1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
From: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Thu, 17 Oct 2024 22:16:04 +0100
Subject: chkrootkit: chk_crontab
Forwarded: yes
(Forwarded by email: 21 Dec 2024)
---
chkrootkit | 35 ++++++++++++++++++++++++-----------
1 file changed, 24 insertions(+), 11 deletions(-)
diff --git a/chkrootkit b/chkrootkit
index 54fde5e..7fc2af4 100755
--- a/chkrootkit
+++ b/chkrootkit
@@ -1854,11 +1854,10 @@ chk_crontab () {
STATUS=${NOT_INFECTED}
CRONTAB_I_L="crontab.*666"
- CMD=`loc crontab crontab $pth`
+ CMD=$(loc crontab crontab "$pth")
- if [ ! -r ${CMD} ]
- then
- return ${NOT_FOUND}
+ if [ ! -r "${CMD}" ]; then
+ return "${NOT_FOUND}"
fi
if [ "${EXPERT}" = "t" ]; then
@@ -1866,14 +1865,28 @@ chk_crontab () {
return 5
fi
# slackware's crontab have a bug
- if ( ${CMD} -l -u nobody | $egrep [0-9] ) >/dev/null 2>&1 ; then
- ${echo} "Warning: crontab for nobody found, possible Lupper.Worm... "
- if ${CMD} -l -u nobody 2>/dev/null | ${egrep} $CRONTAB_I_L >/dev/null 2>&1
- then
- STATUS=${INFECTED}
- fi
+ if ( "${CMD}" -l -u nobody | $egrep [0-9] ) >/dev/null 2>&1 ; then
+ if [ "${QUIET}" != "t" ]; then echo "WARNING"; fi
+ echo "WARNING: crontab for nobody found, possible Lupper.Worm."
+ if "${CMD}" -l -u nobody 2>/dev/null | ${egrep} "$CRONTAB_I_L" >/dev/null 2>&1
+ then
+ if [ "${QUIET}" = "t" ]; then
+ echo "Checking for Lupper.Worm... INFECTED"
+ # main loop will then print "checking crontab..INFECTED"
+ else
+ # main loop already printed "checking crontab... WARNING"
+ printn "Checking for Lupper.Worm... "
+ # main loop will 'close' the 'printn' with 'INFECTED'
+ fi
+ STATUS=${INFECTED}
+ else
+ if [ "${QUIET}" != "t" ]; then
+ printn "Checking for Lupper.Worm... "
+ echo "not infected"
+ fi
+ fi
fi
- return ${STATUS}
+ return "${STATUS}"
}
chk_top () {
|
