From: Richard Lewis Date: Mon, 27 Feb 2023 22:33:58 +0000 Subject: chkrootkit: chk_inetdconf Remove unnccessary uses of cat and grep Fix support for -r/x Forwarded: yes (Forwarded by email: 21 Dec 2024) --- chkrootkit | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/chkrootkit b/chkrootkit index dac80e2..b483584 100755 --- a/chkrootkit +++ b/chkrootkit @@ -2730,29 +2730,30 @@ chk_fingerd () { chk_inetdconf () { + # this function is inconsistent with the other chk_* functions in terms of return values STATUS=${NOT_INFECTED} - SHELLS="${ROOTDIR}bin/sh ${ROOTDIR}bin/bash" + SHELLS="/bin/sh /bin/bash" - if [ -r ${ROOTDIR}etc/shells ]; then - SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`"; + if [ -r "${ROOTDIR}etc/shells" ]; then + SHELLS=$(${egrep} -v '^#' "${ROOTDIR}etc/shells") fi - if [ -r ${ROOTDIR}etc/inetd.conf ]; then - for CHK_SHELL in ${SHELLS}; do - cat ${ROOTDIR}etc/inetd.conf | ${egrep} -v "^#" | ${egrep} "^.*stream.*tcp.*nowait.*$CHK_SHELL.*" > /dev/null - if [ ${?} -ne 1 ]; then - if [ "${EXPERT}" = "t" ]; then - echo "Backdoor shell record(s) in /etc/inetd.conf: " - cat ${ROOTDIR}etc/inetd.conf | ${egrep} -v "^#" | ${egrep} "^.*stream.*tcp.*nowait.*$CHK_SHELL.*" - fi - STATUS=${INFECTED} - fi - done - return ${STATUS} + if [ -r "${ROOTDIR}etc/inetd.conf" ]; then + INETD_CONF_LINES=$(${egrep} -v '^#' "${ROOTDIR}etc/inetd.conf") + for CHK_SHELL in ${SHELLS}; do + if "${echo}" "$INETD_CONF_LINES" | ${egrep} -q "stream.*tcp.*nowait.*$CHK_SHELL" 2>/dev/null; then + if [ "${EXPERT}" = "t" ]; then + echo "Backdoor shell record(s) in /etc/inetd.conf: " + ${egrep} -v "^#" "${ROOTDIR}etc/inetd.conf" | ${egrep} "^.*stream.*tcp.*nowait.*$CHK_SHELL.*" + # other chk_* functions return 5 here (?) + fi + return "${INFECTED}" + fi + done + return "${STATUS}" else - return ${NOT_FOUND} + return "${NOT_FOUND}" fi - } chk_telnetd () {