diff options
| author |   Daniel Ahlberg <aliz@gentoo.org> | 2003-02-27 11:06:57 +0000 |
|---|---|---|
| committer | Daniel Ahlberg <aliz@gentoo.org> | 2003-02-27 11:06:57 +0000 |
| commit | 3b31d88924e70ef4cdda8f22630e344488fe7390 (patch) | |
| tree | 9050e7c5292641ce99b8e6e230fea17a7725891f /app-admin/chkrootkit | |
| parent | Fix for functions.sh that was missing. (from -r5 ebuild) (diff) | |
| download | historical-3b31d88924e70ef4cdda8f22630e344488fe7390.tar.gz historical-3b31d88924e70ef4cdda8f22630e344488fe7390.tar.bz2 historical-3b31d88924e70ef4cdda8f22630e344488fe7390.zip | |
Closes #15743
Diffstat (limited to 'app-admin/chkrootkit')
| -rw-r--r-- | app-admin/chkrootkit/ChangeLog | 7 | ||||
| -rw-r--r-- | app-admin/chkrootkit/chkrootkit-0.39a.ebuild | 31 | ||||
| -rw-r--r-- | app-admin/chkrootkit/files/chkrootkit-0.39a-gentoo.diff | 917 | ||||
| -rw-r--r-- | app-admin/chkrootkit/files/digest-chkrootkit-0.39a | 1 |
4 files changed, 955 insertions, 1 deletions
diff --git a/app-admin/chkrootkit/ChangeLog b/app-admin/chkrootkit/ChangeLog index e042780262aa..8d1ee6f8ac3f 100644 --- a/app-admin/chkrootkit/ChangeLog +++ b/app-admin/chkrootkit/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for app-admin/chkrootkit # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/chkrootkit/ChangeLog,v 1.8 2003/02/12 02:16:20 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-admin/chkrootkit/ChangeLog,v 1.9 2003/02/27 11:06:57 aliz Exp $ + +*chrootkit-0.39a (27 Feb 2003) + + 27 Feb 2003; Daniel Ahlberg <aliz@gentoo.org> : + Version bump. Found by Daniel Seyffer <gentoo-bugs@seyffer.de> in #15743. 06 Dec 2002; Rodney Rees <manson@gentoo.org> : changed sparc ~sparc keywords diff --git a/app-admin/chkrootkit/chkrootkit-0.39a.ebuild b/app-admin/chkrootkit/chkrootkit-0.39a.ebuild new file mode 100644 index 000000000000..d1beb45bb5de --- /dev/null +++ b/app-admin/chkrootkit/chkrootkit-0.39a.ebuild @@ -0,0 +1,31 @@ +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/chkrootkit/chkrootkit-0.39a.ebuild,v 1.1 2003/02/27 11:06:57 aliz Exp $ + +inherit eutils + +DESCRIPTION="chkrootkit is a tool to locally check for signs of a rootkit." +SRC_URI="ftp://ftp.pangeia.com.br/pub/seg/pac/${P}.tar.gz" +HOMEPAGE="http://www.chkrootkit.org/" + +KEYWORDS="~x86 ~ppc ~sparc ~alpha" +LICENSE="AMS" +SLOT="0" + +DEPEND="virtual/glibc" + +src_unpack() { + unpack ${A} + cd ${S} + + epatch ${FILESDIR}/${P}-gentoo.diff +} + +src_compile() { + make sense || die +} + +src_install() { + dosbin check_wtmpx chklastlog chkproc chkrootkit chkwtmp ifpromisc + dodoc COPYRIGHT README README.chklastlog README.chkwtmp +} diff --git a/app-admin/chkrootkit/files/chkrootkit-0.39a-gentoo.diff b/app-admin/chkrootkit/files/chkrootkit-0.39a-gentoo.diff new file mode 100644 index 000000000000..9689501d4c74 --- /dev/null +++ b/app-admin/chkrootkit/files/chkrootkit-0.39a-gentoo.diff @@ -0,0 +1,917 @@ +--- chkrootkit-0.39a/chkrootkit 2003-01-30 23:45:57.000000000 +0100 ++++ chkrootkit 2003-02-15 15:53:20.000000000 +0100 +@@ -10,6 +10,16 @@ + # (C)1997-2003 Nelson Murilo, Pangeia Informatica, AMS Foundation and others. + # All rights reserved + ++# Gentoo specific : Could use `type <command> | cut -f 3 -d " "` ++IFPROMISC="/usr/sbin/ifpromisc" ++CHKLASTLOG="/usr/sbin/chklastlog" ++CHKPROC="/usr/sbin/chkproc" ++CHKWTMP="/usr/sbin/chkwtmp" ++CHECK_WTMPX="/usr/sbin/check_wtmpx" ++# ebuild doesn't install chkrootkit's strings; use gnus. ++STRINGS="/usr/bin/strings" ++ ++ + ### workaround for some Bourne shell implementations + unalias login > /dev/null 2>&1 + unalias ls > /dev/null 2>&1 +@@ -96,7 +106,7 @@ + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${egrep} ^asp ${ROOTDIR}etc/inetd.conf" +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +@@ -112,7 +122,7 @@ + STATUS=${INFECTED} + fi + +- if ${strings} -a ${CMD} | ${egrep} "${ASP_LABEL}" >/dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${ASP_LABEL}" >/dev/null 2>&1 + then + echo "INFECTED" + STATUS=${INFECTED} +@@ -130,22 +140,22 @@ + return ${NOT_TESTED} + fi + +- if [ ! -x ./ifpromisc ]; then +- echo "not tested: can't exec ./ifpromisc" ++ if [ ! -x ${IFPROMISC} ]; then ++ echo "not tested: can't exec ${IFPROMISC}" + return ${NOT_TESTED} + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "./ifpromisc" ++ expertmode_output "${IFPROMISC}" + return 5 + fi + echo +- ./ifpromisc ++ ${IFPROMISC} + } + + z2 () { +- if [ ! -x ./chklastlog ]; then +- echo "not tested: can't exec ./chklastlog" ++ if [ ! -x ${CHKLASTLOG} ]; then ++ echo "not tested: can't exec ${CHKLASTLOG}" + return ${NOT_TESTED} + fi + +@@ -153,31 +163,31 @@ + LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "./chklastlog -f ${WTMP} -l ${LASTLOG}" ++ expertmode_output "${CHKLASTLOG} -f ${WTMP} -l ${LASTLOG}" + return 5 + fi + +- if ./chklastlog -f ${WTMP} -l ${LASTLOG} ++ if ${CHKLASTLOG} -f ${WTMP} -l ${LASTLOG} + then + if [ "${QUIET}" != "t" ]; then echo "nothing deleted"; fi + fi + } + + wted () { +- if [ ! -x ./chkwtmp ]; then +- echo "not tested: can't exec ./chkwtmp" ++ if [ ! -x ${CHKWTMP} ]; then ++ echo "not tested: can't exec ${CHKWTMP}" + return ${NOT_TESTED} + fi + + if [ "$SYSTEM" = "SunOS" ]; then +- if [ ! -x ./check_wtmpx ]; then +- echo "not tested: can't exec ./check_wtmpx" ++ if [ ! -x ${CHECK_WTMPX} ]; then ++ echo "not tested: can't exec ${CHECK_WTMPX}" + else + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "./check_wtmpx" ++ expertmode_output "${CHECK_WTMPX}" + return 5 + fi +- if ./check_wtmpx ++ if ${CHECK_WTMPX} + then + if [ "${QUIET}" != "t" ]; then \ + echo "nothing deleted in /var/adm/wtmpx"; fi +@@ -187,12 +197,12 @@ + WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "./chkwtmp -f ${WTMP}" ++ expertmode_output "${CHKWTMP} -f ${WTMP}" + return 5 + fi + fi + +- if ./chkwtmp -f ${WTMP} ++ if ${CHKWTMP} -f ${WTMP} + then + if [ "${QUIET}" != "t" ]; then echo "nothing deleted"; fi + fi +@@ -231,7 +241,7 @@ + prog="" + if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \ + ${V} -gt 43 \) \) -a "${ROOTDIR}" = "/" ]; then +- [ ! -x ./chkproc ] && prog="./chkproc" ++ [ ! -x ${CHKPROC} ] && prog="${CHKPROC}" + [ ! -x ./chkdirs ] && prog="$prog ./chkdirs" + if [ "$prog" != "" ]; then + # echo "not tested: can't exec $prog" +@@ -241,7 +251,7 @@ + if [ "${EXPERT}" = "t" ]; then + [ -r /proc/ksyms ] && ${egrep} -i "adore|sebek" < /proc/ksyms 2>/dev/null + [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null +- expertmode_output "./chkproc -v -v" ++ expertmode_output "${CHKPROC} -v -v" + return 5 + fi + +@@ -262,7 +272,7 @@ + echo "Warning: Knark LKM installed" + fi + +- if ./chkproc ++ if ${CHKPROC} + then + if [ "${QUIET}" != "t" ]; then echo "nothing detected"; fi + else +@@ -920,19 +930,19 @@ + CMD=`loc chfn chfn $pth` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + + case "${SYSTEM}" in + Linux) +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \ ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \ + >/dev/null 2>&1 + then + STATUS=${INFECTED} + fi;; + FreeBSD) +- if [ `${strings} -a ${CMD} | \ ++ if [ `${STRINGS} -a ${CMD} | \ + ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne 2 ] + then + STATUS=${INFECTED} +@@ -947,16 +957,16 @@ + REDHAT_PAM_LABEL="*NOT*" + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + + case "${SYSTEM}" in + Linux) +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \ ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \ + >/dev/null 2>&1 + then +- if ${strings} -a ${CMD} | ${egrep} "${REDHAT_PAM_LABEL}" \ ++ if ${STRINGS} -a ${CMD} | ${egrep} "${REDHAT_PAM_LABEL}" \ + >/dev/null 2>&1 + then + : +@@ -965,7 +975,7 @@ + fi + fi;; + FreeBSD) +- if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne 2 ] ++ if [ `${STRINGS} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne 2 ] + then + STATUS=${INFECTED} + fi;; +@@ -981,13 +991,13 @@ + CMD=`loc login login $pth` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + + GENERAL="^root$" + TROJED_L_L="vejeta|xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT" +- ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"` ++ ret=`${STRINGS} -a ${CMD} | ${egrep} -c "${GENERAL}"` + if [ ${ret} -gt 0 ]; then + case ${ret} in + 1) [ "${SYSTEM}" = "OpenBSD" -a ${V} -le 27 -o ${V} -ge 30 ] && \ +@@ -998,7 +1008,7 @@ + *) STATUS=${INFECTED};; + esac + fi +- if ${strings} -a ${CMD} | ${egrep} "${TROJED_L_L}" 2>&1 >/dev/null ++ if ${STRINGS} -a ${CMD} | ${egrep} "${TROJED_L_L}" 2>&1 >/dev/null + then + STATUS=${INFECTED} + fi +@@ -1014,14 +1024,14 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + fi + + if [ "${SYSTEM}" = "OpenBSD" -o "${SYSTEM}" = "SunOS" ] + then + return ${NOT_TESTED} + fi +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}|/lib/security" \ ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}|/lib/security" \ + >/dev/null 2>&1 + then + STATUS=${INFECTED} +@@ -1039,11 +1049,11 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \ ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \ + >/dev/null 2>&1 + then + STATUS=${INFECTED} +@@ -1062,11 +1072,11 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${SYSLOG_I_L}" >/dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${SYSLOG_I_L}" >/dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1083,11 +1093,11 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${HDPARM_INFECTED_LABEL}" \ ++ if ${STRINGS} -a ${CMD} | ${egrep} "${HDPARM_INFECTED_LABEL}" \ + >/dev/null 2>&1 + then + STATUS=${INFECTED} +@@ -1105,11 +1115,11 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${GPM_INFECTED_LABEL}" \ ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GPM_INFECTED_LABEL}" \ + >/dev/null 2>&1 + then + STATUS=${INFECTED} +@@ -1127,11 +1137,11 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${MINGETTY_INFECTED_LABEL}" \ ++ if ${STRINGS} -a ${CMD} | ${egrep} "${MINGETTY_INFECTED_LABEL}" \ + >/dev/null 2>&1 + then + STATUS=${INFECTED} +@@ -1149,11 +1159,11 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${SENDMAIL_INFECTED_LABEL}" \ ++ if ${STRINGS} -a ${CMD} | ${egrep} "${SENDMAIL_INFECTED_LABEL}" \ + >/dev/null 2>&1 + then + STATUS=${INFECTED} +@@ -1167,11 +1177,11 @@ + CMD=`loc ls ls $pth` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${LS_INFECTED_LABEL}" >/dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${LS_INFECTED_LABEL}" >/dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1184,11 +1194,11 @@ + CMD=`loc du du $pth` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${DU_INFECTED_LABEL}" >/dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${DU_INFECTED_LABEL}" >/dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1208,11 +1218,11 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${NAMED_I_L}" \ ++ if ${STRINGS} -a ${CMD} | ${egrep} "${NAMED_I_L}" \ + >/dev/null 2>&1 + then + STATUS=${INFECTED} +@@ -1226,11 +1236,11 @@ + CMD=`loc netstat netstat $pth` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${NETSTAT_I_L}" \ ++ if ${STRINGS} -a ${CMD} | ${egrep} "${NETSTAT_I_L}" \ + >/dev/null 2>&1 + then + STATUS=${INFECTED} +@@ -1245,11 +1255,11 @@ + CMD=`loc ps ps $pth` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${PS_I_L}" >/dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${PS_I_L}" >/dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1267,11 +1277,11 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${PSTREE_INFECTED_LABEL}" >/dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${PSTREE_INFECTED_LABEL}" >/dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1289,11 +1299,11 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1311,11 +1321,11 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1333,11 +1343,11 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1350,18 +1360,18 @@ + + if [ "${SYSTEM}" = "Linux" ] + then +- if [ ! -x ./strings ]; then +- printn "can't exec ./strings-static, " ++ if [ ! -x ${STRINGS} ]; then ++ printn "can't exec ${STRINGS}-static, " + return ${NOT_TESTED} + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "./strings -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + + ### strings must be a statically linked binary. +- if ./strings-static -a ${CMD} > /dev/null 2>&1 ++ if ${STRINGS}-static -a ${CMD} > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1376,11 +1386,11 @@ + CMD=`loc basename basename $pth` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + expertmode_output "${ls} -l ${CMD}" + return 5 + fi +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1396,11 +1406,11 @@ + CMD=`loc dirname dirname $pth` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + expertmode_output "${ls} -l ${CMD}" + return 5 + fi +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1421,11 +1431,11 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1437,12 +1447,12 @@ + CMD=`loc rpcinfo rpcinfo $pth` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + expertmode_output "${ls} -l ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1458,12 +1468,12 @@ + CMD=`loc date date $pth` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + expertmode_output "${ls} -l ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1479,12 +1489,12 @@ + CMD=`loc echo echo $pth` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + expertmode_output "${ls} -l ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1500,12 +1510,12 @@ + CMD=`loc env env $pth` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + expertmode_output "${ls} -l ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1527,11 +1537,11 @@ + fi + fi + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1545,11 +1555,11 @@ + return ${NOT_FOUND} + fi + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1563,11 +1573,11 @@ + return ${NOT_FOUND} + fi + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1581,11 +1591,11 @@ + return ${NOT_FOUND} + fi + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1597,12 +1607,12 @@ + CMD=`loc write write $pth` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + expertmode_output "${ls} -l ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" | grep -v locale > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" | grep -v locale > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1619,11 +1629,11 @@ + W_INFECTED_LABEL="uname -a" + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + expertmode_output "${ls} -l ${CMD}" + return 5 + fi +- if ${strings} -a ${CMD} | ${egrep} "${W_INFECTED_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${W_INFECTED_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1655,7 +1665,7 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + STATUS=${INFECTED} +@@ -1673,12 +1683,12 @@ + MAIL_INFECTED_LABEL="sh -i" + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + expertmode_output "${ls} -l ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${MAIL_INFECTED_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${MAIL_INFECTED_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1698,12 +1708,12 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + expertmode_output "${ls} -l ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1720,11 +1730,11 @@ + CMD=`loc egrep egrep $pth` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + expertmode_output "${ls} -l ${CMD}" + return 5 + fi +- if ${strings} -a ${CMD} | ${egrep} "${EGREP_INFECTED_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${EGREP_INFECTED_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1737,12 +1747,12 @@ + CMD=`loc grep grep $pth` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + expertmode_output "${ls} -l ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${GREP_INFECTED_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${GREP_INFECTED_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1764,11 +1774,11 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1786,10 +1796,10 @@ + fi + fi + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi +- if ${strings} -a ${CMD} | ${egrep} "${RLOGIN_INFECTED_LABEL}" >/dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${RLOGIN_INFECTED_LABEL}" >/dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1804,10 +1814,10 @@ + return ${NOT_FOUND} + fi + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi +- if ${strings} -a ${CMD} | ${egrep} "${LSOF_INFECTED_LABEL}" >/dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${LSOF_INFECTED_LABEL}" >/dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1822,10 +1832,10 @@ + return ${NOT_FOUND} + fi + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi +- if ${strings} -a ${CMD} | ${egrep} "${AMD_INFECTED_LABEL}" >/dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${AMD_INFECTED_LABEL}" >/dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1840,10 +1850,10 @@ + return ${NOT_FOUND} + fi + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi +- if ${strings} -a ${CMD} | ${egrep} "${SLOGIN_INFECTED_LABEL}" >/dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${SLOGIN_INFECTED_LABEL}" >/dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1862,10 +1872,10 @@ + return ${NOT_FOUND} + fi + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi +- if ${strings} -a ${CMD} | ${egrep} "${CRON_INFECTED_LABEL}" >/dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${CRON_INFECTED_LABEL}" >/dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1877,18 +1887,18 @@ + CMD="${ROOTDIR}sbin/ifconfig" + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + + IFCONFIG_NOT_INFECTED_LABEL="PROMISC" + IFCONFIG_INFECTED_LABEL="/dev/tux" +- if ${strings} -a ${CMD} | ${egrep} "${IFCONFIG_NOT_INFECTED_LABEL}" \ ++ if ${STRINGS} -a ${CMD} | ${egrep} "${IFCONFIG_NOT_INFECTED_LABEL}" \ + >/dev/null 2>&1 + then + STATUS=${NOT_INFECTED} + fi +- if ${strings} -a ${CMD} | ${egrep} "${IFCONFIG_INFECTED_LABEL}" \ ++ if ${STRINGS} -a ${CMD} | ${egrep} "${IFCONFIG_INFECTED_LABEL}" \ + >/dev/null 2>&1 + then + STATUS=${INFECTED} +@@ -1908,12 +1918,12 @@ + return ${NOT_FOUND} + fi + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + + RSHD_INFECTED_LABEL="HISTFILE" +- if ${strings} -a ${CMD} | ${egrep} "${RSHD_INFECTED_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${RSHD_INFECTED_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + if ${egrep} "^#.*rshd" ${ROOTDIR}etc/inetd.conf >/dev/null 2>&1 -o \ +@@ -1949,11 +1959,11 @@ + CMD=${ROOTDIR}${CMD} + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${TCPD_INFECTED_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${TCPD_INFECTED_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -1970,11 +1980,11 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${SSHD2_INFECTED_LABEL}" \ ++ if ${STRINGS} -a ${CMD} | ${egrep} "${SSHD2_INFECTED_LABEL}" \ + > /dev/null 2>&1 + then + STATUS=${INFECTED} +@@ -1991,11 +2001,11 @@ + CMD=`loc su su $pth` + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${SU_INFECTED_LABEL}" > /dev/null 2>&1 ++ if ${STRINGS} -a ${CMD} | ${egrep} "${SU_INFECTED_LABEL}" > /dev/null 2>&1 + then + STATUS=${INFECTED} + fi +@@ -2015,11 +2025,11 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${FINGER_INFECTED_LABEL}" \ ++ if ${STRINGS} -a ${CMD} | ${egrep} "${FINGER_INFECTED_LABEL}" \ + > /dev/null 2>&1 + then + STATUS=${INFECTED} +@@ -2067,11 +2077,11 @@ + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "${strings} -a ${CMD}" ++ expertmode_output "${STRINGS} -a ${CMD}" + return 5 + fi + +- if ${strings} -a ${CMD} | ${egrep} "${TELNETD_INFECTED_LABEL}" \ ++ if ${STRINGS} -a ${CMD} | ${egrep} "${TELNETD_INFECTED_LABEL}" \ + >/dev/null 2>&1 + then + STATUS=${INFECTED} + diff --git a/app-admin/chkrootkit/files/digest-chkrootkit-0.39a b/app-admin/chkrootkit/files/digest-chkrootkit-0.39a new file mode 100644 index 000000000000..7f61a1fb769d --- /dev/null +++ b/app-admin/chkrootkit/files/digest-chkrootkit-0.39a @@ -0,0 +1 @@ +MD5 95c49aae601d402dac063f157de8fb58 chkrootkit-0.39a.tar.gz 29294 |