Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 30294 Details for
Bug 41040
app-admin/chkrootkit-0.43 version bump
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
chkrootkit-0.43-gentoo.diff
chkrootkit-0.43-gentoo.diff (text/plain), 29.42 KB, created by
Erwin (RETIRED)
on 2004-04-28 19:36:01 UTC
(
hide
)
Description:
chkrootkit-0.43-gentoo.diff
Filename:
MIME Type:
Creator:
Erwin (RETIRED)
Created:
2004-04-28 19:36:01 UTC
Size:
29.42 KB
patch
obsolete
>--- chkrootkit-0.43/chkrootkit 2003-12-29 00:48:16.000000000 +0800 >+++ chkrootkit 2004-04-29 10:31:35.098794752 +0800 >@@ -10,6 +10,14 @@ > # (C)1997-2003 Nelson Murilo, Pangeia Informatica, AMS Foundation and others. > # All rights reserved > >+# Gentoo specific : Could use `type <command> | cut -f 3 -d " "` >+IFPROMISC="/usr/sbin/ifpromisc" >+CHKLASTLOG="/usr/sbin/chklastlog" >+CHKPROC="/usr/sbin/chkproc" >+CHKWTMP="/usr/sbin/chkwtmp" >+CHECK_WTMPX="/usr/sbin/check_wtmpx" >+STRINGS="/usr/sbin/strings-static" >+ > ### workaround for some Bourne shell implementations > unalias login > /dev/null 2>&1 > unalias ls > /dev/null 2>&1 >@@ -116,7 +124,7 @@ > > if [ "${EXPERT}" = "t" ]; then > expertmode_output "${egrep} ^asp ${ROOTDIR}etc/inetd.conf" >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >@@ -132,7 +140,7 @@ > STATUS=${INFECTED} > fi > >- if ${strings} -a ${CMD} | ${egrep} "${ASP_LABEL}" >/dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${ASP_LABEL}" >/dev/null 2>&1 > then > echo "INFECTED" > STATUS=${INFECTED} >@@ -151,20 +159,20 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "./ifpromisc" -v >+ expertmode_output "${IFPROMISC}" -v > return 5 > fi >- if [ ! -x ./ifpromisc ]; then >- echo "not tested: can't exec ./ifpromisc" >+ if [ ! -x ${IFPROMISC} ]; then >+ echo "not tested: can't exec ${IFPROMISC}" > return ${NOT_TESTED} > else >- [ "${QUIET}" != "t" ] && ./ifpromisc -v || ./ifpromisc -q >+ [ "${QUIET}" != "t" ] && ${IFPROMISC} -v || ${IFPROMISC} -q > fi > } > > z2 () { >- if [ ! -x ./chklastlog ]; then >- echo "not tested: can't exec ./chklastlog" >+ if [ ! -x ${CHKLASTLOG} ]; then >+ echo "not tested: can't exec ${CHKLASTLOG}" > return ${NOT_TESTED} > fi > >@@ -178,32 +186,32 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "./chklastlog -f ${WTMP} -l ${LASTLOG}" >+ expertmode_output "${CHKLASTLOG} -f ${WTMP} -l ${LASTLOG}" > return 5 > fi > >- if ./chklastlog -f ${WTMP} -l ${LASTLOG} >+ if ${CHKLASTLOG} -f ${WTMP} -l ${LASTLOG} > then > if [ "${QUIET}" != "t" ]; then echo "nothing deleted"; fi > fi > } > > wted () { >- if [ ! -x ./chkwtmp ]; then >- echo "not tested: can't exec ./chkwtmp" >+ if [ ! -x ${CHKWTMP} ]; then >+ echo "not tested: can't exec ${CHKWTMP}" > return ${NOT_TESTED} > fi > > if [ "$SYSTEM" = "SunOS" ]; then >- if [ ! -x ./check_wtmpx ]; then >- echo "not tested: can't exec ./check_wtmpx" >+ if [ ! -x ${CHECK_WTMPX} ]; then >+ echo "not tested: can't exec ${CHECK_WTMPX}" > else > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "./check_wtmpx" >+ expertmode_output "${CHECK_WTMPX}" > return 5 > fi > if [ -f ${ROOTDIR}var/adm/wtmp ]; then >- if ./check_wtmpx >+ if ${CHECK_WTMPX} > then > if [ "${QUIET}" != "t" ]; then \ > echo "nothing deleted in /var/adm/wtmpx"; fi >@@ -214,12 +222,12 @@ > WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"` > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "./chkwtmp -f ${WTMP}" >+ expertmode_output "${CHKWTMP} -f ${WTMP}" > return 5 > fi > fi > >- if ./chkwtmp -f ${WTMP} >+ if ${CHKWTMP} -f ${WTMP} > then > if [ "${QUIET}" != "t" ]; then echo "nothing deleted"; fi > fi >@@ -258,7 +266,7 @@ > prog="" > if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \ > ${V} -gt 43 \) \) -a "${ROOTDIR}" = "/" ]; then >- [ ! -x ./chkproc ] && prog="./chkproc" >+ [ ! -x ${CHKPROC} ] && prog="${CHKPROC}" > [ ! -x ./chkdirs ] && prog="$prog ./chkdirs" > if [ "$prog" != "" ]; then > # echo "not tested: can't exec $prog" >@@ -268,7 +276,7 @@ > if [ "${EXPERT}" = "t" ]; then > [ -r /proc/ksyms ] && ${egrep} -i "adore|sebek" < /proc/ksyms 2>/dev/null > [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null >- expertmode_output "./chkproc -v -v" >+ expertmode_output "${CHKPROC} -v -v" > return 5 > fi > >@@ -289,7 +297,7 @@ > echo "Warning: Knark LKM installed" > fi > >- if ./chkproc >+ if ${CHKPROC} > then > if [ "${QUIET}" != "t" ]; then echo "nothing detected"; fi > else >@@ -465,7 +473,7 @@ > ${egrep} "\.hk" ${ROOTDIR}etc/rc.d/init.d/network 2>/dev/null > > ## Suckit rootkit >- expertmode_output "${strings} ${ROOTDIR}sbin/init | ${egrep} HOME" >+ expertmode_output "${STRINGS} ${ROOTDIR}sbin/init | ${egrep} HOME" > expertmode_output "cat ${ROOTDIR}proc/1/maps | ${egrep} init." > > ## Volc rootkit >@@ -890,7 +898,7 @@ > ### Suckit > if [ -f ${ROOTDIR}sbin/init ]; then > if [ "${QUIET}" != "t" ];then printn "Searching for Suckit rootkit ... "; fi >- if [ ${SYSTEM} != "HP-UX" ] && ( ${strings} ${ROOTDIR}sbin/init | ${egrep} HOME || \ >+ if [ ${SYSTEM} != "HP-UX" ] && ( ${STRINGS} ${ROOTDIR}sbin/init | ${egrep} HOME || \ > cat ${ROOTDIR}/proc/1/maps | ${egrep} "init." ) >/dev/null 2>&1 > then > echo "Warning: ${ROOTDIR}sbin/init INFECTED" >@@ -1068,20 +1076,20 @@ > STATUS=${NOT_INFECTED} > CMD=`loc chfn chfn $pth` > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > > case "${SYSTEM}" in > Linux) >- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \ >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \ > >/dev/null 2>&1 > then > STATUS=${INFECTED} > fi;; > FreeBSD) > [ $V -gt 50 ] && n=1 || n=2 >- if [ `${strings} -a ${CMD} | \ >+ if [ `${STRINGS} -a ${CMD} | \ > ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ] > then > STATUS=${INFECTED} >@@ -1096,16 +1104,16 @@ > REDHAT_PAM_LABEL="*NOT*" > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > > case "${SYSTEM}" in > Linux) >- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \ >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \ > >/dev/null 2>&1 > then >- if ${strings} -a ${CMD} | ${egrep} "${REDHAT_PAM_LABEL}" \ >+ if ${STRINGS} -a ${CMD} | ${egrep} "${REDHAT_PAM_LABEL}" \ > >/dev/null 2>&1 > then > : >@@ -1115,7 +1123,7 @@ > fi;; > FreeBSD) > [ $V -gt 50 ] && n=1 || n=2 >- if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ] >+ if [ `${STRINGS} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ] > then > STATUS=${INFECTED} > fi;; >@@ -1128,13 +1136,13 @@ > CMD=`loc login login $pth` > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > > if [ "$SYSTEM" = "SunOS" ]; then > TROJED_L_L="porcao|/bin/xstat" >- if ${strings} -a ${CMD} | ${egrep} "${TROJED_L_L}" >/dev/null 2>&1 ]; then >+ if ${STRINGS} -a ${CMD} | ${egrep} "${TROJED_L_L}" >/dev/null 2>&1 ]; then > return ${INFECTED} > else > return ${NOT_TESTED} >@@ -1142,7 +1150,7 @@ > fi > GENERAL="^root$" > TROJED_L_L="vejeta|xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT" >- ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"` >+ ret=`${STRINGS} -a ${CMD} | ${egrep} -c "${GENERAL}"` > if [ ${ret} -gt 0 ]; then > case ${ret} in > 1) [ "${SYSTEM}" = "OpenBSD" -a ${V} -le 27 -o ${V} -ge 30 ] && \ >@@ -1153,7 +1161,7 @@ > *) STATUS=${INFECTED};; > esac > fi >- if ${strings} -a ${CMD} | ${egrep} "${TROJED_L_L}" 2>&1 >/dev/null >+ if ${STRINGS} -a ${CMD} | ${egrep} "${TROJED_L_L}" 2>&1 >/dev/null > then > STATUS=${INFECTED} > fi >@@ -1169,14 +1177,14 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > fi > > if [ "${SYSTEM}" = "OpenBSD" -o "${SYSTEM}" = "SunOS" ] > then > return ${NOT_TESTED} > fi >- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}|/lib/security" \ >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}|/lib/security" \ > >/dev/null 2>&1 > then > STATUS=${INFECTED} >@@ -1194,11 +1202,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \ >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \ > >/dev/null 2>&1 > then > STATUS=${INFECTED} >@@ -1217,11 +1225,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${SYSLOG_I_L}" >/dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${SYSLOG_I_L}" >/dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1238,11 +1246,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${HDPARM_INFECTED_LABEL}" \ >+ if ${STRINGS} -a ${CMD} | ${egrep} "${HDPARM_INFECTED_LABEL}" \ > >/dev/null 2>&1 > then > STATUS=${INFECTED} >@@ -1260,11 +1268,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${GPM_INFECTED_LABEL}" \ >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GPM_INFECTED_LABEL}" \ > >/dev/null 2>&1 > then > STATUS=${INFECTED} >@@ -1282,11 +1290,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${MINGETTY_INFECTED_LABEL}" \ >+ if ${STRINGS} -a ${CMD} | ${egrep} "${MINGETTY_INFECTED_LABEL}" \ > >/dev/null 2>&1 > then > STATUS=${INFECTED} >@@ -1304,11 +1312,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${SENDMAIL_INFECTED_LABEL}" \ >+ if ${STRINGS} -a ${CMD} | ${egrep} "${SENDMAIL_INFECTED_LABEL}" \ > >/dev/null 2>&1 > then > STATUS=${INFECTED} >@@ -1322,11 +1330,11 @@ > CMD=`loc ls ls $pth` > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${LS_INFECTED_LABEL}" >/dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${LS_INFECTED_LABEL}" >/dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1339,11 +1347,11 @@ > CMD=`loc du du $pth` > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${DU_INFECTED_LABEL}" >/dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${DU_INFECTED_LABEL}" >/dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1363,11 +1371,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${NAMED_I_L}" \ >+ if ${STRINGS} -a ${CMD} | ${egrep} "${NAMED_I_L}" \ > >/dev/null 2>&1 > then > STATUS=${INFECTED} >@@ -1381,11 +1389,11 @@ > CMD=`loc netstat netstat $pth` > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${NETSTAT_I_L}" \ >+ if ${STRINGS} -a ${CMD} | ${egrep} "${NETSTAT_I_L}" \ > >/dev/null 2>&1 > then > STATUS=${INFECTED} >@@ -1400,11 +1408,11 @@ > CMD=`loc ps ps $pth` > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${PS_I_L}" >/dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${PS_I_L}" >/dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1422,11 +1430,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${PSTREE_INFECTED_LABEL}" >/dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${PSTREE_INFECTED_LABEL}" >/dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1444,11 +1452,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1466,11 +1474,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1488,11 +1496,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1531,11 +1539,11 @@ > CMD=`loc basename basename $pth` > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > expertmode_output "${ls} -l ${CMD}" > return 5 > fi >- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1555,11 +1563,11 @@ > CMD=`loc dirname dirname $pth` > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > expertmode_output "${ls} -l ${CMD}" > return 5 > fi >- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1580,11 +1588,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1596,12 +1604,12 @@ > CMD=`loc rpcinfo rpcinfo $pth` > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > expertmode_output "${ls} -l ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1618,19 +1626,19 @@ > CMD=`loc date date $pth` > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > expertmode_output "${ls} -l ${CMD}" > return 5 > fi > [ "${SYSTEM}" = "FreeBSD" -a $V -gt 50 ] && > { >- if [ `${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" | \ >+ if [ `${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" | \ > ${egrep} -c "$S_L"` -ne 2 ]; then > STATUS=${INFECTED} > fi > } || > { >- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1647,12 +1655,12 @@ > CMD=`loc echo echo $pth` > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > expertmode_output "${ls} -l ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1668,12 +1676,12 @@ > CMD=`loc env env $pth` > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > expertmode_output "${ls} -l ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1695,11 +1703,11 @@ > fi > fi > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1713,11 +1721,11 @@ > return ${NOT_FOUND} > fi > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1732,11 +1740,11 @@ > return ${NOT_FOUND} > fi > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${INIT_INFECTED_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${INIT_INFECTED_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1750,11 +1758,11 @@ > return ${NOT_FOUND} > fi > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1768,11 +1776,11 @@ > return ${NOT_FOUND} > fi > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1784,12 +1792,12 @@ > CMD=`loc write write $pth` > WRITE_ROOTKIT_LABEL="bash|elite$|vejeta|\.ark" > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > expertmode_output "${ls} -l ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${WRITE_ROOTKIT_LABEL}" | grep -v locale > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${WRITE_ROOTKIT_LABEL}" | grep -v locale > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1806,11 +1814,11 @@ > W_INFECTED_LABEL="uname -a" > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > expertmode_output "${ls} -l ${CMD}" > return 5 > fi >- if ${strings} -a ${CMD} | ${egrep} "${W_INFECTED_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${W_INFECTED_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1826,11 +1834,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > expertmode_output "${ls} -l ${CMD}" > return 5 > fi >- if ${strings} -a ${CMD} | ${egrep} "${VDIR_INFECTED_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${VDIR_INFECTED_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1862,7 +1870,7 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > STATUS=${INFECTED} >@@ -1879,12 +1887,12 @@ > MAIL_INFECTED_LABEL="sh -i" > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > expertmode_output "${ls} -l ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${MAIL_INFECTED_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${MAIL_INFECTED_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1904,12 +1912,12 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > expertmode_output "${ls} -l ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1926,11 +1934,11 @@ > CMD=`loc egrep egrep $pth` > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > expertmode_output "${ls} -l ${CMD}" > return 5 > fi >- if ${strings} -a ${CMD} | ${egrep} "${EGREP_INFECTED_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${EGREP_INFECTED_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1943,12 +1951,12 @@ > CMD=`loc grep grep $pth` > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > expertmode_output "${ls} -l ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${GREP_INFECTED_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${GREP_INFECTED_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1970,11 +1978,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -1992,10 +2000,10 @@ > fi > fi > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi >- if ${strings} -a ${CMD} | ${egrep} "${RLOGIN_INFECTED_LABEL}" >/dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${RLOGIN_INFECTED_LABEL}" >/dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -2010,10 +2018,10 @@ > return ${NOT_FOUND} > fi > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi >- if ${strings} -a ${CMD} | ${egrep} "${LSOF_INFECTED_LABEL}" >/dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${LSOF_INFECTED_LABEL}" >/dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -2028,10 +2036,10 @@ > return ${NOT_FOUND} > fi > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi >- if ${strings} -a ${CMD} | ${egrep} "${AMD_INFECTED_LABEL}" >/dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${AMD_INFECTED_LABEL}" >/dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -2046,10 +2054,10 @@ > return ${NOT_FOUND} > fi > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi >- if ${strings} -a ${CMD} | ${egrep} "${SLOGIN_INFECTED_LABEL}" >/dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${SLOGIN_INFECTED_LABEL}" >/dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -2068,10 +2076,10 @@ > return ${NOT_FOUND} > fi > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi >- if ${strings} -a ${CMD} | ${egrep} "${CRON_INFECTED_LABEL}" >/dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${CRON_INFECTED_LABEL}" >/dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -2083,18 +2091,18 @@ > CMD="${ROOTDIR}sbin/ifconfig" > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > > IFCONFIG_NOT_INFECTED_LABEL="PROMISC" > IFCONFIG_INFECTED_LABEL="/dev/tux|/session.null" >- if ${strings} -a ${CMD} | ${egrep} "${IFCONFIG_NOT_INFECTED_LABEL}" \ >+ if ${STRINGS} -a ${CMD} | ${egrep} "${IFCONFIG_NOT_INFECTED_LABEL}" \ > >/dev/null 2>&1 > then > STATUS=${NOT_INFECTED} > fi >- if ${strings} -a ${CMD} | ${egrep} "${IFCONFIG_INFECTED_LABEL}" \ >+ if ${STRINGS} -a ${CMD} | ${egrep} "${IFCONFIG_INFECTED_LABEL}" \ > >/dev/null 2>&1 > then > STATUS=${INFECTED} >@@ -2114,12 +2122,12 @@ > return ${NOT_FOUND} > fi > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > > RSHD_INFECTED_LABEL="HISTFILE" >- if ${strings} -a ${CMD} | ${egrep} "${RSHD_INFECTED_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${RSHD_INFECTED_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > if ${egrep} "^#.*rshd" ${ROOTDIR}etc/inetd.conf >/dev/null 2>&1 -o \ >@@ -2155,11 +2163,11 @@ > [ "tcpd" = "${CMD}" ] && return ${NOT_FOUND}; > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${TCPD_INFECTED_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${TCPD_INFECTED_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -2176,11 +2184,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${SSHD2_INFECTED_LABEL}" \ >+ if ${STRINGS} -a ${CMD} | ${egrep} "${SSHD2_INFECTED_LABEL}" \ > > /dev/null 2>&1 > then > STATUS=${INFECTED} >@@ -2197,11 +2205,11 @@ > CMD=`loc su su $pth` > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${SU_INFECTED_LABEL}" > /dev/null 2>&1 >+ if ${STRINGS} -a ${CMD} | ${egrep} "${SU_INFECTED_LABEL}" > /dev/null 2>&1 > then > STATUS=${INFECTED} > fi >@@ -2221,11 +2229,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${FINGER_INFECTED_LABEL}" \ >+ if ${STRINGS} -a ${CMD} | ${egrep} "${FINGER_INFECTED_LABEL}" \ > > /dev/null 2>&1 > then > STATUS=${INFECTED} >@@ -2273,11 +2281,11 @@ > fi > > if [ "${EXPERT}" = "t" ]; then >- expertmode_output "${strings} -a ${CMD}" >+ expertmode_output "${STRINGS} -a ${CMD}" > return 5 > fi > >- if ${strings} -a ${CMD} | ${egrep} "${TELNETD_INFECTED_LABEL}" \ >+ if ${STRINGS} -a ${CMD} | ${egrep} "${TELNETD_INFECTED_LABEL}" \ > >/dev/null 2>&1 > then > STATUS=${INFECTED}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=30294">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 41040
: 30294
