Репозитории ALT
5.1: | 0.49-alt1 |
4.1: | 0.48-alt1 |
4.0: | 0.45-alt1 |
3.0: | 0.45-alt1 |
Группа :: Мониторинг
Пакет: chkrootkit
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: chkrootkit-alt-libpath.patch
Скачать
Скачать
diff --git a/chkrootkit/chkrootkit b/chkrootkit/chkrootkit
index 8726c70..f8b5b1e 100755
--- a/chkrootkit/chkrootkit
+++ b/chkrootkit/chkrootkit
@@ -4,6 +4,16 @@
# $Id: chkrootkit, v 0.48 2007/12/17
CHKROOTKIT_VERSION='0.48'
+CHKROOTKIT_DIR="@CHKROOTKIT_DIR@"
+IFPROMISC="$CHKROOTKIT_DIR/ifpromisc"
+CHKUTMP="$CHKROOTKIT_DIR/chkutmp"
+CHKLASTLOG="$CHKROOTKIT_DIR/chklastlog"
+CHKWTMP="$CHKROOTKIT_DIR/chkwtmp"
+CHKWTMPX="$CHKROOTKIT_DIR/check_wtmpx"
+CHKPROC="$CHKROOTKIT_DIR/chkproc"
+CHKDIRS="$CHKROOTKIT_DIR/chkdirs"
+STRINGS_STATIC="$CHKROOTKIT_DIR/strings-static"
+
# Authors: Nelson Murilo <nelson@pangeia.com.br> (main author) and
# Klaus Steding-Jessen <jessen@cert.br>
#
@@ -158,23 +168,23 @@ sniffer () {
fi
if [ "${EXPERT}" = "t" ]; then
- expertmode_output "./ifpromisc" -v
+ expertmode_output "$IFPROMISC" -v
return 5
fi
- if [ ! -x ./ifpromisc ]; then
- echo "not tested: can't exec ./ifpromisc"
+ if [ ! -x "$IFPROMISC" ]; then
+ echo "not tested: can't exec $IFPROMISC"
return ${NOT_TESTED}
else
- [ "${QUIET}" != "t" ] && ./ifpromisc -v || ./ifpromisc -q
+ [ "${QUIET}" != "t" ] && $IFPROMISC -v || $IFPROMISC -q
fi
}
chkutmp() {
- if [ ! -x ./chkutmp ]; then
- echo "not tested: can't exec ./chkutmp"
+ if [ ! -x "$CHKUTMP" ]; then
+ echo "not tested: can't exec $CHKUTMP"
return ${NOT_TESTED}
fi
- if ./chkutmp
+ if $CHKUTMP
then
if [ "${QUIET}" != "t" ]; then echo "chkutmp: nothing deleted"; fi
fi
@@ -182,8 +192,8 @@ chkutmp() {
}
z2 () {
- if [ ! -x ./chklastlog ]; then
- echo "not tested: can't exec ./chklastlog"
+ if [ ! -x "$CHKLASTLOG" ]; then
+ echo "not tested: can't exec $CHKLASTLOG"
return ${NOT_TESTED}
fi
@@ -196,32 +206,32 @@ z2 () {
fi
if [ "${EXPERT}" = "t" ]; then
- expertmode_output "./chklastlog -f ${WTMP} -l ${LASTLOG}"
+ expertmode_output "$CHKLASTLOG -f ${WTMP} -l ${LASTLOG}"
return 5
fi
- if ./chklastlog -f ${WTMP} -l ${LASTLOG}
+ if $CHKLASTLOG -f ${WTMP} -l ${LASTLOG}
then
if [ "${QUIET}" != "t" ]; then echo "chklastlog: nothing deleted"; fi
fi
}
wted () {
- if [ ! -x ./chkwtmp ]; then
- echo "not tested: can't exec ./chkwtmp"
+ if [ ! -x "$CHKWTMP" ]; then
+ echo "not tested: can't exec $CHKWTMP"
return ${NOT_TESTED}
fi
if [ "$SYSTEM" = "SunOS" ]; then
- if [ ! -x ./check_wtmpx ]; then
- echo "not tested: can't exec ./check_wtmpx"
+ if [ ! -x "$CHKWTMPX" ]; then
+ echo "not tested: can't exec $CHKWTMPX"
else
if [ "${EXPERT}" = "t" ]; then
- expertmode_output "./check_wtmpx"
+ expertmode_output "$CHKWTMPX"
return 5
fi
if [ -f ${ROOTDIR}var/adm/wtmp ]; then
- if ./check_wtmpx
+ if $CHKWTMPX
then
if [ "${QUIET}" != "t" ]; then \
echo "check_wtmpx: nothing deleted in /var/adm/wtmpx"; fi
@@ -232,12 +242,12 @@ wted () {
WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
if [ "${EXPERT}" = "t" ]; then
- expertmode_output "./chkwtmp -f ${WTMP}"
+ expertmode_output "$CHKWTMP -f ${WTMP}"
return 5
fi
fi
- if ./chkwtmp -f ${WTMP}
+ if $CHKWTMP -f ${WTMP}
then
if [ "${QUIET}" != "t" ]; then echo "chkwtmp: nothing deleted"; fi
fi
@@ -275,8 +285,8 @@ lkm ()
prog=""
if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
`echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
- [ -x ./chkproc -a "`find /proc | wc -l`" -gt 1 ] && prog="./chkproc"
- [ -x ./chkdirs ] && prog="$prog ./chkdirs"
+ [ -x "$CHKPROC" -a "`find /proc | wc -l`" -gt 1 ] && prog="$CHKPROC"
+ [ -x "$CHKDIRS" ] && prog="$prog $CHKDIRS"
if [ "$prog" = "" ]; then
echo "not tested: can't exec $prog"
return ${NOT_TESTED}
@@ -288,7 +298,7 @@ lkm ()
PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
[ "$PV" = "" ] && PV=2
[ "${SYSTEM}" = "SunOS" ] && PV=0
- expertmode_output "./chkproc -v -v -p $PV"
+ expertmode_output "$CHKPROC -v -v -p $PV"
return 5
fi
@@ -315,7 +325,7 @@ lkm ()
if [ "${DEBUG}" = "t" ]; then
${echo} "*** PV=$PV ***"
fi
- if ./chkproc -p ${PV}; then
+ if $CHKPROC -p ${PV}; then
if [ "${QUIET}" != "t" ]; then echo "chkproc: nothing detected"; fi
else
echo "chkproc: Warning: Possible LKM Trojan installed"
@@ -324,7 +334,7 @@ lkm ()
for i in /usr/share /usr/bin /usr/sbin /lib; do
[ -d $i ] && dirs="$dirs $i"
done
- if ./chkdirs $dirs; then
+ if $CHKDIRS $dirs; then
if [ "${QUIET}" != "t" ]; then echo "chkdirs: nothing detected"; fi
else
echo "chkdirs: Warning: Possible LKM Trojan installed"
@@ -1690,18 +1700,18 @@ chk_ldsopreload() {
if [ "${SYSTEM}" = "Linux" ]
then
- if [ ! -x ./strings-static ]; then
- printn "can't exec ./strings-static, "
+ if [ ! -x "$STRINGS_STATIC" ]; then
+ printn "can't exec $STRINGS_STATIC, "
return ${NOT_TESTED}
fi
if [ "${EXPERT}" = "t" ]; then
- expertmode_output "./strings-static -a ${CMD}"
+ expertmode_output "$STRINGS_STATIC -a ${CMD}"
return 5
fi
### strings must be a statically linked binary.
- if ./strings-static -a ${CMD} > /dev/null 2>&1
+ if $STRINGS_STATIC -a ${CMD} > /dev/null 2>&1
then
STATUS=${INFECTED}
fi