Author: lantz moore Description: hide all output from tests (#142422, #190978, #229869, #306263) Index: chkrootkit/chkrootkit =================================================================== --- chkrootkit.orig/chkrootkit +++ chkrootkit/chkrootkit @@ -224,11 +224,11 @@ z2 () { fi if [ "${EXPERT}" = "t" ]; then - expertmode_output "./chklastlog -f ${WTMP} -l ${LASTLOG}" + expertmode_output "./chklastlog ${QUIET_ARG} -f ${WTMP} -l ${LASTLOG}" return 5 fi - if ./chklastlog -f ${WTMP} -l ${LASTLOG} + if ./chklastlog ${QUIET_ARG} -f ${WTMP} -l ${LASTLOG} then if [ "${QUIET}" != "t" ]; then echo "chklastlog: nothing deleted"; fi fi @@ -751,6 +751,9 @@ etc/ld.so.hash sbin/init.zk usr/lib/in.h then if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi else + if [ "${QUIET}" != "t" ]; then + printn "The following suspicious files and directories were found:" + fi echo echo ${files} echo ${dirs} @@ -1348,6 +1351,11 @@ chk_chsh () { chk_login () { STATUS=${NOT_INFECTED} CMD=`loc login login $pth` + if [ "${?}" -ne 0 ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi if [ "${EXPERT}" = "t" ]; then expertmode_output "${strings} -a ${CMD}" @@ -1390,6 +1398,11 @@ chk_passwd () { if [ ! -x ${CMD} -a -x ${ROOTDIR}usr/bin/passwd ]; then CMD="${ROOTDIR}usr/bin/passwd" fi + if [ ! -r "${CMD}" ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi if [ "${EXPERT}" = "t" ]; then expertmode_output "${strings} -a ${CMD}" @@ -1544,6 +1557,11 @@ chk_ls () { STATUS=${NOT_INFECTED} LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h" CMD=`loc ls ls $pth` + if [ "${?}" -ne 0 ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi if [ "${EXPERT}" = "t" ]; then expertmode_output "${strings} -a ${CMD}" @@ -1561,6 +1579,11 @@ chk_du () { STATUS=${NOT_INFECTED} DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h" CMD=`loc du du $pth` + if [ "${?}" -ne 0 ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi if [ "${EXPERT}" = "t" ]; then expertmode_output "${strings} -a ${CMD}" @@ -1603,6 +1626,11 @@ chk_netstat () { STATUS=${NOT_INFECTED} NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero" CMD=`loc netstat netstat $pth` + if [ "${?}" -ne 0 ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi if [ "${EXPERT}" = "t" ]; then expertmode_output "${strings} -a ${CMD}" @@ -1622,6 +1650,11 @@ chk_ps () { PS_I_L="/dev/xmx|\.1proc|/dev/ttyop|/dev/pty[pqrsx]|/dev/cui|/dev/hda[0-7]|\ /dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so" CMD=`loc ps ps $pth` + if [ "${?}" -ne 0 ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi if [ "${EXPERT}" = "t" ]; then expertmode_output "${strings} -a ${CMD}" @@ -1780,6 +1813,11 @@ chk_ldsopreload() { chk_basename () { STATUS=${NOT_INFECTED} CMD=`loc basename basename $pth` + if [ "${?}" -ne 0 ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi if [ "${EXPERT}" = "t" ]; then expertmode_output "${strings} -a ${CMD}" @@ -1804,6 +1842,11 @@ chk_basename () { chk_dirname () { STATUS=${NOT_INFECTED} CMD=`loc dirname dirname $pth` + if [ "${?}" -ne 0 ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi if [ "${EXPERT}" = "t" ]; then expertmode_output "${strings} -a ${CMD}" @@ -1872,6 +1915,11 @@ chk_date () { STATUS=${NOT_INFECTED} S_L="/bin/.*sh" CMD=`loc date date $pth` + if [ "${?}" -ne 0 ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi if [ "${EXPERT}" = "t" ]; then expertmode_output "${strings} -a ${CMD}" @@ -1902,6 +1950,11 @@ chk_date () { chk_echo () { STATUS=${NOT_INFECTED} CMD=`loc echo echo $pth` + if [ "${?}" -ne 0 ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi if [ "${EXPERT}" = "t" ]; then expertmode_output "${strings} -a ${CMD}" @@ -1923,6 +1976,11 @@ chk_echo () { chk_env () { STATUS=${NOT_INFECTED} CMD=`loc env env $pth` + if [ "${?}" -ne 0 ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi if [ "${EXPERT}" = "t" ]; then expertmode_output "${strings} -a ${CMD}" @@ -2039,6 +2097,11 @@ chk_pop3 () { chk_write () { STATUS=${NOT_INFECTED} CMD=`loc write write $pth` + if [ "${?}" -ne 0 ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi WRITE_ROOTKIT_LABEL="bash|elite$|vejeta|\.ark" if [ "${EXPERT}" = "t" ]; then expertmode_output "${strings} -a ${CMD}" @@ -2060,6 +2123,11 @@ chk_write () { chk_w () { STATUS=${NOT_INFECTED} CMD=`loc w w $pth` + if [ "${?}" -ne 0 ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi W_INFECTED_LABEL="uname -a" if [ "${EXPERT}" = "t" ]; then @@ -2097,6 +2165,11 @@ chk_vdir () { chk_tar () { STATUS=${NOT_INFECTED} CMD=`loc tar tar $pth` + if [ "${?}" -ne 0 ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi if [ "${EXPERT}" = "t" ]; then expertmode_output "${ls} -l ${CMD}" @@ -2184,6 +2257,11 @@ chk_egrep () { STATUS=${NOT_INFECTED} EGREP_INFECTED_LABEL="blah" CMD=`loc egrep egrep $pth` + if [ "${?}" -ne 0 ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi if [ "${EXPERT}" = "t" ]; then expertmode_output "${strings} -a ${CMD}" @@ -2201,6 +2279,11 @@ chk_grep () { STATUS=${NOT_INFECTED} GREP_INFECTED_LABEL="givemer" CMD=`loc grep grep $pth` + if [ "${?}" -ne 0 ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi if [ "${EXPERT}" = "t" ]; then expertmode_output "${strings} -a ${CMD}" @@ -2458,6 +2541,11 @@ chk_su () { STATUS=${NOT_INFECTED} SU_INFECTED_LABEL="satori|vejeta|conf\.inv" CMD=`loc su su $pth` + if [ "${?}" -ne 0 ] + then + if [ "${QUIET}" != "t" ]; then echo "not found"; fi + return ${NOT_FOUND} + fi if [ "${EXPERT}" = "t" ]; then expertmode_output "${strings} -a ${CMD}" @@ -2605,7 +2693,9 @@ do -x) EXPERT=t;; - -q) QUIET=t;; + -q) QUIET=t + QUIET_ARG="-q" + ;; -V) echo >&2 "chkrootkit version ${CHKROOTKIT_VERSION}" exit 1;; Index: chkrootkit/chklastlog.c =================================================================== --- chkrootkit.orig/chklastlog.c +++ chkrootkit/chklastlog.c @@ -107,6 +107,8 @@ int main(int argc, char*argv[]) { struct stat wtmp_stat; struct s_localpwd *localpwd; uid_t *uid; + int quiet = 0; + char wtmpfile[128], lastlogfile[128]; memcpy(wtmpfile, WTMP_FILENAME, 127); @@ -128,10 +130,18 @@ int main(int argc, char*argv[]) { ++argv; memcpy(lastlogfile, *argv, 127); } + else if (!memcmp("-q", *argv, 2)) + { + quiet = 1; + } } - signal(SIGALRM, read_status); - alarm(5); + if (!quiet) + { + signal(SIGALRM, read_status); + alarm(5); + } + for (i=0; i