From 575e5144d5c704446ee3ffb286675e6d9be6abaa Mon Sep 17 00:00:00 2001
From: KiekerJan <github@kiekerjan.isdronken.nl>
Date: Sat, 1 May 2021 23:36:51 +0200
Subject: [PATCH] add ignore file for chkrootkit

---
 conf/chkrootkit.ignore | 1 +
 setup/additionals.sh   | 7 +++++--
 2 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 conf/chkrootkit.ignore

diff --git a/conf/chkrootkit.ignore b/conf/chkrootkit.ignore
new file mode 100644
index 00000000..fb9613fc
--- /dev/null
+++ b/conf/chkrootkit.ignore
@@ -0,0 +1 @@
+^eth[0-9]{1}: PACKET SNIFFER\(\/usr\/lib\/systemd\/systemd-networkd\[[0-9]+\]\)$
diff --git a/setup/additionals.sh b/setup/additionals.sh
index 378dab84..c0996155 100644
--- a/setup/additionals.sh
+++ b/setup/additionals.sh
@@ -48,10 +48,13 @@ tools/editconf.py /etc/default/rkhunter \
         CRON_DB_UPDATE='"true"' \
         APT_AUTOGEN='"true"'
 
+hide_output install -m 644 conf/chkrootkit.ignore /etc/
+
 tools/editconf.py /etc/chkrootkit.conf \
         RUN_DAILY='"true"' \
-        DIFF_MODE='"true"'
+        DIFF_MODE='"true"' \
+        IGNORE_FILE="/etc/chkrootkit.ignore"
 
 # Should be last, update expected output
 rkhunter --propupd
-chkrootkit -q > /var/log/chkrootkit/log.expected
+chkrootkit -q | egrep -v -f /etc/chkrootkit.ignore  > /var/log/chkrootkit/log.expected