|
Lines 70-76
Link Here
|
| 70 |
# we exec to log everything to the debug file. |
70 |
# we exec to log everything to the debug file. |
| 71 |
# |
71 |
# |
| 72 |
|
72 |
|
| 73 |
if [ -n "`echo \"$*\" | grep '\-\-debug'`" ]; then |
73 |
if [ -n "`echo \"$*\" | grep -- '--debug'`" ]; then |
| 74 |
RKHDEBUGFILE="" |
74 |
RKHDEBUGFILE="" |
| 75 |
RKHDEBUGBASE="/tmp/rkhunter-debug" |
75 |
RKHDEBUGBASE="/tmp/rkhunter-debug" |
| 76 |
|
76 |
|
|
Lines 181-187
Link Here
|
| 181 |
# used. If it is, then some typical grep tests will fail. |
181 |
# used. If it is, then some typical grep tests will fail. |
| 182 |
# |
182 |
# |
| 183 |
|
183 |
|
| 184 |
if [ "`echo \"rkh-grep-test\" | grep '^\+'`" = "rkh-grep-test" ]; then |
184 |
if [ "`echo \"rkh-grep-test\" | grep '^+'`" = "rkh-grep-test" ]; then |
| 185 |
alias grep='grep -E' |
185 |
alias grep='grep -E' |
| 186 |
fi |
186 |
fi |
| 187 |
|
187 |
|
|
Lines 948-956
Link Here
|
| 948 |
# |
948 |
# |
| 949 |
|
949 |
|
| 950 |
if [ "${OPT_NAME}" = "SHARED_LIB_WHITELIST" ]; then |
950 |
if [ "${OPT_NAME}" = "SHARED_LIB_WHITELIST" ]; then |
| 951 |
RKHTMPVAR=`echo "${OPT_VALUE}" | egrep '(^|[^\\])[][?*]'` |
951 |
RKHTMPVAR=`echo "${OPT_VALUE}" | grep -E '(^|[^\\])[][?*]'` |
| 952 |
else |
952 |
else |
| 953 |
RKHTMPVAR=`echo "${OPT_VALUE}" | egrep '(^|[^\\])[][?*{}]'` |
953 |
RKHTMPVAR=`echo "${OPT_VALUE}" | grep -E '(^|[^\\])[][?*{}]'` |
| 954 |
fi |
954 |
fi |
| 955 |
|
955 |
|
| 956 |
if [ -n "${RKHTMPVAR}" ]; then |
956 |
if [ -n "${RKHTMPVAR}" ]; then |
|
Lines 989-995
Link Here
|
| 989 |
# The code is left here since we may need something very similar for overloaded options. |
989 |
# The code is left here since we may need something very similar for overloaded options. |
| 990 |
# overloaded options - ALLOWPROCDELFILE PORT_PATH_WHITELIST RTKT_FILE_WHITELIST |
990 |
# overloaded options - ALLOWPROCDELFILE PORT_PATH_WHITELIST RTKT_FILE_WHITELIST |
| 991 |
# if [ "${OPT_NAME}" = "BINDIR" ]; then |
991 |
# if [ "${OPT_NAME}" = "BINDIR" ]; then |
| 992 |
# if [ -n "`echo \"${FNAME}\" | grep '^\+'`" ]; then |
992 |
# if [ -n "`echo \"${FNAME}\" | grep '^+'`" ]; then |
| 993 |
# FNAME=`echo "${FNAME}" | cut -c2-` |
993 |
# FNAME=`echo "${FNAME}" | cut -c2-` |
| 994 |
# fi |
994 |
# fi |
| 995 |
# fi |
995 |
# fi |
|
Lines 1000-1006
Link Here
|
| 1000 |
# Also check that '/' has not been set. |
1000 |
# Also check that '/' has not been set. |
| 1001 |
# |
1001 |
# |
| 1002 |
|
1002 |
|
| 1003 |
if [ -n "`echo \"${FNAME}\" | egrep '(^[./]*$)|[;&]|/\.\./'`" ]; then |
1003 |
if [ -n "`echo \"${FNAME}\" | grep -E '(^[./]*$)|[;&]|/\.\./'`" ]; then |
| 1004 |
ERRCODE=1 |
1004 |
ERRCODE=1 |
| 1005 |
|
1005 |
|
| 1006 |
echo "Invalid ${OPT_NAME} configuration option: Invalid pathname: ${FNAME}" |
1006 |
echo "Invalid ${OPT_NAME} configuration option: Invalid pathname: ${FNAME}" |
|
Lines 1134-1140
Link Here
|
| 1134 |
# |
1134 |
# |
| 1135 |
|
1135 |
|
| 1136 |
if [ "${OPT_NAME}" = "SHARED_LIB_WHITELIST" ]; then |
1136 |
if [ "${OPT_NAME}" = "SHARED_LIB_WHITELIST" ]; then |
| 1137 |
if [ -n "`echo \"${FNAME}\" | egrep '\\$\\{?(ORIGIN|LIB|PLATFORM)\\}?'`" ]; then |
1137 |
if [ -n "`echo \"${FNAME}\" | grep -E '\\$\\{?(ORIGIN|LIB|PLATFORM)\\}?'`" ]; then |
| 1138 |
continue |
1138 |
continue |
| 1139 |
fi |
1139 |
fi |
| 1140 |
fi |
1140 |
fi |
|
Lines 2522-2528
Link Here
|
| 2522 |
PREPEND_PATHS="" |
2522 |
PREPEND_PATHS="" |
| 2523 |
|
2523 |
|
| 2524 |
for DIR in ${BINPATHS}; do |
2524 |
for DIR in ${BINPATHS}; do |
| 2525 |
if [ -n "`echo ${DIR} | grep '^\+'`" ]; then |
2525 |
if [ -n "`echo ${DIR} | grep '^+'`" ]; then |
| 2526 |
DIR=`echo ${DIR} | cut -c2-` |
2526 |
DIR=`echo ${DIR} | cut -c2-` |
| 2527 |
PREPEND_PATHS="${PREPEND_PATHS} ${DIR}" |
2527 |
PREPEND_PATHS="${PREPEND_PATHS} ${DIR}" |
| 2528 |
fi |
2528 |
fi |
|
Lines 2532-2538
Link Here
|
| 2532 |
|
2532 |
|
| 2533 |
|
2533 |
|
| 2534 |
for DIR in ${PREPEND_PATHS} ${RKHROOTPATH} ${BINPATHS}; do |
2534 |
for DIR in ${PREPEND_PATHS} ${RKHROOTPATH} ${BINPATHS}; do |
| 2535 |
if [ -n "`echo ${DIR} | grep '^\+'`" ]; then |
2535 |
if [ -n "`echo ${DIR} | grep '^+'`" ]; then |
| 2536 |
# These will already be in PREPEND_PATHS. |
2536 |
# These will already be in PREPEND_PATHS. |
| 2537 |
continue |
2537 |
continue |
| 2538 |
elif [ -z "`echo ${DIR} | grep '^/'`" ]; then |
2538 |
elif [ -z "`echo ${DIR} | grep '^/'`" ]; then |
|
Lines 3848-3854
Link Here
|
| 3848 |
# |
3848 |
# |
| 3849 |
|
3849 |
|
| 3850 |
for RKHTMPVAR2 in ${RKHTMPVAR}; do |
3850 |
for RKHTMPVAR2 in ${RKHTMPVAR}; do |
| 3851 |
if [ -n "`echo \"${RKHTMPVAR2}\" | egrep -i '^(TCP|UDP):[1-9][0-9]*$'`" ]; then |
3851 |
if [ -n "`echo \"${RKHTMPVAR2}\" | grep -E -i '^(TCP|UDP):[1-9][0-9]*$'`" ]; then |
| 3852 |
PROTO=`echo ${RKHTMPVAR2} | cut -d: -f1 | tr '[:lower:]' '[:upper:]'` |
3852 |
PROTO=`echo ${RKHTMPVAR2} | cut -d: -f1 | tr '[:lower:]' '[:upper:]'` |
| 3853 |
PORT=`echo ${RKHTMPVAR2} | cut -d: -f2` |
3853 |
PORT=`echo ${RKHTMPVAR2} | cut -d: -f2` |
| 3854 |
|
3854 |
|
|
Lines 3899-3905
Link Here
|
| 3899 |
PROTO="" |
3899 |
PROTO="" |
| 3900 |
|
3900 |
|
| 3901 |
# Dig out the protocol and port number, if present. |
3901 |
# Dig out the protocol and port number, if present. |
| 3902 |
if [ -n "`echo \"${RKHTMPVAR2}\" | egrep -i '.:(TCP|UDP):[1-9][0-9]*$'`" ]; then |
3902 |
if [ -n "`echo \"${RKHTMPVAR2}\" | grep -E -i '.:(TCP|UDP):[1-9][0-9]*$'`" ]; then |
| 3903 |
PROTO=`echo "${RKHTMPVAR2}" | sed -e 's/^.*:\([a-zA-Z]*\):[1-9][0-9]*$/\1/'` |
3903 |
PROTO=`echo "${RKHTMPVAR2}" | sed -e 's/^.*:\([a-zA-Z]*\):[1-9][0-9]*$/\1/'` |
| 3904 |
PORT=`echo "${RKHTMPVAR2}" | sed -e 's/^.*:\([1-9][0-9]*\)$/\1/'` |
3904 |
PORT=`echo "${RKHTMPVAR2}" | sed -e 's/^.*:\([1-9][0-9]*\)$/\1/'` |
| 3905 |
|
3905 |
|
|
Lines 4839-4845
Link Here
|
| 4839 |
fi |
4839 |
fi |
| 4840 |
fi |
4840 |
fi |
| 4841 |
|
4841 |
|
| 4842 |
if [ -n "`echo \"${HASH_FUNC}\" | egrep -i '^(MD5|SHA1|SHA224|SHA256|SHA384|SHA512|RIPEMD160|WHIRLPOOL|NONE)$'`" ]; then |
4842 |
if [ -n "`echo \"${HASH_FUNC}\" | grep -E -i '^(MD5|SHA1|SHA224|SHA256|SHA384|SHA512|RIPEMD160|WHIRLPOOL|NONE)$'`" ]; then |
| 4843 |
HASH_FUNC=`echo "${HASH_FUNC}" | tr '[:lower:]' '[:upper:]'` |
4843 |
HASH_FUNC=`echo "${HASH_FUNC}" | tr '[:lower:]' '[:upper:]'` |
| 4844 |
fi |
4844 |
fi |
| 4845 |
|
4845 |
|
|
Lines 6412-6418
Link Here
|
| 6412 |
OSNAME="${OSNAME} `sw_vers 2>/dev/null | grep '^ProductVersion:' | sed -e 's/ProductVersion:[ ]*//'`" |
6412 |
OSNAME="${OSNAME} `sw_vers 2>/dev/null | grep '^ProductVersion:' | sed -e 's/ProductVersion:[ ]*//'`" |
| 6413 |
# OSNAME="${OSNAME} `sysctl kern.version 2>/dev/null | sed -e 's/^kern.version = //' | cut -d: -f1`" |
6413 |
# OSNAME="${OSNAME} `sysctl kern.version 2>/dev/null | sed -e 's/^kern.version = //' | cut -d: -f1`" |
| 6414 |
|
6414 |
|
| 6415 |
if [ -n "`sysctl -a 2>/dev/null | egrep '^(hw\.optional\.x86_64|hw\.optional\.64bitops|hw\.cpu64bit_capable).*1$'`" ]; then |
6415 |
if [ -n "`sysctl -a 2>/dev/null | grep -E '^(hw\.optional\.x86_64|hw\.optional\.64bitops|hw\.cpu64bit_capable).*1$'`" ]; then |
| 6416 |
OSNAME="${OSNAME} (64-bit capable)" |
6416 |
OSNAME="${OSNAME} (64-bit capable)" |
| 6417 |
fi |
6417 |
fi |
| 6418 |
;; |
6418 |
;; |
|
Lines 6708-6714
Link Here
|
| 6708 |
# this is what RPM does). |
6708 |
# this is what RPM does). |
| 6709 |
# |
6709 |
# |
| 6710 |
|
6710 |
|
| 6711 |
RPM_QUERY_RESULT=`echo "${RPM_QUERY_RESULT_ARCH}" | egrep ':(x86_64|ia64):' 2>/dev/null | tail ${TAIL_OPT}1` |
6711 |
RPM_QUERY_RESULT=`echo "${RPM_QUERY_RESULT_ARCH}" | grep -E ':(x86_64|ia64):' 2>/dev/null | tail ${TAIL_OPT}1` |
| 6712 |
|
6712 |
|
| 6713 |
test -z "${RPM_QUERY_RESULT}" && RPM_QUERY_RESULT=`echo "${RPM_QUERY_RESULT_ARCH}" | tail ${TAIL_OPT}1` |
6713 |
test -z "${RPM_QUERY_RESULT}" && RPM_QUERY_RESULT=`echo "${RPM_QUERY_RESULT_ARCH}" | tail ${TAIL_OPT}1` |
| 6714 |
|
6714 |
|
|
Lines 6883-6889
Link Here
|
| 6883 |
if [ -n "${PKGNAME}" ]; then |
6883 |
if [ -n "${PKGNAME}" ]; then |
| 6884 |
if [ -f "/var/lib/dpkg/info/${PKGNAME}.md5sums" ]; then |
6884 |
if [ -f "/var/lib/dpkg/info/${PKGNAME}.md5sums" ]; then |
| 6885 |
FILNAM=`echo "${FNAME}" | sed -e 's:^/::; s:\.:\\\.:g'` |
6885 |
FILNAM=`echo "${FNAME}" | sed -e 's:^/::; s:\.:\\\.:g'` |
| 6886 |
SYSHASH=`egrep "( |\./)${FILNAM}\$" "/var/lib/dpkg/info/${PKGNAME}.md5sums" 2>/dev/null | cut -d' ' -f1` |
6886 |
SYSHASH=`grep -E "( |\./)${FILNAM}\$" "/var/lib/dpkg/info/${PKGNAME}.md5sums" 2>/dev/null | cut -d' ' -f1` |
| 6887 |
test -n "${SYSHASH}" && FILE_IS_PKGD=1 |
6887 |
test -n "${SYSHASH}" && FILE_IS_PKGD=1 |
| 6888 |
fi |
6888 |
fi |
| 6889 |
fi |
6889 |
fi |
|
Lines 6925-6931
Link Here
|
| 6925 |
SYSHASH="" |
6925 |
SYSHASH="" |
| 6926 |
RKHTMPVAR=`${HASH_CMD} "${FNAME}" 2>&1` |
6926 |
RKHTMPVAR=`${HASH_CMD} "${FNAME}" 2>&1` |
| 6927 |
|
6927 |
|
| 6928 |
if [ -n "`echo \"${RKHTMPVAR}\" | egrep 'prelink.* (dependenc|adjusting unfinished)'`" ]; then |
6928 |
if [ -n "`echo \"${RKHTMPVAR}\" | grep -E 'prelink.* (dependenc|adjusting unfinished)'`" ]; then |
| 6929 |
DEPENDENCY_ERR=1 |
6929 |
DEPENDENCY_ERR=1 |
| 6930 |
RKHTMPVAR=`echo "${RKHTMPVAR}" | tr '\n' ':' | sed -e 's/:$//'` |
6930 |
RKHTMPVAR=`echo "${RKHTMPVAR}" | tr '\n' ':' | sed -e 's/:$//'` |
| 6931 |
else |
6931 |
else |
|
Lines 7311-7323
Link Here
|
| 7311 |
|
7311 |
|
| 7312 |
case $MIRRORS_MODE in |
7312 |
case $MIRRORS_MODE in |
| 7313 |
0) |
7313 |
0) |
| 7314 |
MIRROR=`egrep -i '^(local|remote|mirror)=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1` |
7314 |
MIRROR=`grep -E -i '^(local|remote|mirror)=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1` |
| 7315 |
;; |
7315 |
;; |
| 7316 |
1) |
7316 |
1) |
| 7317 |
MIRROR=`egrep -i '^local=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1` |
7317 |
MIRROR=`grep -E -i '^local=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1` |
| 7318 |
;; |
7318 |
;; |
| 7319 |
2) |
7319 |
2) |
| 7320 |
MIRROR=`egrep -i '^remote=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1` |
7320 |
MIRROR=`grep -E -i '^remote=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}1` |
| 7321 |
;; |
7321 |
;; |
| 7322 |
esac |
7322 |
esac |
| 7323 |
|
7323 |
|
|
Lines 7337-7349
Link Here
|
| 7337 |
|
7337 |
|
| 7338 |
case $MIRRORS_MODE in |
7338 |
case $MIRRORS_MODE in |
| 7339 |
0) |
7339 |
0) |
| 7340 |
MIRROR=`egrep -i '^(local|remote|mirror)=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-` |
7340 |
MIRROR=`grep -E -i '^(local|remote|mirror)=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-` |
| 7341 |
;; |
7341 |
;; |
| 7342 |
1) |
7342 |
1) |
| 7343 |
MIRROR=`egrep -i '^local=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-` |
7343 |
MIRROR=`grep -E -i '^local=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-` |
| 7344 |
;; |
7344 |
;; |
| 7345 |
2) |
7345 |
2) |
| 7346 |
MIRROR=`egrep -i '^remote=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-` |
7346 |
MIRROR=`grep -E -i '^remote=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" 2>/dev/null | head ${HEAD_OPT}$N | tail ${TAIL_OPT}1 | cut -d= -f2-` |
| 7347 |
;; |
7347 |
;; |
| 7348 |
esac |
7348 |
esac |
| 7349 |
|
7349 |
|
|
Lines 7370-7376
Link Here
|
| 7370 |
# Next get the remaining mirrors. |
7370 |
# Next get the remaining mirrors. |
| 7371 |
# |
7371 |
# |
| 7372 |
|
7372 |
|
| 7373 |
OTHERMIRRORS=`egrep -i '^(local|remote|mirror)=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" | grep -v "^${MIRROR}\$"` |
7373 |
OTHERMIRRORS=`grep -E -i '^(local|remote|mirror)=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" | grep -v "^${MIRROR}\$"` |
| 7374 |
|
7374 |
|
| 7375 |
|
7375 |
|
| 7376 |
# |
7376 |
# |
|
Lines 7459-7471
Link Here
|
| 7459 |
|
7459 |
|
| 7460 |
case $MIRRORS_MODE in |
7460 |
case $MIRRORS_MODE in |
| 7461 |
0) |
7461 |
0) |
| 7462 |
MIRROR_COUNT=`egrep -i '^(local|remote|mirror)=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '` |
7462 |
MIRROR_COUNT=`grep -E -i '^(local|remote|mirror)=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '` |
| 7463 |
;; |
7463 |
;; |
| 7464 |
1) |
7464 |
1) |
| 7465 |
MIRROR_COUNT=`egrep -i '^local=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '` |
7465 |
MIRROR_COUNT=`grep -E -i '^local=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '` |
| 7466 |
;; |
7466 |
;; |
| 7467 |
2) |
7467 |
2) |
| 7468 |
MIRROR_COUNT=`egrep -i '^remote=https?://[-A-Za-z0-9\+@#/%=_:,.]*[-A-Za-z0-9\+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '` |
7468 |
MIRROR_COUNT=`grep -E -i '^remote=https?://[-A-Za-z0-9+@#/%=_:,.]*[-A-Za-z0-9+@#/%=_]$' "${DB_PATH}/mirrors.dat" | wc -l | tr -d ' '` |
| 7469 |
;; |
7469 |
;; |
| 7470 |
esac |
7470 |
esac |
| 7471 |
|
7471 |
|
|
Lines 7991-7997
Link Here
|
| 7991 |
# Now check to see if any unknown options have been configured. |
7991 |
# Now check to see if any unknown options have been configured. |
| 7992 |
# |
7992 |
# |
| 7993 |
|
7993 |
|
| 7994 |
RKHTMPVAR=`egrep -h -v '^[ ]*(#|$)' ${CONFIGFILE} ${LOCALCONFIGFILE} ${LOCALCONFDIRFILES}` |
7994 |
RKHTMPVAR=`grep -E -h -v '^[ ]*(#|$)' ${CONFIGFILE} ${LOCALCONFIGFILE} ${LOCALCONFDIRFILES}` |
| 7995 |
|
7995 |
|
| 7996 |
IFS=$IFSNL |
7996 |
IFS=$IFSNL |
| 7997 |
|
7997 |
|
|
Lines 9587-9593
Link Here
|
| 9587 |
rpc.nfsd:tcp.log:Sniffer installed |
9587 |
rpc.nfsd:tcp.log:Sniffer installed |
| 9588 |
sshd:/dev/ptyxx:OpenBSD Rootkit |
9588 |
sshd:/dev/ptyxx:OpenBSD Rootkit |
| 9589 |
sshd:/.config:SHV4 Rootkit |
9589 |
sshd:/.config:SHV4 Rootkit |
| 9590 |
sshd:+\\$.*\\$\!.*\!\!\\$:Backdoored SSH daemon installed |
9590 |
sshd:+\\$.*\\$!.*!!\\$:Backdoored SSH daemon installed |
| 9591 |
sshd:backdoor.h:Trojaned SSH daemon |
9591 |
sshd:backdoor.h:Trojaned SSH daemon |
| 9592 |
sshd:backdoor_active:Trojaned SSH daemon |
9592 |
sshd:backdoor_active:Trojaned SSH daemon |
| 9593 |
sshd:magic_pass_active:Trojaned SSH daemon |
9593 |
sshd:magic_pass_active:Trojaned SSH daemon |
|
Lines 10712-10718
Link Here
|
| 10712 |
done |
10712 |
done |
| 10713 |
|
10713 |
|
| 10714 |
|
10714 |
|
| 10715 |
if [ -n "`echo \"${RKHTMPVAR}\" | egrep 'libsafe|missing|empty'`" ]; then |
10715 |
if [ -n "`echo \"${RKHTMPVAR}\" | grep -E 'libsafe|missing|empty'`" ]; then |
| 10716 |
display --to LOG --type WARNING --nl PROPUPD_WARN |
10716 |
display --to LOG --type WARNING --nl PROPUPD_WARN |
| 10717 |
fi |
10717 |
fi |
| 10718 |
|
10718 |
|
|
Lines 10964-10970
Link Here
|
| 10964 |
|
10964 |
|
| 10965 |
FILE_IS_PKGD=1 |
10965 |
FILE_IS_PKGD=1 |
| 10966 |
|
10966 |
|
| 10967 |
PKGNAME=`echo "${PKGNAME_ARCH}" | egrep '\.(x86_64|ia64)$' 2>/dev/null | tail ${TAIL_OPT}1` |
10967 |
PKGNAME=`echo "${PKGNAME_ARCH}" | grep -E '\.(x86_64|ia64)$' 2>/dev/null | tail ${TAIL_OPT}1` |
| 10968 |
|
10968 |
|
| 10969 |
test -z "${PKGNAME}" && PKGNAME=`echo "${PKGNAME_ARCH}" | tail ${TAIL_OPT}1` |
10969 |
test -z "${PKGNAME}" && PKGNAME=`echo "${PKGNAME_ARCH}" | tail ${TAIL_OPT}1` |
| 10970 |
|
10970 |
|
|
Lines 11163-11169
Link Here
|
| 11163 |
if [ -n "${PKGNAME}" -a -f "/var/lib/dpkg/info/${PKGNAME}.md5sums" ]; then |
11163 |
if [ -n "${PKGNAME}" -a -f "/var/lib/dpkg/info/${PKGNAME}.md5sums" ]; then |
| 11164 |
FNGREP=`echo "${FNAMEGREP}" | sed -e 's:^/::'` |
11164 |
FNGREP=`echo "${FNAMEGREP}" | sed -e 's:^/::'` |
| 11165 |
|
11165 |
|
| 11166 |
SYSHASH=`egrep "( |\./)${FNGREP}\$" "/var/lib/dpkg/info/${PKGNAME}.md5sums" | cut -d' ' -f1` |
11166 |
SYSHASH=`grep -E "( |\./)${FNGREP}\$" "/var/lib/dpkg/info/${PKGNAME}.md5sums" | cut -d' ' -f1` |
| 11167 |
|
11167 |
|
| 11168 |
if [ -n "${SYSHASH}" ]; then |
11168 |
if [ -n "${SYSHASH}" ]; then |
| 11169 |
FILE_IS_PKGD=1 |
11169 |
FILE_IS_PKGD=1 |
|
Lines 11172-11178
Link Here
|
| 11172 |
if [ "${RKHTMPVAR}" != "${SYSHASH}" ]; then |
11172 |
if [ "${RKHTMPVAR}" != "${SYSHASH}" ]; then |
| 11173 |
PKGMGR_VERIFY_RESULT="5" |
11173 |
PKGMGR_VERIFY_RESULT="5" |
| 11174 |
|
11174 |
|
| 11175 |
if [ -n "`${PKGMGR_MD5_HASH} "${FNAME}" 2>&1 | egrep 'prelink.* (dependenc|adjusting unfinished)'`" ]; then |
11175 |
if [ -n "`${PKGMGR_MD5_HASH} "${FNAME}" 2>&1 | grep -E 'prelink.* (dependenc|adjusting unfinished)'`" ]; then |
| 11176 |
DEPENDENCY_ERR=1 |
11176 |
DEPENDENCY_ERR=1 |
| 11177 |
fi |
11177 |
fi |
| 11178 |
fi |
11178 |
fi |
|
Lines 11221-11227
Link Here
|
| 11221 |
if [ "${RKHTMPVAR}" != "${SYSHASH}" ]; then |
11221 |
if [ "${RKHTMPVAR}" != "${SYSHASH}" ]; then |
| 11222 |
PKGMGR_VERIFY_RESULT="5" |
11222 |
PKGMGR_VERIFY_RESULT="5" |
| 11223 |
|
11223 |
|
| 11224 |
if [ -n "`${PKGMGR_MD5_HASH} "${FNAME}" 2>&1 | egrep 'prelink.* (dependenc|adjusting unfinished)'`" ]; then |
11224 |
if [ -n "`${PKGMGR_MD5_HASH} "${FNAME}" 2>&1 | grep -E 'prelink.* (dependenc|adjusting unfinished)'`" ]; then |
| 11225 |
DEPENDENCY_ERR=1 |
11225 |
DEPENDENCY_ERR=1 |
| 11226 |
fi |
11226 |
fi |
| 11227 |
fi |
11227 |
fi |
|
Lines 11252-11258
Link Here
|
| 11252 |
if [ "${RKHTMPVAR}" != "${SYSHASH}" ]; then |
11252 |
if [ "${RKHTMPVAR}" != "${SYSHASH}" ]; then |
| 11253 |
PKGMGR_VERIFY_RESULT="5" |
11253 |
PKGMGR_VERIFY_RESULT="5" |
| 11254 |
|
11254 |
|
| 11255 |
if [ -n "`${PKGMGR_SHA_HASH} "${FNAME}" 2>&1 | egrep 'prelink.* (dependenc|adjusting unfinished)'`" ]; then |
11255 |
if [ -n "`${PKGMGR_SHA_HASH} "${FNAME}" 2>&1 | grep -E 'prelink.* (dependenc|adjusting unfinished)'`" ]; then |
| 11256 |
DEPENDENCY_ERR=1 |
11256 |
DEPENDENCY_ERR=1 |
| 11257 |
fi |
11257 |
fi |
| 11258 |
fi |
11258 |
fi |
|
Lines 11295-11301
Link Here
|
| 11295 |
fi |
11295 |
fi |
| 11296 |
fi |
11296 |
fi |
| 11297 |
|
11297 |
|
| 11298 |
if [ -z "`echo \"${PKGMGR_VERIFY_RESULT}\" | egrep '5|(^..\?)'`" ]; then |
11298 |
if [ -z "`echo \"${PKGMGR_VERIFY_RESULT}\" | grep -E '5|(^..\?)'`" ]; then |
| 11299 |
HASH_TEST_PASSED=1 |
11299 |
HASH_TEST_PASSED=1 |
| 11300 |
else |
11300 |
else |
| 11301 |
TEST_RESULT="${TEST_RESULT} verify:hashchanged" |
11301 |
TEST_RESULT="${TEST_RESULT} verify:hashchanged" |
|
Lines 11349-11355
Link Here
|
| 11349 |
SYSHASH=`${HASH_CMD} "${FNAME}" 2>/dev/null | cut -d' ' -f $HASH_FLD_IDX` |
11349 |
SYSHASH=`${HASH_CMD} "${FNAME}" 2>/dev/null | cut -d' ' -f $HASH_FLD_IDX` |
| 11350 |
|
11350 |
|
| 11351 |
if [ -z "${SYSHASH}" ]; then |
11351 |
if [ -z "${SYSHASH}" ]; then |
| 11352 |
if [ -n "`${HASH_CMD} "${FNAME}" 2>&1 | egrep 'prelink.* (dependenc|adjusting unfinished)'`" ]; then |
11352 |
if [ -n "`${HASH_CMD} "${FNAME}" 2>&1 | grep -E 'prelink.* (dependenc|adjusting unfinished)'`" ]; then |
| 11353 |
if [ "${RKHHASH}" = "ignore-prelink-dep-err" ]; then |
11353 |
if [ "${RKHHASH}" = "ignore-prelink-dep-err" ]; then |
| 11354 |
SYSHASH="${RKHHASH}" |
11354 |
SYSHASH="${RKHHASH}" |
| 11355 |
display --to LOG --type INFO FILE_PROP_IGNORE_PRELINK_DEP_ERR "`name2text \"${FNAME}\"`" |
11355 |
display --to LOG --type INFO FILE_PROP_IGNORE_PRELINK_DEP_ERR "`name2text \"${FNAME}\"`" |
|
Lines 11445-11451
Link Here
|
| 11445 |
# |
11445 |
# |
| 11446 |
|
11446 |
|
| 11447 |
if [ $FILE_IS_PKGD -eq 1 ]; then |
11447 |
if [ $FILE_IS_PKGD -eq 1 ]; then |
| 11448 |
echo "${PKGMGR_VERIFY_RESULT}" | egrep 'M|(^.\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:permchanged" |
11448 |
echo "${PKGMGR_VERIFY_RESULT}" | grep -E 'M|(^.\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:permchanged" |
| 11449 |
else |
11449 |
else |
| 11450 |
RKH_CC2=`expr $RKH_CC + 2` |
11450 |
RKH_CC2=`expr $RKH_CC + 2` |
| 11451 |
|
11451 |
|
|
Lines 11465-11471
Link Here
|
| 11465 |
# |
11465 |
# |
| 11466 |
|
11466 |
|
| 11467 |
if [ $FILE_IS_PKGD -eq 1 ]; then |
11467 |
if [ $FILE_IS_PKGD -eq 1 ]; then |
| 11468 |
echo "${PKGMGR_VERIFY_RESULT}" | egrep 'U|(^.....\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:uidchanged" |
11468 |
echo "${PKGMGR_VERIFY_RESULT}" | grep -E 'U|(^.....\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:uidchanged" |
| 11469 |
else |
11469 |
else |
| 11470 |
RKH_CC2=`expr $RKH_CC + 3` |
11470 |
RKH_CC2=`expr $RKH_CC + 3` |
| 11471 |
|
11471 |
|
|
Lines 11485-11491
Link Here
|
| 11485 |
# |
11485 |
# |
| 11486 |
|
11486 |
|
| 11487 |
if [ $FILE_IS_PKGD -eq 1 ]; then |
11487 |
if [ $FILE_IS_PKGD -eq 1 ]; then |
| 11488 |
echo "${PKGMGR_VERIFY_RESULT}" | egrep 'G|(^......\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:gidchanged" |
11488 |
echo "${PKGMGR_VERIFY_RESULT}" | grep -E 'G|(^......\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:gidchanged" |
| 11489 |
else |
11489 |
else |
| 11490 |
RKH_CC2=`expr $RKH_CC + 4` |
11490 |
RKH_CC2=`expr $RKH_CC + 4` |
| 11491 |
|
11491 |
|
|
Lines 11525-11531
Link Here
|
| 11525 |
# |
11525 |
# |
| 11526 |
|
11526 |
|
| 11527 |
if [ $FILE_IS_PKGD -eq 1 ]; then |
11527 |
if [ $FILE_IS_PKGD -eq 1 ]; then |
| 11528 |
if [ -z "`echo \"${PKGMGR_VERIFY_RESULT}\" | egrep 'S|(^\?)'`" ]; then |
11528 |
if [ -z "`echo \"${PKGMGR_VERIFY_RESULT}\" | grep -E 'S|(^\?)'`" ]; then |
| 11529 |
SIZE_TEST_PASSED=1 |
11529 |
SIZE_TEST_PASSED=1 |
| 11530 |
else |
11530 |
else |
| 11531 |
TEST_RESULT="${TEST_RESULT} verify:sizechanged" |
11531 |
TEST_RESULT="${TEST_RESULT} verify:sizechanged" |
|
Lines 11553-11559
Link Here
|
| 11553 |
# |
11553 |
# |
| 11554 |
|
11554 |
|
| 11555 |
if [ $FILE_IS_PKGD -eq 1 ]; then |
11555 |
if [ $FILE_IS_PKGD -eq 1 ]; then |
| 11556 |
echo "${PKGMGR_VERIFY_RESULT}" | egrep 'T|(^.......\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:dtmchanged" |
11556 |
echo "${PKGMGR_VERIFY_RESULT}" | grep -E 'T|(^.......\?)' >/dev/null && TEST_RESULT="${TEST_RESULT} verify:dtmchanged" |
| 11557 |
elif [ $PRELINKED -eq 0 -o $FILE_IS_PKGD -eq 0 ]; then |
11557 |
elif [ $PRELINKED -eq 0 -o $FILE_IS_PKGD -eq 0 ]; then |
| 11558 |
RKH_CC2=`expr $RKH_CC + 6` |
11558 |
RKH_CC2=`expr $RKH_CC + 6` |
| 11559 |
|
11559 |
|
|
Lines 11574-11580
Link Here
|
| 11574 |
|
11574 |
|
| 11575 |
if [ -h "${FNAME}" ]; then |
11575 |
if [ -h "${FNAME}" ]; then |
| 11576 |
if [ $FILE_IS_PKGD -eq 1 ]; then |
11576 |
if [ $FILE_IS_PKGD -eq 1 ]; then |
| 11577 |
if [ -n "`echo \"${PKGMGR_VERIFY_RESULT}\" | egrep 'L|(^....\?)'`" ]; then |
11577 |
if [ -n "`echo \"${PKGMGR_VERIFY_RESULT}\" | grep -E 'L|(^....\?)'`" ]; then |
| 11578 |
if [ $HAVE_READLINK -eq 1 ]; then |
11578 |
if [ $HAVE_READLINK -eq 1 ]; then |
| 11579 |
# Check the link target to see if it is whitelisted. |
11579 |
# Check the link target to see if it is whitelisted. |
| 11580 |
|
11580 |
|
|
Lines 11720-11726
Link Here
|
| 11720 |
RKHTMPVAR=`${LSATTR_CMD} "${FNAME}" 2>&1 | cut -d' ' -f1 | grep 'i'` |
11720 |
RKHTMPVAR=`${LSATTR_CMD} "${FNAME}" 2>&1 | cut -d' ' -f1 | grep 'i'` |
| 11721 |
fi |
11721 |
fi |
| 11722 |
else |
11722 |
else |
| 11723 |
RKHTMPVAR=`ls -lno "${FNAME}" 2>&1 | ${AWK_CMD} '{ print $5 }' | egrep 'uchg|schg|sappnd|uappnd|sunlnk|sunlink|schange|simmutable|sappend|uappend|uchange|uimmutable'` |
11723 |
RKHTMPVAR=`ls -lno "${FNAME}" 2>&1 | ${AWK_CMD} '{ print $5 }' | grep -E 'uchg|schg|sappnd|uappnd|sunlnk|sunlink|schange|simmutable|sappend|uappend|uchange|uimmutable'` |
| 11724 |
fi |
11724 |
fi |
| 11725 |
|
11725 |
|
| 11726 |
# |
11726 |
# |
|
Lines 11768-11776
Link Here
|
| 11768 |
test -n "${BASENAME_CMD}" && RKHTMPVAR=`${BASENAME_CMD} "${FNAME}"` || RKHTMPVAR=`echo "${FNAME}" | sed -e 's:^.*/::'` |
11768 |
test -n "${BASENAME_CMD}" && RKHTMPVAR=`${BASENAME_CMD} "${FNAME}"` || RKHTMPVAR=`echo "${FNAME}" | sed -e 's:^.*/::'` |
| 11769 |
|
11769 |
|
| 11770 |
if [ "${RKHTMPVAR}" = "rkhunter" ]; then |
11770 |
if [ "${RKHTMPVAR}" = "rkhunter" ]; then |
| 11771 |
SYSSCRIPT=`${FILE_CMD} "${FNAME}" 2>&1 | tr -d '\n' | tr '[:cntrl:]' '?' | egrep -i -v '(shell|/bin/sh) script( |,|$)'` |
11771 |
SYSSCRIPT=`${FILE_CMD} "${FNAME}" 2>&1 | tr -d '\n' | tr '[:cntrl:]' '?' | grep -E -i -v '(shell|/bin/sh) script( |,|$)'` |
| 11772 |
else |
11772 |
else |
| 11773 |
SYSSCRIPT=`${FILE_CMD} "${FNAME}" 2>&1 | tr -d '\n' | tr '[:cntrl:]' '?' | egrep -i ' script( |,|$)'` |
11773 |
SYSSCRIPT=`${FILE_CMD} "${FNAME}" 2>&1 | tr -d '\n' | tr '[:cntrl:]' '?' | grep -E -i ' script( |,|$)'` |
| 11774 |
fi |
11774 |
fi |
| 11775 |
|
11775 |
|
| 11776 |
test -n "${SYSSCRIPT}" && TEST_RESULT="${TEST_RESULT} script" |
11776 |
test -n "${SYSSCRIPT}" && TEST_RESULT="${TEST_RESULT} script" |
|
Lines 12256-12262
Link Here
|
| 12256 |
# Adding "text" to the egrep below widens scope at the expense of more false-positives and extending running time. |
12256 |
# Adding "text" to the egrep below widens scope at the expense of more false-positives and extending running time. |
| 12257 |
# |
12257 |
# |
| 12258 |
|
12258 |
|
| 12259 |
if [ -n "`echo \"${FTYPE}\" | grep -v -i 'compres' | egrep -i 'execu|reloc|shell|libr|data|obj|text'`" ]; then |
12259 |
if [ -n "`echo \"${FTYPE}\" | grep -v -i 'compres' | grep -E -i 'execu|reloc|shell|libr|data|obj|text'`" ]; then |
| 12260 |
FOUND=1 |
12260 |
FOUND=1 |
| 12261 |
SUSPSCAN_NUM=1; SUSPSCAN_SCORE=0; SUSPSCAN_HITCOUNT=0 |
12261 |
SUSPSCAN_NUM=1; SUSPSCAN_SCORE=0; SUSPSCAN_HITCOUNT=0 |
| 12262 |
SUSPSCAN_STRINGS="" |
12262 |
SUSPSCAN_STRINGS="" |
|
Lines 13151-13157
Link Here
|
| 13151 |
FOUND=0 |
13151 |
FOUND=0 |
| 13152 |
|
13152 |
|
| 13153 |
if [ -n "${KSYMS_FILE}" ]; then |
13153 |
if [ -n "${KSYMS_FILE}" ]; then |
| 13154 |
egrep -i 'adore|sebek' "${KSYMS_FILE}" >/dev/null 2>&1 && FOUND=1 |
13154 |
grep -E -i 'adore|sebek' "${KSYMS_FILE}" >/dev/null 2>&1 && FOUND=1 |
| 13155 |
fi |
13155 |
fi |
| 13156 |
|
13156 |
|
| 13157 |
if [ $FOUND -eq 0 ]; then |
13157 |
if [ $FOUND -eq 0 ]; then |
|
Lines 14061-14067
Link Here
|
| 14061 |
|
14061 |
|
| 14062 |
FNAMEGREP=`echo "${FNAMEGREP}" | sed -e 's/^|//;'` |
14062 |
FNAMEGREP=`echo "${FNAMEGREP}" | sed -e 's/^|//;'` |
| 14063 |
|
14063 |
|
| 14064 |
if [ -n "`echo \"${FNAME}\" | egrep \"^(${FNAMEGREP})$\"`" ]; then |
14064 |
if [ -n "`echo \"${FNAME}\" | grep -E \"^(${FNAMEGREP})$\"`" ]; then |
| 14065 |
PROCWHITELISTED=1 |
14065 |
PROCWHITELISTED=1 |
| 14066 |
fi |
14066 |
fi |
| 14067 |
else |
14067 |
else |
|
Lines 14174-14180
Link Here
|
| 14174 |
RKHLSOF_FILE="${TEMPFILE}" |
14174 |
RKHLSOF_FILE="${TEMPFILE}" |
| 14175 |
touch "${RKHLSOF_FILE}" |
14175 |
touch "${RKHLSOF_FILE}" |
| 14176 |
|
14176 |
|
| 14177 |
${LSOF_CMD} -wnlP +c 0 2>&1 | egrep -v ' (FIFO|V?DIR|IPv[46]) ' | sort | uniq >"${RKHLSOF_FILE}" |
14177 |
${LSOF_CMD} -wnlP +c 0 2>&1 | grep -E -v ' (FIFO|V?DIR|IPv[46]) ' | sort | uniq >"${RKHLSOF_FILE}" |
| 14178 |
|
14178 |
|
| 14179 |
# |
14179 |
# |
| 14180 |
# Now loop through the known suspicious filenames, |
14180 |
# Now loop through the known suspicious filenames, |
|
Lines 14376-14382
Link Here
|
| 14376 |
ROOTKIT_COUNT=`expr $ROOTKIT_COUNT + 1` |
14376 |
ROOTKIT_COUNT=`expr $ROOTKIT_COUNT + 1` |
| 14377 |
|
14377 |
|
| 14378 |
SEEN=1 |
14378 |
SEEN=1 |
| 14379 |
FOUND_PROCS=`${UNHIDE_CMD} ${UNHIDE_OPTS} ${RKHTMPVAR} 2>&1 | egrep -v '^(Unhide |yjesus@|http:|Copyright |License |NOTE :|Used options:|\[\*\]|$)'` |
14379 |
FOUND_PROCS=`${UNHIDE_CMD} ${UNHIDE_OPTS} ${RKHTMPVAR} 2>&1 | grep -E -v '^(Unhide |yjesus@|http:|Copyright |License |NOTE :|Used options:|\[\*\]|$)'` |
| 14380 |
|
14380 |
|
| 14381 |
if [ -z "${FOUND_PROCS}" ]; then |
14381 |
if [ -z "${FOUND_PROCS}" ]; then |
| 14382 |
# Nothing found. |
14382 |
# Nothing found. |
|
Lines 14957-14963
Link Here
|
| 14957 |
IFS=$IFSNL |
14957 |
IFS=$IFSNL |
| 14958 |
|
14958 |
|
| 14959 |
# Get the default enabled services. |
14959 |
# Get the default enabled services. |
| 14960 |
for LINE in `egrep '^[ ]*enabled[ ]*\+?=' "${FILENAME}"`; do |
14960 |
for LINE in `grep -E '^[ ]*enabled[ ]*+?=' "${FILENAME}"`; do |
| 14961 |
SEEN=1 |
14961 |
SEEN=1 |
| 14962 |
|
14962 |
|
| 14963 |
RKHTMPVAR=`echo "${LINE}" | sed -e 's/^.*=//' | tr -s ' ' ' '` |
14963 |
RKHTMPVAR=`echo "${LINE}" | sed -e 's/^.*=//' | tr -s ' ' ' '` |
|
Lines 14975-14981
Link Here
|
| 14975 |
|
14975 |
|
| 14976 |
|
14976 |
|
| 14977 |
# Get the default disabled services. |
14977 |
# Get the default disabled services. |
| 14978 |
for LINE in `egrep '^[ ]*disabled[ ]*\+?=' "${FILENAME}"`; do |
14978 |
for LINE in `grep -E '^[ ]*disabled[ ]*+?=' "${FILENAME}"`; do |
| 14979 |
RKHTMPVAR=`echo "${LINE}" | sed -e 's/^.*=//' | tr -s ' ' ' '` |
14979 |
RKHTMPVAR=`echo "${LINE}" | sed -e 's/^.*=//' | tr -s ' ' ' '` |
| 14980 |
|
14980 |
|
| 14981 |
XINETD_DFLTS_DISABLED="${XINETD_DFLTS_DISABLED} ${RKHTMPVAR}" |
14981 |
XINETD_DFLTS_DISABLED="${XINETD_DFLTS_DISABLED} ${RKHTMPVAR}" |
|
Lines 15024-15037
Link Here
|
| 15024 |
# |
15024 |
# |
| 15025 |
|
15025 |
|
| 15026 |
if [ -n "${XINETD_DFLTS_ENABLED}" ]; then |
15026 |
if [ -n "${XINETD_DFLTS_ENABLED}" ]; then |
| 15027 |
if [ -n "`echo \"${XINETD_DFLTS_ENABLED}\" | egrep \"${SVCID}\"`" ]; then |
15027 |
if [ -n "`echo \"${XINETD_DFLTS_ENABLED}\" | grep -E \"${SVCID}\"`" ]; then |
| 15028 |
if [ -z "`echo \"${XINETD_DFLTS_DISABLED}\" | egrep \"${SVCID}\"`" ]; then |
15028 |
if [ -z "`echo \"${XINETD_DFLTS_DISABLED}\" | grep -E \"${SVCID}\"`" ]; then |
| 15029 |
SEEN=1 |
15029 |
SEEN=1 |
| 15030 |
IFS=$IFSNL |
15030 |
IFS=$IFSNL |
| 15031 |
break |
15031 |
break |
| 15032 |
fi |
15032 |
fi |
| 15033 |
fi |
15033 |
fi |
| 15034 |
elif [ -n "`echo \"${XINETD_DFLTS_DISABLED}\" | egrep \"${SVCID}\"`" ]; then |
15034 |
elif [ -n "`echo \"${XINETD_DFLTS_DISABLED}\" | grep -E \"${SVCID}\"`" ]; then |
| 15035 |
: |
15035 |
: |
| 15036 |
elif [ -z "`echo $DATA | grep 'disable = yes'`" ]; then |
15036 |
elif [ -z "`echo $DATA | grep 'disable = yes'`" ]; then |
| 15037 |
SEEN=1 |
15037 |
SEEN=1 |
|
Lines 15368-15374
Link Here
|
| 15368 |
test -f "${DIR}/mod_rootme2.so" && FOUNDFILES="${FOUNDFILES} ${DIR}/mod_rootme2.so" |
15368 |
test -f "${DIR}/mod_rootme2.so" && FOUNDFILES="${FOUNDFILES} ${DIR}/mod_rootme2.so" |
| 15369 |
|
15369 |
|
| 15370 |
if [ -f "${DIR}/httpd.conf" ]; then |
15370 |
if [ -f "${DIR}/httpd.conf" ]; then |
| 15371 |
if [ -n "`egrep 'mod_rootme2?\.so' \"${DIR}/httpd.conf\"`" ]; then |
15371 |
if [ -n "`grep -E 'mod_rootme2?\.so' \"${DIR}/httpd.conf\"`" ]; then |
| 15372 |
FOUNDFILES="${FOUNDFILES} ${DIR}/httpd.conf" |
15372 |
FOUNDFILES="${FOUNDFILES} ${DIR}/httpd.conf" |
| 15373 |
fi |
15373 |
fi |
| 15374 |
fi |
15374 |
fi |
|
Lines 15671-15677
Link Here
|
| 15671 |
${FIND_CMD} "${LKM_PATH}" -type f -a \( -name "*.o" -o -name "*.ko" -o -name "*.ko.xz" \) >"${TEMPFILE}" 2>/dev/null |
15671 |
${FIND_CMD} "${LKM_PATH}" -type f -a \( -name "*.o" -o -name "*.ko" -o -name "*.ko.xz" \) >"${TEMPFILE}" 2>/dev/null |
| 15672 |
|
15672 |
|
| 15673 |
for RKHTMPVAR in ${LKM_NAMES}; do |
15673 |
for RKHTMPVAR in ${LKM_NAMES}; do |
| 15674 |
if [ -n "`egrep \"/${RKHTMPVAR}(\.xz)?$\" "${TEMPFILE}"`" ]; then |
15674 |
if [ -n "`grep -E \"/${RKHTMPVAR}(\.xz)?$\" "${TEMPFILE}"`" ]; then |
| 15675 |
FOUND=1 |
15675 |
FOUND=1 |
| 15676 |
FOUNDFILES="${FOUNDFILES} ${RKHTMPVAR}" |
15676 |
FOUNDFILES="${FOUNDFILES} ${RKHTMPVAR}" |
| 15677 |
fi |
15677 |
fi |
|
Lines 15821-15830
Link Here
|
| 15821 |
if [ -n "`echo \"${LSOFLINE}\" | grep \" ${PROTO} \*:${PORT} \"`" ]; then |
15821 |
if [ -n "`echo \"${LSOFLINE}\" | grep \" ${PROTO} \*:${PORT} \"`" ]; then |
| 15822 |
# Process listening for connections from anywhere. |
15822 |
# Process listening for connections from anywhere. |
| 15823 |
PID=`echo "${LSOFLINE}" | ${AWK_CMD} '{ print $2 }'` |
15823 |
PID=`echo "${LSOFLINE}" | ${AWK_CMD} '{ print $2 }'` |
| 15824 |
elif [ -n "`echo \"${LSOFLINE}\" | egrep \" ${PROTO} [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:${PORT}[ -]\"`" ]; then |
15824 |
elif [ -n "`echo \"${LSOFLINE}\" | grep -E \" ${PROTO} [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:${PORT}[ -]\"`" ]; then |
| 15825 |
# Established or listening process using IPv4 address. |
15825 |
# Established or listening process using IPv4 address. |
| 15826 |
PID=`echo "${LSOFLINE}" | ${AWK_CMD} '{ print $2 }'` |
15826 |
PID=`echo "${LSOFLINE}" | ${AWK_CMD} '{ print $2 }'` |
| 15827 |
elif [ -n "`echo \"${LSOFLINE}\" | egrep \" ${PROTO} \[[:0-9a-fA-F]+\]:${PORT}[ -]\"`" ]; then |
15827 |
elif [ -n "`echo \"${LSOFLINE}\" | grep -E \" ${PROTO} \[[:0-9a-fA-F]+\]:${PORT}[ -]\"`" ]; then |
| 15828 |
# Established or listening process using IPv6 address. |
15828 |
# Established or listening process using IPv6 address. |
| 15829 |
PID=`echo "${LSOFLINE}" | ${AWK_CMD} '{ print $2 }'` |
15829 |
PID=`echo "${LSOFLINE}" | ${AWK_CMD} '{ print $2 }'` |
| 15830 |
else |
15830 |
else |
|
Lines 15886-15892
Link Here
|
| 15886 |
if [ "${PROTO}" = "UDP" ]; then |
15886 |
if [ "${PROTO}" = "UDP" ]; then |
| 15887 |
FOUND=`${NETSTAT_CMD} -an | grep -i "^udp.*\.${PORT} " | ${AWK_CMD} '{ print $4 }' | grep "\.${PORT}$"` |
15887 |
FOUND=`${NETSTAT_CMD} -an | grep -i "^udp.*\.${PORT} " | ${AWK_CMD} '{ print $4 }' | grep "\.${PORT}$"` |
| 15888 |
elif [ "${PROTO}" = "TCP" ]; then |
15888 |
elif [ "${PROTO}" = "TCP" ]; then |
| 15889 |
FOUND=`${NETSTAT_CMD} -an | egrep -i "^tcp.*\.${PORT} .*(BOUND|ESTABLISH|LISTEN)" | ${AWK_CMD} '{ print $4 }' | grep "\.${PORT}$"` |
15889 |
FOUND=`${NETSTAT_CMD} -an | grep -E -i "^tcp.*\.${PORT} .*(BOUND|ESTABLISH|LISTEN)" | ${AWK_CMD} '{ print $4 }' | grep "\.${PORT}$"` |
| 15890 |
fi |
15890 |
fi |
| 15891 |
;; |
15891 |
;; |
| 15892 |
SunOS) |
15892 |
SunOS) |
|
Lines 15897-15906
Link Here
|
| 15897 |
FOUND=`${NETSTAT_CMD} -an | ${AWK_CMD} '/^UDP: IPv6/, /^$/ { print $1 }' | grep "\.${PORT}$"` |
15897 |
FOUND=`${NETSTAT_CMD} -an | ${AWK_CMD} '/^UDP: IPv6/, /^$/ { print $1 }' | grep "\.${PORT}$"` |
| 15898 |
fi |
15898 |
fi |
| 15899 |
elif [ "${PROTO}" = "TCP" ]; then |
15899 |
elif [ "${PROTO}" = "TCP" ]; then |
| 15900 |
FOUND=`${NETSTAT_CMD} -an | ${AWK_CMD} '/^TCP: IPv4/, /^$/ { print $0 }' | egrep 'BOUND|ESTABLISH|LISTEN' | ${AWK_CMD} '{ print $1 }' | grep "\.${PORT}$"` |
15900 |
FOUND=`${NETSTAT_CMD} -an | ${AWK_CMD} '/^TCP: IPv4/, /^$/ { print $0 }' | grep -E 'BOUND|ESTABLISH|LISTEN' | ${AWK_CMD} '{ print $1 }' | grep "\.${PORT}$"` |
| 15901 |
|
15901 |
|
| 15902 |
if [ -z "${FOUND}" ]; then |
15902 |
if [ -z "${FOUND}" ]; then |
| 15903 |
FOUND=`${NETSTAT_CMD} -an | ${AWK_CMD} '/^TCP: IPv6/, /^$/ { print $0 }' | egrep 'BOUND|ESTABLISH|LISTEN' | ${AWK_CMD} '{ print $1 }' | grep "\.${PORT}$"` |
15903 |
FOUND=`${NETSTAT_CMD} -an | ${AWK_CMD} '/^TCP: IPv6/, /^$/ { print $0 }' | grep -E 'BOUND|ESTABLISH|LISTEN' | ${AWK_CMD} '{ print $1 }' | grep "\.${PORT}$"` |
| 15904 |
fi |
15904 |
fi |
| 15905 |
fi |
15905 |
fi |
| 15906 |
;; |
15906 |
;; |
|
Lines 16435-16441
Link Here
|
| 16435 |
WHITEPROC="" |
16435 |
WHITEPROC="" |
| 16436 |
BLACKPROC="" |
16436 |
BLACKPROC="" |
| 16437 |
|
16437 |
|
| 16438 |
LIBPCAPRES=`egrep -v '(^sk | 888e )' /proc/net/packet 2>/dev/null | head ${HEAD_OPT}1` |
16438 |
LIBPCAPRES=`grep -E -v '(^sk | 888e )' /proc/net/packet 2>/dev/null | head ${HEAD_OPT}1` |
| 16439 |
|
16439 |
|
| 16440 |
if [ -n "${LIBPCAPRES}" ]; then |
16440 |
if [ -n "${LIBPCAPRES}" ]; then |
| 16441 |
ALLOWPROCLISTENERS="" |
16441 |
ALLOWPROCLISTENERS="" |
|
Lines 16451-16457
Link Here
|
| 16451 |
|
16451 |
|
| 16452 |
INODE_LIST="" |
16452 |
INODE_LIST="" |
| 16453 |
|
16453 |
|
| 16454 |
for INODE in `egrep -v '(^sk | 888e )' /proc/net/packet | ${AWK_CMD} '{ print $9 }'`; do |
16454 |
for INODE in `grep -E -v '(^sk | 888e )' /proc/net/packet | ${AWK_CMD} '{ print $9 }'`; do |
| 16455 |
INODE_LIST="${INODE_LIST}|$INODE" |
16455 |
INODE_LIST="${INODE_LIST}|$INODE" |
| 16456 |
done |
16456 |
done |
| 16457 |
|
16457 |
|
|
Lines 16459-16465
Link Here
|
| 16459 |
test -z "${INODE_LIST}" && INODE_LIST="RKHunterPktCapture" |
16459 |
test -z "${INODE_LIST}" && INODE_LIST="RKHunterPktCapture" |
| 16460 |
|
16460 |
|
| 16461 |
|
16461 |
|
| 16462 |
for PID in `${LSOF_CMD} -lMnPw -d 1-20 2>/dev/null | egrep "[ ](pack[ ]+(${INODE_LIST})|sock[ ]+[^ ]+[ ]+[^ ]+[ ]+(${INODE_LIST}))[ ]" | ${AWK_CMD} '{ print $2 }'`; do |
16462 |
for PID in `${LSOF_CMD} -lMnPw -d 1-20 2>/dev/null | grep -E "[ ](pack[ ]+(${INODE_LIST})|sock[ ]+[^ ]+[ ]+[^ ]+[ ]+(${INODE_LIST}))[ ]" | ${AWK_CMD} '{ print $2 }'`; do |
| 16463 |
NAME="" |
16463 |
NAME="" |
| 16464 |
|
16464 |
|
| 16465 |
if [ -h "/proc/$PID/exe" -a $HAVE_READLINK -eq 1 ]; then |
16465 |
if [ -h "/proc/$PID/exe" -a $HAVE_READLINK -eq 1 ]; then |
|
Lines 16677-16683
Link Here
|
| 16677 |
RKHTMPVAR=`grep "${STRING}" "${FNAME}"` |
16677 |
RKHTMPVAR=`grep "${STRING}" "${FNAME}"` |
| 16678 |
|
16678 |
|
| 16679 |
if [ -n "${RKHTMPVAR}" ]; then |
16679 |
if [ -n "${RKHTMPVAR}" ]; then |
| 16680 |
test -z "`echo \"${RKHTMPVAR}\" | egrep -v '^[ ]*#'`" && continue |
16680 |
test -z "`echo \"${RKHTMPVAR}\" | grep -E -v '^[ ]*#'`" && continue |
| 16681 |
|
16681 |
|
| 16682 |
if [ -n "`echo \"${RTKT_FILE_WHITELIST}\" | grep \"^${FNAMEGREP}:${STRING}$\"`" ]; then |
16682 |
if [ -n "`echo \"${RTKT_FILE_WHITELIST}\" | grep \"^${FNAMEGREP}:${STRING}$\"`" ]; then |
| 16683 |
if [ $VERBOSE_LOGGING -eq 1 ]; then |
16683 |
if [ $VERBOSE_LOGGING -eq 1 ]; then |
|
Lines 16951-16957
Link Here
|
| 16951 |
if [ -n "${DSCL_CMD}" ]; then |
16951 |
if [ -n "${DSCL_CMD}" ]; then |
| 16952 |
display --to LOG --type INFO FOUND_CMD 'dscl' "${DSCL_CMD}" |
16952 |
display --to LOG --type INFO FOUND_CMD 'dscl' "${DSCL_CMD}" |
| 16953 |
|
16953 |
|
| 16954 |
RKHTMPVAR2=`${DSCL_CMD} . search /Users uid 0 | egrep '^[^ )]' | cut -d' ' -f1` |
16954 |
RKHTMPVAR2=`${DSCL_CMD} . search /Users uid 0 | grep -E '^[^ )]' | cut -d' ' -f1` |
| 16955 |
else |
16955 |
else |
| 16956 |
display --to LOG --type INFO NOT_FOUND_CMD 'dscl' |
16956 |
display --to LOG --type INFO NOT_FOUND_CMD 'dscl' |
| 16957 |
fi |
16957 |
fi |
|
Lines 17526-17532
Link Here
|
| 17526 |
|
17526 |
|
| 17527 |
test $SUNOS -eq 1 -o $IRIXOS -eq 1 && PS_ARGS="-ef" |
17527 |
test $SUNOS -eq 1 -o $IRIXOS -eq 1 && PS_ARGS="-ef" |
| 17528 |
|
17528 |
|
| 17529 |
RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | egrep '(syslogd|syslog-ng)( |$)' | grep -v 'egrep'` |
17529 |
RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | grep -E '(syslogd|syslog-ng)( |$)' | grep -v 'grep'` |
| 17530 |
|
17530 |
|
| 17531 |
if [ -n "${RKHTMPVAR}" ]; then |
17531 |
if [ -n "${RKHTMPVAR}" ]; then |
| 17532 |
SYSLOG_SEEN=1 |
17532 |
SYSLOG_SEEN=1 |
|
Lines 17546-17552
Link Here
|
| 17546 |
TITLE_SHOWN=1 |
17546 |
TITLE_SHOWN=1 |
| 17547 |
fi |
17547 |
fi |
| 17548 |
|
17548 |
|
| 17549 |
RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | egrep 'systemd-journald( |$)' | grep -v 'egrep'` |
17549 |
RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | grep -E 'systemd-journald( |$)' | grep -v 'grep'` |
| 17550 |
|
17550 |
|
| 17551 |
if [ -n "${RKHTMPVAR}" ]; then |
17551 |
if [ -n "${RKHTMPVAR}" ]; then |
| 17552 |
SYSTEMD_SEEN=1 |
17552 |
SYSTEMD_SEEN=1 |
|
Lines 17562-17568
Link Here
|
| 17562 |
TITLE_SHOWN=1 |
17562 |
TITLE_SHOWN=1 |
| 17563 |
fi |
17563 |
fi |
| 17564 |
|
17564 |
|
| 17565 |
RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | egrep 'metalog( |$)' | grep -v 'egrep'` |
17565 |
RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | grep -E 'metalog( |$)' | grep -v 'grep'` |
| 17566 |
|
17566 |
|
| 17567 |
if [ -n "${RKHTMPVAR}" ]; then |
17567 |
if [ -n "${RKHTMPVAR}" ]; then |
| 17568 |
METALOG_SEEN=1 |
17568 |
METALOG_SEEN=1 |
|
Lines 17578-17584
Link Here
|
| 17578 |
TITLE_SHOWN=1 |
17578 |
TITLE_SHOWN=1 |
| 17579 |
fi |
17579 |
fi |
| 17580 |
|
17580 |
|
| 17581 |
RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | egrep 'socklog( |$)' | grep -v 'egrep'` |
17581 |
RKHTMPVAR=`${PS_CMD} ${PS_ARGS} | grep -E 'socklog( |$)' | grep -v 'grep'` |
| 17582 |
|
17582 |
|
| 17583 |
if [ -n "${RKHTMPVAR}" ]; then |
17583 |
if [ -n "${RKHTMPVAR}" ]; then |
| 17584 |
SOCKLOG_SEEN=1 |
17584 |
SOCKLOG_SEEN=1 |
|
Lines 17639-17645
Link Here
|
| 17639 |
RKHTMPVAR="an" |
17639 |
RKHTMPVAR="an" |
| 17640 |
elif [ -n "`echo \"${FNAME}\" | grep '/syslog-ng\.conf$'`" ]; then |
17640 |
elif [ -n "`echo \"${FNAME}\" | grep '/syslog-ng\.conf$'`" ]; then |
| 17641 |
FTYPE="syslog-ng" |
17641 |
FTYPE="syslog-ng" |
| 17642 |
elif [ -n "`echo \"${FNAME}\" | egrep '/(systemd-)?journald\.conf$'`" ]; then |
17642 |
elif [ -n "`echo \"${FNAME}\" | grep -E '/(systemd-)?journald\.conf$'`" ]; then |
| 17643 |
FTYPE="systemd" |
17643 |
FTYPE="systemd" |
| 17644 |
else |
17644 |
else |
| 17645 |
FTYPE="syslog" |
17645 |
FTYPE="syslog" |
|
Lines 17657-17671
Link Here
|
| 17657 |
if [ "${FTYPE}" != "systemd" ]; then |
17657 |
if [ "${FTYPE}" != "systemd" ]; then |
| 17658 |
RKHTMPVAR="" |
17658 |
RKHTMPVAR="" |
| 17659 |
|
17659 |
|
| 17660 |
if [ -n "`echo \"${FNAME}\" | egrep '/r?syslog\.conf$'`" ]; then |
17660 |
if [ -n "`echo \"${FNAME}\" | grep -E '/r?syslog\.conf$'`" ]; then |
| 17661 |
RKHTMPVAR=`egrep -i '^[^#].*[ ](@|:omrelp:).' "${FNAME}" | egrep -i -v '(@|:omrelp:)127\.'` |
17661 |
RKHTMPVAR=`grep -E -i '^[^#].*[ ](@|:omrelp:).' "${FNAME}" | grep -E -i -v '(@|:omrelp:)127\.'` |
| 17662 |
else |
17662 |
else |
| 17663 |
# |
17663 |
# |
| 17664 |
# For syslog-ng we must look for a destination |
17664 |
# For syslog-ng we must look for a destination |
| 17665 |
# block which uses TCP or UDP. |
17665 |
# block which uses TCP or UDP. |
| 17666 |
# |
17666 |
# |
| 17667 |
|
17667 |
|
| 17668 |
RKHTMPVAR=`${AWK_CMD} '/^[ ]*destination( | |$)/, /}/ { print $0 }' "${FNAME}" | egrep -i '( | |\{|^)(tcp|udp)6?( | |\(|$)' | egrep -v -i '(tcp|udp)6?[ ]*\([ ]*("[ ]*)?127\.'` |
17668 |
RKHTMPVAR=`${AWK_CMD} '/^[ ]*destination( | |$)/, /}/ { print $0 }' "${FNAME}" | grep -E -i '( | |\{|^)(tcp|udp)6?( | |\(|$)' | grep -E -v -i '(tcp|udp)6?[ ]*\([ ]*("[ ]*)?127\.'` |
| 17669 |
fi |
17669 |
fi |
| 17670 |
|
17670 |
|
| 17671 |
if [ -n "${RKHTMPVAR}" ]; then |
17671 |
if [ -n "${RKHTMPVAR}" ]; then |
|
Lines 17681-17687
Link Here
|
| 17681 |
# that the warnings are shown before anything else. |
17681 |
# that the warnings are shown before anything else. |
| 17682 |
# |
17682 |
# |
| 17683 |
|
17683 |
|
| 17684 |
if [ $SYSLOG_SEEN -eq 1 -a -z "`echo \"${FILEFOUND}\" | egrep ' (syslog|rsyslog|syslog-ng) '`" ]; then |
17684 |
if [ $SYSLOG_SEEN -eq 1 -a -z "`echo \"${FILEFOUND}\" | grep -E ' (syslog|rsyslog|syslog-ng) '`" ]; then |
| 17685 |
display --to SCREEN+LOG --type PLAIN --result WARNING --color RED --log-indent 2 --screen-indent 4 SYSTEM_CONFIGS_FILE |
17685 |
display --to SCREEN+LOG --type PLAIN --result WARNING --color RED --log-indent 2 --screen-indent 4 SYSTEM_CONFIGS_FILE |
| 17686 |
display --to LOG --type WARNING SYSTEM_CONFIGS_SYSLOG_NO_FILE 'syslog' |
17686 |
display --to LOG --type WARNING SYSTEM_CONFIGS_SYSLOG_NO_FILE 'syslog' |
| 17687 |
elif [ $SYSTEMD_SEEN -eq 1 -a -z "`echo \"${FILEFOUND}\" | grep ' systemd '`" ]; then |
17687 |
elif [ $SYSTEMD_SEEN -eq 1 -a -z "`echo \"${FILEFOUND}\" | grep ' systemd '`" ]; then |
|
Lines 17697-17703
Link Here
|
| 17697 |
# We only display the remote logging result if a configuration file was found. |
17697 |
# We only display the remote logging result if a configuration file was found. |
| 17698 |
# |
17698 |
# |
| 17699 |
|
17699 |
|
| 17700 |
if [ -n "`echo \"${FILEFOUND}\" | egrep ' (syslog|rsyslog|syslog-ng) '`" ]; then |
17700 |
if [ -n "`echo \"${FILEFOUND}\" | grep -E ' (syslog|rsyslog|syslog-ng) '`" ]; then |
| 17701 |
if [ $ALLOW_SYSLOG_REMOTE_LOGGING -eq 1 ]; then |
17701 |
if [ $ALLOW_SYSLOG_REMOTE_LOGGING -eq 1 ]; then |
| 17702 |
display --to SCREEN+LOG --type PLAIN --result ALLOWED --color GREEN --log-indent 2 --screen-indent 4 SYSTEM_CONFIGS_SYSLOG_REMOTE |
17702 |
display --to SCREEN+LOG --type PLAIN --result ALLOWED --color GREEN --log-indent 2 --screen-indent 4 SYSTEM_CONFIGS_SYSLOG_REMOTE |
| 17703 |
elif [ $REM_LOGGING_FOUND -eq 0 ]; then |
17703 |
elif [ $REM_LOGGING_FOUND -eq 0 ]; then |
|
Lines 17734-17740
Link Here
|
| 17734 |
FTYPE=`echo "${FTYPE}" | tail ${TAIL_OPT}1` |
17734 |
FTYPE=`echo "${FTYPE}" | tail ${TAIL_OPT}1` |
| 17735 |
fi |
17735 |
fi |
| 17736 |
|
17736 |
|
| 17737 |
if [ -z "`echo \"${FTYPE}\" | egrep -v '(character special|block special|socket|fifo \(named pipe\)|symbolic link to|empty|directory|/MAKEDEV:)'`" ]; then |
17737 |
if [ -z "`echo \"${FTYPE}\" | grep -E -v '(character special|block special|socket|fifo \(named pipe\)|symbolic link to|empty|directory|/MAKEDEV:)'`" ]; then |
| 17738 |
return |
17738 |
return |
| 17739 |
fi |
17739 |
fi |
| 17740 |
|
17740 |
|
|
Lines 17832-17838
Link Here
|
| 17832 |
RKHTMPVAR=`find_cmd mount` |
17832 |
RKHTMPVAR=`find_cmd mount` |
| 17833 |
|
17833 |
|
| 17834 |
if [ -n "${RKHTMPVAR}" ]; then |
17834 |
if [ -n "${RKHTMPVAR}" ]; then |
| 17835 |
test -n "`${RKHTMPVAR} 2>/dev/null | egrep '^fdesc(fs)? .*(type fdesc|\(fdescfs\))'`" && FDESCFS=1 |
17835 |
test -n "`${RKHTMPVAR} 2>/dev/null | grep -E '^fdesc(fs)? .*(type fdesc|\(fdescfs\))'`" && FDESCFS=1 |
| 17836 |
else |
17836 |
else |
| 17837 |
display --to LOG --type INFO NOT_FOUND_CMD 'mount' |
17837 |
display --to LOG --type INFO NOT_FOUND_CMD 'mount' |
| 17838 |
fi |
17838 |
fi |
|
Lines 17930-17936
Link Here
|
| 17930 |
|
17930 |
|
| 17931 |
for DIR in ${SHORTSEARCHDIRS}; do |
17931 |
for DIR in ${SHORTSEARCHDIRS}; do |
| 17932 |
if [ -d "${DIR}" ]; then |
17932 |
if [ -d "${DIR}" ]; then |
| 17933 |
RKHTMPVAR=`ls -1d ${DIR}/.* 2>/dev/null | egrep -v '/\.\.?$'` |
17933 |
RKHTMPVAR=`ls -1d ${DIR}/.* 2>/dev/null | grep -E -v '/\.\.?$'` |
| 17934 |
test -n "${RKHTMPVAR}" && LOOKINDIRS="${LOOKINDIRS} |
17934 |
test -n "${RKHTMPVAR}" && LOOKINDIRS="${LOOKINDIRS} |
| 17935 |
${RKHTMPVAR}" |
17935 |
${RKHTMPVAR}" |
| 17936 |
fi |
17936 |
fi |
|
Lines 17972-17978
Link Here
|
| 17972 |
|
17972 |
|
| 17973 |
FTYPE=`${FILE_CMD} "${FNAME}" 2>&1 | ${AWK_CMD} -F':' '{ print $NF }' | cut -c2-` |
17973 |
FTYPE=`${FILE_CMD} "${FNAME}" 2>&1 | ${AWK_CMD} -F':' '{ print $NF }' | cut -c2-` |
| 17974 |
|
17974 |
|
| 17975 |
test -n "`echo \"${FTYPE}\" | egrep 'character special|block special|empty'`" && continue |
17975 |
test -n "`echo \"${FTYPE}\" | grep -E 'character special|block special|empty'`" && continue |
| 17976 |
|
17976 |
|
| 17977 |
FNAMEGREP=`echo "${FNAME}" | sed -e 's/\([.$*?\\]\)/\\\\\1/g; s/\[/\\\\[/g; s/\]/\\\\]/g'` |
17977 |
FNAMEGREP=`echo "${FNAME}" | sed -e 's/\([.$*?\\]\)/\\\\\1/g; s/\[/\\\\[/g; s/\]/\\\\]/g'` |
| 17978 |
|
17978 |
|
|
Lines 18313-18319
Link Here
|
| 18313 |
;; |
18313 |
;; |
| 18314 |
named) |
18314 |
named) |
| 18315 |
WHOLE_VERSION=`${APP_CMD_FOUND} -v 2>/dev/null` |
18315 |
WHOLE_VERSION=`${APP_CMD_FOUND} -v 2>/dev/null` |
| 18316 |
VERSION=`echo "${WHOLE_VERSION}" | egrep '^(named|BIND)[ ][ ]*[0-9]' | grep -v '/' | ${AWK_CMD} '{ print $2 }'` |
18316 |
VERSION=`echo "${WHOLE_VERSION}" | grep -E '^(named|BIND)[ ][ ]*[0-9]' | grep -v '/' | ${AWK_CMD} '{ print $2 }'` |
| 18317 |
|
18317 |
|
| 18318 |
if [ -n "`echo \"${VERSION}\" | grep '^[^-]*\.[0-9][0-9]*-P[^-]*-'`" ]; then |
18318 |
if [ -n "`echo \"${VERSION}\" | grep '^[^-]*\.[0-9][0-9]*-P[^-]*-'`" ]; then |
| 18319 |
VERSION=`echo "${VERSION}" | cut -d'-' -f1-2` |
18319 |
VERSION=`echo "${VERSION}" | cut -d'-' -f1-2` |
|
Lines 18377-18383
Link Here
|
| 18377 |
if [ -n "`echo \"${APP_WHITELIST}\" | grep -i \" ${APPLICATION}:${RKHTMPVAR} \"`" ]; then |
18377 |
if [ -n "`echo \"${APP_WHITELIST}\" | grep -i \" ${APPLICATION}:${RKHTMPVAR} \"`" ]; then |
| 18378 |
APP_RESULTS="${APP_RESULTS} |
18378 |
APP_RESULTS="${APP_RESULTS} |
| 18379 |
${APPLICATION}%${APPLICATION_DESC}%${VERSION}%-1" |
18379 |
${APPLICATION}%${APPLICATION_DESC}%${VERSION}%-1" |
| 18380 |
elif [ -n "`egrep -i \"^${APPLICATION}:.* ${RKHTMPVAR}( |$)\" \"${DB_PATH}/programs_bad.dat\" 2>&1`" ]; then |
18380 |
elif [ -n "`grep -E -i \"^${APPLICATION}:.* ${RKHTMPVAR}( |$)\" \"${DB_PATH}/programs_bad.dat\" 2>&1`" ]; then |
| 18381 |
APPS_FAILED_COUNT=`expr ${APPS_FAILED_COUNT} + 1` |
18381 |
APPS_FAILED_COUNT=`expr ${APPS_FAILED_COUNT} + 1` |
| 18382 |
|
18382 |
|
| 18383 |
APP_RESULTS="${APP_RESULTS} |
18383 |
APP_RESULTS="${APP_RESULTS} |
|
Lines 19462-19468
Link Here
|
| 19462 |
# |
19462 |
# |
| 19463 |
|
19463 |
|
| 19464 |
echo $ECHOOPT "" |
19464 |
echo $ECHOOPT "" |
| 19465 |
echo $ECHOOPT "Usage: rkhunter {--check | --unlock |" |
19465 |
echo $ECHOOPT "Usage: rkhunter {--check | --unlock | --update | --versioncheck |" |
| 19466 |
echo $ECHOOPT " --propupd [{filename | directory | package name},...] |" |
19466 |
echo $ECHOOPT " --propupd [{filename | directory | package name},...] |" |
| 19467 |
echo $ECHOOPT " --list [{tests | {lang | languages} | rootkits | perl | propfiles}] |" |
19467 |
echo $ECHOOPT " --list [{tests | {lang | languages} | rootkits | perl | propfiles}] |" |
| 19468 |
echo $ECHOOPT " --config-check | --version | --help} [options]" |
19468 |
echo $ECHOOPT " --config-check | --version | --help} [options]" |
|
Lines 19791-19798
Link Here
|
| 19791 |
# required commands are tested early on using just the root PATH. Then |
19791 |
# required commands are tested early on using just the root PATH. Then |
| 19792 |
# BINDIR is checked, and finally the rest of the commands are then |
19792 |
# BINDIR is checked, and finally the rest of the commands are then |
| 19793 |
# checked using the new PATH from BINDIR. |
19793 |
# checked using the new PATH from BINDIR. |
| 19794 |
ABSOLUTELY_REQUIRED_CMDS="cut egrep grep sed tail tr" |
19794 |
ABSOLUTELY_REQUIRED_CMDS="cut grep sed tail tr" |
| 19795 |
REQCMDS="awk cat chmod chown cp cut date egrep grep head ls mv sed sort tail touch tr uname uniq wc" |
19795 |
REQCMDS="awk cat chmod chown cp cut date grep head ls mv sed sort tail touch tr uname uniq wc" |
| 19796 |
|
19796 |
|
| 19797 |
# This will be set to a list of commands that have been disabled. |
19797 |
# This will be set to a list of commands that have been disabled. |
| 19798 |
DISABLED_CMDS="" |
19798 |
DISABLED_CMDS="" |
|
Lines 20896-20905
Link Here
|
| 20896 |
# |
20896 |
# |
| 20897 |
|
20897 |
|
| 20898 |
if [ -z "${PRELINK_HASH}" ]; then |
20898 |
if [ -z "${PRELINK_HASH}" ]; then |
| 20899 |
if [ -z "`echo \"${HASH_FUNC}\" | egrep '(/filehashsha\.pl Digest::MD5|/filehashsha\.pl .* 1$|shasum -a 1$)'`" ]; then |
20899 |
if [ -z "`echo \"${HASH_FUNC}\" | grep -E '(/filehashsha\.pl Digest::MD5|/filehashsha\.pl .* 1$|shasum -a 1$)'`" ]; then |
| 20900 |
RKHTMPVAR=`echo "${HASH_FUNC}" | cut -d' ' -f1` |
20900 |
RKHTMPVAR=`echo "${HASH_FUNC}" | cut -d' ' -f1` |
| 20901 |
|
20901 |
|
| 20902 |
if [ -z "`echo ${RKHTMPVAR} | egrep -i 'sha1|md5'`" ]; then |
20902 |
if [ -z "`echo ${RKHTMPVAR} | grep -E -i 'sha1|md5'`" ]; then |
| 20903 |
if [ $HASH_OPT -eq 1 ]; then |
20903 |
if [ $HASH_OPT -eq 1 ]; then |
| 20904 |
echo "This system uses prelinking, but the '--hash' option (${HASH_FUNC}) does not look like SHA1 or MD5." |
20904 |
echo "This system uses prelinking, but the '--hash' option (${HASH_FUNC}) does not look like SHA1 or MD5." |
| 20905 |
else |
20905 |
else |
|
Lines 21007-21013
Link Here
|
| 21007 |
# |
21007 |
# |
| 21008 |
IFS=$IFSNL |
21008 |
IFS=$IFSNL |
| 21009 |
|
21009 |
|
| 21010 |
for LINE in `egrep '^MSG_(TYPE|RESULT)_' "${DB_PATH}/i18n/en" 2>/dev/null`; do |
21010 |
for LINE in `grep -E '^MSG_(TYPE|RESULT)_' "${DB_PATH}/i18n/en" 2>/dev/null`; do |
| 21011 |
TYPE=`echo "${LINE}" | cut -d: -f1` |
21011 |
TYPE=`echo "${LINE}" | cut -d: -f1` |
| 21012 |
|
21012 |
|
| 21013 |
if [ "${LANGUAGE}" != "en" ]; then |
21013 |
if [ "${LANGUAGE}" != "en" ]; then |
|
Lines 21212-21218
Link Here
|
| 21212 |
fi |
21212 |
fi |
| 21213 |
elif [ -n "${PRELINK_HASH}" ]; then |
21213 |
elif [ -n "${PRELINK_HASH}" ]; then |
| 21214 |
display --to LOG --type INFO HASH_FUNC_PRELINK "${PRELINK_HASH}" |
21214 |
display --to LOG --type INFO HASH_FUNC_PRELINK "${PRELINK_HASH}" |
| 21215 |
elif [ -z "`echo \"${HASH_FUNC}\" | egrep -i 'sha1|md5'`" ]; then |
21215 |
elif [ -z "`echo \"${HASH_FUNC}\" | grep -E -i 'sha1|md5'`" ]; then |
| 21216 |
SKIP_HASH_MSG=1 |
21216 |
SKIP_HASH_MSG=1 |
| 21217 |
else |
21217 |
else |
| 21218 |
display --to LOG --type INFO HASH_FUNC "${HASH_FUNC}" |
21218 |
display --to LOG --type INFO HASH_FUNC "${HASH_FUNC}" |
