wok annotate chkrootkit/stuff/chkrootkit.u @ rev 25865

libsdl*: update urls
author Pascal Bellard <pascal.bellard@slitaz.org>
date Mon Sep 01 12:45:35 2025 +0000 (13 days ago)
parents 41a539cfe5f8
children
rev   line source
pascal@25733 1 --- chkrootkit-0.58b/chkrootkit
pascal@25733 2 +++ chkrootkit-0.58b/chkrootkit
pascal@25733 3 @@ -664,8 +664,13 @@
pascal@1343 4 if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
pascal@1343 5 expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \
pascal@1343 6 -size 0"
pascal@1343 7 - expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \
pascal@1343 8 + if ls -l ${ROOTDIR}/usr/bin/find | ${egrep} -q 'bin/busybox$'; then
pascal@1343 9 + expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \
pascal@1343 10 + -type l"
pascal@1343 11 + else
pascal@1343 12 + expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \
pascal@1343 13 \( -links 2 -o -type l \)"
pascal@1343 14 + fi
pascal@1343 15 fi
pascal@1343 16
pascal@1343 17 return 5
pascal@25733 18 @@ -1059,7 +1064,9 @@
pascal@1343 19 ### Suckit
pascal@1343 20 if [ -f ${ROOTDIR}sbin/init ]; then
pascal@1343 21 if [ "${QUIET}" != "t" ];then printn "Searching for Suckit rootkit... "; fi
pascal@20419 22 - if [ ${SYSTEM} != "HP-UX" ] && ( ${strings} ${ROOTDIR}sbin/init | ${egrep} '\.sniffer' || \
pascal@1343 23 + if [ ${SYSTEM} != "HP-UX" ] && \
pascal@1343 24 + ((! ls -l ${ROOTDIR}sbin/init | ${egrep} -q "bin/busybox$" && \
pascal@20419 25 + ${strings} ${ROOTDIR}sbin/init | ${egrep} '\.sniffer' ) || \
pascal@1343 26 cat ${ROOTDIR}/proc/1/maps | ${egrep} "init." ) >/dev/null 2>&1
pascal@1343 27 then
pascal@1343 28 echo "Warning: ${ROOTDIR}sbin/init INFECTED"
pascal@25733 29 @@ -1456,7 +1463,12 @@
pascal@1343 30 files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0`
pascal@1343 31 [ ! -z "${files}" ] && \
pascal@1343 32 echo "Warning: \`${files}' file size is zero"
pascal@1343 33 - files1=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' \( -links 2 -o -type l \)`
pascal@1343 34 + if ls -l ${ROOTDIR}/usr/bin/find | ${egrep} -q 'bin/busybox$'; then
pascal@1343 35 + files1='-type l'
pascal@1343 36 + else
pascal@1343 37 + files1='\( -links 2 -o -type l \)'
pascal@1343 38 + fi
pascal@1343 39 + files1=`eval ${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' $files1`
pascal@1343 40 [ ! -z "${files1}" ] && \
pascal@18140 41 echo "Warning: \`${files1}' is linked to another file"
pascal@1343 42 fi
pascal@25733 43 @@ -1640,6 +1652,7 @@
pascal@25733 44 GENERAL="^root$"
pascal@25733 45 TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
pascal@25733 46 ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
pascal@25733 47 + ls -l ${CMD} | grep -q busybox ||
pascal@25733 48 if [ ${ret} -gt 0 ]; then
pascal@25733 49 case ${ret} in
pascal@25733 50 1) [ "${SYSTEM}" = "OpenBSD" -a `echo $V | ${awk} '{ if ($1 < 2.7 ||
pascal@25733 51 @@ -1877,6 +1890,9 @@
pascal@1343 52 chk_netstat () {
pascal@1343 53 STATUS=${NOT_INFECTED}
pascal@1343 54 NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
pascal@1343 55 + if ls -l /bin/netstat | ${egrep} -q " busybox$"; then
pascal@1343 56 + return ${STATUS}
pascal@1343 57 + fi
pascal@1343 58 CMD=`loc netstat netstat $pth`
pascal@1343 59
pascal@1343 60 if [ "${EXPERT}" = "t" ]; then