1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
From: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Thu, 17 Oct 2024 22:25:22 +0100
Subject: chkrootkit: chk_write
Forwarded: yes
(Forwarded by email: 21 Dec 2024)
---
chkrootkit | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/chkrootkit b/chkrootkit
index 67541e2..8adb195 100755
--- a/chkrootkit
+++ b/chkrootkit
@@ -2250,26 +2250,29 @@ chk_pop3 () {
chk_write () {
STATUS=${NOT_INFECTED}
- CMD=`loc write write $pth`
+ CMD=$(loc write write "$pth")
+ if [ "${?}" -ne 0 ]; then
+ return "${NOT_FOUND}"
+ fi
WRITE_ROOTKIT_LABEL="bash|elite$|vejeta|\.ark"
if [ "${EXPERT}" = "t" ]; then
expertmode_output "${strings} -a ${CMD}"
expertmode_output "${ls} -l ${CMD}"
return 5
fi
- if [ ! -f "${CMD}" ]; then
- STATUS=${NOT_FOUND}
- return ${STATUS}
+ if [ ! -f "${CMD}" ]; then
+ STATUS=${NOT_FOUND}
+ return "${STATUS}"
fi
- if ${strings} -a ${CMD} | ${egrep} "${WRITE_ROOTKIT_LABEL}" | grep -v locale > /dev/null 2>&1
+ if "${strings}" -a "${CMD}" | ${egrep} "${WRITE_ROOTKIT_LABEL}" | "${grep}" -v locale > /dev/null 2>&1
then
STATUS=${INFECTED}
fi
- if ${ls} -l ${CMD} | ${egrep} "^...s" > /dev/null 2>&1
+ if "${ls}" -l "${CMD}" | ${egrep} "^...s" > /dev/null 2>&1
then
STATUS=${INFECTED}
fi
- return ${STATUS}
+ return "${STATUS}"
}
chk_w () {
|
