wok-next annotate chkrootkit/stuff/chkrootkit.u @ rev 6928

Up: elfutils to 0.149. Fixed it to build in clean chroot. Fixed it also to download sources with real wget by since sources are on https host. So now elfutils can download its sources just fine.
author Christopher Rogers <slaxemulator@gmail.com>
date Fri Oct 22 22:36:22 2010 +0000 (2010-10-22)
parents
children 53abdfcf11d4
rev   line source
pascal@1343 1 --- chkrootkit-0.48/chkrootkit
pascal@1343 2 +++ chkrootkit-0.48/chkrootkit
pascal@1343 3 @@ -562,8 +562,13 @@
pascal@1343 4 if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
pascal@1343 5 expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \
pascal@1343 6 -size 0"
pascal@1343 7 - expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \
pascal@1343 8 + if ls -l ${ROOTDIR}/usr/bin/find | ${egrep} -q 'bin/busybox$'; then
pascal@1343 9 + expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \
pascal@1343 10 + -type l"
pascal@1343 11 + else
pascal@1343 12 + expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \
pascal@1343 13 \( -links 2 -o -type l \)"
pascal@1343 14 + fi
pascal@1343 15 fi
pascal@1343 16
pascal@1343 17 return 5
pascal@1343 18 @@ -957,7 +962,9 @@
pascal@1343 19 ### Suckit
pascal@1343 20 if [ -f ${ROOTDIR}sbin/init ]; then
pascal@1343 21 if [ "${QUIET}" != "t" ];then printn "Searching for Suckit rootkit... "; fi
pascal@1343 22 - if [ ${SYSTEM} != "HP-UX" ] && ( ${strings} ${ROOTDIR}sbin/init | ${egrep} HOME || \
pascal@1343 23 + if [ ${SYSTEM} != "HP-UX" ] && \
pascal@1343 24 + ((! ls -l ${ROOTDIR}sbin/init | ${egrep} -q "bin/busybox$" && \
pascal@1343 25 + ${strings} ${ROOTDIR}sbin/init | ${egrep} HOME) || \
pascal@1343 26 cat ${ROOTDIR}/proc/1/maps | ${egrep} "init." ) >/dev/null 2>&1
pascal@1343 27 then
pascal@1343 28 echo "Warning: ${ROOTDIR}sbin/init INFECTED"
pascal@1343 29 @@ -1127,7 +1134,12 @@
pascal@1343 30 files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0`
pascal@1343 31 [ ! -z "${files}" ] && \
pascal@1343 32 echo "Warning: \`${files}' file size is zero"
pascal@1343 33 - files1=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' \( -links 2 -o -type l \)`
pascal@1343 34 + if ls -l ${ROOTDIR}/usr/bin/find | ${egrep} -q 'bin/busybox$'; then
pascal@1343 35 + files1='-type l'
pascal@1343 36 + else
pascal@1343 37 + files1='\( -links 2 -o -type l \)'
pascal@1343 38 + fi
pascal@1343 39 + files1=`eval ${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' $files1`
pascal@1343 40 [ ! -z "${files1}" ] && \
pascal@1343 41 echo "Warning: \`${files}' is linked to another file"
pascal@1343 42 fi
pascal@1343 43 @@ -1537,6 +1549,9 @@
pascal@1343 44 chk_netstat () {
pascal@1343 45 STATUS=${NOT_INFECTED}
pascal@1343 46 NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
pascal@1343 47 + if ls -l /bin/netstat | ${egrep} -q " busybox$"; then
pascal@1343 48 + return ${STATUS}
pascal@1343 49 + fi
pascal@1343 50 CMD=`loc netstat netstat $pth`
pascal@1343 51
pascal@1343 52 if [ "${EXPERT}" = "t" ]; then