1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
From: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Thu, 17 Oct 2024 22:32:49 +0100
Subject: chkrootkit: chk_tcpdump
Forwarded: yes
(Forwarded by email: 21 Dec 2024)
---
chkrootkit | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/chkrootkit b/chkrootkit
index 032e5c0..8652bef 100755
--- a/chkrootkit
+++ b/chkrootkit
@@ -2621,15 +2621,15 @@ chk_rshd () {
}
chk_tcpdump () {
+ # this function is missing test for expertmode and is inconsistent with the other chk_* functions in terms of return values
STATUS=${NOT_INFECTED}
TCPDUMP_I_L="212.146.0.34:1963";
- _chk_netstat_or_ss;
- OPT="-an"
- [ "${netstat}" = "ss" ] && OPT="-a"
- if ${netstat} "${OPT}" | ${egrep} "${TCPDUMP_I_L}"> /dev/null 2>&1; then
+ _chk_netstat_or_ss;
+ OPT="-an"
+ if ${netstat} "${OPT}" 2>/dev/null | ${egrep} -q "${TCPDUMP_I_L}"; then
STATUS=${INFECTED}
fi
- return ${STATUS}
+ return "${STATUS}"
}
chk_tcpd () {
|
