Searching for PWNLNX6 lkm rootkit...                        not found
OK
**** Test for '^Searching for Umbreon lrk\.\.\.                                not found$'
Searching for Umbreon lrk...                                not found
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\.                 not found$'
Searching for Kinsing.a backdoor rootkit...                 not found
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\.                not found$'
Searching for RotaJakiro backdoor rootkit...                not found
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\.                        not found$'
Searching for Syslogk LKM rootkit...                        not found
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\.                          not tested$'
Searching for Kovid LKM rootkit...                          not tested
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\.               not found$'
Searching for Tsunami DDoS Malware rootkit...               not found
OK
**** Test for '^Searching for Linux BPF Door\.\.\.                             not found$'
Searching for Linux BPF Door...                             not found
OK
**** Test for '^Searching for suspect PHP files\.\.\.                          not found$'
Searching for suspect PHP files...                          not found
OK
**** Test for '^Searching for zero-size shell history files in /root\.\.\.     not found$'
Searching for zero-size shell history files in /root...     not found
OK
**** Test for '^Searching for hardlinked shell history files in /root\.\.\.    not found$'
Searching for hardlinked shell history files in /root...    not found
OK
**** Test for '^Searching for suspect PHP files\.\.\.                          not found$'
Searching for suspect PHP files...                          not found
OK
**** Test for '^Checking `aliens'\.\.\.                                        finished$'
Checking `aliens'...                                        finished
OK
**** Test for '^Checking `asp'\.\.\.                                           not infected$'
Checking `asp'...                                           not infected
OK
**** Test for '^Checking `bindshell'\.\.\.                                     not found$'
Checking `bindshell'...                                     not found
OK
**** Test for '^Checking `lkm'\.\.\.                                           started$'
Checking `lkm'...                                           started
OK
**** Test for '^Searching for Adore LKM\.\.\.                                  not tested$'
Searching for Adore LKM...                                  not tested
OK
**** Test for '^Searching for sebek LKM \(Adore based\)\.\.\.                    not tested$'
Searching for sebek LKM (Adore based)...                    not tested
OK
**** Test for '^Searching for knark LKM rootkit\.\.\.                          not found$'
Searching for knark LKM rootkit...                          not found
OK
**** Test for '^Searching for for hidden processes with chkproc\.\.\.          not found$'
Searching for for hidden processes with chkproc...          not found
OK
**** Test for '^Searching for for hidden directories using chkdirs\.\.\.'
Searching for for hidden directories using chkdirs...       not found
OK
**** Test for '^Checking `lkm'\.\.\.                                           finished$'
Checking `lkm'...                                           finished
OK
**** Test for '^Checking `rexedcs'\.\.\.                                       not found$'
Checking `rexedcs'...                                       not found
OK
**** Test for '^Checking `sniffer'\.\.\.                                       WARNING$'
<No match (FAIL)>

**** Test for '^WARNING: Output from ifpromisc:$'
<No match (FAIL)>

**** Test for '^lo: not promisc and no packet sniffer sockets$'
<No match (FAIL)>

**** Test for '^Checking `w55808'\.\.\.                                        not found$'
Checking `w55808'...                                        not found
OK
**** Test for '^Checking `wted'\.\.\.                                          not (tested|found)$'
Checking `wted'...                                          not found
OK
**** Test for '^Checking `scalper'\.\.\.                                       not found$'
Checking `scalper'...                                       not found
OK
**** Test for '^Checking `slapper'\.\.\.                                       not found$'
Checking `slapper'...                                       not found
OK
**** Test for '^Checking `z2'\.\.\.                                            not (tested|found)$'
Checking `z2'...                                            not found
OK
**** Test for '^Checking `chkutmp'\.\.\.'
Checking `chkutmp'...                                       not tested
OK
**** Test for '^Checking `OSX_RSPLUG'\.\.\.                                    not tested$'
Checking `OSX_RSPLUG'...                                    not tested
OK
** FAIL: Testing: cron-no-diff-mode-01-full (chkrootkit-daily) done: FAIL
*** FAIL was with config set to:
RUN_DAILY=true
DIFF_MODE=false

*** Reason(s) for failure follows
Result: FAIL

Missing: ^Checking `sniffer'\.\.\.                                       WARNING$
Missing: ^WARNING: Output from ifpromisc:$
Missing: ^lo: not promisc and no packet sniffer sockets$
*** Raw output of chkrootkit-daily follows
-rw-r--r-- 1 root root 21K Jan 17 00:32 /var/log/chkrootkit/chkrootkit-daily.log
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        started
Searching for suspicious files in /dev...                   not found
Searching for known suspicious directories...               not found
Searching for known suspicious files...                     not found
Searching for sniffer's logs...                             not found
Searching for HiDrootkit rootkit...                         not found
Searching for t0rn rootkit...                               not found
Searching for t0rn v8 (or variation)...                     not found
Searching for Lion rootkit...                               not found
Searching for RSHA rootkit...                               not found
Searching for RH-Sharpe rootkit...                          not found
Searching for Ambient (ark) rootkit...                      not found
Searching for suspicious files and dirs...                  WARNING

WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

Searching for LPD Worm...                                   not found
Searching for Ramen Worm rootkit...                         not found
Searching for Maniac rootkit...                             not found
Searching for RK17 rootkit...                               not found
Searching for Ducoci rootkit...                             not found
Searching for Adore Worm...                                 not found
Searching for ShitC Worm...                                 not found
Searching for Omega Worm...                                 not found
Searching for Sadmind/IIS Worm...                           not found
Searching for MonKit...                                     not found
Searching for Showtee rootkit...                            not found
Searching for OpticKit...                                   not found
Searching for T.R.K...                                      not found
Searching for Mithra rootkit...                             not found
Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                not found
Searching for Romanian rootkit...                           not found
Searching for HKRK rootkit...                               not found
Searching for Suckit rootkit...                             not found
Searching for Volc rootkit...                               not found
Searching for Gold2 rootkit...                              not found
Searching for TC2 rootkit...                                not found
Searching for Anonoying rootkit...                          not found
Searching for ZK rootkit...                                 not found
Searching for ShKit rootkit...                              not found
Searching for AjaKit rootkit...                             not found
Searching for zaRwT rootkit...                              not found
Searching for Madalin rootkit...                            not found
Searching for Fu rootkit...                                 not found
Searching for Kenga3 rootkit...                             not found
Searching for ESRK rootkit...                               not found
Searching for rootedoor...                                  not found
Searching for ENYELKM rootkit...                            not found
Searching for common ssh-scanners...                        not found
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
Searching for Linux/Ebury 1.6...                            not found
Searching for 64-bit Linux Rootkit...                       not found
Searching for 64-bit Linux Rootkit modules...               not found
Searching for Mumblehard...                                 not found
Searching for Backdoor.Linux.Mokes.a...                     not found
Searching for Malicious TinyDNS...                          not found
Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

Searching for Linux.Proxy.1.0...                            not found
Searching for CrossRAT...                                   not found
Searching for Hidden Cobra...                               not found
Searching for Rocke Miner rootkit...                        not found
Searching for PWNLNX4 lkm rootkit...                        not found
Searching for PWNLNX6 lkm rootkit...                        not found
Searching for Umbreon lrk...                                not found
Searching for Kinsing.a backdoor rootkit...                 not found
Searching for RotaJakiro backdoor rootkit...                not found
Searching for Syslogk LKM rootkit...                        not found
Searching for Kovid LKM rootkit...                          not tested
Searching for Tsunami DDoS Malware rootkit...               not found
Searching for Linux BPF Door...                             not found
Searching for suspect PHP files...                          not found
Searching for zero-size shell history files in /root...     not found
Searching for hardlinked shell history files in /root...    not found
Checking `aliens'...                                        finished
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not found
Checking `lkm'...                                           started
Searching for Adore LKM...                                  not tested
Searching for sebek LKM (Adore based)...                    not tested
Searching for knark LKM rootkit...                          not found
Searching for for hidden processes with chkproc...          not found
Searching for for hidden directories using chkdirs...       not found
Checking `lkm'...                                           finished
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       not found
Checking `w55808'...                                        not found
Checking `wted'...                                          not found
Checking `scalper'...                                       not found
Checking `slapper'...                                       not found
Checking `z2'...                                            not found
Checking `chkutmp'...                                       not tested
Checking `OSX_RSPLUG'...                                    not tested
*** Raw output of chkrootkit follows
-rw-r--r-- 1 root root 21K Jan 17 00:32 /var/log/chkrootkit/log.today.raw
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        started
Searching for suspicious files in /dev...                   not found
Searching for known suspicious directories...               not found
Searching for known suspicious files...                     not found
Searching for sniffer's logs...                             not found
Searching for HiDrootkit rootkit...                         not found
Searching for t0rn rootkit...                               not found
Searching for t0rn v8 (or variation)...                     not found
Searching for Lion rootkit...                               not found
Searching for RSHA rootkit...                               not found
Searching for RH-Sharpe rootkit...                          not found
Searching for Ambient (ark) rootkit...                      not found
Searching for suspicious files and dirs...                  WARNING

WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

Searching for LPD Worm...                                   not found
Searching for Ramen Worm rootkit...                         not found
Searching for Maniac rootkit...                             not found
Searching for RK17 rootkit...                               not found
Searching for Ducoci rootkit...                             not found
Searching for Adore Worm...                                 not found
Searching for ShitC Worm...                                 not found
Searching for Omega Worm...                                 not found
Searching for Sadmind/IIS Worm...                           not found
Searching for MonKit...                                     not found
Searching for Showtee rootkit...                            not found
Searching for OpticKit...                                   not found
Searching for T.R.K...                                      not found
Searching for Mithra rootkit...                             not found
Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                not found
Searching for Romanian rootkit...                           not found
Searching for HKRK rootkit...                               not found
Searching for Suckit rootkit...                             not found
Searching for Volc rootkit...                               not found
Searching for Gold2 rootkit...                              not found
Searching for TC2 rootkit...                                not found
Searching for Anonoying rootkit...                          not found
Searching for ZK rootkit...                                 not found
Searching for ShKit rootkit...                              not found
Searching for AjaKit rootkit...                             not found
Searching for zaRwT rootkit...                              not found
Searching for Madalin rootkit...                            not found
Searching for Fu rootkit...                                 not found
Searching for Kenga3 rootkit...                             not found
Searching for ESRK rootkit...                               not found
Searching for rootedoor...                                  not found
Searching for ENYELKM rootkit...                            not found
Searching for common ssh-scanners...                        not found
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
Searching for Linux/Ebury 1.6...                            not found
Searching for 64-bit Linux Rootkit...                       not found
Searching for 64-bit Linux Rootkit modules...               not found
Searching for Mumblehard...                                 not found
Searching for Backdoor.Linux.Mokes.a...                     not found
Searching for Malicious TinyDNS...                          not found
Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

Searching for Linux.Proxy.1.0...                            not found
Searching for CrossRAT...                                   not found
Searching for Hidden Cobra...                               not found
Searching for Rocke Miner rootkit...                        not found
Searching for PWNLNX4 lkm rootkit...                        not found
Searching for PWNLNX6 lkm rootkit...                        not found
Searching for Umbreon lrk...                                not found
Searching for Kinsing.a backdoor rootkit...                 not found
Searching for RotaJakiro backdoor rootkit...                not found
Searching for Syslogk LKM rootkit...                        not found
Searching for Kovid LKM rootkit...                          not tested
Searching for Tsunami DDoS Malware rootkit...               not found
Searching for Linux BPF Door...                             not found
Searching for suspect PHP files...                          not found
Searching for zero-size shell history files in /root...     not found
Searching for hardlinked shell history files in /root...    not found
Checking `aliens'...                                        finished
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not found
Checking `lkm'...                                           started
Searching for Adore LKM...                                  not tested
Searching for sebek LKM (Adore based)...                    not tested
Searching for knark LKM rootkit...                          not found
Searching for for hidden processes with chkproc...          not found
Searching for for hidden directories using chkdirs...       not found
Checking `lkm'...                                           finished
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       not found
Checking `w55808'...                                        not found
Checking `wted'...                                          not found
Checking `scalper'...                                       not found
Checking `slapper'...                                       not found
Checking `z2'...                                            not found
Checking `chkutmp'...                                       not tested
Checking `OSX_RSPLUG'...                                    not tested
*** Unexpected (unmatched) lines follow (for info):
Checking `sniffer'...                                       not found
** Testing: cron-no-diff-mode-02-full-filter-and-ignore (chkrootkit-daily) ...
*** Output
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        started
Searching for suspicious files in /dev...                   not found
Searching for known suspicious directories...               not found
Searching for known suspicious files...                     not found
Searching for sniffer's logs...                             not found
Searching for HiDrootkit rootkit...                         not found
Searching for t0rn rootkit...                               not found
Searching for t0rn v8 (or variation)...                     not found
Searching for Lion rootkit...                               not found
Searching for RSHA rootkit...                               not found
Searching for RH-Sharpe rootkit...                          not found
Searching for Ambient (ark) rootkit...                      not found
Searching for suspicious files and dirs...                  WARNING

WARNING: The following suspicious files and directories were found:
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
CHANGED-IN-FILTER_bb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

Searching for LPD Worm...                                   not found
Searching for Ramen Worm rootkit...                         not found
Searching for Maniac rootkit...                             not found
Searching for RK17 rootkit...                               not found
Searching for Ducoci rootkit...                             not found
Searching for Adore Worm...                                 not found
Searching for ShitC Worm...                                 not found
Searching for Omega Worm...                                 not found
Searching for Sadmind/IIS Worm...                           not found
Searching for MonKit...                                     not found
Searching for Showtee rootkit...                            not found
Searching for OpticKit...                                   not found
Searching for T.R.K...                                      not found
Searching for Mithra rootkit...                             not found
Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                not found
Searching for Romanian rootkit...                           not found
Searching for HKRK rootkit...                               not found
Searching for Suckit rootkit...                             not found
Searching for Volc rootkit...                               not found
Searching for Gold2 rootkit...                              not found
Searching for TC2 rootkit...                                not found
Searching for Anonoying rootkit...                          not found
Searching for ZK rootkit...                                 not found
Searching for ShKit rootkit...                              not found
Searching for AjaKit rootkit...                             not found
Searching for zaRwT rootkit...                              not found
Searching for Madalin rootkit...                            not found
Searching for Fu rootkit...                                 not found
Searching for Kenga3 rootkit...                             not found
Searching for ESRK rootkit...                               not found
Searching for rootedoor...                                  not found
Searching for ENYELKM rootkit...                            not found
Searching for common ssh-scanners...                        not found
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
Searching for Linux/Ebury 1.6...                            not found
Searching for 64-bit Linux Rootkit...                       not found
Searching for 64-bit Linux Rootkit modules...               not found
Searching for Mumblehard...                                 not found
Searching for Backdoor.Linux.Mokes.a...                     not found
Searching for Malicious TinyDNS...                          not found
Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

Searching for Linux.Proxy.1.0...                            not found
Searching for CrossRAT...                                   not found
Searching for Hidden Cobra...                               not found
Searching for Rocke Miner rootkit...                        not found
Searching for PWNLNX4 lkm rootkit...                        not found
Searching for PWNLNX6 lkm rootkit...                        not found
Searching for Umbreon lrk...                                not found
Searching for Kinsing.a backdoor rootkit...                 not found
Searching for RotaJakiro backdoor rootkit...                not found
Searching for Syslogk LKM rootkit...                        not found
Searching for Kovid LKM rootkit...                          not tested
Searching for Tsunami DDoS Malware rootkit...               not found
Searching for Linux BPF Door...                             not found
Searching for suspect PHP files...                          not found
Searching for zero-size shell history files in /root...     not found
Searching for hardlinked shell history files in /root...    not found
Checking `aliens'...                                        finished
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not found
Checking `lkm'...                                           started
Searching for Adore LKM...                                  not tested
Searching for sebek LKM (Adore based)...                    not tested
Searching for knark LKM rootkit...                          not found
Searching for for hidden processes with chkproc...          not found
Searching for for hidden directories using chkdirs...       not found
Checking `lkm'...                                           finished
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       not found
Checking `w55808'...                                        not found
Checking `wted'...                                          not found
Checking `scalper'...                                       not found
Checking `slapper'...                                       not found
Checking `z2'...                                            not found
Checking `chkutmp'...                                       not tested
Checking `OSX_RSPLUG'...                                    not tested
**** Files in log
total 80K
drwxr-xr-x 2 root root 4.0K Jan 17 00:32 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root  21K Jan 17 00:32 chkrootkit-daily.log
-rw-r--r-- 1 root root  21K Jan 17 00:32 log.today
-rw-r--r-- 1 root root  21K Jan 17 00:32 log.today.raw
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `amd'\.\.\.                                           not infected$'
Checking `amd'...                                           not infected
OK
**** Test for '^Checking `basename'\.\.\.                                      not infected$'
Checking `basename'...                                      not infected
OK
**** Test for '^Checking `biff'\.\.\.                                          not infected$'
Checking `biff'...                                          not infected
OK
**** Test for '^Checking `chfn'\.\.\.                                          not infected$'
Checking `chfn'...                                          not infected
OK
**** Test for '^Checking `chsh'\.\.\.                                          not infected$'
Checking `chsh'...                                          not infected
OK
**** Test for '^Checking `cron'\.\.\.                                          not infected$'
Checking `cron'...                                          not infected
OK
**** Test for '^Checking `crontab'\.\.\.                                       not infected$'
Checking `crontab'...                                       not infected
OK
**** Test for '^Checking `date'\.\.\.                                          not infected$'
Checking `date'...                                          not infected
OK
**** Test for '^Checking `du'\.\.\.                                            not infected$'
Checking `du'...                                            not infected
OK
**** Test for '^Checking `dirname'\.\.\.                                       not infected$'
Checking `dirname'...                                       not infected
OK
**** Test for '^Checking `echo'\.\.\.                                          not infected$'
Checking `echo'...                                          not infected
OK
**** Test for '^Checking `egrep'\.\.\.                                         not infected$'
Checking `egrep'...                                         not infected
OK
**** Test for '^Checking `env'\.\.\.                                           not infected$'
Checking `env'...                                           not infected
OK
**** Test for '^Checking `find'\.\.\.                                          not infected$'
Checking `find'...                                          not infected
OK
**** Test for '^Checking `fingerd'\.\.\.                                       not infected$'
Checking `fingerd'...                                       not infected
OK
**** Test for '^Checking `gpm'\.\.\.                                           not infected$'
Checking `gpm'...                                           not infected
OK
**** Test for '^Checking `grep'\.\.\.                                          not infected$'
Checking `grep'...                                          not infected
OK
**** Test for '^Checking `hdparm'\.\.\.                                        not infected$'
Checking `hdparm'...                                        not infected
OK
**** Test for '^Checking `su'\.\.\.                                            not infected$'
Checking `su'...                                            not infected
OK
**** Test for '^Checking `ifconfig'\.\.\.                                      not infected$'
Checking `ifconfig'...                                      not infected
OK
**** Test for '^Checking `inetd'\.\.\.                                         not infected$'
Checking `inetd'...                                         not infected
OK
**** Test for '^Checking `inetdconf'\.\.\.                                     not infected$'
Checking `inetdconf'...                                     not infected
OK
**** Test for '^Checking `identd'\.\.\.                                        not infected$'
Checking `identd'...                                        not infected
OK
**** Test for '^Checking `init'\.\.\.                                          not infected$'
Checking `init'...                                          not infected
OK
**** Test for '^Checking `killall'\.\.\.                                       not infected$'
Checking `killall'...                                       not infected
OK
**** Test for '^Checking `ldsopreload'\.\.\.                                   not infected$'
Checking `ldsopreload'...                                   not infected
OK
**** Test for '^Checking `login'\.\.\.                                         not infected$'
Checking `login'...                                         not infected
OK
**** Test for '^Checking `ls'\.\.\.                                            not infected$'
Checking `ls'...                                            not infected
OK
**** Test for '^Checking `lsof'\.\.\.                                          not infected$'
Checking `lsof'...                                          not infected
OK
**** Test for '^Checking `mail'\.\.\.                                          not infected$'
Checking `mail'...                                          not infected
OK
**** Test for '^Checking `mingetty'\.\.\.                                      not infected$'
Checking `mingetty'...                                      not infected
OK
**** Test for '^Checking `netstat'\.\.\.                                       not infected$'
Checking `netstat'...                                       not infected
OK
**** Test for '^Checking `named'\.\.\.                                         not infected$'
Checking `named'...                                         not infected
OK
**** Test for '^Checking `passwd'\.\.\.                                        not infected$'
Checking `passwd'...                                        not infected
OK
**** Test for '^Checking `pidof'\.\.\.                                         not infected$'
Checking `pidof'...                                         not infected
OK
**** Test for '^Checking `pop2'\.\.\.                                          not infected$'
Checking `pop2'...                                          not infected
OK
**** Test for '^Checking `pop3'\.\.\.                                          not infected$'
Checking `pop3'...                                          not infected
OK
**** Test for '^Checking `ps'\.\.\.                                            not infected$'
Checking `ps'...                                            not infected
OK
**** Test for '^Checking `pstree'\.\.\.                                        not infected$'
Checking `pstree'...                                        not infected
OK
**** Test for '^Checking `rpcinfo'\.\.\.                                       not infected$'
Checking `rpcinfo'...                                       not infected
OK
**** Test for '^Checking `rlogind'\.\.\.                                       not infected$'
Checking `rlogind'...                                       not infected
OK
**** Test for '^Checking `rshd'\.\.\.                                          not infected$'
Checking `rshd'...                                          not infected
OK
**** Test for '^Checking `slogin'\.\.\.                                        not infected$'
Checking `slogin'...                                        not infected
OK
**** Test for '^Checking `sendmail'\.\.\.                                      not infected$'
Checking `sendmail'...                                      not infected
OK
**** Test for '^Checking `sshd'\.\.\.                                          not infected$'
Checking `sshd'...                                          not infected
OK
**** Test for '^Checking `syslogd'\.\.\.                                       not infected$'
Checking `syslogd'...                                       not infected
OK
**** Test for '^Checking `tar'\.\.\.                                           not infected$'
Checking `tar'...                                           not infected
OK
**** Test for '^Checking `tcpd'\.\.\.                                          not infected$'
Checking `tcpd'...                                          not infected
OK
**** Test for '^Checking `tcpdump'\.\.\.                                       not infected$'
Checking `tcpdump'...                                       not infected
OK
**** Test for '^Checking `top'\.\.\.                                           not infected$'
Checking `top'...                                           not infected
OK
**** Test for '^Checking `telnetd'\.\.\.                                       not infected$'
Checking `telnetd'...                                       not infected
OK
**** Test for '^Checking `timed'\.\.\.                                         not infected$'
Checking `timed'...                                         not infected
OK
**** Test for '^Checking `traceroute'\.\.\.                                    not infected$'
Checking `traceroute'...                                    not infected
OK
**** Test for '^Checking `vdir'\.\.\.                                          not infected$'
Checking `vdir'...                                          not infected
OK
**** Test for '^Checking `w'\.\.\.                                             not infected$'
Checking `w'...                                             not infected
OK
**** Test for '^Checking `write'\.\.\.                                         not infected$'
Checking `write'...                                         not infected
OK
**** Test for '^Checking `aliens'\.\.\.                                        started$'
Checking `aliens'...                                        started
OK
**** Test for '^Searching for suspicious files in /dev\.\.\.                   not found$'
Searching for suspicious files in /dev...                   not found
OK
**** Test for '^Searching for known suspicious directories\.\.\.               not found$'
Searching for known suspicious directories...               not found
OK
**** Test for '^Searching for known suspicious files\.\.\.                     not found$'
Searching for known suspicious files...                     not found
OK
**** Test for '^Searching for sniffer's logs\.\.\.                             not found$'
Searching for sniffer's logs...                             not found
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\.                         not found$'
Searching for HiDrootkit rootkit...                         not found
OK
**** Test for '^Searching for t0rn rootkit\.\.\.                               not found$'
Searching for t0rn rootkit...                               not found
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\.                     not found$'
Searching for t0rn v8 (or variation)...                     not found
OK
**** Test for '^Searching for Lion rootkit\.\.\.                               not found$'
Searching for Lion rootkit...                               not found
OK
**** Test for '^Searching for RSHA rootkit\.\.\.                               not found$'
Searching for RSHA rootkit...                               not found
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\.                          not found$'
Searching for RH-Sharpe rootkit...                          not found
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\.                      not found$'
Searching for Ambient (ark) rootkit...                      not found
OK
**** Test for '^Searching for suspicious files and dirs\.\.\.                  WARNING$'
Searching for suspicious files and dirs...                  WARNING
OK
**** Test for '^$'




OK
**** Test for 'The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^CHANGED-IN-FILTER_bb \[Not from a Debian package\]$'
CHANGED-IN-FILTER_bb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^Searching for LPD Worm\.\.\.                                   not found$'
Searching for LPD Worm...                                   not found
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\.                         not found$'
Searching for Ramen Worm rootkit...                         not found
OK
**** Test for '^Searching for Maniac rootkit\.\.\.                             not found$'
Searching for Maniac rootkit...                             not found
OK
**** Test for '^Searching for RK17 rootkit\.\.\.                               not found$'
Searching for RK17 rootkit...                               not found
OK
**** Test for '^Searching for Ducoci rootkit\.\.\.                             not found$'
Searching for Ducoci rootkit...                             not found
OK
**** Test for '^Searching for Adore Worm\.\.\.                                 not found$'
Searching for Adore Worm...                                 not found
OK
**** Test for '^Searching for ShitC Worm\.\.\.                                 not found$'
Searching for ShitC Worm...                                 not found
OK
**** Test for '^Searching for Omega Worm\.\.\.                                 not found$'
Searching for Omega Worm...                                 not found
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\.                           not found$'
Searching for Sadmind/IIS Worm...                           not found
OK
**** Test for '^Searching for MonKit\.\.\.                                     not found$'
Searching for MonKit...                                     not found
OK
**** Test for '^Searching for Showtee rootkit\.\.\.                            not found$'
Searching for Showtee rootkit...                            not found
OK
**** Test for '^Searching for OpticKit\.\.\.                                   not found$'
Searching for OpticKit...                                   not found
OK
**** Test for '^Searching for T\.R\.K\.\.\.                                      not found$'
Searching for T.R.K...                                      not found
OK
**** Test for '^Searching for Mithra rootkit\.\.\.                             not found$'
Searching for Mithra rootkit...                             not found
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\.                            not tested$'
Searching for OBSD rootkit v1...                            not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\.                                not found$'
Searching for LOC rootkit...                                not found
OK
**** Test for '^Searching for Romanian rootkit\.\.\.                           not found$'
Searching for Romanian rootkit...                           not found
OK
**** Test for '^Searching for HKRK rootkit\.\.\.                               not found$'
Searching for HKRK rootkit...                               not found
OK
**** Test for '^Searching for Suckit rootkit\.\.\.                             not found$'
Searching for Suckit rootkit...                             not found
OK
**** Test for '^Searching for Volc rootkit\.\.\.                               not found$'
Searching for Volc rootkit...                               not found
OK
**** Test for '^Searching for Gold2 rootkit\.\.\.                              not found$'
Searching for Gold2 rootkit...                              not found
OK
**** Test for '^Searching for TC2 rootkit\.\.\.                                not found$'
Searching for TC2 rootkit...                                not found
OK
**** Test for '^Searching for Anonoying rootkit\.\.\.                          not found$'
Searching for Anonoying rootkit...                          not found
OK
**** Test for '^Searching for ZK rootkit\.\.\.                                 not found$'
Searching for ZK rootkit...                                 not found
OK
**** Test for '^Searching for ShKit rootkit\.\.\.                              not found$'
Searching for ShKit rootkit...                              not found
OK
**** Test for '^Searching for AjaKit rootkit\.\.\.                             not found$'
Searching for AjaKit rootkit...                             not found
OK
**** Test for '^Searching for zaRwT rootkit\.\.\.                              not found$'
Searching for zaRwT rootkit...                              not found
OK
**** Test for '^Searching for Madalin rootkit\.\.\.                            not found$'
Searching for Madalin rootkit...                            not found
OK
**** Test for '^Searching for Fu rootkit\.\.\.                                 not found$'
Searching for Fu rootkit...                                 not found
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\.                             not found$'
Searching for Kenga3 rootkit...                             not found
OK
**** Test for '^Searching for ESRK rootkit\.\.\.                               not found$'
Searching for ESRK rootkit...                               not found
OK
**** Test for '^Searching for rootedoor\.\.\.                                  not found$'
Searching for rootedoor...                                  not found
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\.                            not found$'
Searching for ENYELKM rootkit...                            not found
OK
**** Test for '^Searching for common ssh-scanners\.\.\.                        not found$'
Searching for common ssh-scanners...                        not found
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\.        (not found|not tested)$'
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\.                            (not found|not tested)$'
Searching for Linux/Ebury 1.6...                            not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\.                       not found$'
Searching for 64-bit Linux Rootkit...                       not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\.               not found$'
Searching for 64-bit Linux Rootkit modules...               not found
OK
**** Test for '^Searching for Mumblehard\.\.\.                                 not found$'
Searching for Mumblehard...                                 not found
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\.                     not found$'
Searching for Backdoor.Linux.Mokes.a...                     not found
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\.                          not found$'
Searching for Malicious TinyDNS...                          not found
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\.                             WARNING$'
Searching for Linux.Xor.DDoS...                             WARNING
OK
**** Test for 'WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\.                            not found$'
Searching for Linux.Proxy.1.0...                            not found
OK
**** Test for '^Searching for CrossRAT\.\.\.                                   not found$'
Searching for CrossRAT...                                   not found
OK
**** Test for '^Searching for Hidden Cobra\.\.\.                               not found$'
Searching for Hidden Cobra...                               not found
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\.                        not found$'
Searching for Rocke Miner rootkit...                        not found
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\.                        not found$'
Searching for PWNLNX4 lkm rootkit...                        not found
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\.                        not found$'
Searching for PWNLNX6 lkm rootkit...                        not found
OK
**** Test for '^Searching for Umbreon lrk\.\.\.                                not found$'
Searching for Umbreon lrk...                                not found
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\.                 not found$'
Searching for Kinsing.a backdoor rootkit...                 not found
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\.                not found$'
Searching for RotaJakiro backdoor rootkit...                not found
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\.                        not found$'
Searching for Syslogk LKM rootkit...                        not found
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\.                          not tested$'
Searching for Kovid LKM rootkit...                          not tested
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\.               not found$'
Searching for Tsunami DDoS Malware rootkit...               not found
OK
**** Test for '^Searching for Linux BPF Door\.\.\.                             not found$'
Searching for Linux BPF Door...                             not found
OK
**** Test for '^Searching for zero-size shell history files in /root\.\.\.     not found$'
Searching for zero-size shell history files in /root...     not found
OK
**** Test for '^Searching for hardlinked shell history files in /root\.\.\.    not found$'
Searching for hardlinked shell history files in /root...    not found
OK
**** Test for '^Searching for suspect PHP files\.\.\.                          not found$'
Searching for suspect PHP files...                          not found
OK
**** Test for '^Checking `aliens'\.\.\.                                        finished$'
Checking `aliens'...                                        finished
OK
**** Test for '^Checking `asp'\.\.\.                                           not infected$'
Checking `asp'...                                           not infected
OK
**** Test for '^Checking `bindshell'\.\.\.                                     not found'
Checking `bindshell'...                                     not found
OK
**** Test for '^Checking `lkm'\.\.\.                                           started$'
Checking `lkm'...                                           started
OK
**** Test for '^Checking `rexedcs'\.\.\.                                       not found$'
Checking `rexedcs'...                                       not found
OK
**** Test for '^Searching for for hidden processes with chkproc\.\.\.          not found$'
Searching for for hidden processes with chkproc...          not found
OK
**** Test for '^Searching for for hidden directories using chkdirs\.\.\.'
Searching for for hidden directories using chkdirs...       not found
OK
**** Test for '^Checking `lkm'\.\.\.                                           finished$'
Checking `lkm'...                                           finished
OK
**** Test for '^Searching for Adore LKM\.\.\.                                  not tested'
Searching for Adore LKM...                                  not tested
OK
**** Test for '^Searching for sebek LKM \(Adore based\)\.\.\.                    not tested'
Searching for sebek LKM (Adore based)...                    not tested
OK
**** Test for '^Searching for knark LKM rootkit\.\.\.                          not found'
Searching for knark LKM rootkit...                          not found
OK
**** Test for '^Checking `sniffer'\.\.\.                                       WARNING$'
<No match (FAIL)>

**** Test for '^WARNING: Output from ifpromisc:$'
<No match (FAIL)>

**** Test for '^lo: not promisc and no packet sniffer sockets$'
<No match (FAIL)>

**** Test for '^Checking `w55808'\.\.\.                                        not found$'
Checking `w55808'...                                        not found
OK
**** Test for '^Checking `wted'\.\.\.                                          not (tested|found)$'
Checking `wted'...                                          not found
OK
**** Test for '^Checking `scalper'\.\.\.                                       not found$'
Checking `scalper'...                                       not found
OK
**** Test for '^Checking `slapper'\.\.\.                                       not found$'
Checking `slapper'...                                       not found
OK
**** Test for '^Checking `z2'\.\.\.                                            not (tested|found)$'
Checking `z2'...                                            not found
OK
**** Test for '^Checking `chkutmp'\.\.\.'
Checking `chkutmp'...                                       not tested
OK
**** Test for '^Checking `OSX_RSPLUG'\.\.\.                                    not tested$'
Checking `OSX_RSPLUG'...                                    not tested
OK
** FAIL: Testing: cron-no-diff-mode-02-full-filter-and-ignore (chkrootkit-daily) done: FAIL
*** FAIL was with config set to:
RUN_DAILY=true
DIFF_MODE=false

FILTER='sed s!^/usr/lib/.b!CHANGED-IN-FILTER_!'
IGNORE_FILE=/etc/test-ignore
DIFF_MODE=false

*** Reason(s) for failure follows
Result: FAIL

Missing: ^Checking `sniffer'\.\.\.                                       WARNING$
Missing: ^WARNING: Output from ifpromisc:$
Missing: ^lo: not promisc and no packet sniffer sockets$
*** Raw output of chkrootkit-daily follows
-rw-r--r-- 1 root root 21K Jan 17 00:32 /var/log/chkrootkit/chkrootkit-daily.log
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        started
Searching for suspicious files in /dev...                   not found
Searching for known suspicious directories...               not found
Searching for known suspicious files...                     not found
Searching for sniffer's logs...                             not found
Searching for HiDrootkit rootkit...                         not found
Searching for t0rn rootkit...                               not found
Searching for t0rn v8 (or variation)...                     not found
Searching for Lion rootkit...                               not found
Searching for RSHA rootkit...                               not found
Searching for RH-Sharpe rootkit...                          not found
Searching for Ambient (ark) rootkit...                      not found
Searching for suspicious files and dirs...                  WARNING

WARNING: The following suspicious files and directories were found:
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
CHANGED-IN-FILTER_bb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

Searching for LPD Worm...                                   not found
Searching for Ramen Worm rootkit...                         not found
Searching for Maniac rootkit...                             not found
Searching for RK17 rootkit...                               not found
Searching for Ducoci rootkit...                             not found
Searching for Adore Worm...                                 not found
Searching for ShitC Worm...                                 not found
Searching for Omega Worm...                                 not found
Searching for Sadmind/IIS Worm...                           not found
Searching for MonKit...                                     not found
Searching for Showtee rootkit...                            not found
Searching for OpticKit...                                   not found
Searching for T.R.K...                                      not found
Searching for Mithra rootkit...                             not found
Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                not found
Searching for Romanian rootkit...                           not found
Searching for HKRK rootkit...                               not found
Searching for Suckit rootkit...                             not found
Searching for Volc rootkit...                               not found
Searching for Gold2 rootkit...                              not found
Searching for TC2 rootkit...                                not found
Searching for Anonoying rootkit...                          not found
Searching for ZK rootkit...                                 not found
Searching for ShKit rootkit...                              not found
Searching for AjaKit rootkit...                             not found
Searching for zaRwT rootkit...                              not found
Searching for Madalin rootkit...                            not found
Searching for Fu rootkit...                                 not found
Searching for Kenga3 rootkit...                             not found
Searching for ESRK rootkit...                               not found
Searching for rootedoor...                                  not found
Searching for ENYELKM rootkit...                            not found
Searching for common ssh-scanners...                        not found
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
Searching for Linux/Ebury 1.6...                            not found
Searching for 64-bit Linux Rootkit...                       not found
Searching for 64-bit Linux Rootkit modules...               not found
Searching for Mumblehard...                                 not found
Searching for Backdoor.Linux.Mokes.a...                     not found
Searching for Malicious TinyDNS...                          not found
Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

Searching for Linux.Proxy.1.0...                            not found
Searching for CrossRAT...                                   not found
Searching for Hidden Cobra...                               not found
Searching for Rocke Miner rootkit...                        not found
Searching for PWNLNX4 lkm rootkit...                        not found
Searching for PWNLNX6 lkm rootkit...                        not found
Searching for Umbreon lrk...                                not found
Searching for Kinsing.a backdoor rootkit...                 not found
Searching for RotaJakiro backdoor rootkit...                not found
Searching for Syslogk LKM rootkit...                        not found
Searching for Kovid LKM rootkit...                          not tested
Searching for Tsunami DDoS Malware rootkit...               not found
Searching for Linux BPF Door...                             not found
Searching for suspect PHP files...                          not found
Searching for zero-size shell history files in /root...     not found
Searching for hardlinked shell history files in /root...    not found
Checking `aliens'...                                        finished
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not found
Checking `lkm'...                                           started
Searching for Adore LKM...                                  not tested
Searching for sebek LKM (Adore based)...                    not tested
Searching for knark LKM rootkit...                          not found
Searching for for hidden processes with chkproc...          not found
Searching for for hidden directories using chkdirs...       not found
Checking `lkm'...                                           finished
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       not found
Checking `w55808'...                                        not found
Checking `wted'...                                          not found
Checking `scalper'...                                       not found
Checking `slapper'...                                       not found
Checking `z2'...                                            not found
Checking `chkutmp'...                                       not tested
Checking `OSX_RSPLUG'...                                    not tested
*** Raw output of chkrootkit follows
-rw-r--r-- 1 root root 21K Jan 17 00:32 /var/log/chkrootkit/log.today.raw
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        started
Searching for suspicious files in /dev...                   not found
Searching for known suspicious directories...               not found
Searching for known suspicious files...                     not found
Searching for sniffer's logs...                             not found
Searching for HiDrootkit rootkit...                         not found
Searching for t0rn rootkit...                               not found
Searching for t0rn v8 (or variation)...                     not found
Searching for Lion rootkit...                               not found
Searching for RSHA rootkit...                               not found
Searching for RH-Sharpe rootkit...                          not found
Searching for Ambient (ark) rootkit...                      not found
Searching for suspicious files and dirs...                  WARNING

WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

Searching for LPD Worm...                                   not found
Searching for Ramen Worm rootkit...                         not found
Searching for Maniac rootkit...                             not found
Searching for RK17 rootkit...                               not found
Searching for Ducoci rootkit...                             not found
Searching for Adore Worm...                                 not found
Searching for ShitC Worm...                                 not found
Searching for Omega Worm...                                 not found
Searching for Sadmind/IIS Worm...                           not found
Searching for MonKit...                                     not found
Searching for Showtee rootkit...                            not found
Searching for OpticKit...                                   not found
Searching for T.R.K...                                      not found
Searching for Mithra rootkit...                             not found
Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                not found
Searching for Romanian rootkit...                           not found
Searching for HKRK rootkit...                               not found
Searching for Suckit rootkit...                             not found
Searching for Volc rootkit...                               not found
Searching for Gold2 rootkit...                              not found
Searching for TC2 rootkit...                                not found
Searching for Anonoying rootkit...                          not found
Searching for ZK rootkit...                                 not found
Searching for ShKit rootkit...                              not found
Searching for AjaKit rootkit...                             not found
Searching for zaRwT rootkit...                              not found
Searching for Madalin rootkit...                            not found
Searching for Fu rootkit...                                 not found
Searching for Kenga3 rootkit...                             not found
Searching for ESRK rootkit...                               not found
Searching for rootedoor...                                  not found
Searching for ENYELKM rootkit...                            not found
Searching for common ssh-scanners...                        not found
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
Searching for Linux/Ebury 1.6...                            not found
Searching for 64-bit Linux Rootkit...                       not found
Searching for 64-bit Linux Rootkit modules...               not found
Searching for Mumblehard...                                 not found
Searching for Backdoor.Linux.Mokes.a...                     not found
Searching for Malicious TinyDNS...                          not found
Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

Searching for Linux.Proxy.1.0...                            not found
Searching for CrossRAT...                                   not found
Searching for Hidden Cobra...                               not found
Searching for Rocke Miner rootkit...                        not found
Searching for PWNLNX4 lkm rootkit...                        not found
Searching for PWNLNX6 lkm rootkit...                        not found
Searching for Umbreon lrk...                                not found
Searching for Kinsing.a backdoor rootkit...                 not found
Searching for RotaJakiro backdoor rootkit...                not found
Searching for Syslogk LKM rootkit...                        not found
Searching for Kovid LKM rootkit...                          not tested
Searching for Tsunami DDoS Malware rootkit...               not found
Searching for Linux BPF Door...                             not found
Searching for suspect PHP files...                          not found
Searching for zero-size shell history files in /root...     not found
Searching for hardlinked shell history files in /root...    not found
Checking `aliens'...                                        finished
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not found
Checking `lkm'...                                           started
Searching for Adore LKM...                                  not tested
Searching for sebek LKM (Adore based)...                    not tested
Searching for knark LKM rootkit...                          not found
Searching for for hidden processes with chkproc...          not found
Searching for for hidden directories using chkdirs...       not found
Checking `lkm'...                                           finished
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       not found
Checking `w55808'...                                        not found
Checking `wted'...                                          not found
Checking `scalper'...                                       not found
Checking `slapper'...                                       not found
Checking `z2'...                                            not found
Checking `chkutmp'...                                       not tested
Checking `OSX_RSPLUG'...                                    not tested
*** Unexpected (unmatched) lines follow (for info):
Checking `sniffer'...                                       not found
* Testing: chkrootkit-daily (without diff mode, quiet output, no MAILTO)
** Testing: cron-no-diff-mode-03-quiet (chkrootkit-daily) ...
*** Output
WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 17 00:32 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root  11K Jan 17 00:32 chkrootkit-daily.log
-rw-r--r-- 1 root root  11K Jan 17 00:32 log.today
-rw-r--r-- 1 root root  11K Jan 17 00:32 log.today.raw
*** Test of content of output follows...
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'


OK
**** Test for '^WARNING: Possible Linux.Xor.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
OK
** PASS: Testing: cron-no-diff-mode-03-quiet (chkrootkit-daily) done: PASS
** Testing: cron-no-diff-mode-04-quiet-no-ionice (chkrootkit-daily) ...
*** Output
WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 17 00:32 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root  11K Jan 17 00:32 chkrootkit-daily.log
-rw-r--r-- 1 root root  11K Jan 17 00:32 log.today
-rw-r--r-- 1 root root  11K Jan 17 00:32 log.today.raw
*** Test of content of output follows...
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'


OK
**** Test for '^WARNING: Possible Linux.Xor.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
OK
** PASS: Testing: cron-no-diff-mode-04-quiet-no-ionice (chkrootkit-daily) done: PASS
** Testing: cron-no-diff-mode-05-quiet-filter-and-ignore (chkrootkit-daily) ...
*** Output
WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
CHANGED-IN-FILTER_bb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 17 00:32 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root  11K Jan 17 00:33 chkrootkit-daily.log
-rw-r--r-- 1 root root  11K Jan 17 00:33 log.today
-rw-r--r-- 1 root root  11K Jan 17 00:32 log.today.raw
*** Test of content of output follows...
**** Test for 'WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^CHANGED-IN-FILTER_bb \[Not from a Debian package\]$'
CHANGED-IN-FILTER_bb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'


OK
**** Test for '^WARNING: Possible Linux.Xor.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/clean/.+ \[Not from a Debian package\]$'
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
** PASS: Testing: cron-no-diff-mode-05-quiet-filter-and-ignore (chkrootkit-daily) done: PASS
** Testing: cron-no-diff-mode-06-quiet-invalid-filter-is-ignored (chkrootkit-daily) ...
*** Output
Ignoring invalid $FILTER='sed s/this/is/invalid/sed/and/will/be/ignored'
WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 17 00:32 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root  11K Jan 17 00:33 chkrootkit-daily.log
-rw-r--r-- 1 root root  11K Jan 17 00:33 log.today
-rw-r--r-- 1 root root  11K Jan 17 00:33 log.today.raw
*** Test of content of output follows...
**** Test for '^Ignoring invalid \$FILTER='sed s/this/is/invalid/sed/and/will/be/ignored'$'
Ignoring invalid $FILTER='sed s/this/is/invalid/sed/and/will/be/ignored'
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'


OK
**** Test for '^WARNING: Possible Linux.Xor.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
** PASS: Testing: cron-no-diff-mode-06-quiet-invalid-filter-is-ignored (chkrootkit-daily) done: PASS
* Testing: chkrootkit-daily (with DIFF_MODE, full output, no MAILTO)
** Testing: cron-with-diff-mode-01-full (chkrootkit-daily) ...
*** Output
No file /var/log/chkrootkit/log.expected
This file should contain expected output from chkrootkit

Today's run produced the following output:
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        started
Searching for suspicious files in /dev...                   not found
Searching for known suspicious directories...               not found
Searching for known suspicious files...                     not found
Searching for sniffer's logs...                             not found
Searching for HiDrootkit rootkit...                         not found
Searching for t0rn rootkit...                               not found
Searching for t0rn v8 (or variation)...                     not found
Searching for Lion rootkit...                               not found
Searching for RSHA rootkit...                               not found
Searching for RH-Sharpe rootkit...                          not found
Searching for Ambient (ark) rootkit...                      not found
Searching for suspicious files and dirs...                  WARNING

WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

Searching for LPD Worm...                                   not found
Searching for Ramen Worm rootkit...                         not found
Searching for Maniac rootkit...                             not found
Searching for RK17 rootkit...                               not found
Searching for Ducoci rootkit...                             not found
Searching for Adore Worm...                                 not found
Searching for ShitC Worm...                                 not found
Searching for Omega Worm...                                 not found
Searching for Sadmind/IIS Worm...                           not found
Searching for MonKit...                                     not found
Searching for Showtee rootkit...                            not found
Searching for OpticKit...                                   not found
Searching for T.R.K...                                      not found
Searching for Mithra rootkit...                             not found
Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                not found
Searching for Romanian rootkit...                           not found
Searching for HKRK rootkit...                               not found
Searching for Suckit rootkit...                             not found
Searching for Volc rootkit...                               not found
Searching for Gold2 rootkit...                              not found
Searching for TC2 rootkit...                                not found
Searching for Anonoying rootkit...                          not found
Searching for ZK rootkit...                                 not found
Searching for ShKit rootkit...                              not found
Searching for AjaKit rootkit...                             not found
Searching for zaRwT rootkit...                              not found
Searching for Madalin rootkit...                            not found
Searching for Fu rootkit...                                 not found
Searching for Kenga3 rootkit...                             not found
Searching for ESRK rootkit...                               not found
Searching for rootedoor...                                  not found
Searching for ENYELKM rootkit...                            not found
Searching for common ssh-scanners...                        not found
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
Searching for Linux/Ebury 1.6...                            not found
Searching for 64-bit Linux Rootkit...                       not found
Searching for 64-bit Linux Rootkit modules...               not found
Searching for Mumblehard...                                 not found
Searching for Backdoor.Linux.Mokes.a...                     not found
Searching for Malicious TinyDNS...                          not found
Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

Searching for Linux.Proxy.1.0...                            not found
Searching for CrossRAT...                                   not found
Searching for Hidden Cobra...                               not found
Searching for Rocke Miner rootkit...                        not found
Searching for PWNLNX4 lkm rootkit...                        not found
Searching for PWNLNX6 lkm rootkit...                        not found
Searching for Umbreon lrk...                                not found
Searching for Kinsing.a backdoor rootkit...                 not found
Searching for RotaJakiro backdoor rootkit...                not found
Searching for Syslogk LKM rootkit...                        not found
Searching for Kovid LKM rootkit...                          not tested
Searching for Tsunami DDoS Malware rootkit...               not found
Searching for Linux BPF Door...                             not found
Searching for suspect PHP files...                          not found
Searching for zero-size shell history files in /root...     not found
Searching for hardlinked shell history files in /root...    not found
Checking `aliens'...                                        finished
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not found
Checking `lkm'...                                           started
Searching for Adore LKM...                                  not tested
Searching for sebek LKM (Adore based)...                    not tested
Searching for knark LKM rootkit...                          not found
Searching for for hidden processes with chkproc...          not found
Searching for for hidden directories using chkdirs...       not found
Checking `lkm'...                                           finished
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       not found
Checking `w55808'...                                        not found
Checking `wted'...                                          not found
Checking `scalper'...                                       not found
Checking `slapper'...                                       not found
Checking `z2'...                                            not found
Checking `chkutmp'...                                       not tested
Checking `OSX_RSPLUG'...                                    not tested
--- [ END: cat /var/log/chkrootkit/log.today ] ---

To create this file containing all output from today's run, do (as root)
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 80K
drwxr-xr-x 2 root root 4.0K Jan 17 00:32 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root  21K Jan 17 00:33 chkrootkit-daily.log
-rw-r--r-- 1 root root  21K Jan 17 00:33 log.today
-rw-r--r-- 1 root root  21K Jan 17 00:33 log.today.raw
*** Test of content of output follows...
**** Test for '^No file /var/log/chkrootkit/log\.expected$'
No file /var/log/chkrootkit/log.expected
OK
**** Test for '^This file should contain expected output from chkrootkit$'
This file should contain expected output from chkrootkit
OK
**** Test for '^$'






OK
**** Test for '^Today's run produced the following output:$'
Today's run produced the following output:
OK
**** Test for '^--- \[ BEGIN: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `amd'\.\.\.                                           not infected$'
Checking `amd'...                                           not infected
OK
**** Test for '^Checking `basename'\.\.\.                                      not infected$'
Checking `basename'...                                      not infected
OK
**** Test for '^Checking `biff'\.\.\.                                          not infected$'
Checking `biff'...                                          not infected
OK
**** Test for '^Checking `chfn'\.\.\.                                          not infected$'
Checking `chfn'...                                          not infected
OK
**** Test for '^Checking `chsh'\.\.\.                                          not infected$'
Checking `chsh'...                                          not infected
OK
**** Test for '^Checking `cron'\.\.\.                                          not infected$'
Checking `cron'...                                          not infected
OK
**** Test for '^Checking `crontab'\.\.\.                                       not infected$'
Checking `crontab'...                                       not infected
OK
**** Test for '^Checking `date'\.\.\.                                          not infected$'
Checking `date'...                                          not infected
OK
**** Test for '^Checking `du'\.\.\.                                            not infected$'
Checking `du'...                                            not infected
OK
**** Test for '^Checking `dirname'\.\.\.                                       not infected$'
Checking `dirname'...                                       not infected
OK
**** Test for '^Checking `echo'\.\.\.                                          not infected$'
Checking `echo'...                                          not infected
OK
**** Test for '^Checking `egrep'\.\.\.                                         not infected$'
Checking `egrep'...                                         not infected
OK
**** Test for '^Checking `env'\.\.\.                                           not infected$'
Checking `env'...                                           not infected
OK
**** Test for '^Checking `find'\.\.\.                                          not infected$'
Checking `find'...                                          not infected
OK
**** Test for '^Checking `fingerd'\.\.\.                                       not infected$'
Checking `fingerd'...                                       not infected
OK
**** Test for '^Checking `gpm'\.\.\.                                           not infected$'
Checking `gpm'...                                           not infected
OK
**** Test for '^Checking `grep'\.\.\.                                          not infected$'
Checking `grep'...                                          not infected
OK
**** Test for '^Checking `hdparm'\.\.\.                                        not infected$'
Checking `hdparm'...                                        not infected
OK
**** Test for '^Checking `su'\.\.\.                                            not infected$'
Checking `su'...                                            not infected
OK
**** Test for '^Checking `ifconfig'\.\.\.                                      not infected$'
Checking `ifconfig'...                                      not infected
OK
**** Test for '^Checking `inetd'\.\.\.                                         not infected$'
Checking `inetd'...                                         not infected
OK
**** Test for '^Checking `inetdconf'\.\.\.                                     not infected$'
Checking `inetdconf'...                                     not infected
OK
**** Test for '^Checking `identd'\.\.\.                                        not infected$'
Checking `identd'...                                        not infected
OK
**** Test for '^Checking `init'\.\.\.                                          not infected$'
Checking `init'...                                          not infected
OK
**** Test for '^Checking `killall'\.\.\.                                       not infected$'
Checking `killall'...                                       not infected
OK
**** Test for '^Checking `ldsopreload'\.\.\.                                   not infected$'
Checking `ldsopreload'...                                   not infected
OK
**** Test for '^Checking `login'\.\.\.                                         not infected$'
Checking `login'...                                         not infected
OK
**** Test for '^Checking `ls'\.\.\.                                            not infected$'
Checking `ls'...                                            not infected
OK
**** Test for '^Checking `lsof'\.\.\.                                          not infected$'
Checking `lsof'...                                          not infected
OK
**** Test for '^Checking `mail'\.\.\.                                          not infected$'
Checking `mail'...                                          not infected
OK
**** Test for '^Checking `mingetty'\.\.\.                                      not infected$'
Checking `mingetty'...                                      not infected
OK
**** Test for '^Checking `netstat'\.\.\.                                       not infected$'
Checking `netstat'...                                       not infected
OK
**** Test for '^Checking `named'\.\.\.                                         not infected$'
Checking `named'...                                         not infected
OK
**** Test for '^Checking `passwd'\.\.\.                                        not infected$'
Checking `passwd'...                                        not infected
OK
**** Test for '^Checking `pidof'\.\.\.                                         not infected$'
Checking `pidof'...                                         not infected
OK
**** Test for '^Checking `pop2'\.\.\.                                          not infected$'
Checking `pop2'...                                          not infected
OK
**** Test for '^Checking `pop3'\.\.\.                                          not infected$'
Checking `pop3'...                                          not infected
OK
**** Test for '^Checking `ps'\.\.\.                                            not infected$'
Checking `ps'...                                            not infected
OK
**** Test for '^Checking `pstree'\.\.\.                                        not infected$'
Checking `pstree'...                                        not infected
OK
**** Test for '^Checking `rpcinfo'\.\.\.                                       not infected$'
Checking `rpcinfo'...                                       not infected
OK
**** Test for '^Checking `rlogind'\.\.\.                                       not infected$'
Checking `rlogind'...                                       not infected
OK
**** Test for '^Checking `rshd'\.\.\.                                          not infected$'
Checking `rshd'...                                          not infected
OK
**** Test for '^Checking `slogin'\.\.\.                                        not infected$'
Checking `slogin'...                                        not infected
OK
**** Test for '^Checking `sendmail'\.\.\.                                      not infected$'
Checking `sendmail'...                                      not infected
OK
**** Test for '^Checking `sshd'\.\.\.                                          not infected$'
Checking `sshd'...                                          not infected
OK
**** Test for '^Checking `syslogd'\.\.\.                                       not infected$'
Checking `syslogd'...                                       not infected
OK
**** Test for '^Checking `tar'\.\.\.                                           not infected$'
Checking `tar'...                                           not infected
OK
**** Test for '^Checking `tcpd'\.\.\.                                          not infected$'
Checking `tcpd'...                                          not infected
OK
**** Test for '^Checking `tcpdump'\.\.\.                                       not infected$'
Checking `tcpdump'...                                       not infected
OK
**** Test for '^Checking `top'\.\.\.                                           not infected$'
Checking `top'...                                           not infected
OK
**** Test for '^Checking `telnetd'\.\.\.                                       not infected$'
Checking `telnetd'...                                       not infected
OK
**** Test for '^Checking `timed'\.\.\.                                         not infected$'
Checking `timed'...                                         not infected
OK
**** Test for '^Checking `traceroute'\.\.\.                                    not infected$'
Checking `traceroute'...                                    not infected
OK
**** Test for '^Checking `vdir'\.\.\.                                          not infected$'
Checking `vdir'...                                          not infected
OK
**** Test for '^Checking `w'\.\.\.                                             not infected$'
Checking `w'...                                             not infected
OK
**** Test for '^Checking `write'\.\.\.                                         not infected$'
Checking `write'...                                         not infected
OK
**** Test for '^Checking `aliens'\.\.\.                                        started$'
Checking `aliens'...                                        started
OK
**** Test for '^Searching for suspicious files in /dev\.\.\.                   not found$'
Searching for suspicious files in /dev...                   not found
OK
**** Test for '^Searching for known suspicious directories\.\.\.               not found$'
Searching for known suspicious directories...               not found
OK
**** Test for '^Searching for known suspicious files\.\.\.                     not found$'
Searching for known suspicious files...                     not found
OK
**** Test for '^Searching for sniffer's logs\.\.\.                             not found$'
Searching for sniffer's logs...                             not found
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\.                         not found$'
Searching for HiDrootkit rootkit...                         not found
OK
**** Test for '^Searching for t0rn rootkit\.\.\.                               not found$'
Searching for t0rn rootkit...                               not found
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\.                     not found$'
Searching for t0rn v8 (or variation)...                     not found
OK
**** Test for '^Searching for Lion rootkit\.\.\.                               not found$'
Searching for Lion rootkit...                               not found
OK
**** Test for '^Searching for RSHA rootkit\.\.\.                               not found$'
Searching for RSHA rootkit...                               not found
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\.                          not found$'
Searching for RH-Sharpe rootkit...                          not found
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\.                      not found$'
Searching for Ambient (ark) rootkit...                      not found
OK
**** Test for '^Searching for suspicious files and dirs\.\.\.                  WARNING$'
Searching for suspicious files and dirs...                  WARNING
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'






OK
**** Test for '^Searching for LPD Worm\.\.\.                                   not found$'
Searching for LPD Worm...                                   not found
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\.                         not found$'
Searching for Ramen Worm rootkit...                         not found
OK
**** Test for '^Searching for Maniac rootkit\.\.\.                             not found$'
Searching for Maniac rootkit...                             not found
OK
**** Test for '^Searching for RK17 rootkit\.\.\.                               not found$'
Searching for RK17 rootkit...                               not found
OK
**** Test for '^Searching for Ducoci rootkit\.\.\.                             not found$'
Searching for Ducoci rootkit...                             not found
OK
**** Test for '^Searching for Adore Worm\.\.\.                                 not found$'
Searching for Adore Worm...                                 not found
OK
**** Test for '^Searching for ShitC Worm\.\.\.                                 not found$'
Searching for ShitC Worm...                                 not found
OK
**** Test for '^Searching for Omega Worm\.\.\.                                 not found$'
Searching for Omega Worm...                                 not found
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\.                           not found$'
Searching for Sadmind/IIS Worm...                           not found
OK
**** Test for '^Searching for MonKit\.\.\.                                     not found$'
Searching for MonKit...                                     not found
OK
**** Test for '^Searching for Showtee rootkit\.\.\.                            not found$'
Searching for Showtee rootkit...                            not found
OK
**** Test for '^Searching for OpticKit\.\.\.                                   not found$'
Searching for OpticKit...                                   not found
OK
**** Test for '^Searching for T\.R\.K\.\.\.                                      not found$'
Searching for T.R.K...                                      not found
OK
**** Test for '^Searching for Mithra rootkit\.\.\.                             not found$'
Searching for Mithra rootkit...                             not found
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\.                            not tested$'
Searching for OBSD rootkit v1...                            not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\.                                not found$'
Searching for LOC rootkit...                                not found
OK
**** Test for '^Searching for Romanian rootkit\.\.\.                           not found$'
Searching for Romanian rootkit...                           not found
OK
**** Test for '^Searching for HKRK rootkit\.\.\.                               not found$'
Searching for HKRK rootkit...                               not found
OK
**** Test for '^Searching for Suckit rootkit\.\.\.                             not found$'
Searching for Suckit rootkit...                             not found
OK
**** Test for '^Searching for Volc rootkit\.\.\.                               not found$'
Searching for Volc rootkit...                               not found
OK
**** Test for '^Searching for Gold2 rootkit\.\.\.                              not found$'
Searching for Gold2 rootkit...                              not found
OK
**** Test for '^Searching for TC2 rootkit\.\.\.                                not found$'
Searching for TC2 rootkit...                                not found
OK
**** Test for '^Searching for Anonoying rootkit\.\.\.                          not found$'
Searching for Anonoying rootkit...                          not found
OK
**** Test for '^Searching for ZK rootkit\.\.\.                                 not found$'
Searching for ZK rootkit...                                 not found
OK
**** Test for '^Searching for ShKit rootkit\.\.\.                              not found$'
Searching for ShKit rootkit...                              not found
OK
**** Test for '^Searching for AjaKit rootkit\.\.\.                             not found$'
Searching for AjaKit rootkit...                             not found
OK
**** Test for '^Searching for zaRwT rootkit\.\.\.                              not found$'
Searching for zaRwT rootkit...                              not found
OK
**** Test for '^Searching for Madalin rootkit\.\.\.                            not found$'
Searching for Madalin rootkit...                            not found
OK
**** Test for '^Searching for Fu rootkit\.\.\.                                 not found$'
Searching for Fu rootkit...                                 not found
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\.                             not found$'
Searching for Kenga3 rootkit...                             not found
OK
**** Test for '^Searching for ESRK rootkit\.\.\.                               not found$'
Searching for ESRK rootkit...                               not found
OK
**** Test for '^Searching for rootedoor\.\.\.                                  not found$'
Searching for rootedoor...                                  not found
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\.                            not found$'
Searching for ENYELKM rootkit...                            not found
OK
**** Test for '^Searching for common ssh-scanners\.\.\.                        not found$'
Searching for common ssh-scanners...                        not found
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\.        (not found|not tested)$'
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\.                            (not found|not tested)$'
Searching for Linux/Ebury 1.6...                            not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\.                       not found$'
Searching for 64-bit Linux Rootkit...                       not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\.               not found$'
Searching for 64-bit Linux Rootkit modules...               not found
OK
**** Test for '^Searching for Mumblehard\.\.\.                                 not found$'
Searching for Mumblehard...                                 not found
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\.                     not found$'
Searching for Backdoor.Linux.Mokes.a...                     not found
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\.                          not found$'
Searching for Malicious TinyDNS...                          not found
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\.                             WARNING$'
Searching for Linux.Xor.DDoS...                             WARNING
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\.                            not found$'
Searching for Linux.Proxy.1.0...                            not found
OK
**** Test for '^Searching for CrossRAT\.\.\.                                   not found$'
Searching for CrossRAT...                                   not found
OK
**** Test for '^Searching for Hidden Cobra\.\.\.                               not found$'
Searching for Hidden Cobra...                               not found
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\.                        not found$'
Searching for Rocke Miner rootkit...                        not found
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\.                        not found$'
Searching for PWNLNX4 lkm rootkit...                        not found
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\.                        not found$'
Searching for PWNLNX6 lkm rootkit...                        not found
OK
**** Test for '^Searching for Umbreon lrk\.\.\.                                not found$'
Searching for Umbreon lrk...                                not found
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\.                 not found$'
Searching for Kinsing.a backdoor rootkit...                 not found
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\.                not found$'
Searching for RotaJakiro backdoor rootkit...                not found
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\.                        not found$'
Searching for Syslogk LKM rootkit...                        not found
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\.                          not tested$'
Searching for Kovid LKM rootkit...                          not tested
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\.               not found$'
Searching for Tsunami DDoS Malware rootkit...               not found
OK
**** Test for '^Searching for Linux BPF Door\.\.\.                             not found$'
Searching for Linux BPF Door...                             not found
OK
**** Test for '^Searching for suspect PHP files\.\.\.                          not found$'
Searching for suspect PHP files...                          not found
OK
**** Test for '^Searching for zero-size shell history files in /root\.\.\.     not found$'
Searching for zero-size shell history files in /root...     not found
OK
**** Test for '^Searching for hardlinked shell history files in /root\.\.\.    not found$'
Searching for hardlinked shell history files in /root...    not found
OK
**** Test for '^Checking `aliens'\.\.\.                                        finished$'
Checking `aliens'...                                        finished
OK
**** Test for '^Checking `asp'\.\.\.                                           not infected$'
Checking `asp'...                                           not infected
OK
**** Test for '^Checking `bindshell'\.\.\.                                     not found$'
Checking `bindshell'...                                     not found
OK
**** Test for '^Checking `lkm'\.\.\.                                           started$'
Checking `lkm'...                                           started
OK
**** Test for '^Searching for Adore LKM\.\.\.                                  not tested$'
Searching for Adore LKM...                                  not tested
OK
**** Test for '^Searching for sebek LKM \(Adore based\)\.\.\.                    not tested$'
Searching for sebek LKM (Adore based)...                    not tested
OK
**** Test for '^Searching for knark LKM rootkit...                          not found$'
Searching for knark LKM rootkit...                          not found
OK
**** Test for '^Searching for for hidden processes with chkproc\.\.\.          not found$'
Searching for for hidden processes with chkproc...          not found
OK
**** Test for '^Searching for for hidden directories using chkdirs\.\.\.'
Searching for for hidden directories using chkdirs...       not found
OK
**** Test for '^Checking `lkm'\.\.\.                                           finished$'
Checking `lkm'...                                           finished
OK
**** Test for '^Checking `rexedcs'\.\.\.                                       not found$'
Checking `rexedcs'...                                       not found
OK
**** Test for '^Checking `sniffer'\.\.\.                                       WARNING$'
<No match (FAIL)>

**** Test for '^WARNING: Output from ifpromisc:$'
<No match (FAIL)>

**** Test for '^lo: not promisc and no packet sniffer sockets$'
<No match (FAIL)>

**** Test for '^Checking `w55808'\.\.\.                                        not found$'
Checking `w55808'...                                        not found
OK
**** Test for '^Checking `wted'\.\.\.                                          not (tested|found)$'
Checking `wted'...                                          not found
OK
**** Test for '^Checking `scalper'\.\.\.                                       not found$'
Checking `scalper'...                                       not found
OK
**** Test for '^Checking `slapper'\.\.\.                                       not found$'
Checking `slapper'...                                       not found
OK
**** Test for '^Checking `z2'\.\.\.                                            not (tested|found)$'
Checking `z2'...                                            not found
OK
**** Test for '^Checking `chkutmp'\.\.\.'
Checking `chkutmp'...                                       not tested
OK
**** Test for '^Checking `OSX_RSPLUG'\.\.\.                                    not tested$'
Checking `OSX_RSPLUG'...                                    not tested
OK
**** Test for '^--- \[ END: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ END: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^To create this file containing all output from today's run, do \(as root\)$'
To create this file containing all output from today's run, do (as root)
OK
**** Test for '^# cp -a /var/log/chkrootkit/log\.today /var/log/chkrootkit/log\.expected$'
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^# \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** FAIL: Testing: cron-with-diff-mode-01-full (chkrootkit-daily) done: FAIL
*** FAIL was with config set to:
RUN_DAILY=true
DIFF_MODE=true
MAILTO=''

*** Reason(s) for failure follows
Result: FAIL

Missing: ^Checking `sniffer'\.\.\.                                       WARNING$
Missing: ^WARNING: Output from ifpromisc:$
Missing: ^lo: not promisc and no packet sniffer sockets$
*** Raw output of chkrootkit-daily follows
-rw-r--r-- 1 root root 21K Jan 17 00:33 /var/log/chkrootkit/chkrootkit-daily.log
No file /var/log/chkrootkit/log.expected
This file should contain expected output from chkrootkit

Today's run produced the following output:
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        started
Searching for suspicious files in /dev...                   not found
Searching for known suspicious directories...               not found
Searching for known suspicious files...                     not found
Searching for sniffer's logs...                             not found
Searching for HiDrootkit rootkit...                         not found
Searching for t0rn rootkit...                               not found
Searching for t0rn v8 (or variation)...                     not found
Searching for Lion rootkit...                               not found
Searching for RSHA rootkit...                               not found
Searching for RH-Sharpe rootkit...                          not found
Searching for Ambient (ark) rootkit...                      not found
Searching for suspicious files and dirs...                  WARNING

WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

Searching for LPD Worm...                                   not found
Searching for Ramen Worm rootkit...                         not found
Searching for Maniac rootkit...                             not found
Searching for RK17 rootkit...                               not found
Searching for Ducoci rootkit...                             not found
Searching for Adore Worm...                                 not found
Searching for ShitC Worm...                                 not found
Searching for Omega Worm...                                 not found
Searching for Sadmind/IIS Worm...                           not found
Searching for MonKit...                                     not found
Searching for Showtee rootkit...                            not found
Searching for OpticKit...                                   not found
Searching for T.R.K...                                      not found
Searching for Mithra rootkit...                             not found
Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                not found
Searching for Romanian rootkit...                           not found
Searching for HKRK rootkit...                               not found
Searching for Suckit rootkit...                             not found
Searching for Volc rootkit...                               not found
Searching for Gold2 rootkit...                              not found
Searching for TC2 rootkit...                                not found
Searching for Anonoying rootkit...                          not found
Searching for ZK rootkit...                                 not found
Searching for ShKit rootkit...                              not found
Searching for AjaKit rootkit...                             not found
Searching for zaRwT rootkit...                              not found
Searching for Madalin rootkit...                            not found
Searching for Fu rootkit...                                 not found
Searching for Kenga3 rootkit...                             not found
Searching for ESRK rootkit...                               not found
Searching for rootedoor...                                  not found
Searching for ENYELKM rootkit...                            not found
Searching for common ssh-scanners...                        not found
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
Searching for Linux/Ebury 1.6...                            not found
Searching for 64-bit Linux Rootkit...                       not found
Searching for 64-bit Linux Rootkit modules...               not found
Searching for Mumblehard...                                 not found
Searching for Backdoor.Linux.Mokes.a...                     not found
Searching for Malicious TinyDNS...                          not found
Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

Searching for Linux.Proxy.1.0...                            not found
Searching for CrossRAT...                                   not found
Searching for Hidden Cobra...                               not found
Searching for Rocke Miner rootkit...                        not found
Searching for PWNLNX4 lkm rootkit...                        not found
Searching for PWNLNX6 lkm rootkit...                        not found
Searching for Umbreon lrk...                                not found
Searching for Kinsing.a backdoor rootkit...                 not found
Searching for RotaJakiro backdoor rootkit...                not found
Searching for Syslogk LKM rootkit...                        not found
Searching for Kovid LKM rootkit...                          not tested
Searching for Tsunami DDoS Malware rootkit...               not found
Searching for Linux BPF Door...                             not found
Searching for suspect PHP files...                          not found
Searching for zero-size shell history files in /root...     not found
Searching for hardlinked shell history files in /root...    not found
Checking `aliens'...                                        finished
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not found
Checking `lkm'...                                           started
Searching for Adore LKM...                                  not tested
Searching for sebek LKM (Adore based)...                    not tested
Searching for knark LKM rootkit...                          not found
Searching for for hidden processes with chkproc...          not found
Searching for for hidden directories using chkdirs...       not found
Checking `lkm'...                                           finished
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       not found
Checking `w55808'...                                        not found
Checking `wted'...                                          not found
Checking `scalper'...                                       not found
Checking `slapper'...                                       not found
Checking `z2'...                                            not found
Checking `chkutmp'...                                       not tested
Checking `OSX_RSPLUG'...                                    not tested
--- [ END: cat /var/log/chkrootkit/log.today ] ---

To create this file containing all output from today's run, do (as root)
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
*** Raw output of chkrootkit follows
-rw-r--r-- 1 root root 21K Jan 17 00:33 /var/log/chkrootkit/log.today.raw
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        started
Searching for suspicious files in /dev...                   not found
Searching for known suspicious directories...               not found
Searching for known suspicious files...                     not found
Searching for sniffer's logs...                             not found
Searching for HiDrootkit rootkit...                         not found
Searching for t0rn rootkit...                               not found
Searching for t0rn v8 (or variation)...                     not found
Searching for Lion rootkit...                               not found
Searching for RSHA rootkit...                               not found
Searching for RH-Sharpe rootkit...                          not found
Searching for Ambient (ark) rootkit...                      not found
Searching for suspicious files and dirs...                  WARNING

WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

Searching for LPD Worm...                                   not found
Searching for Ramen Worm rootkit...                         not found
Searching for Maniac rootkit...                             not found
Searching for RK17 rootkit...                               not found
Searching for Ducoci rootkit...                             not found
Searching for Adore Worm...                                 not found
Searching for ShitC Worm...                                 not found
Searching for Omega Worm...                                 not found
Searching for Sadmind/IIS Worm...                           not found
Searching for MonKit...                                     not found
Searching for Showtee rootkit...                            not found
Searching for OpticKit...                                   not found
Searching for T.R.K...                                      not found
Searching for Mithra rootkit...                             not found
Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                not found
Searching for Romanian rootkit...                           not found
Searching for HKRK rootkit...                               not found
Searching for Suckit rootkit...                             not found
Searching for Volc rootkit...                               not found
Searching for Gold2 rootkit...                              not found
Searching for TC2 rootkit...                                not found
Searching for Anonoying rootkit...                          not found
Searching for ZK rootkit...                                 not found
Searching for ShKit rootkit...                              not found
Searching for AjaKit rootkit...                             not found
Searching for zaRwT rootkit...                              not found
Searching for Madalin rootkit...                            not found
Searching for Fu rootkit...                                 not found
Searching for Kenga3 rootkit...                             not found
Searching for ESRK rootkit...                               not found
Searching for rootedoor...                                  not found
Searching for ENYELKM rootkit...                            not found
Searching for common ssh-scanners...                        not found
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
Searching for Linux/Ebury 1.6...                            not found
Searching for 64-bit Linux Rootkit...                       not found
Searching for 64-bit Linux Rootkit modules...               not found
Searching for Mumblehard...                                 not found
Searching for Backdoor.Linux.Mokes.a...                     not found
Searching for Malicious TinyDNS...                          not found
Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

Searching for Linux.Proxy.1.0...                            not found
Searching for CrossRAT...                                   not found
Searching for Hidden Cobra...                               not found
Searching for Rocke Miner rootkit...                        not found
Searching for PWNLNX4 lkm rootkit...                        not found
Searching for PWNLNX6 lkm rootkit...                        not found
Searching for Umbreon lrk...                                not found
Searching for Kinsing.a backdoor rootkit...                 not found
Searching for RotaJakiro backdoor rootkit...                not found
Searching for Syslogk LKM rootkit...                        not found
Searching for Kovid LKM rootkit...                          not tested
Searching for Tsunami DDoS Malware rootkit...               not found
Searching for Linux BPF Door...                             not found
Searching for suspect PHP files...                          not found
Searching for zero-size shell history files in /root...     not found
Searching for hardlinked shell history files in /root...    not found
Checking `aliens'...                                        finished
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not found
Checking `lkm'...                                           started
Searching for Adore LKM...                                  not tested
Searching for sebek LKM (Adore based)...                    not tested
Searching for knark LKM rootkit...                          not found
Searching for for hidden processes with chkproc...          not found
Searching for for hidden directories using chkdirs...       not found
Checking `lkm'...                                           finished
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       not found
Checking `w55808'...                                        not found
Checking `wted'...                                          not found
Checking `scalper'...                                       not found
Checking `slapper'...                                       not found
Checking `z2'...                                            not found
Checking `chkutmp'...                                       not tested
Checking `OSX_RSPLUG'...                                    not tested
*** Unexpected (unmatched) lines follow (for info):
Checking `sniffer'...                                       not found
** Testing: cron-with-diff-mode-02-full-rerun (chkrootkit-daily) ...
*** Output
No file /var/log/chkrootkit/log.expected
This file should contain expected output from chkrootkit

Today's run produced the following output:
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        started
Searching for suspicious files in /dev...                   not found
Searching for known suspicious directories...               not found
Searching for known suspicious files...                     not found
Searching for sniffer's logs...                             not found
Searching for HiDrootkit rootkit...                         not found
Searching for t0rn rootkit...                               not found
Searching for t0rn v8 (or variation)...                     not found
Searching for Lion rootkit...                               not found
Searching for RSHA rootkit...                               not found
Searching for RH-Sharpe rootkit...                          not found
Searching for Ambient (ark) rootkit...                      not found
Searching for suspicious files and dirs...                  WARNING

WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

Searching for LPD Worm...                                   not found
Searching for Ramen Worm rootkit...                         not found
Searching for Maniac rootkit...                             not found
Searching for RK17 rootkit...                               not found
Searching for Ducoci rootkit...                             not found
Searching for Adore Worm...                                 not found
Searching for ShitC Worm...                                 not found
Searching for Omega Worm...                                 not found
Searching for Sadmind/IIS Worm...                           not found
Searching for MonKit...                                     not found
Searching for Showtee rootkit...                            not found
Searching for OpticKit...                                   not found
Searching for T.R.K...                                      not found
Searching for Mithra rootkit...                             not found
Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                not found
Searching for Romanian rootkit...                           not found
Searching for HKRK rootkit...                               not found
Searching for Suckit rootkit...                             not found
Searching for Volc rootkit...                               not found
Searching for Gold2 rootkit...                              not found
Searching for TC2 rootkit...                                not found
Searching for Anonoying rootkit...                          not found
Searching for ZK rootkit...                                 not found
Searching for ShKit rootkit...                              not found
Searching for AjaKit rootkit...                             not found
Searching for zaRwT rootkit...                              not found
Searching for Madalin rootkit...                            not found
Searching for Fu rootkit...                                 not found
Searching for Kenga3 rootkit...                             not found
Searching for ESRK rootkit...                               not found
Searching for rootedoor...                                  not found
Searching for ENYELKM rootkit...                            not found
Searching for common ssh-scanners...                        not found
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
Searching for Linux/Ebury 1.6...                            not found
Searching for 64-bit Linux Rootkit...                       not found
Searching for 64-bit Linux Rootkit modules...               not found
Searching for Mumblehard...                                 not found
Searching for Backdoor.Linux.Mokes.a...                     not found
Searching for Malicious TinyDNS...                          not found
Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

Searching for Linux.Proxy.1.0...                            not found
Searching for CrossRAT...                                   not found
Searching for Hidden Cobra...                               not found
Searching for Rocke Miner rootkit...                        not found
Searching for PWNLNX4 lkm rootkit...                        not found
Searching for PWNLNX6 lkm rootkit...                        not found
Searching for Umbreon lrk...                                not found
Searching for Kinsing.a backdoor rootkit...                 not found
Searching for RotaJakiro backdoor rootkit...                not found
Searching for Syslogk LKM rootkit...                        not found
Searching for Kovid LKM rootkit...                          not tested
Searching for Tsunami DDoS Malware rootkit...               not found
Searching for Linux BPF Door...                             not found
Searching for suspect PHP files...                          not found
Searching for zero-size shell history files in /root...     not found
Searching for hardlinked shell history files in /root...    not found
Checking `aliens'...                                        finished
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not found
Checking `lkm'...                                           started
Searching for Adore LKM...                                  not tested
Searching for sebek LKM (Adore based)...                    not tested
Searching for knark LKM rootkit...                          not found
Searching for for hidden processes with chkproc...          not found
Searching for for hidden directories using chkdirs...       not found
Checking `lkm'...                                           finished
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       not found
Checking `w55808'...                                        not found
Checking `wted'...                                          not found
Checking `scalper'...                                       not found
Checking `slapper'...                                       not found
Checking `z2'...                                            not found
Checking `chkutmp'...                                       not tested
Checking `OSX_RSPLUG'...                                    not tested
--- [ END: cat /var/log/chkrootkit/log.today ] ---

To create this file containing all output from today's run, do (as root)
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 80K
drwxr-xr-x 2 root root 4.0K Jan 17 00:32 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root  21K Jan 17 00:33 chkrootkit-daily.log
-rw-r--r-- 1 root root  21K Jan 17 00:33 log.today
-rw-r--r-- 1 root root  21K Jan 17 00:33 log.today.raw
*** Test of content of output follows...
**** Test for '^No file /var/log/chkrootkit/log\.expected$'
No file /var/log/chkrootkit/log.expected
OK
**** Test for '^This file should contain expected output from chkrootkit$'
This file should contain expected output from chkrootkit
OK
**** Test for '^$'






OK
**** Test for '^Today's run produced the following output:$'
Today's run produced the following output:
OK
**** Test for '^--- \[ BEGIN: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `amd'\.\.\.                                           not infected$'
Checking `amd'...                                           not infected
OK
**** Test for '^Checking `basename'\.\.\.                                      not infected$'
Checking `basename'...                                      not infected
OK
**** Test for '^Checking `biff'\.\.\.                                          not infected$'
Checking `biff'...                                          not infected
OK
**** Test for '^Checking `chfn'\.\.\.                                          not infected$'
Checking `chfn'...                                          not infected
OK
**** Test for '^Checking `chsh'\.\.\.                                          not infected$'
Checking `chsh'...                                          not infected
OK
**** Test for '^Checking `cron'\.\.\.                                          not infected$'
Checking `cron'...                                          not infected
OK
**** Test for '^Checking `crontab'\.\.\.                                       not infected$'
Checking `crontab'...                                       not infected
OK
**** Test for '^Checking `date'\.\.\.                                          not infected$'
Checking `date'...                                          not infected
OK
**** Test for '^Checking `du'\.\.\.                                            not infected$'
Checking `du'...                                            not infected
OK
**** Test for '^Checking `dirname'\.\.\.                                       not infected$'
Checking `dirname'...                                       not infected
OK
**** Test for '^Checking `echo'\.\.\.                                          not infected$'
Checking `echo'...                                          not infected
OK
**** Test for '^Checking `egrep'\.\.\.                                         not infected$'
Checking `egrep'...                                         not infected
OK
**** Test for '^Checking `env'\.\.\.                                           not infected$'
Checking `env'...                                           not infected
OK
**** Test for '^Checking `find'\.\.\.                                          not infected$'
Checking `find'...                                          not infected
OK
**** Test for '^Checking `fingerd'\.\.\.                                       not infected$'
Checking `fingerd'...                                       not infected
OK
**** Test for '^Checking `gpm'\.\.\.                                           not infected$'
Checking `gpm'...                                           not infected
OK
**** Test for '^Checking `grep'\.\.\.                                          not infected$'
Checking `grep'...                                          not infected
OK
**** Test for '^Checking `hdparm'\.\.\.                                        not infected$'
Checking `hdparm'...                                        not infected
OK
**** Test for '^Checking `su'\.\.\.                                            not infected$'
Checking `su'...                                            not infected
OK
**** Test for '^Checking `ifconfig'\.\.\.                                      not infected$'
Checking `ifconfig'...                                      not infected
OK
**** Test for '^Checking `inetd'\.\.\.                                         not infected$'
Checking `inetd'...                                         not infected
OK
**** Test for '^Checking `inetdconf'\.\.\.                                     not infected$'
Checking `inetdconf'...                                     not infected
OK
**** Test for '^Checking `identd'\.\.\.                                        not infected$'
Checking `identd'...                                        not infected
OK
**** Test for '^Checking `init'\.\.\.                                          not infected$'
Checking `init'...                                          not infected
OK
**** Test for '^Checking `killall'\.\.\.                                       not infected$'
Checking `killall'...                                       not infected
OK
**** Test for '^Checking `ldsopreload'\.\.\.                                   not infected$'
Checking `ldsopreload'...                                   not infected
OK
**** Test for '^Checking `login'\.\.\.                                         not infected$'
Checking `login'...                                         not infected
OK
**** Test for '^Checking `ls'\.\.\.                                            not infected$'
Checking `ls'...                                            not infected
OK
**** Test for '^Checking `lsof'\.\.\.                                          not infected$'
Checking `lsof'...                                          not infected
OK
**** Test for '^Checking `mail'\.\.\.                                          not infected$'
Checking `mail'...                                          not infected
OK
**** Test for '^Checking `mingetty'\.\.\.                                      not infected$'
Checking `mingetty'...                                      not infected
OK
**** Test for '^Checking `netstat'\.\.\.                                       not infected$'
Checking `netstat'...                                       not infected
OK
**** Test for '^Checking `named'\.\.\.                                         not infected$'
Checking `named'...                                         not infected
OK
**** Test for '^Checking `passwd'\.\.\.                                        not infected$'
Checking `passwd'...                                        not infected
OK
**** Test for '^Checking `pidof'\.\.\.                                         not infected$'
Checking `pidof'...                                         not infected
OK
**** Test for '^Checking `pop2'\.\.\.                                          not infected$'
Checking `pop2'...                                          not infected
OK
**** Test for '^Checking `pop3'\.\.\.                                          not infected$'
Checking `pop3'...                                          not infected
OK
**** Test for '^Checking `ps'\.\.\.                                            not infected$'
Checking `ps'...                                            not infected
OK
**** Test for '^Checking `pstree'\.\.\.                                        not infected$'
Checking `pstree'...                                        not infected
OK
**** Test for '^Checking `rpcinfo'\.\.\.                                       not infected$'
Checking `rpcinfo'...                                       not infected
OK
**** Test for '^Checking `rlogind'\.\.\.                                       not infected$'
Checking `rlogind'...                                       not infected
OK
**** Test for '^Checking `rshd'\.\.\.                                          not infected$'
Checking `rshd'...                                          not infected
OK
**** Test for '^Checking `slogin'\.\.\.                                        not infected$'
Checking `slogin'...                                        not infected
OK
**** Test for '^Checking `sendmail'\.\.\.                                      not infected$'
Checking `sendmail'...                                      not infected
OK
**** Test for '^Checking `sshd'\.\.\.                                          not infected$'
Checking `sshd'...                                          not infected
OK
**** Test for '^Checking `syslogd'\.\.\.                                       not infected$'
Checking `syslogd'...                                       not infected
OK
**** Test for '^Checking `tar'\.\.\.                                           not infected$'
Checking `tar'...                                           not infected
OK
**** Test for '^Checking `tcpd'\.\.\.                                          not infected$'
Checking `tcpd'...                                          not infected
OK
**** Test for '^Checking `tcpdump'\.\.\.                                       not infected$'
Checking `tcpdump'...                                       not infected
OK
**** Test for '^Checking `top'\.\.\.                                           not infected$'
Checking `top'...                                           not infected
OK
**** Test for '^Checking `telnetd'\.\.\.                                       not infected$'
Checking `telnetd'...                                       not infected
OK
**** Test for '^Checking `timed'\.\.\.                                         not infected$'
Checking `timed'...                                         not infected
OK
**** Test for '^Checking `traceroute'\.\.\.                                    not infected$'
Checking `traceroute'...                                    not infected
OK
**** Test for '^Checking `vdir'\.\.\.                                          not infected$'
Checking `vdir'...                                          not infected
OK
**** Test for '^Checking `w'\.\.\.                                             not infected$'
Checking `w'...                                             not infected
OK
**** Test for '^Checking `write'\.\.\.                                         not infected$'
Checking `write'...                                         not infected
OK
**** Test for '^Checking `aliens'\.\.\.                                        started$'
Checking `aliens'...                                        started
OK
**** Test for '^Searching for suspicious files in /dev\.\.\.                   not found$'
Searching for suspicious files in /dev...                   not found
OK
**** Test for '^Searching for known suspicious directories\.\.\.               not found$'
Searching for known suspicious directories...               not found
OK
**** Test for '^Searching for known suspicious files\.\.\.                     not found$'
Searching for known suspicious files...                     not found
OK
**** Test for '^Searching for sniffer's logs\.\.\.                             not found$'
Searching for sniffer's logs...                             not found
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\.                         not found$'
Searching for HiDrootkit rootkit...                         not found
OK
**** Test for '^Searching for t0rn rootkit\.\.\.                               not found$'
Searching for t0rn rootkit...                               not found
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\.                     not found$'
Searching for t0rn v8 (or variation)...                     not found
OK
**** Test for '^Searching for Lion rootkit\.\.\.                               not found$'
Searching for Lion rootkit...                               not found
OK
**** Test for '^Searching for RSHA rootkit\.\.\.                               not found$'
Searching for RSHA rootkit...                               not found
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\.                          not found$'
Searching for RH-Sharpe rootkit...                          not found
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\.                      not found$'
Searching for Ambient (ark) rootkit...                      not found
OK
**** Test for '^Searching for suspicious files and dirs\.\.\.                  WARNING$'
Searching for suspicious files and dirs...                  WARNING
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'






OK
**** Test for '^Searching for LPD Worm\.\.\.                                   not found$'
Searching for LPD Worm...                                   not found
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\.                         not found$'
Searching for Ramen Worm rootkit...                         not found
OK
**** Test for '^Searching for Maniac rootkit\.\.\.                             not found$'
Searching for Maniac rootkit...                             not found
OK
**** Test for '^Searching for RK17 rootkit\.\.\.                               not found$'
Searching for RK17 rootkit...                               not found
OK
**** Test for '^Searching for Ducoci rootkit\.\.\.                             not found$'
Searching for Ducoci rootkit...                             not found
OK
**** Test for '^Searching for Adore Worm\.\.\.                                 not found$'
Searching for Adore Worm...                                 not found
OK
**** Test for '^Searching for ShitC Worm\.\.\.                                 not found$'
Searching for ShitC Worm...                                 not found
OK
**** Test for '^Searching for Omega Worm\.\.\.                                 not found$'
Searching for Omega Worm...                                 not found
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\.                           not found$'
Searching for Sadmind/IIS Worm...                           not found
OK
**** Test for '^Searching for MonKit\.\.\.                                     not found$'
Searching for MonKit...                                     not found
OK
**** Test for '^Searching for Showtee rootkit\.\.\.                            not found$'
Searching for Showtee rootkit...                            not found
OK
**** Test for '^Searching for OpticKit\.\.\.                                   not found$'
Searching for OpticKit...                                   not found
OK
**** Test for '^Searching for T\.R\.K\.\.\.                                      not found$'
Searching for T.R.K...                                      not found
OK
**** Test for '^Searching for Mithra rootkit\.\.\.                             not found$'
Searching for Mithra rootkit...                             not found
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\.                            not tested$'
Searching for OBSD rootkit v1...                            not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\.                                not found$'
Searching for LOC rootkit...                                not found
OK
**** Test for '^Searching for Romanian rootkit\.\.\.                           not found$'
Searching for Romanian rootkit...                           not found
OK
**** Test for '^Searching for HKRK rootkit\.\.\.                               not found$'
Searching for HKRK rootkit...                               not found
OK
**** Test for '^Searching for Suckit rootkit\.\.\.                             not found$'
Searching for Suckit rootkit...                             not found
OK
**** Test for '^Searching for Volc rootkit\.\.\.                               not found$'
Searching for Volc rootkit...                               not found
OK
**** Test for '^Searching for Gold2 rootkit\.\.\.                              not found$'
Searching for Gold2 rootkit...                              not found
OK
**** Test for '^Searching for TC2 rootkit\.\.\.                                not found$'
Searching for TC2 rootkit...                                not found
OK
**** Test for '^Searching for Anonoying rootkit\.\.\.                          not found$'
Searching for Anonoying rootkit...                          not found
OK
**** Test for '^Searching for ZK rootkit\.\.\.                                 not found$'
Searching for ZK rootkit...                                 not found
OK
**** Test for '^Searching for ShKit rootkit\.\.\.                              not found$'
Searching for ShKit rootkit...                              not found
OK
**** Test for '^Searching for AjaKit rootkit\.\.\.                             not found$'
Searching for AjaKit rootkit...                             not found
OK
**** Test for '^Searching for zaRwT rootkit\.\.\.                              not found$'
Searching for zaRwT rootkit...                              not found
OK
**** Test for '^Searching for Madalin rootkit\.\.\.                            not found$'
Searching for Madalin rootkit...                            not found
OK
**** Test for '^Searching for Fu rootkit\.\.\.                                 not found$'
Searching for Fu rootkit...                                 not found
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\.                             not found$'
Searching for Kenga3 rootkit...                             not found
OK
**** Test for '^Searching for ESRK rootkit\.\.\.                               not found$'
Searching for ESRK rootkit...                               not found
OK
**** Test for '^Searching for rootedoor\.\.\.                                  not found$'
Searching for rootedoor...                                  not found
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\.                            not found$'
Searching for ENYELKM rootkit...                            not found
OK
**** Test for '^Searching for common ssh-scanners\.\.\.                        not found$'
Searching for common ssh-scanners...                        not found
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\.        (not found|not tested)$'
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\.                            (not found|not tested)$'
Searching for Linux/Ebury 1.6...                            not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\.                       not found$'
Searching for 64-bit Linux Rootkit...                       not found
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\.               not found$'
Searching for 64-bit Linux Rootkit modules...               not found
OK
**** Test for '^Searching for Mumblehard\.\.\.                                 not found$'
Searching for Mumblehard...                                 not found
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\.                     not found$'
Searching for Backdoor.Linux.Mokes.a...                     not found
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\.                          not found$'
Searching for Malicious TinyDNS...                          not found
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\.                             WARNING$'
Searching for Linux.Xor.DDoS...                             WARNING
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\.                            not found$'
Searching for Linux.Proxy.1.0...                            not found
OK
**** Test for '^Searching for CrossRAT\.\.\.                                   not found$'
Searching for CrossRAT...                                   not found
OK
**** Test for '^Searching for Hidden Cobra\.\.\.                               not found$'
Searching for Hidden Cobra...                               not found
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\.                        not found$'
Searching for Rocke Miner rootkit...                        not found
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\.                        not found$'
Searching for PWNLNX4 lkm rootkit...                        not found
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\.                        not found$'
Searching for PWNLNX6 lkm rootkit...                        not found
OK
**** Test for '^Searching for Umbreon lrk\.\.\.                                not found$'
Searching for Umbreon lrk...                                not found
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\.                 not found$'
Searching for Kinsing.a backdoor rootkit...                 not found
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\.                not found$'
Searching for RotaJakiro backdoor rootkit...                not found
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\.                        not found$'
Searching for Syslogk LKM rootkit...                        not found
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\.                          not tested$'
Searching for Kovid LKM rootkit...                          not tested
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\.               not found$'
Searching for Tsunami DDoS Malware rootkit...               not found
OK
**** Test for '^Searching for Linux BPF Door\.\.\.                             not found$'
Searching for Linux BPF Door...                             not found
OK
**** Test for '^Searching for suspect PHP files\.\.\.                          not found$'
Searching for suspect PHP files...                          not found
OK
**** Test for '^Searching for zero-size shell history files in /root\.\.\.     not found$'
Searching for zero-size shell history files in /root...     not found
OK
**** Test for '^Searching for hardlinked shell history files in /root\.\.\.    not found$'
Searching for hardlinked shell history files in /root...    not found
OK
**** Test for '^Checking `aliens'\.\.\.                                        finished$'
Checking `aliens'...                                        finished
OK
**** Test for '^Checking `asp'\.\.\.                                           not infected$'
Checking `asp'...                                           not infected
OK
**** Test for '^Checking `bindshell'\.\.\.                                     not found$'
Checking `bindshell'...                                     not found
OK
**** Test for '^Checking `lkm'\.\.\.                                           started$'
Checking `lkm'...                                           started
OK
**** Test for '^Searching for Adore LKM\.\.\.                                  not tested$'
Searching for Adore LKM...                                  not tested
OK
**** Test for '^Searching for sebek LKM \(Adore based\)\.\.\.                    not tested$'
Searching for sebek LKM (Adore based)...                    not tested
OK
**** Test for '^Searching for knark LKM rootkit...                          not found$'
Searching for knark LKM rootkit...                          not found
OK
**** Test for '^Searching for for hidden processes with chkproc\.\.\.          not found$'
Searching for for hidden processes with chkproc...          not found
OK
**** Test for '^Searching for for hidden directories using chkdirs\.\.\.'
Searching for for hidden directories using chkdirs...       not found
OK
**** Test for '^Checking `lkm'\.\.\.                                           finished$'
Checking `lkm'...                                           finished
OK
**** Test for '^Checking `rexedcs'\.\.\.                                       not found$'
Checking `rexedcs'...                                       not found
OK
**** Test for '^Checking `sniffer'\.\.\.                                       WARNING$'
<No match (FAIL)>

**** Test for '^WARNING: Output from ifpromisc:$'
<No match (FAIL)>

**** Test for '^lo: not promisc and no packet sniffer sockets$'
<No match (FAIL)>

**** Test for '^Checking `w55808'\.\.\.                                        not found$'
Checking `w55808'...                                        not found
OK
**** Test for '^Checking `wted'\.\.\.                                          not (tested|found)$'
Checking `wted'...                                          not found
OK
**** Test for '^Checking `scalper'\.\.\.                                       not found$'
Checking `scalper'...                                       not found
OK
**** Test for '^Checking `slapper'\.\.\.                                       not found$'
Checking `slapper'...                                       not found
OK
**** Test for '^Checking `z2'\.\.\.                                            not (tested|found)$'
Checking `z2'...                                            not found
OK
**** Test for '^Checking `chkutmp'\.\.\.'
Checking `chkutmp'...                                       not tested
OK
**** Test for '^Checking `OSX_RSPLUG'\.\.\.                                    not tested$'
Checking `OSX_RSPLUG'...                                    not tested
OK
**** Test for '^--- \[ END: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ END: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^To create this file containing all output from today's run, do \(as root\)$'
To create this file containing all output from today's run, do (as root)
OK
**** Test for '^# cp -a /var/log/chkrootkit/log\.today /var/log/chkrootkit/log\.expected$'
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^# \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** FAIL: Testing: cron-with-diff-mode-02-full-rerun (chkrootkit-daily) done: FAIL
*** FAIL was with config set to:
RUN_DAILY=true
DIFF_MODE=true
MAILTO=''

*** Reason(s) for failure follows
Result: FAIL

Missing: ^Checking `sniffer'\.\.\.                                       WARNING$
Missing: ^WARNING: Output from ifpromisc:$
Missing: ^lo: not promisc and no packet sniffer sockets$
*** Raw output of chkrootkit-daily follows
-rw-r--r-- 1 root root 21K Jan 17 00:33 /var/log/chkrootkit/chkrootkit-daily.log
No file /var/log/chkrootkit/log.expected
This file should contain expected output from chkrootkit

Today's run produced the following output:
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        started
Searching for suspicious files in /dev...                   not found
Searching for known suspicious directories...               not found
Searching for known suspicious files...                     not found
Searching for sniffer's logs...                             not found
Searching for HiDrootkit rootkit...                         not found
Searching for t0rn rootkit...                               not found
Searching for t0rn v8 (or variation)...                     not found
Searching for Lion rootkit...                               not found
Searching for RSHA rootkit...                               not found
Searching for RH-Sharpe rootkit...                          not found
Searching for Ambient (ark) rootkit...                      not found
Searching for suspicious files and dirs...                  WARNING

WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

Searching for LPD Worm...                                   not found
Searching for Ramen Worm rootkit...                         not found
Searching for Maniac rootkit...                             not found
Searching for RK17 rootkit...                               not found
Searching for Ducoci rootkit...                             not found
Searching for Adore Worm...                                 not found
Searching for ShitC Worm...                                 not found
Searching for Omega Worm...                                 not found
Searching for Sadmind/IIS Worm...                           not found
Searching for MonKit...                                     not found
Searching for Showtee rootkit...                            not found
Searching for OpticKit...                                   not found
Searching for T.R.K...                                      not found
Searching for Mithra rootkit...                             not found
Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                not found
Searching for Romanian rootkit...                           not found
Searching for HKRK rootkit...                               not found
Searching for Suckit rootkit...                             not found
Searching for Volc rootkit...                               not found
Searching for Gold2 rootkit...                              not found
Searching for TC2 rootkit...                                not found
Searching for Anonoying rootkit...                          not found
Searching for ZK rootkit...                                 not found
Searching for ShKit rootkit...                              not found
Searching for AjaKit rootkit...                             not found
Searching for zaRwT rootkit...                              not found
Searching for Madalin rootkit...                            not found
Searching for Fu rootkit...                                 not found
Searching for Kenga3 rootkit...                             not found
Searching for ESRK rootkit...                               not found
Searching for rootedoor...                                  not found
Searching for ENYELKM rootkit...                            not found
Searching for common ssh-scanners...                        not found
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
Searching for Linux/Ebury 1.6...                            not found
Searching for 64-bit Linux Rootkit...                       not found
Searching for 64-bit Linux Rootkit modules...               not found
Searching for Mumblehard...                                 not found
Searching for Backdoor.Linux.Mokes.a...                     not found
Searching for Malicious TinyDNS...                          not found
Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

Searching for Linux.Proxy.1.0...                            not found
Searching for CrossRAT...                                   not found
Searching for Hidden Cobra...                               not found
Searching for Rocke Miner rootkit...                        not found
Searching for PWNLNX4 lkm rootkit...                        not found
Searching for PWNLNX6 lkm rootkit...                        not found
Searching for Umbreon lrk...                                not found
Searching for Kinsing.a backdoor rootkit...                 not found
Searching for RotaJakiro backdoor rootkit...                not found
Searching for Syslogk LKM rootkit...                        not found
Searching for Kovid LKM rootkit...                          not tested
Searching for Tsunami DDoS Malware rootkit...               not found
Searching for Linux BPF Door...                             not found
Searching for suspect PHP files...                          not found
Searching for zero-size shell history files in /root...     not found
Searching for hardlinked shell history files in /root...    not found
Checking `aliens'...                                        finished
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not found
Checking `lkm'...                                           started
Searching for Adore LKM...                                  not tested
Searching for sebek LKM (Adore based)...                    not tested
Searching for knark LKM rootkit...                          not found
Searching for for hidden processes with chkproc...          not found
Searching for for hidden directories using chkdirs...       not found
Checking `lkm'...                                           finished
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       not found
Checking `w55808'...                                        not found
Checking `wted'...                                          not found
Checking `scalper'...                                       not found
Checking `slapper'...                                       not found
Checking `z2'...                                            not found
Checking `chkutmp'...                                       not tested
Checking `OSX_RSPLUG'...                                    not tested
--- [ END: cat /var/log/chkrootkit/log.today ] ---

To create this file containing all output from today's run, do (as root)
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
*** Raw output of chkrootkit follows
-rw-r--r-- 1 root root 21K Jan 17 00:33 /var/log/chkrootkit/log.today.raw
ROOTDIR is `/'
Checking `amd'...                                           not infected
Checking `basename'...                                      not infected
Checking `biff'...                                          not infected
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not infected
Checking `gpm'...                                           not infected
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not infected
Checking `identd'...                                        not infected
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not infected
Checking `mingetty'...                                      not infected
Checking `netstat'...                                       not infected
Checking `named'...                                         not infected
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not infected
Checking `pop3'...                                          not infected
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not infected
Checking `rlogind'...                                       not infected
Checking `rshd'...                                          not infected
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not infected
Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not infected
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not infected
Checking `timed'...                                         not infected
Checking `traceroute'...                                    not infected
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        started
Searching for suspicious files in /dev...                   not found
Searching for known suspicious directories...               not found
Searching for known suspicious files...                     not found
Searching for sniffer's logs...                             not found
Searching for HiDrootkit rootkit...                         not found
Searching for t0rn rootkit...                               not found
Searching for t0rn v8 (or variation)...                     not found
Searching for Lion rootkit...                               not found
Searching for RSHA rootkit...                               not found
Searching for RH-Sharpe rootkit...                          not found
Searching for Ambient (ark) rootkit...                      not found
Searching for suspicious files and dirs...                  WARNING

WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

Searching for LPD Worm...                                   not found
Searching for Ramen Worm rootkit...                         not found
Searching for Maniac rootkit...                             not found
Searching for RK17 rootkit...                               not found
Searching for Ducoci rootkit...                             not found
Searching for Adore Worm...                                 not found
Searching for ShitC Worm...                                 not found
Searching for Omega Worm...                                 not found
Searching for Sadmind/IIS Worm...                           not found
Searching for MonKit...                                     not found
Searching for Showtee rootkit...                            not found
Searching for OpticKit...                                   not found
Searching for T.R.K...                                      not found
Searching for Mithra rootkit...                             not found
Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                not found
Searching for Romanian rootkit...                           not found
Searching for HKRK rootkit...                               not found
Searching for Suckit rootkit...                             not found
Searching for Volc rootkit...                               not found
Searching for Gold2 rootkit...                              not found
Searching for TC2 rootkit...                                not found
Searching for Anonoying rootkit...                          not found
Searching for ZK rootkit...                                 not found
Searching for ShKit rootkit...                              not found
Searching for AjaKit rootkit...                             not found
Searching for zaRwT rootkit...                              not found
Searching for Madalin rootkit...                            not found
Searching for Fu rootkit...                                 not found
Searching for Kenga3 rootkit...                             not found
Searching for ESRK rootkit...                               not found
Searching for rootedoor...                                  not found
Searching for ENYELKM rootkit...                            not found
Searching for common ssh-scanners...                        not found
Searching for Linux/Ebury 1.4 - Operation Windigo...        not tested
Searching for Linux/Ebury 1.6...                            not found
Searching for 64-bit Linux Rootkit...                       not found
Searching for 64-bit Linux Rootkit modules...               not found
Searching for Mumblehard...                                 not found
Searching for Backdoor.Linux.Mokes.a...                     not found
Searching for Malicious TinyDNS...                          not found
Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

Searching for Linux.Proxy.1.0...                            not found
Searching for CrossRAT...                                   not found
Searching for Hidden Cobra...                               not found
Searching for Rocke Miner rootkit...                        not found
Searching for PWNLNX4 lkm rootkit...                        not found
Searching for PWNLNX6 lkm rootkit...                        not found
Searching for Umbreon lrk...                                not found
Searching for Kinsing.a backdoor rootkit...                 not found
Searching for RotaJakiro backdoor rootkit...                not found
Searching for Syslogk LKM rootkit...                        not found
Searching for Kovid LKM rootkit...                          not tested
Searching for Tsunami DDoS Malware rootkit...               not found
Searching for Linux BPF Door...                             not found
Searching for suspect PHP files...                          not found
Searching for zero-size shell history files in /root...     not found
Searching for hardlinked shell history files in /root...    not found
Checking `aliens'...                                        finished
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not found
Checking `lkm'...                                           started
Searching for Adore LKM...                                  not tested
Searching for sebek LKM (Adore based)...                    not tested
Searching for knark LKM rootkit...                          not found
Searching for for hidden processes with chkproc...          not found
Searching for for hidden directories using chkdirs...       not found
Checking `lkm'...                                           finished
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       not found
Checking `w55808'...                                        not found
Checking `wted'...                                          not found
Checking `scalper'...                                       not found
Checking `slapper'...                                       not found
Checking `z2'...                                            not found
Checking `chkutmp'...                                       not tested
Checking `OSX_RSPLUG'...                                    not tested
*** Unexpected (unmatched) lines follow (for info):
Checking `sniffer'...                                       not found
** Testing: cron-with-diff-mode-03-full-after-update (chkrootkit-daily) ...
*** Output
**** Files in log
total 80K
drwxr-xr-x 2 root root 4.0K Jan 17 00:33 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root    0 Jan 17 00:33 chkrootkit-daily.log
-rw-r--r-- 1 root root  21K Jan 17 00:33 log.expected
-rw-r--r-- 1 root root  21K Jan 17 00:34 log.today
-rw-r--r-- 1 root root  21K Jan 17 00:34 log.today.raw
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS
** PASS: Testing: cron-with-diff-mode-03-full-after-update (chkrootkit-daily) done: PASS
** Testing: cron-with-diff-mode-04-full-no-ionice (chkrootkit-daily) ...
*** Output
**** Files in log
total 80K
drwxr-xr-x 2 root root 4.0K Jan 17 00:33 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root    0 Jan 17 00:34 chkrootkit-daily.log
-rw-r--r-- 1 root root  21K Jan 17 00:33 log.expected
-rw-r--r-- 1 root root  21K Jan 17 00:34 log.today
-rw-r--r-- 1 root root  21K Jan 17 00:34 log.today.raw
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS
** PASS: Testing: cron-with-diff-mode-04-full-no-ionice (chkrootkit-daily) done: PASS
** Testing: cron-with-diff-mode-05-full-filter-and-ignore (chkrootkit-daily) ...
*** Output
chkrootkit output was not as expected.

The difference is:
--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
--- /var/log/chkrootkit/log.expected	2025-01-17 00:33:48.224000000 +0000
+++ /var/log/chkrootkit/log.today	2025-01-17 00:34:30.520000000 +0000
@@ -72,10 +72,9 @@
 WARNING: The following suspicious files and directories were found:
 /usr/lib/.DIR-aaa [Not from a Debian package]
 /usr/lib/...DIR [Not from a Debian package]
-/usr/lib/.aaa [Not from a Debian package]
 /usr/lib/.1DIR [Not from a Debian package]
 /usr/lib/... [Not from a Debian package]
-/usr/lib/.bbb [Not from a Debian package]
+/usr/lib/.bCHANGED-IN-FILTER_
 /usr/lib/.1 [Not from a Debian package]
 
 Searching for LPD Worm...                                   not found
--- [ END: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---

To update the expected output, run (as root)
#  cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 84K
drwxr-xr-x 2 root root 4.0K Jan 17 00:33 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root 1.1K Jan 17 00:34 chkrootkit-daily.log
-rw-r--r-- 1 root root  21K Jan 17 00:33 log.expected
-rw-r--r-- 1 root root  21K Jan 17 00:34 log.today
-rw-r--r-- 1 root root  21K Jan 17 00:34 log.today.raw
*** Test of content of output follows...
**** Test for '^chkrootkit output was not as expected\.$'
chkrootkit output was not as expected.
OK
**** Test for '^$'


OK
**** Test for '^The difference is:$'
The difference is:
OK
**** Test for '^--- \[ BEGIN: diff -u /var/log/chkrootkit/log\.expected /var/log/chkrootkit/log\.today \] ---$'
--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^--- /var/log/chkrootkit/log\.expected'
--- /var/log/chkrootkit/log.expected	2025-01-17 00:33:48.224000000 +0000
OK
**** Test for '^\++ /var/log/chkrootkit/log\.today'
+++ /var/log/chkrootkit/log.today	2025-01-17 00:34:30.520000000 +0000
OK
**** Test for '^@@[@0-9, +-]+$'
@@ -72,10 +72,9 @@
OK
**** Test for '^[[:space:]]'
 WARNING: The following suspicious files and directories were found:
 /usr/lib/.DIR-aaa [Not from a Debian package]
 /usr/lib/...DIR [Not from a Debian package]
 /usr/lib/.1DIR [Not from a Debian package]
 /usr/lib/... [Not from a Debian package]
 /usr/lib/.1 [Not from a Debian package]
 
 Searching for LPD Worm...                                   not found
OK
**** Test for '^-(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
-/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^-(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
-/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^\+(/usr)?/lib/\.bCHANGED-IN-FILTER_$'
+/usr/lib/.bCHANGED-IN-FILTER_
OK
**** Test for '^--- \[ END: diff -u /var/log/chkrootkit/log\.expected /var/log/chkrootkit/log\.today \] ---$'
--- [ END: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^To update the expected output, run \(as root\)$'
To update the expected output, run (as root)
OK
**** Test for '^#  cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log\.expected$'
#  cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^# \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** PASS: Testing: cron-with-diff-mode-05-full-filter-and-ignore (chkrootkit-daily) done: PASS
* Testing: chkrootkit-daily (diff mode, quiet output, no MAILTO)
** Testing: cron-with-diff-mode-06-quiet (chkrootkit-daily) ...
*** Output
No file /var/log/chkrootkit/log.expected
This file should contain expected output from chkrootkit

Today's run produced the following output:
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

--- [ END: cat /var/log/chkrootkit/log.today ] ---

To create this file containing all output from today's run, do (as root)
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 17 00:34 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root  11K Jan 17 00:34 chkrootkit-daily.log
-rw-r--r-- 1 root root  11K Jan 17 00:34 log.today
-rw-r--r-- 1 root root  11K Jan 17 00:34 log.today.raw
*** Test of content of output follows...
**** Test for '^No file /var/log/chkrootkit/log\.expected$'
No file /var/log/chkrootkit/log.expected
OK
**** Test for '^This file should contain expected output from chkrootkit$'
This file should contain expected output from chkrootkit
OK
**** Test for '^$'




OK
**** Test for '^Today's run produced the following output:$'
Today's run produced the following output:
OK
**** Test for '^--- \[ BEGIN: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'




OK
**** Test for '^WARNING: Possible Linux.Xor.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^--- \[ END: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ END: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^To create this file containing all output from today's run, do \(as root\)$'
To create this file containing all output from today's run, do (as root)
OK
**** Test for '^# cp -a /var/log/chkrootkit/log\.today /var/log/chkrootkit/log\.expected$'
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^# \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** PASS: Testing: cron-with-diff-mode-06-quiet (chkrootkit-daily) done: PASS
** Testing: cron-with-diff-mode-07-quiet-rerun (chkrootkit-daily) ...
*** Output
No file /var/log/chkrootkit/log.expected
This file should contain expected output from chkrootkit

Today's run produced the following output:
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

--- [ END: cat /var/log/chkrootkit/log.today ] ---

To create this file containing all output from today's run, do (as root)
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 17 00:34 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root  11K Jan 17 00:34 chkrootkit-daily.log
-rw-r--r-- 1 root root  11K Jan 17 00:34 log.today
-rw-r--r-- 1 root root  11K Jan 17 00:34 log.today.raw
*** Test of content of output follows...
**** Test for '^No file /var/log/chkrootkit/log\.expected$'
No file /var/log/chkrootkit/log.expected
OK
**** Test for '^This file should contain expected output from chkrootkit$'
This file should contain expected output from chkrootkit
OK
**** Test for '^$'




OK
**** Test for '^Today's run produced the following output:$'
Today's run produced the following output:
OK
**** Test for '^--- \[ BEGIN: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^$'




OK
**** Test for '^WARNING: Possible Linux.Xor.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^/tmp/clean/.+$'
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^--- \[ END: cat /var/log/chkrootkit/log\.today \] ---$'
--- [ END: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^To create this file containing all output from today's run, do \(as root\)$'
To create this file containing all output from today's run, do (as root)
OK
**** Test for '^# cp -a /var/log/chkrootkit/log\.today /var/log/chkrootkit/log\.expected$'
# cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^# \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** PASS: Testing: cron-with-diff-mode-07-quiet-rerun (chkrootkit-daily) done: PASS
** Testing: cron-with-diff-mode-08-quiet-after-update (chkrootkit-daily) ...
*** Output
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 17 00:34 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root    0 Jan 17 00:34 chkrootkit-daily.log
-rw-r--r-- 1 root root  11K Jan 17 00:34 log.expected
-rw-r--r-- 1 root root  11K Jan 17 00:35 log.today
-rw-r--r-- 1 root root  11K Jan 17 00:35 log.today.raw
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS
** PASS: Testing: cron-with-diff-mode-08-quiet-after-update (chkrootkit-daily) done: PASS
** Testing: cron-with-diff-mode-09-quiet-filter-and-ignore (chkrootkit-daily) ...
*** Output
chkrootkit output was not as expected.

The difference is:
--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
--- /var/log/chkrootkit/log.expected	2025-01-17 00:34:57.328000000 +0000
+++ /var/log/chkrootkit/log.today	2025-01-17 00:35:24.060000000 +0000
@@ -1,10 +1,8 @@
 WARNING: The following suspicious files and directories were found:
-/usr/lib/.DIR-aaa [Not from a Debian package]
 /usr/lib/...DIR [Not from a Debian package]
-/usr/lib/.aaa [Not from a Debian package]
 /usr/lib/.1DIR [Not from a Debian package]
 /usr/lib/... [Not from a Debian package]
-/usr/lib/.bbb [Not from a Debian package]
+/usr/lib/.bCHANGED-IN-FILTER_
 /usr/lib/.1 [Not from a Debian package]
 
 WARNING: Possible Linux.Xor.DDoS installed:
--- [ END: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---

To update the expected output, run (as root)
#  cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 48K
drwxr-xr-x 2 root root 4.0K Jan 17 00:34 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root 1.1K Jan 17 00:35 chkrootkit-daily.log
-rw-r--r-- 1 root root  11K Jan 17 00:34 log.expected
-rw-r--r-- 1 root root  10K Jan 17 00:35 log.today
-rw-r--r-- 1 root root  11K Jan 17 00:35 log.today.raw
*** Test of content of output follows...
**** Test for '^chkrootkit output was not as expected\.$'
chkrootkit output was not as expected.
OK
**** Test for '^$'


OK
**** Test for '^The difference is:$'
The difference is:
OK
**** Test for '^--- \[ BEGIN: diff -u /var/log/chkrootkit/log\.expected /var/log/chkrootkit/log\.today \] ---'
--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^--- /var/log/chkrootkit/log\.expected'
--- /var/log/chkrootkit/log.expected	2025-01-17 00:34:57.328000000 +0000
OK
**** Test for '^\++ /var/log/chkrootkit/log\.today'
+++ /var/log/chkrootkit/log.today	2025-01-17 00:35:24.060000000 +0000
OK
**** Test for '^@@[0-9, +-]+'
@@ -1,10 +1,8 @@
OK
**** Test for '^[[:space:]]'
 WARNING: The following suspicious files and directories were found:
 /usr/lib/...DIR [Not from a Debian package]
 /usr/lib/.1DIR [Not from a Debian package]
 /usr/lib/... [Not from a Debian package]
 /usr/lib/.1 [Not from a Debian package]
 
 WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^-(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
-/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^-(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
-/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^-(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
-/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^\+(/usr)?/lib/\.bCHANGED-IN-FILTER_$'
+/usr/lib/.bCHANGED-IN-FILTER_
OK
**** Test for '^--- \[ END: diff -u /var/log/chkrootkit/log\.expected /var/log/chkrootkit/log\.today \] ---$'
--- [ END: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^$'


OK
**** Test for '^To update the expected output, run \(as root\)$'
To update the expected output, run (as root)
OK
**** Test for '^#  cp -a -f /var/log/chkrootkit/log\.today /var/log/chkrootkit/log\.expected$'
#  cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^# \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** PASS: Testing: cron-with-diff-mode-09-quiet-filter-and-ignore (chkrootkit-daily) done: PASS
** Testing: cron-with-diff-mode-10-quiet-invalid-filter-is-ignored (chkrootkit-daily) ...
*** Output
Ignoring invalid $FILTER='sed s/this/is/invalid/sed/and/will/be/ignored/with/diff/mode'
chkrootkit output was not as expected.

The difference is:
--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
--- /var/log/chkrootkit/log.expected	2025-01-17 00:34:57.328000000 +0000
+++ /var/log/chkrootkit/log.today	2025-01-17 00:35:38.176000000 +0000
@@ -1,7 +1,5 @@
 WARNING: The following suspicious files and directories were found:
-/usr/lib/.DIR-aaa [Not from a Debian package]
 /usr/lib/...DIR [Not from a Debian package]
-/usr/lib/.aaa [Not from a Debian package]
 /usr/lib/.1DIR [Not from a Debian package]
 /usr/lib/... [Not from a Debian package]
 /usr/lib/.bbb [Not from a Debian package]
--- [ END: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---

To update the expected output, run (as root)
#  cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 48K
drwxr-xr-x 2 root root 4.0K Jan 17 00:34 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root  920 Jan 17 00:35 chkrootkit-daily.log
-rw-r--r-- 1 root root  11K Jan 17 00:34 log.expected
-rw-r--r-- 1 root root  10K Jan 17 00:35 log.today
-rw-r--r-- 1 root root  11K Jan 17 00:35 log.today.raw
*** Test of content of output follows...
**** Test for '^Ignoring invalid \$FILTER='sed s/this/is/invalid/sed/and/will/be/ignored/with/diff/mode'$'
Ignoring invalid $FILTER='sed s/this/is/invalid/sed/and/will/be/ignored/with/diff/mode'
OK
**** Test for '^chkrootkit output was not as expected\.$'
chkrootkit output was not as expected.
OK
**** Test for '^$'


OK
**** Test for '^The difference is:$'
The difference is:
OK
**** Test for '^--- \[ BEGIN: diff -u /var/log/chkrootkit/log\.expected /var/log/chkrootkit/log\.today \] ---$'
--- [ BEGIN: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^--- /var/log/chkrootkit/log\.expected'
--- /var/log/chkrootkit/log.expected	2025-01-17 00:34:57.328000000 +0000
OK
**** Test for '^\++ /var/log/chkrootkit/log\.today'
+++ /var/log/chkrootkit/log.today	2025-01-17 00:35:38.176000000 +0000
OK
**** Test for '^@@[@0-9, +-]+'
@@ -1,7 +1,5 @@
OK
**** Test for '^[[:space:]]'
 WARNING: The following suspicious files and directories were found:
 /usr/lib/...DIR [Not from a Debian package]
 /usr/lib/.1DIR [Not from a Debian package]
 /usr/lib/... [Not from a Debian package]
 /usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^-(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
-/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^-(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
-/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^--- \[ END: diff -u /var/log/chkrootkit/log\.expected /var/log/chkrootkit/log\.today \] ---$'
--- [ END: diff -u /var/log/chkrootkit/log.expected /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^$'


OK
**** Test for '^To update the expected output, run \(as root\)$'
To update the expected output, run (as root)
OK
**** Test for '^#  cp -a -f /var/log/chkrootkit/log\.today /var/log/chkrootkit/log\.expected$'
#  cp -a -f /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^# \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
# (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** PASS: Testing: cron-with-diff-mode-10-quiet-invalid-filter-is-ignored (chkrootkit-daily) done: PASS
* test MAILTO
** Mocking out 'mail' command: /usr/sbin/mail
-rwxr-xr-x 1 root root 69 Jan 17 00:31 /usr/sbin/mail
/usr/sbin/mail:
#!/bin/sh
echo "mail called with $# args:"
for x in "$@"; do
  echo "<$x>"
done
while read -r line; do
  echo "> $line"
done
exit 0
mail called with 4 args:
<test>
<1>
<2>
<3>
> stdin
** Testing: chkrootkit-daily-mail-01 (chkrootkit-daily) ...
*** Output
mail called with 3 args:
<-s>
<[chkrootkit] alert for debusine-worker-amd64-hades-04>
<root>
> No file /var/log/chkrootkit/log.expected
> This file should contain expected output from chkrootkit
> 
> Today's run produced the following output:
> --- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
> WARNING: The following suspicious files and directories were found:
> /usr/lib/.DIR-aaa [Not from a Debian package]
> /usr/lib/...DIR [Not from a Debian package]
> /usr/lib/.aaa [Not from a Debian package]
> /usr/lib/.1DIR [Not from a Debian package]
> /usr/lib/... [Not from a Debian package]
> /usr/lib/.bbb [Not from a Debian package]
> /usr/lib/.1 [Not from a Debian package]
> 
> WARNING: Possible Linux.Xor.DDoS installed:
> /tmp/clean/sed [Not from a Debian package]
> /tmp/clean/dpkg-query [Not from a Debian package]
> /tmp/clean/ss [Not from a Debian package]
> /tmp/clean/awk [Not from a Debian package]
> /tmp/clean/id [Not from a Debian package]
> /tmp/clean/find [Not from a Debian package]
> /tmp/clean/ps [Not from a Debian package]
> /tmp/clean/dirname [Not from a Debian package]
> /tmp/clean/strings [Not from a Debian package]
> /tmp/clean/head [Not from a Debian package]
> /tmp/clean/xargs [Not from a Debian package]
> /tmp/clean/echo [Not from a Debian package]
> /tmp/clean/grep [Not from a Debian package]
> /tmp/clean/ls [Not from a Debian package]
> /tmp/clean/cut [Not from a Debian package]
> /tmp/clean/netstat [Not from a Debian package]
> /tmp/clean/uname [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
> /tmp/test-chkrootkit-false-positive [Not from a Debian package]
> 
> --- [ END: cat /var/log/chkrootkit/log.today ] ---
> 
> To create this file containing all output from today's run, do (as root)
> # cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
> # (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 17 00:35 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root  11K Jan 17 00:35 chkrootkit-daily.log
-rw-r--r-- 1 root root  11K Jan 17 00:35 log.today
-rw-r--r-- 1 root root  11K Jan 17 00:35 log.today.raw
*** Test of content of output follows...
**** Test for '^mail called with 3 args:$'
mail called with 3 args:
OK
**** Test for '^<-s>$'
<-s>
OK
**** Test for '^<\[chkrootkit\] alert for'
<[chkrootkit] alert for debusine-worker-amd64-hades-04>
OK
**** Test for '^<root>$'
<root>
OK
**** Test for '^> No file /var/log/chkrootkit/log\.expected$'
> No file /var/log/chkrootkit/log.expected
OK
**** Test for '^> This file should contain expected output from chkrootkit$'
> This file should contain expected output from chkrootkit
OK
**** Test for '^> $'
> 
> 
> 
> 
OK
**** Test for '^> Today's run produced the following output:$'
> Today's run produced the following output:
OK
**** Test for '^> --- \[ BEGIN: cat /var/log/chkrootkit/log\.today \] ---$'
> --- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^> WARNING: The following suspicious files and directories were found:$'
> WARNING: The following suspicious files and directories were found:
OK
**** Test for '^> (/usr)?/lib/\.1 \[Not from a Debian package\]$'
> /usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.aaa \[Not from a Debian package\]$'
> /usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
> /usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
> /usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.bbb \[Not from a Debian package\]$'
> /usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
> /usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
> /usr/lib/... [Not from a Debian package]
OK
**** Test for '^> $'
> 
> 
> 
> 
OK
**** Test for '^> WARNING: Possible Linux\.Xor\.DDoS installed:$'
> WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^> /tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
> /tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^> /tmp/clean/.+$'
> /tmp/clean/sed [Not from a Debian package]
> /tmp/clean/dpkg-query [Not from a Debian package]
> /tmp/clean/ss [Not from a Debian package]
> /tmp/clean/awk [Not from a Debian package]
> /tmp/clean/id [Not from a Debian package]
> /tmp/clean/find [Not from a Debian package]
> /tmp/clean/ps [Not from a Debian package]
> /tmp/clean/dirname [Not from a Debian package]
> /tmp/clean/strings [Not from a Debian package]
> /tmp/clean/head [Not from a Debian package]
> /tmp/clean/xargs [Not from a Debian package]
> /tmp/clean/echo [Not from a Debian package]
> /tmp/clean/grep [Not from a Debian package]
> /tmp/clean/ls [Not from a Debian package]
> /tmp/clean/cut [Not from a Debian package]
> /tmp/clean/netstat [Not from a Debian package]
> /tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^> --- \[ END: cat /var/log/chkrootkit/log\.today \] ---$'
> --- [ END: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^> To create this file containing all output from today's run, do \(as root\)$'
> To create this file containing all output from today's run, do (as root)
OK
**** Test for '^> # cp -a /var/log/chkrootkit/log\.today /var/log/chkrootkit/log\.expected$'
> # cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^> # \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
> # (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** PASS: Testing: chkrootkit-daily-mail-01 (chkrootkit-daily) done: PASS
** Testing: chkrootkit-daily-mail-02-rerun (chkrootkit-daily) ...
*** Output
mail called with 3 args:
<-s>
<[chkrootkit] alert for debusine-worker-amd64-hades-04>
<root>
> No file /var/log/chkrootkit/log.expected
> This file should contain expected output from chkrootkit
> 
> Today's run produced the following output:
> --- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
> WARNING: The following suspicious files and directories were found:
> /usr/lib/.DIR-aaa [Not from a Debian package]
> /usr/lib/...DIR [Not from a Debian package]
> /usr/lib/.aaa [Not from a Debian package]
> /usr/lib/.1DIR [Not from a Debian package]
> /usr/lib/... [Not from a Debian package]
> /usr/lib/.bbb [Not from a Debian package]
> /usr/lib/.1 [Not from a Debian package]
> 
> WARNING: Possible Linux.Xor.DDoS installed:
> /tmp/clean/sed [Not from a Debian package]
> /tmp/clean/dpkg-query [Not from a Debian package]
> /tmp/clean/ss [Not from a Debian package]
> /tmp/clean/awk [Not from a Debian package]
> /tmp/clean/id [Not from a Debian package]
> /tmp/clean/find [Not from a Debian package]
> /tmp/clean/ps [Not from a Debian package]
> /tmp/clean/dirname [Not from a Debian package]
> /tmp/clean/strings [Not from a Debian package]
> /tmp/clean/head [Not from a Debian package]
> /tmp/clean/xargs [Not from a Debian package]
> /tmp/clean/echo [Not from a Debian package]
> /tmp/clean/grep [Not from a Debian package]
> /tmp/clean/ls [Not from a Debian package]
> /tmp/clean/cut [Not from a Debian package]
> /tmp/clean/netstat [Not from a Debian package]
> /tmp/clean/uname [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
> /tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
> /tmp/test-chkrootkit-false-positive [Not from a Debian package]
> 
> --- [ END: cat /var/log/chkrootkit/log.today ] ---
> 
> To create this file containing all output from today's run, do (as root)
> # cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
> # (note that unedited output is in /var/log/chkrootkit/log.today.raw)
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 17 00:35 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root  11K Jan 17 00:36 chkrootkit-daily.log
-rw-r--r-- 1 root root  11K Jan 17 00:36 log.today
-rw-r--r-- 1 root root  11K Jan 17 00:35 log.today.raw
*** Test of content of output follows...
**** Test for '^mail called with 3 args:$'
mail called with 3 args:
OK
**** Test for '^<-s>$'
<-s>
OK
**** Test for '^<\[chkrootkit\] alert for'
<[chkrootkit] alert for debusine-worker-amd64-hades-04>
OK
**** Test for '^<root>$'
<root>
OK
**** Test for '^> No file /var/log/chkrootkit/log\.expected$'
> No file /var/log/chkrootkit/log.expected
OK
**** Test for '^> This file should contain expected output from chkrootkit$'
> This file should contain expected output from chkrootkit
OK
**** Test for '^> $'
> 
> 
> 
> 
OK
**** Test for '^> Today's run produced the following output:$'
> Today's run produced the following output:
OK
**** Test for '^> --- \[ BEGIN: cat /var/log/chkrootkit/log\.today \] ---$'
> --- [ BEGIN: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^> WARNING: The following suspicious files and directories were found:$'
> WARNING: The following suspicious files and directories were found:
OK
**** Test for '^> (/usr)?/lib/\.1 \[Not from a Debian package\]$'
> /usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.aaa \[Not from a Debian package\]$'
> /usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
> /usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
> /usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.bbb \[Not from a Debian package\]$'
> /usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
> /usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^> (/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
> /usr/lib/... [Not from a Debian package]
OK
**** Test for '^> $'
> 
> 
> 
> 
OK
**** Test for '^> WARNING: Possible Linux\.Xor\.DDoS installed:$'
> WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^> /tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
> /tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^> /tmp/clean/.+$'
> /tmp/clean/sed [Not from a Debian package]
> /tmp/clean/dpkg-query [Not from a Debian package]
> /tmp/clean/ss [Not from a Debian package]
> /tmp/clean/awk [Not from a Debian package]
> /tmp/clean/id [Not from a Debian package]
> /tmp/clean/find [Not from a Debian package]
> /tmp/clean/ps [Not from a Debian package]
> /tmp/clean/dirname [Not from a Debian package]
> /tmp/clean/strings [Not from a Debian package]
> /tmp/clean/head [Not from a Debian package]
> /tmp/clean/xargs [Not from a Debian package]
> /tmp/clean/echo [Not from a Debian package]
> /tmp/clean/grep [Not from a Debian package]
> /tmp/clean/ls [Not from a Debian package]
> /tmp/clean/cut [Not from a Debian package]
> /tmp/clean/netstat [Not from a Debian package]
> /tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^> --- \[ END: cat /var/log/chkrootkit/log\.today \] ---$'
> --- [ END: cat /var/log/chkrootkit/log.today ] ---
OK
**** Test for '^> To create this file containing all output from today's run, do \(as root\)$'
> To create this file containing all output from today's run, do (as root)
OK
**** Test for '^> # cp -a /var/log/chkrootkit/log\.today /var/log/chkrootkit/log\.expected$'
> # cp -a /var/log/chkrootkit/log.today /var/log/chkrootkit/log.expected
OK
**** Test for '^> # \(note that unedited output is in /var/log/chkrootkit/log\.today\.raw\)$'
> # (note that unedited output is in /var/log/chkrootkit/log.today.raw)
OK
** PASS: Testing: chkrootkit-daily-mail-02-rerun (chkrootkit-daily) done: PASS
** Testing: chkrootkit-daily-mail-03-no-diff-means-no-mail (chkrootkit-daily) ...
*** Output
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 17 00:36 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root    0 Jan 17 00:36 chkrootkit-daily.log
-rw-r--r-- 1 root root  11K Jan 17 00:36 log.expected
-rw-r--r-- 1 root root  11K Jan 17 00:36 log.today
-rw-r--r-- 1 root root  11K Jan 17 00:36 log.today.raw
*** Test of content of output follows...
**** Expected is empty, so output should be empty
Output is indeed empty: PASS
** PASS: Testing: chkrootkit-daily-mail-03-no-diff-means-no-mail (chkrootkit-daily) done: PASS
* Test chkrootkit tests report infected files
** setting up false positive 'fake rootkits' for every test
Ensuring amd shows as INFECTED
mv /usr/sbin/amd /usr/sbin/amd.to_replace
/usr/sbin/amd
Ensuring basename shows as INFECTED
mv /usr/bin/basename /usr/bin/basename.to_replace
/usr/bin/basename
Ensuring biff shows as INFECTED
mv /usr/sbin/biff /usr/sbin/biff.to_replace
/usr/sbin/biff
Ensuring chfn shows as INFECTED
mv /usr/bin/chfn /usr/bin/chfn.to_replace
/usr/bin/chfn
Ensuring chsh shows as INFECTED
mv /usr/bin/chsh /usr/bin/chsh.to_replace
/usr/bin/chsh
Ensuring cron shows as INFECTED
mv /usr/sbin/cron /usr/sbin/cron.to_replace
/usr/sbin/cron
Ensuring date shows as INFECTED
mv /usr/bin/date /usr/bin/date.to_replace
/usr/bin/date
Ensuring du shows as INFECTED
mv /usr/bin/du /usr/bin/du.to_replace
/usr/bin/du
Ensuring dirname shows as INFECTED
mv /usr/bin/dirname /usr/bin/dirname.to_replace
/usr/bin/dirname
Ensuring echo shows as INFECTED
mv /usr/bin/echo /usr/bin/echo.to_replace
/usr/bin/echo
Ensuring egrep shows as INFECTED
mv /usr/bin/egrep /usr/bin/egrep.to_replace
/usr/bin/egrep
Ensuring env shows as INFECTED
mv /usr/bin/env /usr/bin/env.to_replace
/usr/bin/env
Ensuring find shows as INFECTED
mv /usr/bin/find /usr/bin/find.to_replace
/usr/bin/find
Ensuring fingerd shows as INFECTED
mv /usr/sbin/fingerd /usr/sbin/fingerd.to_replace
/usr/sbin/fingerd
Ensuring gpm shows as INFECTED
mv /usr/sbin/gpm /usr/sbin/gpm.to_replace
/usr/sbin/gpm
Ensuring grep shows as INFECTED
mv /usr/bin/grep /usr/bin/grep.to_replace
/usr/bin/grep
Ensuring hdparm shows as INFECTED
mv /usr/sbin/hdparm /usr/sbin/hdparm.to_replace
/usr/sbin/hdparm
Ensuring su shows as INFECTED
mv /usr/bin/su /usr/bin/su.to_replace
/usr/bin/su
Ensuring ifconfig shows as INFECTED
mv /usr/sbin/ifconfig /usr/sbin/ifconfig.to_replace
/usr/sbin/ifconfig
Ensuring inetd shows as INFECTED
mv /usr/sbin/inetd /usr/sbin/inetd.to_replace
/usr/sbin/inetd
Ensuring in.identd shows as INFECTED
mv /usr/sbin/in.identd /usr/sbin/in.identd.to_replace
/usr/sbin/in.identd
Ensuring init shows as INFECTED
mv /usr/sbin/init /usr/sbin/init.to_replace
/usr/sbin/init
Ensuring killall shows as INFECTED
mv /usr/sbin/killall /usr/sbin/killall.to_replace
/usr/sbin/killall
Ensuring login shows as INFECTED
mv /usr/bin/login /usr/bin/login.to_replace
/usr/bin/login
Ensuring ls shows as INFECTED
mv /usr/bin/ls /usr/bin/ls.to_replace
/usr/bin/ls
Ensuring lsof shows as INFECTED
mv /usr/sbin/lsof /usr/sbin/lsof.to_replace
/usr/sbin/lsof
Ensuring mail shows as INFECTED
mv /usr/sbin/mail /usr/sbin/mail.to_replace
/usr/sbin/mail
Ensuring mingetty shows as INFECTED
mv /usr/sbin/mingetty /usr/sbin/mingetty.to_replace
/usr/sbin/mingetty
Ensuring netstat shows as INFECTED
mv /usr/bin/netstat /usr/bin/netstat.to_replace
/usr/bin/netstat
Ensuring named shows as INFECTED
mv /usr/sbin/named /usr/sbin/named.to_replace
/usr/sbin/named
Ensuring passwd shows as INFECTED
mv /usr/bin/passwd /usr/bin/passwd.to_replace
/usr/bin/passwd
Ensuring pidof shows as INFECTED
mv /usr/bin/pidof /usr/bin/pidof.to_replace
/usr/sbin/killall5
Ensuring in.pop2d shows as INFECTED
mv /usr/sbin/in.pop2d /usr/sbin/in.pop2d.to_replace
/usr/sbin/in.pop2d
Ensuring in.pop3d shows as INFECTED
mv /usr/sbin/in.pop3d /usr/sbin/in.pop3d.to_replace
/usr/sbin/in.pop3d
Ensuring ps shows as INFECTED
mv /usr/bin/ps /usr/bin/ps.to_replace
/usr/bin/ps
Ensuring pstree shows as INFECTED
mv /usr/sbin/pstree /usr/sbin/pstree.to_replace
/usr/sbin/pstree
Ensuring rpcinfo shows as INFECTED
mv /usr/sbin/rpcinfo /usr/sbin/rpcinfo.to_replace
/usr/sbin/rpcinfo
Ensuring in.rlogind shows as INFECTED
making new: /usr/sbin/in.rlogind
/usr/sbin/in.rlogind
Ensuring slogin shows as INFECTED
mv /usr/sbin/slogin /usr/sbin/slogin.to_replace
/usr/sbin/slogin
Ensuring sendmail shows as INFECTED
mv /usr/sbin/sendmail /usr/sbin/sendmail.to_replace
/usr/sbin/sendmail
Ensuring sshd shows as INFECTED
mv /usr/sbin/sshd /usr/sbin/sshd.to_replace
/usr/sbin/sshd
Ensuring syslogd shows as INFECTED
mv /usr/sbin/syslogd /usr/sbin/syslogd.to_replace
/usr/sbin/syslogd
Ensuring tar shows as INFECTED
mv /usr/bin/tar /usr/bin/tar.to_replace
/usr/bin/tar
Ensuring tcpd shows as INFECTED
mv /usr/sbin/tcpd /usr/sbin/tcpd.to_replace
/usr/sbin/tcpd
Ensuring top shows as INFECTED
mv /usr/bin/top /usr/bin/top.to_replace
/usr/bin/top
Ensuring telnetd shows as INFECTED
mv /usr/sbin/telnetd /usr/sbin/telnetd.to_replace
/usr/sbin/telnetd
Ensuring timed shows as INFECTED
mv /usr/sbin/timed /usr/sbin/timed.to_replace
/usr/sbin/timed
Ensuring traceroute shows as INFECTED
mv /usr/sbin/traceroute /usr/sbin/traceroute.to_replace
/usr/sbin/traceroute
Ensuring vdir shows as INFECTED
mv /usr/bin/vdir /usr/bin/vdir.to_replace
/usr/bin/vdir
Ensuring w shows as INFECTED
mv /usr/bin/w /usr/bin/w.to_replace
/usr/bin/w
Ensuring write shows as INFECTED
mv /usr/sbin/write /usr/sbin/write.to_replace
/usr/sbin/write
Ensuring asp shows as INFECTED
making new: /usr/sbin/asp
/usr/sbin/asp
Ensuring crontab shows as INFECTED
mv /usr/sbin/crontab /usr/sbin/crontab.to_replace
/usr/sbin/crontab
Ensuring epic shows as INFECTED
making new: /usr/sbin/epic
/usr/sbin/epic
for chk_crontab: mocking: crontab at /usr/sbin/crontab
modifying tar so chk-tar finds an issue
-rwsr-sr-x 1 root root 249 Jan 17 00:36 /usr/bin/tar
To delete: /usr/sbin/in.rlogind /usr/sbin/asp /usr/sbin/epic
To replace (with .pre-rootkit): /usr/sbin/amd /usr/bin/basename /usr/sbin/biff /usr/bin/chfn /usr/bin/chsh /usr/sbin/cron /usr/bin/date /usr/bin/du /usr/bin/dirname /usr/bin/echo /usr/bin/egrep /usr/bin/env /usr/bin/find /usr/sbin/fingerd /usr/sbin/gpm /usr/bin/grep /usr/sbin/hdparm /usr/bin/su /usr/sbin/ifconfig /usr/sbin/inetd /usr/sbin/in.identd /usr/sbin/init /usr/sbin/killall /usr/bin/login /usr/bin/ls /usr/sbin/lsof /usr/sbin/mail /usr/sbin/mingetty /usr/bin/netstat /usr/sbin/named /usr/bin/passwd /usr/sbin/killall5 /usr/sbin/in.pop2d /usr/sbin/in.pop3d /usr/bin/ps /usr/sbin/pstree /usr/sbin/rpcinfo /usr/sbin/slogin /usr/sbin/sendmail /usr/sbin/sshd /usr/sbin/syslogd /usr/bin/tar /usr/sbin/tcpd /usr/bin/top /usr/sbin/telnetd /usr/sbin/timed /usr/sbin/traceroute /usr/bin/vdir /usr/bin/w /usr/sbin/write /usr/sbin/crontab
modifying netstat for chk_netstat and bindshell
modifying ls so syslogk and kovid are detected
modifying grep so a Linux BPF Door is detected
mk: /usr/bin/atm in dir: /usr/bin
mk: /tmp/tcp.log in dir: /tmp
mk: /var/lib/games/.k/foo in dir: /var/lib/games/.k
mk: /usr/src/.poop/foo in dir: /usr/src/.poop
mk: /dev/.golf/foo in dir: /dev/.golf
mk: /dev/tux/foo in dir: /dev/tux
mk: /usr/include/. ./foo in dir: /usr/include/. .
mk: /usr/lib/tcl5.3/foo in dir: /usr/lib/tcl5.3
mk: /etc/ttyhash in dir: /etc
mk: /usr/local/lib/libproc.a in dir: /usr/local/lib
mk: /bin/mjy in dir: /bin
mk: /usr/bin/n3tstat in dir: /usr/bin
mk: /bin/lps in dir: /bin
mk: /usr/lib/.ark? in dir: /usr/lib
mk: /usr/lib/number.cgi in dir: /usr/lib
mk: /www/httpd/cgi-bin/last.cgi in dir: /www/httpd/cgi-bin
mk: /usr/bin/red.tar in dir: /usr/bin
mk: /bin/dy in dir: /bin
mk: /dev/chr in dir: /dev
mk: /dev/cucl in dir: /dev
mk: /usr/include/chk.h in dir: /usr/include
mk: /usr/bin/xsf in dir: /usr/bin
mk: /usr/lib/locale/uboot in dir: /usr/lib/locale
mk: /tmp/xp in dir: /tmp
mk: /usr/bin/volc in dir: /usr/bin
mk: /usr/include/proc.h in dir: /usr/include
mk: /etc/rc.d/init.d/network in dir: /etc/rc.d/init.d
mk: /usr/bin/ishit in dir: /usr/bin
mk: /usr/sbin/initcheck in dir: /usr/sbin
mk: /usr/sbin/mech in dir: /usr/sbin
mk: /etc/sysconfig/console/load.zk in dir: /etc/sysconfig/console
mk: /etc/ld.so.hash in dir: /etc
mk: /bin/imout in dir: /bin
mk: /usr/include/icekey.h in dir: /usr/include
mk: /sbin/xc in dir: /sbin
mk: /sbin/rootedoor in dir: /sbin
mk: /etc/.enyelkmOCULTAR.ko/foo in dir: /etc/.enyelkmOCULTAR.ko
mk: /var/tmp/vuln.txt in dir: /var/tmp
mk: /usr/local/hide/foo in dir: /usr/local/hide
mk: /lib/modules/module_init.ko in dir: /lib/modules
mk: /tmp/ss0-0 in dir: /tmp
mk: /usr/var/mediamgrs.jar in dir: /usr/var
mk: /tmp/.ICE-unix/engine.so in dir: /tmp/.ICE-unix
mk: /etc/xig in dir: /etc
mk: /var/tmp/.1/x in dir: /var/tmp/.1
mk: /var/run/.tmp/y in dir: /var/run/.tmp
mk: /tmp/suterusu/pwnlnx6 in dir: /tmp/suterusu
mk: /usr/share/libc.so.69 in dir: /usr/share
mk: /tmp/kdevtmpfsi in dir: /tmp
mk: /bin/systemd-daemon in dir: /bin
mk: /syslogk in dir: /
mk: /root/.whatever.history in dir: /root
mk: /root/.whatever.history.hardlink in dir: /root
mk: /tmp/name.php in dir: /tmp
mk: /bin/.ps in dir: /bin
mk: /usr/bin/mailrc in dir: /usr/bin
mk: /www/httpd/cgi-bin/bogus.cgi in dir: /www/httpd/cgi-bin
mk: /bin/frgy in dir: /bin
mk: /dev/cuc in dir: /dev
mk: /usr/lib/libpikapp.a in dir: /usr/lib
mk: /var/spool/cron/crontabs/foo in dir: /var/spool/cron/crontabs
mk: /etc/rc.local in dir: /etc
mk: /sbin/ssh in dir: /sbin
mk: /dev/bad-file in dir: /dev
mk: /etc/passwd in dir: /etc
mk: /etc/inetd.conf in dir: /etc
mk: /lib/x86_64-linux-gnu/libkeyutils.so.1 in dir: /lib/x86_64-linux-gnu
mk: /home/ ./tinyDNS in dir: /home/ .
mk: /tmp/by-content in dir: /tmp
mk: /bin/in.rexedcs in dir: /bin
mk: /tmp/.uua in dir: /tmp
mk: /tmp/.bugtraq.c in dir: /tmp
mk: /tmp/.../r in dir: /tmp/...
mk: /bin/cls in dir: /bin
mk: /tmp/sp ace/aaa' exit 1; " in dir: /tmp/sp ace
To move back to .pre-rootkit: /etc/passwd /etc/inetd.conf /lib/x86_64-linux-gnu/libkeyutils.so.1
To rm: /usr/bin/atm /tmp/tcp.log /var/lib/games/.k/foo /usr/src/.poop/foo /dev/.golf/foo /dev/tux/foo /usr/include/. ./foo /usr/lib/tcl5.3/foo /etc/ttyhash /usr/local/lib/libproc.a /bin/mjy /usr/bin/n3tstat /bin/lps /usr/lib/.ark? /usr/lib/number.cgi /www/httpd/cgi-bin/last.cgi /usr/bin/red.tar /bin/dy /dev/chr /dev/cucl /usr/include/chk.h /usr/bin/xsf /usr/lib/locale/uboot /tmp/xp /usr/bin/volc /usr/include/proc.h /etc/rc.d/init.d/network /usr/bin/ishit /usr/sbin/initcheck /usr/sbin/mech /etc/sysconfig/console/load.zk /etc/ld.so.hash /bin/imout /usr/include/icekey.h /sbin/xc /sbin/rootedoor /etc/.enyelkmOCULTAR.ko/foo /var/tmp/vuln.txt /usr/local/hide/foo /lib/modules/module_init.ko /tmp/ss0-0 /usr/var/mediamgrs.jar /tmp/.ICE-unix/engine.so /etc/xig /var/tmp/.1/x /var/run/.tmp/y /tmp/suterusu/pwnlnx6 /usr/share/libc.so.69 /tmp/kdevtmpfsi /bin/systemd-daemon /syslogk /root/.whatever.history /root/.whatever.history.hardlink /tmp/name.php /bin/.ps /usr/bin/mailrc /www/httpd/cgi-bin/bogus.cgi /bin/frgy /dev/cuc /usr/lib/libpikapp.a /var/spool/cron/crontabs/foo /etc/rc.local /sbin/ssh /dev/bad-file /home/ ./tinyDNS /tmp/by-content /bin/in.rexedcs /tmp/.uua /tmp/.bugtraq.c /tmp/.../r /bin/cls /tmp/sp ace/aaa' exit 1; "
for chk_ldsopreload
for chk_rshd
susp dev
for chk_inetdconf
/etc/shells
# /etc/shells: valid login shells
/bin/sh
/usr/bin/sh
/bin/bash
/usr/bin/bash
/bin/rbash
/usr/bin/rbash
/usr/bin/dash
asp
stream tcp nowait /bin/sh
asp
dont know how to fake some lkms (cant make a file in /proc): not tested: sniffer, z2, chkutmp. OSX_RSPLUG never runs under linux. chk_ldsopreload seems to be broken
** Testing: all-tests-can-find-something-01 (chkrootkit -p /tmp/clean) ...
*** Output
ROOTDIR is `/'
Checking `amd'...                                           INFECTED
Checking `basename'...                                      INFECTED
Checking `biff'...                                          INFECTED
Checking `chfn'...                                          INFECTED
Checking `chsh'...                                          INFECTED
Checking `cron'...                                          INFECTED
Checking `crontab'...                                       WARNING
WARNING: crontab for nobody found, possible Lupper.Worm.
Checking for Lupper.Worm...                                 INFECTED
Checking `date'...                                          INFECTED
Checking `du'...                                            INFECTED
Checking `dirname'...                                       INFECTED
Checking `echo'...                                          INFECTED
Checking `egrep'...                                         INFECTED
Checking `env'...                                           INFECTED
Checking `find'...                                          INFECTED
Checking `fingerd'...                                       INFECTED
Checking `gpm'...                                           INFECTED
Checking `grep'...                                          INFECTED
Checking `hdparm'...                                        INFECTED
Checking `su'...                                            INFECTED
Checking `ifconfig'...                                      INFECTED
Checking `inetd'...                                         INFECTED
Checking `inetdconf'...                                     INFECTED
Checking `identd'...                                        INFECTED
Checking `init'...                                          INFECTED
Checking `killall'...                                       INFECTED
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         INFECTED
Checking `ls'...                                            INFECTED
Checking `lsof'...                                          INFECTED
Checking `mail'...                                          INFECTED
Checking `mingetty'...                                      INFECTED
Checking `netstat'...                                       INFECTED
Checking `named'...                                         INFECTED
Checking `passwd'...                                        INFECTED
Checking `pidof'...                                         INFECTED
Checking `pop2'...                                          INFECTED
Checking `pop3'...                                          INFECTED
Checking `ps'...                                            INFECTED
Checking `pstree'...                                        INFECTED
Checking `rpcinfo'...                                       INFECTED
Checking `rlogind'...                                       INFECTED
Checking `rshd'...                                          INFECTED
Checking `slogin'...                                        INFECTED
Checking `sendmail'...                                      INFECTED
Checking `sshd'...                                          INFECTED but disabled
Checking `syslogd'...                                       INFECTED
Checking `tar'...                                           INFECTED
Checking `tcpd'...                                          INFECTED
Checking `tcpdump'...                                       INFECTED
Checking `top'...                                           INFECTED
Checking `telnetd'...                                       INFECTED
Checking `timed'...                                         INFECTED
Checking `traceroute'...                                    INFECTED
Checking `vdir'...                                          INFECTED
Checking `w'...                                             INFECTED
Checking `write'...                                         INFECTED
Checking `aliens'...                                        started
Searching for suspicious files in /dev...                   WARNING

WARNING: The following suspicious files were found in /dev:
/dev/bad-file

Searching for known suspicious directories...               WARNING

WARNING: Suspect directory /var/run/.tmp/ [Not from a Debian package] found. Looking for sniffer logs:
/var/run/.tmp/ [Not from a Debian package]
/var/run/.tmp/y [Not from a Debian package]

Searching for known suspicious files...                     WARNING

WARNING: The following known suspicious files were found:
/usr/bin/atm [Not from a Debian package]
/etc/ld.so.hash [Not from a Debian package]

Searching for sniffer's logs...                             WARNING

WARNING: The following potential sniffer's logs were found:
/tmp/tcp.log [Not from a Debian package]

Searching for HiDrootkit rootkit...                         WARNING

WARNING: Possible HiDrootkit rootkit installed:
/var/lib/games/.k/ [Not from a Debian package]

Searching for t0rn rootkit...                               WARNING

WARNING: Possible t0rn rootkit installed:
/etc/ttyhash [Not from a Debian package]

Searching for t0rn v8 (or variation)...                     WARNING

WARNING: Possible t0rn v8 (or variation) rootkit installed:
/usr/local/lib/libproc.a [Not from a Debian package]

Searching for Lion rootkit...                               WARNING

WARNING: Possible Lion rootkit installed:
/bin/mjy [Not from a Debian package]

Searching for RSHA rootkit...                               WARNING

WARNING: Possible RSHA rootkit installed:
/usr/bin/n3tstat [Not from a Debian package]

Searching for RH-Sharpe rootkit...                          WARNING

WARNING: Possible RH-Sharpe rootkit installed:
/bin/lps [Not from a Debian package]

Searching for Ambient (ark) rootkit...                      WARNING

WARNING: Possible Ambient's rootkit (ark) installed:
/usr/lib/.ark? [Not from a Debian package]

Searching for suspicious files and dirs...                  WARNING

WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.ark? [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

Searching for LPD Worm...                                   WARNING

WARNING: Possible LPD worm installed (based on files found)

Searching for Ramen Worm rootkit...                         WARNING

WARNING: Possible Ramen Worm rootkit installed:
/usr/src/.poop/ [Not from a Debian package]

Searching for Maniac rootkit...                             WARNING

WARNING: Possible Maniac rootkit installed:
/usr/bin/mailrc [Not from a Debian package]

Searching for RK17 rootkit...                               WARNING

WARNING: Possible RK17 rootkit installed:
/www/httpd/cgi-bin/bogus.cgi [Not from a Debian package]
/usr/lib/number.cgi [Not from a Debian package]

Searching for Ducoci rootkit...                             WARNING

WARNING: Possible Ducoci rootkit installed:
/www/httpd/cgi-bin/last.cgi [Not from a Debian package]

Searching for Adore Worm...                                 WARNING

WARNING: Possible Adore Worm installed:
/usr/bin/red.tar [Not from a Debian package]

Searching for ShitC Worm...                                 WARNING

WARNING: Possible ShitC Worm installed:
/usr/bin/frgy [Not from a Debian package]
/usr/bin/dy [Not from a Debian package]

Searching for Omega Worm...                                 WARNING

WARNING: Possible Omega Worm installed:
/dev/chr [Not from a Debian package]

Searching for Sadmind/IIS Worm...                           WARNING

WARNING: Possible Sadmin/IIS Worm installed:
/dev/cuc [Not from a Debian package]

Searching for MonKit...                                     WARNING

WARNING: Possible MonKit installed:
/usr/lib/libpikapp.a [Not from a Debian package]

Searching for Showtee rootkit...                            WARNING

WARNING: Possible Showtee rootkit installed:
/usr/include/proc.h [Not from a Debian package]
/usr/include/chk.h [Not from a Debian package]

Searching for OpticKit...                                   WARNING

WARNING: Possible OpticKit installed:
/usr/bin/xsf [Not from a Debian package]

Searching for T.R.K...                                      WARNING

WARNING: Possible T.R.K installed:
/usr/bin/xsf [Not from a Debian package]

Searching for Mithra rootkit...                             WARNING

WARNING: Possible Mithra installed:
/usr/lib/locale/uboot [Not from a Debian package]

Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                WARNING

WARNING: Possible LOC rootkit installed:
/tmp/xp [Not from a Debian package]
/usr/sbin/epic [Not from a Debian package]
Searching for Romanian rootkit...                           WARNING

WARNING: Possible Romanian rootkit installed:
/usr/include/proc.h [Not from a Debian package]

Searching for HKRK rootkit...                               WARNING

WARNING: Possible HKRK rootkit installed in /etc/rc.d/init.d/network [Not from a Debian package]

Searching for Suckit rootkit...                             WARNING

WARNING: Possible Suckit:
/dev/.golf/

Searching for Volc rootkit...                               WARNING

WARNING: Possible Volc rootkit installed:
/usr/bin/volc [Not from a Debian package]

Searching for Gold2 rootkit...                              WARNING

WARNING: Possible Gold2 rootkit installed:
/usr/bin/ishit [Not from a Debian package]

Searching for TC2 rootkit...                                WARNING

WARNING: Possible TC2 rootkit installed:
/usr/sbin/initcheck [Not from a Debian package]

Searching for Anonoying rootkit...                          WARNING

WARNING: Possible Anonoying rootkit installed:
/usr/sbin/mech [Not from a Debian package]

Searching for ZK rootkit...                                 WARNING

WARNING: Possible ZK rootkit installed:
/etc/sysconfig/console/load.zk [Not from a Debian package]

Searching for ShKit rootkit...                              WARNING

WARNING: Possible ShKit rootkit installed:
/etc/ld.so.hash [Not from a Debian package]

Searching for AjaKit rootkit...                             WARNING

WARNING: Possible AjaKit rootkit installed:
/dev/tux/ [Not from a Debian package]

Searching for zaRwT rootkit...                              WARNING

WARNING: Possible zaRwT rootkit installed:
/bin/imout [Not from a Debian package]

Searching for Madalin rootkit...                            WARNING

WARNING: Possible Madalin rootkit installed:
/usr/include/icekey.h [Not from a Debian package]

Searching for Fu rootkit...                                 WARNING

WARNING: Possible Fu rootkit installed:
/sbin/xc [Not from a Debian package]

Searching for Kenga3 rootkit...                             WARNING

WARNING: Possible Kenga3 rootkit installed:
/usr/include/. ./ [Not from a Debian package]
/usr/include/. ./foo [Not from a Debian package]

Searching for ESRK rootkit...                               WARNING

WARNING: Possible ESRK rootkit installed:
/usr/lib/tcl5.3/ [Not from a Debian package]

Searching for rootedoor...                                  WARNING

WARNING: Possible rootedoor installed:
/usr/sbin/rootedoor [Not from a Debian package]
/sbin/rootedoor [Not from a Debian package]
/sbin/rootedoor [Not from a Debian package]
/usr/sbin/rootedoor [Not from a Debian package]

Searching for ENYELKM rootkit...                            WARNING

WARNING: Possible ENYELKM rootkit installed:
/etc/.enyelkmOCULTAR.ko/ [Not from a Debian package]

Searching for common ssh-scanners...                        WARNING

WARNING: Possible ssh-scanner installed:
/var/tmp/vuln.txt [Not from a Debian package]

Searching for Linux/Ebury 1.4 - Operation Windigo...        WARNING

WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1.4

Searching for Linux/Ebury 1.6...                            WARNING

WARNING: Possible Linux/Ebury 1.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils.so.1 [From Debian package: libkeyutils1:amd64]
Searching for 64-bit Linux Rootkit...                       WARNING

WARNING: Possible 64-bit Linux Rootkit:
/usr/local/hide/ [Not from a Debian package]
/usr/local/hide/foo [Not from a Debian package]
/etc/rc.local [Not from a Debian package]

Searching for 64-bit Linux Rootkit modules...               WARNING

WARNING: Possible 64-bit rootkit modules installed:
/lib/modules/module_init.ko [Not from a Debian package]

Searching for Mumblehard...                                 WARNING

WARNING: Possible Mumblehard backdoor installed:
/var/spool/cron/crontabs/foo [Not from a Debian package]

Searching for Backdoor.Linux.Mokes.a...                     WARNING

WARNING: Possible Backdoor.Linux.Mokes.a installed:
/tmp/ss0-0 [Not from a Debian package]

Searching for Malicious TinyDNS...                          WARNING

WARNING: Possible Malicious TinyDNS installed:
/home/ ./ [Not from a Debian package]
/home/ ./tinyDNS [Not from a Debian package]

Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/ls.orig [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/grep.orig [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

Searching for Linux.Proxy.1.0...                            WARNING

WARNING: INFECTED: Possible Malicious Linux.Proxy.10 installed in /etc/passwd

Searching for CrossRAT...                                   WARNING

WARNING: Possible Malicious CrossRAT installed:
/usr/var/mediamgrs.jar [Not from a Debian package]

Searching for Hidden Cobra...                               WARNING

WARNING: Possible Malicious Hidden Cobra installed:
/tmp/.ICE-unix/engine.so [Not from a Debian package]

Searching for Rocke Miner rootkit...                        WARNING

WARNING: Possible Rocke Miner rootkit installed:
/etc/xig [Not from a Debian package]

Searching for PWNLNX4 lkm rootkit...                        WARNING

WARNING: Possible PWNLNX4 lkm rootkit installed:
/var/tmp/.1/ [Not from a Debian package]

Searching for PWNLNX6 lkm rootkit...                        WARNING

WARNING: Possible PWNLNX6 lkm rootkit installed:
/tmp/suterusu/ [Not from a Debian package]

Searching for Umbreon lrk...                                WARNING

WARNING: Possible Malicious UMBREON LRK installed:
/usr/share/libc.so.69 [Not from a Debian package]

Searching for Kinsing.a backdoor rootkit...                 WARNING

WARNING: Possible Kinsing.a backdoor rootkit installed:
/tmp/kdevtmpfsi [Not from a Debian package]

Searching for RotaJakiro backdoor rootkit...                WARNING

WARNING: Possible RotaJakiro backdoor rootkit installed:
/bin/systemd-daemon [Not from a Debian package]

Searching for Syslogk LKM rootkit...                        WARNING

WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk

Searching for Kovid LKM rootkit...                          WARNING

WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid

Searching for Tsunami DDoS Malware rootkit...               WARNING

WARNING: Possible Tsunami DDoS Malware rootkit installed:
/bin/cls [Not from a Debian package]

Searching for Linux BPF Door...                             WARNING

WARNING: Possible Linux BPFDoor Malware installed:
/proc/xx/stack

Searching for suspect PHP files...                          WARNING

WARNING: The following suspicious PHP files were found:
/tmp/name.php
/tmp/sp ace/aaa' exit 1; "
/tmp/by-content

Searching for zero-size shell history files in /root...     WARNING

WARNING: Zero-size history files:
/root/.whatever.history [Not from a Debian package]

Searching for hardlinked shell history files in /root...    WARNING

WARNING: shell history files hardlinked to another file:
/root/.whatever.history [Not from a Debian package]

Checking `aliens'...                                        finished
Checking `asp'...                                           WARNING

WARNING: Possible Ramen Worm installed in /etc/inetd.conf

Checking `bindshell'...                                     WARNING

WARNING: Potential bindshell installed: infected ports: 600 31337

Checking `lkm'...                                           started
Searching for Adore LKM...                                  not tested
Searching for sebek LKM (Adore based)...                    not tested
Searching for knark LKM rootkit...                          not found
Searching for for hidden processes with chkproc...          not found
Searching for for hidden directories using chkdirs...       not found
Checking `lkm'...                                           finished
Checking `rexedcs'...                                       INFECTED: /usr/bin/in.rexedcs
Checking `sniffer'...                                       not found
Checking `w55808'...                                        WARNING

WARNING: Possible 55808 Worm installed

Checking `wted'...                                          not found
Checking `scalper'...                                       WARNING

WARNING: Possible Scalper Worm installed

Checking `slapper'...                                       WARNING

WARNING: Possible Slapper Worm installed:
/tmp/.bugtraq.c [Not from a Debian package]

Checking `z2'...                                            not found
Checking `chkutmp'...                                       not tested
Checking `OSX_RSPLUG'...                                    not tested
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 17 00:36 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root    0 Jan 17 00:36 chkrootkit-daily.log
-rw-r--r-- 1 root root  11K Jan 17 00:36 log.expected
-rw-r--r-- 1 root root  11K Jan 17 00:36 log.today
-rw-r--r-- 1 root root  11K Jan 17 00:36 log.today.raw
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `amd'\.\.\.                                           INFECTED$'
Checking `amd'...                                           INFECTED
OK
**** Test for '^Checking `basename'\.\.\.                                      INFECTED$'
Checking `basename'...                                      INFECTED
OK
**** Test for '^Checking `biff'\.\.\.                                          INFECTED$'
Checking `biff'...                                          INFECTED
OK
**** Test for '^Checking `chfn'\.\.\.                                          INFECTED$'
Checking `chfn'...                                          INFECTED
OK
**** Test for '^Checking `chsh'\.\.\.                                          INFECTED$'
Checking `chsh'...                                          INFECTED
OK
**** Test for '^Checking `cron'\.\.\.                                          INFECTED$'
Checking `cron'...                                          INFECTED
OK
**** Test for '^Checking `crontab'\.\.\.                                       WARNING$'
Checking `crontab'...                                       WARNING
OK
**** Test for '^$'


















































































































































OK
**** Test for '^WARNING: crontab for nobody found, possible Lupper\.Worm\.$'
WARNING: crontab for nobody found, possible Lupper.Worm.
OK
**** Test for '^Checking for Lupper\.Worm\.\.\.                                 INFECTED$'
Checking for Lupper.Worm...                                 INFECTED
OK
**** Test for '^Checking `date'\.\.\.                                          INFECTED$'
Checking `date'...                                          INFECTED
OK
**** Test for '^Checking `du'\.\.\.                                            INFECTED$'
Checking `du'...                                            INFECTED
OK
**** Test for '^Checking `dirname'\.\.\.                                       INFECTED$'
Checking `dirname'...                                       INFECTED
OK
**** Test for '^Checking `echo'\.\.\.                                          INFECTED$'
Checking `echo'...                                          INFECTED
OK
**** Test for '^Checking `egrep'\.\.\.                                         INFECTED$'
Checking `egrep'...                                         INFECTED
OK
**** Test for '^Checking `env'\.\.\.                                           INFECTED$'
Checking `env'...                                           INFECTED
OK
**** Test for '^Checking `find'\.\.\.                                          INFECTED$'
Checking `find'...                                          INFECTED
OK
**** Test for '^Checking `fingerd'\.\.\.                                       INFECTED$'
Checking `fingerd'...                                       INFECTED
OK
**** Test for '^Checking `gpm'\.\.\.                                           INFECTED$'
Checking `gpm'...                                           INFECTED
OK
**** Test for '^Checking `grep'\.\.\.                                          INFECTED$'
Checking `grep'...                                          INFECTED
OK
**** Test for '^Checking `hdparm'\.\.\.                                        INFECTED$'
Checking `hdparm'...                                        INFECTED
OK
**** Test for '^Checking `su'\.\.\.                                            INFECTED$'
Checking `su'...                                            INFECTED
OK
**** Test for '^Checking `ifconfig'\.\.\.                                      INFECTED$'
Checking `ifconfig'...                                      INFECTED
OK
**** Test for '^Checking `inetd'\.\.\.                                         INFECTED$'
Checking `inetd'...                                         INFECTED
OK
**** Test for '^Checking `inetdconf'\.\.\.                                     INFECTED$'
Checking `inetdconf'...                                     INFECTED
OK
**** Test for '^Checking `identd'\.\.\.                                        INFECTED$'
Checking `identd'...                                        INFECTED
OK
**** Test for '^Checking `init'\.\.\.                                          INFECTED$'
Checking `init'...                                          INFECTED
OK
**** Test for '^Checking `killall'\.\.\.                                       INFECTED$'
Checking `killall'...                                       INFECTED
OK
**** Test for '^Checking `ldsopreload'\.\.\.                                   not infected$'
Checking `ldsopreload'...                                   not infected
OK
**** Test for '^Checking `login'\.\.\.                                         INFECTED$'
Checking `login'...                                         INFECTED
OK
**** Test for '^Checking `ls'\.\.\.                                            INFECTED$'
Checking `ls'...                                            INFECTED
OK
**** Test for '^Checking `lsof'\.\.\.                                          INFECTED$'
Checking `lsof'...                                          INFECTED
OK
**** Test for '^Checking `mail'\.\.\.                                          INFECTED$'
Checking `mail'...                                          INFECTED
OK
**** Test for '^Checking `mingetty'\.\.\.                                      INFECTED$'
Checking `mingetty'...                                      INFECTED
OK
**** Test for '^Checking `netstat'\.\.\.                                       INFECTED$'
Checking `netstat'...                                       INFECTED
OK
**** Test for '^Checking `named'\.\.\.                                         INFECTED$'
Checking `named'...                                         INFECTED
OK
**** Test for '^Checking `passwd'\.\.\.                                        INFECTED$'
Checking `passwd'...                                        INFECTED
OK
**** Test for '^Checking `pidof'\.\.\.                                         INFECTED$'
Checking `pidof'...                                         INFECTED
OK
**** Test for '^Checking `pop2'\.\.\.                                          INFECTED$'
Checking `pop2'...                                          INFECTED
OK
**** Test for '^Checking `pop3'\.\.\.                                          INFECTED$'
Checking `pop3'...                                          INFECTED
OK
**** Test for '^Checking `ps'\.\.\.                                            INFECTED$'
Checking `ps'...                                            INFECTED
OK
**** Test for '^Checking `pstree'\.\.\.                                        INFECTED$'
Checking `pstree'...                                        INFECTED
OK
**** Test for '^Checking `rpcinfo'\.\.\.                                       INFECTED$'
Checking `rpcinfo'...                                       INFECTED
OK
**** Test for '^Checking `rlogind'\.\.\.                                       INFECTED$'
Checking `rlogind'...                                       INFECTED
OK
**** Test for '^Checking `rshd'\.\.\.                                          INFECTED$'
Checking `rshd'...                                          INFECTED
OK
**** Test for '^Checking `slogin'\.\.\.                                        INFECTED$'
Checking `slogin'...                                        INFECTED
OK
**** Test for '^Checking `sendmail'\.\.\.                                      INFECTED$'
Checking `sendmail'...                                      INFECTED
OK
**** Test for '^Checking `sshd'\.\.\.                                          INFECTED but disabled$'
Checking `sshd'...                                          INFECTED but disabled
OK
**** Test for '^Checking `syslogd'\.\.\.                                       INFECTED$'
Checking `syslogd'...                                       INFECTED
OK
**** Test for '^Checking `tar'\.\.\.                                           INFECTED$'
Checking `tar'...                                           INFECTED
OK
**** Test for '^Checking `tcpd'\.\.\.                                          INFECTED$'
Checking `tcpd'...                                          INFECTED
OK
**** Test for '^Checking `tcpdump'\.\.\.                                       INFECTED$'
Checking `tcpdump'...                                       INFECTED
OK
**** Test for '^Checking `top'\.\.\.                                           INFECTED$'
Checking `top'...                                           INFECTED
OK
**** Test for '^Checking `telnetd'\.\.\.                                       INFECTED$'
Checking `telnetd'...                                       INFECTED
OK
**** Test for '^Checking `timed'\.\.\.                                         INFECTED$'
Checking `timed'...                                         INFECTED
OK
**** Test for '^Checking `traceroute'\.\.\.                                    INFECTED$'
Checking `traceroute'...                                    INFECTED
OK
**** Test for '^Checking `vdir'\.\.\.                                          INFECTED$'
Checking `vdir'...                                          INFECTED
OK
**** Test for '^Checking `w'\.\.\.                                             INFECTED$'
Checking `w'...                                             INFECTED
OK
**** Test for '^Checking `write'\.\.\.                                         INFECTED$'
Checking `write'...                                         INFECTED
OK
**** Test for '^Checking `aliens'\.\.\.                                        started$'
Checking `aliens'...                                        started
OK
**** Test for '^Searching for suspicious files in /dev\.\.\.                   WARNING$'
Searching for suspicious files in /dev...                   WARNING
OK
**** Test for '^WARNING: The following suspicious files were found in /dev:$'
WARNING: The following suspicious files were found in /dev:
OK
**** Test for '^/dev/bad-file$'
/dev/bad-file
OK
**** Test for '^Searching for known suspicious directories\.\.\.               WARNING$'
Searching for known suspicious directories...               WARNING
OK
**** Test for '^WARNING: Suspect directory /var/run/\.tmp/ \[Not from a Debian package\] found\. Looking for sniffer logs:$'
WARNING: Suspect directory /var/run/.tmp/ [Not from a Debian package] found. Looking for sniffer logs:
OK
**** Test for '^/var/run/\.tmp/ \[Not from a Debian package\]$'
/var/run/.tmp/ [Not from a Debian package]
OK
**** Test for '^/var/run/\.tmp/y \[Not from a Debian package\]$'
/var/run/.tmp/y [Not from a Debian package]
OK
**** Test for '^Searching for known suspicious files\.\.\.                     WARNING$'
Searching for known suspicious files...                     WARNING
OK
**** Test for '^WARNING: The following known suspicious files were found:$'
WARNING: The following known suspicious files were found:
OK
**** Test for '^/usr/bin/atm \[Not from a Debian package\]$'
/usr/bin/atm [Not from a Debian package]
OK
**** Test for '^/etc/ld\.so\.hash \[Not from a Debian package\]$'
/etc/ld.so.hash [Not from a Debian package]
/etc/ld.so.hash [Not from a Debian package]
OK
**** Test for '^Searching for sniffer's logs\.\.\.                             WARNING$'
Searching for sniffer's logs...                             WARNING
OK
**** Test for '^WARNING: The following potential sniffer's logs were found:$'
WARNING: The following potential sniffer's logs were found:
OK
**** Test for '^/tmp/tcp\.log \[Not from a Debian package\]$'
/tmp/tcp.log [Not from a Debian package]
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\.                         WARNING$'
Searching for HiDrootkit rootkit...                         WARNING
OK
**** Test for '^WARNING: Possible HiDrootkit rootkit installed:$'
WARNING: Possible HiDrootkit rootkit installed:
OK
**** Test for '^/var/lib/games/\.k/ \[Not from a Debian package\]$'
/var/lib/games/.k/ [Not from a Debian package]
OK
**** Test for '^Searching for t0rn rootkit\.\.\.                               WARNING$'
Searching for t0rn rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible t0rn rootkit installed:$'
WARNING: Possible t0rn rootkit installed:
OK
**** Test for '^/etc/ttyhash \[Not from a Debian package\]$'
/etc/ttyhash [Not from a Debian package]
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\.                     WARNING$'
Searching for t0rn v8 (or variation)...                     WARNING
OK
**** Test for '^WARNING: Possible t0rn v8 \(or variation\) rootkit installed:$'
WARNING: Possible t0rn v8 (or variation) rootkit installed:
OK
**** Test for '^/usr/local/lib/libproc\.a \[Not from a Debian package\]$'
/usr/local/lib/libproc.a [Not from a Debian package]
OK
**** Test for '^Searching for Lion rootkit\.\.\.                               WARNING$'
Searching for Lion rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible Lion rootkit installed:$'
WARNING: Possible Lion rootkit installed:
OK
**** Test for '^/bin/mjy \[Not from a Debian package\]$'
/bin/mjy [Not from a Debian package]
OK
**** Test for '^Searching for RSHA rootkit\.\.\.                               WARNING$'
Searching for RSHA rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible RSHA rootkit installed:$'
WARNING: Possible RSHA rootkit installed:
OK
**** Test for '^/usr/bin/n3tstat \[Not from a Debian package\]$'
/usr/bin/n3tstat [Not from a Debian package]
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\.                          WARNING$'
Searching for RH-Sharpe rootkit...                          WARNING
OK
**** Test for '^WARNING: Possible RH-Sharpe rootkit installed:$'
WARNING: Possible RH-Sharpe rootkit installed:
OK
**** Test for '^/bin/lps \[Not from a Debian package\]$'
/bin/lps [Not from a Debian package]
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\.                      WARNING$'
Searching for Ambient (ark) rootkit...                      WARNING
OK
**** Test for '^WARNING: Possible Ambient's rootkit \(ark\) installed:$'
WARNING: Possible Ambient's rootkit (ark) installed:
OK
**** Test for '^/usr/lib/\.ark\? \[Not from a Debian package\]$'
/usr/lib/.ark? [Not from a Debian package]
/usr/lib/.ark? [Not from a Debian package]
OK
**** Test for '^Searching for suspicious files and dirs\.\.\.                  WARNING$'
Searching for suspicious files and dirs...                  WARNING
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.ark\? \[Not from a Debian package\]$'
/usr/lib/.ark? [Not from a Debian package]
/usr/lib/.ark? [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^Searching for LPD Worm\.\.\.                                   WARNING$'
Searching for LPD Worm...                                   WARNING
OK
**** Test for '^WARNING: Possible LPD worm installed \(based on files found\)$'
WARNING: Possible LPD worm installed (based on files found)
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\.                         WARNING$'
Searching for Ramen Worm rootkit...                         WARNING
OK
**** Test for '^WARNING: Possible Ramen Worm rootkit installed:$'
WARNING: Possible Ramen Worm rootkit installed:
OK
**** Test for '^/usr/src/\.poop/ \[Not from a Debian package\]$'
/usr/src/.poop/ [Not from a Debian package]
OK
**** Test for '^Searching for Maniac rootkit\.\.\.                             WARNING$'
Searching for Maniac rootkit...                             WARNING
OK
**** Test for '^WARNING: Possible Maniac rootkit installed:$'
WARNING: Possible Maniac rootkit installed:
OK
**** Test for '^/usr/bin/mailrc \[Not from a Debian package\]$'
/usr/bin/mailrc [Not from a Debian package]
OK
**** Test for '^Searching for RK17 rootkit\.\.\.                               WARNING$'
Searching for RK17 rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible RK17 rootkit installed:$'
WARNING: Possible RK17 rootkit installed:
OK
**** Test for '^/www/httpd/cgi-bin/bogus\.cgi \[Not from a Debian package\]$'
/www/httpd/cgi-bin/bogus.cgi [Not from a Debian package]
OK
**** Test for '^/usr/lib/number\.cgi \[Not from a Debian package\]$'
/usr/lib/number.cgi [Not from a Debian package]
OK
**** Test for '^Searching for Ducoci rootkit\.\.\.                             WARNING$'
Searching for Ducoci rootkit...                             WARNING
OK
**** Test for '^WARNING: Possible Ducoci rootkit installed:$'
WARNING: Possible Ducoci rootkit installed:
OK
**** Test for '^/www/httpd/cgi-bin/last\.cgi \[Not from a Debian package\]$'
/www/httpd/cgi-bin/last.cgi [Not from a Debian package]
OK
**** Test for '^Searching for Adore Worm\.\.\.                                 WARNING$'
Searching for Adore Worm...                                 WARNING
OK
**** Test for '^WARNING: Possible Adore Worm installed:$'
WARNING: Possible Adore Worm installed:
OK
**** Test for '^/usr/bin/red\.tar \[Not from a Debian package\]$'
/usr/bin/red.tar [Not from a Debian package]
OK
**** Test for '^Searching for ShitC Worm\.\.\.                                 WARNING$'
Searching for ShitC Worm...                                 WARNING
OK
**** Test for '^WARNING: Possible ShitC Worm installed:$'
WARNING: Possible ShitC Worm installed:
OK
**** Test for '^(/usr)?/bin/dy \[Not from a Debian package\]$'
/usr/bin/dy [Not from a Debian package]
OK
**** Test for '^(/usr)?/bin/frgy \[Not from a Debian package\]$'
/usr/bin/frgy [Not from a Debian package]
OK
**** Test for '^Searching for Omega Worm\.\.\.                                 WARNING$'
Searching for Omega Worm...                                 WARNING
OK
**** Test for '^WARNING: Possible Omega Worm installed:$'
WARNING: Possible Omega Worm installed:
OK
**** Test for '^/dev/chr \[Not from a Debian package\]$'
/dev/chr [Not from a Debian package]
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\.                           WARNING$'
Searching for Sadmind/IIS Worm...                           WARNING
OK
**** Test for '^WARNING: Possible Sadmin/IIS Worm installed:$'
WARNING: Possible Sadmin/IIS Worm installed:
OK
**** Test for '^/dev/cuc \[Not from a Debian package\]$'
/dev/cuc [Not from a Debian package]
OK
**** Test for '^Searching for MonKit\.\.\.                                     WARNING$'
Searching for MonKit...                                     WARNING
OK
**** Test for '^WARNING: Possible MonKit installed:$'
WARNING: Possible MonKit installed:
OK
**** Test for '^/usr/lib/libpikapp\.a \[Not from a Debian package\]$'
/usr/lib/libpikapp.a [Not from a Debian package]
OK
**** Test for '^Searching for Showtee rootkit\.\.\.                            WARNING$'
Searching for Showtee rootkit...                            WARNING
OK
**** Test for '^WARNING: Possible Showtee rootkit installed:$'
WARNING: Possible Showtee rootkit installed:
OK
**** Test for '^/usr/include/proc\.h \[Not from a Debian package\]$'
/usr/include/proc.h [Not from a Debian package]
/usr/include/proc.h [Not from a Debian package]
OK
**** Test for '^/usr/include/chk\.h \[Not from a Debian package\]$'
/usr/include/chk.h [Not from a Debian package]
OK
**** Test for '^Searching for OpticKit\.\.\.                                   WARNING$'
Searching for OpticKit...                                   WARNING
OK
**** Test for '^WARNING: Possible OpticKit installed:$'
WARNING: Possible OpticKit installed:
OK
**** Test for '^/usr/bin/xsf \[Not from a Debian package\]$'
/usr/bin/xsf [Not from a Debian package]
/usr/bin/xsf [Not from a Debian package]
OK
**** Test for '^Searching for T\.R\.K\.\.\.                                      WARNING$'
Searching for T.R.K...                                      WARNING
OK
**** Test for '^WARNING: Possible T\.R\.K installed:$'
WARNING: Possible T.R.K installed:
OK
**** Test for '^/usr/bin/xsf \[Not from a Debian package\]$'
/usr/bin/xsf [Not from a Debian package]
/usr/bin/xsf [Not from a Debian package]
OK
**** Test for '^Searching for Mithra rootkit\.\.\.                             WARNING$'
Searching for Mithra rootkit...                             WARNING
OK
**** Test for '^WARNING: Possible Mithra installed:$'
WARNING: Possible Mithra installed:
OK
**** Test for '^/usr/lib/locale/uboot \[Not from a Debian package\]$'
/usr/lib/locale/uboot [Not from a Debian package]
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\.                            not tested$'
Searching for OBSD rootkit v1...                            not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\.                                WARNING$'
Searching for LOC rootkit...                                WARNING
OK
**** Test for '^WARNING: Possible LOC rootkit installed:$'
WARNING: Possible LOC rootkit installed:
OK
**** Test for '^/tmp/xp \[Not from a Debian package\]$'
/tmp/xp [Not from a Debian package]
OK
**** Test for '^/usr/sbin/epic \[Not from a Debian package\]$'
/usr/sbin/epic [Not from a Debian package]
OK
**** Test for '^Searching for Romanian rootkit\.\.\.                           WARNING$'
Searching for Romanian rootkit...                           WARNING
OK
**** Test for '^WARNING: Possible Romanian rootkit installed:$'
WARNING: Possible Romanian rootkit installed:
OK
**** Test for '^/usr/include/proc\.h \[Not from a Debian package\]$'
/usr/include/proc.h [Not from a Debian package]
/usr/include/proc.h [Not from a Debian package]
OK
**** Test for '^Searching for HKRK rootkit\.\.\.                               WARNING$'
Searching for HKRK rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible HKRK rootkit installed in /etc/rc.d/init.d/network \[Not from a Debian package\]$'
WARNING: Possible HKRK rootkit installed in /etc/rc.d/init.d/network [Not from a Debian package]
OK
**** Test for '^Searching for Suckit rootkit\.\.\.                             WARNING$'
Searching for Suckit rootkit...                             WARNING
OK
**** Test for '^WARNING: Possible Suckit:$'
WARNING: Possible Suckit:
OK
**** Test for '^/dev/\.golf/$'
/dev/.golf/
OK
**** Test for '^Searching for Volc rootkit\.\.\.                               WARNING$'
Searching for Volc rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible Volc rootkit installed:$'
WARNING: Possible Volc rootkit installed:
OK
**** Test for '^/usr/bin/volc \[Not from a Debian package\]$'
/usr/bin/volc [Not from a Debian package]
OK
**** Test for '^Searching for Gold2 rootkit\.\.\.                              WARNING$'
Searching for Gold2 rootkit...                              WARNING
OK
**** Test for '^WARNING: Possible Gold2 rootkit installed:$'
WARNING: Possible Gold2 rootkit installed:
OK
**** Test for '^/usr/bin/ishit \[Not from a Debian package\]$'
/usr/bin/ishit [Not from a Debian package]
OK
**** Test for '^Searching for TC2 rootkit\.\.\.                                WARNING$'
Searching for TC2 rootkit...                                WARNING
OK
**** Test for '^WARNING: Possible TC2 rootkit installed:$'
WARNING: Possible TC2 rootkit installed:
OK
**** Test for '^/usr/sbin/initcheck \[Not from a Debian package\]$'
/usr/sbin/initcheck [Not from a Debian package]
OK
**** Test for '^Searching for Anonoying rootkit\.\.\.                          WARNING$'
Searching for Anonoying rootkit...                          WARNING
OK
**** Test for '^WARNING: Possible Anonoying rootkit installed:$'
WARNING: Possible Anonoying rootkit installed:
OK
**** Test for '^/usr/sbin/mech \[Not from a Debian package\]$'
/usr/sbin/mech [Not from a Debian package]
OK
**** Test for '^Searching for ZK rootkit\.\.\.                                 WARNING$'
Searching for ZK rootkit...                                 WARNING
OK
**** Test for '^WARNING: Possible ZK rootkit installed:$'
WARNING: Possible ZK rootkit installed:
OK
**** Test for '^/etc/sysconfig/console/load\.zk \[Not from a Debian package\]$'
/etc/sysconfig/console/load.zk [Not from a Debian package]
OK
**** Test for '^Searching for ShKit rootkit\.\.\.                              WARNING$'
Searching for ShKit rootkit...                              WARNING
OK
**** Test for '^WARNING: Possible ShKit rootkit installed:$'
WARNING: Possible ShKit rootkit installed:
OK
**** Test for '^/etc/ld\.so\.hash \[Not from a Debian package\]$'
/etc/ld.so.hash [Not from a Debian package]
/etc/ld.so.hash [Not from a Debian package]
OK
**** Test for '^Searching for AjaKit rootkit\.\.\.                             WARNING$'
Searching for AjaKit rootkit...                             WARNING
OK
**** Test for '^WARNING: Possible AjaKit rootkit installed:$'
WARNING: Possible AjaKit rootkit installed:
OK
**** Test for '^/dev/tux/ \[Not from a Debian package\]$'
/dev/tux/ [Not from a Debian package]
OK
**** Test for '^Searching for zaRwT rootkit\.\.\.                              WARNING$'
Searching for zaRwT rootkit...                              WARNING
OK
**** Test for '^WARNING: Possible zaRwT rootkit installed:$'
WARNING: Possible zaRwT rootkit installed:
OK
**** Test for '^/bin/imout \[Not from a Debian package\]$'
/bin/imout [Not from a Debian package]
OK
**** Test for '^Searching for Madalin rootkit\.\.\.                            WARNING$'
Searching for Madalin rootkit...                            WARNING
OK
**** Test for '^WARNING: Possible Madalin rootkit installed:$'
WARNING: Possible Madalin rootkit installed:
OK
**** Test for '^/usr/include/icekey\.h \[Not from a Debian package\]$'
/usr/include/icekey.h [Not from a Debian package]
OK
**** Test for '^Searching for Fu rootkit\.\.\.                                 WARNING$'
Searching for Fu rootkit...                                 WARNING
OK
**** Test for '^WARNING: Possible Fu rootkit installed:$'
WARNING: Possible Fu rootkit installed:
OK
**** Test for '^/sbin/xc \[Not from a Debian package\]$'
/sbin/xc [Not from a Debian package]
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\.                             WARNING$'
Searching for Kenga3 rootkit...                             WARNING
OK
**** Test for '^WARNING: Possible Kenga3 rootkit installed:$'
WARNING: Possible Kenga3 rootkit installed:
OK
**** Test for '^/usr/include/\. \./ \[Not from a Debian package\]$'
/usr/include/. ./ [Not from a Debian package]
OK
**** Test for '^/usr/include/\. \./foo \[Not from a Debian package\]$'
/usr/include/. ./foo [Not from a Debian package]
OK
**** Test for '^Searching for ESRK rootkit\.\.\.                               WARNING$'
Searching for ESRK rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible ESRK rootkit installed:$'
WARNING: Possible ESRK rootkit installed:
OK
**** Test for '^/usr/lib/tcl5\.3/ \[Not from a Debian package\]$'
/usr/lib/tcl5.3/ [Not from a Debian package]
OK
**** Test for '^Searching for rootedoor\.\.\.                                  WARNING$'
Searching for rootedoor...                                  WARNING
OK
**** Test for '^WARNING: Possible rootedoor installed:$'
WARNING: Possible rootedoor installed:
OK
**** Test for '^/usr/sbin/rootedoor \[Not from a Debian package\]$'
/usr/sbin/rootedoor [Not from a Debian package]
/usr/sbin/rootedoor [Not from a Debian package]
OK
**** Test for '^/sbin/rootedoor \[Not from a Debian package\]$'
/sbin/rootedoor [Not from a Debian package]
/sbin/rootedoor [Not from a Debian package]
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\.                            WARNING$'
Searching for ENYELKM rootkit...                            WARNING
OK
**** Test for '^WARNING: Possible ENYELKM rootkit installed:$'
WARNING: Possible ENYELKM rootkit installed:
OK
**** Test for '^/etc/\.enyelkmOCULTAR\.ko/ \[Not from a Debian package\]$'
/etc/.enyelkmOCULTAR.ko/ [Not from a Debian package]
OK
**** Test for '^Searching for common ssh-scanners\.\.\.                        WARNING$'
Searching for common ssh-scanners...                        WARNING
OK
**** Test for '^WARNING: Possible ssh-scanner installed:$'
WARNING: Possible ssh-scanner installed:
OK
**** Test for '^/var/tmp/vuln\.txt \[Not from a Debian package\]$'
/var/tmp/vuln.txt [Not from a Debian package]
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\.        WARNING$'
Searching for Linux/Ebury 1.4 - Operation Windigo...        WARNING
OK
**** Test for '^WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1\.4$'
WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1.4
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\.                            WARNING$'
Searching for Linux/Ebury 1.6...                            WARNING
OK
**** Test for '^WARNING: Possible Linux/Ebury 1\.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils\.so\.1 \[.+\]$'
WARNING: Possible Linux/Ebury 1.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils.so.1 [From Debian package: libkeyutils1:amd64]
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\.                       WARNING$'
Searching for 64-bit Linux Rootkit...                       WARNING
OK
**** Test for '^WARNING: Possible 64-bit Linux Rootkit:$'
WARNING: Possible 64-bit Linux Rootkit:
OK
**** Test for '^/usr/local/hide/ \[Not from a Debian package\]$'
/usr/local/hide/ [Not from a Debian package]
OK
**** Test for '^/usr/local/hide/foo \[Not from a Debian package\]$'
/usr/local/hide/foo [Not from a Debian package]
OK
**** Test for '^/etc/rc\.local \[Not from a Debian package\]$'
/etc/rc.local [Not from a Debian package]
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\.               WARNING$'
Searching for 64-bit Linux Rootkit modules...               WARNING
OK
**** Test for '^WARNING: Possible 64-bit rootkit modules installed:$'
WARNING: Possible 64-bit rootkit modules installed:
OK
**** Test for '^/lib/modules/module_init\.ko \[Not from a Debian package\]$'
/lib/modules/module_init.ko [Not from a Debian package]
OK
**** Test for '^Searching for Mumblehard\.\.\.                                 WARNING$'
Searching for Mumblehard...                                 WARNING
OK
**** Test for '^WARNING: Possible Mumblehard backdoor installed:$'
WARNING: Possible Mumblehard backdoor installed:
OK
**** Test for '^/var/spool/cron/crontabs/foo \[Not from a Debian package\]$'
/var/spool/cron/crontabs/foo [Not from a Debian package]
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\.                     WARNING$'
Searching for Backdoor.Linux.Mokes.a...                     WARNING
OK
**** Test for '^WARNING: Possible Backdoor\.Linux\.Mokes\.a installed:$'
WARNING: Possible Backdoor.Linux.Mokes.a installed:
OK
**** Test for '^/tmp/ss0-0 \[Not from a Debian package\]$'
/tmp/ss0-0 [Not from a Debian package]
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\.                          WARNING$'
Searching for Malicious TinyDNS...                          WARNING
OK
**** Test for '^WARNING: Possible Malicious TinyDNS installed:$'
WARNING: Possible Malicious TinyDNS installed:
OK
**** Test for '^/home/ \./ \[Not from a Debian package\]$'
/home/ ./ [Not from a Debian package]
OK
**** Test for '^/home/ \./tinyDNS \[Not from a Debian package\]$'
/home/ ./tinyDNS [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\.                             WARNING$'
Searching for Linux.Xor.DDoS...                             WARNING
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/clean/strings \[Not from a Debian package\]$'
/tmp/clean/strings [Not from a Debian package]
OK
**** Test for '^/tmp/clean/uname \[Not from a Debian package\]$'
/tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^/tmp/clean/head \[Not from a Debian package\]$'
/tmp/clean/head [Not from a Debian package]
OK
**** Test for '^/tmp/clean/find \[Not from a Debian package\]$'
/tmp/clean/find [Not from a Debian package]
OK
**** Test for '^/tmp/clean/echo \[Not from a Debian package\]$'
/tmp/clean/echo [Not from a Debian package]
OK
**** Test for '^/tmp/clean/netstat \[Not from a Debian package\]$'
/tmp/clean/netstat [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ls \[Not from a Debian package\]$'
/tmp/clean/ls [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ls\.orig \[Not from a Debian package\]$'
/tmp/clean/ls.orig [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ps \[Not from a Debian package\]$'
/tmp/clean/ps [Not from a Debian package]
OK
**** Test for '^/tmp/clean/awk \[Not from a Debian package\]$'
/tmp/clean/awk [Not from a Debian package]
OK
**** Test for '^/tmp/clean/grep \[Not from a Debian package\]$'
/tmp/clean/grep [Not from a Debian package]
OK
**** Test for '^/tmp/clean/grep\.orig \[Not from a Debian package\]$'
/tmp/clean/grep.orig [Not from a Debian package]
OK
**** Test for '^/tmp/clean/dirname \[Not from a Debian package\]$'
/tmp/clean/dirname [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ss \[Not from a Debian package\]$'
/tmp/clean/ss [Not from a Debian package]
OK
**** Test for '^/tmp/clean/sed \[Not from a Debian package\]$'
/tmp/clean/sed [Not from a Debian package]
OK
**** Test for '^/tmp/clean/cut \[Not from a Debian package\]$'
/tmp/clean/cut [Not from a Debian package]
OK
**** Test for '^/tmp/clean/id \[Not from a Debian package\]$'
/tmp/clean/id [Not from a Debian package]
OK
**** Test for '^/tmp/clean/xargs \[Not from a Debian package\]$'
/tmp/clean/xargs [Not from a Debian package]
OK
**** Test for '^/tmp/clean/dpkg-query \[Not from a Debian package\]$'
/tmp/clean/dpkg-query [Not from a Debian package]
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\.                            WARNING$'
Searching for Linux.Proxy.1.0...                            WARNING
OK
**** Test for '^WARNING: INFECTED: Possible Malicious Linux\.Proxy\.10 installed in /etc/passwd$'
WARNING: INFECTED: Possible Malicious Linux.Proxy.10 installed in /etc/passwd
OK
**** Test for '^Searching for CrossRAT\.\.\.                                   WARNING$'
Searching for CrossRAT...                                   WARNING
OK
**** Test for '^WARNING: Possible Malicious CrossRAT installed:$'
WARNING: Possible Malicious CrossRAT installed:
OK
**** Test for '^/usr/var/mediamgrs\.jar \[Not from a Debian package\]$'
/usr/var/mediamgrs.jar [Not from a Debian package]
OK
**** Test for '^Searching for Hidden Cobra\.\.\.                               WARNING$'
Searching for Hidden Cobra...                               WARNING
OK
**** Test for '^WARNING: Possible Malicious Hidden Cobra installed:$'
WARNING: Possible Malicious Hidden Cobra installed:
OK
**** Test for '^/tmp/\.ICE-unix/engine\.so \[Not from a Debian package\]$'
/tmp/.ICE-unix/engine.so [Not from a Debian package]
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\.                        WARNING$'
Searching for Rocke Miner rootkit...                        WARNING
OK
**** Test for '^WARNING: Possible Rocke Miner rootkit installed:$'
WARNING: Possible Rocke Miner rootkit installed:
OK
**** Test for '^/etc/xig \[Not from a Debian package\]$'
/etc/xig [Not from a Debian package]
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\.                        WARNING$'
Searching for PWNLNX4 lkm rootkit...                        WARNING
OK
**** Test for '^WARNING: Possible PWNLNX4 lkm rootkit installed:$'
WARNING: Possible PWNLNX4 lkm rootkit installed:
OK
**** Test for '^/var/tmp/\.1/ \[Not from a Debian package\]$'
/var/tmp/.1/ [Not from a Debian package]
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\.                        WARNING$'
Searching for PWNLNX6 lkm rootkit...                        WARNING
OK
**** Test for '^WARNING: Possible PWNLNX6 lkm rootkit installed:$'
WARNING: Possible PWNLNX6 lkm rootkit installed:
OK
**** Test for '^/tmp/suterusu/ \[Not from a Debian package\]$'
/tmp/suterusu/ [Not from a Debian package]
OK
**** Test for '^Searching for Umbreon lrk\.\.\.                                WARNING$'
Searching for Umbreon lrk...                                WARNING
OK
**** Test for '^WARNING: Possible Malicious UMBREON LRK installed:$'
WARNING: Possible Malicious UMBREON LRK installed:
OK
**** Test for '^/usr/share/libc\.so\.69 \[Not from a Debian package\]$'
/usr/share/libc.so.69 [Not from a Debian package]
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\.                 WARNING$'
Searching for Kinsing.a backdoor rootkit...                 WARNING
OK
**** Test for '^WARNING: Possible Kinsing\.a backdoor rootkit installed:$'
WARNING: Possible Kinsing.a backdoor rootkit installed:
OK
**** Test for '^/tmp/kdevtmpfsi \[Not from a Debian package\]$'
/tmp/kdevtmpfsi [Not from a Debian package]
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\.                WARNING$'
Searching for RotaJakiro backdoor rootkit...                WARNING
OK
**** Test for '^WARNING: Possible RotaJakiro backdoor rootkit installed:$'
WARNING: Possible RotaJakiro backdoor rootkit installed:
OK
**** Test for '^/bin/systemd-daemon \[Not from a Debian package\]$'
/bin/systemd-daemon [Not from a Debian package]
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\.                        WARNING$'
Searching for Syslogk LKM rootkit...                        WARNING
OK
**** Test for '^WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk$'
WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\.                          WARNING$'
Searching for Kovid LKM rootkit...                          WARNING
OK
**** Test for '^WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid$'
WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\.               WARNING$'
Searching for Tsunami DDoS Malware rootkit...               WARNING
OK
**** Test for '^WARNING: Possible Tsunami DDoS Malware rootkit installed:$'
WARNING: Possible Tsunami DDoS Malware rootkit installed:
OK
**** Test for '^/bin/cls \[Not from a Debian package\]$'
/bin/cls [Not from a Debian package]
OK
**** Test for '^Searching for Linux BPF Door\.\.\.                             WARNING$'
Searching for Linux BPF Door...                             WARNING
OK
**** Test for '^WARNING: Possible Linux BPFDoor Malware installed:$'
WARNING: Possible Linux BPFDoor Malware installed:
OK
**** Test for '^/proc/xx/stack$'
/proc/xx/stack
OK
**** Test for '^Searching for suspect PHP files\.\.\.                          WARNING$'
Searching for suspect PHP files...                          WARNING
OK
**** Test for '^WARNING: The following suspicious PHP files were found:$'
WARNING: The following suspicious PHP files were found:
OK
**** Test for '^/tmp/name\.php$'
/tmp/name.php
OK
**** Test for '^/tmp/sp ace/aaa' exit 1; "$'
/tmp/sp ace/aaa' exit 1; "
OK
**** Test for '^/tmp/by-content$'
/tmp/by-content
OK
**** Test for '^Searching for zero-size shell history files in /root\.\.\.     WARNING$'
Searching for zero-size shell history files in /root...     WARNING
OK
**** Test for '^WARNING: Zero-size history files:$'
WARNING: Zero-size history files:
OK
**** Test for '^/root/\.whatever\.history \[Not from a Debian package\]$'
/root/.whatever.history [Not from a Debian package]
/root/.whatever.history [Not from a Debian package]
OK
**** Test for '^Searching for hardlinked shell history files in /root\.\.\.    WARNING$'
Searching for hardlinked shell history files in /root...    WARNING
OK
**** Test for '^WARNING: shell history files hardlinked to another file:$'
WARNING: shell history files hardlinked to another file:
OK
**** Test for '^/root/\.whatever\.history \[Not from a Debian package\]$'
/root/.whatever.history [Not from a Debian package]
/root/.whatever.history [Not from a Debian package]
OK
**** Test for '^Checking `aliens'\.\.\.                                        finished$'
Checking `aliens'...                                        finished
OK
**** Test for '^Checking `asp'\.\.\.                                           WARNING$'
Checking `asp'...                                           WARNING
OK
**** Test for '^WARNING: Possible Ramen Worm installed in /etc/inetd\.conf$'
WARNING: Possible Ramen Worm installed in /etc/inetd.conf
OK
**** Test for '^Checking `bindshell'\.\.\.                                     WARNING$'
Checking `bindshell'...                                     WARNING
OK
**** Test for '^WARNING: Potential bindshell installed: infected ports: 600 31337$'
WARNING: Potential bindshell installed: infected ports: 600 31337
OK
**** Test for '^Checking `lkm'\.\.\.                                           started$'
Checking `lkm'...                                           started
OK
**** Test for '^Searching for Adore LKM\.\.\.                                  not tested$'
Searching for Adore LKM...                                  not tested
OK
**** Test for '^Searching for sebek LKM \(Adore based\)\.\.\.                    not tested$'
Searching for sebek LKM (Adore based)...                    not tested
OK
**** Test for '^Searching for knark LKM rootkit\.\.\.                          not found$'
Searching for knark LKM rootkit...                          not found
OK
**** Test for '^Searching for for hidden processes with chkproc\.\.\.          not found$'
Searching for for hidden processes with chkproc...          not found
OK
**** Test for '^Searching for for hidden directories using chkdirs\.\.\.'
Searching for for hidden directories using chkdirs...       not found
OK
**** Test for '^Checking `lkm'\.\.\.                                           finished$'
Checking `lkm'...                                           finished
OK
**** Test for '^Checking `rexedcs'\.\.\.                                       INFECTED: /usr/bin/in\.rexedcs$'
Checking `rexedcs'...                                       INFECTED: /usr/bin/in.rexedcs
OK
**** Test for '^Checking `sniffer'\.\.\.                                       WARNING$'
<No match (FAIL)>

**** Test for '^WARNING: Output from ifpromisc:$'
<No match (FAIL)>

**** Test for '^lo: not promisc and no packet sniffer sockets$'
<No match (FAIL)>

**** Test for '^Checking `w55808'\.\.\.                                        WARNING$'
Checking `w55808'...                                        WARNING
OK
**** Test for '^WARNING: Possible 55808 Worm installed$'
WARNING: Possible 55808 Worm installed
OK
**** Test for '^Checking `wted'\.\.\.                                          not (tested|found)$'
Checking `wted'...                                          not found
OK
**** Test for '^Checking `scalper'\.\.\.                                       WARNING$'
Checking `scalper'...                                       WARNING
OK
**** Test for '^WARNING: Possible Scalper Worm installed$'
WARNING: Possible Scalper Worm installed
OK
**** Test for '^Checking `slapper'\.\.\.                                       WARNING$'
Checking `slapper'...                                       WARNING
OK
**** Test for '^WARNING: Possible Slapper Worm installed:$'
WARNING: Possible Slapper Worm installed:
OK
**** Test for '^/tmp/\.bugtraq\.c \[Not from a Debian package\]$'
/tmp/.bugtraq.c [Not from a Debian package]
OK
**** Test for '^Checking `z2'\.\.\.                                            not (tested|found)$'
Checking `z2'...                                            not found
OK
**** Test for '^Checking `chkutmp'\.\.\.'
Checking `chkutmp'...                                       not tested
OK
**** Test for '^Checking `OSX_RSPLUG'\.\.\.                                    not tested$'
Checking `OSX_RSPLUG'...                                    not tested
OK
** FAIL: Testing: all-tests-can-find-something-01 (chkrootkit -p /tmp/clean) done: FAIL
*** FAIL was with config set to:
RUN_DAILY=true
RUN_DAILY_OPTS='-q'
DIFF_MODE=true
MAILTO=root

*** Reason(s) for failure follows
Result: FAIL

Missing: ^Checking `sniffer'\.\.\.                                       WARNING$
Missing: ^WARNING: Output from ifpromisc:$
Missing: ^lo: not promisc and no packet sniffer sockets$
*** Unexpected (unmatched) lines follow (for info):
Checking `sniffer'...                                       not found
** Testing: all-tests-can-find-something-02-quiet (chkrootkit -p /tmp/clean -q) ...
*** Output
Checking `amd'... INFECTED
Checking `basename'... INFECTED
Checking `biff'... INFECTED
Checking `chfn'... INFECTED
Checking `chsh'... INFECTED
Checking `cron'... INFECTED
WARNING: crontab for nobody found, possible Lupper.Worm.
Checking for Lupper.Worm... INFECTED
Checking `crontab'... INFECTED
Checking `date'... INFECTED
Checking `du'... INFECTED
Checking `dirname'... INFECTED
Checking `echo'... INFECTED
Checking `egrep'... INFECTED
Checking `env'... INFECTED
Checking `find'... INFECTED
Checking `fingerd'... INFECTED
Checking `gpm'... INFECTED
Checking `grep'... INFECTED
Checking `hdparm'... INFECTED
Checking `su'... INFECTED
Checking `ifconfig'... INFECTED
Checking `inetd'... INFECTED
Checking `inetdconf'... INFECTED
Checking `identd'... INFECTED
Checking `init'... INFECTED
Checking `killall'... INFECTED
Checking `login'... INFECTED
Checking `ls'... INFECTED
Checking `lsof'... INFECTED
Checking `mail'... INFECTED
Checking `mingetty'... INFECTED
Checking `netstat'... INFECTED
Checking `named'... INFECTED
Checking `passwd'... INFECTED
Checking `pidof'... INFECTED
Checking `pop2'... INFECTED
Checking `pop3'... INFECTED
Checking `ps'... INFECTED
Checking `pstree'... INFECTED
Checking `rpcinfo'... INFECTED
Checking `rlogind'... INFECTED
Checking `rshd'... INFECTED
Checking `slogin'... INFECTED
Checking `sendmail'... INFECTED
Checking `syslogd'... INFECTED
Checking `tar'... INFECTED
Checking `tcpd'... INFECTED
Checking `tcpdump'... INFECTED
Checking `top'... INFECTED
Checking `telnetd'... INFECTED
Checking `timed'... INFECTED
Checking `traceroute'... INFECTED
Checking `vdir'... INFECTED
Checking `w'... INFECTED
Checking `write'... INFECTED
WARNING: The following suspicious files were found in /dev:
/dev/bad-file

WARNING: Suspect directory /var/run/.tmp/ [Not from a Debian package] found. Looking for sniffer logs:
/var/run/.tmp/ [Not from a Debian package]
/var/run/.tmp/y [Not from a Debian package]

WARNING: The following known suspicious files were found:
/usr/bin/atm [Not from a Debian package]
/etc/ld.so.hash [Not from a Debian package]

WARNING: The following potential sniffer's logs were found:
/tmp/tcp.log [Not from a Debian package]

WARNING: Possible HiDrootkit rootkit installed:
/var/lib/games/.k/ [Not from a Debian package]

WARNING: Possible t0rn rootkit installed:
/etc/ttyhash [Not from a Debian package]

WARNING: Possible t0rn v8 (or variation) rootkit installed:
/usr/local/lib/libproc.a [Not from a Debian package]

WARNING: Possible Lion rootkit installed:
/bin/mjy [Not from a Debian package]

WARNING: Possible RSHA rootkit installed:
/usr/bin/n3tstat [Not from a Debian package]

WARNING: Possible RH-Sharpe rootkit installed:
/bin/lps [Not from a Debian package]

WARNING: Possible Ambient's rootkit (ark) installed:
/usr/lib/.ark? [Not from a Debian package]

WARNING: The following suspicious files and directories were found:
/usr/lib/.DIR-aaa [Not from a Debian package]
/usr/lib/...DIR [Not from a Debian package]
/usr/lib/.ark? [Not from a Debian package]
/usr/lib/.aaa [Not from a Debian package]
/usr/lib/.1DIR [Not from a Debian package]
/usr/lib/... [Not from a Debian package]
/usr/lib/.bbb [Not from a Debian package]
/usr/lib/.1 [Not from a Debian package]

WARNING: Possible LPD worm installed (based on files found)

WARNING: Possible Ramen Worm rootkit installed:
/usr/src/.poop/ [Not from a Debian package]

WARNING: Possible Maniac rootkit installed:
/usr/bin/mailrc [Not from a Debian package]

WARNING: Possible RK17 rootkit installed:
/www/httpd/cgi-bin/bogus.cgi [Not from a Debian package]
/usr/lib/number.cgi [Not from a Debian package]

WARNING: Possible Ducoci rootkit installed:
/www/httpd/cgi-bin/last.cgi [Not from a Debian package]

WARNING: Possible Adore Worm installed:
/usr/bin/red.tar [Not from a Debian package]

WARNING: Possible ShitC Worm installed:
/usr/bin/frgy [Not from a Debian package]
/usr/bin/dy [Not from a Debian package]

WARNING: Possible Omega Worm installed:
/dev/chr [Not from a Debian package]

WARNING: Possible Sadmin/IIS Worm installed:
/dev/cuc [Not from a Debian package]

WARNING: Possible MonKit installed:
/usr/lib/libpikapp.a [Not from a Debian package]

WARNING: Possible Showtee rootkit installed:
/usr/include/proc.h [Not from a Debian package]
/usr/include/chk.h [Not from a Debian package]

WARNING: Possible OpticKit installed:
/usr/bin/xsf [Not from a Debian package]

WARNING: Possible T.R.K installed:
/usr/bin/xsf [Not from a Debian package]

WARNING: Possible Mithra installed:
/usr/lib/locale/uboot [Not from a Debian package]

WARNING: Possible LOC rootkit installed:
/tmp/xp [Not from a Debian package]
/usr/sbin/epic [Not from a Debian package]
WARNING: Possible Romanian rootkit installed:
/usr/include/proc.h [Not from a Debian package]

WARNING: Possible HKRK rootkit installed in /etc/rc.d/init.d/network [Not from a Debian package]

WARNING: Possible Suckit:
/dev/.golf/

WARNING: Possible Volc rootkit installed:
/usr/bin/volc [Not from a Debian package]

WARNING: Possible Gold2 rootkit installed:
/usr/bin/ishit [Not from a Debian package]

WARNING: Possible TC2 rootkit installed:
/usr/sbin/initcheck [Not from a Debian package]

WARNING: Possible Anonoying rootkit installed:
/usr/sbin/mech [Not from a Debian package]

WARNING: Possible ZK rootkit installed:
/etc/sysconfig/console/load.zk [Not from a Debian package]

WARNING: Possible ShKit rootkit installed:
/etc/ld.so.hash [Not from a Debian package]

WARNING: Possible AjaKit rootkit installed:
/dev/tux/ [Not from a Debian package]

WARNING: Possible zaRwT rootkit installed:
/bin/imout [Not from a Debian package]

WARNING: Possible Madalin rootkit installed:
/usr/include/icekey.h [Not from a Debian package]

WARNING: Possible Fu rootkit installed:
/sbin/xc [Not from a Debian package]

WARNING: Possible Kenga3 rootkit installed:
/usr/include/. ./ [Not from a Debian package]
/usr/include/. ./foo [Not from a Debian package]

WARNING: Possible ESRK rootkit installed:
/usr/lib/tcl5.3/ [Not from a Debian package]

WARNING: Possible rootedoor installed:
/usr/sbin/rootedoor [Not from a Debian package]
/sbin/rootedoor [Not from a Debian package]
/sbin/rootedoor [Not from a Debian package]
/usr/sbin/rootedoor [Not from a Debian package]

WARNING: Possible ENYELKM rootkit installed:
/etc/.enyelkmOCULTAR.ko/ [Not from a Debian package]

WARNING: Possible ssh-scanner installed:
/var/tmp/vuln.txt [Not from a Debian package]

WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1.4

WARNING: Possible Linux/Ebury 1.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils.so.1 [From Debian package: libkeyutils1:amd64]
WARNING: Possible 64-bit Linux Rootkit:
/usr/local/hide/ [Not from a Debian package]
/usr/local/hide/foo [Not from a Debian package]
/etc/rc.local [Not from a Debian package]

WARNING: Possible 64-bit rootkit modules installed:
/lib/modules/module_init.ko [Not from a Debian package]

WARNING: Possible Mumblehard backdoor installed:
/var/spool/cron/crontabs/foo [Not from a Debian package]

WARNING: Possible Backdoor.Linux.Mokes.a installed:
/tmp/ss0-0 [Not from a Debian package]

WARNING: Possible Malicious TinyDNS installed:
/home/ ./ [Not from a Debian package]
/home/ ./tinyDNS [Not from a Debian package]

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/ls.orig [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/grep.orig [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

WARNING: INFECTED: Possible Malicious Linux.Proxy.10 installed in /etc/passwd

WARNING: Possible Malicious CrossRAT installed:
/usr/var/mediamgrs.jar [Not from a Debian package]

WARNING: Possible Malicious Hidden Cobra installed:
/tmp/.ICE-unix/engine.so [Not from a Debian package]

WARNING: Possible Rocke Miner rootkit installed:
/etc/xig [Not from a Debian package]

WARNING: Possible PWNLNX4 lkm rootkit installed:
/var/tmp/.1/ [Not from a Debian package]

WARNING: Possible PWNLNX6 lkm rootkit installed:
/tmp/suterusu/ [Not from a Debian package]

WARNING: Possible Malicious UMBREON LRK installed:
/usr/share/libc.so.69 [Not from a Debian package]

WARNING: Possible Kinsing.a backdoor rootkit installed:
/tmp/kdevtmpfsi [Not from a Debian package]

WARNING: Possible RotaJakiro backdoor rootkit installed:
/bin/systemd-daemon [Not from a Debian package]

WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk

WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid

WARNING: Possible Tsunami DDoS Malware rootkit installed:
/bin/cls [Not from a Debian package]

WARNING: Possible Linux BPFDoor Malware installed:
/proc/xx/stack

WARNING: The following suspicious PHP files were found:
/tmp/name.php
/tmp/sp ace/aaa' exit 1; "
/tmp/by-content

WARNING: Zero-size history files:
/root/.whatever.history [Not from a Debian package]

WARNING: shell history files hardlinked to another file:
/root/.whatever.history [Not from a Debian package]

WARNING: Possible Ramen Worm installed in /etc/inetd.conf

WARNING: Potential bindshell installed: infected ports: 600 31337

INFECTED: /usr/bin/in.rexedcs
WARNING: Possible 55808 Worm installed

WARNING: Possible Scalper Worm installed

WARNING: Possible Slapper Worm installed:
/tmp/.bugtraq.c [Not from a Debian package]

**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 17 00:36 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root    0 Jan 17 00:36 chkrootkit-daily.log
-rw-r--r-- 1 root root  11K Jan 17 00:36 log.expected
-rw-r--r-- 1 root root  11K Jan 17 00:36 log.today
-rw-r--r-- 1 root root  11K Jan 17 00:36 log.today.raw
*** Test of content of output follows...
**** Test for '^Checking `amd'\.\.\. INFECTED$'
Checking `amd'... INFECTED
OK
**** Test for '^Checking `basename'\.\.\. INFECTED$'
Checking `basename'... INFECTED
OK
**** Test for '^Checking `biff'\.\.\. INFECTED$'
Checking `biff'... INFECTED
OK
**** Test for '^Checking `chfn'\.\.\. INFECTED$'
Checking `chfn'... INFECTED
OK
**** Test for '^Checking `chsh'\.\.\. INFECTED$'
Checking `chsh'... INFECTED
OK
**** Test for '^Checking `cron'\.\.\. INFECTED$'
Checking `cron'... INFECTED
OK
**** Test for '^Checking for Lupper\.Worm\.\.\. INFECTED$'
Checking for Lupper.Worm... INFECTED
OK
**** Test for '^WARNING: crontab for nobody found, possible Lupper\.Worm\.$'
WARNING: crontab for nobody found, possible Lupper.Worm.
OK
**** Test for '^Checking `crontab'\.\.\. INFECTED$'
Checking `crontab'... INFECTED
OK
**** Test for '^Checking `date'\.\.\. INFECTED$'
Checking `date'... INFECTED
OK
**** Test for '^Checking `du'\.\.\. INFECTED$'
Checking `du'... INFECTED
OK
**** Test for '^Checking `dirname'\.\.\. INFECTED$'
Checking `dirname'... INFECTED
OK
**** Test for '^Checking `echo'\.\.\. INFECTED$'
Checking `echo'... INFECTED
OK
**** Test for '^Checking `egrep'\.\.\. INFECTED$'
Checking `egrep'... INFECTED
OK
**** Test for '^Checking `env'\.\.\. INFECTED$'
Checking `env'... INFECTED
OK
**** Test for '^Checking `find'\.\.\. INFECTED$'
Checking `find'... INFECTED
OK
**** Test for '^Checking `fingerd'\.\.\. INFECTED$'
Checking `fingerd'... INFECTED
OK
**** Test for '^Checking `gpm'\.\.\. INFECTED$'
Checking `gpm'... INFECTED
OK
**** Test for '^Checking `grep'\.\.\. INFECTED$'
Checking `grep'... INFECTED
OK
**** Test for '^Checking `hdparm'\.\.\. INFECTED$'
Checking `hdparm'... INFECTED
OK
**** Test for '^Checking `su'\.\.\. INFECTED$'
Checking `su'... INFECTED
OK
**** Test for '^Checking `ifconfig'\.\.\. INFECTED$'
Checking `ifconfig'... INFECTED
OK
**** Test for '^Checking `inetd'\.\.\. INFECTED$'
Checking `inetd'... INFECTED
OK
**** Test for '^Checking `inetdconf'\.\.\. INFECTED$'
Checking `inetdconf'... INFECTED
OK
**** Test for '^Checking `identd'\.\.\. INFECTED$'
Checking `identd'... INFECTED
OK
**** Test for '^Checking `init'\.\.\. INFECTED$'
Checking `init'... INFECTED
OK
**** Test for '^Checking `killall'\.\.\. INFECTED$'
Checking `killall'... INFECTED
OK
**** Test for '^Checking `login'\.\.\. INFECTED$'
Checking `login'... INFECTED
OK
**** Test for '^Checking `ls'\.\.\. INFECTED$'
Checking `ls'... INFECTED
OK
**** Test for '^Checking `lsof'\.\.\. INFECTED$'
Checking `lsof'... INFECTED
OK
**** Test for '^Checking `mail'\.\.\. INFECTED$'
Checking `mail'... INFECTED
OK
**** Test for '^Checking `mingetty'\.\.\. INFECTED$'
Checking `mingetty'... INFECTED
OK
**** Test for '^Checking `netstat'\.\.\. INFECTED$'
Checking `netstat'... INFECTED
OK
**** Test for '^Checking `named'\.\.\. INFECTED$'
Checking `named'... INFECTED
OK
**** Test for '^Checking `passwd'\.\.\. INFECTED$'
Checking `passwd'... INFECTED
OK
**** Test for '^Checking `pidof'\.\.\. INFECTED$'
Checking `pidof'... INFECTED
OK
**** Test for '^Checking `pop2'\.\.\. INFECTED$'
Checking `pop2'... INFECTED
OK
**** Test for '^Checking `pop3'\.\.\. INFECTED$'
Checking `pop3'... INFECTED
OK
**** Test for '^Checking `ps'\.\.\. INFECTED$'
Checking `ps'... INFECTED
OK
**** Test for '^Checking `pstree'\.\.\. INFECTED$'
Checking `pstree'... INFECTED
OK
**** Test for '^Checking `rpcinfo'\.\.\. INFECTED$'
Checking `rpcinfo'... INFECTED
OK
**** Test for '^Checking `rlogind'\.\.\. INFECTED$'
Checking `rlogind'... INFECTED
OK
**** Test for '^Checking `rshd'\.\.\. INFECTED$'
Checking `rshd'... INFECTED
OK
**** Test for '^Checking `slogin'\.\.\. INFECTED$'
Checking `slogin'... INFECTED
OK
**** Test for '^Checking `sendmail'\.\.\. INFECTED$'
Checking `sendmail'... INFECTED
OK
**** Test for '^Checking `syslogd'\.\.\. INFECTED$'
Checking `syslogd'... INFECTED
OK
**** Test for '^Checking `tar'\.\.\. INFECTED$'
Checking `tar'... INFECTED
OK
**** Test for '^Checking `tcpd'\.\.\. INFECTED$'
Checking `tcpd'... INFECTED
OK
**** Test for '^Checking `tcpdump'\.\.\. INFECTED$'
Checking `tcpdump'... INFECTED
OK
**** Test for '^Checking `top'\.\.\. INFECTED$'
Checking `top'... INFECTED
OK
**** Test for '^Checking `telnetd'\.\.\. INFECTED$'
Checking `telnetd'... INFECTED
OK
**** Test for '^Checking `timed'\.\.\. INFECTED$'
Checking `timed'... INFECTED
OK
**** Test for '^Checking `traceroute'\.\.\. INFECTED$'
Checking `traceroute'... INFECTED
OK
**** Test for '^Checking `vdir'\.\.\. INFECTED$'
Checking `vdir'... INFECTED
OK
**** Test for '^Checking `w'\.\.\. INFECTED$'
Checking `w'... INFECTED
OK
**** Test for '^Checking `write'\.\.\. INFECTED$'
Checking `write'... INFECTED
OK
**** Test for '^WARNING: The following suspicious files were found in /dev:$'
WARNING: The following suspicious files were found in /dev:
OK
**** Test for '^/dev/bad-file$'
/dev/bad-file
OK
**** Test for '^$'








































































OK
**** Test for '^WARNING: Suspect directory /var/run/\.tmp/ \[Not from a Debian package\] found\. Looking for sniffer logs:$'
WARNING: Suspect directory /var/run/.tmp/ [Not from a Debian package] found. Looking for sniffer logs:
OK
**** Test for '^/var/run/\.tmp/ \[Not from a Debian package\]$'
/var/run/.tmp/ [Not from a Debian package]
OK
**** Test for '^/var/run/\.tmp/y \[Not from a Debian package\]$'
/var/run/.tmp/y [Not from a Debian package]
OK
**** Test for '^WARNING: The following known suspicious files were found:$'
WARNING: The following known suspicious files were found:
OK
**** Test for '^/usr/bin/atm \[Not from a Debian package\]$'
/usr/bin/atm [Not from a Debian package]
OK
**** Test for '^/etc/ld\.so\.hash \[Not from a Debian package\]$'
/etc/ld.so.hash [Not from a Debian package]
/etc/ld.so.hash [Not from a Debian package]
OK
**** Test for '^WARNING: The following potential sniffer's logs were found:$'
WARNING: The following potential sniffer's logs were found:
OK
**** Test for '^/tmp/tcp\.log \[Not from a Debian package\]$'
/tmp/tcp.log [Not from a Debian package]
OK
**** Test for '^WARNING: Possible HiDrootkit rootkit installed:$'
WARNING: Possible HiDrootkit rootkit installed:
OK
**** Test for '^/var/lib/games/\.k/ \[Not from a Debian package\]$'
/var/lib/games/.k/ [Not from a Debian package]
OK
**** Test for '^WARNING: Possible t0rn rootkit installed:$'
WARNING: Possible t0rn rootkit installed:
OK
**** Test for '^/etc/ttyhash \[Not from a Debian package\]$'
/etc/ttyhash [Not from a Debian package]
OK
**** Test for '^WARNING: Possible t0rn v8 \(or variation\) rootkit installed:$'
WARNING: Possible t0rn v8 (or variation) rootkit installed:
OK
**** Test for '^/usr/local/lib/libproc\.a \[Not from a Debian package\]$'
/usr/local/lib/libproc.a [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Lion rootkit installed:$'
WARNING: Possible Lion rootkit installed:
OK
**** Test for '^/bin/mjy \[Not from a Debian package\]$'
/bin/mjy [Not from a Debian package]
OK
**** Test for '^WARNING: Possible RSHA rootkit installed:$'
WARNING: Possible RSHA rootkit installed:
OK
**** Test for '^/usr/bin/n3tstat \[Not from a Debian package\]$'
/usr/bin/n3tstat [Not from a Debian package]
OK
**** Test for '^WARNING: Possible RH-Sharpe rootkit installed:$'
WARNING: Possible RH-Sharpe rootkit installed:
OK
**** Test for '^/bin/lps \[Not from a Debian package\]$'
/bin/lps [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Ambient's rootkit \(ark\) installed:$'
WARNING: Possible Ambient's rootkit (ark) installed:
OK
**** Test for '^/usr/lib/\.ark\? \[Not from a Debian package\]$'
/usr/lib/.ark? [Not from a Debian package]
/usr/lib/.ark? [Not from a Debian package]
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^(/usr)?/lib/\.1 \[Not from a Debian package\]$'
/usr/lib/.1 [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.aaa \[Not from a Debian package\]$'
/usr/lib/.aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.1DIR \[Not from a Debian package\]$'
/usr/lib/.1DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.ark\? \[Not from a Debian package\]$'
/usr/lib/.ark? [Not from a Debian package]
/usr/lib/.ark? [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\.DIR \[Not from a Debian package\]$'
/usr/lib/...DIR [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.bbb \[Not from a Debian package\]$'
/usr/lib/.bbb [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.DIR-aaa \[Not from a Debian package\]$'
/usr/lib/.DIR-aaa [Not from a Debian package]
OK
**** Test for '^(/usr)?/lib/\.\.\. \[Not from a Debian package\]$'
/usr/lib/... [Not from a Debian package]
OK
**** Test for '^WARNING: Possible LPD worm installed \(based on files found\)$'
WARNING: Possible LPD worm installed (based on files found)
OK
**** Test for '^WARNING: Possible Ramen Worm rootkit installed:$'
WARNING: Possible Ramen Worm rootkit installed:
OK
**** Test for '^/usr/src/\.poop/ \[Not from a Debian package\]$'
/usr/src/.poop/ [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Maniac rootkit installed:$'
WARNING: Possible Maniac rootkit installed:
OK
**** Test for '^/usr/bin/mailrc \[Not from a Debian package\]$'
/usr/bin/mailrc [Not from a Debian package]
OK
**** Test for '^WARNING: Possible RK17 rootkit installed:$'
WARNING: Possible RK17 rootkit installed:
OK
**** Test for '^/www/httpd/cgi-bin/bogus\.cgi \[Not from a Debian package\]$'
/www/httpd/cgi-bin/bogus.cgi [Not from a Debian package]
OK
**** Test for '^/usr/lib/number\.cgi \[Not from a Debian package\]$'
/usr/lib/number.cgi [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Ducoci rootkit installed:$'
WARNING: Possible Ducoci rootkit installed:
OK
**** Test for '^/www/httpd/cgi-bin/last\.cgi \[Not from a Debian package\]$'
/www/httpd/cgi-bin/last.cgi [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Adore Worm installed:$'
WARNING: Possible Adore Worm installed:
OK
**** Test for '^/usr/bin/red\.tar \[Not from a Debian package\]$'
/usr/bin/red.tar [Not from a Debian package]
OK
**** Test for '^WARNING: Possible ShitC Worm installed:$'
WARNING: Possible ShitC Worm installed:
OK
**** Test for '^(/usr)?/bin/dy \[Not from a Debian package\]$'
/usr/bin/dy [Not from a Debian package]
OK
**** Test for '^(/usr)?/bin/frgy \[Not from a Debian package\]$'
/usr/bin/frgy [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Omega Worm installed:$'
WARNING: Possible Omega Worm installed:
OK
**** Test for '^/dev/chr \[Not from a Debian package\]$'
/dev/chr [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Sadmin/IIS Worm installed:$'
WARNING: Possible Sadmin/IIS Worm installed:
OK
**** Test for '^/dev/cuc \[Not from a Debian package\]$'
/dev/cuc [Not from a Debian package]
OK
**** Test for '^WARNING: Possible MonKit installed:$'
WARNING: Possible MonKit installed:
OK
**** Test for '^/usr/lib/libpikapp\.a \[Not from a Debian package\]$'
/usr/lib/libpikapp.a [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Showtee rootkit installed:$'
WARNING: Possible Showtee rootkit installed:
OK
**** Test for '^/usr/include/proc\.h \[Not from a Debian package\]$'
/usr/include/proc.h [Not from a Debian package]
/usr/include/proc.h [Not from a Debian package]
OK
**** Test for '^/usr/include/chk\.h \[Not from a Debian package\]$'
/usr/include/chk.h [Not from a Debian package]
OK
**** Test for '^WARNING: Possible OpticKit installed:$'
WARNING: Possible OpticKit installed:
OK
**** Test for '^/usr/bin/xsf \[Not from a Debian package\]$'
/usr/bin/xsf [Not from a Debian package]
/usr/bin/xsf [Not from a Debian package]
OK
**** Test for '^WARNING: Possible T\.R\.K installed:$'
WARNING: Possible T.R.K installed:
OK
**** Test for '^/usr/bin/xsf \[Not from a Debian package\]$'
/usr/bin/xsf [Not from a Debian package]
/usr/bin/xsf [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Mithra installed:$'
WARNING: Possible Mithra installed:
OK
**** Test for '^/usr/lib/locale/uboot \[Not from a Debian package\]$'
/usr/lib/locale/uboot [Not from a Debian package]
OK
**** Test for '^WARNING: Possible LOC rootkit installed:$'
WARNING: Possible LOC rootkit installed:
OK
**** Test for '^/tmp/xp \[Not from a Debian package\]$'
/tmp/xp [Not from a Debian package]
OK
**** Test for '^/usr/sbin/epic \[Not from a Debian package\]$'
/usr/sbin/epic [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Romanian rootkit installed:$'
WARNING: Possible Romanian rootkit installed:
OK
**** Test for '^/usr/include/proc\.h \[Not from a Debian package\]$'
/usr/include/proc.h [Not from a Debian package]
/usr/include/proc.h [Not from a Debian package]
OK
**** Test for '^WARNING: Possible HKRK rootkit installed in /etc/rc\.d/init\.d/network \[Not from a Debian package\]$'
WARNING: Possible HKRK rootkit installed in /etc/rc.d/init.d/network [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Suckit:$'
WARNING: Possible Suckit:
OK
**** Test for '^/dev/\.golf/$'
/dev/.golf/
OK
**** Test for '^WARNING: Possible Volc rootkit installed:$'
WARNING: Possible Volc rootkit installed:
OK
**** Test for '^/usr/bin/volc \[Not from a Debian package\]$'
/usr/bin/volc [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Gold2 rootkit installed:$'
WARNING: Possible Gold2 rootkit installed:
OK
**** Test for '^/usr/bin/ishit \[Not from a Debian package\]$'
/usr/bin/ishit [Not from a Debian package]
OK
**** Test for '^WARNING: Possible TC2 rootkit installed:$'
WARNING: Possible TC2 rootkit installed:
OK
**** Test for '^/usr/sbin/initcheck \[Not from a Debian package\]$'
/usr/sbin/initcheck [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Anonoying rootkit installed:$'
WARNING: Possible Anonoying rootkit installed:
OK
**** Test for '^/usr/sbin/mech \[Not from a Debian package\]$'
/usr/sbin/mech [Not from a Debian package]
OK
**** Test for '^WARNING: Possible ZK rootkit installed:$'
WARNING: Possible ZK rootkit installed:
OK
**** Test for '^/etc/sysconfig/console/load\.zk \[Not from a Debian package\]$'
/etc/sysconfig/console/load.zk [Not from a Debian package]
OK
**** Test for '^WARNING: Possible ShKit rootkit installed:$'
WARNING: Possible ShKit rootkit installed:
OK
**** Test for '^/etc/ld\.so\.hash \[Not from a Debian package\]$'
/etc/ld.so.hash [Not from a Debian package]
/etc/ld.so.hash [Not from a Debian package]
OK
**** Test for '^WARNING: Possible AjaKit rootkit installed:$'
WARNING: Possible AjaKit rootkit installed:
OK
**** Test for '^/dev/tux/ \[Not from a Debian package\]$'
/dev/tux/ [Not from a Debian package]
OK
**** Test for '^WARNING: Possible zaRwT rootkit installed:$'
WARNING: Possible zaRwT rootkit installed:
OK
**** Test for '^/bin/imout \[Not from a Debian package\]$'
/bin/imout [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Madalin rootkit installed:$'
WARNING: Possible Madalin rootkit installed:
OK
**** Test for '^/usr/include/icekey\.h \[Not from a Debian package\]$'
/usr/include/icekey.h [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Fu rootkit installed:$'
WARNING: Possible Fu rootkit installed:
OK
**** Test for '^/sbin/xc \[Not from a Debian package\]$'
/sbin/xc [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Kenga3 rootkit installed:$'
WARNING: Possible Kenga3 rootkit installed:
OK
**** Test for '^/usr/include/\. \./ \[Not from a Debian package\]$'
/usr/include/. ./ [Not from a Debian package]
OK
**** Test for '^/usr/include/\. \./foo \[Not from a Debian package\]$'
/usr/include/. ./foo [Not from a Debian package]
OK
**** Test for '^WARNING: Possible ESRK rootkit installed:$'
WARNING: Possible ESRK rootkit installed:
OK
**** Test for '^/usr/lib/tcl5\.3/ \[Not from a Debian package\]$'
/usr/lib/tcl5.3/ [Not from a Debian package]
OK
**** Test for '^WARNING: Possible rootedoor installed:$'
WARNING: Possible rootedoor installed:
OK
**** Test for '^/usr/sbin/rootedoor \[Not from a Debian package\]$'
/usr/sbin/rootedoor [Not from a Debian package]
/usr/sbin/rootedoor [Not from a Debian package]
OK
**** Test for '^/sbin/rootedoor \[Not from a Debian package\]$'
/sbin/rootedoor [Not from a Debian package]
/sbin/rootedoor [Not from a Debian package]
OK
**** Test for '^WARNING: Possible ENYELKM rootkit installed:$'
WARNING: Possible ENYELKM rootkit installed:
OK
**** Test for '^/etc/\.enyelkmOCULTAR\.ko/ \[Not from a Debian package\]$'
/etc/.enyelkmOCULTAR.ko/ [Not from a Debian package]
OK
**** Test for '^WARNING: Possible ssh-scanner installed:$'
WARNING: Possible ssh-scanner installed:
OK
**** Test for '^/var/tmp/vuln\.txt \[Not from a Debian package\]$'
/var/tmp/vuln.txt [Not from a Debian package]
OK
**** Test for '^WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1\.4$'
WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1.4
OK
**** Test for '^WARNING: Possible Linux/Ebury 1\.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils\.so\.1 \[.+\]$'
WARNING: Possible Linux/Ebury 1.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils.so.1 [From Debian package: libkeyutils1:amd64]
OK
**** Test for '^WARNING: Possible 64-bit Linux Rootkit:'
WARNING: Possible 64-bit Linux Rootkit:
OK
**** Test for '^/usr/local/hide/ \[Not from a Debian package\]$'
/usr/local/hide/ [Not from a Debian package]
OK
**** Test for '^/usr/local/hide/foo \[Not from a Debian package\]$'
/usr/local/hide/foo [Not from a Debian package]
OK
**** Test for '^/etc/rc\.local \[Not from a Debian package\]$'
/etc/rc.local [Not from a Debian package]
OK
**** Test for '^WARNING: Possible 64-bit rootkit modules installed:$'
WARNING: Possible 64-bit rootkit modules installed:
OK
**** Test for '^/lib/modules/module_init\.ko \[Not from a Debian package\]$'
/lib/modules/module_init.ko [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Mumblehard backdoor installed:$'
WARNING: Possible Mumblehard backdoor installed:
OK
**** Test for '^/var/spool/cron/crontabs/foo \[Not from a Debian package\]$'
/var/spool/cron/crontabs/foo [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Backdoor\.Linux\.Mokes\.a installed:$'
WARNING: Possible Backdoor.Linux.Mokes.a installed:
OK
**** Test for '^/tmp/ss0-0 \[Not from a Debian package\]$'
/tmp/ss0-0 [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Malicious TinyDNS installed:$'
WARNING: Possible Malicious TinyDNS installed:
OK
**** Test for '^/home/ \./ \[Not from a Debian package\]$'
/home/ ./ [Not from a Debian package]
OK
**** Test for '^/home/ \./tinyDNS \[Not from a Debian package\]$'
/home/ ./tinyDNS [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/clean/strings \[Not from a Debian package\]$'
/tmp/clean/strings [Not from a Debian package]
OK
**** Test for '^/tmp/clean/uname \[Not from a Debian package\]$'
/tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^/tmp/clean/head \[Not from a Debian package\]$'
/tmp/clean/head [Not from a Debian package]
OK
**** Test for '^/tmp/clean/find \[Not from a Debian package\]$'
/tmp/clean/find [Not from a Debian package]
OK
**** Test for '^/tmp/clean/echo \[Not from a Debian package\]$'
/tmp/clean/echo [Not from a Debian package]
OK
**** Test for '^/tmp/clean/netstat \[Not from a Debian package\]$'
/tmp/clean/netstat [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ls \[Not from a Debian package\]$'
/tmp/clean/ls [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ls\.orig \[Not from a Debian package\]$'
/tmp/clean/ls.orig [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ps \[Not from a Debian package\]$'
/tmp/clean/ps [Not from a Debian package]
OK
**** Test for '^/tmp/clean/awk \[Not from a Debian package\]$'
/tmp/clean/awk [Not from a Debian package]
OK
**** Test for '^/tmp/clean/grep \[Not from a Debian package\]$'
/tmp/clean/grep [Not from a Debian package]
OK
**** Test for '^/tmp/clean/grep\.orig \[Not from a Debian package\]$'
/tmp/clean/grep.orig [Not from a Debian package]
OK
**** Test for '^/tmp/clean/dirname \[Not from a Debian package\]$'
/tmp/clean/dirname [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ss \[Not from a Debian package\]$'
/tmp/clean/ss [Not from a Debian package]
OK
**** Test for '^/tmp/clean/sed \[Not from a Debian package\]$'
/tmp/clean/sed [Not from a Debian package]
OK
**** Test for '^/tmp/clean/cut \[Not from a Debian package\]$'
/tmp/clean/cut [Not from a Debian package]
OK
**** Test for '^/tmp/clean/id \[Not from a Debian package\]$'
/tmp/clean/id [Not from a Debian package]
OK
**** Test for '^/tmp/clean/xargs \[Not from a Debian package\]$'
/tmp/clean/xargs [Not from a Debian package]
OK
**** Test for '^/tmp/clean/dpkg-query \[Not from a Debian package\]$'
/tmp/clean/dpkg-query [Not from a Debian package]
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^WARNING: INFECTED: Possible Malicious Linux\.Proxy\.10 installed in /etc/passwd$'
WARNING: INFECTED: Possible Malicious Linux.Proxy.10 installed in /etc/passwd
OK
**** Test for '^WARNING: Possible Malicious CrossRAT installed:$'
WARNING: Possible Malicious CrossRAT installed:
OK
**** Test for '^/usr/var/mediamgrs\.jar \[Not from a Debian package\]$'
/usr/var/mediamgrs.jar [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Malicious Hidden Cobra installed:$'
WARNING: Possible Malicious Hidden Cobra installed:
OK
**** Test for '^/tmp/\.ICE-unix/engine\.so \[Not from a Debian package\]$'
/tmp/.ICE-unix/engine.so [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Rocke Miner rootkit installed:$'
WARNING: Possible Rocke Miner rootkit installed:
OK
**** Test for '^/etc/xig \[Not from a Debian package\]$'
/etc/xig [Not from a Debian package]
OK
**** Test for '^WARNING: Possible PWNLNX4 lkm rootkit installed:$'
WARNING: Possible PWNLNX4 lkm rootkit installed:
OK
**** Test for '^/var/tmp/\.1/ \[Not from a Debian package\]$'
/var/tmp/.1/ [Not from a Debian package]
OK
**** Test for '^WARNING: Possible PWNLNX6 lkm rootkit installed:$'
WARNING: Possible PWNLNX6 lkm rootkit installed:
OK
**** Test for '^/tmp/suterusu/ \[Not from a Debian package\]$'
/tmp/suterusu/ [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Malicious UMBREON LRK installed:$'
WARNING: Possible Malicious UMBREON LRK installed:
OK
**** Test for '^/usr/share/libc\.so\.69 \[Not from a Debian package\]$'
/usr/share/libc.so.69 [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Kinsing\.a backdoor rootkit installed:$'
WARNING: Possible Kinsing.a backdoor rootkit installed:
OK
**** Test for '^/tmp/kdevtmpfsi \[Not from a Debian package\]$'
/tmp/kdevtmpfsi [Not from a Debian package]
OK
**** Test for '^WARNING: Possible RotaJakiro backdoor rootkit installed:$'
WARNING: Possible RotaJakiro backdoor rootkit installed:
OK
**** Test for '^/bin/systemd-daemon \[Not from a Debian package\]$'
/bin/systemd-daemon [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk$'
WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk
OK
**** Test for '^WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid$'
WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid
OK
**** Test for 'WARNING: Possible Tsunami DDoS Malware rootkit installed:$'
WARNING: Possible Tsunami DDoS Malware rootkit installed:
OK
**** Test for '^/bin/cls \[Not from a Debian package\]$'
/bin/cls [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Linux BPFDoor Malware installed:$'
WARNING: Possible Linux BPFDoor Malware installed:
OK
**** Test for '^/proc/xx/stack$'
/proc/xx/stack
OK
**** Test for '^WARNING: The following suspicious PHP files were found:$'
WARNING: The following suspicious PHP files were found:
OK
**** Test for '^/tmp/name\.php$'
/tmp/name.php
OK
**** Test for '^/tmp/sp ace/aaa' exit 1; "$'
/tmp/sp ace/aaa' exit 1; "
OK
**** Test for '^/tmp/by-content$'
/tmp/by-content
OK
**** Test for '^WARNING: Zero-size history files:$'
WARNING: Zero-size history files:
OK
**** Test for '^/root/\.whatever\.history \[Not from a Debian package\]$'
/root/.whatever.history [Not from a Debian package]
/root/.whatever.history [Not from a Debian package]
OK
**** Test for '^WARNING: shell history files hardlinked to another file:$'
WARNING: shell history files hardlinked to another file:
OK
**** Test for '^/root/\.whatever\.history \[Not from a Debian package\]$'
/root/.whatever.history [Not from a Debian package]
/root/.whatever.history [Not from a Debian package]
OK
**** Test for '^WARNING: Possible Ramen Worm installed in /etc/inetd\.conf$'
WARNING: Possible Ramen Worm installed in /etc/inetd.conf
OK
**** Test for '^WARNING: Potential bindshell installed: infected ports: 600 31337$'
WARNING: Potential bindshell installed: infected ports: 600 31337
OK
**** Test for '^INFECTED: /usr/bin/in\.rexedcs$'
INFECTED: /usr/bin/in.rexedcs
OK
**** Test for '^WARNING: Output from ifpromisc:$'
<No match (FAIL)>

**** Test for '^WARNING: Possible 55808 Worm installed$'
WARNING: Possible 55808 Worm installed
OK
**** Test for '^WARNING: Possible Scalper Worm installed$'
WARNING: Possible Scalper Worm installed
OK
**** Test for '^WARNING: Possible Slapper Worm installed:$'
WARNING: Possible Slapper Worm installed:
OK
**** Test for '^/tmp/\.bugtraq\.c \[Not from a Debian package\]$'
/tmp/.bugtraq.c [Not from a Debian package]
OK
** FAIL: Testing: all-tests-can-find-something-02-quiet (chkrootkit -p /tmp/clean -q) done: FAIL
*** FAIL was with config set to:
RUN_DAILY=true
RUN_DAILY_OPTS='-q'
DIFF_MODE=true
MAILTO=root

*** Reason(s) for failure follows
Result: FAIL

Missing: ^WARNING: Output from ifpromisc:$
** Testing: exclude-results-with-minus-e-option (chkrootkit -p /tmp/clean -e /usr/* aliens) ...
*** Output
ROOTDIR is `/'
Checking `aliens'...                                        started
Searching for suspicious files in /dev...                   WARNING

WARNING: The following suspicious files were found in /dev:
/dev/bad-file

Searching for known suspicious directories...               WARNING

WARNING: Suspect directory /var/run/.tmp/ [Not from a Debian package] found. Looking for sniffer logs:
/var/run/.tmp/ [Not from a Debian package]
/var/run/.tmp/y [Not from a Debian package]

Searching for known suspicious files...                     WARNING

WARNING: The following known suspicious files were found:
/etc/ld.so.hash [Not from a Debian package]

Searching for sniffer's logs...                             WARNING

WARNING: The following potential sniffer's logs were found:
/tmp/tcp.log [Not from a Debian package]

Searching for HiDrootkit rootkit...                         WARNING

WARNING: Possible HiDrootkit rootkit installed:
/var/lib/games/.k/ [Not from a Debian package]

Searching for t0rn rootkit...                               WARNING

WARNING: Possible t0rn rootkit installed:
/etc/ttyhash [Not from a Debian package]

Searching for t0rn v8 (or variation)...                     not found
Searching for Lion rootkit...                               WARNING

WARNING: Possible Lion rootkit installed:
/bin/mjy [Not from a Debian package]

Searching for RSHA rootkit...                               not found
Searching for RH-Sharpe rootkit...                          WARNING

WARNING: Possible RH-Sharpe rootkit installed:
/bin/lps [Not from a Debian package]

Searching for Ambient (ark) rootkit...                      not found
Searching for suspicious files and dirs...                  not found
Searching for LPD Worm...                                   WARNING

WARNING: Possible LPD worm installed (based on files found)

Searching for Ramen Worm rootkit...                         not found
Searching for Maniac rootkit...                             not found
Searching for RK17 rootkit...                               WARNING

WARNING: Possible RK17 rootkit installed:
/www/httpd/cgi-bin/bogus.cgi [Not from a Debian package]

Searching for Ducoci rootkit...                             WARNING

WARNING: Possible Ducoci rootkit installed:
/www/httpd/cgi-bin/last.cgi [Not from a Debian package]

Searching for Adore Worm...                                 not found
Searching for ShitC Worm...                                 not found
Searching for Omega Worm...                                 WARNING

WARNING: Possible Omega Worm installed:
/dev/chr [Not from a Debian package]

Searching for Sadmind/IIS Worm...                           WARNING

WARNING: Possible Sadmin/IIS Worm installed:
/dev/cuc [Not from a Debian package]

Searching for MonKit...                                     not found
Searching for Showtee rootkit...                            not found
Searching for OpticKit...                                   not found
Searching for T.R.K...                                      not found
Searching for Mithra rootkit...                             not found
Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                WARNING

WARNING: Possible LOC rootkit installed:
/tmp/xp [Not from a Debian package]
Searching for Romanian rootkit...                           not found
Searching for HKRK rootkit...                               WARNING

WARNING: Possible HKRK rootkit installed in /etc/rc.d/init.d/network [Not from a Debian package]

Searching for Suckit rootkit...                             WARNING

WARNING: Possible Suckit:
/dev/.golf/

Searching for Volc rootkit...                               not found
Searching for Gold2 rootkit...                              not found
Searching for TC2 rootkit...                                not found
Searching for Anonoying rootkit...                          not found
Searching for ZK rootkit...                                 WARNING

WARNING: Possible ZK rootkit installed:
/etc/sysconfig/console/load.zk [Not from a Debian package]

Searching for ShKit rootkit...                              WARNING

WARNING: Possible ShKit rootkit installed:
/etc/ld.so.hash [Not from a Debian package]

Searching for AjaKit rootkit...                             WARNING

WARNING: Possible AjaKit rootkit installed:
/dev/tux/ [Not from a Debian package]

Searching for zaRwT rootkit...                              WARNING

WARNING: Possible zaRwT rootkit installed:
/bin/imout [Not from a Debian package]

Searching for Madalin rootkit...                            not found
Searching for Fu rootkit...                                 WARNING

WARNING: Possible Fu rootkit installed:
/sbin/xc [Not from a Debian package]

Searching for Kenga3 rootkit...                             not found
Searching for ESRK rootkit...                               not found
Searching for rootedoor...                                  WARNING

WARNING: Possible rootedoor installed:
/sbin/rootedoor [Not from a Debian package]
/sbin/rootedoor [Not from a Debian package]

Searching for ENYELKM rootkit...                            WARNING

WARNING: Possible ENYELKM rootkit installed:
/etc/.enyelkmOCULTAR.ko/ [Not from a Debian package]

Searching for common ssh-scanners...                        WARNING

WARNING: Possible ssh-scanner installed:
/var/tmp/vuln.txt [Not from a Debian package]

Searching for Linux/Ebury 1.4 - Operation Windigo...        WARNING

WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1.4

Searching for Linux/Ebury 1.6...                            WARNING

WARNING: Possible Linux/Ebury 1.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils.so.1 [From Debian package: libkeyutils1:amd64]
Searching for 64-bit Linux Rootkit...                       WARNING

WARNING: Possible 64-bit Linux Rootkit:
/etc/rc.local [Not from a Debian package]

Searching for 64-bit Linux Rootkit modules...               WARNING

WARNING: Possible 64-bit rootkit modules installed:
/lib/modules/module_init.ko [Not from a Debian package]

Searching for Mumblehard...                                 WARNING

WARNING: Possible Mumblehard backdoor installed:
/var/spool/cron/crontabs/foo [Not from a Debian package]

Searching for Backdoor.Linux.Mokes.a...                     WARNING

WARNING: Possible Backdoor.Linux.Mokes.a installed:
/tmp/ss0-0 [Not from a Debian package]

Searching for Malicious TinyDNS...                          WARNING

WARNING: Possible Malicious TinyDNS installed:
/home/ ./ [Not from a Debian package]
/home/ ./tinyDNS [Not from a Debian package]

Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/clean/sed [Not from a Debian package]
/tmp/clean/dpkg-query [Not from a Debian package]
/tmp/clean/ss [Not from a Debian package]
/tmp/clean/awk [Not from a Debian package]
/tmp/clean/id [Not from a Debian package]
/tmp/clean/find [Not from a Debian package]
/tmp/clean/ps [Not from a Debian package]
/tmp/clean/dirname [Not from a Debian package]
/tmp/clean/strings [Not from a Debian package]
/tmp/clean/ls.orig [Not from a Debian package]
/tmp/clean/head [Not from a Debian package]
/tmp/clean/xargs [Not from a Debian package]
/tmp/clean/echo [Not from a Debian package]
/tmp/clean/grep [Not from a Debian package]
/tmp/clean/ls [Not from a Debian package]
/tmp/clean/cut [Not from a Debian package]
/tmp/clean/grep.orig [Not from a Debian package]
/tmp/clean/netstat [Not from a Debian package]
/tmp/clean/uname [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_php [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit [Not from a Debian package]
/tmp/autopkgtest.moK5bE/wrapper.sh [Not from a Debian package]
/tmp/test-chkrootkit-false-positive [Not from a Debian package]

Searching for Linux.Proxy.1.0...                            WARNING

WARNING: INFECTED: Possible Malicious Linux.Proxy.10 installed in /etc/passwd

Searching for CrossRAT...                                   not found
Searching for Hidden Cobra...                               WARNING

WARNING: Possible Malicious Hidden Cobra installed:
/tmp/.ICE-unix/engine.so [Not from a Debian package]

Searching for Rocke Miner rootkit...                        WARNING

WARNING: Possible Rocke Miner rootkit installed:
/etc/xig [Not from a Debian package]

Searching for PWNLNX4 lkm rootkit...                        WARNING

WARNING: Possible PWNLNX4 lkm rootkit installed:
/var/tmp/.1/ [Not from a Debian package]

Searching for PWNLNX6 lkm rootkit...                        WARNING

WARNING: Possible PWNLNX6 lkm rootkit installed:
/tmp/suterusu/ [Not from a Debian package]

Searching for Umbreon lrk...                                not found
Searching for Kinsing.a backdoor rootkit...                 WARNING

WARNING: Possible Kinsing.a backdoor rootkit installed:
/tmp/kdevtmpfsi [Not from a Debian package]

Searching for RotaJakiro backdoor rootkit...                WARNING

WARNING: Possible RotaJakiro backdoor rootkit installed:
/bin/systemd-daemon [Not from a Debian package]

Searching for Syslogk LKM rootkit...                        WARNING

WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk

Searching for Kovid LKM rootkit...                          WARNING

WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid

Searching for Tsunami DDoS Malware rootkit...               WARNING

WARNING: Possible Tsunami DDoS Malware rootkit installed:
/bin/cls [Not from a Debian package]

Searching for Linux BPF Door...                             WARNING

WARNING: Possible Linux BPFDoor Malware installed:
/proc/xx/stack

Searching for suspect PHP files...                          WARNING

WARNING: The following suspicious PHP files were found:
/tmp/name.php
/tmp/sp ace/aaa' exit 1; "
/tmp/by-content

Searching for zero-size shell history files in /root...     WARNING

WARNING: Zero-size history files:
/root/.whatever.history [Not from a Debian package]

Searching for hardlinked shell history files in /root...    WARNING

WARNING: shell history files hardlinked to another file:
/root/.whatever.history [Not from a Debian package]

Checking `aliens'...                                        finished
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 17 00:36 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root    0 Jan 17 00:36 chkrootkit-daily.log
-rw-r--r-- 1 root root  11K Jan 17 00:36 log.expected
-rw-r--r-- 1 root root  11K Jan 17 00:36 log.today
-rw-r--r-- 1 root root  11K Jan 17 00:36 log.today.raw
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/'$'
ROOTDIR is `/'
OK
**** Test for '^Checking `aliens'\.\.\.                                        started$'
Checking `aliens'...                                        started
OK
**** Test for '^Searching for suspicious files in /dev\.\.\.                   WARNING$'
Searching for suspicious files in /dev...                   WARNING
OK
**** Test for '^$'


























































































OK
**** Test for '^WARNING: The following suspicious files were found in /dev:$'
WARNING: The following suspicious files were found in /dev:
OK
**** Test for '^/dev/bad-file$'
/dev/bad-file
OK
**** Test for '^Searching for known suspicious directories\.\.\.               WARNING$'
Searching for known suspicious directories...               WARNING
OK
**** Test for '^WARNING: Suspect directory /var/run/\.tmp/ \[Not from a Debian package\] found\. Looking for sniffer logs:$'
WARNING: Suspect directory /var/run/.tmp/ [Not from a Debian package] found. Looking for sniffer logs:
OK
**** Test for '^/var/run/\.tmp/ \[Not from a Debian package\]$'
/var/run/.tmp/ [Not from a Debian package]
OK
**** Test for '^/var/run/\.tmp/y \[Not from a Debian package\]$'
/var/run/.tmp/y [Not from a Debian package]
OK
**** Test for '^Searching for known suspicious files\.\.\.                     WARNING$'
Searching for known suspicious files...                     WARNING
OK
**** Test for '^WARNING: The following known suspicious files were found:$'
WARNING: The following known suspicious files were found:
OK
**** Test for '^/etc/ld\.so\.hash \[Not from a Debian package\]$'
/etc/ld.so.hash [Not from a Debian package]
/etc/ld.so.hash [Not from a Debian package]
OK
**** Test for '^Searching for sniffer's logs\.\.\.                             WARNING$'
Searching for sniffer's logs...                             WARNING
OK
**** Test for '^WARNING: The following potential sniffer's logs were found:$'
WARNING: The following potential sniffer's logs were found:
OK
**** Test for '^/tmp/tcp\.log \[Not from a Debian package\]$'
/tmp/tcp.log [Not from a Debian package]
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\.                         WARNING$'
Searching for HiDrootkit rootkit...                         WARNING
OK
**** Test for '^WARNING: Possible HiDrootkit rootkit installed:$'
WARNING: Possible HiDrootkit rootkit installed:
OK
**** Test for '^/var/lib/games/\.k/ \[Not from a Debian package\]$'
/var/lib/games/.k/ [Not from a Debian package]
OK
**** Test for '^Searching for t0rn rootkit\.\.\.                               WARNING$'
Searching for t0rn rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible t0rn rootkit installed:$'
WARNING: Possible t0rn rootkit installed:
OK
**** Test for '^/etc/ttyhash \[Not from a Debian package\]$'
/etc/ttyhash [Not from a Debian package]
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\.                     not found$'
Searching for t0rn v8 (or variation)...                     not found
OK
**** Test for '^Searching for Lion rootkit\.\.\.                               WARNING$'
Searching for Lion rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible Lion rootkit installed:$'
WARNING: Possible Lion rootkit installed:
OK
**** Test for '^/bin/mjy \[Not from a Debian package\]$'
/bin/mjy [Not from a Debian package]
OK
**** Test for '^Searching for RSHA rootkit\.\.\.                               not found$'
Searching for RSHA rootkit...                               not found
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\.                          WARNING$'
Searching for RH-Sharpe rootkit...                          WARNING
OK
**** Test for '^WARNING: Possible RH-Sharpe rootkit installed:$'
WARNING: Possible RH-Sharpe rootkit installed:
OK
**** Test for '^/bin/lps \[Not from a Debian package\]$'
/bin/lps [Not from a Debian package]
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\.                      not found$'
Searching for Ambient (ark) rootkit...                      not found
OK
**** Test for '^Searching for suspicious files and dirs\.\.\.                  not found$'
Searching for suspicious files and dirs...                  not found
OK
**** Test for '^Searching for LPD Worm\.\.\.                                   WARNING$'
Searching for LPD Worm...                                   WARNING
OK
**** Test for '^WARNING: Possible LPD worm installed \(based on files found\)$'
WARNING: Possible LPD worm installed (based on files found)
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\.                         not found$'
Searching for Ramen Worm rootkit...                         not found
OK
**** Test for '^Searching for Maniac rootkit\.\.\.                             not found$'
Searching for Maniac rootkit...                             not found
OK
**** Test for '^Searching for RK17 rootkit\.\.\.                               WARNING$'
Searching for RK17 rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible RK17 rootkit installed:$'
WARNING: Possible RK17 rootkit installed:
OK
**** Test for '^/www/httpd/cgi-bin/bogus\.cgi \[Not from a Debian package\]$'
/www/httpd/cgi-bin/bogus.cgi [Not from a Debian package]
OK
**** Test for '^Searching for Ducoci rootkit\.\.\.                             WARNING$'
Searching for Ducoci rootkit...                             WARNING
OK
**** Test for '^WARNING: Possible Ducoci rootkit installed:$'
WARNING: Possible Ducoci rootkit installed:
OK
**** Test for '^/www/httpd/cgi-bin/last\.cgi \[Not from a Debian package\]$'
/www/httpd/cgi-bin/last.cgi [Not from a Debian package]
OK
**** Test for '^Searching for Adore Worm\.\.\.                                 not found$'
Searching for Adore Worm...                                 not found
OK
**** Test for '^Searching for ShitC Worm\.\.\.                                 not found$'
Searching for ShitC Worm...                                 not found
OK
**** Test for '^Searching for Omega Worm\.\.\.                                 WARNING$'
Searching for Omega Worm...                                 WARNING
OK
**** Test for '^WARNING: Possible Omega Worm installed:$'
WARNING: Possible Omega Worm installed:
OK
**** Test for '^/dev/chr \[Not from a Debian package\]$'
/dev/chr [Not from a Debian package]
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\.                           WARNING$'
Searching for Sadmind/IIS Worm...                           WARNING
OK
**** Test for '^WARNING: Possible Sadmin/IIS Worm installed:$'
WARNING: Possible Sadmin/IIS Worm installed:
OK
**** Test for '^/dev/cuc \[Not from a Debian package\]$'
/dev/cuc [Not from a Debian package]
OK
**** Test for '^Searching for MonKit\.\.\.                                     not found$'
Searching for MonKit...                                     not found
OK
**** Test for '^Searching for Showtee rootkit\.\.\.                            not found$'
Searching for Showtee rootkit...                            not found
OK
**** Test for '^Searching for OpticKit\.\.\.                                   not found$'
Searching for OpticKit...                                   not found
OK
**** Test for '^Searching for T\.R\.K\.\.\.                                      not found$'
Searching for T.R.K...                                      not found
OK
**** Test for '^Searching for Mithra rootkit\.\.\.                             not found$'
Searching for Mithra rootkit...                             not found
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\.                            not tested$'
Searching for OBSD rootkit v1...                            not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\.                                WARNING$'
Searching for LOC rootkit...                                WARNING
OK
**** Test for '^WARNING: Possible LOC rootkit installed:$'
WARNING: Possible LOC rootkit installed:
OK
**** Test for '^/tmp/xp \[Not from a Debian package\]$'
/tmp/xp [Not from a Debian package]
OK
**** Test for '^Searching for Romanian rootkit\.\.\.                           not found$'
Searching for Romanian rootkit...                           not found
OK
**** Test for '^Searching for HKRK rootkit\.\.\.                               WARNING$'
Searching for HKRK rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible HKRK rootkit installed in /etc/rc\.d/init\.d/network \[Not from a Debian package\]$'
WARNING: Possible HKRK rootkit installed in /etc/rc.d/init.d/network [Not from a Debian package]
OK
**** Test for '^Searching for Suckit rootkit\.\.\.                             WARNING$'
Searching for Suckit rootkit...                             WARNING
OK
**** Test for '^WARNING: Possible Suckit:$'
WARNING: Possible Suckit:
OK
**** Test for '^/dev/\.golf/$'
/dev/.golf/
OK
**** Test for '^Searching for Volc rootkit\.\.\.                               not found$'
Searching for Volc rootkit...                               not found
OK
**** Test for '^Searching for Gold2 rootkit\.\.\.                              not found$'
Searching for Gold2 rootkit...                              not found
OK
**** Test for '^Searching for TC2 rootkit\.\.\.                                not found$'
Searching for TC2 rootkit...                                not found
OK
**** Test for '^Searching for Anonoying rootkit\.\.\.                          not found$'
Searching for Anonoying rootkit...                          not found
OK
**** Test for '^Searching for ZK rootkit\.\.\.                                 WARNING$'
Searching for ZK rootkit...                                 WARNING
OK
**** Test for '^WARNING: Possible ZK rootkit installed:$'
WARNING: Possible ZK rootkit installed:
OK
**** Test for '^/etc/sysconfig/console/load\.zk \[Not from a Debian package\]$'
/etc/sysconfig/console/load.zk [Not from a Debian package]
OK
**** Test for '^Searching for ShKit rootkit\.\.\.                              WARNING$'
Searching for ShKit rootkit...                              WARNING
OK
**** Test for '^WARNING: Possible ShKit rootkit installed:$'
WARNING: Possible ShKit rootkit installed:
OK
**** Test for '^/etc/ld\.so\.hash \[Not from a Debian package\]$'
/etc/ld.so.hash [Not from a Debian package]
/etc/ld.so.hash [Not from a Debian package]
OK
**** Test for '^Searching for AjaKit rootkit\.\.\.                             WARNING$'
Searching for AjaKit rootkit...                             WARNING
OK
**** Test for '^WARNING: Possible AjaKit rootkit installed:$'
WARNING: Possible AjaKit rootkit installed:
OK
**** Test for '^/dev/tux/ \[Not from a Debian package\]$'
/dev/tux/ [Not from a Debian package]
OK
**** Test for '^Searching for zaRwT rootkit\.\.\.                              WARNING$'
Searching for zaRwT rootkit...                              WARNING
OK
**** Test for '^WARNING: Possible zaRwT rootkit installed:$'
WARNING: Possible zaRwT rootkit installed:
OK
**** Test for '^/bin/imout \[Not from a Debian package\]$'
/bin/imout [Not from a Debian package]
OK
**** Test for '^Searching for Madalin rootkit\.\.\.                            not found$'
Searching for Madalin rootkit...                            not found
OK
**** Test for '^Searching for Fu rootkit\.\.\.                                 WARNING$'
Searching for Fu rootkit...                                 WARNING
OK
**** Test for '^WARNING: Possible Fu rootkit installed:$'
WARNING: Possible Fu rootkit installed:
OK
**** Test for '^/sbin/xc \[Not from a Debian package\]$'
/sbin/xc [Not from a Debian package]
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\.                             not found$'
Searching for Kenga3 rootkit...                             not found
OK
**** Test for '^Searching for ESRK rootkit\.\.\.                               not found$'
Searching for ESRK rootkit...                               not found
OK
**** Test for '^Searching for rootedoor\.\.\.                                  WARNING$'
Searching for rootedoor...                                  WARNING
OK
**** Test for '^WARNING: Possible rootedoor installed:$'
WARNING: Possible rootedoor installed:
OK
**** Test for '^/sbin/rootedoor \[Not from a Debian package\]$'
/sbin/rootedoor [Not from a Debian package]
/sbin/rootedoor [Not from a Debian package]
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\.                            WARNING$'
Searching for ENYELKM rootkit...                            WARNING
OK
**** Test for '^WARNING: Possible ENYELKM rootkit installed:$'
WARNING: Possible ENYELKM rootkit installed:
OK
**** Test for '^/etc/\.enyelkmOCULTAR\.ko/ \[Not from a Debian package\]$'
/etc/.enyelkmOCULTAR.ko/ [Not from a Debian package]
OK
**** Test for '^Searching for common ssh-scanners\.\.\.                        WARNING$'
Searching for common ssh-scanners...                        WARNING
OK
**** Test for '^WARNING: Possible ssh-scanner installed:$'
WARNING: Possible ssh-scanner installed:
OK
**** Test for '^/var/tmp/vuln\.txt \[Not from a Debian package\]$'
/var/tmp/vuln.txt [Not from a Debian package]
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\.        WARNING$'
Searching for Linux/Ebury 1.4 - Operation Windigo...        WARNING
OK
**** Test for '^WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1\.4$'
WARNING: /usr/sbin/ssh may be INFECTED by Linux/Ebury 1.4
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\.                            WARNING$'
Searching for Linux/Ebury 1.6...                            WARNING
OK
**** Test for '^WARNING: Possible Linux/Ebury 1\.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils\.so\.1 \[.+\]$'
WARNING: Possible Linux/Ebury 1.6 - Operation Windigo installed in /lib/x86_64-linux-gnu/libkeyutils.so.1 [From Debian package: libkeyutils1:amd64]
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\.                       WARNING$'
Searching for 64-bit Linux Rootkit...                       WARNING
OK
**** Test for '^WARNING: Possible 64-bit Linux Rootkit:'
WARNING: Possible 64-bit Linux Rootkit:
OK
**** Test for '^/etc/rc\.local \[Not from a Debian package\]$'
/etc/rc.local [Not from a Debian package]
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\.               WARNING$'
Searching for 64-bit Linux Rootkit modules...               WARNING
OK
**** Test for '^WARNING: Possible 64-bit rootkit modules installed:$'
WARNING: Possible 64-bit rootkit modules installed:
OK
**** Test for '^/lib/modules/module_init\.ko \[Not from a Debian package\]$'
/lib/modules/module_init.ko [Not from a Debian package]
OK
**** Test for '^Searching for Mumblehard\.\.\.                                 WARNING$'
Searching for Mumblehard...                                 WARNING
OK
**** Test for '^WARNING: Possible Mumblehard backdoor installed:$'
WARNING: Possible Mumblehard backdoor installed:
OK
**** Test for '^/var/spool/cron/crontabs/foo \[Not from a Debian package\]$'
/var/spool/cron/crontabs/foo [Not from a Debian package]
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\.                     WARNING$'
Searching for Backdoor.Linux.Mokes.a...                     WARNING
OK
**** Test for '^WARNING: Possible Backdoor\.Linux\.Mokes\.a installed:$'
WARNING: Possible Backdoor.Linux.Mokes.a installed:
OK
**** Test for '^/tmp/ss0-0 \[Not from a Debian package\]$'
/tmp/ss0-0 [Not from a Debian package]
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\.                          WARNING$'
Searching for Malicious TinyDNS...                          WARNING
OK
**** Test for '^WARNING: Possible Malicious TinyDNS installed:$'
WARNING: Possible Malicious TinyDNS installed:
OK
**** Test for '^/home/ \./ \[Not from a Debian package\]$'
/home/ ./ [Not from a Debian package]
OK
**** Test for '^/home/ \./tinyDNS \[Not from a Debian package\]$'
/home/ ./tinyDNS [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\.                             WARNING$'
Searching for Linux.Xor.DDoS...                             WARNING
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/tmp/clean/strings \[Not from a Debian package\]$'
/tmp/clean/strings [Not from a Debian package]
OK
**** Test for '^/tmp/clean/uname \[Not from a Debian package\]$'
/tmp/clean/uname [Not from a Debian package]
OK
**** Test for '^/tmp/clean/head \[Not from a Debian package\]$'
/tmp/clean/head [Not from a Debian package]
OK
**** Test for '^/tmp/clean/find \[Not from a Debian package\]$'
/tmp/clean/find [Not from a Debian package]
OK
**** Test for '^/tmp/clean/echo \[Not from a Debian package\]$'
/tmp/clean/echo [Not from a Debian package]
OK
**** Test for '^/tmp/clean/netstat \[Not from a Debian package\]$'
/tmp/clean/netstat [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ls \[Not from a Debian package\]$'
/tmp/clean/ls [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ls\.orig \[Not from a Debian package\]$'
/tmp/clean/ls.orig [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ps \[Not from a Debian package\]$'
/tmp/clean/ps [Not from a Debian package]
OK
**** Test for '^/tmp/clean/awk \[Not from a Debian package\]$'
/tmp/clean/awk [Not from a Debian package]
OK
**** Test for '^/tmp/clean/grep \[Not from a Debian package\]$'
/tmp/clean/grep [Not from a Debian package]
OK
**** Test for '^/tmp/clean/grep\.orig \[Not from a Debian package\]$'
/tmp/clean/grep.orig [Not from a Debian package]
OK
**** Test for '^/tmp/clean/dirname \[Not from a Debian package\]$'
/tmp/clean/dirname [Not from a Debian package]
OK
**** Test for '^/tmp/clean/ss \[Not from a Debian package\]$'
/tmp/clean/ss [Not from a Debian package]
OK
**** Test for '^/tmp/clean/sed \[Not from a Debian package\]$'
/tmp/clean/sed [Not from a Debian package]
OK
**** Test for '^/tmp/clean/cut \[Not from a Debian package\]$'
/tmp/clean/cut [Not from a Debian package]
OK
**** Test for '^/tmp/clean/id \[Not from a Debian package\]$'
/tmp/clean/id [Not from a Debian package]
OK
**** Test for '^/tmp/clean/xargs \[Not from a Debian package\]$'
/tmp/clean/xargs [Not from a Debian package]
OK
**** Test for '^/tmp/clean/dpkg-query \[Not from a Debian package\]$'
/tmp/clean/dpkg-query [Not from a Debian package]
OK
**** Test for '^/tmp/test-chkrootkit-false-positive \[Not from a Debian package\]$'
/tmp/test-chkrootkit-false-positive [Not from a Debian package]
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\.                            WARNING$'
Searching for Linux.Proxy.1.0...                            WARNING
OK
**** Test for '^WARNING: INFECTED: Possible Malicious Linux\.Proxy\.10 installed in /etc/passwd$'
WARNING: INFECTED: Possible Malicious Linux.Proxy.10 installed in /etc/passwd
OK
**** Test for '^Searching for CrossRAT\.\.\.                                   not found$'
Searching for CrossRAT...                                   not found
OK
**** Test for '^Searching for Hidden Cobra\.\.\.                               WARNING$'
Searching for Hidden Cobra...                               WARNING
OK
**** Test for '^WARNING: Possible Malicious Hidden Cobra installed:$'
WARNING: Possible Malicious Hidden Cobra installed:
OK
**** Test for '^/tmp/\.ICE-unix/engine\.so \[Not from a Debian package\]$'
/tmp/.ICE-unix/engine.so [Not from a Debian package]
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\.                        WARNING$'
Searching for Rocke Miner rootkit...                        WARNING
OK
**** Test for '^WARNING: Possible Rocke Miner rootkit installed:$'
WARNING: Possible Rocke Miner rootkit installed:
OK
**** Test for '^/etc/xig \[Not from a Debian package\]$'
/etc/xig [Not from a Debian package]
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\.                        WARNING$'
Searching for PWNLNX4 lkm rootkit...                        WARNING
OK
**** Test for '^WARNING: Possible PWNLNX4 lkm rootkit installed:$'
WARNING: Possible PWNLNX4 lkm rootkit installed:
OK
**** Test for '^/var/tmp/\.1/ \[Not from a Debian package\]$'
/var/tmp/.1/ [Not from a Debian package]
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\.                        WARNING$'
Searching for PWNLNX6 lkm rootkit...                        WARNING
OK
**** Test for '^WARNING: Possible PWNLNX6 lkm rootkit installed:$'
WARNING: Possible PWNLNX6 lkm rootkit installed:
OK
**** Test for '^/tmp/suterusu/ \[Not from a Debian package\]$'
/tmp/suterusu/ [Not from a Debian package]
OK
**** Test for '^Searching for Umbreon lrk\.\.\.                                not found$'
Searching for Umbreon lrk...                                not found
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\.                 WARNING$'
Searching for Kinsing.a backdoor rootkit...                 WARNING
OK
**** Test for '^WARNING: Possible Kinsing\.a backdoor rootkit installed:$'
WARNING: Possible Kinsing.a backdoor rootkit installed:
OK
**** Test for '^/tmp/kdevtmpfsi \[Not from a Debian package\]$'
/tmp/kdevtmpfsi [Not from a Debian package]
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\.                WARNING$'
Searching for RotaJakiro backdoor rootkit...                WARNING
OK
**** Test for '^WARNING: Possible RotaJakiro backdoor rootkit installed:$'
WARNING: Possible RotaJakiro backdoor rootkit installed:
OK
**** Test for '^/bin/systemd-daemon \[Not from a Debian package\]$'
/bin/systemd-daemon [Not from a Debian package]
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\.                        WARNING$'
Searching for Syslogk LKM rootkit...                        WARNING
OK
**** Test for '^WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk$'
WARNING: Possible Malicious Syslogk LKM rootkit installed: /proc/syslogk
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\.                          WARNING$'
Searching for Kovid LKM rootkit...                          WARNING
OK
**** Test for '^WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid$'
WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /proc/kovid
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\.               WARNING$'
Searching for Tsunami DDoS Malware rootkit...               WARNING
OK
**** Test for '^WARNING: Possible Tsunami DDoS Malware rootkit installed:$'
WARNING: Possible Tsunami DDoS Malware rootkit installed:
OK
**** Test for '^/bin/cls \[Not from a Debian package\]$'
/bin/cls [Not from a Debian package]
OK
**** Test for '^Searching for Linux BPF Door\.\.\.                             WARNING$'
Searching for Linux BPF Door...                             WARNING
OK
**** Test for '^WARNING: Possible Linux BPFDoor Malware installed:$'
WARNING: Possible Linux BPFDoor Malware installed:
OK
**** Test for '^/proc/xx/stack$'
/proc/xx/stack
OK
**** Test for '^Searching for suspect PHP files\.\.\.                          WARNING$'
Searching for suspect PHP files...                          WARNING
OK
**** Test for '^WARNING: The following suspicious PHP files were found:$'
WARNING: The following suspicious PHP files were found:
OK
**** Test for '^/tmp/name\.php$'
/tmp/name.php
OK
**** Test for '^/tmp/sp ace/aaa' exit 1; "$'
/tmp/sp ace/aaa' exit 1; "
OK
**** Test for '^/tmp/by-content$'
/tmp/by-content
OK
**** Test for '^Searching for zero-size shell history files in /root\.\.\.     WARNING$'
Searching for zero-size shell history files in /root...     WARNING
OK
**** Test for '^WARNING: Zero-size history files:$'
WARNING: Zero-size history files:
OK
**** Test for '^/root/\.whatever\.history \[Not from a Debian package\]$'
/root/.whatever.history [Not from a Debian package]
/root/.whatever.history [Not from a Debian package]
OK
**** Test for '^Searching for hardlinked shell history files in /root\.\.\.    WARNING$'
Searching for hardlinked shell history files in /root...    WARNING
OK
**** Test for '^WARNING: shell history files hardlinked to another file:$'
WARNING: shell history files hardlinked to another file:
OK
**** Test for '^/root/\.whatever\.history \[Not from a Debian package\]$'
/root/.whatever.history [Not from a Debian package]
/root/.whatever.history [Not from a Debian package]
OK
**** Test for '^Checking `aliens'\.\.\.                                        finished$'
Checking `aliens'...                                        finished
OK
** PASS: Testing: exclude-results-with-minus-e-option (chkrootkit -p /tmp/clean -e /usr/* aliens) done: PASS
* Testing the -r option
Symlink ROOT_DIR created: /tmp/CHKROOTKIT_ROOT
lrwxrwxrwx 1 root root 1 Jan 17 00:36 /tmp/CHKROOTKIT_ROOT -> /
** Testing: setting-rootdir (chkrootkit -p /tmp/clean -r /tmp/CHKROOTKIT_ROOT) ...
*** Output
ROOTDIR is `/tmp/CHKROOTKIT_ROOT/'
Checking `amd'...                                           INFECTED
Checking `basename'...                                      INFECTED
Checking `biff'...                                          INFECTED
Checking `chfn'...                                          INFECTED
Checking `chsh'...                                          INFECTED
Checking `cron'...                                          INFECTED
Checking `crontab'...                                       WARNING
WARNING: crontab for nobody found, possible Lupper.Worm.
Checking for Lupper.Worm...                                 INFECTED
Checking `date'...                                          INFECTED
Checking `du'...                                            INFECTED
Checking `dirname'...                                       INFECTED
Checking `echo'...                                          INFECTED
Checking `egrep'...                                         INFECTED
Checking `env'...                                           INFECTED
Checking `find'...                                          INFECTED
Checking `fingerd'...                                       INFECTED
Checking `gpm'...                                           INFECTED
Checking `grep'...                                          INFECTED
Checking `hdparm'...                                        INFECTED
Checking `su'...                                            INFECTED
Checking `ifconfig'...                                      INFECTED
Checking `inetd'...                                         INFECTED
Checking `inetdconf'...                                     INFECTED
Checking `identd'...                                        INFECTED
Checking `init'...                                          INFECTED
Checking `killall'...                                       INFECTED
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         INFECTED
Checking `ls'...                                            INFECTED
Checking `lsof'...                                          INFECTED
Checking `mail'...                                          INFECTED
Checking `mingetty'...                                      INFECTED
Checking `netstat'...                                       INFECTED
Checking `named'...                                         INFECTED
Checking `passwd'...                                        INFECTED
Checking `pidof'...                                         INFECTED
Checking `pop2'...                                          INFECTED
Checking `pop3'...                                          INFECTED
Checking `ps'...                                            INFECTED
Checking `pstree'...                                        INFECTED
Checking `rpcinfo'...                                       INFECTED
Checking `rlogind'...                                       INFECTED
Checking `rshd'...                                          INFECTED
Checking `slogin'...                                        INFECTED
Checking `sendmail'...                                      INFECTED
Checking `sshd'...                                          INFECTED but disabled
Checking `syslogd'...                                       INFECTED
Checking `tar'...                                           INFECTED
Checking `tcpd'...                                          INFECTED
Checking `tcpdump'...                                       INFECTED
Checking `top'...                                           INFECTED
Checking `telnetd'...                                       INFECTED
Checking `timed'...                                         INFECTED
Checking `traceroute'...                                    INFECTED
Checking `vdir'...                                          INFECTED
Checking `w'...                                             INFECTED
Checking `write'...                                         INFECTED
Checking `aliens'...                                        started
Searching for suspicious files in /tmp/CHKROOTKIT_ROOT/dev... WARNING

WARNING: The following suspicious files were found in /tmp/CHKROOTKIT_ROOT/dev:
/tmp/CHKROOTKIT_ROOT/dev/bad-file

Searching for known suspicious directories...               WARNING

WARNING: Suspect directory /tmp/CHKROOTKIT_ROOT/var/run/.tmp/ found. Looking for sniffer logs:
/tmp/CHKROOTKIT_ROOT/var/run/.tmp/
/tmp/CHKROOTKIT_ROOT/var/run/.tmp/y

Searching for known suspicious files...                     WARNING

WARNING: The following known suspicious files were found:
/tmp/CHKROOTKIT_ROOT/usr/bin/atm
/tmp/CHKROOTKIT_ROOT/etc/ld.so.hash

Searching for sniffer's logs...                             WARNING

WARNING: The following potential sniffer's logs were found:
/tmp/CHKROOTKIT_ROOT/tmp/tcp.log

Searching for HiDrootkit rootkit...                         WARNING

WARNING: Possible HiDrootkit rootkit installed:
/tmp/CHKROOTKIT_ROOT/var/lib/games/.k/

Searching for t0rn rootkit...                               WARNING

WARNING: Possible t0rn rootkit installed:
/tmp/CHKROOTKIT_ROOT/etc/ttyhash

Searching for t0rn v8 (or variation)...                     WARNING

WARNING: Possible t0rn v8 (or variation) rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/local/lib/libproc.a

Searching for Lion rootkit...                               WARNING

WARNING: Possible Lion rootkit installed:
/tmp/CHKROOTKIT_ROOT/bin/mjy

Searching for RSHA rootkit...                               WARNING

WARNING: Possible RSHA rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/bin/n3tstat

Searching for RH-Sharpe rootkit...                          WARNING

WARNING: Possible RH-Sharpe rootkit installed:
/tmp/CHKROOTKIT_ROOT/bin/lps

Searching for Ambient (ark) rootkit...                      WARNING

WARNING: Possible Ambient's rootkit (ark) installed:
/tmp/CHKROOTKIT_ROOT/usr/lib/.ark?

Searching for suspicious files and dirs...                  WARNING

WARNING: The following suspicious files and directories were found:
/tmp/CHKROOTKIT_ROOT/usr/lib/.DIR-aaa
/tmp/CHKROOTKIT_ROOT/usr/lib/...DIR
/tmp/CHKROOTKIT_ROOT/usr/lib/.ark?
/tmp/CHKROOTKIT_ROOT/usr/lib/.aaa
/tmp/CHKROOTKIT_ROOT/usr/lib/.1DIR
/tmp/CHKROOTKIT_ROOT/usr/lib/...
/tmp/CHKROOTKIT_ROOT/usr/lib/.bbb
/tmp/CHKROOTKIT_ROOT/usr/lib/.1

Searching for LPD Worm...                                   WARNING

WARNING: Possible LPD worm installed (based on files found)

Searching for Ramen Worm rootkit...                         WARNING

WARNING: Possible Ramen Worm rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/src/.poop/

Searching for Maniac rootkit...                             WARNING

WARNING: Possible Maniac rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/bin/mailrc

Searching for RK17 rootkit...                               WARNING

WARNING: Possible RK17 rootkit installed:
/tmp/CHKROOTKIT_ROOT/www/httpd/cgi-bin/bogus.cgi
/tmp/CHKROOTKIT_ROOT/usr/lib/number.cgi

Searching for Ducoci rootkit...                             WARNING

WARNING: Possible Ducoci rootkit installed:
/tmp/CHKROOTKIT_ROOT/www/httpd/cgi-bin/last.cgi

Searching for Adore Worm...                                 WARNING

WARNING: Possible Adore Worm installed:
/tmp/CHKROOTKIT_ROOT/usr/bin/red.tar

Searching for ShitC Worm...                                 WARNING

WARNING: Possible ShitC Worm installed:
/tmp/CHKROOTKIT_ROOT/usr/bin/frgy
/tmp/CHKROOTKIT_ROOT/usr/bin/dy

Searching for Omega Worm...                                 WARNING

WARNING: Possible Omega Worm installed:
/tmp/CHKROOTKIT_ROOT/dev/chr

Searching for Sadmind/IIS Worm...                           WARNING

WARNING: Possible Sadmin/IIS Worm installed:
/tmp/CHKROOTKIT_ROOT/dev/cuc

Searching for MonKit...                                     WARNING

WARNING: Possible MonKit installed:
/tmp/CHKROOTKIT_ROOT/usr/lib/libpikapp.a

Searching for Showtee rootkit...                            WARNING

WARNING: Possible Showtee rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/include/proc.h
/tmp/CHKROOTKIT_ROOT/usr/include/chk.h

Searching for OpticKit...                                   WARNING

WARNING: Possible OpticKit installed:
/tmp/CHKROOTKIT_ROOT/usr/bin/xsf

Searching for T.R.K...                                      WARNING

WARNING: Possible T.R.K installed:
/tmp/CHKROOTKIT_ROOT/usr/bin/xsf

Searching for Mithra rootkit...                             WARNING

WARNING: Possible Mithra installed:
/tmp/CHKROOTKIT_ROOT/usr/lib/locale/uboot

Searching for OBSD rootkit v1...                            not tested
Searching for LOC rootkit...                                WARNING

WARNING: Possible LOC rootkit installed:
/tmp/CHKROOTKIT_ROOT/tmp/xp
/tmp/CHKROOTKIT_ROOT/usr/sbin/epic
Searching for Romanian rootkit...                           WARNING

WARNING: Possible Romanian rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/include/proc.h

Searching for HKRK rootkit...                               WARNING

WARNING: Possible HKRK rootkit installed in /tmp/CHKROOTKIT_ROOT/etc/rc.d/init.d/network

Searching for Suckit rootkit...                             WARNING

WARNING: Possible Suckit:
/tmp/CHKROOTKIT_ROOT/dev/.golf/

Searching for Volc rootkit...                               WARNING

WARNING: Possible Volc rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/bin/volc

Searching for Gold2 rootkit...                              WARNING

WARNING: Possible Gold2 rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/bin/ishit

Searching for TC2 rootkit...                                WARNING

WARNING: Possible TC2 rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/sbin/initcheck

Searching for Anonoying rootkit...                          WARNING

WARNING: Possible Anonoying rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/sbin/mech

Searching for ZK rootkit...                                 WARNING

WARNING: Possible ZK rootkit installed:
/tmp/CHKROOTKIT_ROOT/etc/sysconfig/console/load.zk

Searching for ShKit rootkit...                              WARNING

WARNING: Possible ShKit rootkit installed:
/tmp/CHKROOTKIT_ROOT/etc/ld.so.hash

Searching for AjaKit rootkit...                             WARNING

WARNING: Possible AjaKit rootkit installed:
/tmp/CHKROOTKIT_ROOT/dev/tux/

Searching for zaRwT rootkit...                              WARNING

WARNING: Possible zaRwT rootkit installed:
/tmp/CHKROOTKIT_ROOT/bin/imout

Searching for Madalin rootkit...                            WARNING

WARNING: Possible Madalin rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/include/icekey.h

Searching for Fu rootkit...                                 WARNING

WARNING: Possible Fu rootkit installed:
/tmp/CHKROOTKIT_ROOT/sbin/xc

Searching for Kenga3 rootkit...                             WARNING

WARNING: Possible Kenga3 rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/include/. ./
/tmp/CHKROOTKIT_ROOT/usr/include/. ./foo

Searching for ESRK rootkit...                               WARNING

WARNING: Possible ESRK rootkit installed:
/tmp/CHKROOTKIT_ROOT/usr/lib/tcl5.3/

Searching for rootedoor...                                  WARNING

WARNING: Possible rootedoor installed:
/tmp/CHKROOTKIT_ROOT/usr/sbin/rootedoor
/tmp/CHKROOTKIT_ROOT/sbin/rootedoor
/tmp/CHKROOTKIT_ROOT/sbin/rootedoor
/tmp/CHKROOTKIT_ROOT/usr/sbin/rootedoor

Searching for ENYELKM rootkit...                            WARNING

WARNING: Possible ENYELKM rootkit installed:
/tmp/CHKROOTKIT_ROOT/etc/.enyelkmOCULTAR.ko/

Searching for common ssh-scanners...                        WARNING

WARNING: Possible ssh-scanner installed:
/tmp/CHKROOTKIT_ROOT/var/tmp/vuln.txt

Searching for Linux/Ebury 1.4 - Operation Windigo...        WARNING

WARNING: /tmp/CHKROOTKIT_ROOT/usr/sbin/ssh may be INFECTED by Linux/Ebury 1.4

Searching for Linux/Ebury 1.6...                            WARNING

WARNING: Possible Linux/Ebury 1.6 - Operation Windigo installed in /tmp/CHKROOTKIT_ROOT/lib/x86_64-linux-gnu/libkeyutils.so.1
Searching for 64-bit Linux Rootkit...                       WARNING

WARNING: Possible 64-bit Linux Rootkit:
/tmp/CHKROOTKIT_ROOT/usr/local/hide/
/tmp/CHKROOTKIT_ROOT/usr/local/hide/foo
/tmp/CHKROOTKIT_ROOT/etc/rc.local

Searching for 64-bit Linux Rootkit modules...               WARNING

WARNING: Possible 64-bit rootkit modules installed:
/tmp/CHKROOTKIT_ROOT/lib/modules/module_init.ko

Searching for Mumblehard...                                 WARNING

WARNING: Possible Mumblehard backdoor installed:
/tmp/CHKROOTKIT_ROOT/var/spool/cron/crontabs/foo

Searching for Backdoor.Linux.Mokes.a...                     WARNING

WARNING: Possible Backdoor.Linux.Mokes.a installed:
/tmp/CHKROOTKIT_ROOT/tmp/ss0-0

Searching for Malicious TinyDNS...                          WARNING

WARNING: Possible Malicious TinyDNS installed:
/tmp/CHKROOTKIT_ROOT/home/ ./
/tmp/CHKROOTKIT_ROOT/home/ ./tinyDNS

Searching for Linux.Xor.DDoS...                             WARNING

WARNING: Possible Linux.Xor.DDoS installed:
/tmp/CHKROOTKIT_ROOT/tmp/clean/sed
/tmp/CHKROOTKIT_ROOT/tmp/clean/dpkg-query
/tmp/CHKROOTKIT_ROOT/tmp/clean/ss
/tmp/CHKROOTKIT_ROOT/tmp/clean/awk
/tmp/CHKROOTKIT_ROOT/tmp/clean/id
/tmp/CHKROOTKIT_ROOT/tmp/clean/find
/tmp/CHKROOTKIT_ROOT/tmp/clean/ps
/tmp/CHKROOTKIT_ROOT/tmp/clean/dirname
/tmp/CHKROOTKIT_ROOT/tmp/clean/strings
/tmp/CHKROOTKIT_ROOT/tmp/clean/ls.orig
/tmp/CHKROOTKIT_ROOT/tmp/clean/head
/tmp/CHKROOTKIT_ROOT/tmp/clean/xargs
/tmp/CHKROOTKIT_ROOT/tmp/clean/echo
/tmp/CHKROOTKIT_ROOT/tmp/clean/grep
/tmp/CHKROOTKIT_ROOT/tmp/clean/ls
/tmp/CHKROOTKIT_ROOT/tmp/clean/cut
/tmp/CHKROOTKIT_ROOT/tmp/clean/grep.orig
/tmp/CHKROOTKIT_ROOT/tmp/clean/netstat
/tmp/CHKROOTKIT_ROOT/tmp/clean/uname
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/test-chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/debian/tests/find-debs-that-are-enhanced
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/debian/rules
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/debian/chkrootkit-daily
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/check_php
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/check_if_debian
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Use-e-on-more-tests.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-e-apply-to-tests-using-find.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/86_chkrootkit-usrmerge-fix.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/73_chkrootkit-fix-netstat-and-ss-tests.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/06_quiet.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/17_Suckitfalse.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/71_chkrootkit-use-grep-not-grep-in-tests.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/84_chkrootkit-simplify-chk_inetdconf.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/69_chkrootkit-fix-syntax-errors-in-chk_login.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/13_exitcode.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/68_checkrootkit-use-ROOTDIR-consistently.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-BPFDoor-work-with-r.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-relative-dirs-in-PATH.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/16_php.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/81_chkrootkit-add-missing-braces-in-bindshell-test.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/74_chkrootkit-Make-chkutmp-should-support-p.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/82_chkrootkit-clarify-output-from-lkm-test.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Better-error-messages.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-incomplete-fix-for-ldsopreload.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/75_chkrootkit-More-instances-where-x-should-be-x.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-skip-test-for-syslogk-when-r-given.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/83_chkrotkit-Clarify-output-from-other-TOOLS.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/80_chkrootkit-make-output-consistent-aliens.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/02_workingdir.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-more-better-error-messages.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/04_backslashes.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Allow-running-as-non-root.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/70_chkrootkit-fix-chk_date.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/58_chkrootkit-improve-output.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/53_chkrootkit-remove-trailing-whitespace.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/19_openssh.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/21_fix_loc_function.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/26_improve-info-help-display.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/66_chkrootkit-Make-output-consistent.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-for-syslogk-test.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-allow-chkdirs-to-be-used-with-r.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/03_linedup_reports.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/78_chkrootkit-fix-test-for-ebury-1.6.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/64_chkrootkit-Define-egrep-later-to-support-p.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/08_unidentified.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-most-shellcheck-issues.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-rootedir-check-when-r-set.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-improve-chkutmp-output-when-r-given.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-minor-fixup.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Fix-output-from-HKRK-if-r-set.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-Make-test-for-.history-files-work-with-r.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/09_excludes.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/build.o4r/src/.pc/chkrootkit-check-reported-files-using-dpkg-query.patch/chkrootkit
/tmp/CHKROOTKIT_ROOT/tmp/autopkgtest.moK5bE/wrapper.sh
/tmp/CHKROOTKIT_ROOT/tmp/test-chkrootkit-false-positive

Searching for Linux.Proxy.1.0...                            WARNING

WARNING: INFECTED: Possible Malicious Linux.Proxy.10 installed in /etc/passwd

Searching for CrossRAT...                                   WARNING

WARNING: Possible Malicious CrossRAT installed:
/tmp/CHKROOTKIT_ROOT/usr/var/mediamgrs.jar

Searching for Hidden Cobra...                               WARNING

WARNING: Possible Malicious Hidden Cobra installed:
/tmp/CHKROOTKIT_ROOT/tmp/.ICE-unix/engine.so

Searching for Rocke Miner rootkit...                        WARNING

WARNING: Possible Rocke Miner rootkit installed:
/tmp/CHKROOTKIT_ROOT/etc/xig

Searching for PWNLNX4 lkm rootkit...                        WARNING

WARNING: Possible PWNLNX4 lkm rootkit installed:
/tmp/CHKROOTKIT_ROOT/var/tmp/.1/

Searching for PWNLNX6 lkm rootkit...                        WARNING

WARNING: Possible PWNLNX6 lkm rootkit installed:
/tmp/CHKROOTKIT_ROOT/tmp/suterusu/

Searching for Umbreon lrk...                                WARNING

WARNING: Possible Malicious UMBREON LRK installed:
/tmp/CHKROOTKIT_ROOT/usr/share/libc.so.69

Searching for Kinsing.a backdoor rootkit...                 WARNING

WARNING: Possible Kinsing.a backdoor rootkit installed:
/tmp/CHKROOTKIT_ROOT/tmp/kdevtmpfsi

Searching for RotaJakiro backdoor rootkit...                WARNING

WARNING: Possible RotaJakiro backdoor rootkit installed:
/tmp/CHKROOTKIT_ROOT/bin/systemd-daemon

Searching for Syslogk LKM rootkit...                        not tested
Searching for Kovid LKM rootkit...                          WARNING

WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /tmp/CHKROOTKIT_ROOT/proc/kovid

Searching for Tsunami DDoS Malware rootkit...               WARNING

WARNING: Possible Tsunami DDoS Malware rootkit installed:
/tmp/CHKROOTKIT_ROOT/bin/cls

Searching for Linux BPF Door...                             WARNING

WARNING: Possible Linux BPFDoor Malware installed:
/proc/xx/stack

Searching for suspect PHP files...                          WARNING

WARNING: The following suspicious PHP files were found:
/tmp/CHKROOTKIT_ROOT/tmp/name.php
/tmp/CHKROOTKIT_ROOT/tmp/sp ace/aaa' exit 1; "
/tmp/CHKROOTKIT_ROOT/tmp/by-content

Searching for zero-size shell history files in /tmp/CHKROOTKIT_ROOT/root... WARNING

WARNING: Zero-size history files:
/tmp/CHKROOTKIT_ROOT/root/.whatever.history

Searching for hardlinked shell history files in /tmp/CHKROOTKIT_ROOT/root... WARNING

WARNING: shell history files hardlinked to another file:
/tmp/CHKROOTKIT_ROOT/root/.whatever.history

Checking `aliens'...                                        finished
Checking `asp'...                                           WARNING

WARNING: Possible Ramen Worm installed in /tmp/CHKROOTKIT_ROOT/etc/inetd.conf

Checking `bindshell'...                                     not tested
Checking `lkm'...                                           started
Searching for Adore LKM...                                  not tested
Searching for sebek LKM (Adore based)...                    not tested
Searching for knark LKM rootkit...                          not found
Searching for for hidden processes with chkproc...          not tested
Searching for for hidden directories using chkdirs...       not found
Checking `lkm'...                                           finished
Checking `rexedcs'...                                       INFECTED: /tmp/CHKROOTKIT_ROOT/usr/bin/in.rexedcs
Checking `sniffer'...                                       not tested
Checking `w55808'...                                        WARNING

WARNING: Possible 55808 Worm installed

Checking `wted'...                                          not found
Checking `scalper'...                                       WARNING

WARNING: Possible Scalper Worm installed

Checking `slapper'...                                       WARNING

WARNING: Possible Slapper Worm installed:
/tmp/CHKROOTKIT_ROOT/tmp/.bugtraq.c

Checking `z2'...                                            not found
Checking `chkutmp'...                                       not tested
Checking `OSX_RSPLUG'...                                    not tested
**** Files in log
total 44K
drwxr-xr-x 2 root root 4.0K Jan 17 00:36 .
drwxr-xr-x 4 root root 4.0K Jan 17 00:31 ..
-rw-r--r-- 1 root root    0 Jan 17 00:36 chkrootkit-daily.log
-rw-r--r-- 1 root root  11K Jan 17 00:36 log.expected
-rw-r--r-- 1 root root  11K Jan 17 00:36 log.today
-rw-r--r-- 1 root root  11K Jan 17 00:36 log.today.raw
*** Test of content of output follows...
**** Test for '^ROOTDIR is `/[^ ]+/CHKROOTKIT_ROOT/'$'
ROOTDIR is `/tmp/CHKROOTKIT_ROOT/'
OK
**** Test for '^Checking `amd'\.\.\.                                           INFECTED$'
Checking `amd'...                                           INFECTED
OK
**** Test for '^Checking `basename'\.\.\.                                      INFECTED$'
Checking `basename'...                                      INFECTED
OK
**** Test for '^Checking `biff'\.\.\.                                          INFECTED$'
Checking `biff'...                                          INFECTED
OK
**** Test for '^Checking `chfn'\.\.\.                                          INFECTED$'
Checking `chfn'...                                          INFECTED
OK
**** Test for '^Checking `chsh'\.\.\.                                          INFECTED$'
Checking `chsh'...                                          INFECTED
OK
**** Test for '^Checking `cron'\.\.\.                                          INFECTED$'
Checking `cron'...                                          INFECTED
OK
**** Test for '^Checking `crontab'\.\.\.                                       WARNING$'
Checking `crontab'...                                       WARNING
OK
**** Test for '^$'














































































































































OK
**** Test for '^WARNING: crontab for nobody found, possible Lupper\.Worm\.$'
WARNING: crontab for nobody found, possible Lupper.Worm.
OK
**** Test for '^Checking for Lupper\.Worm\.\.\.                                 INFECTED$'
Checking for Lupper.Worm...                                 INFECTED
OK
**** Test for '^Checking `date'\.\.\.                                          INFECTED$'
Checking `date'...                                          INFECTED
OK
**** Test for '^Checking `du'\.\.\.                                            INFECTED$'
Checking `du'...                                            INFECTED
OK
**** Test for '^Checking `dirname'\.\.\.                                       INFECTED$'
Checking `dirname'...                                       INFECTED
OK
**** Test for '^Checking `echo'\.\.\.                                          INFECTED$'
Checking `echo'...                                          INFECTED
OK
**** Test for '^Checking `egrep'\.\.\.                                         INFECTED$'
Checking `egrep'...                                         INFECTED
OK
**** Test for '^Checking `env'\.\.\.                                           INFECTED$'
Checking `env'...                                           INFECTED
OK
**** Test for '^Checking `find'\.\.\.                                          INFECTED$'
Checking `find'...                                          INFECTED
OK
**** Test for '^Checking `fingerd'\.\.\.                                       INFECTED$'
Checking `fingerd'...                                       INFECTED
OK
**** Test for '^Checking `gpm'\.\.\.                                           INFECTED$'
Checking `gpm'...                                           INFECTED
OK
**** Test for '^Checking `grep'\.\.\.                                          INFECTED$'
Checking `grep'...                                          INFECTED
OK
**** Test for '^Checking `hdparm'\.\.\.                                        INFECTED$'
Checking `hdparm'...                                        INFECTED
OK
**** Test for '^Checking `su'\.\.\.                                            INFECTED$'
Checking `su'...                                            INFECTED
OK
**** Test for '^Checking `ifconfig'\.\.\.                                      INFECTED$'
Checking `ifconfig'...                                      INFECTED
OK
**** Test for '^Checking `inetd'\.\.\.                                         INFECTED$'
Checking `inetd'...                                         INFECTED
OK
**** Test for '^Checking `inetdconf'\.\.\.                                     INFECTED$'
Checking `inetdconf'...                                     INFECTED
OK
**** Test for '^Checking `identd'\.\.\.                                        INFECTED$'
Checking `identd'...                                        INFECTED
OK
**** Test for '^Checking `init'\.\.\.                                          INFECTED$'
Checking `init'...                                          INFECTED
OK
**** Test for '^Checking `killall'\.\.\.                                       INFECTED$'
Checking `killall'...                                       INFECTED
OK
**** Test for '^Checking `ldsopreload'\.\.\.                                   not infected$'
Checking `ldsopreload'...                                   not infected
OK
**** Test for '^Checking `login'\.\.\.                                         INFECTED$'
Checking `login'...                                         INFECTED
OK
**** Test for '^Checking `ls'\.\.\.                                            INFECTED$'
Checking `ls'...                                            INFECTED
OK
**** Test for '^Checking `lsof'\.\.\.                                          INFECTED$'
Checking `lsof'...                                          INFECTED
OK
**** Test for '^Checking `mail'\.\.\.                                          INFECTED$'
Checking `mail'...                                          INFECTED
OK
**** Test for '^Checking `mingetty'\.\.\.                                      INFECTED$'
Checking `mingetty'...                                      INFECTED
OK
**** Test for '^Checking `netstat'\.\.\.                                       INFECTED$'
Checking `netstat'...                                       INFECTED
OK
**** Test for '^Checking `named'\.\.\.                                         INFECTED$'
Checking `named'...                                         INFECTED
OK
**** Test for '^Checking `passwd'\.\.\.                                        INFECTED$'
Checking `passwd'...                                        INFECTED
OK
**** Test for '^Checking `pidof'\.\.\.                                         INFECTED$'
Checking `pidof'...                                         INFECTED
OK
**** Test for '^Checking `pop2'\.\.\.                                          INFECTED$'
Checking `pop2'...                                          INFECTED
OK
**** Test for '^Checking `pop3'\.\.\.                                          INFECTED$'
Checking `pop3'...                                          INFECTED
OK
**** Test for '^Checking `ps'\.\.\.                                            INFECTED$'
Checking `ps'...                                            INFECTED
OK
**** Test for '^Checking `pstree'\.\.\.                                        INFECTED$'
Checking `pstree'...                                        INFECTED
OK
**** Test for '^Checking `rpcinfo'\.\.\.                                       INFECTED$'
Checking `rpcinfo'...                                       INFECTED
OK
**** Test for '^Checking `rlogind'\.\.\.                                       INFECTED$'
Checking `rlogind'...                                       INFECTED
OK
**** Test for '^Checking `rshd'\.\.\.                                          INFECTED$'
Checking `rshd'...                                          INFECTED
OK
**** Test for '^Checking `slogin'\.\.\.                                        INFECTED$'
Checking `slogin'...                                        INFECTED
OK
**** Test for '^Checking `sendmail'\.\.\.                                      INFECTED$'
Checking `sendmail'...                                      INFECTED
OK
**** Test for '^Checking `sshd'\.\.\.                                          INFECTED but disabled$'
Checking `sshd'...                                          INFECTED but disabled
OK
**** Test for '^Checking `syslogd'\.\.\.                                       INFECTED$'
Checking `syslogd'...                                       INFECTED
OK
**** Test for '^Checking `tar'\.\.\.                                           INFECTED$'
Checking `tar'...                                           INFECTED
OK
**** Test for '^Checking `tcpd'\.\.\.                                          INFECTED$'
Checking `tcpd'...                                          INFECTED
OK
**** Test for '^Checking `tcpdump'\.\.\.                                       INFECTED$'
Checking `tcpdump'...                                       INFECTED
OK
**** Test for '^Checking `top'\.\.\.                                           INFECTED$'
Checking `top'...                                           INFECTED
OK
**** Test for '^Checking `telnetd'\.\.\.                                       INFECTED$'
Checking `telnetd'...                                       INFECTED
OK
**** Test for '^Checking `timed'\.\.\.                                         INFECTED$'
Checking `timed'...                                         INFECTED
OK
**** Test for '^Checking `traceroute'\.\.\.                                    INFECTED$'
Checking `traceroute'...                                    INFECTED
OK
**** Test for '^Checking `vdir'\.\.\.                                          INFECTED$'
Checking `vdir'...                                          INFECTED
OK
**** Test for '^Checking `w'\.\.\.                                             INFECTED$'
Checking `w'...                                             INFECTED
OK
**** Test for '^Checking `write'\.\.\.                                         INFECTED$'
Checking `write'...                                         INFECTED
OK
**** Test for '^Checking `aliens'\.\.\.                                        started$'
Checking `aliens'...                                        started
OK
**** Test for '^Searching for suspicious files in /[^ ]+/CHKROOTKIT_ROOT/dev\.\.\. +WARNING$'
Searching for suspicious files in /tmp/CHKROOTKIT_ROOT/dev... WARNING
OK
**** Test for '^WARNING: The following suspicious files were found in /[^ ]+/CHKROOTKIT_ROOT/dev:$'
WARNING: The following suspicious files were found in /tmp/CHKROOTKIT_ROOT/dev:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/dev/bad-file$'
/tmp/CHKROOTKIT_ROOT/dev/bad-file
OK
**** Test for '^Searching for known suspicious directories\.\.\.               WARNING$'
Searching for known suspicious directories...               WARNING
OK
**** Test for '^WARNING: Suspect directory /[^ ]+/CHKROOTKIT_ROOT/var/run/\.tmp/ found\. Looking for sniffer logs:$'
WARNING: Suspect directory /tmp/CHKROOTKIT_ROOT/var/run/.tmp/ found. Looking for sniffer logs:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/var/run/\.tmp/$'
/tmp/CHKROOTKIT_ROOT/var/run/.tmp/
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/var/run/\.tmp/y$'
/tmp/CHKROOTKIT_ROOT/var/run/.tmp/y
OK
**** Test for '^Searching for known suspicious files\.\.\.                     WARNING$'
Searching for known suspicious files...                     WARNING
OK
**** Test for '^WARNING: The following known suspicious files were found:$'
WARNING: The following known suspicious files were found:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/bin/atm$'
/tmp/CHKROOTKIT_ROOT/usr/bin/atm
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/etc/ld\.so\.hash$'
/tmp/CHKROOTKIT_ROOT/etc/ld.so.hash
/tmp/CHKROOTKIT_ROOT/etc/ld.so.hash
OK
**** Test for '^Searching for sniffer's logs\.\.\.                             WARNING$'
Searching for sniffer's logs...                             WARNING
OK
**** Test for '^WARNING: The following potential sniffer's logs were found:$'
WARNING: The following potential sniffer's logs were found:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/tcp\.log$'
/tmp/CHKROOTKIT_ROOT/tmp/tcp.log
OK
**** Test for '^Searching for HiDrootkit rootkit\.\.\.                         WARNING$'
Searching for HiDrootkit rootkit...                         WARNING
OK
**** Test for '^WARNING: Possible HiDrootkit rootkit installed:$'
WARNING: Possible HiDrootkit rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/var/lib/games/\.k/$'
/tmp/CHKROOTKIT_ROOT/var/lib/games/.k/
OK
**** Test for '^Searching for t0rn rootkit\.\.\.                               WARNING$'
Searching for t0rn rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible t0rn rootkit installed:$'
WARNING: Possible t0rn rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/etc/ttyhash$'
/tmp/CHKROOTKIT_ROOT/etc/ttyhash
OK
**** Test for '^Searching for t0rn v8 \(or variation\)\.\.\.                     WARNING$'
Searching for t0rn v8 (or variation)...                     WARNING
OK
**** Test for '^WARNING: Possible t0rn v8 \(or variation\) rootkit installed:$'
WARNING: Possible t0rn v8 (or variation) rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/local/lib/libproc\.a$'
/tmp/CHKROOTKIT_ROOT/usr/local/lib/libproc.a
OK
**** Test for '^Searching for Lion rootkit\.\.\.                               WARNING$'
Searching for Lion rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible Lion rootkit installed:$'
WARNING: Possible Lion rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/bin/mjy$'
/tmp/CHKROOTKIT_ROOT/bin/mjy
OK
**** Test for '^Searching for RSHA rootkit\.\.\.                               WARNING$'
Searching for RSHA rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible RSHA rootkit installed:$'
WARNING: Possible RSHA rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/bin/n3tstat$'
/tmp/CHKROOTKIT_ROOT/usr/bin/n3tstat
OK
**** Test for '^Searching for RH-Sharpe rootkit\.\.\.                          WARNING$'
Searching for RH-Sharpe rootkit...                          WARNING
OK
**** Test for '^WARNING: Possible RH-Sharpe rootkit installed:$'
WARNING: Possible RH-Sharpe rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/bin/lps$'
/tmp/CHKROOTKIT_ROOT/bin/lps
OK
**** Test for '^Searching for Ambient \(ark\) rootkit\.\.\.                      WARNING$'
Searching for Ambient (ark) rootkit...                      WARNING
OK
**** Test for '^WARNING: Possible Ambient's rootkit \(ark\) installed:$'
WARNING: Possible Ambient's rootkit (ark) installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/lib/\.ark\?$'
/tmp/CHKROOTKIT_ROOT/usr/lib/.ark?
/tmp/CHKROOTKIT_ROOT/usr/lib/.ark?
OK
**** Test for '^Searching for suspicious files and dirs\.\.\.                  WARNING$'
Searching for suspicious files and dirs...                  WARNING
OK
**** Test for '^WARNING: The following suspicious files and directories were found:$'
WARNING: The following suspicious files and directories were found:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?lib/\.1$'
/tmp/CHKROOTKIT_ROOT/usr/lib/.1
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?lib/\.aaa$'
/tmp/CHKROOTKIT_ROOT/usr/lib/.aaa
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?lib/\.1DIR$'
/tmp/CHKROOTKIT_ROOT/usr/lib/.1DIR
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?lib/\.ark\?$'
/tmp/CHKROOTKIT_ROOT/usr/lib/.ark?
/tmp/CHKROOTKIT_ROOT/usr/lib/.ark?
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?lib/\.\.\.DIR$'
/tmp/CHKROOTKIT_ROOT/usr/lib/...DIR
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?lib/\.bbb$'
/tmp/CHKROOTKIT_ROOT/usr/lib/.bbb
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?lib/\.DIR-aaa$'
/tmp/CHKROOTKIT_ROOT/usr/lib/.DIR-aaa
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?lib/\.\.\.$'
/tmp/CHKROOTKIT_ROOT/usr/lib/...
OK
**** Test for '^Searching for LPD Worm\.\.\.                                   WARNING$'
Searching for LPD Worm...                                   WARNING
OK
**** Test for '^WARNING: Possible LPD worm installed \(based on files found\)$'
WARNING: Possible LPD worm installed (based on files found)
OK
**** Test for '^Searching for Ramen Worm rootkit\.\.\.                         WARNING$'
Searching for Ramen Worm rootkit...                         WARNING
OK
**** Test for '^WARNING: Possible Ramen Worm rootkit installed:$'
WARNING: Possible Ramen Worm rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/src/\.poop/$'
/tmp/CHKROOTKIT_ROOT/usr/src/.poop/
OK
**** Test for '^Searching for Maniac rootkit\.\.\.                             WARNING$'
Searching for Maniac rootkit...                             WARNING
OK
**** Test for '^WARNING: Possible Maniac rootkit installed:$'
WARNING: Possible Maniac rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/bin/mailrc$'
/tmp/CHKROOTKIT_ROOT/usr/bin/mailrc
OK
**** Test for '^Searching for RK17 rootkit\.\.\.                               WARNING$'
Searching for RK17 rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible RK17 rootkit installed:$'
WARNING: Possible RK17 rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/www/httpd/cgi-bin/bogus\.cgi$'
/tmp/CHKROOTKIT_ROOT/www/httpd/cgi-bin/bogus.cgi
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/lib/number\.cgi$'
/tmp/CHKROOTKIT_ROOT/usr/lib/number.cgi
OK
**** Test for '^Searching for Ducoci rootkit\.\.\.                             WARNING$'
Searching for Ducoci rootkit...                             WARNING
OK
**** Test for '^WARNING: Possible Ducoci rootkit installed:$'
WARNING: Possible Ducoci rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/www/httpd/cgi-bin/last\.cgi$'
/tmp/CHKROOTKIT_ROOT/www/httpd/cgi-bin/last.cgi
OK
**** Test for '^Searching for Adore Worm\.\.\.                                 WARNING$'
Searching for Adore Worm...                                 WARNING
OK
**** Test for '^WARNING: Possible Adore Worm installed:$'
WARNING: Possible Adore Worm installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/bin/red\.tar$'
/tmp/CHKROOTKIT_ROOT/usr/bin/red.tar
OK
**** Test for '^Searching for ShitC Worm\.\.\.                                 WARNING$'
Searching for ShitC Worm...                                 WARNING
OK
**** Test for '^WARNING: Possible ShitC Worm installed:$'
WARNING: Possible ShitC Worm installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?bin/dy$'
/tmp/CHKROOTKIT_ROOT/usr/bin/dy
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/(usr/)?bin/frgy$'
/tmp/CHKROOTKIT_ROOT/usr/bin/frgy
OK
**** Test for '^Searching for Omega Worm\.\.\.                                 WARNING$'
Searching for Omega Worm...                                 WARNING
OK
**** Test for '^WARNING: Possible Omega Worm installed:$'
WARNING: Possible Omega Worm installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/dev/chr$'
/tmp/CHKROOTKIT_ROOT/dev/chr
OK
**** Test for '^Searching for Sadmind/IIS Worm\.\.\.                           WARNING$'
Searching for Sadmind/IIS Worm...                           WARNING
OK
**** Test for '^WARNING: Possible Sadmin/IIS Worm installed:$'
WARNING: Possible Sadmin/IIS Worm installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/dev/cuc$'
/tmp/CHKROOTKIT_ROOT/dev/cuc
OK
**** Test for '^Searching for MonKit\.\.\.                                     WARNING$'
Searching for MonKit...                                     WARNING
OK
**** Test for '^WARNING: Possible MonKit installed:$'
WARNING: Possible MonKit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/lib/libpikapp\.a$'
/tmp/CHKROOTKIT_ROOT/usr/lib/libpikapp.a
OK
**** Test for '^Searching for Showtee rootkit\.\.\.                            WARNING$'
Searching for Showtee rootkit...                            WARNING
OK
**** Test for '^WARNING: Possible Showtee rootkit installed:$'
WARNING: Possible Showtee rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/include/proc\.h$'
/tmp/CHKROOTKIT_ROOT/usr/include/proc.h
/tmp/CHKROOTKIT_ROOT/usr/include/proc.h
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/include/chk\.h$'
/tmp/CHKROOTKIT_ROOT/usr/include/chk.h
OK
**** Test for '^Searching for OpticKit\.\.\.                                   WARNING$'
Searching for OpticKit...                                   WARNING
OK
**** Test for '^WARNING: Possible OpticKit installed:$'
WARNING: Possible OpticKit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/bin/xsf$'
/tmp/CHKROOTKIT_ROOT/usr/bin/xsf
/tmp/CHKROOTKIT_ROOT/usr/bin/xsf
OK
**** Test for '^Searching for T\.R\.K\.\.\.                                      WARNING$'
Searching for T.R.K...                                      WARNING
OK
**** Test for '^WARNING: Possible T\.R\.K installed:$'
WARNING: Possible T.R.K installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/bin/xsf$'
/tmp/CHKROOTKIT_ROOT/usr/bin/xsf
/tmp/CHKROOTKIT_ROOT/usr/bin/xsf
OK
**** Test for '^Searching for Mithra rootkit\.\.\.                             WARNING$'
Searching for Mithra rootkit...                             WARNING
OK
**** Test for '^WARNING: Possible Mithra installed:$'
WARNING: Possible Mithra installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/lib/locale/uboot$'
/tmp/CHKROOTKIT_ROOT/usr/lib/locale/uboot
OK
**** Test for '^Searching for OBSD rootkit v1\.\.\.                            not tested$'
Searching for OBSD rootkit v1...                            not tested
OK
**** Test for '^Searching for LOC rootkit\.\.\.                                WARNING$'
Searching for LOC rootkit...                                WARNING
OK
**** Test for '^WARNING: Possible LOC rootkit installed:$'
WARNING: Possible LOC rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/xp$'
/tmp/CHKROOTKIT_ROOT/tmp/xp
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/sbin/epic$'
/tmp/CHKROOTKIT_ROOT/usr/sbin/epic
OK
**** Test for '^Searching for Romanian rootkit\.\.\.                           WARNING$'
Searching for Romanian rootkit...                           WARNING
OK
**** Test for '^WARNING: Possible Romanian rootkit installed:$'
WARNING: Possible Romanian rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/include/proc\.h$'
/tmp/CHKROOTKIT_ROOT/usr/include/proc.h
/tmp/CHKROOTKIT_ROOT/usr/include/proc.h
OK
**** Test for '^Searching for HKRK rootkit\.\.\.                               WARNING$'
Searching for HKRK rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible HKRK rootkit installed in /[^ ]+/CHKROOTKIT_ROOT/etc/rc\.d/init\.d/network$'
WARNING: Possible HKRK rootkit installed in /tmp/CHKROOTKIT_ROOT/etc/rc.d/init.d/network
OK
**** Test for '^Searching for Suckit rootkit\.\.\.                             WARNING$'
Searching for Suckit rootkit...                             WARNING
OK
**** Test for '^WARNING: Possible Suckit:$'
WARNING: Possible Suckit:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/dev/\.golf/$'
/tmp/CHKROOTKIT_ROOT/dev/.golf/
OK
**** Test for '^Searching for Volc rootkit\.\.\.                               WARNING$'
Searching for Volc rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible Volc rootkit installed:$'
WARNING: Possible Volc rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/bin/volc$'
/tmp/CHKROOTKIT_ROOT/usr/bin/volc
OK
**** Test for '^Searching for Gold2 rootkit\.\.\.                              WARNING$'
Searching for Gold2 rootkit...                              WARNING
OK
**** Test for '^WARNING: Possible Gold2 rootkit installed:$'
WARNING: Possible Gold2 rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/bin/ishit$'
/tmp/CHKROOTKIT_ROOT/usr/bin/ishit
OK
**** Test for '^Searching for TC2 rootkit\.\.\.                                WARNING$'
Searching for TC2 rootkit...                                WARNING
OK
**** Test for '^WARNING: Possible TC2 rootkit installed:$'
WARNING: Possible TC2 rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/sbin/initcheck$'
/tmp/CHKROOTKIT_ROOT/usr/sbin/initcheck
OK
**** Test for '^Searching for Anonoying rootkit\.\.\.                          WARNING$'
Searching for Anonoying rootkit...                          WARNING
OK
**** Test for '^WARNING: Possible Anonoying rootkit installed:$'
WARNING: Possible Anonoying rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/sbin/mech$'
/tmp/CHKROOTKIT_ROOT/usr/sbin/mech
OK
**** Test for '^Searching for ZK rootkit\.\.\.                                 WARNING$'
Searching for ZK rootkit...                                 WARNING
OK
**** Test for '^WARNING: Possible ZK rootkit installed:$'
WARNING: Possible ZK rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/etc/sysconfig/console/load\.zk$'
/tmp/CHKROOTKIT_ROOT/etc/sysconfig/console/load.zk
OK
**** Test for '^Searching for ShKit rootkit\.\.\.                              WARNING$'
Searching for ShKit rootkit...                              WARNING
OK
**** Test for '^WARNING: Possible ShKit rootkit installed:$'
WARNING: Possible ShKit rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/etc/ld\.so\.hash$'
/tmp/CHKROOTKIT_ROOT/etc/ld.so.hash
/tmp/CHKROOTKIT_ROOT/etc/ld.so.hash
OK
**** Test for '^Searching for AjaKit rootkit\.\.\.                             WARNING$'
Searching for AjaKit rootkit...                             WARNING
OK
**** Test for '^WARNING: Possible AjaKit rootkit installed:$'
WARNING: Possible AjaKit rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/dev/tux/$'
/tmp/CHKROOTKIT_ROOT/dev/tux/
OK
**** Test for '^Searching for zaRwT rootkit\.\.\.                              WARNING$'
Searching for zaRwT rootkit...                              WARNING
OK
**** Test for '^WARNING: Possible zaRwT rootkit installed:$'
WARNING: Possible zaRwT rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/bin/imout$'
/tmp/CHKROOTKIT_ROOT/bin/imout
OK
**** Test for '^Searching for Madalin rootkit\.\.\.                            WARNING$'
Searching for Madalin rootkit...                            WARNING
OK
**** Test for '^WARNING: Possible Madalin rootkit installed:$'
WARNING: Possible Madalin rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/include/icekey\.h$'
/tmp/CHKROOTKIT_ROOT/usr/include/icekey.h
OK
**** Test for '^Searching for Fu rootkit\.\.\.                                 WARNING$'
Searching for Fu rootkit...                                 WARNING
OK
**** Test for '^WARNING: Possible Fu rootkit installed:$'
WARNING: Possible Fu rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/sbin/xc$'
/tmp/CHKROOTKIT_ROOT/sbin/xc
OK
**** Test for '^Searching for Kenga3 rootkit\.\.\.                             WARNING$'
Searching for Kenga3 rootkit...                             WARNING
OK
**** Test for '^WARNING: Possible Kenga3 rootkit installed:$'
WARNING: Possible Kenga3 rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/include/\. \./$'
/tmp/CHKROOTKIT_ROOT/usr/include/. ./
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/include/\. \./foo$'
/tmp/CHKROOTKIT_ROOT/usr/include/. ./foo
OK
**** Test for '^Searching for ESRK rootkit\.\.\.                               WARNING$'
Searching for ESRK rootkit...                               WARNING
OK
**** Test for '^WARNING: Possible ESRK rootkit installed:$'
WARNING: Possible ESRK rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/lib/tcl5\.3/$'
/tmp/CHKROOTKIT_ROOT/usr/lib/tcl5.3/
OK
**** Test for '^Searching for rootedoor\.\.\.                                  WARNING$'
Searching for rootedoor...                                  WARNING
OK
**** Test for '^WARNING: Possible rootedoor installed:$'
WARNING: Possible rootedoor installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/sbin/rootedoor$'
/tmp/CHKROOTKIT_ROOT/usr/sbin/rootedoor
/tmp/CHKROOTKIT_ROOT/usr/sbin/rootedoor
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/sbin/rootedoor$'
/tmp/CHKROOTKIT_ROOT/sbin/rootedoor
/tmp/CHKROOTKIT_ROOT/sbin/rootedoor
OK
**** Test for '^Searching for ENYELKM rootkit\.\.\.                            WARNING$'
Searching for ENYELKM rootkit...                            WARNING
OK
**** Test for '^WARNING: Possible ENYELKM rootkit installed:$'
WARNING: Possible ENYELKM rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/etc/\.enyelkmOCULTAR\.ko/$'
/tmp/CHKROOTKIT_ROOT/etc/.enyelkmOCULTAR.ko/
OK
**** Test for '^Searching for common ssh-scanners\.\.\.                        WARNING$'
Searching for common ssh-scanners...                        WARNING
OK
**** Test for '^WARNING: Possible ssh-scanner installed:$'
WARNING: Possible ssh-scanner installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/var/tmp/vuln\.txt$'
/tmp/CHKROOTKIT_ROOT/var/tmp/vuln.txt
OK
**** Test for '^Searching for Linux/Ebury 1\.4 - Operation Windigo\.\.\.        WARNING$'
Searching for Linux/Ebury 1.4 - Operation Windigo...        WARNING
OK
**** Test for '^WARNING: /[^ ]+/CHKROOTKIT_ROOT/usr/sbin/ssh may be INFECTED by Linux/Ebury 1\.4$'
WARNING: /tmp/CHKROOTKIT_ROOT/usr/sbin/ssh may be INFECTED by Linux/Ebury 1.4
OK
**** Test for '^Searching for Linux/Ebury 1\.6\.\.\.                            WARNING$'
Searching for Linux/Ebury 1.6...                            WARNING
OK
**** Test for '^WARNING: Possible Linux/Ebury 1\.6 - Operation Windigo installed in /[^ ]+/CHKROOTKIT_ROOT/lib/x86_64-linux-gnu/libkeyutils\.so\.1$'
WARNING: Possible Linux/Ebury 1.6 - Operation Windigo installed in /tmp/CHKROOTKIT_ROOT/lib/x86_64-linux-gnu/libkeyutils.so.1
OK
**** Test for '^Searching for 64-bit Linux Rootkit\.\.\.                       WARNING$'
Searching for 64-bit Linux Rootkit...                       WARNING
OK
**** Test for '^WARNING: Possible 64-bit Linux Rootkit:'
WARNING: Possible 64-bit Linux Rootkit:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/local/hide/$'
/tmp/CHKROOTKIT_ROOT/usr/local/hide/
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/local/hide/foo$'
/tmp/CHKROOTKIT_ROOT/usr/local/hide/foo
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/etc/rc\.local$'
/tmp/CHKROOTKIT_ROOT/etc/rc.local
OK
**** Test for '^Searching for 64-bit Linux Rootkit modules\.\.\.               WARNING$'
Searching for 64-bit Linux Rootkit modules...               WARNING
OK
**** Test for '^WARNING: Possible 64-bit rootkit modules installed:$'
WARNING: Possible 64-bit rootkit modules installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/lib/modules/module_init\.ko$'
/tmp/CHKROOTKIT_ROOT/lib/modules/module_init.ko
OK
**** Test for '^Searching for Mumblehard\.\.\.                                 WARNING$'
Searching for Mumblehard...                                 WARNING
OK
**** Test for '^WARNING: Possible Mumblehard backdoor installed:$'
WARNING: Possible Mumblehard backdoor installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/var/spool/cron/crontabs/foo$'
/tmp/CHKROOTKIT_ROOT/var/spool/cron/crontabs/foo
OK
**** Test for '^Searching for Backdoor\.Linux\.Mokes\.a\.\.\.                     WARNING$'
Searching for Backdoor.Linux.Mokes.a...                     WARNING
OK
**** Test for '^WARNING: Possible Backdoor\.Linux\.Mokes\.a installed:$'
WARNING: Possible Backdoor.Linux.Mokes.a installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/ss0-0$'
/tmp/CHKROOTKIT_ROOT/tmp/ss0-0
OK
**** Test for '^Searching for Malicious TinyDNS\.\.\.                          WARNING$'
Searching for Malicious TinyDNS...                          WARNING
OK
**** Test for '^WARNING: Possible Malicious TinyDNS installed:$'
WARNING: Possible Malicious TinyDNS installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/home/ \./$'
/tmp/CHKROOTKIT_ROOT/home/ ./
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/home/ \./tinyDNS$'
/tmp/CHKROOTKIT_ROOT/home/ ./tinyDNS
OK
**** Test for '^Searching for Linux\.Xor\.DDoS\.\.\.                             WARNING$'
Searching for Linux.Xor.DDoS...                             WARNING
OK
**** Test for '^WARNING: Possible Linux\.Xor\.DDoS installed:$'
WARNING: Possible Linux.Xor.DDoS installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/strings$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/strings
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/uname$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/uname
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/head$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/head
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/find$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/find
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/echo$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/echo
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/netstat$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/netstat
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/ls$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/ls
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/ls\.orig$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/ls.orig
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/ps$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/ps
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/awk$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/awk
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/grep$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/grep
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/grep\.orig$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/grep.orig
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/dirname$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/dirname
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/ss$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/ss
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/sed$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/sed
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/cut$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/cut
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/id$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/id
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/xargs$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/xargs
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/clean/dpkg-query$'
/tmp/CHKROOTKIT_ROOT/tmp/clean/dpkg-query
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/test-chkrootkit-false-positive$'
/tmp/CHKROOTKIT_ROOT/tmp/test-chkrootkit-false-positive
OK
**** Test for '^Searching for Linux\.Proxy\.1\.0\.\.\.                            WARNING$'
Searching for Linux.Proxy.1.0...                            WARNING
OK
**** Test for '^WARNING: INFECTED: Possible Malicious Linux\.Proxy\.10 installed in /etc/passwd$'
WARNING: INFECTED: Possible Malicious Linux.Proxy.10 installed in /etc/passwd
OK
**** Test for '^Searching for CrossRAT\.\.\.                                   WARNING$'
Searching for CrossRAT...                                   WARNING
OK
**** Test for '^WARNING: Possible Malicious CrossRAT installed:$'
WARNING: Possible Malicious CrossRAT installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/var/mediamgrs\.jar$'
/tmp/CHKROOTKIT_ROOT/usr/var/mediamgrs.jar
OK
**** Test for '^Searching for Hidden Cobra\.\.\.                               WARNING$'
Searching for Hidden Cobra...                               WARNING
OK
**** Test for '^WARNING: Possible Malicious Hidden Cobra installed:$'
WARNING: Possible Malicious Hidden Cobra installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/\.ICE-unix/engine\.so$'
/tmp/CHKROOTKIT_ROOT/tmp/.ICE-unix/engine.so
OK
**** Test for '^Searching for Rocke Miner rootkit\.\.\.                        WARNING$'
Searching for Rocke Miner rootkit...                        WARNING
OK
**** Test for '^WARNING: Possible Rocke Miner rootkit installed:$'
WARNING: Possible Rocke Miner rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/etc/xig$'
/tmp/CHKROOTKIT_ROOT/etc/xig
OK
**** Test for '^Searching for PWNLNX4 lkm rootkit\.\.\.                        WARNING$'
Searching for PWNLNX4 lkm rootkit...                        WARNING
OK
**** Test for '^WARNING: Possible PWNLNX4 lkm rootkit installed:$'
WARNING: Possible PWNLNX4 lkm rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/var/tmp/\.1/$'
/tmp/CHKROOTKIT_ROOT/var/tmp/.1/
OK
**** Test for '^Searching for PWNLNX6 lkm rootkit\.\.\.                        WARNING$'
Searching for PWNLNX6 lkm rootkit...                        WARNING
OK
**** Test for '^WARNING: Possible PWNLNX6 lkm rootkit installed:$'
WARNING: Possible PWNLNX6 lkm rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/suterusu/$'
/tmp/CHKROOTKIT_ROOT/tmp/suterusu/
OK
**** Test for '^Searching for Umbreon lrk\.\.\.                                WARNING$'
Searching for Umbreon lrk...                                WARNING
OK
**** Test for '^WARNING: Possible Malicious UMBREON LRK installed:$'
WARNING: Possible Malicious UMBREON LRK installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/usr/share/libc\.so\.69$'
/tmp/CHKROOTKIT_ROOT/usr/share/libc.so.69
OK
**** Test for '^Searching for Kinsing\.a backdoor rootkit\.\.\.                 WARNING$'
Searching for Kinsing.a backdoor rootkit...                 WARNING
OK
**** Test for '^WARNING: Possible Kinsing\.a backdoor rootkit installed:$'
WARNING: Possible Kinsing.a backdoor rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/kdevtmpfsi$'
/tmp/CHKROOTKIT_ROOT/tmp/kdevtmpfsi
OK
**** Test for '^Searching for RotaJakiro backdoor rootkit\.\.\.                WARNING$'
Searching for RotaJakiro backdoor rootkit...                WARNING
OK
**** Test for '^WARNING: Possible RotaJakiro backdoor rootkit installed:$'
WARNING: Possible RotaJakiro backdoor rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/bin/systemd-daemon$'
/tmp/CHKROOTKIT_ROOT/bin/systemd-daemon
OK
**** Test for '^Searching for Syslogk LKM rootkit\.\.\.                        not tested$'
Searching for Syslogk LKM rootkit...                        not tested
OK
**** Test for '^Searching for Kovid LKM rootkit\.\.\.                          WARNING$'
Searching for Kovid LKM rootkit...                          WARNING
OK
**** Test for '^WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /[^ ]+/CHKROOTKIT_ROOT/proc/kovid$'
WARNING: INFECTED: Possible Malicious Kovid LKM rootkit installed: /tmp/CHKROOTKIT_ROOT/proc/kovid
OK
**** Test for '^Searching for Tsunami DDoS Malware rootkit\.\.\.               WARNING$'
Searching for Tsunami DDoS Malware rootkit...               WARNING
OK
**** Test for '^WARNING: Possible Tsunami DDoS Malware rootkit installed:$'
WARNING: Possible Tsunami DDoS Malware rootkit installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/bin/cls$'
/tmp/CHKROOTKIT_ROOT/bin/cls
OK
**** Test for '^Searching for Linux BPF Door\.\.\.                             WARNING$'
Searching for Linux BPF Door...                             WARNING
OK
**** Test for '^WARNING: Possible Linux BPFDoor Malware installed:$'
WARNING: Possible Linux BPFDoor Malware installed:
OK
**** Test for '^/proc/xx/stack$'
/proc/xx/stack
OK
**** Test for '^Searching for suspect PHP files\.\.\.                          WARNING$'
Searching for suspect PHP files...                          WARNING
OK
**** Test for '^WARNING: The following suspicious PHP files were found:$'
WARNING: The following suspicious PHP files were found:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/name\.php$'
/tmp/CHKROOTKIT_ROOT/tmp/name.php
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/sp ace/aaa' exit 1; "'
/tmp/CHKROOTKIT_ROOT/tmp/sp ace/aaa' exit 1; "
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/by-content$'
/tmp/CHKROOTKIT_ROOT/tmp/by-content
OK
**** Test for '^Searching for zero-size shell history files in /[^ ]+/CHKROOTKIT_ROOT/root\.\.\. WARNING$'
Searching for zero-size shell history files in /tmp/CHKROOTKIT_ROOT/root... WARNING
OK
**** Test for '^WARNING: Zero-size history files:$'
WARNING: Zero-size history files:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/root/\.whatever\.history$'
/tmp/CHKROOTKIT_ROOT/root/.whatever.history
/tmp/CHKROOTKIT_ROOT/root/.whatever.history
OK
**** Test for '^Searching for hardlinked shell history files in /[^ ]+/CHKROOTKIT_ROOT/root\.\.\. WARNING$'
Searching for hardlinked shell history files in /tmp/CHKROOTKIT_ROOT/root... WARNING
OK
**** Test for '^WARNING: shell history files hardlinked to another file:$'
WARNING: shell history files hardlinked to another file:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/root/\.whatever\.history$'
/tmp/CHKROOTKIT_ROOT/root/.whatever.history
/tmp/CHKROOTKIT_ROOT/root/.whatever.history
OK
**** Test for '^Checking `aliens'\.\.\.                                        finished$'
Checking `aliens'...                                        finished
OK
**** Test for '^Checking `asp'\.\.\.                                           WARNING$'
Checking `asp'...                                           WARNING
OK
**** Test for '^WARNING: Possible Ramen Worm installed in /[^ ]+/CHKROOTKIT_ROOT/etc/inetd\.conf$'
WARNING: Possible Ramen Worm installed in /tmp/CHKROOTKIT_ROOT/etc/inetd.conf
OK
**** Test for '^Checking `bindshell'\.\.\.                                     not tested$'
Checking `bindshell'...                                     not tested
OK
**** Test for '^Checking `lkm'\.\.\.                                           started$'
Checking `lkm'...                                           started
OK
**** Test for '^Searching for Adore LKM\.\.\.                                  not tested$'
Searching for Adore LKM...                                  not tested
OK
**** Test for '^Searching for sebek LKM \(Adore based\)\.\.\.                    not tested$'
Searching for sebek LKM (Adore based)...                    not tested
OK
**** Test for '^Searching for knark LKM rootkit\.\.\.                          not found$'
Searching for knark LKM rootkit...                          not found
OK
**** Test for '^Searching for for hidden processes with chkproc\.\.\.          not tested$'
Searching for for hidden processes with chkproc...          not tested
OK
**** Test for '^Searching for for hidden directories using chkdirs\.\.\.'
Searching for for hidden directories using chkdirs...       not found
OK
**** Test for '^Checking `lkm'\.\.\.                                           finished$'
Checking `lkm'...                                           finished
OK
**** Test for '^Checking `rexedcs'\.\.\.                                       INFECTED: /[^ ]+/CHKROOTKIT_ROOT/usr/bin/in\.rexedcs$'
Checking `rexedcs'...                                       INFECTED: /tmp/CHKROOTKIT_ROOT/usr/bin/in.rexedcs
OK
**** Test for '^Checking `sniffer'\.\.\.                                       not tested$'
Checking `sniffer'...                                       not tested
OK
**** Test for '^Checking `w55808'\.\.\.                                        WARNING$'
Checking `w55808'...                                        WARNING
OK
**** Test for '^WARNING: Possible 55808 Worm installed$'
WARNING: Possible 55808 Worm installed
OK
**** Test for '^Checking `wted'\.\.\.                                          not (tested|found)$'
Checking `wted'...                                          not found
OK
**** Test for '^Checking `scalper'\.\.\.                                       WARNING$'
Checking `scalper'...                                       WARNING
OK
**** Test for '^WARNING: Possible Scalper Worm installed$'
WARNING: Possible Scalper Worm installed
OK
**** Test for '^Checking `slapper'\.\.\.                                       WARNING$'
Checking `slapper'...                                       WARNING
OK
**** Test for '^WARNING: Possible Slapper Worm installed:$'
WARNING: Possible Slapper Worm installed:
OK
**** Test for '^/[^ ]+/CHKROOTKIT_ROOT/tmp/\.bugtraq\.c$'
/tmp/CHKROOTKIT_ROOT/tmp/.bugtraq.c
OK
**** Test for '^Checking `z2'\.\.\.                                            not (tested|found)$'
Checking `z2'...                                            not found
OK
**** Test for '^Checking `chkutmp'\.\.\.                                       not tested$'
Checking `chkutmp'...                                       not tested
OK
**** Test for '^Checking `OSX_RSPLUG'\.\.\.                                    not tested$'
Checking `OSX_RSPLUG'...                                    not tested
OK
** PASS: Testing: setting-rootdir (chkrootkit -p /tmp/clean -r /tmp/CHKROOTKIT_ROOT) done: PASS
* Resetting
Removing symlink: /tmp/CHKROOTKIT_ROOT
replace /etc/passwd with /etc/passwd.pre-rootkit
/etc/passwd
/etc/passwd-
replace /etc/inetd.conf with /etc/inetd.conf.pre-rootkit
/etc/inetd.conf
replace /lib/x86_64-linux-gnu/libkeyutils.so.1 with /lib/x86_64-linux-gnu/libkeyutils.so.1.pre-rootkit
/lib/x86_64-linux-gnu/libkeyutils.so.1
/lib/x86_64-linux-gnu/libkeyutils.so.1.10
kill: /usr/bin/atm
/tmp/clean/ls.orig: cannot access '/usr/bin/atm*': No such file or directory
kill: /tmp/tcp.log
/tmp/clean/ls.orig: cannot access '/tmp/tcp.log*': No such file or directory
kill: /var/lib/games/.k/foo
/tmp/clean/ls.orig: cannot access '/var/lib/games/.k/foo*': No such file or directory
kill: /usr/src/.poop/foo
/tmp/clean/ls.orig: cannot access '/usr/src/.poop/foo*': No such file or directory
kill: /dev/.golf/foo
/tmp/clean/ls.orig: cannot access '/dev/.golf/foo*': No such file or directory
kill: /dev/tux/foo
/tmp/clean/ls.orig: cannot access '/dev/tux/foo*': No such file or directory
kill: /usr/include/. ./foo
/tmp/clean/ls.orig: cannot access '/usr/include/. ./foo*': No such file or directory
kill: /usr/lib/tcl5.3/foo
/tmp/clean/ls.orig: cannot access '/usr/lib/tcl5.3/foo*': No such file or directory
kill: /etc/ttyhash
/tmp/clean/ls.orig: cannot access '/etc/ttyhash*': No such file or directory
kill: /usr/local/lib/libproc.a
/usr/local/lib/libproc.a*
kill: /bin/mjy
/tmp/clean/ls.orig: cannot access '/bin/mjy*': No such file or directory
kill: /usr/bin/n3tstat
/tmp/clean/ls.orig: cannot access '/usr/bin/n3tstat*': No such file or directory
kill: /bin/lps
/tmp/clean/ls.orig: cannot access '/bin/lps*': No such file or directory
kill: /usr/lib/.ark?
/tmp/clean/ls.orig: cannot access '/usr/lib/.ark?*': No such file or directory
kill: /usr/lib/number.cgi
/tmp/clean/ls.orig: cannot access '/usr/lib/number.cgi*': No such file or directory
kill: /www/httpd/cgi-bin/last.cgi
/tmp/clean/ls.orig: cannot access '/www/httpd/cgi-bin/last.cgi*': No such file or directory
kill: /usr/bin/red.tar
/tmp/clean/ls.orig: cannot access '/usr/bin/red.tar*': No such file or directory
kill: /bin/dy
/tmp/clean/ls.orig: cannot access '/bin/dy*': No such file or directory
kill: /dev/chr
/tmp/clean/ls.orig: cannot access '/dev/chr*': No such file or directory
kill: /dev/cucl
/tmp/clean/ls.orig: cannot access '/dev/cucl*': No such file or directory
kill: /usr/include/chk.h
/tmp/clean/ls.orig: cannot access '/usr/include/chk.h*': No such file or directory
kill: /usr/bin/xsf
/tmp/clean/ls.orig: cannot access '/usr/bin/xsf*': No such file or directory
kill: /usr/lib/locale/uboot
/tmp/clean/ls.orig: cannot access '/usr/lib/locale/uboot*': No such file or directory
kill: /tmp/xp
/tmp/clean/ls.orig: cannot access '/tmp/xp*': No such file or directory
kill: /usr/bin/volc
/tmp/clean/ls.orig: cannot access '/usr/bin/volc*': No such file or directory
kill: /usr/include/proc.h
/usr/include/proc.h*
kill: /etc/rc.d/init.d/network
/tmp/clean/ls.orig: cannot access '/etc/rc.d/init.d/network*': No such file or directory
kill: /usr/bin/ishit
/tmp/clean/ls.orig: cannot access '/usr/bin/ishit*': No such file or directory
kill: /usr/sbin/initcheck
/tmp/clean/ls.orig: cannot access '/usr/sbin/initcheck*': No such file or directory
kill: /usr/sbin/mech
/tmp/clean/ls.orig: cannot access '/usr/sbin/mech*': No such file or directory
kill: /etc/sysconfig/console/load.zk
/tmp/clean/ls.orig: cannot access '/etc/sysconfig/console/load.zk*': No such file or directory
kill: /etc/ld.so.hash
/tmp/clean/ls.orig: cannot access '/etc/ld.so.hash*': No such file or directory
kill: /bin/imout
/tmp/clean/ls.orig: cannot access '/bin/imout*': No such file or directory
kill: /usr/include/icekey.h
/tmp/clean/ls.orig: cannot access '/usr/include/icekey.h*': No such file or directory
kill: /sbin/xc
/tmp/clean/ls.orig: cannot access '/sbin/xc*': No such file or directory
kill: /sbin/rootedoor
/tmp/clean/ls.orig: cannot access '/sbin/rootedoor*': No such file or directory
kill: /etc/.enyelkmOCULTAR.ko/foo
/tmp/clean/ls.orig: cannot access '/etc/.enyelkmOCULTAR.ko/foo*': No such file or directory
kill: /var/tmp/vuln.txt
/tmp/clean/ls.orig: cannot access '/var/tmp/vuln.txt*': No such file or directory
kill: /usr/local/hide/foo
/tmp/clean/ls.orig: cannot access '/usr/local/hide/foo*': No such file or directory
kill: /lib/modules/module_init.ko
/tmp/clean/ls.orig: cannot access '/lib/modules/module_init.ko*': No such file or directory
kill: /tmp/ss0-0
/tmp/clean/ls.orig: cannot access '/tmp/ss0-0*': No such file or directory
kill: /usr/var/mediamgrs.jar
/tmp/clean/ls.orig: cannot access '/usr/var/mediamgrs.jar*': No such file or directory
kill: /tmp/.ICE-unix/engine.so
/tmp/clean/ls.orig: cannot access '/tmp/.ICE-unix/engine.so*': No such file or directory
kill: /etc/xig
/tmp/clean/ls.orig: cannot access '/etc/xig*': No such file or directory
kill: /var/tmp/.1/x
/tmp/clean/ls.orig: cannot access '/var/tmp/.1/x*': No such file or directory
kill: /var/run/.tmp/y
/tmp/clean/ls.orig: cannot access '/var/run/.tmp/y*': No such file or directory
kill: /tmp/suterusu/pwnlnx6
/tmp/clean/ls.orig: cannot access '/tmp/suterusu/pwnlnx6*': No such file or directory
kill: /usr/share/libc.so.69
/tmp/clean/ls.orig: cannot access '/usr/share/libc.so.69*': No such file or directory
kill: /tmp/kdevtmpfsi
/tmp/clean/ls.orig: cannot access '/tmp/kdevtmpfsi*': No such file or directory
kill: /bin/systemd-daemon
/tmp/clean/ls.orig: cannot access '/bin/systemd-daemon*': No such file or directory
kill: /syslogk
/tmp/clean/ls.orig: cannot access '/syslogk*': No such file or directory
kill: /root/.whatever.history
/root/.whatever.history.hardlink
kill: /root/.whatever.history.hardlink
/tmp/clean/ls.orig: cannot access '/root/.whatever.history.hardlink*': No such file or directory
kill: /tmp/name.php
/tmp/clean/ls.orig: cannot access '/tmp/name.php*': No such file or directory
kill: /bin/.ps
/tmp/clean/ls.orig: cannot access '/bin/.ps*': No such file or directory
kill: /usr/bin/mailrc
/tmp/clean/ls.orig: cannot access '/usr/bin/mailrc*': No such file or directory
kill: /www/httpd/cgi-bin/bogus.cgi
/tmp/clean/ls.orig: cannot access '/www/httpd/cgi-bin/bogus.cgi*': No such file or directory
kill: /bin/frgy
/tmp/clean/ls.orig: cannot access '/bin/frgy*': No such file or directory
kill: /dev/cuc
/tmp/clean/ls.orig: cannot access '/dev/cuc*': No such file or directory
kill: /usr/lib/libpikapp.a
/tmp/clean/ls.orig: cannot access '/usr/lib/libpikapp.a*': No such file or directory
kill: /var/spool/cron/crontabs/foo
/tmp/clean/ls.orig: cannot access '/var/spool/cron/crontabs/foo*': No such file or directory
kill: /etc/rc.local
/tmp/clean/ls.orig: cannot access '/etc/rc.local*': No such file or directory
kill: /sbin/ssh
/sbin/sshd
/sbin/sshd.to_replace
kill: /dev/bad-file
/tmp/clean/ls.orig: cannot access '/dev/bad-file*': No such file or directory
kill: /home/ ./tinyDNS
/tmp/clean/ls.orig: cannot access '/home/ ./tinyDNS*': No such file or directory
kill: /tmp/by-content
/tmp/clean/ls.orig: cannot access '/tmp/by-content*': No such file or directory
kill: /bin/in.rexedcs
/tmp/clean/ls.orig: cannot access '/bin/in.rexedcs*': No such file or directory
kill: /tmp/.uua
/tmp/clean/ls.orig: cannot access '/tmp/.uua*': No such file or directory
kill: /tmp/.bugtraq.c
/tmp/clean/ls.orig: cannot access '/tmp/.bugtraq.c*': No such file or directory
kill: /tmp/.../r
/tmp/clean/ls.orig: cannot access '/tmp/.../r*': No such file or directory
kill: /bin/cls
/tmp/clean/ls.orig: cannot access '/bin/cls*': No such file or directory
kill: /tmp/sp ace/aaa' exit 1; "
/tmp/clean/ls.orig: cannot access '/tmp/sp ace/aaa'\'' exit 1; "*': No such file or directory
TO_REPLACE: restoring /usr/sbin/amd with /usr/sbin/amd.to_replace
/usr/sbin/amd
TO_REPLACE: restoring /usr/bin/basename with /usr/bin/basename.to_replace
/usr/bin/basename
TO_REPLACE: restoring /usr/sbin/biff with /usr/sbin/biff.to_replace
/usr/sbin/biff
TO_REPLACE: restoring /usr/bin/chfn with /usr/bin/chfn.to_replace
/usr/bin/chfn
TO_REPLACE: restoring /usr/bin/chsh with /usr/bin/chsh.to_replace
/usr/bin/chsh
TO_REPLACE: restoring /usr/sbin/cron with /usr/sbin/cron.to_replace
/usr/sbin/cron
/usr/sbin/crontab
/usr/sbin/crontab.to_replace
TO_REPLACE: restoring /usr/bin/date with /usr/bin/date.to_replace
/usr/bin/date
TO_REPLACE: restoring /usr/bin/du with /usr/bin/du.to_replace
/usr/bin/du
TO_REPLACE: restoring /usr/bin/dirname with /usr/bin/dirname.to_replace
/usr/bin/dirname
TO_REPLACE: restoring /usr/bin/echo with /usr/bin/echo.to_replace
/usr/bin/echo
TO_REPLACE: restoring /usr/bin/egrep with /usr/bin/egrep.to_replace
/usr/bin/egrep
TO_REPLACE: restoring /usr/bin/env with /usr/bin/env.to_replace
/usr/bin/env
/usr/bin/envsubst
TO_REPLACE: restoring /usr/bin/find with /usr/bin/find.to_replace
/usr/bin/find
/usr/bin/findmnt
/usr/bin/findrule
TO_REPLACE: restoring /usr/sbin/fingerd with /usr/sbin/fingerd.to_replace
/usr/sbin/fingerd
TO_REPLACE: restoring /usr/sbin/gpm with /usr/sbin/gpm.to_replace
/usr/sbin/gpm
TO_REPLACE: restoring /usr/bin/grep with /usr/bin/grep.to_replace
/usr/bin/grep
/usr/bin/grepdiff
TO_REPLACE: restoring /usr/sbin/hdparm with /usr/sbin/hdparm.to_replace
/usr/sbin/hdparm
TO_REPLACE: restoring /usr/bin/su with /usr/bin/su.to_replace
/usr/bin/su
/usr/bin/sum
TO_REPLACE: restoring /usr/sbin/ifconfig with /usr/sbin/ifconfig.to_replace
/usr/sbin/ifconfig
TO_REPLACE: restoring /usr/sbin/inetd with /usr/sbin/inetd.to_replace
/usr/sbin/inetd
/usr/sbin/inetdconf
TO_REPLACE: restoring /usr/sbin/in.identd with /usr/sbin/in.identd.to_replace
/usr/sbin/in.identd
TO_REPLACE: restoring /usr/sbin/init with /usr/sbin/init.to_replace
/usr/sbin/init
TO_REPLACE: restoring /usr/sbin/killall with /usr/sbin/killall.to_replace
/usr/sbin/killall
/usr/sbin/killall5
/usr/sbin/killall5.to_replace
TO_REPLACE: restoring /usr/bin/login with /usr/bin/login.to_replace
/usr/bin/login
TO_REPLACE: restoring /usr/bin/ls with /usr/bin/ls.to_replace
/usr/bin/ls
/usr/bin/lsattr
/usr/bin/lsblk
/usr/bin/lscpu
/usr/bin/lsdiff
/usr/bin/lsipc
/usr/bin/lslocks
/usr/bin/lslogins
/usr/bin/lsmem
/usr/bin/lsns
TO_REPLACE: restoring /usr/sbin/lsof with /usr/sbin/lsof.to_replace
/usr/sbin/lsof
TO_REPLACE: restoring /usr/sbin/mail with /usr/sbin/mail.to_replace
/usr/sbin/mail
TO_REPLACE: restoring /usr/sbin/mingetty with /usr/sbin/mingetty.to_replace
/usr/sbin/mingetty
TO_REPLACE: restoring /usr/bin/netstat with /usr/bin/netstat.to_replace
/usr/bin/netstat
TO_REPLACE: restoring /usr/sbin/named with /usr/sbin/named.to_replace
/usr/sbin/named
TO_REPLACE: restoring /usr/bin/passwd with /usr/bin/passwd.to_replace
/usr/bin/passwd
TO_REPLACE: restoring /usr/sbin/killall5 with /usr/sbin/killall5.to_replace
/usr/sbin/killall5
TO_REPLACE: restoring /usr/sbin/in.pop2d with /usr/sbin/in.pop2d.to_replace
/usr/sbin/in.pop2d
TO_REPLACE: restoring /usr/sbin/in.pop3d with /usr/sbin/in.pop3d.to_replace
/usr/sbin/in.pop3d
TO_REPLACE: restoring /usr/bin/ps with /usr/bin/ps.to_replace
/usr/bin/ps
TO_REPLACE: restoring /usr/sbin/pstree with /usr/sbin/pstree.to_replace
/usr/sbin/pstree
TO_REPLACE: restoring /usr/sbin/rpcinfo with /usr/sbin/rpcinfo.to_replace
/usr/sbin/rpcinfo
TO_REPLACE: restoring /usr/sbin/slogin with /usr/sbin/slogin.to_replace
/usr/sbin/slogin
TO_REPLACE: restoring /usr/sbin/sendmail with /usr/sbin/sendmail.to_replace
/usr/sbin/sendmail
TO_REPLACE: restoring /usr/sbin/sshd with /usr/sbin/sshd.to_replace
/usr/sbin/sshd
TO_REPLACE: restoring /usr/sbin/syslogd with /usr/sbin/syslogd.to_replace
/usr/sbin/syslogd
TO_REPLACE: restoring /usr/bin/tar with /usr/bin/tar.to_replace
/usr/bin/tar
TO_REPLACE: restoring /usr/sbin/tcpd with /usr/sbin/tcpd.to_replace
/usr/sbin/tcpd
/usr/sbin/tcpdump
TO_REPLACE: restoring /usr/bin/top with /usr/bin/top.to_replace
/usr/bin/top
TO_REPLACE: restoring /usr/sbin/telnetd with /usr/sbin/telnetd.to_replace
/usr/sbin/telnetd
TO_REPLACE: restoring /usr/sbin/timed with /usr/sbin/timed.to_replace
/usr/sbin/timed
TO_REPLACE: restoring /usr/sbin/traceroute with /usr/sbin/traceroute.to_replace
/usr/sbin/traceroute
TO_REPLACE: restoring /usr/bin/vdir with /usr/bin/vdir.to_replace
/usr/bin/vdir
TO_REPLACE: restoring /usr/bin/w with /usr/bin/w.to_replace
/usr/bin/w
/usr/bin/wall
/usr/bin/watch
/usr/bin/wc
/usr/bin/wdctl
/usr/bin/whatis
/usr/bin/whereis
/usr/bin/which
/usr/bin/which.debianutils
/usr/bin/who
/usr/bin/whoami
TO_REPLACE: restoring /usr/sbin/write with /usr/sbin/write.to_replace
/usr/sbin/write
TO_REPLACE: restoring /usr/sbin/crontab with /usr/sbin/crontab.to_replace
/usr/sbin/crontab
TO_DELETE: rm /usr/sbin/in.rlogind
/tmp/clean/ls.orig: cannot access '/usr/sbin/in.rlogind*': No such file or directory
TO_DELETE: rm /usr/sbin/asp
/tmp/clean/ls.orig: cannot access '/usr/sbin/asp*': No such file or directory
TO_DELETE: rm /usr/sbin/epic
/tmp/clean/ls.orig: cannot access '/usr/sbin/epic*': No such file or directory
MADE: rm /usr/sbin/amd
/tmp/clean/ls.orig: cannot access '/usr/sbin/amd*': No such file or directory
MADE: rm /etc/amd.conf
/tmp/clean/ls.orig: cannot access '/etc/amd.conf*': No such file or directory
MADE: rm /usr/sbin/biff
/tmp/clean/ls.orig: cannot access '/usr/sbin/biff*': No such file or directory
MADE: rm /etc/biff.conf
/tmp/clean/ls.orig: cannot access '/etc/biff.conf*': No such file or directory
MADE: rm /usr/sbin/cron
/usr/sbin/crontab
MADE: rm /etc/cron.conf
/tmp/clean/ls.orig: cannot access '/etc/cron.conf*': No such file or directory
MADE: rm /usr/sbin/crontab
/tmp/clean/ls.orig: cannot access '/usr/sbin/crontab*': No such file or directory
MADE: rm /etc/crontab.conf
/tmp/clean/ls.orig: cannot access '/etc/crontab.conf*': No such file or directory
MADE: rm /usr/sbin/fingerd
/tmp/clean/ls.orig: cannot access '/usr/sbin/fingerd*': No such file or directory
MADE: rm /etc/fingerd.conf
/tmp/clean/ls.orig: cannot access '/etc/fingerd.conf*': No such file or directory
MADE: rm /usr/sbin/in.fingerd
/tmp/clean/ls.orig: cannot access '/usr/sbin/in.fingerd*': No such file or directory
MADE: rm /etc/in.fingerd.conf
/tmp/clean/ls.orig: cannot access '/etc/in.fingerd.conf*': No such file or directory
MADE: rm /usr/sbin/gpm
/tmp/clean/ls.orig: cannot access '/usr/sbin/gpm*': No such file or directory
MADE: rm /etc/gpm.conf
/tmp/clean/ls.orig: cannot access '/etc/gpm.conf*': No such file or directory
MADE: rm /usr/sbin/hdparm
/tmp/clean/ls.orig: cannot access '/usr/sbin/hdparm*': No such file or directory
MADE: rm /etc/hdparm.conf
/tmp/clean/ls.orig: cannot access '/etc/hdparm.conf*': No such file or directory
MADE: rm /usr/sbin/inetd
/usr/sbin/inetdconf
MADE: rm /etc/inetd.conf
/tmp/clean/ls.orig: cannot access '/etc/inetd.conf*': No such file or directory
MADE: rm /usr/sbin/in.identd
/tmp/clean/ls.orig: cannot access '/usr/sbin/in.identd*': No such file or directory
MADE: rm /etc/in.identd.conf
/tmp/clean/ls.orig: cannot access '/etc/in.identd.conf*': No such file or directory
MADE: rm /usr/sbin/inetdconf
/tmp/clean/ls.orig: cannot access '/usr/sbin/inetdconf*': No such file or directory
MADE: rm /etc/inetdconf.conf
/tmp/clean/ls.orig: cannot access '/etc/inetdconf.conf*': No such file or directory
MADE: rm /usr/sbin/init
/tmp/clean/ls.orig: cannot access '/usr/sbin/init*': No such file or directory
MADE: rm /etc/init.conf
/tmp/clean/ls.orig: cannot access '/etc/init.conf*': No such file or directory
MADE: rm /usr/sbin/killall
/usr/sbin/killall5
MADE: rm /etc/killall.conf
/tmp/clean/ls.orig: cannot access '/etc/killall.conf*': No such file or directory
MADE: rm /usr/sbin/lsof
/tmp/clean/ls.orig: cannot access '/usr/sbin/lsof*': No such file or directory
MADE: rm /etc/lsof.conf
/tmp/clean/ls.orig: cannot access '/etc/lsof.conf*': No such file or directory
MADE: rm /usr/sbin/mail
/tmp/clean/ls.orig: cannot access '/usr/sbin/mail*': No such file or directory
MADE: rm /etc/mail.conf
/tmp/clean/ls.orig: cannot access '/etc/mail.conf*': No such file or directory
MADE: rm /usr/sbin/mingetty
/tmp/clean/ls.orig: cannot access '/usr/sbin/mingetty*': No such file or directory
MADE: rm /etc/mingetty.conf
/tmp/clean/ls.orig: cannot access '/etc/mingetty.conf*': No such file or directory
MADE: rm /usr/sbin/named
/tmp/clean/ls.orig: cannot access '/usr/sbin/named*': No such file or directory
MADE: rm /etc/named.conf
/tmp/clean/ls.orig: cannot access '/etc/named.conf*': No such file or directory
MADE: rm /usr/sbin/in.pop2d
/tmp/clean/ls.orig: cannot access '/usr/sbin/in.pop2d*': No such file or directory
MADE: rm /etc/in.pop2d.conf
/tmp/clean/ls.orig: cannot access '/etc/in.pop2d.conf*': No such file or directory
MADE: rm /usr/sbin/in.pop3d
/tmp/clean/ls.orig: cannot access '/usr/sbin/in.pop3d*': No such file or directory
MADE: rm /etc/in.pop3d.conf
/tmp/clean/ls.orig: cannot access '/etc/in.pop3d.conf*': No such file or directory
MADE: rm /usr/sbin/write
/tmp/clean/ls.orig: cannot access '/usr/sbin/write*': No such file or directory
MADE: rm /etc/write.conf
/tmp/clean/ls.orig: cannot access '/etc/write.conf*': No such file or directory
MADE: rm /usr/sbin/pstree
/tmp/clean/ls.orig: cannot access '/usr/sbin/pstree*': No such file or directory
MADE: rm /etc/pstree.conf
/tmp/clean/ls.orig: cannot access '/etc/pstree.conf*': No such file or directory
MADE: rm /usr/sbin/rpcinfo
/tmp/clean/ls.orig: cannot access '/usr/sbin/rpcinfo*': No such file or directory
MADE: rm /etc/rpcinfo.conf
/tmp/clean/ls.orig: cannot access '/etc/rpcinfo.conf*': No such file or directory
MADE: rm /usr/sbin/rlogind
/tmp/clean/ls.orig: cannot access '/usr/sbin/rlogind*': No such file or directory
MADE: rm /etc/rlogind.conf
/tmp/clean/ls.orig: cannot access '/etc/rlogind.conf*': No such file or directory
MADE: rm /usr/sbin/in.rshd
/tmp/clean/ls.orig: cannot access '/usr/sbin/in.rshd*': No such file or directory
MADE: rm /etc/in.rshd.conf
/tmp/clean/ls.orig: cannot access '/etc/in.rshd.conf*': No such file or directory
MADE: rm /usr/sbin/slogin
/tmp/clean/ls.orig: cannot access '/usr/sbin/slogin*': No such file or directory
MADE: rm /etc/slogin.conf
/tmp/clean/ls.orig: cannot access '/etc/slogin.conf*': No such file or directory
MADE: rm /usr/sbin/sendmail
/tmp/clean/ls.orig: cannot access '/usr/sbin/sendmail*': No such file or directory
MADE: rm /etc/sendmail.conf
/tmp/clean/ls.orig: cannot access '/etc/sendmail.conf*': No such file or directory
MADE: rm /usr/sbin/sshd
/tmp/clean/ls.orig: cannot access '/usr/sbin/sshd*': No such file or directory
MADE: rm /etc/sshd.conf
/tmp/clean/ls.orig: cannot access '/etc/sshd.conf*': No such file or directory
MADE: rm /usr/sbin/syslogd
/tmp/clean/ls.orig: cannot access '/usr/sbin/syslogd*': No such file or directory
MADE: rm /etc/syslogd.conf
/tmp/clean/ls.orig: cannot access '/etc/syslogd.conf*': No such file or directory
MADE: rm /usr/sbin/tcpd
/usr/sbin/tcpdump
MADE: rm /etc/tcpd.conf
/tmp/clean/ls.orig: cannot access '/etc/tcpd.conf*': No such file or directory
MADE: rm /usr/sbin/tcpdump
/tmp/clean/ls.orig: cannot access '/usr/sbin/tcpdump*': No such file or directory
MADE: rm /etc/tcpdump.conf
/tmp/clean/ls.orig: cannot access '/etc/tcpdump.conf*': No such file or directory
MADE: rm /usr/sbin/telnetd
/tmp/clean/ls.orig: cannot access '/usr/sbin/telnetd*': No such file or directory
MADE: rm /etc/telnetd.conf
/tmp/clean/ls.orig: cannot access '/etc/telnetd.conf*': No such file or directory
MADE: rm /usr/sbin/timed
/tmp/clean/ls.orig: cannot access '/usr/sbin/timed*': No such file or directory
MADE: rm /etc/timed.conf
/tmp/clean/ls.orig: cannot access '/etc/timed.conf*': No such file or directory
MADE: rm /usr/sbin/traceroute
/tmp/clean/ls.orig: cannot access '/usr/sbin/traceroute*': No such file or directory
MADE: rm /etc/traceroute.conf
/tmp/clean/ls.orig: cannot access '/etc/traceroute.conf*': No such file or directory
done
* Closing down the testsuite
Restoring /etc/chkrootkit/chkrootkit.conf from /etc/chkrootkit/chkrootkit.conf.orig
Restoring /etc/chkrootkit/chkrootkit.ignore from /etc/chkrootkit/chkrootkit.ignore.orig
DONE
* test-chkrootkit: FAIL
autopkgtest [00:37:01]: test test-chkrootkit: -----------------------]
test-chkrootkit      FAIL non-zero exit status 1
autopkgtest [00:37:01]: test test-chkrootkit:  - - - - - - - - - - results - - - - - - - - - -
autopkgtest [00:37:01]: test test-chkrootkit:  - - - - - - - - - - stderr - - - - - - - - - -
cat: /etc/chkrootkit/chkrootkit.conf: No such file or directory
cat: /etc/chkrootkit/chkrootkit.conf: No such file or directory
cat: /etc/chkrootkit/chkrootkit.conf: No such file or directory
autopkgtest [00:37:01]: @@@@@@@@@@@@@@@@@@@@ summary
test-chkrootkit      FAIL non-zero exit status 1

aborted: False
returncode: 4

Files in working directory:
artifact-dir
artifact-dir/binaries
artifact-dir/binaries/binutils-aarch64-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-aarch64-linux-gnu.deb
artifact-dir/binaries/binutils-alpha-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-alpha-linux-gnu.deb
artifact-dir/binaries/binutils-arc-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-arc-linux-gnu.deb
artifact-dir/binaries/binutils-arm-linux-gnueabi-dbg.deb
artifact-dir/binaries/binutils-arm-linux-gnueabi.deb
artifact-dir/binaries/binutils-arm-linux-gnueabihf-dbg.deb
artifact-dir/binaries/binutils-arm-linux-gnueabihf.deb
artifact-dir/binaries/binutils-common.deb
artifact-dir/binaries/binutils-dev.deb
artifact-dir/binaries/binutils-doc.deb
artifact-dir/binaries/binutils-for-build.deb
artifact-dir/binaries/binutils-for-host.deb
artifact-dir/binaries/binutils-hppa-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-hppa-linux-gnu.deb
artifact-dir/binaries/binutils-hppa64-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-hppa64-linux-gnu.deb
artifact-dir/binaries/binutils-i686-gnu-dbg.deb
artifact-dir/binaries/binutils-i686-gnu.deb
artifact-dir/binaries/binutils-i686-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-i686-linux-gnu.deb
artifact-dir/binaries/binutils-loongarch64-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-loongarch64-linux-gnu.deb
artifact-dir/binaries/binutils-m68k-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-m68k-linux-gnu.deb
artifact-dir/binaries/binutils-multiarch-dbg.deb
artifact-dir/binaries/binutils-multiarch-dev.deb
artifact-dir/binaries/binutils-multiarch.deb
artifact-dir/binaries/binutils-powerpc-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-powerpc-linux-gnu.deb
artifact-dir/binaries/binutils-powerpc64-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-powerpc64-linux-gnu.deb
artifact-dir/binaries/binutils-powerpc64le-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-powerpc64le-linux-gnu.deb
artifact-dir/binaries/binutils-riscv64-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-riscv64-linux-gnu.deb
artifact-dir/binaries/binutils-s390x-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-s390x-linux-gnu.deb
artifact-dir/binaries/binutils-sh4-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-sh4-linux-gnu.deb
artifact-dir/binaries/binutils-source.deb
artifact-dir/binaries/binutils-sparc-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-sparc-linux-gnu.deb
artifact-dir/binaries/binutils-sparc64-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-sparc64-linux-gnu.deb
artifact-dir/binaries/binutils-x86-64-gnu-dbg.deb
artifact-dir/binaries/binutils-x86-64-gnu.deb
artifact-dir/binaries/binutils-x86-64-linux-gnu-dbg.deb
artifact-dir/binaries/binutils-x86-64-linux-gnu.deb
artifact-dir/binaries/binutils-x86-64-linux-gnux32-dbg.deb
artifact-dir/binaries/binutils-x86-64-linux-gnux32.deb
artifact-dir/binaries/binutils.deb
artifact-dir/binaries/chkrootkit.deb
artifact-dir/binaries/libbinutils-dbg.deb
artifact-dir/binaries/libbinutils.deb
artifact-dir/binaries/libctf-nobfd0-dbg.deb
artifact-dir/binaries/libctf-nobfd0.deb
artifact-dir/binaries/libctf0-dbg.deb
artifact-dir/binaries/libctf0.deb
artifact-dir/binaries/libgprofng0-dbg.deb
artifact-dir/binaries/libgprofng0.deb
artifact-dir/binaries/libsframe1-dbg.deb
artifact-dir/binaries/libsframe1.deb
artifact-dir/log
artifact-dir/summary
artifact-dir/test-chkrootkit-packages
artifact-dir/test-chkrootkit-stderr
artifact-dir/test-chkrootkit-stdout
artifact-dir/testbed-packages
artifact-dir/testinfo.json
artifact-dir/testpkg-version
--------------------

Relations

Relation	Type	Name
relates-to	Source package	chkrootkit_0.58b-3
relates-to	Binary package	chkrootkit_0.58b-3+b1_amd64
relates-to	Package upload	binutils_2.43.50.20250108-1.1
relates-to	Package upload	binutils_2.43.50.20250108-1.1