1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
From: Lorenzo 'Palinuro' Faletra <palinuro@parrotsec.org>
Date: Thu, 19 Apr 2018 22:57:12 +0200
Subject: chkrootkit: scalper
Add exception for ser2net in scalper()
Forwarded: yes
(Forwarded by email: 21 Dec 2024)
---
chkrootkit | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/chkrootkit b/chkrootkit
index 9284934..955a0c2 100755
--- a/chkrootkit
+++ b/chkrootkit
@@ -132,24 +132,26 @@ slapper (){
scalper (){
SCALPER_FILES="${ROOTDIR}tmp/.uua ${ROOTDIR}tmp/.a"
SCALPER_PORT=2001
- OPT="-an"
- _chk_netstat_or_ss;
- [ "$netstat" = "ss" ] && OPT="-a"
+ OPT="-an"
+ _chk_netstat_or_ss;
STATUS=0
- if ${netstat} "${OPT}" | ${egrep} "0.0:${SCALPER_PORT} "> /dev/null 2>&1; then
- STATUS=1
+ if ${netstat} "${OPT}" 2>/dev/null | ${egrep} -q "0.0:${SCALPER_PORT}"; then
+ if ! [ -e /usr/sbin/ser2net ]; then
+ STATUS=1
+ fi
fi
for i in ${SCALPER_FILES}; do
- if [ -f ${i} ]; then
+ if [ -f "${i}" ]; then
STATUS=1
fi
done
- if [ ${STATUS} -eq 1 ] ;then
- echo "Warning: Possible Scalper Worm installed"
+ if [ "${STATUS}" -eq 1 ] ;then
+ _warn "Possible Scalper Worm installed\n"
+ return "${INFECTED}"
else
- if [ "${QUIET}" != "t" ]; then echo "not infected"; fi
- return ${NOT_INFECTED}
+ _not_found
+ return "${NOT_INFECTED}"
fi
}
|
