1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
From: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Mon, 27 Feb 2023 22:33:58 +0000
Subject: chkrootkit: chkutmp
Debian has moved to a 64-but version of time_t which means
/var/run/utmp no longer exists.
This patch skips the chkutmp() check if there is no file to check
(only on Linux)
Also better messages if things are skipped - distibguish between
skipping because -r is given and not being able to find the helper
Forwarded: yes
(Forwarded by email: 21 Dec 2024)
---
chkrootkit | 23 +++++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
diff --git a/chkrootkit b/chkrootkit
index 9f2d0b4..4473636 100755
--- a/chkrootkit
+++ b/chkrootkit
@@ -223,13 +223,24 @@ sniffer () {
}
chkutmp() {
- if [ ! -x ./chkutmp -o ${mode} = "pm" ]; then
- echo "not tested: can't exec ./chkutmp"
- return ${NOT_TESTED}
+ if [ "${mode}" = "pm" ]; then
+ _not_tested
+ return "${NOT_TESTED}"
fi
- if ./chkutmp
- then
- if [ "${QUIET}" != "t" ]; then echo "chkutmp: nothing deleted"; fi
+ if [ "$SYSTEM" = "Linux" ] && [ ! -f /var/run/utmp ]; then
+ # utmp was rewritten incompatibly to make time_t 64-bit
+ _not_tested
+ return "${NOT_TESTED}"
+ fi
+ if [ ! -x ./chkutmp ]; then
+ _warn "chkutmp not tested: can't exec ./chkutmp"
+ return "${NOT_TESTED}"
+ fi
+ outmsg=$(PATH="$path_for_tools" ./chkutmp 2>&1)
+ if [ $? -eq 0 ]; then
+ _not_found
+ else
+ _warn "chkutmp output: $outmsg\n"
fi
}
|
