1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71
|
From: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Wed, 22 Feb 2023 00:13:02 +0000
Subject: chkrootkit: More instances where x should be ${x}
Forwarded: yes
(forwarded by email, 12 mar 2023)
To support -p commands in $cmdlist are meant to be called only as
$cmd, but there were several places where this was not done
chkrootkit | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/chkrootkit b/chkrootkit
index 8c78c16..7f454ef 100755
@@ -372,7 +372,7 @@ lkm ()
fi
dirs="/tmp"
for i in /usr/share /usr/bin /usr/sbin /lib; do
- if [ "$(ls -ld $i | tr -s " " | cut -d " " -f 2)" -gt "1" ]; then
+ if [ "$(${ls} -ld $i | tr -s " " | ${cut} -d " " -f 2)" -gt "1" ]; then
[ -d $i ] && dirs="$dirs $i"
fi
done
@@ -387,7 +387,7 @@ lkm ()
}
aliens () {
- if [ \( -z "${HOME}" -o "${HOME}" = "/" \) -a `id -u` = "0" -a -d "/root" ]; then
+ if [ \( -z "${HOME}" -o "${HOME}" = "/" \) -a `${id} -u` = "0" -a -d "/root" ]; then
HOME="/root"
fi
if [ "${EXPERT}" = "t" ]; then
@@ -777,7 +777,7 @@ lookfor_rootkit() {
[ -d ${ROOTDIR}lib ] && LIBS=${ROOTDIR}lib
[ -d ${ROOTDIR}usr/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/lib"
[ -d ${ROOTDIR}usr/local/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/local/lib"
- if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
+ if [ "`${find} ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
"$SYSTEM" != "FreeBSD" ]
then
echo "Possible t0rn v8 (or variation) rootkit installed"
@@ -1044,7 +1044,7 @@ ${find} ${ROOTDIR}usr/sbin -name in.slogind`
### LOC rootkit
files=""
if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
- files=`find ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
+ files=`${find} ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
if [ "${files}" = "" ]; then
if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
else
@@ -1572,7 +1572,7 @@ exclude_fstype ()
fi
## Check if -fstype $type works
- if find /etc -maxdepth 0 -fstype "$1" -prune >/dev/null 2>&1; then
+ if ${find} /etc -maxdepth 0 -fstype "$1" -prune >/dev/null 2>&1; then
findargs="${findargs} -fstype $1 -prune -o "
fi
}
@@ -1616,7 +1616,7 @@ chk_chsh () {
REDHAT_PAM_LABEL="*NOT*"
GENERIC_ROOTKIT_FEDORA=${GENERIC_ROOTKIT_LABEL}
if [ -f /etc/system-release ]; then
- v="0"`${egrep} -i fedora /etc/system-release | cut -d " " -f 3`
+ v="0"`${egrep} -i fedora /etc/system-release | ${cut} -d " " -f 3`
if [ "$v" -gt "32" ]; then
GENERIC_ROOTKIT_FEDORA="bash|elite$|vejeta|\.ark|iroffer"
fi
|