chkrootkit: patch

"Fossies" - the Fresh Open Source Software Archive

Member "chkrootkit-0.55/patch" (9 Jun 2021, 4927 Bytes) of package /linux/misc/chkrootkit-0.55.tar.gz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

1 *** ../chkrootkit-0.54/chkrootkit 2020-12-20 00:32:29.040003633 -0500 2 --- chkrootkit 2021-05-30 01:58:27.864993530 -0400 3 *************** 4 *** 1,8 **** 5 #! /bin/sh 6 # -*- Shell-script -*- 7 8 ! # $Id: chkrootkit, v 0.54 2020/12/24 9 ! CHKROOTKIT_VERSION='0.54' 10 11 # Authors: Nelson Murilo <nelson@pangeia.com.br> (main author) and 12 # Klaus Steding-Jessen <jessen@cert.br> 13 --- 1,8 ---- 14 #! /bin/sh 15 # -*- Shell-script -*- 16 17 ! # $Id: chkrootkit, v 0.55 2021/06/10 18 ! CHKROOTKIT_VERSION='0.55' 19 20 # Authors: Nelson Murilo <nelson@pangeia.com.br> (main author) and 21 # Klaus Steding-Jessen <jessen@cert.br> 22 *************** 23 *** 311,317 **** 24 prog="" 25 if [ $ "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \ 26 `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 $ \) -a "${ROOTDIR}" = "/" ]; then 27 ! [ -x ./chkproc -a "`find /proc 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc" 28 [ -x ./chkdirs ] && prog="$prog ./chkdirs" 29 if [ "$prog" = "" -o ${mode} = "pm" ]; then 30 echo "not tested: can't exec $prog" 31 --- 311,317 ---- 32 prog="" 33 if [ $ "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \ 34 `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 $ \) -a "${ROOTDIR}" = "/" ]; then 35 ! [ -x ./chkproc -a "`find /proc -maxdepth 1 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc" 36 [ -x ./chkdirs ] && prog="$prog ./chkdirs" 37 if [ "$prog" = "" -o ${mode} = "pm" ]; then 38 echo "not tested: can't exec $prog" 39 *************** 40 *** 629,634 **** 41 --- 629,643 ---- 42 ## PWNLNX6 - An LKM Roottkit 43 expertmode_output "${find} ${ROOTDIR}/tmp/suterusu" 44 45 + ## Umbreon 46 + expertmode_output "${find} ${ROOTDIR}usr/share/libc.so*" 47 + 48 + ## KINSING.A Backdoor 49 + expertmode_output "${find} ${ROOTDIR}tmp/kdevtmp*" 50 + 51 + ## RotaJakiro 52 + expertmode_output "${ls} ${ROOTDIR}bin/system-daemon" 53 + 54 ## Common SSH-SCANNERS 55 expertmode_output "${find} ${ROOTDIR}/tmp ${ROOTDIR}/var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2" 56 57 *************** 58 *** 1289,1295 **** 59 ## Hidden Cobra (IBM AIX) 60 if [ "${QUIET}" != "t" ]; then 61 printn "Searching for Hidden Cobra ... "; fi 62 ! if ${ls} "${ROOTDIR}tmp/.ICE-unix/m*.so" ${ROOTDIR}tmp/.ICE-unix/engine.so 2>/dev/null; then 63 echo "INFECTED: Possible Malicious Hidden Cobra installed" 64 else 65 if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi 66 --- 1298,1304 ---- 67 ## Hidden Cobra (IBM AIX) 68 if [ "${QUIET}" != "t" ]; then 69 printn "Searching for Hidden Cobra ... "; fi 70 ! if ${ls} ${ROOTDIR}tmp/.ICE-unix/m*.so ${ROOTDIR}tmp/.ICE-unix/engine.so 2>/dev/null; then 71 echo "INFECTED: Possible Malicious Hidden Cobra installed" 72 else 73 if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi 74 *************** 75 *** 1322,1327 **** 76 --- 1331,1363 ---- 77 if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi 78 fi 79 80 + ## Umbreon Linux Rootkit 81 + if [ "${QUIET}" != "t" ]; then 82 + printn "Searching for Umbreon lrk... "; fi 83 + if ${ls} ${ROOTDIR}usr/share/libc.so.* > /dev/null 2>&1 ; then 84 + echo "INFECTED: Possible Malicious UMBREON LRK installed" 85 + else 86 + if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi 87 + fi 88 + 89 + ## KINSING.A Backdoor 90 + if [ "${QUIET}" != "t" ]; then 91 + printn "Searching for Kinsing.a backdoor... "; fi 92 + if ${ls} "${ROOTDIR}tmp/kdevtmpfsi" > /dev/null 2>&1 ; then 93 + echo "INFECTED: Possible Malicious KINSING.A Backdoor installed" 94 + else 95 + if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi 96 + fi 97 + 98 + ## RotaJakiro Backdoor 99 + if [ "${QUIET}" != "t" ]; then 100 + printn "Searching for RotaJakiro backdoor... "; fi 101 + if ${ls} "${ROOTDIR}bin/systemd-daemon" > /dev/null 2>&1 ; then 102 + echo "INFECTED: Possible Malicious JOTAJAKIRO Backdoor installed" 103 + else 104 + if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi 105 + fi 106 + 107 ### 108 ### Suspects PHP files 109 ### 110 *************** 111 *** 1477,1485 **** 112 GENERIC_ROOTKIT_FEDORA=${GENERIC_ROOTKIT_LABEL} 113 if [ -f /etc/system-release ]; then 114 v=`${egrep} -i fedora /etc/system-release | cut -d " " -f 3` 115 if [ "$v" -gt "32" ]; then 116 GENERIC_ROOTKIT_FEDORA="bash|elite$|vejeta|\.ark|iroffer" 117 ! fi 118 fi 119 120 if [ "${EXPERT}" = "t" ]; then 121 --- 1513,1522 ---- 122 GENERIC_ROOTKIT_FEDORA=${GENERIC_ROOTKIT_LABEL} 123 if [ -f /etc/system-release ]; then 124 v=`${egrep} -i fedora /etc/system-release | cut -d " " -f 3` 125 + test -n "$v" && { 126 if [ "$v" -gt "32" ]; then 127 GENERIC_ROOTKIT_FEDORA="bash|elite$|vejeta|\.ark|iroffer" 128 ! fi } 129 fi 130 131 if [ "${EXPERT}" = "t" ]; then