Attachment #425728 for bug #529308

View | Details | Raw Unified | Return to bug 529308
Collapse All | Expand All

Lines 10-15 Link Here

(-)chkrootkit-0.50.old/chkrootkit (-143 / +153 lines)
10	# (c)1997-2014 Nelson Murilo, Pangeia Informatica, AMS Foundation and others.	10	# (c)1997-2014 Nelson Murilo, Pangeia Informatica, AMS Foundation and others.
11	# All rights reserved	11	# All rights reserved
12		12
		13	# Gentoo specific : Could use `type <command> \| cut -f 3 -d " "`
		14	IFPROMISC="/usr/sbin/ifpromisc"
		15	CHKDIRS="/usr/sbin/chkdirs"
		16	CHKLASTLOG="/usr/sbin/chklastlog"
		17	CHKPROC="/usr/sbin/chkproc"
		18	CHKWTMP="/usr/sbin/chkwtmp"
		19	CHKUTMP="/usr/sbin/chkutmp"
		20	CHECK_WTMPX="/usr/sbin/check_wtmpx"
		21	STRINGS="/usr/sbin/strings-static"
		22
13	### workaround for some Bourne shell implementations	23	### workaround for some Bourne shell implementations
14	unalias login > /dev/null 2>&1	24	unalias login > /dev/null 2>&1
15	unalias ls > /dev/null 2>&1	25	unalias ls > /dev/null 2>&1
Lines 151-157 Link Here
151		161
152	if [ "${EXPERT}" = "t" ]; then	162	if [ "${EXPERT}" = "t" ]; then
153	expertmode_output "${egrep} ^asp ${ROOTDIR}etc/inetd.conf"	163	expertmode_output "${egrep} ^asp ${ROOTDIR}etc/inetd.conf"
154	expertmode_output "${strings} -a ${CMD}"	164	expertmode_output "${STRINGS} -a ${CMD}"
155	return 5	165	return 5
156	fi	166	fi
157		167
Lines 163-169 Link Here
163	if [ "${QUIET}" != "t" ]; then echo "not infected"; fi	173	if [ "${QUIET}" != "t" ]; then echo "not infected"; fi
164	return ${NOT_INFECTED}	174	return ${NOT_INFECTED}
165	fi	175	fi
166	if ${strings} -a ${CMD} \| ${egrep} "${ASP_LABEL}" >/dev/null 2>&1; then	176	if ${STRINGS} -a ${CMD} \| ${egrep} "${ASP_LABEL}" >/dev/null 2>&1; then
167	echo "INFECTED"	177	echo "INFECTED"
168	STATUS=${INFECTED}	178	STATUS=${INFECTED}
169	else	179	else
Lines 184-206 Link Here
184	fi	194	fi
185		195
186	if [ "${EXPERT}" = "t" ]; then	196	if [ "${EXPERT}" = "t" ]; then
187	expertmode_output "./ifpromisc" -v	197	expertmode_output "${IFPROMISC}" -v
188	return 5	198	return 5
189	fi	199	fi
190	if [ ! -x ./ifpromisc ]; then	200	if [ ! -x ${IFPROMISC} ]; then
191	echo "not tested: can't exec ./ifpromisc"	201	echo "not tested: can't exec ${IFPROMISC}"
192	return ${NOT_TESTED}	202	return ${NOT_TESTED}
193	else	203	else
194	[ "${QUIET}" != "t" ] && ./ifpromisc -v \|\| ./ifpromisc -q	204	[ "${QUIET}" != "t" ] && ${IFPROMISC} -v \|\| ${IFPROMISC} -q
195	fi	205	fi
196	}	206	}
197		207
198	chkutmp() {	208	chkutmp() {
199	if [ ! -x ./chkutmp ]; then	209	if [ ! -x ${CHKUTMP} ]; then
200	echo "not tested: can't exec ./chkutmp"	210	echo "not tested: can't exec ${CHKUTMP}"
201	return ${NOT_TESTED}	211	return ${NOT_TESTED}
202	fi	212	fi
203	if ./chkutmp	213	if ${CHKUTMP}
204	then	214	then
205	if [ "${QUIET}" != "t" ]; then echo "chkutmp: nothing deleted"; fi	215	if [ "${QUIET}" != "t" ]; then echo "chkutmp: nothing deleted"; fi
206	fi	216	fi
Lines 208-215 Link Here
208	}	218	}
209		219
210	z2 () {	220	z2 () {
211	if [ ! -x ./chklastlog ]; then	221	if [ ! -x ${CHKLASTLOG} ]; then
212	echo "not tested: can't exec ./chklastlog"	222	echo "not tested: can't exec ${CHKLASTLOG}"
213	return ${NOT_TESTED}	223	return ${NOT_TESTED}
214	fi	224	fi
215		225
Lines 222-253 Link Here
222	fi	232	fi
223		233
224	if [ "${EXPERT}" = "t" ]; then	234	if [ "${EXPERT}" = "t" ]; then
225	expertmode_output "./chklastlog -f ${WTMP} -l ${LASTLOG}"	235	expertmode_output "${CHKLASTLOG} -f ${WTMP} -l ${LASTLOG}"
226	return 5	236	return 5
227	fi	237	fi
228		238
229	if ./chklastlog -f ${WTMP} -l ${LASTLOG}	239	if ${CHKLASTLOG} -f ${WTMP} -l ${LASTLOG}
230	then	240	then
231	if [ "${QUIET}" != "t" ]; then echo "chklastlog: nothing deleted"; fi	241	if [ "${QUIET}" != "t" ]; then echo "chklastlog: nothing deleted"; fi
232	fi	242	fi
233	}	243	}
234		244
235	wted () {	245	wted () {
236	if [ ! -x ./chkwtmp ]; then	246	if [ ! -x ${CHKWTMP} ]; then
237	echo "not tested: can't exec ./chkwtmp"	247	echo "not tested: can't exec ${CHKWTMP}"
238	return ${NOT_TESTED}	248	return ${NOT_TESTED}
239	fi	249	fi
240		250
241	if [ "$SYSTEM" = "SunOS" ]; then	251	if [ "$SYSTEM" = "SunOS" ]; then
242	if [ ! -x ./check_wtmpx ]; then	252	if [ ! -x ${CHECK_WTMPX} ]; then
243	echo "not tested: can't exec ./check_wtmpx"	253	echo "not tested: can't exec ${CHECK_WTMPX}"
244	else	254	else
245	if [ "${EXPERT}" = "t" ]; then	255	if [ "${EXPERT}" = "t" ]; then
246	expertmode_output "./check_wtmpx"	256	expertmode_output "${CHECK_WTMPX}"
247	return 5	257	return 5
248	fi	258	fi
249	if [ -f ${ROOTDIR}var/adm/wtmp ]; then	259	if [ -f ${ROOTDIR}var/adm/wtmp ]; then
250	if ./check_wtmpx	260	if ${CHECK_WTMPX}
251	then	261	then
252	if [ "${QUIET}" != "t" ]; then \	262	if [ "${QUIET}" != "t" ]; then \
253	echo "check_wtmpx: nothing deleted in /var/adm/wtmpx"; fi	263	echo "check_wtmpx: nothing deleted in /var/adm/wtmpx"; fi
Lines 258-269 Link Here
258	WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`	268	WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
259		269
260	if [ "${EXPERT}" = "t" ]; then	270	if [ "${EXPERT}" = "t" ]; then
261	expertmode_output "./chkwtmp -f ${WTMP}"	271	expertmode_output "${CHKWTMP} -f ${WTMP}"
262	return 5	272	return 5
263	fi	273	fi
264	fi	274	fi
265		275
266	if ./chkwtmp -f ${WTMP}	276	if ${CHKWTMP} -f ${WTMP}
267	then	277	then
268	if [ "${QUIET}" != "t" ]; then echo "chkwtmp: nothing deleted"; fi	278	if [ "${QUIET}" != "t" ]; then echo "chkwtmp: nothing deleted"; fi
269	fi	279	fi
Lines 301-308 Link Here
301	prog=""	311	prog=""
302	if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \	312	if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
303	`echo ${V} \| ${awk} '{ if ($1 > 4.3 \|\| $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then	313	`echo ${V} \| ${awk} '{ if ($1 > 4.3 \|\| $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
304	[ -x ./chkproc -a "`find /proc \| wc -l`" -gt 1 ] && prog="./chkproc"	314	[ -x ${CHKPROC} -a "`find /proc \| wc -l`" -gt 1 ] && prog="${CHKPROC}"
305	[ -x ./chkdirs ] && prog="$prog ./chkdirs"	315	[ -x ${CHKDIRS} ] && prog="$prog ${CHKDIRS}"
306	if [ "$prog" = "" ]; then	316	if [ "$prog" = "" ]; then
307	echo "not tested: can't exec $prog"	317	echo "not tested: can't exec $prog"
308	return ${NOT_TESTED}	318	return ${NOT_TESTED}
Lines 314-320 Link Here
314	PV=`$ps -V 2>/dev/null\| $cut -d " " -f 3 \|${awk} -F . '{ print $1 "." $2 $3 }' \| ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`	324	PV=`$ps -V 2>/dev/null\| $cut -d " " -f 3 \|${awk} -F . '{ print $1 "." $2 $3 }' \| ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
315	[ "$PV" = "" ] && PV=2	325	[ "$PV" = "" ] && PV=2
316	[ "${SYSTEM}" = "SunOS" ] && PV=0	326	[ "${SYSTEM}" = "SunOS" ] && PV=0
317	expertmode_output "./chkproc -v -v -p $PV"	327	expertmode_output "${CHKPROC} -v -v -p $PV"
318	return 5	328	return 5
319	fi	329	fi
320		330
Lines 341-347 Link Here
341	if [ "${DEBUG}" = "t" ]; then	351	if [ "${DEBUG}" = "t" ]; then
342	${echo} "* PV=$PV *"	352	${echo} "* PV=$PV *"
343	fi	353	fi
344	if ./chkproc -p ${PV}; then	354	if ${CHKPROC} -p ${PV}; then
345	if [ "${QUIET}" != "t" ]; then echo "chkproc: nothing detected"; fi	355	if [ "${QUIET}" != "t" ]; then echo "chkproc: nothing detected"; fi
346	else	356	else
347	echo "chkproc: Warning: Possible LKM Trojan installed"	357	echo "chkproc: Warning: Possible LKM Trojan installed"
Lines 350-356 Link Here
350	for i in /usr/share /usr/bin /usr/sbin /lib; do	360	for i in /usr/share /usr/bin /usr/sbin /lib; do
351	[ -d $i ] && dirs="$dirs $i"	361	[ -d $i ] && dirs="$dirs $i"
352	done	362	done
353	if ./chkdirs $dirs; then	363	if ${CHKDIRS} $dirs; then
354	if [ "${QUIET}" != "t" ]; then echo "chkdirs: nothing detected"; fi	364	if [ "${QUIET}" != "t" ]; then echo "chkdirs: nothing detected"; fi
355	else	365	else
356	echo "chkdirs: Warning: Possible LKM Trojan installed"	366	echo "chkdirs: Warning: Possible LKM Trojan installed"
Lines 529-535 Link Here
529	${egrep} "\.hk" ${ROOTDIR}etc/rc.d/init.d/network 2>/dev/null	539	${egrep} "\.hk" ${ROOTDIR}etc/rc.d/init.d/network 2>/dev/null
530		540
531	## Suckit rootkit	541	## Suckit rootkit
532	expertmode_output "${strings} ${ROOTDIR}sbin/init \| ${egrep} HOME"	542	expertmode_output "${STRINGS} ${ROOTDIR}sbin/init \| ${egrep} HOME"
533	expertmode_output "cat ${ROOTDIR}proc/1/maps \| ${egrep} init."	543	expertmode_output "cat ${ROOTDIR}proc/1/maps \| ${egrep} init."
534	expertmode_output "cat ${ROOTDIR}dev/.golf"	544	expertmode_output "cat ${ROOTDIR}dev/.golf"
535		545
Lines 986-992 Link Here
986	### Suckit	996	### Suckit
987	if [ -f ${ROOTDIR}sbin/init ]; then	997	if [ -f ${ROOTDIR}sbin/init ]; then
988	if [ "${QUIET}" != "t" ];then printn "Searching for Suckit rootkit... "; fi	998	if [ "${QUIET}" != "t" ];then printn "Searching for Suckit rootkit... "; fi
989	if [ ${SYSTEM} != "HP-UX" ] && ( ${strings} ${ROOTDIR}sbin/init \| ${egrep} 'HOME=' \|\| \	999	if [ ${SYSTEM} != "HP-UX" ] && ( ${STRINGS} ${ROOTDIR}sbin/init \| ${egrep} 'HOME=' \|\| \
990	cat ${ROOTDIR}/proc/1/maps \| ${egrep} "init." ) >/dev/null 2>&1	1000	cat ${ROOTDIR}/proc/1/maps \| ${egrep} "init." ) >/dev/null 2>&1
991	then	1001	then
992	echo "Warning: ${ROOTDIR}sbin/init INFECTED"	1002	echo "Warning: ${ROOTDIR}sbin/init INFECTED"
Lines 1286-1305 Link Here
1286	[ ${?} -ne 0 ] && return ${NOT_FOUND}	1296	[ ${?} -ne 0 ] && return ${NOT_FOUND}
1287		1297
1288	if [ "${EXPERT}" = "t" ]; then	1298	if [ "${EXPERT}" = "t" ]; then
1289	expertmode_output "${strings} -a ${CMD}"	1299	expertmode_output "${STRINGS} -a ${CMD}"
1290	return 5	1300	return 5
1291	fi	1301	fi
1292		1302
1293	case "${SYSTEM}" in	1303	case "${SYSTEM}" in
1294	Linux)	1304	Linux)
1295	if ${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" \	1305	if ${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
1296	>/dev/null 2>&1	1306	>/dev/null 2>&1
1297	then	1307	then
1298	STATUS=${INFECTED}	1308	STATUS=${INFECTED}
1299	fi;;	1309	fi;;
1300	FreeBSD)	1310	FreeBSD)
1301	[ `echo $V \| ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 \|\| n=2	1311	[ `echo $V \| ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 \|\| n=2
1302	if [ `${strings} -a ${CMD} \| \	1312	if [ `${STRINGS} -a ${CMD} \| \
1303	${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]	1313	${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
1304	then	1314	then
1305	STATUS=${INFECTED}	1315	STATUS=${INFECTED}
Lines 1316-1331 Link Here
1316	REDHAT_PAM_LABEL="NOT"	1326	REDHAT_PAM_LABEL="NOT"
1317		1327
1318	if [ "${EXPERT}" = "t" ]; then	1328	if [ "${EXPERT}" = "t" ]; then
1319	expertmode_output "${strings} -a ${CMD}"	1329	expertmode_output "${STRINGS} -a ${CMD}"
1320	return 5	1330	return 5
1321	fi	1331	fi
1322		1332
1323	case "${SYSTEM}" in	1333	case "${SYSTEM}" in
1324	Linux)	1334	Linux)
1325	if ${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" \	1335	if ${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
1326	>/dev/null 2>&1	1336	>/dev/null 2>&1
1327	then	1337	then
1328	if ${strings} -a ${CMD} \| ${egrep} "${REDHAT_PAM_LABEL}" \	1338	if ${STRINGS} -a ${CMD} \| ${egrep} "${REDHAT_PAM_LABEL}" \
1329	>/dev/null 2>&1	1339	>/dev/null 2>&1
1330	then	1340	then
1331	:	1341	:
Lines 1335-1341 Link Here
1335	fi;;	1345	fi;;
1336	FreeBSD)	1346	FreeBSD)
1337	[ `echo $V \| ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 \|\| n=2	1347	[ `echo $V \| ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 \|\| n=2
1338	if [ `${strings} -a ${CMD} \| ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]	1348	if [ `${STRINGS} -a ${CMD} \| ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
1339	then	1349	then
1340	STATUS=${INFECTED}	1350	STATUS=${INFECTED}
1341	fi;;	1351	fi;;
Lines 1348-1360 Link Here
1348	CMD=`loc login login $pth`	1358	CMD=`loc login login $pth`
1349		1359
1350	if [ "${EXPERT}" = "t" ]; then	1360	if [ "${EXPERT}" = "t" ]; then
1351	expertmode_output "${strings} -a ${CMD}"	1361	expertmode_output "${STRINGS} -a ${CMD}"
1352	return 5	1362	return 5
1353	fi	1363	fi
1354		1364
1355	if [ "$SYSTEM" = "SunOS" ]; then	1365	if [ "$SYSTEM" = "SunOS" ]; then
1356	TROJED_L_L="porcao\|/bin/xstat"	1366	TROJED_L_L="porcao\|/bin/xstat"
1357	if ${strings} -a ${CMD} \| ${egrep} "${TROJED_L_L}" >/dev/null 2>&1 ]; then	1367	if ${STRINGS} -a ${CMD} \| ${egrep} "${TROJED_L_L}" >/dev/null 2>&1 ]; then
1358	return ${INFECTED}	1368	return ${INFECTED}
1359	else	1369	else
1360	return ${NOT_TESTED}	1370	return ${NOT_TESTED}
Lines 1362-1368 Link Here
1362	fi	1372	fi
1363	GENERAL="^root$"	1373	GENERAL="^root$"
1364	TROJED_L_L="vejeta\|^xlogin\|^@$#$klogin\.c\|lets_log\|sukasuka\|/usr/lib/.ark?\|SucKIT\|cocola"	1374	TROJED_L_L="vejeta\|^xlogin\|^@$#$klogin\.c\|lets_log\|sukasuka\|/usr/lib/.ark?\|SucKIT\|cocola"
1365	ret=`${strings} -a ${CMD} \| ${egrep} -c "${GENERAL}"`	1375	ret=`${STRINGS} -a ${CMD} \| ${egrep} -c "${GENERAL}"`
1366	if [ ${ret} -gt 0 ]; then	1376	if [ ${ret} -gt 0 ]; then
1367	case ${ret} in	1377	case ${ret} in
1368	1) [ "${SYSTEM}" = "OpenBSD" -a `echo $V \| ${awk} '{ if ($1 < 2.7 \|\|	1378	1) [ "${SYSTEM}" = "OpenBSD" -a `echo $V \| ${awk} '{ if ($1 < 2.7 \|\|
Lines 1374-1380 Link Here
1374	*) STATUS=${INFECTED};;	1384	*) STATUS=${INFECTED};;
1375	esac	1385	esac
1376	fi	1386	fi
1377	if ${strings} -a ${CMD} \| ${egrep} "${TROJED_L_L}" 2>&1 >/dev/null	1387	if ${STRINGS} -a ${CMD} \| ${egrep} "${TROJED_L_L}" 2>&1 >/dev/null
1378	then	1388	then
1379	STATUS=${INFECTED}	1389	STATUS=${INFECTED}
1380	fi	1390	fi
Lines 1390-1396 Link Here
1390	fi	1400	fi
1391		1401
1392	if [ "${EXPERT}" = "t" ]; then	1402	if [ "${EXPERT}" = "t" ]; then
1393	expertmode_output "${strings} -a ${CMD}"	1403	expertmode_output "${STRINGS} -a ${CMD}"
1394	fi	1404	fi
1395		1405
1396	if [ "${SYSTEM}" = "OpenBSD" -o "${SYSTEM}" = "SunOS" -o "${SYSTEM}" \	1406	if [ "${SYSTEM}" = "OpenBSD" -o "${SYSTEM}" = "SunOS" -o "${SYSTEM}" \
Lines 1398-1404 Link Here
1398	then	1408	then
1399	return ${NOT_TESTED}	1409	return ${NOT_TESTED}
1400	fi	1410	fi
1401	if ${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}\|/lib/security" \	1411	if ${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}\|/lib/security" \
1402	>/dev/null 2>&1	1412	>/dev/null 2>&1
1403	then	1413	then
1404	STATUS=${INFECTED}	1414	STATUS=${INFECTED}
Lines 1416-1426 Link Here
1416	fi	1426	fi
1417		1427
1418	if [ "${EXPERT}" = "t" ]; then	1428	if [ "${EXPERT}" = "t" ]; then
1419	expertmode_output "${strings} -a ${CMD}"	1429	expertmode_output "${STRINGS} -a ${CMD}"
1420	return 5	1430	return 5
1421	fi	1431	fi
1422		1432
1423	if ${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" \	1433	if ${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
1424	>/dev/null 2>&1	1434	>/dev/null 2>&1
1425	then	1435	then
1426	STATUS=${INFECTED}	1436	STATUS=${INFECTED}
Lines 1439-1449 Link Here
1439	fi	1449	fi
1440		1450
1441	if [ "${EXPERT}" = "t" ]; then	1451	if [ "${EXPERT}" = "t" ]; then
1442	expertmode_output "${strings} -a ${CMD}"	1452	expertmode_output "${STRINGS} -a ${CMD}"
1443	return 5	1453	return 5
1444	fi	1454	fi
1445		1455
1446	if ${strings} -a ${CMD} \| ${egrep} "${SYSLOG_I_L}" >/dev/null 2>&1	1456	if ${STRINGS} -a ${CMD} \| ${egrep} "${SYSLOG_I_L}" >/dev/null 2>&1
1447	then	1457	then
1448	STATUS=${INFECTED}	1458	STATUS=${INFECTED}
1449	fi	1459	fi
Lines 1460-1470 Link Here
1460	fi	1470	fi
1461		1471
1462	if [ "${EXPERT}" = "t" ]; then	1472	if [ "${EXPERT}" = "t" ]; then
1463	expertmode_output "${strings} -a ${CMD}"	1473	expertmode_output "${STRINGS} -a ${CMD}"
1464	return 5	1474	return 5
1465	fi	1475	fi
1466		1476
1467	if ${strings} -a ${CMD} \| ${egrep} "${HDPARM_INFECTED_LABEL}" \	1477	if ${STRINGS} -a ${CMD} \| ${egrep} "${HDPARM_INFECTED_LABEL}" \
1468	>/dev/null 2>&1	1478	>/dev/null 2>&1
1469	then	1479	then
1470	STATUS=${INFECTED}	1480	STATUS=${INFECTED}
Lines 1482-1492 Link Here
1482	fi	1492	fi
1483		1493
1484	if [ "${EXPERT}" = "t" ]; then	1494	if [ "${EXPERT}" = "t" ]; then
1485	expertmode_output "${strings} -a ${CMD}"	1495	expertmode_output "${STRINGS} -a ${CMD}"
1486	return 5	1496	return 5
1487	fi	1497	fi
1488		1498
1489	if ${strings} -a ${CMD} \| ${egrep} "${GPM_INFECTED_LABEL}" \	1499	if ${STRINGS} -a ${CMD} \| ${egrep} "${GPM_INFECTED_LABEL}" \
1490	>/dev/null 2>&1	1500	>/dev/null 2>&1
1491	then	1501	then
1492	STATUS=${INFECTED}	1502	STATUS=${INFECTED}
Lines 1504-1514 Link Here
1504	fi	1514	fi
1505		1515
1506	if [ "${EXPERT}" = "t" ]; then	1516	if [ "${EXPERT}" = "t" ]; then
1507	expertmode_output "${strings} -a ${CMD}"	1517	expertmode_output "${STRINGS} -a ${CMD}"
1508	return 5	1518	return 5
1509	fi	1519	fi
1510		1520
1511	if ${strings} -a ${CMD} \| ${egrep} "${MINGETTY_INFECTED_LABEL}" \	1521	if ${STRINGS} -a ${CMD} \| ${egrep} "${MINGETTY_INFECTED_LABEL}" \
1512	>/dev/null 2>&1	1522	>/dev/null 2>&1
1513	then	1523	then
1514	STATUS=${INFECTED}	1524	STATUS=${INFECTED}
Lines 1526-1536 Link Here
1526	fi	1536	fi
1527		1537
1528	if [ "${EXPERT}" = "t" ]; then	1538	if [ "${EXPERT}" = "t" ]; then
1529	expertmode_output "${strings} -a ${CMD}"	1539	expertmode_output "${STRINGS} -a ${CMD}"
1530	return 5	1540	return 5
1531	fi	1541	fi
1532		1542
1533	if ${strings} -a ${CMD} \| ${egrep} "${SENDMAIL_INFECTED_LABEL}" \	1543	if ${STRINGS} -a ${CMD} \| ${egrep} "${SENDMAIL_INFECTED_LABEL}" \
1534	>/dev/null 2>&1	1544	>/dev/null 2>&1
1535	then	1545	then
1536	STATUS=${INFECTED}	1546	STATUS=${INFECTED}
Lines 1544-1554 Link Here
1544	CMD=`loc ls ls $pth`	1554	CMD=`loc ls ls $pth`
1545		1555
1546	if [ "${EXPERT}" = "t" ]; then	1556	if [ "${EXPERT}" = "t" ]; then
1547	expertmode_output "${strings} -a ${CMD}"	1557	expertmode_output "${STRINGS} -a ${CMD}"
1548	return 5	1558	return 5
1549	fi	1559	fi
1550		1560
1551	if ${strings} -a ${CMD} \| ${egrep} "${LS_INFECTED_LABEL}" >/dev/null 2>&1	1561	if ${STRINGS} -a ${CMD} \| ${egrep} "${LS_INFECTED_LABEL}" >/dev/null 2>&1
1552	then	1562	then
1553	STATUS=${INFECTED}	1563	STATUS=${INFECTED}
1554	fi	1564	fi
Lines 1561-1571 Link Here
1561	CMD=`loc du du $pth`	1571	CMD=`loc du du $pth`
1562		1572
1563	if [ "${EXPERT}" = "t" ]; then	1573	if [ "${EXPERT}" = "t" ]; then
1564	expertmode_output "${strings} -a ${CMD}"	1574	expertmode_output "${STRINGS} -a ${CMD}"
1565	return 5	1575	return 5
1566	fi	1576	fi
1567		1577
1568	if ${strings} -a ${CMD} \| ${egrep} "${DU_INFECTED_LABEL}" >/dev/null 2>&1	1578	if ${STRINGS} -a ${CMD} \| ${egrep} "${DU_INFECTED_LABEL}" >/dev/null 2>&1
1569	then	1579	then
1570	STATUS=${INFECTED}	1580	STATUS=${INFECTED}
1571	fi	1581	fi
Lines 1585-1595 Link Here
1585	fi	1595	fi
1586		1596
1587	if [ "${EXPERT}" = "t" ]; then	1597	if [ "${EXPERT}" = "t" ]; then
1588	expertmode_output "${strings} -a ${CMD}"	1598	expertmode_output "${STRINGS} -a ${CMD}"
1589	return 5	1599	return 5
1590	fi	1600	fi
1591		1601
1592	if ${strings} -a ${CMD} \| ${egrep} "${NAMED_I_L}" \	1602	if ${STRINGS} -a ${CMD} \| ${egrep} "${NAMED_I_L}" \
1593	>/dev/null 2>&1	1603	>/dev/null 2>&1
1594	then	1604	then
1595	STATUS=${INFECTED}	1605	STATUS=${INFECTED}
Lines 1603-1613 Link Here
1603	CMD=`loc netstat netstat $pth`	1613	CMD=`loc netstat netstat $pth`
1604		1614
1605	if [ "${EXPERT}" = "t" ]; then	1615	if [ "${EXPERT}" = "t" ]; then
1606	expertmode_output "${strings} -a ${CMD}"	1616	expertmode_output "${STRINGS} -a ${CMD}"
1607	return 5	1617	return 5
1608	fi	1618	fi
1609		1619
1610	if ${strings} -a ${CMD} \| ${egrep} "${NETSTAT_I_L}" \	1620	if ${STRINGS} -a ${CMD} \| ${egrep} "${NETSTAT_I_L}" \
1611	>/dev/null 2>&1	1621	>/dev/null 2>&1
1612	then	1622	then
1613	STATUS=${INFECTED}	1623	STATUS=${INFECTED}
Lines 1622-1632 Link Here
1622	CMD=`loc ps ps $pth`	1632	CMD=`loc ps ps $pth`
1623		1633
1624	if [ "${EXPERT}" = "t" ]; then	1634	if [ "${EXPERT}" = "t" ]; then
1625	expertmode_output "${strings} -a ${CMD}"	1635	expertmode_output "${STRINGS} -a ${CMD}"
1626	return 5	1636	return 5
1627	fi	1637	fi
1628		1638
1629	if ${strings} -a ${CMD} \| ${egrep} "${PS_I_L}" >/dev/null 2>&1	1639	if ${STRINGS} -a ${CMD} \| ${egrep} "${PS_I_L}" >/dev/null 2>&1
1630	then	1640	then
1631	STATUS=${INFECTED}	1641	STATUS=${INFECTED}
1632	fi	1642	fi
Lines 1644-1654 Link Here
1644	fi	1654	fi
1645		1655
1646	if [ "${EXPERT}" = "t" ]; then	1656	if [ "${EXPERT}" = "t" ]; then
1647	expertmode_output "${strings} -a ${CMD}"	1657	expertmode_output "${STRINGS} -a ${CMD}"
1648	return 5	1658	return 5
1649	fi	1659	fi
1650		1660
1651	if ${strings} -a ${CMD} \| ${egrep} "${PSTREE_INFECTED_LABEL}" >/dev/null 2>&1	1661	if ${STRINGS} -a ${CMD} \| ${egrep} "${PSTREE_INFECTED_LABEL}" >/dev/null 2>&1
1652	then	1662	then
1653	STATUS=${INFECTED}	1663	STATUS=${INFECTED}
1654	fi	1664	fi
Lines 1671-1677 Link Here
1671	return 5	1681	return 5
1672	fi	1682	fi
1673	# slackware's crontab have a bug	1683	# slackware's crontab have a bug
1674	if ( ${CMD} -l -u nobody \| $egrep [0-9] ) >/dev/null 2>&1 ; then	1684	if [ -n "$(${CMD} -l -u nobody 2>/dev/null \| ${egrep} [0-9] 2>/dev/null)" ]; then
1675	${echo} "Warning: crontab for nobody found, possible Lupper.Worm... "	1685	${echo} "Warning: crontab for nobody found, possible Lupper.Worm... "
1676	if ${CMD} -l -u nobody 2>/dev/null \| ${egrep} $CRONTAB_I_L >/dev/null 2>&1	1686	if ${CMD} -l -u nobody 2>/dev/null \| ${egrep} $CRONTAB_I_L >/dev/null 2>&1
1677	then	1687	then
Lines 1693-1703 Link Here
1693	fi	1703	fi
1694		1704
1695	if [ "${EXPERT}" = "t" ]; then	1705	if [ "${EXPERT}" = "t" ]; then
1696	expertmode_output "${strings} -a ${CMD}"	1706	expertmode_output "${STRINGS} -a ${CMD}"
1697	return 5	1707	return 5
1698	fi	1708	fi
1699		1709
1700	if ${strings} -a ${CMD} \| ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1	1710	if ${STRINGS} -a ${CMD} \| ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
1701	then	1711	then
1702	STATUS=${INFECTED}	1712	STATUS=${INFECTED}
1703	fi	1713	fi
Lines 1715-1725 Link Here
1715	fi	1725	fi
1716		1726
1717	if [ "${EXPERT}" = "t" ]; then	1727	if [ "${EXPERT}" = "t" ]; then
1718	expertmode_output "${strings} -a ${CMD}"	1728	expertmode_output "${STRINGS} -a ${CMD}"
1719	return 5	1729	return 5
1720	fi	1730	fi
1721		1731
1722	if ${strings} -a ${CMD} \| ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1	1732	if ${STRINGS} -a ${CMD} \| ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
1723	then	1733	then
1724	STATUS=${INFECTED}	1734	STATUS=${INFECTED}
1725	fi	1735	fi
Lines 1737-1747 Link Here
1737	fi	1747	fi
1738		1748
1739	if [ "${EXPERT}" = "t" ]; then	1749	if [ "${EXPERT}" = "t" ]; then
1740	expertmode_output "${strings} -a ${CMD}"	1750	expertmode_output "${STRINGS} -a ${CMD}"
1741	return 5	1751	return 5
1742	fi	1752	fi
1743		1753
1744	if ${strings} -a ${CMD} \| ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1	1754	if ${STRINGS} -a ${CMD} \| ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
1745	then	1755	then
1746	STATUS=${INFECTED}	1756	STATUS=${INFECTED}
1747	fi	1757	fi
Lines 1754-1771 Link Here
1754		1764
1755	if [ "${SYSTEM}" = "Linux" ]	1765	if [ "${SYSTEM}" = "Linux" ]
1756	then	1766	then
1757	if [ ! -x ./strings-static ]; then	1767	if [ ! -x ${STRINGS} ]; then
1758	printn "can't exec ./strings-static, "	1768	printn "can't exec ${STRINGS}, "
1759	return ${NOT_TESTED}	1769	return ${NOT_TESTED}
1760	fi	1770	fi
1761		1771
1762	if [ "${EXPERT}" = "t" ]; then	1772	if [ "${EXPERT}" = "t" ]; then
1763	expertmode_output "./strings-static -a ${CMD}"	1773	expertmode_output "${STRINGS} -a ${CMD}"
1764	return 5	1774	return 5
1765	fi	1775	fi
1766		1776
1767	### strings must be a statically linked binary.	1777	### strings must be a statically linked binary.
1768	if ./strings-static -a ${CMD} > /dev/null 2>&1	1778	if ${STRINGS} -a ${CMD} > /dev/null 2>&1
1769	then	1779	then
1770	STATUS=${INFECTED}	1780	STATUS=${INFECTED}
1771	fi	1781	fi
Lines 1780-1790 Link Here
1780	CMD=`loc basename basename $pth`	1790	CMD=`loc basename basename $pth`
1781		1791
1782	if [ "${EXPERT}" = "t" ]; then	1792	if [ "${EXPERT}" = "t" ]; then
1783	expertmode_output "${strings} -a ${CMD}"	1793	expertmode_output "${STRINGS} -a ${CMD}"
1784	expertmode_output "${ls} -l ${CMD}"	1794	expertmode_output "${ls} -l ${CMD}"
1785	return 5	1795	return 5
1786	fi	1796	fi
1787	if ${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1	1797	if ${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
1788	then	1798	then
1789	STATUS=${INFECTED}	1799	STATUS=${INFECTED}
1790	fi	1800	fi
Lines 1804-1814 Link Here
1804	CMD=`loc dirname dirname $pth`	1814	CMD=`loc dirname dirname $pth`
1805		1815
1806	if [ "${EXPERT}" = "t" ]; then	1816	if [ "${EXPERT}" = "t" ]; then
1807	expertmode_output "${strings} -a ${CMD}"	1817	expertmode_output "${STRINGS} -a ${CMD}"
1808	expertmode_output "${ls} -l ${CMD}"	1818	expertmode_output "${ls} -l ${CMD}"
1809	return 5	1819	return 5
1810	fi	1820	fi
1811	if ${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1	1821	if ${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
1812	then	1822	then
1813	STATUS=${INFECTED}	1823	STATUS=${INFECTED}
1814	fi	1824	fi
Lines 1829-1839 Link Here
1829	fi	1839	fi
1830		1840
1831	if [ "${EXPERT}" = "t" ]; then	1841	if [ "${EXPERT}" = "t" ]; then
1832	expertmode_output "${strings} -a ${CMD}"	1842	expertmode_output "${STRINGS} -a ${CMD}"
1833	return 5	1843	return 5
1834	fi	1844	fi
1835		1845
1836	if ${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1	1846	if ${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
1837	then	1847	then
1838	STATUS=${INFECTED}	1848	STATUS=${INFECTED}
1839	fi	1849	fi
Lines 1850-1861 Link Here
1850	fi	1860	fi
1851		1861
1852	if [ "${EXPERT}" = "t" ]; then	1862	if [ "${EXPERT}" = "t" ]; then
1853	expertmode_output "${strings} -a ${CMD}"	1863	expertmode_output "${STRINGS} -a ${CMD}"
1854	expertmode_output "${ls} -l ${CMD}"	1864	expertmode_output "${ls} -l ${CMD}"
1855	return 5	1865	return 5
1856	fi	1866	fi
1857		1867
1858	if ${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1	1868	if ${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
1859	then	1869	then
1860	STATUS=${INFECTED}	1870	STATUS=${INFECTED}
1861	fi	1871	fi
Lines 1872-1891 Link Here
1872	CMD=`loc date date $pth`	1882	CMD=`loc date date $pth`
1873		1883
1874	if [ "${EXPERT}" = "t" ]; then	1884	if [ "${EXPERT}" = "t" ]; then
1875	expertmode_output "${strings} -a ${CMD}"	1885	expertmode_output "${STRINGS} -a ${CMD}"
1876	expertmode_output "${ls} -l ${CMD}"	1886	expertmode_output "${ls} -l ${CMD}"
1877	return 5	1887	return 5
1878	fi	1888	fi
1879	[ "${SYSTEM}" = "FreeBSD" -a `echo $V \| ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&	1889	[ "${SYSTEM}" = "FreeBSD" -a `echo $V \| ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&
1880	{	1890	{
1881	N=`${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" \| \	1891	N=`${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" \| \
1882	${egrep} -c "$S_L"`	1892	${egrep} -c "$S_L"`
1883	if [ ${N} -ne 2 -a ${N} -ne 0 ]; then	1893	if [ ${N} -ne 2 -a ${N} -ne 0 ]; then
1884	STATUS=${INFECTED}	1894	STATUS=${INFECTED}
1885	fi	1895	fi
1886	} \|\|	1896	} \|\|
1887	{	1897	{
1888	if ${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" 2>&1	1898	if ${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" 2>&1
1889	then	1899	then
1890	STATUS=${INFECTED}	1900	STATUS=${INFECTED}
1891	fi	1901	fi
Lines 1902-1913 Link Here
1902	CMD=`loc echo echo $pth`	1912	CMD=`loc echo echo $pth`
1903		1913
1904	if [ "${EXPERT}" = "t" ]; then	1914	if [ "${EXPERT}" = "t" ]; then
1905	expertmode_output "${strings} -a ${CMD}"	1915	expertmode_output "${STRINGS} -a ${CMD}"
1906	expertmode_output "${ls} -l ${CMD}"	1916	expertmode_output "${ls} -l ${CMD}"
1907	return 5	1917	return 5
1908	fi	1918	fi
1909		1919
1910	if ${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1	1920	if ${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
1911	then	1921	then
1912	STATUS=${INFECTED}	1922	STATUS=${INFECTED}
1913	fi	1923	fi
Lines 1923-1934 Link Here
1923	CMD=`loc env env $pth`	1933	CMD=`loc env env $pth`
1924		1934
1925	if [ "${EXPERT}" = "t" ]; then	1935	if [ "${EXPERT}" = "t" ]; then
1926	expertmode_output "${strings} -a ${CMD}"	1936	expertmode_output "${STRINGS} -a ${CMD}"
1927	expertmode_output "${ls} -l ${CMD}"	1937	expertmode_output "${ls} -l ${CMD}"
1928	return 5	1938	return 5
1929	fi	1939	fi
1930		1940
1931	if ${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1	1941	if ${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
1932	then	1942	then
1933	STATUS=${INFECTED}	1943	STATUS=${INFECTED}
1934	fi	1944	fi
Lines 1950-1960 Link Here
1950	fi	1960	fi
1951	fi	1961	fi
1952	if [ "${EXPERT}" = "t" ]; then	1962	if [ "${EXPERT}" = "t" ]; then
1953	expertmode_output "${strings} -a ${CMD}"	1963	expertmode_output "${STRINGS} -a ${CMD}"
1954	return 5	1964	return 5
1955	fi	1965	fi
1956		1966
1957	if ${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1	1967	if ${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
1958	then	1968	then
1959	STATUS=${INFECTED}	1969	STATUS=${INFECTED}
1960	fi	1970	fi
Lines 1968-1978 Link Here
1968	return ${NOT_FOUND}	1978	return ${NOT_FOUND}
1969	fi	1979	fi
1970	if [ "${EXPERT}" = "t" ]; then	1980	if [ "${EXPERT}" = "t" ]; then
1971	expertmode_output "${strings} -a ${CMD}"	1981	expertmode_output "${STRINGS} -a ${CMD}"
1972	return 5	1982	return 5
1973	fi	1983	fi
1974		1984
1975	if ${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1	1985	if ${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
1976	then	1986	then
1977	STATUS=${INFECTED}	1987	STATUS=${INFECTED}
1978	fi	1988	fi
Lines 1987-1997 Link Here
1987	return ${NOT_FOUND}	1997	return ${NOT_FOUND}
1988	fi	1998	fi
1989	if [ "${EXPERT}" = "t" ]; then	1999	if [ "${EXPERT}" = "t" ]; then
1990	expertmode_output "${strings} -a ${CMD}"	2000	expertmode_output "${STRINGS} -a ${CMD}"
1991	return 5	2001	return 5
1992	fi	2002	fi
1993		2003
1994	if ${strings} -a ${CMD} \| ${egrep} "${INIT_INFECTED_LABEL}" > /dev/null 2>&1	2004	if ${STRINGS} -a ${CMD} \| ${egrep} "${INIT_INFECTED_LABEL}" > /dev/null 2>&1
1995	then	2005	then
1996	STATUS=${INFECTED}	2006	STATUS=${INFECTED}
1997	fi	2007	fi
Lines 2005-2015 Link Here
2005	return ${NOT_FOUND}	2015	return ${NOT_FOUND}
2006	fi	2016	fi
2007	if [ "${EXPERT}" = "t" ]; then	2017	if [ "${EXPERT}" = "t" ]; then
2008	expertmode_output "${strings} -a ${CMD}"	2018	expertmode_output "${STRINGS} -a ${CMD}"
2009	return 5	2019	return 5
2010	fi	2020	fi
2011		2021
2012	if ${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1	2022	if ${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
2013	then	2023	then
2014	STATUS=${INFECTED}	2024	STATUS=${INFECTED}
2015	fi	2025	fi
Lines 2023-2033 Link Here
2023	return ${NOT_FOUND}	2033	return ${NOT_FOUND}
2024	fi	2034	fi
2025	if [ "${EXPERT}" = "t" ]; then	2035	if [ "${EXPERT}" = "t" ]; then
2026	expertmode_output "${strings} -a ${CMD}"	2036	expertmode_output "${STRINGS} -a ${CMD}"
2027	return 5	2037	return 5
2028	fi	2038	fi
2029		2039
2030	if ${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1	2040	if ${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
2031	then	2041	then
2032	STATUS=${INFECTED}	2042	STATUS=${INFECTED}
2033	fi	2043	fi
Lines 2039-2050 Link Here
2039	CMD=`loc write write $pth`	2049	CMD=`loc write write $pth`
2040	WRITE_ROOTKIT_LABEL="bash\|elite$\|vejeta\|\.ark"	2050	WRITE_ROOTKIT_LABEL="bash\|elite$\|vejeta\|\.ark"
2041	if [ "${EXPERT}" = "t" ]; then	2051	if [ "${EXPERT}" = "t" ]; then
2042	expertmode_output "${strings} -a ${CMD}"	2052	expertmode_output "${STRINGS} -a ${CMD}"
2043	expertmode_output "${ls} -l ${CMD}"	2053	expertmode_output "${ls} -l ${CMD}"
2044	return 5	2054	return 5
2045	fi	2055	fi
2046		2056
2047	if ${strings} -a ${CMD} \| ${egrep} "${WRITE_ROOTKIT_LABEL}" \| grep -v locale > /dev/null 2>&1	2057	if ${STRINGS} -a ${CMD} \| ${egrep} "${WRITE_ROOTKIT_LABEL}" \| grep -v locale > /dev/null 2>&1
2048	then	2058	then
2049	STATUS=${INFECTED}	2059	STATUS=${INFECTED}
2050	fi	2060	fi
Lines 2061-2071 Link Here
2061	W_INFECTED_LABEL="uname -a"	2071	W_INFECTED_LABEL="uname -a"
2062		2072
2063	if [ "${EXPERT}" = "t" ]; then	2073	if [ "${EXPERT}" = "t" ]; then
2064	expertmode_output "${strings} -a ${CMD}"	2074	expertmode_output "${STRINGS} -a ${CMD}"
2065	expertmode_output "${ls} -l ${CMD}"	2075	expertmode_output "${ls} -l ${CMD}"
2066	return 5	2076	return 5
2067	fi	2077	fi
2068	if ${strings} -a ${CMD} \| ${egrep} "${W_INFECTED_LABEL}" > /dev/null 2>&1	2078	if ${STRINGS} -a ${CMD} \| ${egrep} "${W_INFECTED_LABEL}" > /dev/null 2>&1
2069	then	2079	then
2070	STATUS=${INFECTED}	2080	STATUS=${INFECTED}
2071	fi	2081	fi
Lines 2081-2091 Link Here
2081	fi	2091	fi
2082		2092
2083	if [ "${EXPERT}" = "t" ]; then	2093	if [ "${EXPERT}" = "t" ]; then
2084	expertmode_output "${strings} -a ${CMD}"	2094	expertmode_output "${STRINGS} -a ${CMD}"
2085	expertmode_output "${ls} -l ${CMD}"	2095	expertmode_output "${ls} -l ${CMD}"
2086	return 5	2096	return 5
2087	fi	2097	fi
2088	if ${strings} -a ${CMD} \| ${egrep} "${VDIR_INFECTED_LABEL}" > /dev/null 2>&1	2098	if ${STRINGS} -a ${CMD} \| ${egrep} "${VDIR_INFECTED_LABEL}" > /dev/null 2>&1
2089	then	2099	then
2090	STATUS=${INFECTED}	2100	STATUS=${INFECTED}
2091	fi	2101	fi
Lines 2117-2123 Link Here
2117	fi	2127	fi
2118		2128
2119	if [ "${EXPERT}" = "t" ]; then	2129	if [ "${EXPERT}" = "t" ]; then
2120	expertmode_output "${strings} -a ${CMD}"	2130	expertmode_output "${STRINGS} -a ${CMD}"
2121	return 5	2131	return 5
2122	fi	2132	fi
2123	STATUS=${INFECTED}	2133	STATUS=${INFECTED}
Lines 2137-2148 Link Here
2137	MAIL_INFECTED_LABEL="sh -i"	2147	MAIL_INFECTED_LABEL="sh -i"
2138		2148
2139	if [ "${EXPERT}" = "t" ]; then	2149	if [ "${EXPERT}" = "t" ]; then
2140	expertmode_output "${strings} -a ${CMD}"	2150	expertmode_output "${STRINGS} -a ${CMD}"
2141	expertmode_output "${ls} -l ${CMD}"	2151	expertmode_output "${ls} -l ${CMD}"
2142	return 5	2152	return 5
2143	fi	2153	fi
2144		2154
2145	if ${strings} -a ${CMD} \| ${egrep} "${MAIL_INFECTED_LABEL}" > /dev/null 2>&1	2155	if ${STRINGS} -a ${CMD} \| ${egrep} "${MAIL_INFECTED_LABEL}" > /dev/null 2>&1
2146	then	2156	then
2147	STATUS=${INFECTED}	2157	STATUS=${INFECTED}
2148	fi	2158	fi
Lines 2162-2173 Link Here
2162	fi	2172	fi
2163		2173
2164	if [ "${EXPERT}" = "t" ]; then	2174	if [ "${EXPERT}" = "t" ]; then
2165	expertmode_output "${strings} -a ${CMD}"	2175	expertmode_output "${STRINGS} -a ${CMD}"
2166	expertmode_output "${ls} -l ${CMD}"	2176	expertmode_output "${ls} -l ${CMD}"
2167	return 5	2177	return 5
2168	fi	2178	fi
2169		2179
2170	if ${strings} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1	2180	if ${STRINGS} -a ${CMD} \| ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
2171	then	2181	then
2172	STATUS=${INFECTED}	2182	STATUS=${INFECTED}
2173	fi	2183	fi
Lines 2184-2194 Link Here
2184	CMD=`loc egrep egrep $pth`	2194	CMD=`loc egrep egrep $pth`
2185		2195
2186	if [ "${EXPERT}" = "t" ]; then	2196	if [ "${EXPERT}" = "t" ]; then
2187	expertmode_output "${strings} -a ${CMD}"	2197	expertmode_output "${STRINGS} -a ${CMD}"
2188	expertmode_output "${ls} -l ${CMD}"	2198	expertmode_output "${ls} -l ${CMD}"
2189	return 5	2199	return 5
2190	fi	2200	fi
2191	if ${strings} -a ${CMD} \| ${egrep} "${EGREP_INFECTED_LABEL}" > /dev/null 2>&1	2201	if ${STRINGS} -a ${CMD} \| ${egrep} "${EGREP_INFECTED_LABEL}" > /dev/null 2>&1
2192	then	2202	then
2193	STATUS=${INFECTED}	2203	STATUS=${INFECTED}
2194	fi	2204	fi
Lines 2201-2212 Link Here
2201	CMD=`loc grep grep $pth`	2211	CMD=`loc grep grep $pth`
2202		2212
2203	if [ "${EXPERT}" = "t" ]; then	2213	if [ "${EXPERT}" = "t" ]; then
2204	expertmode_output "${strings} -a ${CMD}"	2214	expertmode_output "${STRINGS} -a ${CMD}"
2205	expertmode_output "${ls} -l ${CMD}"	2215	expertmode_output "${ls} -l ${CMD}"
2206	return 5	2216	return 5
2207	fi	2217	fi
2208		2218
2209	if ${strings} -a ${CMD} \| ${egrep} "${GREP_INFECTED_LABEL}" > /dev/null 2>&1	2219	if ${STRINGS} -a ${CMD} \| ${egrep} "${GREP_INFECTED_LABEL}" > /dev/null 2>&1
2210	then	2220	then
2211	STATUS=${INFECTED}	2221	STATUS=${INFECTED}
2212	fi	2222	fi
Lines 2228-2238 Link Here
2228	fi	2238	fi
2229		2239
2230	if [ "${EXPERT}" = "t" ]; then	2240	if [ "${EXPERT}" = "t" ]; then
2231	expertmode_output "${strings} -a ${CMD}"	2241	expertmode_output "${STRINGS} -a ${CMD}"
2232	return 5	2242	return 5
2233	fi	2243	fi
2234		2244
2235	if ${strings} -a ${CMD} \| ${egrep} "${FIND_INFECTED_LABEL}" >/dev/null 2>&1	2245	if ${STRINGS} -a ${CMD} \| ${egrep} "${FIND_INFECTED_LABEL}" >/dev/null 2>&1
2236	then	2246	then
2237	STATUS=${INFECTED}	2247	STATUS=${INFECTED}
2238	fi	2248	fi
Lines 2250-2259 Link Here
2250	fi	2260	fi
2251	fi	2261	fi
2252	if [ "${EXPERT}" = "t" ]; then	2262	if [ "${EXPERT}" = "t" ]; then
2253	expertmode_output "${strings} -a ${CMD}"	2263	expertmode_output "${STRINGS} -a ${CMD}"
2254	return 5	2264	return 5
2255	fi	2265	fi
2256	if ${strings} -a ${CMD} \| ${egrep} "${RLOGIN_INFECTED_LABEL}" >/dev/null 2>&1	2266	if ${STRINGS} -a ${CMD} \| ${egrep} "${RLOGIN_INFECTED_LABEL}" >/dev/null 2>&1
2257	then	2267	then
2258	STATUS=${INFECTED}	2268	STATUS=${INFECTED}
2259	fi	2269	fi
Lines 2268-2277 Link Here
2268	return ${NOT_FOUND}	2278	return ${NOT_FOUND}
2269	fi	2279	fi
2270	if [ "${EXPERT}" = "t" ]; then	2280	if [ "${EXPERT}" = "t" ]; then
2271	expertmode_output "${strings} -a ${CMD}"	2281	expertmode_output "${STRINGS} -a ${CMD}"
2272	return 5	2282	return 5
2273	fi	2283	fi
2274	if ${strings} -a ${CMD} \| ${egrep} "${LSOF_INFECTED_LABEL}" >/dev/null 2>&1	2284	if ${STRINGS} -a ${CMD} \| ${egrep} "${LSOF_INFECTED_LABEL}" >/dev/null 2>&1
2275	then	2285	then
2276	STATUS=${INFECTED}	2286	STATUS=${INFECTED}
2277	fi	2287	fi
Lines 2286-2295 Link Here
2286	return ${NOT_FOUND}	2296	return ${NOT_FOUND}
2287	fi	2297	fi
2288	if [ "${EXPERT}" = "t" ]; then	2298	if [ "${EXPERT}" = "t" ]; then
2289	expertmode_output "${strings} -a ${CMD}"	2299	expertmode_output "${STRINGS} -a ${CMD}"
2290	return 5	2300	return 5
2291	fi	2301	fi
2292	if ${strings} -a ${CMD} \| ${egrep} "${AMD_INFECTED_LABEL}" >/dev/null 2>&1	2302	if ${STRINGS} -a ${CMD} \| ${egrep} "${AMD_INFECTED_LABEL}" >/dev/null 2>&1
2293	then	2303	then
2294	STATUS=${INFECTED}	2304	STATUS=${INFECTED}
2295	fi	2305	fi
Lines 2304-2313 Link Here
2304	return ${NOT_FOUND}	2314	return ${NOT_FOUND}
2305	fi	2315	fi
2306	if [ "${EXPERT}" = "t" ]; then	2316	if [ "${EXPERT}" = "t" ]; then
2307	expertmode_output "${strings} -a ${CMD}"	2317	expertmode_output "${STRINGS} -a ${CMD}"
2308	return 5	2318	return 5
2309	fi	2319	fi
2310	if ${strings} -a ${CMD} \| ${egrep} "${SLOGIN_INFECTED_LABEL}" >/dev/null 2>&1	2320	if ${STRINGS} -a ${CMD} \| ${egrep} "${SLOGIN_INFECTED_LABEL}" >/dev/null 2>&1
2311	then	2321	then
2312	STATUS=${INFECTED}	2322	STATUS=${INFECTED}
2313	fi	2323	fi
Lines 2326-2335 Link Here
2326	return ${NOT_FOUND}	2336	return ${NOT_FOUND}
2327	fi	2337	fi
2328	if [ "${EXPERT}" = "t" ]; then	2338	if [ "${EXPERT}" = "t" ]; then
2329	expertmode_output "${strings} -a ${CMD}"	2339	expertmode_output "${STRINGS} -a ${CMD}"
2330	return 5	2340	return 5
2331	fi	2341	fi
2332	if ${strings} -a ${CMD} \| ${egrep} "${CRON_INFECTED_LABEL}" >/dev/null 2>&1	2342	if ${STRINGS} -a ${CMD} \| ${egrep} "${CRON_INFECTED_LABEL}" >/dev/null 2>&1
2333	then	2343	then
2334	STATUS=${INFECTED}	2344	STATUS=${INFECTED}
2335	fi	2345	fi
Lines 2344-2361 Link Here
2344	fi	2354	fi
2345		2355
2346	if [ "${EXPERT}" = "t" ]; then	2356	if [ "${EXPERT}" = "t" ]; then
2347	expertmode_output "${strings} -a ${CMD}"	2357	expertmode_output "${STRINGS} -a ${CMD}"
2348	return 5	2358	return 5
2349	fi	2359	fi
2350		2360
2351	IFCONFIG_NOT_INFECTED_LABEL="PROMISC"	2361	IFCONFIG_NOT_INFECTED_LABEL="PROMISC"
2352	IFCONFIG_INFECTED_LABEL="/dev/tux\|/session.null"	2362	IFCONFIG_INFECTED_LABEL="/dev/tux\|/session.null"
2353	if ${strings} -a ${CMD} \| ${egrep} "${IFCONFIG_NOT_INFECTED_LABEL}" \	2363	if ${STRINGS} -a ${CMD} \| ${egrep} "${IFCONFIG_NOT_INFECTED_LABEL}" \
2354	>/dev/null 2>&1	2364	>/dev/null 2>&1
2355	then	2365	then
2356	STATUS=${NOT_INFECTED}	2366	STATUS=${NOT_INFECTED}
2357	fi	2367	fi
2358	if ${strings} -a ${CMD} \| ${egrep} "${IFCONFIG_INFECTED_LABEL}" \	2368	if ${STRINGS} -a ${CMD} \| ${egrep} "${IFCONFIG_INFECTED_LABEL}" \
2359	>/dev/null 2>&1	2369	>/dev/null 2>&1
2360	then	2370	then
2361	STATUS=${INFECTED}	2371	STATUS=${INFECTED}
Lines 2375-2386 Link Here
2375	return ${NOT_FOUND}	2385	return ${NOT_FOUND}
2376	fi	2386	fi
2377	if [ "${EXPERT}" = "t" ]; then	2387	if [ "${EXPERT}" = "t" ]; then
2378	expertmode_output "${strings} -a ${CMD}"	2388	expertmode_output "${STRINGS} -a ${CMD}"
2379	return 5	2389	return 5
2380	fi	2390	fi
2381		2391
2382	RSHD_INFECTED_LABEL="HISTFILE"	2392	RSHD_INFECTED_LABEL="HISTFILE"
2383	if ${strings} -a ${CMD} \| ${egrep} "${RSHD_INFECTED_LABEL}" > /dev/null 2>&1	2393	if ${STRINGS} -a ${CMD} \| ${egrep} "${RSHD_INFECTED_LABEL}" > /dev/null 2>&1
2384	then	2394	then
2385	STATUS=${INFECTED}	2395	STATUS=${INFECTED}
2386	if ${egrep} "^#.*rshd" ${ROOTDIR}etc/inetd.conf >/dev/null 2>&1 -o \	2396	if ${egrep} "^#.*rshd" ${ROOTDIR}etc/inetd.conf >/dev/null 2>&1 -o \
Lines 2416-2426 Link Here
2416	[ "tcpd" = "${CMD}" ] && return ${NOT_FOUND};	2426	[ "tcpd" = "${CMD}" ] && return ${NOT_FOUND};
2417		2427
2418	if [ "${EXPERT}" = "t" ]; then	2428	if [ "${EXPERT}" = "t" ]; then
2419	expertmode_output "${strings} -a ${CMD}"	2429	expertmode_output "${STRINGS} -a ${CMD}"
2420	return 5	2430	return 5
2421	fi	2431	fi
2422		2432
2423	if ${strings} -a ${CMD} \| ${egrep} "${TCPD_INFECTED_LABEL}" > /dev/null 2>&1	2433	if ${STRINGS} -a ${CMD} \| ${egrep} "${TCPD_INFECTED_LABEL}" > /dev/null 2>&1
2424	then	2434	then
2425	STATUS=${INFECTED}	2435	STATUS=${INFECTED}
2426	fi	2436	fi
Lines 2437-2447 Link Here
2437	fi	2447	fi
2438		2448
2439	if [ "${EXPERT}" = "t" ]; then	2449	if [ "${EXPERT}" = "t" ]; then
2440	expertmode_output "${strings} -a ${CMD}"	2450	expertmode_output "${STRINGS} -a ${CMD}"
2441	return 5	2451	return 5
2442	fi	2452	fi
2443		2453
2444	if ${strings} -a ${CMD} \| ${egrep} "${SSHD2_INFECTED_LABEL}" \	2454	if ${STRINGS} -a ${CMD} \| ${egrep} "${SSHD2_INFECTED_LABEL}" \
2445	> /dev/null 2>&1	2455	> /dev/null 2>&1
2446	then	2456	then
2447	STATUS=${INFECTED}	2457	STATUS=${INFECTED}
Lines 2458-2468 Link Here
2458	CMD=`loc su su $pth`	2468	CMD=`loc su su $pth`
2459		2469
2460	if [ "${EXPERT}" = "t" ]; then	2470	if [ "${EXPERT}" = "t" ]; then
2461	expertmode_output "${strings} -a ${CMD}"	2471	expertmode_output "${STRINGS} -a ${CMD}"
2462	return 5	2472	return 5
2463	fi	2473	fi
2464		2474
2465	if ${strings} -a ${CMD} \| ${egrep} "${SU_INFECTED_LABEL}" > /dev/null 2>&1	2475	if ${STRINGS} -a ${CMD} \| ${egrep} "${SU_INFECTED_LABEL}" > /dev/null 2>&1
2466	then	2476	then
2467	STATUS=${INFECTED}	2477	STATUS=${INFECTED}
2468	fi	2478	fi
Lines 2482-2492 Link Here
2482	fi	2492	fi
2483		2493
2484	if [ "${EXPERT}" = "t" ]; then	2494	if [ "${EXPERT}" = "t" ]; then
2485	expertmode_output "${strings} -a ${CMD}"	2495	expertmode_output "${STRINGS} -a ${CMD}"
2486	return 5	2496	return 5
2487	fi	2497	fi
2488		2498
2489	if ${strings} -a ${CMD} \| ${egrep} "${FINGER_INFECTED_LABEL}" \	2499	if ${STRINGS} -a ${CMD} \| ${egrep} "${FINGER_INFECTED_LABEL}" \
2490	> /dev/null 2>&1	2500	> /dev/null 2>&1
2491	then	2501	then
2492	STATUS=${INFECTED}	2502	STATUS=${INFECTED}
Lines 2534-2544 Link Here
2534	fi	2544	fi
2535		2545
2536	if [ "${EXPERT}" = "t" ]; then	2546	if [ "${EXPERT}" = "t" ]; then
2537	expertmode_output "${strings} -a ${CMD}"	2547	expertmode_output "${STRINGS} -a ${CMD}"
2538	return 5	2548	return 5
2539	fi	2549	fi
2540		2550
2541	if ${strings} -a ${CMD} \| ${egrep} "${TELNETD_INFECTED_LABEL}" \	2551	if ${STRINGS} -a ${CMD} \| ${egrep} "${TELNETD_INFECTED_LABEL}" \
2542	>/dev/null 2>&1	2552	>/dev/null 2>&1
2543	then	2553	then
2544	STATUS=${INFECTED}	2554	STATUS=${INFECTED}




#endif
#include <ctype.h>

#define MAXREAD 4096
#define MAXBUF 4096
#define MAXLENGTH 256
#define UT_PIDSIZE 12

#endif

struct ps_line {
    char ps_tty[UT_LINESIZE+1];
    char ps_user[UT_NAMESIZE+1];
    char ps_args[MAXLENGTH+1];
    int ps_pid;
};
struct utmp_line {
    char ut_tty[UT_LINESIZE+1];
    int ut_pid;
    int ut_type;
};

int fetchps(struct ps_line *psl_p)
{
    FILE *ps_fp;
    char line[MAXREAD + 1], pid[UT_PIDSIZE+1];
    char *s, *d;
    struct ps_line *curp = &psl_p[0];
    struct ps_line *endp = &psl_p[MAXBUF-1];

		while (isspace(*s))	/* skip spaces */
		    s++;
		d = pid;
		for (x = 0; (!isspace(*s)) && (*d++ = *s++) && x <= UT_PIDSIZE; x++)	/* grab pid */
		    ;
		*d = '\0';
		curp->ps_pid = atoi(pid);




# (C) 1997-2007 Nelson Murilo, Pangeia Informatica, AMS Foundation and others.
#

CC       ?= gcc
CFLAGS	 += -DHAVE_LASTLOG_H
STATIC   ?= -static
STRIP    ?= strip

###
### Solaris 2.x

sense: chklastlog chkwtmp ifpromisc chkproc chkdirs check_wtmpx strings-static chkutmp

chklastlog:   chklastlog.c
	${CC} ${CFLAGS} ${LDFLAGS} -o $@ chklastlog.c
	@$(STRIP) $@

chkwtmp:   chkwtmp.c
	${CC} ${CFLAGS} ${LDFLAGS} -o $@ chkwtmp.c
	@$(STRIP) $@

ifpromisc:   ifpromisc.c
	${CC} ${CFLAGS} ${LDFLAGS}  -D_FILE_OFFSET_BITS=64 -o $@ ifpromisc.c
	@$(STRIP) $@

chkproc:   chkproc.c
	${CC} ${CFLAGS} ${LDFLAGS} -o $@ chkproc.c
	@$(STRIP) $@

chkdirs:   chkdirs.c
	${CC} ${CFLAGS} ${LDFLAGS} -o $@ chkdirs.c
	@$(STRIP) $@

check_wtmpx:   check_wtmpx.c
	${CC} ${CFLAGS} ${LDFLAGS} -o $@ check_wtmpx.c
	@$(STRIP) $@

chkutmp:   chkutmp.c
	${CC} ${CFLAGS} ${LDFLAGS} -o $@ chkutmp.c
	@$(STRIP) $@


strings-static:   strings.c
	${CC} ${CFLAGS} ${STATIC} ${LDFLAGS} -o $@ strings.c
	@$(STRIP) $@

clean:
	rm -f ${OBJS} core chklastlog chkwtmp ifpromisc chkproc chkdirs check_wtmpx strings-static chkutmp

Lines 11-16 Link Here

(-)chkrootkit-0.50.old/strings.c (+1 lines)
11		11
12	#include <stdio.h>	12	#include <stdio.h>
13	#include <strings.h>	13	#include <strings.h>
		14	#include <string.h>
14	#include <sys/types.h>	15	#include <sys/types.h>
15	#include <sys/stat.h>	16	#include <sys/stat.h>
16	#include <ctype.h>	17	#include <ctype.h>

Return to bug 529308

Lines 43-49 Link Here

(-)chkrootkit-0.50.old/chkutmp.c (-7 / +7 lines)
43	#endif	43	#endif
44	#include <ctype.h>	44	#include <ctype.h>
45		45
46	#define MAXREAD 1024	46	#define MAXREAD 4096
47	#define MAXBUF 4096	47	#define MAXBUF 4096
48	#define MAXLENGTH 256	48	#define MAXLENGTH 256
49	#define UT_PIDSIZE 12	49	#define UT_PIDSIZE 12
Lines 58-70 Link Here
58	#endif	58	#endif
59		59
60	struct ps_line {	60	struct ps_line {
61	char ps_tty[UT_LINESIZE];	61	char ps_tty[UT_LINESIZE+1];
62	char ps_user[UT_NAMESIZE];	62	char ps_user[UT_NAMESIZE+1];
63	char ps_args[MAXLENGTH];	63	char ps_args[MAXLENGTH+1];
64	int ps_pid;	64	int ps_pid;
65	};	65	};
66	struct utmp_line {	66	struct utmp_line {
67	char ut_tty[UT_LINESIZE];	67	char ut_tty[UT_LINESIZE+1];
68	int ut_pid;	68	int ut_pid;
69	int ut_type;	69	int ut_type;
70	};	70	};
Lines 78-84 Link Here
78	int fetchps(struct ps_line *psl_p)	78	int fetchps(struct ps_line *psl_p)
79	{	79	{
80	FILE *ps_fp;	80	FILE *ps_fp;
81	char line[MAXREAD + 1], pid[UT_PIDSIZE];	81	char line[MAXREAD + 1], pid[UT_PIDSIZE+1];
82	char s, d;	82	char s, d;
83	struct ps_line *curp = &psl_p[0];	83	struct ps_line *curp = &psl_p[0];
84	struct ps_line *endp = &psl_p[MAXBUF-1];	84	struct ps_line *endp = &psl_p[MAXBUF-1];
Lines 98-104 Link Here
98	while (isspace(s)) / skip spaces */	98	while (isspace(s)) / skip spaces */
99	s++;	99	s++;
100	d = pid;	100	d = pid;
101	for (x = 0; (!isspace(s)) && (d++ = s++) && x <= UT_LINESIZE; x++) / grab pid */	101	for (x = 0; (!isspace(s)) && (d++ = s++) && x <= UT_PIDSIZE; x++) / grab pid */
102	;	102	;
103	*d = '\0';	103	*d = '\0';
104	curp->ps_pid = atoi(pid);	104	curp->ps_pid = atoi(pid);

Lines 3-11 Link Here

(-)chkrootkit-0.50.old/Makefile (-18 / +19 lines)
3	# (C) 1997-2007 Nelson Murilo, Pangeia Informatica, AMS Foundation and others.	3	# (C) 1997-2007 Nelson Murilo, Pangeia Informatica, AMS Foundation and others.
4	#	4	#
5		5
6	CC = cc	6	CC ?= gcc
7	CFLAGS = -DHAVE_LASTLOG_H	7	CFLAGS += -DHAVE_LASTLOG_H
8	STATIC = -static	8	STATIC ?= -static
		9	STRIP ?= strip
9		10
10	###	11	###
11	### Solaris 2.x	12	### Solaris 2.x
Lines 40-76 Link Here
40	sense: chklastlog chkwtmp ifpromisc chkproc chkdirs check_wtmpx strings-static chkutmp	41	sense: chklastlog chkwtmp ifpromisc chkproc chkdirs check_wtmpx strings-static chkutmp
41		42
42	chklastlog: chklastlog.c	43	chklastlog: chklastlog.c
43	${CC} ${CFLAGS} -o $@ chklastlog.c	44	${CC} ${CFLAGS} ${LDFLAGS} -o $@ chklastlog.c
44	@strip $@	45	@$(STRIP) $@
45		46
46	chkwtmp: chkwtmp.c	47	chkwtmp: chkwtmp.c
47	${CC} ${CFLAGS} -o $@ chkwtmp.c	48	${CC} ${CFLAGS} ${LDFLAGS} -o $@ chkwtmp.c
48	@strip $@	49	@$(STRIP) $@
49		50
50	ifpromisc: ifpromisc.c	51	ifpromisc: ifpromisc.c
51	${CC} ${CFLAGS} ${LDFLAGS} -D_FILE_OFFSET_BITS=64 -o $@ ifpromisc.c	52	${CC} ${CFLAGS} ${LDFLAGS} -D_FILE_OFFSET_BITS=64 -o $@ ifpromisc.c
52	@strip $@	53	@$(STRIP) $@
53		54
54	chkproc: chkproc.c	55	chkproc: chkproc.c
55	${CC} ${LDFLAGS} -o $@ chkproc.c	56	${CC} ${CFLAGS} ${LDFLAGS} -o $@ chkproc.c
56	@strip $@	57	@$(STRIP) $@
57		58
58	chkdirs: chkdirs.c	59	chkdirs: chkdirs.c
59	${CC} ${LDFLAGS} -o $@ chkdirs.c	60	${CC} ${CFLAGS} ${LDFLAGS} -o $@ chkdirs.c
60	@strip $@	61	@$(STRIP) $@
61		62
62	check_wtmpx: check_wtmpx.c	63	check_wtmpx: check_wtmpx.c
63	${CC} ${LDFLAGS} -o $@ check_wtmpx.c	64	${CC} ${CFLAGS} ${LDFLAGS} -o $@ check_wtmpx.c
64	@strip $@	65	@$(STRIP) $@
65		66
66	chkutmp: chkutmp.c	67	chkutmp: chkutmp.c
67	${CC} ${LDFLAGS} -o $@ chkutmp.c	68	${CC} ${CFLAGS} ${LDFLAGS} -o $@ chkutmp.c
68	@strip $@	69	@$(STRIP) $@
69		70
70		71
71	strings-static: strings.c	72	strings-static: strings.c
72	${CC} ${STATIC} ${LDFLAGS} -o $@ strings.c	73	${CC} ${CFLAGS} ${STATIC} ${LDFLAGS} -o $@ strings.c
73	@strip $@	74	@$(STRIP) $@
74		75
75	clean:	76	clean:
76	rm -f ${OBJS} core chklastlog chkwtmp ifpromisc chkproc chkdirs check_wtmpx strings-static chkutmp	77	rm -f ${OBJS} core chklastlog chkwtmp ifpromisc chkproc chkdirs check_wtmpx strings-static chkutmp