[PATCH]chkrootkit-inetd
newsonet
newsonet at poczta.onet.pl
Sat Jul 23 12:50:08 CEST 2005
takie tam
http://littleb.3vnet.pl/temp/chkrootkit-inetd.patch
-------------- next part --------------
diff -urN chkrootkit-0.45.old/chkrootkit chkrootkit-0.45/chkrootkit
--- chkrootkit-0.45.old/chkrootkit 2005-02-22 13:57:31.000000000 +0100
+++ chkrootkit-0.45/chkrootkit 2005-07-23 12:25:16.713225672 +0200
@@ -115,12 +115,12 @@
CMD=`loc asp asp $pth`
if [ "${EXPERT}" = "t" ]; then
- expertmode_output "${egrep} ^asp ${ROOTDIR}etc/inetd.conf"
+ expertmode_output "${egrep} ^asp ${ROOTDIR}etc/sysconfig/inetd.conf"
expertmode_output "${strings} -a ${CMD}"
return 5
fi
- if ${egrep} "^asp" ${ROOTDIR}etc/inetd.conf >/dev/null 2>&1; then
+ if ${egrep} "^asp" ${ROOTDIR}etc/sysconfig/inetd.conf >/dev/null 2>&1; then
echo "Warning: Possible Ramen Worm installed in inetd.conf"
STATUS=${INFECTED}
fi
@@ -698,7 +698,7 @@
printn "Searching for LPD Worm files and dirs... "; fi
if ${egrep} "^kork" ${ROOTDIR}etc/passwd > /dev/null 2>&1 || \
- ${egrep} "^666" ${ROOTDIR}etc/inetd.conf > /dev/null 2>&1 ;
+ ${egrep} "^666" ${ROOTDIR}etc/sysconfig/inetd.conf > /dev/null 2>&1 ;
then
echo "Possible LPD worm installed"
elif [ -d ${ROOTDIR}dev/.kork -o -f ${ROOTDIR}bin/.ps -o \
@@ -2211,7 +2211,7 @@
if ${strings} -a ${CMD} | ${egrep} "${RSHD_INFECTED_LABEL}" > /dev/null 2>&1
then
STATUS=${INFECTED}
- if ${egrep} "^#.*rshd" ${ROOTDIR}etc/inetd.conf >/dev/null 2>&1 -o \
+ if ${egrep} "^#.*rshd" ${ROOTDIR}etc/sysconfig/inetd.conf >/dev/null 2>&1 -o \
${ls} ${ROOTDIR}etc/xinetd.d/rshd >/dev/null 2>&1 ; then
STATUS=${INFECTED_BUT_DISABLED}
fi
@@ -2233,8 +2233,8 @@
STATUS=${NOT_INFECTED}
TCPD_INFECTED_LABEL="p1r0c4|hack|/dev/xmx|/dev/hdn0|/dev/xdta|/dev/tux"
- [ -r ${ROOTDIR}etc/inetd.conf ] &&
- CMD=`${egrep} '^[^#].*tcpd' ${ROOTDIR}etc/inetd.conf | ${head} -1 | \
+ [ -r ${ROOTDIR}etc/sysconfig/inetd.conf ] &&
+ CMD=`${egrep} '^[^#].*tcpd' ${ROOTDIR}etc/sysconfig/inetd.conf | ${head} -1 | \
${awk} '{ print $6 }'`
if ${ps} auwx | ${egrep} xinetd | ${egrep} -v grep >/dev/null 2>&1; then
CMD=`loc tcpd tcpd $pth`
@@ -2331,13 +2331,13 @@
SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
fi
- if [ -r ${ROOTDIR}etc/inetd.conf ]; then
+ if [ -r ${ROOTDIR}etc/sysconfig/inetd.conf ]; then
for SHELL in ${SHELLS}; do
- cat ${ROOTDIR}etc/inetd.conf | ${egrep} -v "^#" | ${egrep} "^.*stream.*tcp.*nowait.*$SHELL.*" > /dev/null
+ cat ${ROOTDIR}etc/sysconfig/inetd.conf | ${egrep} -v "^#" | ${egrep} "^.*stream.*tcp.*nowait.*$SHELL.*" > /dev/null
if [ ${?} -ne 1 ]; then
if [ "${EXPERT}" = "t" ]; then
- echo "Backdoor shell record(s) in /etc/inetd.conf: "
- cat ${ROOTDIR}etc/inetd.conf | ${egrep} -v "^#" | ${egrep} "^.*stream.*tcp.*nowait.*$SHELL.*"
+ echo "Backdoor shell record(s) in /etc/sysconfig/inetd.conf: "
+ cat ${ROOTDIR}etc/sysconfig/inetd.conf | ${egrep} -v "^#" | ${egrep} "^.*stream.*tcp.*nowait.*$SHELL.*"
fi
STATUS=${INFECTED}
fi
More information about the pld-devel-pl
mailing list