1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
From: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Mon, 20 Feb 2023 23:47:05 +0000
Subject: chkrootkit: chk_login
Remove stray ']'
Redirection of stderr should be after redirection of stdout, not before
Forwarded: yes
(Forwarded by email: 21 Dec 2024)
---
chkrootkit | 51 ++++++++++++++++++++++++++++++++-------------------
1 file changed, 32 insertions(+), 19 deletions(-)
diff --git a/chkrootkit b/chkrootkit
index 7137152..95e4d72 100755
--- a/chkrootkit
+++ b/chkrootkit
@@ -1517,7 +1517,10 @@ chk_chsh () {
chk_login () {
STATUS=${NOT_INFECTED}
- CMD=`loc login login $pth`
+ CMD=$(loc login login "$pth")
+ if [ "${?}" -ne 0 ]; then
+ return "${NOT_FOUND}"
+ fi
if [ "${EXPERT}" = "t" ]; then
expertmode_output "${strings} -a ${CMD}"
@@ -1525,32 +1528,42 @@ chk_login () {
fi
if [ "$SYSTEM" = "SunOS" ]; then
- TROJED_L_L="porcao|/bin/xstat"
- if ${strings} -a ${CMD} | ${egrep} "${TROJED_L_L}" >/dev/null 2>&1 ]; then
- return ${INFECTED}
- else
- return ${NOT_TESTED}
- fi
+ TROJED_L_L="porcao|/bin/xstat"
+ if "${strings}" -a "${CMD}" | ${egrep} "${TROJED_L_L}" >/dev/null 2>&1; then
+ return "${INFECTED}"
+ else
+ return "${NOT_TESTED}"
+ fi
fi
GENERAL="^root$"
TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
- ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
- if [ ${ret} -gt 0 ]; then
- case ${ret} in
- 1) [ "${SYSTEM}" = "OpenBSD" -a `echo $V | ${awk} '{ if ($1 < 2.7 ||
-$1 >= 3.0) print 1; else print 0}'` -eq 1 ] && \
- STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
- 2) [ "${SYSTEM}" = "FreeBSD" -o ${SYSTEM} = "NetBSD" -o ${SYSTEM} = \
-"OpenBSD" -a `echo ${V} | ${awk} '{ if ($1 >= 2.8) print 1; else print 0 }'` -eq 1 ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
- 6|7) [ "${SYSTEM}" = "HP-UX" ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
+ ret=$("${strings}" -a "${CMD}" | ${egrep} -c "${GENERAL}")
+ if [ "${ret}" -gt 0 ]; then
+ case "${ret}" in
+ 1) if [ "${SYSTEM}" = "OpenBSD" -a "$(echo "$V" | "${awk}" '{ if ($1 < 2.7 ||
+$1 >= 3.0) print 1; else print 0}')" -eq 1 ]; then
+ STATUS=${NOT_INFECTED}
+ else
+ STATUS=${INFECTED}
+ fi;;
+ 2) if [ "${SYSTEM}" = "FreeBSD" -o "${SYSTEM}" = "NetBSD" -o "${SYSTEM}" = "OpenBSD" -a "$(echo "${V}" | "${awk}" '{ if ($1 >= 2.8) print 1; else print 0 }')" -eq 1 ]; then
+ STATUS=${NOT_INFECTED}
+ else
+ STATUS=${INFECTED}
+ fi;;
+ 6|7) if [ "${SYSTEM}" = "HP-UX" ]; then
+ STATUS=${NOT_INFECTED}
+ else
+ STATUS=${INFECTED}
+ fi;;
*) STATUS=${INFECTED};;
esac
fi
- if ${strings} -a ${CMD} | ${egrep} "${TROJED_L_L}" 2>&1 >/dev/null
- then
+ if "${strings}" -a "${CMD}" | ${egrep} "${TROJED_L_L}" >/dev/null 2>&1
+ then
STATUS=${INFECTED}
fi
- return ${STATUS}
+ return "${STATUS}"
}
chk_passwd () {
|
