wok-next view chkrootkit/stuff/chkrootkit.u @ rev 6928
Up: elfutils to 0.149. Fixed it to build in clean chroot. Fixed it also to download sources with real wget by since sources are on https host. So now elfutils can download its sources just fine.
| author | Christopher Rogers <slaxemulator@gmail.com> |
|---|---|
| date | Fri Oct 22 22:36:22 2010 +0000 (2010-10-22) |
| parents | |
| children | 53abdfcf11d4 |
line source
1 --- chkrootkit-0.48/chkrootkit
2 +++ chkrootkit-0.48/chkrootkit
3 @@ -562,8 +562,13 @@
4 if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
5 expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \
6 -size 0"
7 - expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \
8 + if ls -l ${ROOTDIR}/usr/bin/find | ${egrep} -q 'bin/busybox$'; then
9 + expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \
10 + -type l"
11 + else
12 + expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \
13 \( -links 2 -o -type l \)"
14 + fi
15 fi
17 return 5
18 @@ -957,7 +962,9 @@
19 ### Suckit
20 if [ -f ${ROOTDIR}sbin/init ]; then
21 if [ "${QUIET}" != "t" ];then printn "Searching for Suckit rootkit... "; fi
22 - if [ ${SYSTEM} != "HP-UX" ] && ( ${strings} ${ROOTDIR}sbin/init | ${egrep} HOME || \
23 + if [ ${SYSTEM} != "HP-UX" ] && \
24 + ((! ls -l ${ROOTDIR}sbin/init | ${egrep} -q "bin/busybox$" && \
25 + ${strings} ${ROOTDIR}sbin/init | ${egrep} HOME) || \
26 cat ${ROOTDIR}/proc/1/maps | ${egrep} "init." ) >/dev/null 2>&1
27 then
28 echo "Warning: ${ROOTDIR}sbin/init INFECTED"
29 @@ -1127,7 +1134,12 @@
30 files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0`
31 [ ! -z "${files}" ] && \
32 echo "Warning: \`${files}' file size is zero"
33 - files1=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' \( -links 2 -o -type l \)`
34 + if ls -l ${ROOTDIR}/usr/bin/find | ${egrep} -q 'bin/busybox$'; then
35 + files1='-type l'
36 + else
37 + files1='\( -links 2 -o -type l \)'
38 + fi
39 + files1=`eval ${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' $files1`
40 [ ! -z "${files1}" ] && \
41 echo "Warning: \`${files}' is linked to another file"
42 fi
43 @@ -1537,6 +1549,9 @@
44 chk_netstat () {
45 STATUS=${NOT_INFECTED}
46 NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
47 + if ls -l /bin/netstat | ${egrep} -q " busybox$"; then
48 + return ${STATUS}
49 + fi
50 CMD=`loc netstat netstat $pth`
52 if [ "${EXPERT}" = "t" ]; then