wok diff chkrootkit/stuff/chkrootkit.u @ rev 3687
Add: tcllib
| author | Paul Issott <paul@slitaz.org> |
|---|---|
| date | Wed Jul 15 17:55:20 2009 +0000 (2009-07-15) |
| parents | |
| children | 53abdfcf11d4 |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/chkrootkit/stuff/chkrootkit.u Wed Jul 15 17:55:20 2009 +0000 1.3 @@ -0,0 +1,52 @@ 1.4 +--- chkrootkit-0.48/chkrootkit 1.5 ++++ chkrootkit-0.48/chkrootkit 1.6 +@@ -562,8 +562,13 @@ 1.7 + if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then 1.8 + expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \ 1.9 + -size 0" 1.10 +- expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \ 1.11 ++ if ls -l ${ROOTDIR}/usr/bin/find | ${egrep} -q 'bin/busybox$'; then 1.12 ++ expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \ 1.13 ++ -type l" 1.14 ++ else 1.15 ++ expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \ 1.16 + \( -links 2 -o -type l \)" 1.17 ++ fi 1.18 + fi 1.19 + 1.20 + return 5 1.21 +@@ -957,7 +962,9 @@ 1.22 + ### Suckit 1.23 + if [ -f ${ROOTDIR}sbin/init ]; then 1.24 + if [ "${QUIET}" != "t" ];then printn "Searching for Suckit rootkit... "; fi 1.25 +- if [ ${SYSTEM} != "HP-UX" ] && ( ${strings} ${ROOTDIR}sbin/init | ${egrep} HOME || \ 1.26 ++ if [ ${SYSTEM} != "HP-UX" ] && \ 1.27 ++ ((! ls -l ${ROOTDIR}sbin/init | ${egrep} -q "bin/busybox$" && \ 1.28 ++ ${strings} ${ROOTDIR}sbin/init | ${egrep} HOME) || \ 1.29 + cat ${ROOTDIR}/proc/1/maps | ${egrep} "init." ) >/dev/null 2>&1 1.30 + then 1.31 + echo "Warning: ${ROOTDIR}sbin/init INFECTED" 1.32 +@@ -1127,7 +1134,12 @@ 1.33 + files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0` 1.34 + [ ! -z "${files}" ] && \ 1.35 + echo "Warning: \`${files}' file size is zero" 1.36 +- files1=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' \( -links 2 -o -type l \)` 1.37 ++ if ls -l ${ROOTDIR}/usr/bin/find | ${egrep} -q 'bin/busybox$'; then 1.38 ++ files1='-type l' 1.39 ++ else 1.40 ++ files1='\( -links 2 -o -type l \)' 1.41 ++ fi 1.42 ++ files1=`eval ${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' $files1` 1.43 + [ ! -z "${files1}" ] && \ 1.44 + echo "Warning: \`${files}' is linked to another file" 1.45 + fi 1.46 +@@ -1537,6 +1549,9 @@ 1.47 + chk_netstat () { 1.48 + STATUS=${NOT_INFECTED} 1.49 + NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero" 1.50 ++ if ls -l /bin/netstat | ${egrep} -q " busybox$"; then 1.51 ++ return ${STATUS} 1.52 ++ fi 1.53 + CMD=`loc netstat netstat $pth` 1.54 + 1.55 + if [ "${EXPERT}" = "t" ]; then