Author: Giuseppe Iuculano Description: Read logs from /var/log instead of /var/adm Index: chkrootkit/README.chklastlog =================================================================== --- chkrootkit.orig/README.chklastlog +++ chkrootkit/README.chklastlog @@ -31,8 +31,8 @@ chklastlog - check lastlog-file for dele % cc -o chklastlog chklastlog.c - To run chklastlog you need read permission on the files /var/adm/wtmp - and /var/adm/lastlogin. Normally these files are world-readable and + To run chklastlog you need read permission on the files /var/log/wtmp + and /var/log/lastlog. Normally these files are world-readable and no special privileges are required to run the checker. The following is an example of the output of chklastlog. Index: chkrootkit/README.chkwtmp =================================================================== --- chkrootkit.orig/README.chkwtmp +++ chkrootkit/README.chkwtmp @@ -30,7 +30,7 @@ chkwtmp - check wtmp-file for overwritte To create chkwtmp under SunOS 4.x, type: % cc -o chkwtmp chkwtmp.c - To run chkwtmp you need read permission on the file /var/adm/wtmp. + To run chkwtmp you need read permission on the file /var/log/wtmp. Normally this file is world-readable and no special privileges are required to run the checker. Index: chkrootkit/check_wtmpx.c =================================================================== --- chkrootkit.orig/check_wtmpx.c +++ chkrootkit/check_wtmpx.c @@ -30,8 +30,8 @@ int main () { return 0; } #include #include -#define WTMP_FILENAME "/var/adm/wtmp" -#define WTMPX_FILENAME "/var/adm/wtmpx" +#define WTMP_FILENAME "/var/log/wtmp" +#define WTMPX_FILENAME "/var/log/wtmpx" struct file_utmp_entry Index: chkrootkit/chklastlog.c =================================================================== --- chkrootkit.orig/chklastlog.c +++ chkrootkit/chklastlog.c @@ -65,10 +65,10 @@ int main () { return 0; } #define LASTLOG_FILENAME "/var/log/lastlog" #endif #ifndef WTMP_FILENAME -#define WTMP_FILENAME "/var/adm/wtmp" +#define WTMP_FILENAME "/var/log/wtmp" #endif #ifndef LASTLOG_FILENAME -#define LASTLOG_FILENAME "/var/adm/lastlog" +#define LASTLOG_FILENAME "/var/log/lastlog" #endif #define TRUE 1L Index: chkrootkit/chkutmp.c =================================================================== --- chkrootkit.orig/chkutmp.c +++ chkrootkit/chkutmp.c @@ -48,7 +48,7 @@ int main () { return 0; } #define MAXLENGTH 256 #define UT_PIDSIZE 12 #if defined(__sun) -#define UTMP "/var/adm/utmpx" +#define UTMP "/var/log/utmpx" #define UT_LINESIZE 12 #define UT_NAMESIZE 8 #define PS_CMD 0 Index: chkrootkit/chkwtmp.c =================================================================== --- chkrootkit.orig/chkwtmp.c +++ chkrootkit/chkwtmp.c @@ -39,7 +39,7 @@ int main () { return 0; } #define WTMP_FILENAME "/var/log/wtmp" #else #ifndef WTMP_FILENAME -#define WTMP_FILENAME "/var/adm/wtmp" +#define WTMP_FILENAME "/var/log/wtmp" #endif #endif