File: chkrootkit-chk_inetdconf.patch

package info (click to toggle)
chkrootkit 0.58b-6
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 7,796 kB
  • sloc: sh: 187,089; ansic: 3,779; makefile: 103
file content (65 lines) | stat: -rw-r--r-- 2,210 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
From: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Mon, 27 Feb 2023 22:33:58 +0000
Subject: chkrootkit: chk_inetdconf

Remove unnccessary uses of cat and grep
Fix support for -r/x

Forwarded: yes
(Forwarded by email: 21 Dec 2024)
---
 chkrootkit | 35 ++++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/chkrootkit b/chkrootkit
index dac80e2..b483584 100755
--- a/chkrootkit
+++ b/chkrootkit
@@ -2730,29 +2730,30 @@ chk_fingerd () {
 
 
 chk_inetdconf () {
+    # this function is inconsistent with the other chk_* functions in terms of return values
     STATUS=${NOT_INFECTED}
-    SHELLS="${ROOTDIR}bin/sh ${ROOTDIR}bin/bash"
+    SHELLS="/bin/sh /bin/bash"
 
-    if [ -r ${ROOTDIR}etc/shells ]; then
-       	SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
+    if [ -r "${ROOTDIR}etc/shells" ]; then
+        SHELLS=$(${egrep} -v '^#' "${ROOTDIR}etc/shells")
     fi
 
-    if [ -r ${ROOTDIR}etc/inetd.conf ]; then
-	for CHK_SHELL in ${SHELLS}; do
-		cat ${ROOTDIR}etc/inetd.conf | ${egrep} -v "^#" | ${egrep} "^.*stream.*tcp.*nowait.*$CHK_SHELL.*" > /dev/null
-		if [ ${?} -ne 1 ]; then
-			if [ "${EXPERT}" = "t" ]; then
-				echo "Backdoor shell record(s) in /etc/inetd.conf: "
-				cat ${ROOTDIR}etc/inetd.conf | ${egrep} -v "^#" | ${egrep} "^.*stream.*tcp.*nowait.*$CHK_SHELL.*"
-			fi
-			STATUS=${INFECTED}
-		fi
-	done
-	return ${STATUS}
+    if [ -r "${ROOTDIR}etc/inetd.conf" ]; then
+        INETD_CONF_LINES=$(${egrep} -v '^#' "${ROOTDIR}etc/inetd.conf")
+        for CHK_SHELL in ${SHELLS}; do
+            if "${echo}" "$INETD_CONF_LINES" | ${egrep} -q "stream.*tcp.*nowait.*$CHK_SHELL" 2>/dev/null; then
+                if [ "${EXPERT}" = "t" ]; then
+                    echo "Backdoor shell record(s) in /etc/inetd.conf: "
+                    ${egrep} -v "^#" "${ROOTDIR}etc/inetd.conf" | ${egrep} "^.*stream.*tcp.*nowait.*$CHK_SHELL.*"
+                    # other chk_* functions return 5 here (?)
+                fi
+                return "${INFECTED}"
+            fi
+        done
+        return "${STATUS}"
     else
-    	return ${NOT_FOUND}
+        return "${NOT_FOUND}"
     fi
-
 }
 
 chk_telnetd () {