===========================================================
.___ __ __
_________________ __ __ __| _/|__|/ |_
/ ___\_` __ \__ \ | | \/ __ | | \\_ __\
/ /_/ > | \// __ \| | / /_/ | | || |
\___ /|__| (____ /____/\____ | |__||__|
/_____/ \/ \/
grep rough audit - static analysis tool
v2.8 written by @Wireghoul
=================================[justanotherhacker.com]===
chkrootkit-0.53/debian/patches/03_linedup_reports.patch-13--printn () {
chkrootkit-0.53/debian/patches/03_linedup_reports.patch:14:- if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/debian/patches/03_linedup_reports.patch-15-- ${echo} -n "$1"
##############################################
chkrootkit-0.53/debian/patches/03_linedup_reports.patch-41-- ${echo} "${1}\c"
chkrootkit-0.53/debian/patches/03_linedup_reports.patch:42:+ if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/debian/patches/03_linedup_reports.patch-43-+ ${echo} -n "$1"
##############################################
chkrootkit-0.53/debian/patches/04_backslashes.patch-9-@@ -714,7 +714,7 @@
chkrootkit-0.53/debian/patches/04_backslashes.patch:10: if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
chkrootkit-0.53/debian/patches/04_backslashes.patch-11- "$SYSTEM" != "FreeBSD" ]
##############################################
chkrootkit-0.53/debian/patches/06_quiet.patch-38- STATUS=${NOT_INFECTED}
chkrootkit-0.53/debian/patches/06_quiet.patch:39: CMD=`loc login login $pth`
chkrootkit-0.53/debian/patches/06_quiet.patch-40-+ if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/debian/patches/06_quiet.patch-62- LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h"
chkrootkit-0.53/debian/patches/06_quiet.patch:63: CMD=`loc ls ls $pth`
chkrootkit-0.53/debian/patches/06_quiet.patch-64-+ if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/debian/patches/06_quiet.patch-74- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h"
chkrootkit-0.53/debian/patches/06_quiet.patch:75: CMD=`loc du du $pth`
chkrootkit-0.53/debian/patches/06_quiet.patch-76-+ if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/debian/patches/06_quiet.patch-86- NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
chkrootkit-0.53/debian/patches/06_quiet.patch:87: CMD=`loc netstat netstat $pth`
chkrootkit-0.53/debian/patches/06_quiet.patch-88-+ if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/debian/patches/06_quiet.patch-98- /dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so"
chkrootkit-0.53/debian/patches/06_quiet.patch:99: CMD=`loc ps ps $pth`
chkrootkit-0.53/debian/patches/06_quiet.patch-100-+ if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/debian/patches/06_quiet.patch-110- STATUS=${NOT_INFECTED}
chkrootkit-0.53/debian/patches/06_quiet.patch:111: CMD=`loc basename basename $pth`
chkrootkit-0.53/debian/patches/06_quiet.patch-112-+ if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/debian/patches/06_quiet.patch-122- STATUS=${NOT_INFECTED}
chkrootkit-0.53/debian/patches/06_quiet.patch:123: CMD=`loc dirname dirname $pth`
chkrootkit-0.53/debian/patches/06_quiet.patch-124-+ if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/debian/patches/06_quiet.patch-134- S_L="/bin/.*sh"
chkrootkit-0.53/debian/patches/06_quiet.patch:135: CMD=`loc date date $pth`
chkrootkit-0.53/debian/patches/06_quiet.patch-136-+ if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/debian/patches/06_quiet.patch-146- STATUS=${NOT_INFECTED}
chkrootkit-0.53/debian/patches/06_quiet.patch:147: CMD=`loc echo echo $pth`
chkrootkit-0.53/debian/patches/06_quiet.patch-148-+ if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/debian/patches/06_quiet.patch-158- STATUS=${NOT_INFECTED}
chkrootkit-0.53/debian/patches/06_quiet.patch:159: CMD=`loc env env $pth`
chkrootkit-0.53/debian/patches/06_quiet.patch-160-+ if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/debian/patches/06_quiet.patch-170- STATUS=${NOT_INFECTED}
chkrootkit-0.53/debian/patches/06_quiet.patch:171: CMD=`loc write write $pth`
chkrootkit-0.53/debian/patches/06_quiet.patch-172-+ if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/debian/patches/06_quiet.patch-182- STATUS=${NOT_INFECTED}
chkrootkit-0.53/debian/patches/06_quiet.patch:183: CMD=`loc w w $pth`
chkrootkit-0.53/debian/patches/06_quiet.patch-184-+ if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/debian/patches/06_quiet.patch-194- STATUS=${NOT_INFECTED}
chkrootkit-0.53/debian/patches/06_quiet.patch:195: CMD=`loc tar tar $pth`
chkrootkit-0.53/debian/patches/06_quiet.patch-196-+ if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/debian/patches/06_quiet.patch-206- EGREP_INFECTED_LABEL="blah"
chkrootkit-0.53/debian/patches/06_quiet.patch:207: CMD=`loc egrep egrep $pth`
chkrootkit-0.53/debian/patches/06_quiet.patch-208-+ if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/debian/patches/06_quiet.patch-218- GREP_INFECTED_LABEL="givemer"
chkrootkit-0.53/debian/patches/06_quiet.patch:219: CMD=`loc grep grep $pth`
chkrootkit-0.53/debian/patches/06_quiet.patch-220-+ if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/debian/patches/06_quiet.patch-230- SU_INFECTED_LABEL="satori|vejeta|conf\.inv"
chkrootkit-0.53/debian/patches/06_quiet.patch:231: CMD=`loc su su $pth`
chkrootkit-0.53/debian/patches/06_quiet.patch-232-+ if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/debian/patches/08_unidentified.patch-82- if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
chkrootkit-0.53/debian/patches/08_unidentified.patch:83:- files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0`
chkrootkit-0.53/debian/patches/08_unidentified.patch:84:+ files=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' -size 0`
chkrootkit-0.53/debian/patches/08_unidentified.patch-85- [ ! -z "${files}" ] && \
chkrootkit-0.53/debian/patches/08_unidentified.patch-86- echo "Warning: \`${files}' file size is zero"
chkrootkit-0.53/debian/patches/08_unidentified.patch:87:- files1=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/debian/patches/08_unidentified.patch:88:+ files1=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/debian/patches/08_unidentified.patch-89- [ ! -z "${files1}" ] && \
##############################################
chkrootkit-0.53/debian/patches/08_unidentified.patch-95-
chkrootkit-0.53/debian/patches/08_unidentified.patch:96:- for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/debian/patches/08_unidentified.patch-97-- do
##############################################
chkrootkit-0.53/debian/patches/08_unidentified.patch-104-+ if [ -n "${RUNNING}" ]; then
chkrootkit-0.53/debian/patches/08_unidentified.patch:105:+ for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/debian/patches/08_unidentified.patch-106-+ do
##############################################
chkrootkit-0.53/debian/patches/08_unidentified.patch-131- fi
chkrootkit-0.53/debian/patches/08_unidentified.patch:132: [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/debian/patches/08_unidentified.patch-133-
##############################################
chkrootkit-0.53/debian/patches/16_php.patch-14- printn "Searching for suspect PHP files... "; fi
chkrootkit-0.53/debian/patches/16_php.patch:15: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
chkrootkit-0.53/debian/patches/16_php.patch-16- if [ `echo abc | _head -1` = "abc" ]; then
chkrootkit-0.53/debian/patches/16_php.patch:17:- fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -n 1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/debian/patches/16_php.patch:18:+ fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -n 1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
chkrootkit-0.53/debian/patches/16_php.patch-19- else
chkrootkit-0.53/debian/patches/16_php.patch:20:- fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/debian/patches/16_php.patch:21:+ fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
chkrootkit-0.53/debian/patches/16_php.patch-22- fi
##############################################
chkrootkit-0.53/debian/patches/19_openssh.diff-7-@@ -1182,6 +1182,8 @@
chkrootkit-0.53/debian/patches/19_openssh.diff:8: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2 2> /dev/null`"
chkrootkit-0.53/debian/patches/19_openssh.diff-9- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/debian/patches/21_fix_loc_function.patch-12-- loc epic epic $pth
chkrootkit-0.53/debian/patches/21_fix_loc_function.patch:13:+ echo `loc epic epic $pth`
chkrootkit-0.53/debian/patches/21_fix_loc_function.patch-14- fi
##############################################
chkrootkit-0.53/debian/patches/25_fix-nfs-legacy-sniffers.patch-14-+# [ "${QUIET}" != "t" ] && ./ifpromisc -v || ./ifpromisc -q
chkrootkit-0.53/debian/patches/25_fix-nfs-legacy-sniffers.patch:15:+ outmsg=`[ "${QUIET}" != "t" ] && ./ifpromisc -v || ./ifpromisc -q`
chkrootkit-0.53/debian/patches/25_fix-nfs-legacy-sniffers.patch:16:+ [ "$EXCLUDES_SNIF" ] && outmsg=`echo $outmsg | grep -Ev "$EXCLUDES_SNIF"`
chkrootkit-0.53/debian/patches/25_fix-nfs-legacy-sniffers.patch-17-+ [ "$outmsg" ] && echo $outmsg
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-158- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:159: CMD=`loc asp asp $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-160-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-223-
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:224: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:225: LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-226-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-265- else
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:266: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-267-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-293- fi
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:294: for P in `echo $PORT | ${sed} 's/|/ /g'`; do
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-295- if ${netstat} "${OPT}" | ${egrep} "^tcp.*LIST|^udp" | ${egrep} \
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-312- if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:313: `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-314- [ -x ./chkproc -a "`find /proc 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc"
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-323- [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:324: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-325- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-332- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:333: if `${egrep} -i adore < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-334- echo "Warning: Adore LKM installed"
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-338- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:339: if `${egrep} -i sebek < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-340- echo "Warning: Sebek LKM installed"
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-347-
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:348: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.11) print 1; else print 2 }'`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-349- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-587- ## rootedoor
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:588: for i in `$echo ${PATH}|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-589- expertmode_output "${ls} -l ${ROOTDIR}${i}/rootedoor"
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-647- var/spool/lp/admins/.lp var/adm/sa/.adm usr/lib/lib.so1.so"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:648: files=`${find} ${ROOTDIR}dev -type f -exec ${egrep} -l "^[0-5] " {} \;`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-649- if [ "${files}" != "" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-656- echo "Suspect directory ${i} FOUND! Looking for sniffer logs"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:657: files=`${find} ${ROOTDIR}${i}`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-658- echo
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-711- [ -d ${ROOTDIR}usr/local/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/local/lib"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:712: if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-713- "$SYSTEM" != "FreeBSD" ]
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-781-
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:782: files=`${find} ${DIR} -name ".[A-Za-z]*" -o -name "...*" -o -name ".. *"`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:783: dirs=`${find} ${DIR} -type d -name ".*"`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-784- if [ "${files}" = "" -a "${dirs}" = "" ]
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-824-
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:825: files=`${find} ${ROOTDIR}usr/bin -name mailrc`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-826- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-868-
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:869: files=`${find} ${CGIDIR} -name last.cgi`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-870- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-884- echo "${files}"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:885: files=`${find} ${ROOTDIR}usr/lib/lib ${ROOTDIR}usr/lib/libt 2>/dev/null`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-886- [ "${files}" != "" ] && echo ${files}
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-903-
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:904: files=`${find} ${ROOTDIR}dev -name chr`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-905- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-912- if [ "${QUIET}" != "t" ];then printn "Searching for Sadmind/IIS Worm... "; fi
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:913: files=`${find} ${ROOTDIR}dev/cuc 2> /dev/null`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-914- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-957- if [ "${QUIET}" != "t" ];then printn "Searching for T.R.K... "; fi
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:958: files=`${find} ${ROOTDIR}usr/bin -name xchk -o -name xsf >/dev/null 2>&1`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-959- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-967- if [ "${QUIET}" != "t" ];then printn "Searching for Mithra... "; fi
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:968: files=`${find} ${ROOTDIR}usr/lib/locale -name uboot 2> /dev/null`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-969- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-978- if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:979: files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-980- if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-989- if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:990: files=`find ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-991- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1141- found=0
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1142: for i in `$echo $PATH|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1143- if [ -f "${ROOTDIR}${i}/rootedoor" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1162- printn "Searching for common ssh-scanners default files... "; fi
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1163: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2 2> /dev/null`"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1164- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1203- printn "Searching for 64-bit Linux Rootkit modules... "; fi
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1204: files="`${find} ${ROOTDIR}/lib/modules ${findargs} -name module_init.ko 2 2> /dev/null`"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1205- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1227- printn "Searching for Backdoor.Linux.Mokes.a ... "; fi
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1228: files="`${find} ${ROOTDIR}tmp/ ${findargs} -name "ss0-[0-9]*" -o -name "kk-[0-9]*" 2> /dev/null`"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1229- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1237- printn "Searching for Malicious TinyDNS ... "; fi
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1238: files="`${find} "${ROOTDIR}home/ ./" 2> /dev/null`"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1239- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1247- printn "Searching for Linux.Xor.DDoS ... "; fi
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1248: files="`${find} ${ROOTDIR}tmp/ ${findargs} -executable -type f 2> /dev/null`"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1249- if [ "${files}" = "" ]; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1250: files="`${ls} ${ROOTDIR}etc/cron.hourly/udev.sh 2> /dev/null`"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1251- files="$files $($ls ${ROOTDIR}etc/cron.hourly/gcc.sh 2> /dev/null)"
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1302- printn "Searching for suspect PHP files... "; fi
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1303: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1304-if [ `echo abc | _head -1` = "abc" ]; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1305: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -n 1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1306-else
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1307: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1308-fi
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1323- if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1324: files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1325- [ ! -z "${files}" ] && \
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1326- echo "Warning: \`${files}' file size is zero"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1327: files1=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1328- [ ! -z "${files1}" ] && \
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1377-
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1378: for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1379- do
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1394-# cat <<EOF
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1395:#`$1 2>&1`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1396-#EOF
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1417- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1418: CMD=`loc chfn chfn $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1419- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1433- FreeBSD)
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1434: [ `echo $V | ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1435- if [ `${strings} -a ${CMD} | \
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1445- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1446: CMD=`loc chsh chsh $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1447- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1469- FreeBSD)
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1470: [ `echo $V | ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1471: if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1472- then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1480- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1481: CMD=`loc login login $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1482-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1497- TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1498: ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1499- if [ ${ret} -gt 0 ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1504- 2) [ "${SYSTEM}" = "FreeBSD" -o ${SYSTEM} = "NetBSD" -o ${SYSTEM} = \
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1505:"OpenBSD" -a `echo ${V} | ${awk} '{ if ($1 >= 2.8) print 1; else print 0 }'` -eq 1 ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1506- 6|7) [ "${SYSTEM}" = "HP-UX" ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1518- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1519: CMD=`loc passwd passwd $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1520-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1566-SYSLOG_I_L="/usr/lib/pt07|/dev/pty[pqrs]|/dev/hd[als][0-7]|/dev/ddtz1|/dev/ptyxx|/dev/tux|syslogs\.h"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1567: CMD=`loc syslogd syslogd $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1568-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1588- HDPARM_INFECTED_LABEL="/dev/ida"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1589: CMD=`loc hdparm hdparm $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1590- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1610- GPM_INFECTED_LABEL="mingetty"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1611: CMD=`loc gpm gpm $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1612- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1632- MINGETTY_INFECTED_LABEL="Dimensioni|pacchetto"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1633: CMD=`loc mingetty mingetty $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1634- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1654- SENDMAIL_INFECTED_LABEL="fuck"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1655: CMD=`loc sendmail sendmail $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1656- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1676-LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1677: CMD=`loc ls ls $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1678-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1693- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1694: CMD=`loc du du $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1695-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1710- NAMED_I_L="blah|bye"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1711: CMD=`loc named named $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1712-
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1713- if [ ! -r "${CMD}" ]; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1714: CMD=`loc in.named in.named $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1715- if [ ! -r "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1735-NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1736: CMD=`loc netstat netstat $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1737-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1754-/dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1755: CMD=`loc ps ps $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1756-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1772-
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1773: CMD=`loc pstree pstree $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1774- if [ ! -r "${CMD}" ]
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1794-
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1795: CMD=`loc crontab crontab $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1796-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1820-
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1821: CMD=`loc top top $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1822-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1842- TOP_INFECTED_LABEL="/dev/pty[pqrs]"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1843: CMD=`loc pidof pidof $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1844-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1864- TOP_INFECTED_LABEL="/dev/ttyop|/dev/pty[pqrs]|/dev/hda[0-7]|/dev/hdp|/dev/ptyxx|/dev/tux|proc\.h"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1865: CMD=`loc killall killall $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1866-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1912- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1913: CMD=`loc basename basename $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1914-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1936- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1937: CMD=`loc dirname dirname $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1938-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1956- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1957: CMD=`loc traceroute traceroute $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1958-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1977- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:1978: CMD=`loc rpcinfo rpcinfo $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-1979-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2004- S_L="/bin/.*sh"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2005: CMD=`loc date date $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2006-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2011- fi
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2012: [ "${SYSTEM}" = "FreeBSD" -a `echo $V | ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2013- {
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2034- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2035: CMD=`loc echo echo $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2036-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2055- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2056: CMD=`loc env env $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2057-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2077- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2078: CMD=`loc timed timed $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2079- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2080: CMD=`loc in.timed in.timed $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2081- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2098- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2099: CMD=`loc in.identd in.identd $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2100- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2117- INIT_INFECTED_LABEL="UPX"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2118: CMD=`loc init init $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2119- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2135- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2136: CMD=`loc in.pop2d in.pop2d $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2137- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2153- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2154: CMD=`loc in.pop3d in.pop3d $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2155- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2171- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2172: CMD=`loc write write $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2173- WRITE_ROOTKIT_LABEL="bash|elite$|vejeta|\.ark"
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2192- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2193: CMD=`loc w w $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2194- W_INFECTED_LABEL="uname -a"
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2209- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2210: CMD=`loc vdir vdir $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2211- VDIR_INFECTED_LABEL="/lib/volc"
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2229- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2230: CMD=`loc tar tar $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2231-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2244- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2245: CMD=`loc in.rexedcs in.rexedcs $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2246- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2261- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2262: CMD=`loc mail mail $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2263- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2290- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2291: CMD=`loc biff biff $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2292- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2316- EGREP_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2317: CMD=`loc egrep egrep $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2318-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2333- GREP_INFECTED_LABEL="givemer"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2334: CMD=`loc grep grep $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2335-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2355- FIND_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|^/prof|/home/virus|/security|file\.h"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2356: CMD=`loc find find $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2357-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2377- RLOGIN_INFECTED_LABEL="p1r0c4|r00t"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2378: CMD=`loc in.rlogind in.rlogind $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2379- if [ ! -x "${CMD}" ]; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2380: CMD=`loc rlogind rlogind $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2381- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2398- LSOF_INFECTED_LABEL="^/prof"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2399: CMD=`loc lsof lsof $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2400- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2416- AMD_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2417: CMD=`loc amd amd $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2418- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2434- SLOGIN_INFECTED_LABEL="homo"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2435: CMD=`loc slogin slogin $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2436- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2452- CRON_INFECTED_LABEL="/dev/hda|/dev/hda[0-7]|/dev/hdc0"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2453: CMD=`loc cron cron $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2454- if [ "${?}" -ne 0 ]; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2455: CMD=`loc crond crond $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2456- fi
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2473- STATUS=${INFECTED}
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2474: CMD=`loc ifconfig ifconfig $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2475- if [ "${?}" -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2503- FreeBSD) CMD="${ROOTDIR}usr/libexec/rshd";;
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2504: *) CMD=`loc rshd rshd $pth`;;
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2505- esac
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2546- if ${ps} auwx | ${egrep} xinetd | ${egrep} -v grep >/dev/null 2>&1; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2547: CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2548- fi
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2549: [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2550-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2592- SU_INFECTED_LABEL="satori|vejeta|conf\.inv"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2593: CMD=`loc su su $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2594-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2609- FINGER_INFECTED_LABEL="cterm100|${GENERIC_ROOTKIT_LABEL}"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2610: CMD=`loc fingerd fingerd $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2611-
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2612- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2613: CMD=`loc in.fingerd in.fingerd $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2614- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2637- if [ -r ${ROOTDIR}etc/shells ]; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2638: SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2639- fi
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2661- TELNETD_INFECTED_LABEL='cterm100|vt350|VT100|ansi-term|/dev/hda[0-7]'
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2662: CMD=`loc telnetd telnetd $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2663-
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2664- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2665: CMD=`loc in.telnetd in.telnetd $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2666- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2684-printn () {
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2685: if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2686- ${echo} -n "$1"
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2764-### PATH used by loc
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2765:pth=`echo $PATH | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2766-pth="$pth /sbin /usr/sbin /lib /usr/lib /usr/libexec ."
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2772- ### use the path provided with the -p option
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2773: chkrkpth=`echo ${CHKRKPATH} | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2774-fi
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2776-for file in $cmdlist; do
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2777: xxx=`loc $file $file $chkrkpth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2778- eval $file=$xxx
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2795-
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2796:SYSTEM=`${uname} -s`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2797:VERSION=`${uname} -r`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2798-if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2800-else
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2801: V=`echo $VERSION| ${sed} -e 's/[-_@].*//'| ${awk} -F . '{ print $1 "." $2 $3 }'`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2802-fi
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2806-{
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2807: if `$echo a | $head -n 1 >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2808: $head -n `echo $1 | tr -d "-"`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2809- else
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2833-
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2834:if [ `${id} | ${cut} -d= -f2 | ${cut} -d\( -f1` -ne 0 ]; then
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2835- echo "$0 needs root privileges"
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2864- ### remove trailing `/'
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2865: ROOTDIR=`echo ${ROOTDIR} | ${sed} -e 's/\/*$//g'`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2866-
##############################################
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2889- netstat="netstat"
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit:2890: CMD=`loc ss ss $pth`
chkrootkit-0.53/.pc/02_workingdir.patch/chkrootkit-2891- [ ${?} -eq 0 ] && netstat="ss"
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-160- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:161: CMD=`loc asp asp $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-162-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-225-
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:226: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:227: LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-228-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-267- else
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:268: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-269-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-295- fi
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:296: for P in `echo $PORT | ${sed} 's/|/ /g'`; do
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-297- if ${netstat} "${OPT}" | ${egrep} "^tcp.*LIST|^udp" | ${egrep} \
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-314- if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:315: `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-316- [ -x ./chkproc -a "`find /proc 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc"
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-325- [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:326: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-327- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-334- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:335: if `${egrep} -i adore < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-336- echo "Warning: Adore LKM installed"
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-340- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:341: if `${egrep} -i sebek < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-342- echo "Warning: Sebek LKM installed"
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-349-
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:350: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.11) print 1; else print 2 }'`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-351- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-589- ## rootedoor
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:590: for i in `$echo ${PATH}|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-591- expertmode_output "${ls} -l ${ROOTDIR}${i}/rootedoor"
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-649- var/spool/lp/admins/.lp var/adm/sa/.adm usr/lib/lib.so1.so"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:650: files=`${find} ${ROOTDIR}dev -type f -exec ${egrep} -l "^[0-5] " {} \;`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-651- if [ "${files}" != "" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-658- echo "Suspect directory ${i} FOUND! Looking for sniffer logs"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:659: files=`${find} ${ROOTDIR}${i}`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-660- echo
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-713- [ -d ${ROOTDIR}usr/local/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/local/lib"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:714: if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-715- "$SYSTEM" != "FreeBSD" ]
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-783-
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:784: files=`${find} ${DIR} -name ".[A-Za-z]*" -o -name "...*" -o -name ".. *"`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:785: dirs=`${find} ${DIR} -type d -name ".*"`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-786- if [ "${files}" = "" -a "${dirs}" = "" ]
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-826-
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:827: files=`${find} ${ROOTDIR}usr/bin -name mailrc`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-828- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-870-
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:871: files=`${find} ${CGIDIR} -name last.cgi`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-872- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-886- echo "${files}"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:887: files=`${find} ${ROOTDIR}usr/lib/lib ${ROOTDIR}usr/lib/libt 2>/dev/null`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-888- [ "${files}" != "" ] && echo ${files}
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-905-
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:906: files=`${find} ${ROOTDIR}dev -name chr`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-907- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-914- if [ "${QUIET}" != "t" ];then printn "Searching for Sadmind/IIS Worm... "; fi
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:915: files=`${find} ${ROOTDIR}dev/cuc 2> /dev/null`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-916- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-959- if [ "${QUIET}" != "t" ];then printn "Searching for T.R.K... "; fi
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:960: files=`${find} ${ROOTDIR}usr/bin -name xchk -o -name xsf >/dev/null 2>&1`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-961- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-969- if [ "${QUIET}" != "t" ];then printn "Searching for Mithra... "; fi
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:970: files=`${find} ${ROOTDIR}usr/lib/locale -name uboot 2> /dev/null`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-971- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-980- if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:981: files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-982- if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-991- if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:992: files=`find ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-993- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1143- found=0
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1144: for i in `$echo $PATH|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1145- if [ -f "${ROOTDIR}${i}/rootedoor" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1164- printn "Searching for common ssh-scanners default files... "; fi
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1165: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2 2> /dev/null`"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1166- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1205- printn "Searching for 64-bit Linux Rootkit modules... "; fi
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1206: files="`${find} ${ROOTDIR}/lib/modules ${findargs} -name module_init.ko 2 2> /dev/null`"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1207- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1229- printn "Searching for Backdoor.Linux.Mokes.a ... "; fi
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1230: files="`${find} ${ROOTDIR}tmp/ ${findargs} -name "ss0-[0-9]*" -o -name "kk-[0-9]*" 2> /dev/null`"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1231- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1239- printn "Searching for Malicious TinyDNS ... "; fi
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1240: files="`${find} "${ROOTDIR}home/ ./" 2> /dev/null`"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1241- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1249- printn "Searching for Linux.Xor.DDoS ... "; fi
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1250: files="`${find} ${ROOTDIR}tmp/ ${findargs} -executable -type f 2> /dev/null`"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1251- if [ "${files}" = "" ]; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1252: files="`${ls} ${ROOTDIR}etc/cron.hourly/udev.sh 2> /dev/null`"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1253- files="$files $($ls ${ROOTDIR}etc/cron.hourly/gcc.sh 2> /dev/null)"
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1304- printn "Searching for suspect PHP files... "; fi
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1305: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1306-if [ `echo abc | _head -1` = "abc" ]; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1307: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -n 1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1308-else
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1309: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1310-fi
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1325- if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1326: files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1327- [ ! -z "${files}" ] && \
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1328- echo "Warning: \`${files}' file size is zero"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1329: files1=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1330- [ ! -z "${files1}" ] && \
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1379-
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1380: for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1381- do
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1396-# cat <<EOF
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1397:#`$1 2>&1`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1398-#EOF
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1419- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1420: CMD=`loc chfn chfn $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1421- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1435- FreeBSD)
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1436: [ `echo $V | ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1437- if [ `${strings} -a ${CMD} | \
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1447- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1448: CMD=`loc chsh chsh $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1449- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1471- FreeBSD)
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1472: [ `echo $V | ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1473: if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1474- then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1482- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1483: CMD=`loc login login $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1484-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1499- TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1500: ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1501- if [ ${ret} -gt 0 ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1506- 2) [ "${SYSTEM}" = "FreeBSD" -o ${SYSTEM} = "NetBSD" -o ${SYSTEM} = \
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1507:"OpenBSD" -a `echo ${V} | ${awk} '{ if ($1 >= 2.8) print 1; else print 0 }'` -eq 1 ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1508- 6|7) [ "${SYSTEM}" = "HP-UX" ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1520- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1521: CMD=`loc passwd passwd $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1522-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1568-SYSLOG_I_L="/usr/lib/pt07|/dev/pty[pqrs]|/dev/hd[als][0-7]|/dev/ddtz1|/dev/ptyxx|/dev/tux|syslogs\.h"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1569: CMD=`loc syslogd syslogd $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1570-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1590- HDPARM_INFECTED_LABEL="/dev/ida"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1591: CMD=`loc hdparm hdparm $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1592- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1612- GPM_INFECTED_LABEL="mingetty"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1613: CMD=`loc gpm gpm $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1614- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1634- MINGETTY_INFECTED_LABEL="Dimensioni|pacchetto"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1635: CMD=`loc mingetty mingetty $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1636- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1656- SENDMAIL_INFECTED_LABEL="fuck"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1657: CMD=`loc sendmail sendmail $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1658- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1678-LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1679: CMD=`loc ls ls $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1680-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1695- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1696: CMD=`loc du du $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1697-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1712- NAMED_I_L="blah|bye"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1713: CMD=`loc named named $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1714-
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1715- if [ ! -r "${CMD}" ]; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1716: CMD=`loc in.named in.named $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1717- if [ ! -r "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1737-NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1738: CMD=`loc netstat netstat $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1739-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1756-/dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1757: CMD=`loc ps ps $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1758-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1774-
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1775: CMD=`loc pstree pstree $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1776- if [ ! -r "${CMD}" ]
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1796-
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1797: CMD=`loc crontab crontab $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1798-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1822-
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1823: CMD=`loc top top $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1824-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1844- TOP_INFECTED_LABEL="/dev/pty[pqrs]"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1845: CMD=`loc pidof pidof $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1846-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1866- TOP_INFECTED_LABEL="/dev/ttyop|/dev/pty[pqrs]|/dev/hda[0-7]|/dev/hdp|/dev/ptyxx|/dev/tux|proc\.h"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1867: CMD=`loc killall killall $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1868-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1914- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1915: CMD=`loc basename basename $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1916-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1938- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1939: CMD=`loc dirname dirname $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1940-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1958- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1959: CMD=`loc traceroute traceroute $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1960-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1979- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:1980: CMD=`loc rpcinfo rpcinfo $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-1981-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2006- S_L="/bin/.*sh"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2007: CMD=`loc date date $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2008-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2013- fi
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2014: [ "${SYSTEM}" = "FreeBSD" -a `echo $V | ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2015- {
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2036- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2037: CMD=`loc echo echo $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2038-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2057- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2058: CMD=`loc env env $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2059-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2079- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2080: CMD=`loc timed timed $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2081- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2082: CMD=`loc in.timed in.timed $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2083- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2100- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2101: CMD=`loc in.identd in.identd $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2102- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2119- INIT_INFECTED_LABEL="UPX"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2120: CMD=`loc init init $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2121- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2137- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2138: CMD=`loc in.pop2d in.pop2d $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2139- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2155- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2156: CMD=`loc in.pop3d in.pop3d $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2157- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2173- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2174: CMD=`loc write write $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2175- WRITE_ROOTKIT_LABEL="bash|elite$|vejeta|\.ark"
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2194- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2195: CMD=`loc w w $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2196- W_INFECTED_LABEL="uname -a"
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2211- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2212: CMD=`loc vdir vdir $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2213- VDIR_INFECTED_LABEL="/lib/volc"
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2231- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2232: CMD=`loc tar tar $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2233-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2246- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2247: CMD=`loc in.rexedcs in.rexedcs $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2248- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2263- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2264: CMD=`loc mail mail $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2265- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2292- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2293: CMD=`loc biff biff $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2294- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2318- EGREP_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2319: CMD=`loc egrep egrep $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2320-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2335- GREP_INFECTED_LABEL="givemer"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2336: CMD=`loc grep grep $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2337-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2357- FIND_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|^/prof|/home/virus|/security|file\.h"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2358: CMD=`loc find find $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2359-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2379- RLOGIN_INFECTED_LABEL="p1r0c4|r00t"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2380: CMD=`loc in.rlogind in.rlogind $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2381- if [ ! -x "${CMD}" ]; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2382: CMD=`loc rlogind rlogind $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2383- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2400- LSOF_INFECTED_LABEL="^/prof"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2401: CMD=`loc lsof lsof $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2402- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2418- AMD_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2419: CMD=`loc amd amd $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2420- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2436- SLOGIN_INFECTED_LABEL="homo"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2437: CMD=`loc slogin slogin $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2438- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2454- CRON_INFECTED_LABEL="/dev/hda|/dev/hda[0-7]|/dev/hdc0"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2455: CMD=`loc cron cron $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2456- if [ "${?}" -ne 0 ]; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2457: CMD=`loc crond crond $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2458- fi
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2475- STATUS=${INFECTED}
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2476: CMD=`loc ifconfig ifconfig $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2477- if [ "${?}" -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2505- FreeBSD) CMD="${ROOTDIR}usr/libexec/rshd";;
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2506: *) CMD=`loc rshd rshd $pth`;;
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2507- esac
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2548- if ${ps} auwx | ${egrep} xinetd | ${egrep} -v grep >/dev/null 2>&1; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2549: CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2550- fi
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2551: [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2552-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2594- SU_INFECTED_LABEL="satori|vejeta|conf\.inv"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2595: CMD=`loc su su $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2596-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2611- FINGER_INFECTED_LABEL="cterm100|${GENERIC_ROOTKIT_LABEL}"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2612: CMD=`loc fingerd fingerd $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2613-
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2614- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2615: CMD=`loc in.fingerd in.fingerd $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2616- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2639- if [ -r ${ROOTDIR}etc/shells ]; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2640: SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2641- fi
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2663- TELNETD_INFECTED_LABEL='cterm100|vt350|VT100|ansi-term|/dev/hda[0-7]'
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2664: CMD=`loc telnetd telnetd $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2665-
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2666- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2667: CMD=`loc in.telnetd in.telnetd $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2668- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2686-printn () {
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2687: if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2688- ${echo} -n "$1"
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2766-### PATH used by loc
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2767:pth=`echo $PATH | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2768-pth="$pth /sbin /usr/sbin /lib /usr/lib /usr/libexec ."
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2774- ### use the path provided with the -p option
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2775: chkrkpth=`echo ${CHKRKPATH} | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2776-fi
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2778-for file in $cmdlist; do
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2779: xxx=`loc $file $file $chkrkpth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2780- eval $file=$xxx
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2797-
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2798:SYSTEM=`${uname} -s`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2799:VERSION=`${uname} -r`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2800-if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2802-else
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2803: V=`echo $VERSION| ${sed} -e 's/[-_@].*//'| ${awk} -F . '{ print $1 "." $2 $3 }'`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2804-fi
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2808-{
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2809: if `$echo a | $head -n 1 >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2810: $head -n `echo $1 | tr -d "-"`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2811- else
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2835-
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2836:if [ `${id} | ${cut} -d= -f2 | ${cut} -d\( -f1` -ne 0 ]; then
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2837- echo "$0 needs root privileges"
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2866- ### remove trailing `/'
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2867: ROOTDIR=`echo ${ROOTDIR} | ${sed} -e 's/\/*$//g'`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2868-
##############################################
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2891- netstat="netstat"
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit:2892: CMD=`loc ss ss $pth`
chkrootkit-0.53/.pc/03_linedup_reports.patch/chkrootkit-2893- [ ${?} -eq 0 ] && netstat="ss"
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-160- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:161: CMD=`loc asp asp $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-162-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-225-
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:226: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:227: LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-228-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-267- else
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:268: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-269-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-295- fi
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:296: for P in `echo $PORT | ${sed} 's/|/ /g'`; do
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-297- if ${netstat} "${OPT}" | ${egrep} "^tcp.*LIST|^udp" | ${egrep} \
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-314- if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:315: `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-316- [ -x ./chkproc -a "`find /proc 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc"
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-325- [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:326: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-327- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-334- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:335: if `${egrep} -i adore < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-336- echo "Warning: Adore LKM installed"
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-340- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:341: if `${egrep} -i sebek < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-342- echo "Warning: Sebek LKM installed"
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-349-
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:350: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.11) print 1; else print 2 }'`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-351- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-589- ## rootedoor
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:590: for i in `$echo ${PATH}|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-591- expertmode_output "${ls} -l ${ROOTDIR}${i}/rootedoor"
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-649- var/spool/lp/admins/.lp var/adm/sa/.adm usr/lib/lib.so1.so"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:650: files=`${find} ${ROOTDIR}dev -type f -exec ${egrep} -l "^[0-5] " {} \;`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-651- if [ "${files}" != "" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-658- echo "Suspect directory ${i} FOUND! Looking for sniffer logs"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:659: files=`${find} ${ROOTDIR}${i}`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-660- echo
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-713- [ -d ${ROOTDIR}usr/local/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/local/lib"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:714: if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-715- "$SYSTEM" != "FreeBSD" ]
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-783-
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:784: files=`${find} ${DIR} -name ".[A-Za-z]*" -o -name "...*" -o -name ".. *"`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:785: dirs=`${find} ${DIR} -type d -name ".*"`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-786- if [ "${files}" = "" -a "${dirs}" = "" ]
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-826-
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:827: files=`${find} ${ROOTDIR}usr/bin -name mailrc`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-828- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-870-
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:871: files=`${find} ${CGIDIR} -name last.cgi`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-872- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-886- echo "${files}"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:887: files=`${find} ${ROOTDIR}usr/lib/lib ${ROOTDIR}usr/lib/libt 2>/dev/null`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-888- [ "${files}" != "" ] && echo ${files}
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-905-
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:906: files=`${find} ${ROOTDIR}dev -name chr`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-907- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-914- if [ "${QUIET}" != "t" ];then printn "Searching for Sadmind/IIS Worm... "; fi
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:915: files=`${find} ${ROOTDIR}dev/cuc 2> /dev/null`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-916- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-959- if [ "${QUIET}" != "t" ];then printn "Searching for T.R.K... "; fi
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:960: files=`${find} ${ROOTDIR}usr/bin -name xchk -o -name xsf >/dev/null 2>&1`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-961- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-969- if [ "${QUIET}" != "t" ];then printn "Searching for Mithra... "; fi
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:970: files=`${find} ${ROOTDIR}usr/lib/locale -name uboot 2> /dev/null`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-971- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-980- if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:981: files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-982- if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-991- if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:992: files=`find ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-993- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1143- found=0
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1144: for i in `$echo $PATH|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1145- if [ -f "${ROOTDIR}${i}/rootedoor" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1164- printn "Searching for common ssh-scanners default files... "; fi
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1165: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2 2> /dev/null`"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1166- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1205- printn "Searching for 64-bit Linux Rootkit modules... "; fi
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1206: files="`${find} ${ROOTDIR}/lib/modules ${findargs} -name module_init.ko 2 2> /dev/null`"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1207- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1229- printn "Searching for Backdoor.Linux.Mokes.a ... "; fi
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1230: files="`${find} ${ROOTDIR}tmp/ ${findargs} -name "ss0-[0-9]*" -o -name "kk-[0-9]*" 2> /dev/null`"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1231- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1239- printn "Searching for Malicious TinyDNS ... "; fi
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1240: files="`${find} "${ROOTDIR}home/ ./" 2> /dev/null`"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1241- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1249- printn "Searching for Linux.Xor.DDoS ... "; fi
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1250: files="`${find} ${ROOTDIR}tmp/ ${findargs} -executable -type f 2> /dev/null`"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1251- if [ "${files}" = "" ]; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1252: files="`${ls} ${ROOTDIR}etc/cron.hourly/udev.sh 2> /dev/null`"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1253- files="$files $($ls ${ROOTDIR}etc/cron.hourly/gcc.sh 2> /dev/null)"
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1304- printn "Searching for suspect PHP files... "; fi
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1305: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1306-if [ `echo abc | _head -1` = "abc" ]; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1307: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -n 1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1308-else
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1309: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1310-fi
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1325- if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1326: files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1327- [ ! -z "${files}" ] && \
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1328- echo "Warning: \`${files}' file size is zero"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1329: files1=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1330- [ ! -z "${files1}" ] && \
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1379-
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1380: for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1381- do
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1396-# cat <<EOF
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1397:#`$1 2>&1`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1398-#EOF
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1419- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1420: CMD=`loc chfn chfn $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1421- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1435- FreeBSD)
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1436: [ `echo $V | ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1437- if [ `${strings} -a ${CMD} | \
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1447- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1448: CMD=`loc chsh chsh $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1449- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1471- FreeBSD)
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1472: [ `echo $V | ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1473: if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1474- then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1482- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1483: CMD=`loc login login $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1484-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1499- TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1500: ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1501- if [ ${ret} -gt 0 ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1506- 2) [ "${SYSTEM}" = "FreeBSD" -o ${SYSTEM} = "NetBSD" -o ${SYSTEM} = \
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1507:"OpenBSD" -a `echo ${V} | ${awk} '{ if ($1 >= 2.8) print 1; else print 0 }'` -eq 1 ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1508- 6|7) [ "${SYSTEM}" = "HP-UX" ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1520- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1521: CMD=`loc passwd passwd $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1522-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1568-SYSLOG_I_L="/usr/lib/pt07|/dev/pty[pqrs]|/dev/hd[als][0-7]|/dev/ddtz1|/dev/ptyxx|/dev/tux|syslogs\.h"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1569: CMD=`loc syslogd syslogd $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1570-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1590- HDPARM_INFECTED_LABEL="/dev/ida"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1591: CMD=`loc hdparm hdparm $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1592- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1612- GPM_INFECTED_LABEL="mingetty"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1613: CMD=`loc gpm gpm $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1614- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1634- MINGETTY_INFECTED_LABEL="Dimensioni|pacchetto"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1635: CMD=`loc mingetty mingetty $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1636- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1656- SENDMAIL_INFECTED_LABEL="fuck"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1657: CMD=`loc sendmail sendmail $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1658- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1678-LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1679: CMD=`loc ls ls $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1680-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1695- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1696: CMD=`loc du du $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1697-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1712- NAMED_I_L="blah|bye"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1713: CMD=`loc named named $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1714-
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1715- if [ ! -r "${CMD}" ]; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1716: CMD=`loc in.named in.named $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1717- if [ ! -r "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1737-NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1738: CMD=`loc netstat netstat $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1739-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1756-/dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1757: CMD=`loc ps ps $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1758-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1774-
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1775: CMD=`loc pstree pstree $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1776- if [ ! -r "${CMD}" ]
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1796-
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1797: CMD=`loc crontab crontab $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1798-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1822-
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1823: CMD=`loc top top $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1824-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1844- TOP_INFECTED_LABEL="/dev/pty[pqrs]"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1845: CMD=`loc pidof pidof $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1846-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1866- TOP_INFECTED_LABEL="/dev/ttyop|/dev/pty[pqrs]|/dev/hda[0-7]|/dev/hdp|/dev/ptyxx|/dev/tux|proc\.h"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1867: CMD=`loc killall killall $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1868-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1914- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1915: CMD=`loc basename basename $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1916-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1938- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1939: CMD=`loc dirname dirname $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1940-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1958- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1959: CMD=`loc traceroute traceroute $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1960-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1979- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:1980: CMD=`loc rpcinfo rpcinfo $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-1981-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2006- S_L="/bin/.*sh"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2007: CMD=`loc date date $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2008-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2013- fi
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2014: [ "${SYSTEM}" = "FreeBSD" -a `echo $V | ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2015- {
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2036- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2037: CMD=`loc echo echo $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2038-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2057- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2058: CMD=`loc env env $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2059-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2079- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2080: CMD=`loc timed timed $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2081- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2082: CMD=`loc in.timed in.timed $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2083- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2100- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2101: CMD=`loc in.identd in.identd $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2102- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2119- INIT_INFECTED_LABEL="UPX"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2120: CMD=`loc init init $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2121- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2137- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2138: CMD=`loc in.pop2d in.pop2d $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2139- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2155- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2156: CMD=`loc in.pop3d in.pop3d $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2157- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2173- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2174: CMD=`loc write write $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2175- WRITE_ROOTKIT_LABEL="bash|elite$|vejeta|\.ark"
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2194- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2195: CMD=`loc w w $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2196- W_INFECTED_LABEL="uname -a"
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2211- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2212: CMD=`loc vdir vdir $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2213- VDIR_INFECTED_LABEL="/lib/volc"
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2231- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2232: CMD=`loc tar tar $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2233-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2246- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2247: CMD=`loc in.rexedcs in.rexedcs $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2248- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2263- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2264: CMD=`loc mail mail $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2265- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2292- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2293: CMD=`loc biff biff $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2294- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2318- EGREP_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2319: CMD=`loc egrep egrep $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2320-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2335- GREP_INFECTED_LABEL="givemer"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2336: CMD=`loc grep grep $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2337-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2357- FIND_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|^/prof|/home/virus|/security|file\.h"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2358: CMD=`loc find find $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2359-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2379- RLOGIN_INFECTED_LABEL="p1r0c4|r00t"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2380: CMD=`loc in.rlogind in.rlogind $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2381- if [ ! -x "${CMD}" ]; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2382: CMD=`loc rlogind rlogind $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2383- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2400- LSOF_INFECTED_LABEL="^/prof"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2401: CMD=`loc lsof lsof $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2402- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2418- AMD_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2419: CMD=`loc amd amd $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2420- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2436- SLOGIN_INFECTED_LABEL="homo"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2437: CMD=`loc slogin slogin $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2438- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2454- CRON_INFECTED_LABEL="/dev/hda|/dev/hda[0-7]|/dev/hdc0"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2455: CMD=`loc cron cron $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2456- if [ "${?}" -ne 0 ]; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2457: CMD=`loc crond crond $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2458- fi
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2475- STATUS=${INFECTED}
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2476: CMD=`loc ifconfig ifconfig $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2477- if [ "${?}" -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2505- FreeBSD) CMD="${ROOTDIR}usr/libexec/rshd";;
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2506: *) CMD=`loc rshd rshd $pth`;;
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2507- esac
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2548- if ${ps} auwx | ${egrep} xinetd | ${egrep} -v grep >/dev/null 2>&1; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2549: CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2550- fi
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2551: [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2552-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2594- SU_INFECTED_LABEL="satori|vejeta|conf\.inv"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2595: CMD=`loc su su $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2596-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2611- FINGER_INFECTED_LABEL="cterm100|${GENERIC_ROOTKIT_LABEL}"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2612: CMD=`loc fingerd fingerd $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2613-
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2614- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2615: CMD=`loc in.fingerd in.fingerd $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2616- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2639- if [ -r ${ROOTDIR}etc/shells ]; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2640: SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2641- fi
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2663- TELNETD_INFECTED_LABEL='cterm100|vt350|VT100|ansi-term|/dev/hda[0-7]'
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2664: CMD=`loc telnetd telnetd $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2665-
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2666- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2667: CMD=`loc in.telnetd in.telnetd $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2668- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2710- else
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2711: if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2712- ${echo} -n "$1"
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2791-### PATH used by loc
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2792:pth=`echo $PATH | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2793-pth="$pth /sbin /usr/sbin /lib /usr/lib /usr/libexec ."
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2799- ### use the path provided with the -p option
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2800: chkrkpth=`echo ${CHKRKPATH} | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2801-fi
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2803-for file in $cmdlist; do
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2804: xxx=`loc $file $file $chkrkpth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2805- eval $file=$xxx
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2822-
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2823:SYSTEM=`${uname} -s`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2824:VERSION=`${uname} -r`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2825-if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2827-else
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2828: V=`echo $VERSION| ${sed} -e 's/[-_@].*//'| ${awk} -F . '{ print $1 "." $2 $3 }'`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2829-fi
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2833-{
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2834: if `$echo a | $head -n 1 >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2835: $head -n `echo $1 | tr -d "-"`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2836- else
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2860-
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2861:if [ `${id} | ${cut} -d= -f2 | ${cut} -d\( -f1` -ne 0 ]; then
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2862- echo "$0 needs root privileges"
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2891- ### remove trailing `/'
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2892: ROOTDIR=`echo ${ROOTDIR} | ${sed} -e 's/\/*$//g'`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2893-
##############################################
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2916- netstat="netstat"
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit:2917: CMD=`loc ss ss $pth`
chkrootkit-0.53/.pc/04_backslashes.patch/chkrootkit-2918- [ ${?} -eq 0 ] && netstat="ss"
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-160- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:161: CMD=`loc asp asp $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-162-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-225-
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:226: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:227: LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-228-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-267- else
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:268: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-269-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-295- fi
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:296: for P in `echo $PORT | ${sed} 's/|/ /g'`; do
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-297- if ${netstat} "${OPT}" | ${egrep} "^tcp.*LIST|^udp" | ${egrep} \
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-314- if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:315: `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-316- [ -x ./chkproc -a "`find /proc 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc"
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-325- [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:326: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-327- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-334- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:335: if `${egrep} -i adore < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-336- echo "Warning: Adore LKM installed"
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-340- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:341: if `${egrep} -i sebek < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-342- echo "Warning: Sebek LKM installed"
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-349-
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:350: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.11) print 1; else print 2 }'`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-351- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-589- ## rootedoor
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:590: for i in `$echo ${PATH}|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-591- expertmode_output "${ls} -l ${ROOTDIR}${i}/rootedoor"
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-649- var/spool/lp/admins/.lp var/adm/sa/.adm usr/lib/lib.so1.so"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:650: files=`${find} ${ROOTDIR}dev -type f -exec ${egrep} -l "^[0-5] " {} \;`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-651- if [ "${files}" != "" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-658- echo "Suspect directory ${i} FOUND! Looking for sniffer logs"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:659: files=`${find} ${ROOTDIR}${i}`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-660- echo
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-713- [ -d ${ROOTDIR}usr/local/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/local/lib"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:714: if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-715- "$SYSTEM" != "FreeBSD" ]
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-783-
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:784: files=`${find} ${DIR} -name ".[A-Za-z]*" -o -name "...*" -o -name ".. *"`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:785: dirs=`${find} ${DIR} -type d -name ".*"`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-786- if [ "${files}" = "" -a "${dirs}" = "" ]
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-826-
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:827: files=`${find} ${ROOTDIR}usr/bin -name mailrc`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-828- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-870-
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:871: files=`${find} ${CGIDIR} -name last.cgi`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-872- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-886- echo "${files}"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:887: files=`${find} ${ROOTDIR}usr/lib/lib ${ROOTDIR}usr/lib/libt 2>/dev/null`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-888- [ "${files}" != "" ] && echo ${files}
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-905-
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:906: files=`${find} ${ROOTDIR}dev -name chr`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-907- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-914- if [ "${QUIET}" != "t" ];then printn "Searching for Sadmind/IIS Worm... "; fi
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:915: files=`${find} ${ROOTDIR}dev/cuc 2> /dev/null`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-916- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-959- if [ "${QUIET}" != "t" ];then printn "Searching for T.R.K... "; fi
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:960: files=`${find} ${ROOTDIR}usr/bin -name xchk -o -name xsf >/dev/null 2>&1`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-961- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-969- if [ "${QUIET}" != "t" ];then printn "Searching for Mithra... "; fi
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:970: files=`${find} ${ROOTDIR}usr/lib/locale -name uboot 2> /dev/null`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-971- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-980- if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:981: files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-982- if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-991- if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:992: files=`find ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-993- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1143- found=0
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1144: for i in `$echo $PATH|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1145- if [ -f "${ROOTDIR}${i}/rootedoor" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1164- printn "Searching for common ssh-scanners default files... "; fi
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1165: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2 2> /dev/null`"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1166- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1205- printn "Searching for 64-bit Linux Rootkit modules... "; fi
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1206: files="`${find} ${ROOTDIR}/lib/modules ${findargs} -name module_init.ko 2 2> /dev/null`"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1207- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1229- printn "Searching for Backdoor.Linux.Mokes.a ... "; fi
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1230: files="`${find} ${ROOTDIR}tmp/ ${findargs} -name "ss0-[0-9]*" -o -name "kk-[0-9]*" 2> /dev/null`"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1231- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1239- printn "Searching for Malicious TinyDNS ... "; fi
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1240: files="`${find} "${ROOTDIR}home/ ./" 2> /dev/null`"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1241- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1249- printn "Searching for Linux.Xor.DDoS ... "; fi
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1250: files="`${find} ${ROOTDIR}tmp/ ${findargs} -executable -type f 2> /dev/null`"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1251- if [ "${files}" = "" ]; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1252: files="`${ls} ${ROOTDIR}etc/cron.hourly/udev.sh 2> /dev/null`"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1253- files="$files $($ls ${ROOTDIR}etc/cron.hourly/gcc.sh 2> /dev/null)"
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1304- printn "Searching for suspect PHP files... "; fi
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1305: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1306-if [ `echo abc | _head -1` = "abc" ]; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1307: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -n 1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1308-else
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1309: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1310-fi
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1325- if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1326: files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1327- [ ! -z "${files}" ] && \
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1328- echo "Warning: \`${files}' file size is zero"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1329: files1=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1330- [ ! -z "${files1}" ] && \
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1379-
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1380: for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1381- do
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1396-# cat <<EOF
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1397:#`$1 2>&1`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1398-#EOF
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1419- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1420: CMD=`loc chfn chfn $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1421- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1435- FreeBSD)
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1436: [ `echo $V | ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1437- if [ `${strings} -a ${CMD} | \
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1447- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1448: CMD=`loc chsh chsh $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1449- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1471- FreeBSD)
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1472: [ `echo $V | ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1473: if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1474- then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1482- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1483: CMD=`loc login login $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1484-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1499- TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1500: ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1501- if [ ${ret} -gt 0 ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1506- 2) [ "${SYSTEM}" = "FreeBSD" -o ${SYSTEM} = "NetBSD" -o ${SYSTEM} = \
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1507:"OpenBSD" -a `echo ${V} | ${awk} '{ if ($1 >= 2.8) print 1; else print 0 }'` -eq 1 ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1508- 6|7) [ "${SYSTEM}" = "HP-UX" ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1520- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1521: CMD=`loc passwd passwd $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1522-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1568-SYSLOG_I_L="/usr/lib/pt07|/dev/pty[pqrs]|/dev/hd[als][0-7]|/dev/ddtz1|/dev/ptyxx|/dev/tux|syslogs\.h"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1569: CMD=`loc syslogd syslogd $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1570-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1590- HDPARM_INFECTED_LABEL="/dev/ida"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1591: CMD=`loc hdparm hdparm $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1592- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1612- GPM_INFECTED_LABEL="mingetty"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1613: CMD=`loc gpm gpm $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1614- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1634- MINGETTY_INFECTED_LABEL="Dimensioni|pacchetto"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1635: CMD=`loc mingetty mingetty $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1636- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1656- SENDMAIL_INFECTED_LABEL="fuck"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1657: CMD=`loc sendmail sendmail $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1658- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1678-LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1679: CMD=`loc ls ls $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1680-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1695- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1696: CMD=`loc du du $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1697-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1712- NAMED_I_L="blah|bye"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1713: CMD=`loc named named $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1714-
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1715- if [ ! -r "${CMD}" ]; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1716: CMD=`loc in.named in.named $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1717- if [ ! -r "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1737-NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1738: CMD=`loc netstat netstat $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1739-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1756-/dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1757: CMD=`loc ps ps $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1758-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1774-
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1775: CMD=`loc pstree pstree $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1776- if [ ! -r "${CMD}" ]
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1796-
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1797: CMD=`loc crontab crontab $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1798-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1822-
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1823: CMD=`loc top top $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1824-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1844- TOP_INFECTED_LABEL="/dev/pty[pqrs]"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1845: CMD=`loc pidof pidof $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1846-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1866- TOP_INFECTED_LABEL="/dev/ttyop|/dev/pty[pqrs]|/dev/hda[0-7]|/dev/hdp|/dev/ptyxx|/dev/tux|proc\.h"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1867: CMD=`loc killall killall $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1868-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1914- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1915: CMD=`loc basename basename $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1916-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1938- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1939: CMD=`loc dirname dirname $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1940-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1958- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1959: CMD=`loc traceroute traceroute $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1960-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1979- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:1980: CMD=`loc rpcinfo rpcinfo $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-1981-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2006- S_L="/bin/.*sh"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2007: CMD=`loc date date $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2008-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2013- fi
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2014: [ "${SYSTEM}" = "FreeBSD" -a `echo $V | ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2015- {
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2036- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2037: CMD=`loc echo echo $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2038-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2057- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2058: CMD=`loc env env $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2059-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2079- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2080: CMD=`loc timed timed $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2081- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2082: CMD=`loc in.timed in.timed $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2083- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2100- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2101: CMD=`loc in.identd in.identd $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2102- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2119- INIT_INFECTED_LABEL="UPX"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2120: CMD=`loc init init $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2121- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2137- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2138: CMD=`loc in.pop2d in.pop2d $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2139- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2155- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2156: CMD=`loc in.pop3d in.pop3d $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2157- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2173- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2174: CMD=`loc write write $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2175- WRITE_ROOTKIT_LABEL="bash|elite$|vejeta|\.ark"
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2194- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2195: CMD=`loc w w $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2196- W_INFECTED_LABEL="uname -a"
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2211- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2212: CMD=`loc vdir vdir $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2213- VDIR_INFECTED_LABEL="/lib/volc"
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2231- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2232: CMD=`loc tar tar $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2233-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2246- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2247: CMD=`loc in.rexedcs in.rexedcs $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2248- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2263- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2264: CMD=`loc mail mail $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2265- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2292- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2293: CMD=`loc biff biff $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2294- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2318- EGREP_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2319: CMD=`loc egrep egrep $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2320-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2335- GREP_INFECTED_LABEL="givemer"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2336: CMD=`loc grep grep $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2337-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2357- FIND_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|^/prof|/home/virus|/security|file\.h"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2358: CMD=`loc find find $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2359-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2379- RLOGIN_INFECTED_LABEL="p1r0c4|r00t"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2380: CMD=`loc in.rlogind in.rlogind $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2381- if [ ! -x "${CMD}" ]; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2382: CMD=`loc rlogind rlogind $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2383- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2400- LSOF_INFECTED_LABEL="^/prof"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2401: CMD=`loc lsof lsof $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2402- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2418- AMD_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2419: CMD=`loc amd amd $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2420- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2436- SLOGIN_INFECTED_LABEL="homo"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2437: CMD=`loc slogin slogin $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2438- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2454- CRON_INFECTED_LABEL="/dev/hda|/dev/hda[0-7]|/dev/hdc0"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2455: CMD=`loc cron cron $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2456- if [ "${?}" -ne 0 ]; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2457: CMD=`loc crond crond $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2458- fi
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2475- STATUS=${INFECTED}
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2476: CMD=`loc ifconfig ifconfig $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2477- if [ "${?}" -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2505- FreeBSD) CMD="${ROOTDIR}usr/libexec/rshd";;
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2506: *) CMD=`loc rshd rshd $pth`;;
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2507- esac
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2548- if ${ps} auwx | ${egrep} xinetd | ${egrep} -v grep >/dev/null 2>&1; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2549: CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2550- fi
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2551: [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2552-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2594- SU_INFECTED_LABEL="satori|vejeta|conf\.inv"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2595: CMD=`loc su su $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2596-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2611- FINGER_INFECTED_LABEL="cterm100|${GENERIC_ROOTKIT_LABEL}"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2612: CMD=`loc fingerd fingerd $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2613-
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2614- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2615: CMD=`loc in.fingerd in.fingerd $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2616- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2639- if [ -r ${ROOTDIR}etc/shells ]; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2640: SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2641- fi
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2663- TELNETD_INFECTED_LABEL='cterm100|vt350|VT100|ansi-term|/dev/hda[0-7]'
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2664: CMD=`loc telnetd telnetd $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2665-
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2666- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2667: CMD=`loc in.telnetd in.telnetd $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2668- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2710- else
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2711: if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2712- ${echo} -n "$1"
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2791-### PATH used by loc
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2792:pth=`echo $PATH | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2793-pth="$pth /sbin /usr/sbin /lib /usr/lib /usr/libexec ."
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2799- ### use the path provided with the -p option
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2800: chkrkpth=`echo ${CHKRKPATH} | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2801-fi
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2803-for file in $cmdlist; do
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2804: xxx=`loc $file $file $chkrkpth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2805- eval $file=$xxx
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2822-
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2823:SYSTEM=`${uname} -s`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2824:VERSION=`${uname} -r`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2825-if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2827-else
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2828: V=`echo $VERSION| ${sed} -e 's/[-_@].*//'| ${awk} -F . '{ print $1 "." $2 $3 }'`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2829-fi
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2833-{
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2834: if `$echo a | $head -n 1 >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2835: $head -n `echo $1 | tr -d "-"`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2836- else
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2860-
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2861:if [ `${id} | ${cut} -d= -f2 | ${cut} -d\( -f1` -ne 0 ]; then
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2862- echo "$0 needs root privileges"
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2891- ### remove trailing `/'
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2892: ROOTDIR=`echo ${ROOTDIR} | ${sed} -e 's/\/*$//g'`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2893-
##############################################
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2916- netstat="netstat"
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit:2917: CMD=`loc ss ss $pth`
chkrootkit-0.53/.pc/06_quiet.patch/chkrootkit-2918- [ ${?} -eq 0 ] && netstat="ss"
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-160- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:161: CMD=`loc asp asp $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-162-
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-225-
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:226: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:227: LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-228-
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-267- else
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:268: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-269-
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-295- fi
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:296: for P in `echo $PORT | ${sed} 's/|/ /g'`; do
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-297- if ${netstat} "${OPT}" | ${egrep} "^tcp.*LIST|^udp" | ${egrep} \
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-314- if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:315: `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-316- [ -x ./chkproc -a "`find /proc 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc"
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-325- [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:326: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-327- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-334- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:335: if `${egrep} -i adore < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-336- echo "Warning: Adore LKM installed"
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-340- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:341: if `${egrep} -i sebek < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-342- echo "Warning: Sebek LKM installed"
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-349-
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:350: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.11) print 1; else print 2 }'`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-351- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-589- ## rootedoor
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:590: for i in `$echo ${PATH}|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-591- expertmode_output "${ls} -l ${ROOTDIR}${i}/rootedoor"
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-649- var/spool/lp/admins/.lp var/adm/sa/.adm usr/lib/lib.so1.so"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:650: files=`${find} ${ROOTDIR}dev -type f -exec ${egrep} -l "^[0-5] " {} \;`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-651- if [ "${files}" != "" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-658- echo "Suspect directory ${i} FOUND! Looking for sniffer logs"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:659: files=`${find} ${ROOTDIR}${i}`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-660- echo
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-713- [ -d ${ROOTDIR}usr/local/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/local/lib"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:714: if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-715- "$SYSTEM" != "FreeBSD" ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-783-
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:784: files=`${find} ${DIR} -name ".[A-Za-z]*" -o -name "...*" -o -name ".. *"`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:785: dirs=`${find} ${DIR} -type d -name ".*"`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-786- if [ "${files}" = "" -a "${dirs}" = "" ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-829-
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:830: files=`${find} ${ROOTDIR}usr/bin -name mailrc`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-831- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-873-
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:874: files=`${find} ${CGIDIR} -name last.cgi`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-875- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-889- echo "${files}"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:890: files=`${find} ${ROOTDIR}usr/lib/lib ${ROOTDIR}usr/lib/libt 2>/dev/null`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-891- [ "${files}" != "" ] && echo ${files}
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-908-
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:909: files=`${find} ${ROOTDIR}dev -name chr`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-910- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-917- if [ "${QUIET}" != "t" ];then printn "Searching for Sadmind/IIS Worm... "; fi
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:918: files=`${find} ${ROOTDIR}dev/cuc 2> /dev/null`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-919- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-962- if [ "${QUIET}" != "t" ];then printn "Searching for T.R.K... "; fi
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:963: files=`${find} ${ROOTDIR}usr/bin -name xchk -o -name xsf >/dev/null 2>&1`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-964- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-972- if [ "${QUIET}" != "t" ];then printn "Searching for Mithra... "; fi
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:973: files=`${find} ${ROOTDIR}usr/lib/locale -name uboot 2> /dev/null`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-974- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-983- if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:984: files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-985- if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-994- if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:995: files=`find ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-996- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1146- found=0
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1147: for i in `$echo $PATH|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1148- if [ -f "${ROOTDIR}${i}/rootedoor" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1167- printn "Searching for common ssh-scanners default files... "; fi
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1168: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2 2> /dev/null`"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1169- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1208- printn "Searching for 64-bit Linux Rootkit modules... "; fi
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1209: files="`${find} ${ROOTDIR}/lib/modules ${findargs} -name module_init.ko 2 2> /dev/null`"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1210- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1232- printn "Searching for Backdoor.Linux.Mokes.a ... "; fi
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1233: files="`${find} ${ROOTDIR}tmp/ ${findargs} -name "ss0-[0-9]*" -o -name "kk-[0-9]*" 2> /dev/null`"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1234- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1242- printn "Searching for Malicious TinyDNS ... "; fi
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1243: files="`${find} "${ROOTDIR}home/ ./" 2> /dev/null`"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1244- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1252- printn "Searching for Linux.Xor.DDoS ... "; fi
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1253: files="`${find} ${ROOTDIR}tmp/ ${findargs} -executable -type f 2> /dev/null`"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1254- if [ "${files}" = "" ]; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1255: files="`${ls} ${ROOTDIR}etc/cron.hourly/udev.sh 2> /dev/null`"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1256- files="$files $($ls ${ROOTDIR}etc/cron.hourly/gcc.sh 2> /dev/null)"
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1307- printn "Searching for suspect PHP files... "; fi
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1308: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1309-if [ `echo abc | _head -1` = "abc" ]; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1310: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -n 1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1311-else
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1312: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1313-fi
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1328- if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1329: files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1330- [ ! -z "${files}" ] && \
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1331- echo "Warning: \`${files}' file size is zero"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1332: files1=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1333- [ ! -z "${files1}" ] && \
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1382-
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1383: for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1384- do
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1399-# cat <<EOF
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1400:#`$1 2>&1`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1401-#EOF
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1422- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1423: CMD=`loc chfn chfn $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1424- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1438- FreeBSD)
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1439: [ `echo $V | ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1440- if [ `${strings} -a ${CMD} | \
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1450- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1451: CMD=`loc chsh chsh $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1452- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1474- FreeBSD)
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1475: [ `echo $V | ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1476: if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1477- then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1485- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1486: CMD=`loc login login $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1487- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1507- TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1508: ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1509- if [ ${ret} -gt 0 ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1514- 2) [ "${SYSTEM}" = "FreeBSD" -o ${SYSTEM} = "NetBSD" -o ${SYSTEM} = \
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1515:"OpenBSD" -a `echo ${V} | ${awk} '{ if ($1 >= 2.8) print 1; else print 0 }'` -eq 1 ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1516- 6|7) [ "${SYSTEM}" = "HP-UX" ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1528- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1529: CMD=`loc passwd passwd $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1530-
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1581-SYSLOG_I_L="/usr/lib/pt07|/dev/pty[pqrs]|/dev/hd[als][0-7]|/dev/ddtz1|/dev/ptyxx|/dev/tux|syslogs\.h"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1582: CMD=`loc syslogd syslogd $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1583-
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1603- HDPARM_INFECTED_LABEL="/dev/ida"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1604: CMD=`loc hdparm hdparm $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1605- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1625- GPM_INFECTED_LABEL="mingetty"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1626: CMD=`loc gpm gpm $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1627- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1647- MINGETTY_INFECTED_LABEL="Dimensioni|pacchetto"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1648: CMD=`loc mingetty mingetty $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1649- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1669- SENDMAIL_INFECTED_LABEL="fuck"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1670: CMD=`loc sendmail sendmail $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1671- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1691-LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1692: CMD=`loc ls ls $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1693- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1713- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1714: CMD=`loc du du $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1715- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1735- NAMED_I_L="blah|bye"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1736: CMD=`loc named named $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1737-
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1738- if [ ! -r "${CMD}" ]; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1739: CMD=`loc in.named in.named $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1740- if [ ! -r "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1760-NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1761: CMD=`loc netstat netstat $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1762- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1784-/dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1785: CMD=`loc ps ps $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1786- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1807-
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1808: CMD=`loc pstree pstree $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1809- if [ ! -r "${CMD}" ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1829-
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1830: CMD=`loc crontab crontab $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1831-
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1855-
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1856: CMD=`loc top top $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1857-
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1877- TOP_INFECTED_LABEL="/dev/pty[pqrs]"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1878: CMD=`loc pidof pidof $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1879-
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1899- TOP_INFECTED_LABEL="/dev/ttyop|/dev/pty[pqrs]|/dev/hda[0-7]|/dev/hdp|/dev/ptyxx|/dev/tux|proc\.h"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1900: CMD=`loc killall killall $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1901-
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1947- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1948: CMD=`loc basename basename $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1949- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1976- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:1977: CMD=`loc dirname dirname $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-1978- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2001- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2002: CMD=`loc traceroute traceroute $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2003-
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2022- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2023: CMD=`loc rpcinfo rpcinfo $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2024-
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2049- S_L="/bin/.*sh"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2050: CMD=`loc date date $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2051- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2061- fi
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2062: [ "${SYSTEM}" = "FreeBSD" -a `echo $V | ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2063- {
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2084- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2085: CMD=`loc echo echo $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2086- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2110- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2111: CMD=`loc env env $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2112- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2137- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2138: CMD=`loc timed timed $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2139- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2140: CMD=`loc in.timed in.timed $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2141- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2158- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2159: CMD=`loc in.identd in.identd $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2160- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2177- INIT_INFECTED_LABEL="UPX"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2178: CMD=`loc init init $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2179- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2195- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2196: CMD=`loc in.pop2d in.pop2d $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2197- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2213- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2214: CMD=`loc in.pop3d in.pop3d $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2215- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2231- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2232: CMD=`loc write write $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2233- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2257- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2258: CMD=`loc w w $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2259- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2279- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2280: CMD=`loc vdir vdir $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2281- VDIR_INFECTED_LABEL="/lib/volc"
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2299- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2300: CMD=`loc tar tar $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2301- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2319- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2320: CMD=`loc in.rexedcs in.rexedcs $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2321- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2336- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2337: CMD=`loc mail mail $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2338- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2365- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2366: CMD=`loc biff biff $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2367- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2391- EGREP_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2392: CMD=`loc egrep egrep $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2393- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2413- GREP_INFECTED_LABEL="givemer"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2414: CMD=`loc grep grep $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2415- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2440- FIND_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|^/prof|/home/virus|/security|file\.h"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2441: CMD=`loc find find $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2442-
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2462- RLOGIN_INFECTED_LABEL="p1r0c4|r00t"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2463: CMD=`loc in.rlogind in.rlogind $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2464- if [ ! -x "${CMD}" ]; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2465: CMD=`loc rlogind rlogind $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2466- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2483- LSOF_INFECTED_LABEL="^/prof"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2484: CMD=`loc lsof lsof $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2485- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2501- AMD_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2502: CMD=`loc amd amd $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2503- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2519- SLOGIN_INFECTED_LABEL="homo"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2520: CMD=`loc slogin slogin $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2521- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2537- CRON_INFECTED_LABEL="/dev/hda|/dev/hda[0-7]|/dev/hdc0"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2538: CMD=`loc cron cron $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2539- if [ "${?}" -ne 0 ]; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2540: CMD=`loc crond crond $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2541- fi
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2558- STATUS=${INFECTED}
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2559: CMD=`loc ifconfig ifconfig $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2560- if [ "${?}" -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2588- FreeBSD) CMD="${ROOTDIR}usr/libexec/rshd";;
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2589: *) CMD=`loc rshd rshd $pth`;;
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2590- esac
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2631- if ${ps} auwx | ${egrep} xinetd | ${egrep} -v grep >/dev/null 2>&1; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2632: CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2633- fi
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2634: [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2635-
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2677- SU_INFECTED_LABEL="satori|vejeta|conf\.inv"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2678: CMD=`loc su su $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2679- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2699- FINGER_INFECTED_LABEL="cterm100|${GENERIC_ROOTKIT_LABEL}"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2700: CMD=`loc fingerd fingerd $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2701-
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2702- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2703: CMD=`loc in.fingerd in.fingerd $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2704- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2727- if [ -r ${ROOTDIR}etc/shells ]; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2728: SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2729- fi
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2751- TELNETD_INFECTED_LABEL='cterm100|vt350|VT100|ansi-term|/dev/hda[0-7]'
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2752: CMD=`loc telnetd telnetd $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2753-
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2754- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2755: CMD=`loc in.telnetd in.telnetd $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2756- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2798- else
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2799: if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2800- ${echo} -n "$1"
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2881-### PATH used by loc
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2882:pth=`echo $PATH | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2883-pth="$pth /sbin /usr/sbin /lib /usr/lib /usr/libexec ."
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2889- ### use the path provided with the -p option
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2890: chkrkpth=`echo ${CHKRKPATH} | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2891-fi
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2893-for file in $cmdlist; do
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2894: xxx=`loc $file $file $chkrkpth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2895- eval $file=$xxx
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2912-
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2913:SYSTEM=`${uname} -s`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2914:VERSION=`${uname} -r`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2915-if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2917-else
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2918: V=`echo $VERSION| ${sed} -e 's/[-_@].*//'| ${awk} -F . '{ print $1 "." $2 $3 }'`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2919-fi
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2923-{
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2924: if `$echo a | $head -n 1 >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2925: $head -n `echo $1 | tr -d "-"`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2926- else
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2950-
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2951:if [ `${id} | ${cut} -d= -f2 | ${cut} -d\( -f1` -ne 0 ]; then
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2952- echo "$0 needs root privileges"
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2981- ### remove trailing `/'
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:2982: ROOTDIR=`echo ${ROOTDIR} | ${sed} -e 's/\/*$//g'`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-2983-
##############################################
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-3006- netstat="netstat"
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit:3007: CMD=`loc ss ss $pth`
chkrootkit-0.53/.pc/08_unidentified.patch/chkrootkit-3008- [ ${?} -eq 0 ] && netstat="ss"
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-160- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:161: CMD=`loc asp asp $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-162-
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-225-
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:226: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:227: LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-228-
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-267- else
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:268: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-269-
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-295- fi
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:296: for P in `echo $PORT | ${sed} 's/|/ /g'`; do
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-297- if ${netstat} "${OPT}" | ${egrep} "^tcp.*LIST|^udp" | ${egrep} \
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-314- if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:315: `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-316- [ -x ./chkproc -a "`find /proc 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc"
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-325- [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:326: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-327- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-334- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:335: if `${egrep} -i adore < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-336- echo "Warning: Adore LKM installed"
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-340- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:341: if `${egrep} -i sebek < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-342- echo "Warning: Sebek LKM installed"
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-349-
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:350: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.11) print 1; else print 2 }'`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-351- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-591- ## rootedoor
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:592: for i in `$echo ${PATH}|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-593- expertmode_output "${ls} -l ${ROOTDIR}${i}/rootedoor"
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-651- var/spool/lp/admins/.lp var/adm/sa/.adm usr/lib/lib.so1.so"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:652: files=`${find} ${ROOTDIR}dev -type f -exec ${egrep} -l "^[0-5] " {} \;`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-653- if [ "${files}" != "" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-660- echo "Suspect directory ${i} FOUND! Looking for sniffer logs"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:661: files=`${find} ${ROOTDIR}${i}`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-662- echo
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-715- [ -d ${ROOTDIR}usr/local/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/local/lib"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:716: if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-717- "$SYSTEM" != "FreeBSD" ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-785-
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:786: files=`${find} ${DIR} -name ".[A-Za-z]*" -o -name "...*" -o -name ".. *"`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:787: dirs=`${find} ${DIR} -type d -name ".*"`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-788- if [ "${files}" = "" -a "${dirs}" = "" ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-831-
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:832: files=`${find} ${ROOTDIR}usr/bin -name mailrc`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-833- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-875-
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:876: files=`${find} ${CGIDIR} -name last.cgi`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-877- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-891- echo "${files}"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:892: files=`${find} ${ROOTDIR}usr/lib/lib ${ROOTDIR}usr/lib/libt 2>/dev/null`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-893- [ "${files}" != "" ] && echo ${files}
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-910-
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:911: files=`${find} ${ROOTDIR}dev -name chr`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-912- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-919- if [ "${QUIET}" != "t" ];then printn "Searching for Sadmind/IIS Worm... "; fi
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:920: files=`${find} ${ROOTDIR}dev/cuc 2> /dev/null`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-921- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-964- if [ "${QUIET}" != "t" ];then printn "Searching for T.R.K... "; fi
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:965: files=`${find} ${ROOTDIR}usr/bin -name xchk -o -name xsf >/dev/null 2>&1`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-966- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-974- if [ "${QUIET}" != "t" ];then printn "Searching for Mithra... "; fi
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:975: files=`${find} ${ROOTDIR}usr/lib/locale -name uboot 2> /dev/null`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-976- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-985- if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:986: files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-987- if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-996- if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:997: files=`find ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-998- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1148- found=0
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1149: for i in `$echo $PATH|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1150- if [ -f "${ROOTDIR}${i}/rootedoor" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1169- printn "Searching for common ssh-scanners default files... "; fi
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1170: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2 2> /dev/null`"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1171- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1210- printn "Searching for 64-bit Linux Rootkit modules... "; fi
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1211: files="`${find} ${ROOTDIR}/lib/modules ${findargs} -name module_init.ko 2 2> /dev/null`"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1212- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1234- printn "Searching for Backdoor.Linux.Mokes.a ... "; fi
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1235: files="`${find} ${ROOTDIR}tmp/ ${findargs} -name "ss0-[0-9]*" -o -name "kk-[0-9]*" 2> /dev/null`"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1236- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1244- printn "Searching for Malicious TinyDNS ... "; fi
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1245: files="`${find} "${ROOTDIR}home/ ./" 2> /dev/null`"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1246- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1254- printn "Searching for Linux.Xor.DDoS ... "; fi
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1255: files="`${find} ${ROOTDIR}tmp/ ${findargs} -executable -type f 2> /dev/null`"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1256- if [ "${files}" = "" ]; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1257: files="`${ls} ${ROOTDIR}etc/cron.hourly/udev.sh 2> /dev/null`"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1258- files="$files $($ls ${ROOTDIR}etc/cron.hourly/gcc.sh 2> /dev/null)"
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1309- printn "Searching for suspect PHP files... "; fi
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1310: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1311-if [ `echo abc | _head -1` = "abc" ]; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1312: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -n 1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1313-else
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1314: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1315-fi
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1330- if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1331: files=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' -size 0`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1332- [ ! -z "${files}" ] && \
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1333- echo "Warning: \`${files}' file size is zero"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1334: files1=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1335- [ ! -z "${files1}" ] && \
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1385- if [ -n "${RUNNING}" ]; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1386: for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1387- do
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1403-# cat <<EOF
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1404:#`$1 2>&1`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1405-#EOF
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1426- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1427: CMD=`loc chfn chfn $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1428- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1442- FreeBSD)
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1443: [ `echo $V | ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1444- if [ `${strings} -a ${CMD} | \
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1454- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1455: CMD=`loc chsh chsh $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1456- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1478- FreeBSD)
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1479: [ `echo $V | ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1480: if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1481- then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1489- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1490: CMD=`loc login login $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1491- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1511- TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1512: ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1513- if [ ${ret} -gt 0 ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1518- 2) [ "${SYSTEM}" = "FreeBSD" -o ${SYSTEM} = "NetBSD" -o ${SYSTEM} = \
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1519:"OpenBSD" -a `echo ${V} | ${awk} '{ if ($1 >= 2.8) print 1; else print 0 }'` -eq 1 ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1520- 6|7) [ "${SYSTEM}" = "HP-UX" ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1532- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1533: CMD=`loc passwd passwd $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1534-
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1585-SYSLOG_I_L="/usr/lib/pt07|/dev/pty[pqrs]|/dev/hd[als][0-7]|/dev/ddtz1|/dev/ptyxx|/dev/tux|syslogs\.h"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1586: CMD=`loc syslogd syslogd $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1587-
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1607- HDPARM_INFECTED_LABEL="/dev/ida"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1608: CMD=`loc hdparm hdparm $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1609- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1629- GPM_INFECTED_LABEL="mingetty"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1630: CMD=`loc gpm gpm $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1631- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1651- MINGETTY_INFECTED_LABEL="Dimensioni|pacchetto"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1652: CMD=`loc mingetty mingetty $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1653- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1673- SENDMAIL_INFECTED_LABEL="fuck"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1674: CMD=`loc sendmail sendmail $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1675- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1695-LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1696: CMD=`loc ls ls $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1697- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1717- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1718: CMD=`loc du du $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1719- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1739- NAMED_I_L="blah|bye"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1740: CMD=`loc named named $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1741-
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1742- if [ ! -r "${CMD}" ]; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1743: CMD=`loc in.named in.named $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1744- if [ ! -r "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1764-NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1765: CMD=`loc netstat netstat $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1766- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1788-/dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1789: CMD=`loc ps ps $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1790- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1811-
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1812: CMD=`loc pstree pstree $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1813- if [ ! -r "${CMD}" ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1833-
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1834: CMD=`loc crontab crontab $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1835-
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1859-
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1860: CMD=`loc top top $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1861-
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1881- TOP_INFECTED_LABEL="/dev/pty[pqrs]"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1882: CMD=`loc pidof pidof $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1883-
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1903- TOP_INFECTED_LABEL="/dev/ttyop|/dev/pty[pqrs]|/dev/hda[0-7]|/dev/hdp|/dev/ptyxx|/dev/tux|proc\.h"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1904: CMD=`loc killall killall $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1905-
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1951- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1952: CMD=`loc basename basename $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1953- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1980- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:1981: CMD=`loc dirname dirname $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-1982- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2005- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2006: CMD=`loc traceroute traceroute $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2007-
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2026- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2027: CMD=`loc rpcinfo rpcinfo $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2028-
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2053- S_L="/bin/.*sh"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2054: CMD=`loc date date $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2055- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2065- fi
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2066: [ "${SYSTEM}" = "FreeBSD" -a `echo $V | ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2067- {
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2088- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2089: CMD=`loc echo echo $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2090- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2114- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2115: CMD=`loc env env $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2116- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2141- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2142: CMD=`loc timed timed $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2143- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2144: CMD=`loc in.timed in.timed $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2145- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2162- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2163: CMD=`loc in.identd in.identd $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2164- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2181- INIT_INFECTED_LABEL="UPX"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2182: CMD=`loc init init $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2183- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2199- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2200: CMD=`loc in.pop2d in.pop2d $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2201- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2217- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2218: CMD=`loc in.pop3d in.pop3d $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2219- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2235- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2236: CMD=`loc write write $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2237- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2261- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2262: CMD=`loc w w $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2263- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2283- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2284: CMD=`loc vdir vdir $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2285- VDIR_INFECTED_LABEL="/lib/volc"
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2303- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2304: CMD=`loc tar tar $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2305- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2323- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2324: CMD=`loc in.rexedcs in.rexedcs $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2325- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2340- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2341: CMD=`loc mail mail $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2342- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2369- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2370: CMD=`loc biff biff $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2371- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2395- EGREP_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2396: CMD=`loc egrep egrep $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2397- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2417- GREP_INFECTED_LABEL="givemer"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2418: CMD=`loc grep grep $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2419- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2444- FIND_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|^/prof|/home/virus|/security|file\.h"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2445: CMD=`loc find find $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2446-
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2466- RLOGIN_INFECTED_LABEL="p1r0c4|r00t"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2467: CMD=`loc in.rlogind in.rlogind $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2468- if [ ! -x "${CMD}" ]; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2469: CMD=`loc rlogind rlogind $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2470- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2487- LSOF_INFECTED_LABEL="^/prof"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2488: CMD=`loc lsof lsof $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2489- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2505- AMD_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2506: CMD=`loc amd amd $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2507- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2523- SLOGIN_INFECTED_LABEL="homo"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2524: CMD=`loc slogin slogin $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2525- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2541- CRON_INFECTED_LABEL="/dev/hda|/dev/hda[0-7]|/dev/hdc0"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2542: CMD=`loc cron cron $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2543- if [ "${?}" -ne 0 ]; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2544: CMD=`loc crond crond $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2545- fi
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2562- STATUS=${INFECTED}
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2563: CMD=`loc ifconfig ifconfig $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2564- if [ "${?}" -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2592- FreeBSD) CMD="${ROOTDIR}usr/libexec/rshd";;
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2593: *) CMD=`loc rshd rshd $pth`;;
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2594- esac
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2635- if ${ps} auwx | ${egrep} xinetd | ${egrep} -v grep >/dev/null 2>&1; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2636: CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2637- fi
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2638: [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2639-
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2681- SU_INFECTED_LABEL="satori|vejeta|conf\.inv"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2682: CMD=`loc su su $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2683- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2703- FINGER_INFECTED_LABEL="cterm100|${GENERIC_ROOTKIT_LABEL}"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2704: CMD=`loc fingerd fingerd $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2705-
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2706- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2707: CMD=`loc in.fingerd in.fingerd $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2708- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2731- if [ -r ${ROOTDIR}etc/shells ]; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2732: SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2733- fi
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2755- TELNETD_INFECTED_LABEL='cterm100|vt350|VT100|ansi-term|/dev/hda[0-7]'
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2756: CMD=`loc telnetd telnetd $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2757-
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2758- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2759: CMD=`loc in.telnetd in.telnetd $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2760- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2802- else
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2803: if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2804- ${echo} -n "$1"
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2885-### PATH used by loc
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2886:pth=`echo $PATH | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2887-pth="$pth /sbin /usr/sbin /lib /usr/lib /usr/libexec ."
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2893- ### use the path provided with the -p option
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2894: chkrkpth=`echo ${CHKRKPATH} | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2895-fi
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2897-for file in $cmdlist; do
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2898: xxx=`loc $file $file $chkrkpth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2899- eval $file=$xxx
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2916-
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2917:SYSTEM=`${uname} -s`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2918:VERSION=`${uname} -r`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2919-if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2921-else
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2922: V=`echo $VERSION| ${sed} -e 's/[-_@].*//'| ${awk} -F . '{ print $1 "." $2 $3 }'`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2923-fi
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2927-{
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2928: if `$echo a | $head -n 1 >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2929: $head -n `echo $1 | tr -d "-"`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2930- else
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2954-
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2955:if [ `${id} | ${cut} -d= -f2 | ${cut} -d\( -f1` -ne 0 ]; then
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2956- echo "$0 needs root privileges"
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2985- ### remove trailing `/'
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:2986: ROOTDIR=`echo ${ROOTDIR} | ${sed} -e 's/\/*$//g'`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-2987-
##############################################
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-3010- netstat="netstat"
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit:3011: CMD=`loc ss ss $pth`
chkrootkit-0.53/.pc/09_excludes.patch/chkrootkit-3012- [ ${?} -eq 0 ] && netstat="ss"
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-160- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:161: CMD=`loc asp asp $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-162-
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-225-
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:226: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:227: LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-228-
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-267- else
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:268: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-269-
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-295- fi
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:296: for P in `echo $PORT | ${sed} 's/|/ /g'`; do
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-297- if ${netstat} "${OPT}" | ${egrep} "^tcp.*LIST|^udp" | ${egrep} \
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-314- if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:315: `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-316- [ -x ./chkproc -a "`find /proc 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc"
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-325- [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:326: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-327- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-334- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:335: if `${egrep} -i adore < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-336- echo "Warning: Adore LKM installed"
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-340- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:341: if `${egrep} -i sebek < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-342- echo "Warning: Sebek LKM installed"
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-349-
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:350: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.11) print 1; else print 2 }'`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-351- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-591- ## rootedoor
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:592: for i in `$echo ${PATH}|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-593- expertmode_output "${ls} -l ${ROOTDIR}${i}/rootedoor"
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-651- var/spool/lp/admins/.lp var/adm/sa/.adm usr/lib/lib.so1.so"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:652: files=`${find} ${ROOTDIR}dev -type f -exec ${egrep} -l "^[0-5] " {} \;`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-653- if [ "${files}" != "" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-660- echo "Suspect directory ${i} FOUND! Looking for sniffer logs"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:661: files=`${find} ${ROOTDIR}${i}`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-662- echo
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-731- [ -d ${ROOTDIR}usr/local/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/local/lib"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:732: if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-733- "$SYSTEM" != "FreeBSD" ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-774-
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:775: files=`${find} ${DIR} -name ".[A-Za-z]*" -o -name "...*" -o -name ".. *"`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:776: dirs=`${find} ${DIR} -type d -name ".*"`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-777- if [ "${files}" = "" -a "${dirs}" = "" ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-836-
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:837: files=`${find} ${ROOTDIR}usr/bin -name mailrc`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-838- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-880-
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:881: files=`${find} ${CGIDIR} -name last.cgi`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-882- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-896- echo "${files}"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:897: files=`${find} ${ROOTDIR}usr/lib/lib ${ROOTDIR}usr/lib/libt 2>/dev/null`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-898- [ "${files}" != "" ] && echo ${files}
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-915-
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:916: files=`${find} ${ROOTDIR}dev -name chr`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-917- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-924- if [ "${QUIET}" != "t" ];then printn "Searching for Sadmind/IIS Worm... "; fi
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:925: files=`${find} ${ROOTDIR}dev/cuc 2> /dev/null`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-926- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-969- if [ "${QUIET}" != "t" ];then printn "Searching for T.R.K... "; fi
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:970: files=`${find} ${ROOTDIR}usr/bin -name xchk -o -name xsf >/dev/null 2>&1`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-971- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-979- if [ "${QUIET}" != "t" ];then printn "Searching for Mithra... "; fi
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:980: files=`${find} ${ROOTDIR}usr/lib/locale -name uboot 2> /dev/null`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-981- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-990- if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:991: files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-992- if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1001- if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1002: files=`find ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1003- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1153- found=0
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1154: for i in `$echo $PATH|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1155- if [ -f "${ROOTDIR}${i}/rootedoor" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1174- printn "Searching for common ssh-scanners default files... "; fi
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1175: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2 2> /dev/null`"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1176- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1215- printn "Searching for 64-bit Linux Rootkit modules... "; fi
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1216: files="`${find} ${ROOTDIR}/lib/modules ${findargs} -name module_init.ko 2 2> /dev/null`"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1217- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1239- printn "Searching for Backdoor.Linux.Mokes.a ... "; fi
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1240: files="`${find} ${ROOTDIR}tmp/ ${findargs} -name "ss0-[0-9]*" -o -name "kk-[0-9]*" 2> /dev/null`"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1241- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1249- printn "Searching for Malicious TinyDNS ... "; fi
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1250: files="`${find} "${ROOTDIR}home/ ./" 2> /dev/null`"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1251- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1259- printn "Searching for Linux.Xor.DDoS ... "; fi
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1260: files="`${find} ${ROOTDIR}tmp/ ${findargs} -executable -type f 2> /dev/null`"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1261- if [ "${files}" = "" ]; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1262: files="`${ls} ${ROOTDIR}etc/cron.hourly/udev.sh 2> /dev/null`"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1263- files="$files $($ls ${ROOTDIR}etc/cron.hourly/gcc.sh 2> /dev/null)"
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1314- printn "Searching for suspect PHP files... "; fi
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1315: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1316-if [ `echo abc | _head -1` = "abc" ]; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1317: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -n 1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1318-else
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1319: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1320-fi
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1335- if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1336: files=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' -size 0`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1337- [ ! -z "${files}" ] && \
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1338- echo "Warning: \`${files}' file size is zero"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1339: files1=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1340- [ ! -z "${files1}" ] && \
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1390- if [ -n "${RUNNING}" ]; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1391: for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1392- do
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1408-# cat <<EOF
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1409:#`$1 2>&1`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1410-#EOF
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1431- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1432: CMD=`loc chfn chfn $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1433- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1447- FreeBSD)
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1448: [ `echo $V | ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1449- if [ `${strings} -a ${CMD} | \
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1459- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1460: CMD=`loc chsh chsh $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1461- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1483- FreeBSD)
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1484: [ `echo $V | ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1485: if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1486- then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1494- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1495: CMD=`loc login login $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1496- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1516- TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1517: ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1518- if [ ${ret} -gt 0 ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1523- 2) [ "${SYSTEM}" = "FreeBSD" -o ${SYSTEM} = "NetBSD" -o ${SYSTEM} = \
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1524:"OpenBSD" -a `echo ${V} | ${awk} '{ if ($1 >= 2.8) print 1; else print 0 }'` -eq 1 ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1525- 6|7) [ "${SYSTEM}" = "HP-UX" ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1537- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1538: CMD=`loc passwd passwd $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1539-
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1590-SYSLOG_I_L="/usr/lib/pt07|/dev/pty[pqrs]|/dev/hd[als][0-7]|/dev/ddtz1|/dev/ptyxx|/dev/tux|syslogs\.h"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1591: CMD=`loc syslogd syslogd $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1592-
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1612- HDPARM_INFECTED_LABEL="/dev/ida"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1613: CMD=`loc hdparm hdparm $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1614- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1634- GPM_INFECTED_LABEL="mingetty"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1635: CMD=`loc gpm gpm $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1636- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1656- MINGETTY_INFECTED_LABEL="Dimensioni|pacchetto"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1657: CMD=`loc mingetty mingetty $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1658- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1678- SENDMAIL_INFECTED_LABEL="fuck"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1679: CMD=`loc sendmail sendmail $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1680- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1700-LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1701: CMD=`loc ls ls $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1702- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1722- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1723: CMD=`loc du du $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1724- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1744- NAMED_I_L="blah|bye"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1745: CMD=`loc named named $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1746-
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1747- if [ ! -r "${CMD}" ]; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1748: CMD=`loc in.named in.named $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1749- if [ ! -r "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1769-NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1770: CMD=`loc netstat netstat $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1771- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1793-/dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1794: CMD=`loc ps ps $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1795- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1816-
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1817: CMD=`loc pstree pstree $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1818- if [ ! -r "${CMD}" ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1838-
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1839: CMD=`loc crontab crontab $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1840-
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1864-
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1865: CMD=`loc top top $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1866-
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1886- TOP_INFECTED_LABEL="/dev/pty[pqrs]"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1887: CMD=`loc pidof pidof $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1888-
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1908- TOP_INFECTED_LABEL="/dev/ttyop|/dev/pty[pqrs]|/dev/hda[0-7]|/dev/hdp|/dev/ptyxx|/dev/tux|proc\.h"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1909: CMD=`loc killall killall $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1910-
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1956- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1957: CMD=`loc basename basename $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1958- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1985- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:1986: CMD=`loc dirname dirname $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-1987- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2010- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2011: CMD=`loc traceroute traceroute $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2012-
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2031- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2032: CMD=`loc rpcinfo rpcinfo $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2033-
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2058- S_L="/bin/.*sh"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2059: CMD=`loc date date $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2060- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2070- fi
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2071: [ "${SYSTEM}" = "FreeBSD" -a `echo $V | ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2072- {
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2093- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2094: CMD=`loc echo echo $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2095- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2119- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2120: CMD=`loc env env $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2121- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2146- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2147: CMD=`loc timed timed $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2148- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2149: CMD=`loc in.timed in.timed $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2150- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2167- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2168: CMD=`loc in.identd in.identd $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2169- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2186- INIT_INFECTED_LABEL="UPX"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2187: CMD=`loc init init $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2188- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2204- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2205: CMD=`loc in.pop2d in.pop2d $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2206- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2222- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2223: CMD=`loc in.pop3d in.pop3d $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2224- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2240- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2241: CMD=`loc write write $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2242- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2266- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2267: CMD=`loc w w $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2268- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2288- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2289: CMD=`loc vdir vdir $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2290- VDIR_INFECTED_LABEL="/lib/volc"
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2308- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2309: CMD=`loc tar tar $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2310- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2328- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2329: CMD=`loc in.rexedcs in.rexedcs $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2330- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2345- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2346: CMD=`loc mail mail $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2347- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2374- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2375: CMD=`loc biff biff $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2376- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2400- EGREP_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2401: CMD=`loc egrep egrep $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2402- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2422- GREP_INFECTED_LABEL="givemer"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2423: CMD=`loc grep grep $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2424- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2449- FIND_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|^/prof|/home/virus|/security|file\.h"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2450: CMD=`loc find find $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2451-
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2471- RLOGIN_INFECTED_LABEL="p1r0c4|r00t"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2472: CMD=`loc in.rlogind in.rlogind $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2473- if [ ! -x "${CMD}" ]; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2474: CMD=`loc rlogind rlogind $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2475- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2492- LSOF_INFECTED_LABEL="^/prof"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2493: CMD=`loc lsof lsof $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2494- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2510- AMD_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2511: CMD=`loc amd amd $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2512- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2528- SLOGIN_INFECTED_LABEL="homo"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2529: CMD=`loc slogin slogin $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2530- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2546- CRON_INFECTED_LABEL="/dev/hda|/dev/hda[0-7]|/dev/hdc0"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2547: CMD=`loc cron cron $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2548- if [ "${?}" -ne 0 ]; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2549: CMD=`loc crond crond $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2550- fi
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2567- STATUS=${INFECTED}
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2568: CMD=`loc ifconfig ifconfig $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2569- if [ "${?}" -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2597- FreeBSD) CMD="${ROOTDIR}usr/libexec/rshd";;
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2598: *) CMD=`loc rshd rshd $pth`;;
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2599- esac
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2640- if ${ps} auwx | ${egrep} xinetd | ${egrep} -v grep >/dev/null 2>&1; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2641: CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2642- fi
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2643: [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2644-
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2686- SU_INFECTED_LABEL="satori|vejeta|conf\.inv"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2687: CMD=`loc su su $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2688- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2708- FINGER_INFECTED_LABEL="cterm100|${GENERIC_ROOTKIT_LABEL}"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2709: CMD=`loc fingerd fingerd $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2710-
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2711- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2712: CMD=`loc in.fingerd in.fingerd $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2713- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2736- if [ -r ${ROOTDIR}etc/shells ]; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2737: SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2738- fi
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2760- TELNETD_INFECTED_LABEL='cterm100|vt350|VT100|ansi-term|/dev/hda[0-7]'
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2761: CMD=`loc telnetd telnetd $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2762-
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2763- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2764: CMD=`loc in.telnetd in.telnetd $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2765- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2807- else
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2808: if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2809- ${echo} -n "$1"
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2895-### PATH used by loc
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2896:pth=`echo $PATH | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2897-pth="$pth /sbin /usr/sbin /lib /usr/lib /usr/libexec ."
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2903- ### use the path provided with the -p option
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2904: chkrkpth=`echo ${CHKRKPATH} | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2905-fi
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2907-for file in $cmdlist; do
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2908: xxx=`loc $file $file $chkrkpth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2909- eval $file=$xxx
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2926-
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2927:SYSTEM=`${uname} -s`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2928:VERSION=`${uname} -r`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2929-if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2931-else
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2932: V=`echo $VERSION| ${sed} -e 's/[-_@].*//'| ${awk} -F . '{ print $1 "." $2 $3 }'`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2933-fi
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2937-{
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2938: if `$echo a | $head -n 1 >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2939: $head -n `echo $1 | tr -d "-"`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2940- else
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2964-
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2965:if [ `${id} | ${cut} -d= -f2 | ${cut} -d\( -f1` -ne 0 ]; then
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2966- echo "$0 needs root privileges"
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2995- ### remove trailing `/'
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:2996: ROOTDIR=`echo ${ROOTDIR} | ${sed} -e 's/\/*$//g'`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-2997-
##############################################
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-3020- netstat="netstat"
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit:3021: CMD=`loc ss ss $pth`
chkrootkit-0.53/.pc/13_exitcode.patch/chkrootkit-3022- [ ${?} -eq 0 ] && netstat="ss"
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-160- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:161: CMD=`loc asp asp $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-162-
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-225-
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:226: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:227: LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-228-
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-267- else
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:268: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-269-
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-295- fi
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:296: for P in `echo $PORT | ${sed} 's/|/ /g'`; do
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-297- if ${netstat} "${OPT}" | ${egrep} "^tcp.*LIST|^udp" | ${egrep} \
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-314- if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:315: `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-316- [ -x ./chkproc -a "`find /proc 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc"
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-325- [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:326: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-327- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-334- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:335: if `${egrep} -i adore < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-336- echo "Warning: Adore LKM installed"
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-340- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:341: if `${egrep} -i sebek < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-342- echo "Warning: Sebek LKM installed"
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-349-
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:350: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.11) print 1; else print 2 }'`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-351- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-591- ## rootedoor
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:592: for i in `$echo ${PATH}|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-593- expertmode_output "${ls} -l ${ROOTDIR}${i}/rootedoor"
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-651- var/spool/lp/admins/.lp var/adm/sa/.adm usr/lib/lib.so1.so"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:652: files=`${find} ${ROOTDIR}dev -type f -exec ${egrep} -l "^[0-5] " {} \;`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-653- if [ "${files}" != "" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-660- echo "Suspect directory ${i} FOUND! Looking for sniffer logs"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:661: files=`${find} ${ROOTDIR}${i}`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-662- echo
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-731- [ -d ${ROOTDIR}usr/local/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/local/lib"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:732: if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-733- "$SYSTEM" != "FreeBSD" ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-774-
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:775: files=`${find} ${DIR} -name ".[A-Za-z]*" -o -name "...*" -o -name ".. *"`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:776: dirs=`${find} ${DIR} -type d -name ".*"`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-777- if [ "${files}" = "" -a "${dirs}" = "" ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-836-
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:837: files=`${find} ${ROOTDIR}usr/bin -name mailrc`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-838- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-880-
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:881: files=`${find} ${CGIDIR} -name last.cgi`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-882- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-896- echo "${files}"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:897: files=`${find} ${ROOTDIR}usr/lib/lib ${ROOTDIR}usr/lib/libt 2>/dev/null`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-898- [ "${files}" != "" ] && echo ${files}
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-915-
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:916: files=`${find} ${ROOTDIR}dev -name chr`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-917- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-924- if [ "${QUIET}" != "t" ];then printn "Searching for Sadmind/IIS Worm... "; fi
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:925: files=`${find} ${ROOTDIR}dev/cuc 2> /dev/null`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-926- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-969- if [ "${QUIET}" != "t" ];then printn "Searching for T.R.K... "; fi
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:970: files=`${find} ${ROOTDIR}usr/bin -name xchk -o -name xsf >/dev/null 2>&1`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-971- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-979- if [ "${QUIET}" != "t" ];then printn "Searching for Mithra... "; fi
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:980: files=`${find} ${ROOTDIR}usr/lib/locale -name uboot 2> /dev/null`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-981- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-990- if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:991: files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-992- if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1001- if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1002: files=`find ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1003- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1153- found=0
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1154: for i in `$echo $PATH|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1155- if [ -f "${ROOTDIR}${i}/rootedoor" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1174- printn "Searching for common ssh-scanners default files... "; fi
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1175: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2 2> /dev/null`"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1176- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1215- printn "Searching for 64-bit Linux Rootkit modules... "; fi
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1216: files="`${find} ${ROOTDIR}/lib/modules ${findargs} -name module_init.ko 2 2> /dev/null`"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1217- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1239- printn "Searching for Backdoor.Linux.Mokes.a ... "; fi
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1240: files="`${find} ${ROOTDIR}tmp/ ${findargs} -name "ss0-[0-9]*" -o -name "kk-[0-9]*" 2> /dev/null`"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1241- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1249- printn "Searching for Malicious TinyDNS ... "; fi
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1250: files="`${find} "${ROOTDIR}home/ ./" 2> /dev/null`"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1251- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1259- printn "Searching for Linux.Xor.DDoS ... "; fi
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1260: files="`${find} ${ROOTDIR}tmp/ ${findargs} -executable -type f 2> /dev/null`"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1261- if [ "${files}" = "" ]; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1262: files="`${ls} ${ROOTDIR}etc/cron.hourly/udev.sh 2> /dev/null`"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1263- files="$files $($ls ${ROOTDIR}etc/cron.hourly/gcc.sh 2> /dev/null)"
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1314- printn "Searching for suspect PHP files... "; fi
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1315: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1316-if [ `echo abc | _head -1` = "abc" ]; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1317: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -n 1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1318-else
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1319: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -1 {} \; | ${egrep} '^#!.*php' 2> /dev/null`"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1320-fi
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1335- if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1336: files=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' -size 0`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1337- [ ! -z "${files}" ] && \
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1338- echo "Warning: \`${files}' file size is zero"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1339: files1=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1340- [ ! -z "${files1}" ] && \
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1390- if [ -n "${RUNNING}" ]; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1391: for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1392- do
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1408-# cat <<EOF
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1409:#`$1 2>&1`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1410-#EOF
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1431- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1432: CMD=`loc chfn chfn $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1433- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1447- FreeBSD)
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1448: [ `echo $V | ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1449- if [ `${strings} -a ${CMD} | \
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1459- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1460: CMD=`loc chsh chsh $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1461- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1483- FreeBSD)
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1484: [ `echo $V | ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1485: if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1486- then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1494- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1495: CMD=`loc login login $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1496- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1516- TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1517: ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1518- if [ ${ret} -gt 0 ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1523- 2) [ "${SYSTEM}" = "FreeBSD" -o ${SYSTEM} = "NetBSD" -o ${SYSTEM} = \
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1524:"OpenBSD" -a `echo ${V} | ${awk} '{ if ($1 >= 2.8) print 1; else print 0 }'` -eq 1 ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1525- 6|7) [ "${SYSTEM}" = "HP-UX" ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1537- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1538: CMD=`loc passwd passwd $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1539-
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1590-SYSLOG_I_L="/usr/lib/pt07|/dev/pty[pqrs]|/dev/hd[als][0-7]|/dev/ddtz1|/dev/ptyxx|/dev/tux|syslogs\.h"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1591: CMD=`loc syslogd syslogd $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1592-
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1612- HDPARM_INFECTED_LABEL="/dev/ida"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1613: CMD=`loc hdparm hdparm $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1614- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1634- GPM_INFECTED_LABEL="mingetty"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1635: CMD=`loc gpm gpm $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1636- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1656- MINGETTY_INFECTED_LABEL="Dimensioni|pacchetto"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1657: CMD=`loc mingetty mingetty $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1658- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1678- SENDMAIL_INFECTED_LABEL="fuck"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1679: CMD=`loc sendmail sendmail $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1680- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1700-LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1701: CMD=`loc ls ls $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1702- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1722- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1723: CMD=`loc du du $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1724- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1744- NAMED_I_L="blah|bye"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1745: CMD=`loc named named $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1746-
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1747- if [ ! -r "${CMD}" ]; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1748: CMD=`loc in.named in.named $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1749- if [ ! -r "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1769-NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1770: CMD=`loc netstat netstat $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1771- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1793-/dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1794: CMD=`loc ps ps $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1795- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1816-
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1817: CMD=`loc pstree pstree $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1818- if [ ! -r "${CMD}" ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1838-
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1839: CMD=`loc crontab crontab $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1840-
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1864-
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1865: CMD=`loc top top $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1866-
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1886- TOP_INFECTED_LABEL="/dev/pty[pqrs]"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1887: CMD=`loc pidof pidof $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1888-
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1908- TOP_INFECTED_LABEL="/dev/ttyop|/dev/pty[pqrs]|/dev/hda[0-7]|/dev/hdp|/dev/ptyxx|/dev/tux|proc\.h"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1909: CMD=`loc killall killall $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1910-
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1956- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1957: CMD=`loc basename basename $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1958- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1985- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:1986: CMD=`loc dirname dirname $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-1987- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2010- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2011: CMD=`loc traceroute traceroute $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2012-
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2031- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2032: CMD=`loc rpcinfo rpcinfo $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2033-
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2058- S_L="/bin/.*sh"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2059: CMD=`loc date date $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2060- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2070- fi
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2071: [ "${SYSTEM}" = "FreeBSD" -a `echo $V | ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2072- {
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2093- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2094: CMD=`loc echo echo $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2095- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2119- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2120: CMD=`loc env env $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2121- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2146- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2147: CMD=`loc timed timed $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2148- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2149: CMD=`loc in.timed in.timed $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2150- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2167- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2168: CMD=`loc in.identd in.identd $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2169- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2186- INIT_INFECTED_LABEL="UPX"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2187: CMD=`loc init init $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2188- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2204- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2205: CMD=`loc in.pop2d in.pop2d $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2206- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2222- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2223: CMD=`loc in.pop3d in.pop3d $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2224- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2240- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2241: CMD=`loc write write $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2242- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2266- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2267: CMD=`loc w w $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2268- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2288- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2289: CMD=`loc vdir vdir $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2290- VDIR_INFECTED_LABEL="/lib/volc"
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2308- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2309: CMD=`loc tar tar $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2310- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2328- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2329: CMD=`loc in.rexedcs in.rexedcs $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2330- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2345- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2346: CMD=`loc mail mail $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2347- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2374- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2375: CMD=`loc biff biff $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2376- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2400- EGREP_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2401: CMD=`loc egrep egrep $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2402- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2422- GREP_INFECTED_LABEL="givemer"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2423: CMD=`loc grep grep $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2424- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2449- FIND_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|^/prof|/home/virus|/security|file\.h"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2450: CMD=`loc find find $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2451-
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2471- RLOGIN_INFECTED_LABEL="p1r0c4|r00t"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2472: CMD=`loc in.rlogind in.rlogind $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2473- if [ ! -x "${CMD}" ]; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2474: CMD=`loc rlogind rlogind $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2475- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2492- LSOF_INFECTED_LABEL="^/prof"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2493: CMD=`loc lsof lsof $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2494- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2510- AMD_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2511: CMD=`loc amd amd $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2512- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2528- SLOGIN_INFECTED_LABEL="homo"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2529: CMD=`loc slogin slogin $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2530- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2546- CRON_INFECTED_LABEL="/dev/hda|/dev/hda[0-7]|/dev/hdc0"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2547: CMD=`loc cron cron $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2548- if [ "${?}" -ne 0 ]; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2549: CMD=`loc crond crond $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2550- fi
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2567- STATUS=${INFECTED}
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2568: CMD=`loc ifconfig ifconfig $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2569- if [ "${?}" -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2597- FreeBSD) CMD="${ROOTDIR}usr/libexec/rshd";;
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2598: *) CMD=`loc rshd rshd $pth`;;
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2599- esac
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2640- if ${ps} auwx | ${egrep} xinetd | ${egrep} -v grep >/dev/null 2>&1; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2641: CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2642- fi
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2643: [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2644-
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2686- SU_INFECTED_LABEL="satori|vejeta|conf\.inv"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2687: CMD=`loc su su $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2688- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2708- FINGER_INFECTED_LABEL="cterm100|${GENERIC_ROOTKIT_LABEL}"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2709: CMD=`loc fingerd fingerd $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2710-
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2711- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2712: CMD=`loc in.fingerd in.fingerd $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2713- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2736- if [ -r ${ROOTDIR}etc/shells ]; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2737: SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2738- fi
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2760- TELNETD_INFECTED_LABEL='cterm100|vt350|VT100|ansi-term|/dev/hda[0-7]'
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2761: CMD=`loc telnetd telnetd $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2762-
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2763- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2764: CMD=`loc in.telnetd in.telnetd $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2765- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2807- else
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2808: if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2809- ${echo} -n "$1"
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2895-### PATH used by loc
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2896:pth=`echo $PATH | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2897-pth="$pth /sbin /usr/sbin /lib /usr/lib /usr/libexec ."
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2903- ### use the path provided with the -p option
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2904: chkrkpth=`echo ${CHKRKPATH} | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2905-fi
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2907-for file in $cmdlist; do
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2908: xxx=`loc $file $file $chkrkpth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2909- eval $file=$xxx
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2926-
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2927:SYSTEM=`${uname} -s`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2928:VERSION=`${uname} -r`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2929-if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2931-else
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2932: V=`echo $VERSION| ${sed} -e 's/[-_@].*//'| ${awk} -F . '{ print $1 "." $2 $3 }'`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2933-fi
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2937-{
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2938: if `$echo a | $head -n 1 >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2939: $head -n `echo $1 | tr -d "-"`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2940- else
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2964-
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2965:if [ `${id} | ${cut} -d= -f2 | ${cut} -d\( -f1` -ne 0 ]; then
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2966- echo "$0 needs root privileges"
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2995- ### remove trailing `/'
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:2996: ROOTDIR=`echo ${ROOTDIR} | ${sed} -e 's/\/*$//g'`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-2997-
##############################################
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-3020- netstat="netstat"
chkrootkit-0.53/.pc/16_php.patch/chkrootkit:3021: CMD=`loc ss ss $pth`
chkrootkit-0.53/.pc/16_php.patch/chkrootkit-3022- [ ${?} -eq 0 ] && netstat="ss"
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-160- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:161: CMD=`loc asp asp $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-162-
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-225-
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:226: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:227: LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-228-
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-267- else
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:268: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-269-
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-295- fi
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:296: for P in `echo $PORT | ${sed} 's/|/ /g'`; do
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-297- if ${netstat} "${OPT}" | ${egrep} "^tcp.*LIST|^udp" | ${egrep} \
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-314- if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:315: `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-316- [ -x ./chkproc -a "`find /proc 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc"
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-325- [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:326: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-327- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-334- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:335: if `${egrep} -i adore < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-336- echo "Warning: Adore LKM installed"
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-340- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:341: if `${egrep} -i sebek < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-342- echo "Warning: Sebek LKM installed"
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-349-
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:350: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.11) print 1; else print 2 }'`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-351- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-591- ## rootedoor
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:592: for i in `$echo ${PATH}|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-593- expertmode_output "${ls} -l ${ROOTDIR}${i}/rootedoor"
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-651- var/spool/lp/admins/.lp var/adm/sa/.adm usr/lib/lib.so1.so"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:652: files=`${find} ${ROOTDIR}dev -type f -exec ${egrep} -l "^[0-5] " {} \;`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-653- if [ "${files}" != "" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-660- echo "Suspect directory ${i} FOUND! Looking for sniffer logs"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:661: files=`${find} ${ROOTDIR}${i}`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-662- echo
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-731- [ -d ${ROOTDIR}usr/local/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/local/lib"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:732: if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-733- "$SYSTEM" != "FreeBSD" ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-774-
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:775: files=`${find} ${DIR} -name ".[A-Za-z]*" -o -name "...*" -o -name ".. *"`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:776: dirs=`${find} ${DIR} -type d -name ".*"`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-777- if [ "${files}" = "" -a "${dirs}" = "" ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-836-
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:837: files=`${find} ${ROOTDIR}usr/bin -name mailrc`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-838- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-880-
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:881: files=`${find} ${CGIDIR} -name last.cgi`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-882- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-896- echo "${files}"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:897: files=`${find} ${ROOTDIR}usr/lib/lib ${ROOTDIR}usr/lib/libt 2>/dev/null`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-898- [ "${files}" != "" ] && echo ${files}
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-915-
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:916: files=`${find} ${ROOTDIR}dev -name chr`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-917- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-924- if [ "${QUIET}" != "t" ];then printn "Searching for Sadmind/IIS Worm... "; fi
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:925: files=`${find} ${ROOTDIR}dev/cuc 2> /dev/null`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-926- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-969- if [ "${QUIET}" != "t" ];then printn "Searching for T.R.K... "; fi
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:970: files=`${find} ${ROOTDIR}usr/bin -name xchk -o -name xsf >/dev/null 2>&1`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-971- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-979- if [ "${QUIET}" != "t" ];then printn "Searching for Mithra... "; fi
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:980: files=`${find} ${ROOTDIR}usr/lib/locale -name uboot 2> /dev/null`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-981- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-990- if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:991: files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-992- if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1001- if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1002: files=`find ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1003- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1153- found=0
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1154: for i in `$echo $PATH|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1155- if [ -f "${ROOTDIR}${i}/rootedoor" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1174- printn "Searching for common ssh-scanners default files... "; fi
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1175: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2 2> /dev/null`"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1176- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1215- printn "Searching for 64-bit Linux Rootkit modules... "; fi
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1216: files="`${find} ${ROOTDIR}/lib/modules ${findargs} -name module_init.ko 2 2> /dev/null`"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1217- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1239- printn "Searching for Backdoor.Linux.Mokes.a ... "; fi
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1240: files="`${find} ${ROOTDIR}tmp/ ${findargs} -name "ss0-[0-9]*" -o -name "kk-[0-9]*" 2> /dev/null`"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1241- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1249- printn "Searching for Malicious TinyDNS ... "; fi
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1250: files="`${find} "${ROOTDIR}home/ ./" 2> /dev/null`"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1251- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1259- printn "Searching for Linux.Xor.DDoS ... "; fi
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1260: files="`${find} ${ROOTDIR}tmp/ ${findargs} -executable -type f 2> /dev/null`"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1261- if [ "${files}" = "" ]; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1262: files="`${ls} ${ROOTDIR}etc/cron.hourly/udev.sh 2> /dev/null`"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1263- files="$files $($ls ${ROOTDIR}etc/cron.hourly/gcc.sh 2> /dev/null)"
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1314- printn "Searching for suspect PHP files... "; fi
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1315: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1316-if [ `echo abc | _head -1` = "abc" ]; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1317: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -n 1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1318-else
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1319: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1320-fi
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1335- if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1336: files=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' -size 0`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1337- [ ! -z "${files}" ] && \
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1338- echo "Warning: \`${files}' file size is zero"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1339: files1=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1340- [ ! -z "${files1}" ] && \
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1390- if [ -n "${RUNNING}" ]; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1391: for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1392- do
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1408-# cat <<EOF
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1409:#`$1 2>&1`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1410-#EOF
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1431- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1432: CMD=`loc chfn chfn $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1433- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1447- FreeBSD)
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1448: [ `echo $V | ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1449- if [ `${strings} -a ${CMD} | \
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1459- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1460: CMD=`loc chsh chsh $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1461- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1483- FreeBSD)
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1484: [ `echo $V | ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1485: if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1486- then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1494- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1495: CMD=`loc login login $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1496- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1516- TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1517: ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1518- if [ ${ret} -gt 0 ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1523- 2) [ "${SYSTEM}" = "FreeBSD" -o ${SYSTEM} = "NetBSD" -o ${SYSTEM} = \
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1524:"OpenBSD" -a `echo ${V} | ${awk} '{ if ($1 >= 2.8) print 1; else print 0 }'` -eq 1 ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1525- 6|7) [ "${SYSTEM}" = "HP-UX" ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1537- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1538: CMD=`loc passwd passwd $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1539-
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1590-SYSLOG_I_L="/usr/lib/pt07|/dev/pty[pqrs]|/dev/hd[als][0-7]|/dev/ddtz1|/dev/ptyxx|/dev/tux|syslogs\.h"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1591: CMD=`loc syslogd syslogd $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1592-
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1612- HDPARM_INFECTED_LABEL="/dev/ida"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1613: CMD=`loc hdparm hdparm $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1614- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1634- GPM_INFECTED_LABEL="mingetty"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1635: CMD=`loc gpm gpm $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1636- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1656- MINGETTY_INFECTED_LABEL="Dimensioni|pacchetto"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1657: CMD=`loc mingetty mingetty $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1658- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1678- SENDMAIL_INFECTED_LABEL="fuck"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1679: CMD=`loc sendmail sendmail $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1680- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1700-LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1701: CMD=`loc ls ls $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1702- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1722- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1723: CMD=`loc du du $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1724- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1744- NAMED_I_L="blah|bye"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1745: CMD=`loc named named $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1746-
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1747- if [ ! -r "${CMD}" ]; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1748: CMD=`loc in.named in.named $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1749- if [ ! -r "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1769-NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1770: CMD=`loc netstat netstat $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1771- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1793-/dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1794: CMD=`loc ps ps $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1795- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1816-
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1817: CMD=`loc pstree pstree $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1818- if [ ! -r "${CMD}" ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1838-
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1839: CMD=`loc crontab crontab $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1840-
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1864-
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1865: CMD=`loc top top $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1866-
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1886- TOP_INFECTED_LABEL="/dev/pty[pqrs]"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1887: CMD=`loc pidof pidof $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1888-
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1908- TOP_INFECTED_LABEL="/dev/ttyop|/dev/pty[pqrs]|/dev/hda[0-7]|/dev/hdp|/dev/ptyxx|/dev/tux|proc\.h"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1909: CMD=`loc killall killall $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1910-
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1956- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1957: CMD=`loc basename basename $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1958- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1985- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:1986: CMD=`loc dirname dirname $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-1987- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2010- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2011: CMD=`loc traceroute traceroute $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2012-
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2031- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2032: CMD=`loc rpcinfo rpcinfo $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2033-
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2058- S_L="/bin/.*sh"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2059: CMD=`loc date date $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2060- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2070- fi
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2071: [ "${SYSTEM}" = "FreeBSD" -a `echo $V | ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2072- {
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2093- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2094: CMD=`loc echo echo $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2095- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2119- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2120: CMD=`loc env env $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2121- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2146- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2147: CMD=`loc timed timed $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2148- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2149: CMD=`loc in.timed in.timed $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2150- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2167- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2168: CMD=`loc in.identd in.identd $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2169- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2186- INIT_INFECTED_LABEL="UPX"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2187: CMD=`loc init init $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2188- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2204- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2205: CMD=`loc in.pop2d in.pop2d $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2206- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2222- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2223: CMD=`loc in.pop3d in.pop3d $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2224- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2240- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2241: CMD=`loc write write $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2242- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2266- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2267: CMD=`loc w w $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2268- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2288- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2289: CMD=`loc vdir vdir $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2290- VDIR_INFECTED_LABEL="/lib/volc"
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2308- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2309: CMD=`loc tar tar $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2310- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2328- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2329: CMD=`loc in.rexedcs in.rexedcs $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2330- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2345- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2346: CMD=`loc mail mail $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2347- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2374- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2375: CMD=`loc biff biff $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2376- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2400- EGREP_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2401: CMD=`loc egrep egrep $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2402- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2422- GREP_INFECTED_LABEL="givemer"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2423: CMD=`loc grep grep $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2424- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2449- FIND_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|^/prof|/home/virus|/security|file\.h"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2450: CMD=`loc find find $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2451-
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2471- RLOGIN_INFECTED_LABEL="p1r0c4|r00t"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2472: CMD=`loc in.rlogind in.rlogind $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2473- if [ ! -x "${CMD}" ]; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2474: CMD=`loc rlogind rlogind $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2475- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2492- LSOF_INFECTED_LABEL="^/prof"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2493: CMD=`loc lsof lsof $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2494- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2510- AMD_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2511: CMD=`loc amd amd $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2512- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2528- SLOGIN_INFECTED_LABEL="homo"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2529: CMD=`loc slogin slogin $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2530- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2546- CRON_INFECTED_LABEL="/dev/hda|/dev/hda[0-7]|/dev/hdc0"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2547: CMD=`loc cron cron $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2548- if [ "${?}" -ne 0 ]; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2549: CMD=`loc crond crond $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2550- fi
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2567- STATUS=${INFECTED}
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2568: CMD=`loc ifconfig ifconfig $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2569- if [ "${?}" -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2597- FreeBSD) CMD="${ROOTDIR}usr/libexec/rshd";;
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2598: *) CMD=`loc rshd rshd $pth`;;
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2599- esac
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2640- if ${ps} auwx | ${egrep} xinetd | ${egrep} -v grep >/dev/null 2>&1; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2641: CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2642- fi
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2643: [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2644-
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2686- SU_INFECTED_LABEL="satori|vejeta|conf\.inv"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2687: CMD=`loc su su $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2688- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2708- FINGER_INFECTED_LABEL="cterm100|${GENERIC_ROOTKIT_LABEL}"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2709: CMD=`loc fingerd fingerd $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2710-
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2711- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2712: CMD=`loc in.fingerd in.fingerd $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2713- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2736- if [ -r ${ROOTDIR}etc/shells ]; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2737: SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2738- fi
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2760- TELNETD_INFECTED_LABEL='cterm100|vt350|VT100|ansi-term|/dev/hda[0-7]'
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2761: CMD=`loc telnetd telnetd $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2762-
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2763- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2764: CMD=`loc in.telnetd in.telnetd $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2765- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2807- else
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2808: if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2809- ${echo} -n "$1"
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2895-### PATH used by loc
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2896:pth=`echo $PATH | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2897-pth="$pth /sbin /usr/sbin /lib /usr/lib /usr/libexec ."
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2903- ### use the path provided with the -p option
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2904: chkrkpth=`echo ${CHKRKPATH} | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2905-fi
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2907-for file in $cmdlist; do
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2908: xxx=`loc $file $file $chkrkpth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2909- eval $file=$xxx
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2926-
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2927:SYSTEM=`${uname} -s`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2928:VERSION=`${uname} -r`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2929-if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2931-else
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2932: V=`echo $VERSION| ${sed} -e 's/[-_@].*//'| ${awk} -F . '{ print $1 "." $2 $3 }'`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2933-fi
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2937-{
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2938: if `$echo a | $head -n 1 >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2939: $head -n `echo $1 | tr -d "-"`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2940- else
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2964-
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2965:if [ `${id} | ${cut} -d= -f2 | ${cut} -d\( -f1` -ne 0 ]; then
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2966- echo "$0 needs root privileges"
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2995- ### remove trailing `/'
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:2996: ROOTDIR=`echo ${ROOTDIR} | ${sed} -e 's/\/*$//g'`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-2997-
##############################################
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-3020- netstat="netstat"
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit:3021: CMD=`loc ss ss $pth`
chkrootkit-0.53/.pc/17_Suckitfalse.patch/chkrootkit-3022- [ ${?} -eq 0 ] && netstat="ss"
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-160- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:161: CMD=`loc asp asp $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-162-
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-225-
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:226: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:227: LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-228-
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-267- else
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:268: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-269-
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-295- fi
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:296: for P in `echo $PORT | ${sed} 's/|/ /g'`; do
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-297- if ${netstat} "${OPT}" | ${egrep} "^tcp.*LIST|^udp" | ${egrep} \
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-314- if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:315: `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-316- [ -x ./chkproc -a "`find /proc 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc"
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-325- [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:326: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-327- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-334- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:335: if `${egrep} -i adore < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-336- echo "Warning: Adore LKM installed"
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-340- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:341: if `${egrep} -i sebek < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-342- echo "Warning: Sebek LKM installed"
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-349-
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:350: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.11) print 1; else print 2 }'`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-351- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-591- ## rootedoor
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:592: for i in `$echo ${PATH}|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-593- expertmode_output "${ls} -l ${ROOTDIR}${i}/rootedoor"
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-651- var/spool/lp/admins/.lp var/adm/sa/.adm usr/lib/lib.so1.so"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:652: files=`${find} ${ROOTDIR}dev -type f -exec ${egrep} -l "^[0-5] " {} \;`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-653- if [ "${files}" != "" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-660- echo "Suspect directory ${i} FOUND! Looking for sniffer logs"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:661: files=`${find} ${ROOTDIR}${i}`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-662- echo
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-731- [ -d ${ROOTDIR}usr/local/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/local/lib"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:732: if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-733- "$SYSTEM" != "FreeBSD" ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-774-
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:775: files=`${find} ${DIR} -name ".[A-Za-z]*" -o -name "...*" -o -name ".. *"`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:776: dirs=`${find} ${DIR} -type d -name ".*"`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-777- if [ "${files}" = "" -a "${dirs}" = "" ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-836-
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:837: files=`${find} ${ROOTDIR}usr/bin -name mailrc`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-838- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-880-
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:881: files=`${find} ${CGIDIR} -name last.cgi`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-882- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-896- echo "${files}"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:897: files=`${find} ${ROOTDIR}usr/lib/lib ${ROOTDIR}usr/lib/libt 2>/dev/null`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-898- [ "${files}" != "" ] && echo ${files}
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-915-
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:916: files=`${find} ${ROOTDIR}dev -name chr`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-917- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-924- if [ "${QUIET}" != "t" ];then printn "Searching for Sadmind/IIS Worm... "; fi
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:925: files=`${find} ${ROOTDIR}dev/cuc 2> /dev/null`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-926- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-969- if [ "${QUIET}" != "t" ];then printn "Searching for T.R.K... "; fi
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:970: files=`${find} ${ROOTDIR}usr/bin -name xchk -o -name xsf >/dev/null 2>&1`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-971- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-979- if [ "${QUIET}" != "t" ];then printn "Searching for Mithra... "; fi
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:980: files=`${find} ${ROOTDIR}usr/lib/locale -name uboot 2> /dev/null`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-981- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-990- if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:991: files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-992- if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1001- if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1002: files=`find ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1003- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1160- found=0
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1161: for i in `$echo $PATH|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1162- if [ -f "${ROOTDIR}${i}/rootedoor" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1181- printn "Searching for common ssh-scanners default files... "; fi
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1182: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2 2> /dev/null`"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1183- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1222- printn "Searching for 64-bit Linux Rootkit modules... "; fi
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1223: files="`${find} ${ROOTDIR}/lib/modules ${findargs} -name module_init.ko 2 2> /dev/null`"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1224- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1246- printn "Searching for Backdoor.Linux.Mokes.a ... "; fi
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1247: files="`${find} ${ROOTDIR}tmp/ ${findargs} -name "ss0-[0-9]*" -o -name "kk-[0-9]*" 2> /dev/null`"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1248- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1256- printn "Searching for Malicious TinyDNS ... "; fi
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1257: files="`${find} "${ROOTDIR}home/ ./" 2> /dev/null`"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1258- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1266- printn "Searching for Linux.Xor.DDoS ... "; fi
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1267: files="`${find} ${ROOTDIR}tmp/ ${findargs} -executable -type f 2> /dev/null`"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1268- if [ "${files}" = "" ]; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1269: files="`${ls} ${ROOTDIR}etc/cron.hourly/udev.sh 2> /dev/null`"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1270- files="$files $($ls ${ROOTDIR}etc/cron.hourly/gcc.sh 2> /dev/null)"
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1321- printn "Searching for suspect PHP files... "; fi
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1322: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1323-if [ `echo abc | _head -1` = "abc" ]; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1324: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -n 1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1325-else
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1326: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1327-fi
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1342- if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1343: files=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' -size 0`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1344- [ ! -z "${files}" ] && \
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1345- echo "Warning: \`${files}' file size is zero"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1346: files1=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1347- [ ! -z "${files1}" ] && \
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1397- if [ -n "${RUNNING}" ]; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1398: for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1399- do
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1415-# cat <<EOF
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1416:#`$1 2>&1`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1417-#EOF
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1438- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1439: CMD=`loc chfn chfn $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1440- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1454- FreeBSD)
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1455: [ `echo $V | ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1456- if [ `${strings} -a ${CMD} | \
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1466- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1467: CMD=`loc chsh chsh $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1468- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1490- FreeBSD)
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1491: [ `echo $V | ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1492: if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1493- then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1501- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1502: CMD=`loc login login $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1503- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1523- TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1524: ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1525- if [ ${ret} -gt 0 ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1530- 2) [ "${SYSTEM}" = "FreeBSD" -o ${SYSTEM} = "NetBSD" -o ${SYSTEM} = \
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1531:"OpenBSD" -a `echo ${V} | ${awk} '{ if ($1 >= 2.8) print 1; else print 0 }'` -eq 1 ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1532- 6|7) [ "${SYSTEM}" = "HP-UX" ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1544- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1545: CMD=`loc passwd passwd $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1546-
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1597-SYSLOG_I_L="/usr/lib/pt07|/dev/pty[pqrs]|/dev/hd[als][0-7]|/dev/ddtz1|/dev/ptyxx|/dev/tux|syslogs\.h"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1598: CMD=`loc syslogd syslogd $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1599-
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1619- HDPARM_INFECTED_LABEL="/dev/ida"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1620: CMD=`loc hdparm hdparm $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1621- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1641- GPM_INFECTED_LABEL="mingetty"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1642: CMD=`loc gpm gpm $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1643- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1663- MINGETTY_INFECTED_LABEL="Dimensioni|pacchetto"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1664: CMD=`loc mingetty mingetty $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1665- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1685- SENDMAIL_INFECTED_LABEL="fuck"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1686: CMD=`loc sendmail sendmail $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1687- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1707-LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1708: CMD=`loc ls ls $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1709- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1729- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1730: CMD=`loc du du $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1731- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1751- NAMED_I_L="blah|bye"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1752: CMD=`loc named named $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1753-
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1754- if [ ! -r "${CMD}" ]; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1755: CMD=`loc in.named in.named $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1756- if [ ! -r "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1776-NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1777: CMD=`loc netstat netstat $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1778- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1800-/dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1801: CMD=`loc ps ps $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1802- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1823-
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1824: CMD=`loc pstree pstree $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1825- if [ ! -r "${CMD}" ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1845-
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1846: CMD=`loc crontab crontab $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1847-
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1871-
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1872: CMD=`loc top top $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1873-
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1893- TOP_INFECTED_LABEL="/dev/pty[pqrs]"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1894: CMD=`loc pidof pidof $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1895-
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1915- TOP_INFECTED_LABEL="/dev/ttyop|/dev/pty[pqrs]|/dev/hda[0-7]|/dev/hdp|/dev/ptyxx|/dev/tux|proc\.h"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1916: CMD=`loc killall killall $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1917-
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1963- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1964: CMD=`loc basename basename $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1965- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1992- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:1993: CMD=`loc dirname dirname $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-1994- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2017- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2018: CMD=`loc traceroute traceroute $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2019-
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2038- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2039: CMD=`loc rpcinfo rpcinfo $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2040-
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2065- S_L="/bin/.*sh"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2066: CMD=`loc date date $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2067- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2077- fi
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2078: [ "${SYSTEM}" = "FreeBSD" -a `echo $V | ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2079- {
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2100- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2101: CMD=`loc echo echo $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2102- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2126- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2127: CMD=`loc env env $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2128- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2153- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2154: CMD=`loc timed timed $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2155- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2156: CMD=`loc in.timed in.timed $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2157- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2174- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2175: CMD=`loc in.identd in.identd $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2176- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2193- INIT_INFECTED_LABEL="UPX"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2194: CMD=`loc init init $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2195- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2211- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2212: CMD=`loc in.pop2d in.pop2d $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2213- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2229- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2230: CMD=`loc in.pop3d in.pop3d $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2231- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2247- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2248: CMD=`loc write write $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2249- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2273- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2274: CMD=`loc w w $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2275- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2295- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2296: CMD=`loc vdir vdir $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2297- VDIR_INFECTED_LABEL="/lib/volc"
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2315- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2316: CMD=`loc tar tar $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2317- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2335- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2336: CMD=`loc in.rexedcs in.rexedcs $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2337- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2352- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2353: CMD=`loc mail mail $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2354- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2381- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2382: CMD=`loc biff biff $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2383- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2407- EGREP_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2408: CMD=`loc egrep egrep $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2409- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2429- GREP_INFECTED_LABEL="givemer"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2430: CMD=`loc grep grep $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2431- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2456- FIND_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|^/prof|/home/virus|/security|file\.h"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2457: CMD=`loc find find $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2458-
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2478- RLOGIN_INFECTED_LABEL="p1r0c4|r00t"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2479: CMD=`loc in.rlogind in.rlogind $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2480- if [ ! -x "${CMD}" ]; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2481: CMD=`loc rlogind rlogind $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2482- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2499- LSOF_INFECTED_LABEL="^/prof"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2500: CMD=`loc lsof lsof $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2501- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2517- AMD_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2518: CMD=`loc amd amd $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2519- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2535- SLOGIN_INFECTED_LABEL="homo"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2536: CMD=`loc slogin slogin $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2537- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2553- CRON_INFECTED_LABEL="/dev/hda|/dev/hda[0-7]|/dev/hdc0"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2554: CMD=`loc cron cron $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2555- if [ "${?}" -ne 0 ]; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2556: CMD=`loc crond crond $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2557- fi
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2574- STATUS=${INFECTED}
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2575: CMD=`loc ifconfig ifconfig $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2576- if [ "${?}" -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2604- FreeBSD) CMD="${ROOTDIR}usr/libexec/rshd";;
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2605: *) CMD=`loc rshd rshd $pth`;;
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2606- esac
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2647- if ${ps} auwx | ${egrep} xinetd | ${egrep} -v grep >/dev/null 2>&1; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2648: CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2649- fi
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2650: [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2651-
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2693- SU_INFECTED_LABEL="satori|vejeta|conf\.inv"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2694: CMD=`loc su su $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2695- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2715- FINGER_INFECTED_LABEL="cterm100|${GENERIC_ROOTKIT_LABEL}"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2716: CMD=`loc fingerd fingerd $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2717-
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2718- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2719: CMD=`loc in.fingerd in.fingerd $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2720- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2743- if [ -r ${ROOTDIR}etc/shells ]; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2744: SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2745- fi
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2767- TELNETD_INFECTED_LABEL='cterm100|vt350|VT100|ansi-term|/dev/hda[0-7]'
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2768: CMD=`loc telnetd telnetd $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2769-
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2770- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2771: CMD=`loc in.telnetd in.telnetd $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2772- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2814- else
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2815: if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2816- ${echo} -n "$1"
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2902-### PATH used by loc
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2903:pth=`echo $PATH | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2904-pth="$pth /sbin /usr/sbin /lib /usr/lib /usr/libexec ."
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2910- ### use the path provided with the -p option
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2911: chkrkpth=`echo ${CHKRKPATH} | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2912-fi
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2914-for file in $cmdlist; do
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2915: xxx=`loc $file $file $chkrkpth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2916- eval $file=$xxx
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2933-
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2934:SYSTEM=`${uname} -s`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2935:VERSION=`${uname} -r`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2936-if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2938-else
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2939: V=`echo $VERSION| ${sed} -e 's/[-_@].*//'| ${awk} -F . '{ print $1 "." $2 $3 }'`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2940-fi
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2944-{
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2945: if `$echo a | $head -n 1 >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2946: $head -n `echo $1 | tr -d "-"`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2947- else
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2971-
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:2972:if [ `${id} | ${cut} -d= -f2 | ${cut} -d\( -f1` -ne 0 ]; then
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-2973- echo "$0 needs root privileges"
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-3002- ### remove trailing `/'
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:3003: ROOTDIR=`echo ${ROOTDIR} | ${sed} -e 's/\/*$//g'`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-3004-
##############################################
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-3027- netstat="netstat"
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit:3028: CMD=`loc ss ss $pth`
chkrootkit-0.53/.pc/19_openssh.diff/chkrootkit-3029- [ ${?} -eq 0 ] && netstat="ss"
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-160- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:161: CMD=`loc asp asp $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-162-
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-225-
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:226: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:227: LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-228-
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-267- else
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:268: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-269-
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-295- fi
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:296: for P in `echo $PORT | ${sed} 's/|/ /g'`; do
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-297- if ${netstat} "${OPT}" | ${egrep} "^tcp.*LIST|^udp" | ${egrep} \
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-314- if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:315: `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-316- [ -x ./chkproc -a "`find /proc 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc"
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-325- [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:326: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-327- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-334- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:335: if `${egrep} -i adore < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-336- echo "Warning: Adore LKM installed"
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-340- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:341: if `${egrep} -i sebek < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-342- echo "Warning: Sebek LKM installed"
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-349-
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:350: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.11) print 1; else print 2 }'`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-351- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-591- ## rootedoor
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:592: for i in `$echo ${PATH}|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-593- expertmode_output "${ls} -l ${ROOTDIR}${i}/rootedoor"
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-651- var/spool/lp/admins/.lp var/adm/sa/.adm usr/lib/lib.so1.so"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:652: files=`${find} ${ROOTDIR}dev -type f -exec ${egrep} -l "^[0-5] " {} \;`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-653- if [ "${files}" != "" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-660- echo "Suspect directory ${i} FOUND! Looking for sniffer logs"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:661: files=`${find} ${ROOTDIR}${i}`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-662- echo
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-731- [ -d ${ROOTDIR}usr/local/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/local/lib"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:732: if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-733- "$SYSTEM" != "FreeBSD" ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-774-
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:775: files=`${find} ${DIR} -name ".[A-Za-z]*" -o -name "...*" -o -name ".. *"`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:776: dirs=`${find} ${DIR} -type d -name ".*"`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-777- if [ "${files}" = "" -a "${dirs}" = "" ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-836-
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:837: files=`${find} ${ROOTDIR}usr/bin -name mailrc`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-838- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-880-
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:881: files=`${find} ${CGIDIR} -name last.cgi`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-882- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-896- echo "${files}"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:897: files=`${find} ${ROOTDIR}usr/lib/lib ${ROOTDIR}usr/lib/libt 2>/dev/null`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-898- [ "${files}" != "" ] && echo ${files}
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-915-
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:916: files=`${find} ${ROOTDIR}dev -name chr`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-917- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-924- if [ "${QUIET}" != "t" ];then printn "Searching for Sadmind/IIS Worm... "; fi
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:925: files=`${find} ${ROOTDIR}dev/cuc 2> /dev/null`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-926- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-969- if [ "${QUIET}" != "t" ];then printn "Searching for T.R.K... "; fi
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:970: files=`${find} ${ROOTDIR}usr/bin -name xchk -o -name xsf >/dev/null 2>&1`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-971- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-979- if [ "${QUIET}" != "t" ];then printn "Searching for Mithra... "; fi
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:980: files=`${find} ${ROOTDIR}usr/lib/locale -name uboot 2> /dev/null`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-981- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-990- if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:991: files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-992- if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1001- if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1002: files=`find ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1003- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1160- found=0
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1161: for i in `$echo $PATH|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1162- if [ -f "${ROOTDIR}${i}/rootedoor" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1181- printn "Searching for common ssh-scanners default files... "; fi
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1182: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2 2> /dev/null`"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1183- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1224- printn "Searching for 64-bit Linux Rootkit modules... "; fi
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1225: files="`${find} ${ROOTDIR}/lib/modules ${findargs} -name module_init.ko 2 2> /dev/null`"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1226- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1248- printn "Searching for Backdoor.Linux.Mokes.a ... "; fi
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1249: files="`${find} ${ROOTDIR}tmp/ ${findargs} -name "ss0-[0-9]*" -o -name "kk-[0-9]*" 2> /dev/null`"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1250- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1258- printn "Searching for Malicious TinyDNS ... "; fi
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1259: files="`${find} "${ROOTDIR}home/ ./" 2> /dev/null`"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1260- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1268- printn "Searching for Linux.Xor.DDoS ... "; fi
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1269: files="`${find} ${ROOTDIR}tmp/ ${findargs} -executable -type f 2> /dev/null`"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1270- if [ "${files}" = "" ]; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1271: files="`${ls} ${ROOTDIR}etc/cron.hourly/udev.sh 2> /dev/null`"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1272- files="$files $($ls ${ROOTDIR}etc/cron.hourly/gcc.sh 2> /dev/null)"
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1323- printn "Searching for suspect PHP files... "; fi
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1324: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1325-if [ `echo abc | _head -1` = "abc" ]; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1326: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -n 1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1327-else
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1328: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1329-fi
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1344- if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1345: files=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' -size 0`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1346- [ ! -z "${files}" ] && \
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1347- echo "Warning: \`${files}' file size is zero"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1348: files1=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1349- [ ! -z "${files1}" ] && \
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1399- if [ -n "${RUNNING}" ]; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1400: for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1401- do
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1417-# cat <<EOF
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1418:#`$1 2>&1`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1419-#EOF
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1440- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1441: CMD=`loc chfn chfn $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1442- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1456- FreeBSD)
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1457: [ `echo $V | ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1458- if [ `${strings} -a ${CMD} | \
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1468- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1469: CMD=`loc chsh chsh $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1470- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1492- FreeBSD)
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1493: [ `echo $V | ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1494: if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1495- then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1503- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1504: CMD=`loc login login $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1505- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1525- TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1526: ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1527- if [ ${ret} -gt 0 ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1532- 2) [ "${SYSTEM}" = "FreeBSD" -o ${SYSTEM} = "NetBSD" -o ${SYSTEM} = \
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1533:"OpenBSD" -a `echo ${V} | ${awk} '{ if ($1 >= 2.8) print 1; else print 0 }'` -eq 1 ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1534- 6|7) [ "${SYSTEM}" = "HP-UX" ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1546- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1547: CMD=`loc passwd passwd $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1548-
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1599-SYSLOG_I_L="/usr/lib/pt07|/dev/pty[pqrs]|/dev/hd[als][0-7]|/dev/ddtz1|/dev/ptyxx|/dev/tux|syslogs\.h"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1600: CMD=`loc syslogd syslogd $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1601-
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1621- HDPARM_INFECTED_LABEL="/dev/ida"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1622: CMD=`loc hdparm hdparm $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1623- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1643- GPM_INFECTED_LABEL="mingetty"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1644: CMD=`loc gpm gpm $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1645- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1665- MINGETTY_INFECTED_LABEL="Dimensioni|pacchetto"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1666: CMD=`loc mingetty mingetty $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1667- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1687- SENDMAIL_INFECTED_LABEL="fuck"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1688: CMD=`loc sendmail sendmail $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1689- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1709-LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1710: CMD=`loc ls ls $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1711- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1731- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1732: CMD=`loc du du $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1733- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1753- NAMED_I_L="blah|bye"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1754: CMD=`loc named named $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1755-
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1756- if [ ! -r "${CMD}" ]; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1757: CMD=`loc in.named in.named $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1758- if [ ! -r "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1778-NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1779: CMD=`loc netstat netstat $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1780- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1802-/dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1803: CMD=`loc ps ps $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1804- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1825-
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1826: CMD=`loc pstree pstree $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1827- if [ ! -r "${CMD}" ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1847-
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1848: CMD=`loc crontab crontab $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1849-
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1873-
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1874: CMD=`loc top top $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1875-
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1895- TOP_INFECTED_LABEL="/dev/pty[pqrs]"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1896: CMD=`loc pidof pidof $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1897-
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1917- TOP_INFECTED_LABEL="/dev/ttyop|/dev/pty[pqrs]|/dev/hda[0-7]|/dev/hdp|/dev/ptyxx|/dev/tux|proc\.h"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1918: CMD=`loc killall killall $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1919-
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1965- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1966: CMD=`loc basename basename $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1967- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1994- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:1995: CMD=`loc dirname dirname $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-1996- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2019- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2020: CMD=`loc traceroute traceroute $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2021-
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2040- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2041: CMD=`loc rpcinfo rpcinfo $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2042-
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2067- S_L="/bin/.*sh"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2068: CMD=`loc date date $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2069- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2079- fi
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2080: [ "${SYSTEM}" = "FreeBSD" -a `echo $V | ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2081- {
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2102- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2103: CMD=`loc echo echo $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2104- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2128- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2129: CMD=`loc env env $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2130- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2155- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2156: CMD=`loc timed timed $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2157- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2158: CMD=`loc in.timed in.timed $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2159- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2176- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2177: CMD=`loc in.identd in.identd $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2178- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2195- INIT_INFECTED_LABEL="UPX"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2196: CMD=`loc init init $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2197- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2213- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2214: CMD=`loc in.pop2d in.pop2d $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2215- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2231- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2232: CMD=`loc in.pop3d in.pop3d $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2233- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2249- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2250: CMD=`loc write write $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2251- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2275- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2276: CMD=`loc w w $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2277- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2297- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2298: CMD=`loc vdir vdir $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2299- VDIR_INFECTED_LABEL="/lib/volc"
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2317- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2318: CMD=`loc tar tar $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2319- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2337- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2338: CMD=`loc in.rexedcs in.rexedcs $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2339- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2354- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2355: CMD=`loc mail mail $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2356- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2383- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2384: CMD=`loc biff biff $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2385- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2409- EGREP_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2410: CMD=`loc egrep egrep $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2411- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2431- GREP_INFECTED_LABEL="givemer"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2432: CMD=`loc grep grep $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2433- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2458- FIND_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|^/prof|/home/virus|/security|file\.h"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2459: CMD=`loc find find $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2460-
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2480- RLOGIN_INFECTED_LABEL="p1r0c4|r00t"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2481: CMD=`loc in.rlogind in.rlogind $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2482- if [ ! -x "${CMD}" ]; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2483: CMD=`loc rlogind rlogind $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2484- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2501- LSOF_INFECTED_LABEL="^/prof"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2502: CMD=`loc lsof lsof $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2503- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2519- AMD_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2520: CMD=`loc amd amd $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2521- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2537- SLOGIN_INFECTED_LABEL="homo"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2538: CMD=`loc slogin slogin $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2539- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2555- CRON_INFECTED_LABEL="/dev/hda|/dev/hda[0-7]|/dev/hdc0"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2556: CMD=`loc cron cron $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2557- if [ "${?}" -ne 0 ]; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2558: CMD=`loc crond crond $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2559- fi
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2576- STATUS=${INFECTED}
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2577: CMD=`loc ifconfig ifconfig $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2578- if [ "${?}" -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2606- FreeBSD) CMD="${ROOTDIR}usr/libexec/rshd";;
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2607: *) CMD=`loc rshd rshd $pth`;;
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2608- esac
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2649- if ${ps} auwx | ${egrep} xinetd | ${egrep} -v grep >/dev/null 2>&1; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2650: CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2651- fi
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2652: [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2653-
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2695- SU_INFECTED_LABEL="satori|vejeta|conf\.inv"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2696: CMD=`loc su su $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2697- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2717- FINGER_INFECTED_LABEL="cterm100|${GENERIC_ROOTKIT_LABEL}"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2718: CMD=`loc fingerd fingerd $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2719-
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2720- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2721: CMD=`loc in.fingerd in.fingerd $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2722- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2745- if [ -r ${ROOTDIR}etc/shells ]; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2746: SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2747- fi
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2769- TELNETD_INFECTED_LABEL='cterm100|vt350|VT100|ansi-term|/dev/hda[0-7]'
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2770: CMD=`loc telnetd telnetd $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2771-
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2772- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2773: CMD=`loc in.telnetd in.telnetd $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2774- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2816- else
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2817: if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2818- ${echo} -n "$1"
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2904-### PATH used by loc
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2905:pth=`echo $PATH | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2906-pth="$pth /sbin /usr/sbin /lib /usr/lib /usr/libexec ."
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2912- ### use the path provided with the -p option
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2913: chkrkpth=`echo ${CHKRKPATH} | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2914-fi
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2916-for file in $cmdlist; do
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2917: xxx=`loc $file $file $chkrkpth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2918- eval $file=$xxx
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2935-
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2936:SYSTEM=`${uname} -s`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2937:VERSION=`${uname} -r`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2938-if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2940-else
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2941: V=`echo $VERSION| ${sed} -e 's/[-_@].*//'| ${awk} -F . '{ print $1 "." $2 $3 }'`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2942-fi
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2946-{
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2947: if `$echo a | $head -n 1 >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2948: $head -n `echo $1 | tr -d "-"`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2949- else
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2973-
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:2974:if [ `${id} | ${cut} -d= -f2 | ${cut} -d\( -f1` -ne 0 ]; then
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-2975- echo "$0 needs root privileges"
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-3004- ### remove trailing `/'
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:3005: ROOTDIR=`echo ${ROOTDIR} | ${sed} -e 's/\/*$//g'`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-3006-
##############################################
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-3029- netstat="netstat"
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit:3030: CMD=`loc ss ss $pth`
chkrootkit-0.53/.pc/21_fix_loc_function.patch/chkrootkit-3031- [ ${?} -eq 0 ] && netstat="ss"
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-160- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:161: CMD=`loc asp asp $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-162-
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-225-
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:226: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:227: LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-228-
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-267- else
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:268: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-269-
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-295- fi
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:296: for P in `echo $PORT | ${sed} 's/|/ /g'`; do
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-297- if ${netstat} "${OPT}" | ${egrep} "^tcp.*LIST|^udp" | ${egrep} \
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-314- if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:315: `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-316- [ -x ./chkproc -a "`find /proc 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc"
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-325- [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:326: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-327- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-334- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:335: if `${egrep} -i adore < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-336- echo "Warning: Adore LKM installed"
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-340- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:341: if `${egrep} -i sebek < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-342- echo "Warning: Sebek LKM installed"
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-349-
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:350: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.11) print 1; else print 2 }'`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-351- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-591- ## rootedoor
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:592: for i in `$echo ${PATH}|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-593- expertmode_output "${ls} -l ${ROOTDIR}${i}/rootedoor"
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-651- var/spool/lp/admins/.lp var/adm/sa/.adm usr/lib/lib.so1.so"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:652: files=`${find} ${ROOTDIR}dev -type f -exec ${egrep} -l "^[0-5] " {} \;`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-653- if [ "${files}" != "" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-660- echo "Suspect directory ${i} FOUND! Looking for sniffer logs"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:661: files=`${find} ${ROOTDIR}${i}`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-662- echo
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-731- [ -d ${ROOTDIR}usr/local/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/local/lib"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:732: if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-733- "$SYSTEM" != "FreeBSD" ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-774-
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:775: files=`${find} ${DIR} -name ".[A-Za-z]*" -o -name "...*" -o -name ".. *"`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:776: dirs=`${find} ${DIR} -type d -name ".*"`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-777- if [ "${files}" = "" -a "${dirs}" = "" ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-836-
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:837: files=`${find} ${ROOTDIR}usr/bin -name mailrc`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-838- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-880-
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:881: files=`${find} ${CGIDIR} -name last.cgi`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-882- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-896- echo "${files}"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:897: files=`${find} ${ROOTDIR}usr/lib/lib ${ROOTDIR}usr/lib/libt 2>/dev/null`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-898- [ "${files}" != "" ] && echo ${files}
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-915-
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:916: files=`${find} ${ROOTDIR}dev -name chr`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-917- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-924- if [ "${QUIET}" != "t" ];then printn "Searching for Sadmind/IIS Worm... "; fi
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:925: files=`${find} ${ROOTDIR}dev/cuc 2> /dev/null`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-926- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-969- if [ "${QUIET}" != "t" ];then printn "Searching for T.R.K... "; fi
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:970: files=`${find} ${ROOTDIR}usr/bin -name xchk -o -name xsf >/dev/null 2>&1`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-971- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-979- if [ "${QUIET}" != "t" ];then printn "Searching for Mithra... "; fi
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:980: files=`${find} ${ROOTDIR}usr/lib/locale -name uboot 2> /dev/null`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-981- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-990- if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:991: files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-992- if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1001- if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1002: files=`find ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1003- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1006- echo "${files}"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1007: echo `loc epic epic $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1008- fi
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1160- found=0
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1161: for i in `$echo $PATH|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1162- if [ -f "${ROOTDIR}${i}/rootedoor" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1181- printn "Searching for common ssh-scanners default files... "; fi
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1182: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2 2> /dev/null`"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1183- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1224- printn "Searching for 64-bit Linux Rootkit modules... "; fi
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1225: files="`${find} ${ROOTDIR}/lib/modules ${findargs} -name module_init.ko 2 2> /dev/null`"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1226- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1248- printn "Searching for Backdoor.Linux.Mokes.a ... "; fi
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1249: files="`${find} ${ROOTDIR}tmp/ ${findargs} -name "ss0-[0-9]*" -o -name "kk-[0-9]*" 2> /dev/null`"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1250- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1258- printn "Searching for Malicious TinyDNS ... "; fi
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1259: files="`${find} "${ROOTDIR}home/ ./" 2> /dev/null`"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1260- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1268- printn "Searching for Linux.Xor.DDoS ... "; fi
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1269: files="`${find} ${ROOTDIR}tmp/ ${findargs} -executable -type f 2> /dev/null`"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1270- if [ "${files}" = "" ]; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1271: files="`${ls} ${ROOTDIR}etc/cron.hourly/udev.sh 2> /dev/null`"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1272- files="$files $($ls ${ROOTDIR}etc/cron.hourly/gcc.sh 2> /dev/null)"
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1323- printn "Searching for suspect PHP files... "; fi
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1324: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1325-if [ `echo abc | _head -1` = "abc" ]; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1326: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -n 1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1327-else
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1328: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1329-fi
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1344- if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1345: files=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' -size 0`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1346- [ ! -z "${files}" ] && \
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1347- echo "Warning: \`${files}' file size is zero"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1348: files1=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1349- [ ! -z "${files1}" ] && \
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1399- if [ -n "${RUNNING}" ]; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1400: for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1401- do
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1417-# cat <<EOF
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1418:#`$1 2>&1`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1419-#EOF
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1440- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1441: CMD=`loc chfn chfn $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1442- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1456- FreeBSD)
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1457: [ `echo $V | ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1458- if [ `${strings} -a ${CMD} | \
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1468- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1469: CMD=`loc chsh chsh $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1470- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1492- FreeBSD)
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1493: [ `echo $V | ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1494: if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1495- then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1503- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1504: CMD=`loc login login $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1505- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1525- TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1526: ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1527- if [ ${ret} -gt 0 ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1532- 2) [ "${SYSTEM}" = "FreeBSD" -o ${SYSTEM} = "NetBSD" -o ${SYSTEM} = \
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1533:"OpenBSD" -a `echo ${V} | ${awk} '{ if ($1 >= 2.8) print 1; else print 0 }'` -eq 1 ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1534- 6|7) [ "${SYSTEM}" = "HP-UX" ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1546- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1547: CMD=`loc passwd passwd $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1548-
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1599-SYSLOG_I_L="/usr/lib/pt07|/dev/pty[pqrs]|/dev/hd[als][0-7]|/dev/ddtz1|/dev/ptyxx|/dev/tux|syslogs\.h"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1600: CMD=`loc syslogd syslogd $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1601-
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1621- HDPARM_INFECTED_LABEL="/dev/ida"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1622: CMD=`loc hdparm hdparm $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1623- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1643- GPM_INFECTED_LABEL="mingetty"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1644: CMD=`loc gpm gpm $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1645- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1665- MINGETTY_INFECTED_LABEL="Dimensioni|pacchetto"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1666: CMD=`loc mingetty mingetty $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1667- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1687- SENDMAIL_INFECTED_LABEL="fuck"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1688: CMD=`loc sendmail sendmail $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1689- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1709-LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1710: CMD=`loc ls ls $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1711- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1731- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1732: CMD=`loc du du $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1733- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1753- NAMED_I_L="blah|bye"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1754: CMD=`loc named named $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1755-
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1756- if [ ! -r "${CMD}" ]; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1757: CMD=`loc in.named in.named $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1758- if [ ! -r "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1778-NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1779: CMD=`loc netstat netstat $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1780- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1802-/dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1803: CMD=`loc ps ps $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1804- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1825-
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1826: CMD=`loc pstree pstree $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1827- if [ ! -r "${CMD}" ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1847-
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1848: CMD=`loc crontab crontab $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1849-
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1873-
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1874: CMD=`loc top top $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1875-
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1895- TOP_INFECTED_LABEL="/dev/pty[pqrs]"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1896: CMD=`loc pidof pidof $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1897-
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1917- TOP_INFECTED_LABEL="/dev/ttyop|/dev/pty[pqrs]|/dev/hda[0-7]|/dev/hdp|/dev/ptyxx|/dev/tux|proc\.h"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1918: CMD=`loc killall killall $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1919-
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1965- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1966: CMD=`loc basename basename $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1967- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1994- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:1995: CMD=`loc dirname dirname $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-1996- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2019- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2020: CMD=`loc traceroute traceroute $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2021-
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2040- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2041: CMD=`loc rpcinfo rpcinfo $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2042-
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2067- S_L="/bin/.*sh"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2068: CMD=`loc date date $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2069- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2079- fi
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2080: [ "${SYSTEM}" = "FreeBSD" -a `echo $V | ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2081- {
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2102- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2103: CMD=`loc echo echo $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2104- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2128- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2129: CMD=`loc env env $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2130- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2155- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2156: CMD=`loc timed timed $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2157- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2158: CMD=`loc in.timed in.timed $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2159- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2176- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2177: CMD=`loc in.identd in.identd $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2178- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2195- INIT_INFECTED_LABEL="UPX"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2196: CMD=`loc init init $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2197- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2213- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2214: CMD=`loc in.pop2d in.pop2d $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2215- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2231- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2232: CMD=`loc in.pop3d in.pop3d $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2233- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2249- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2250: CMD=`loc write write $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2251- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2275- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2276: CMD=`loc w w $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2277- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2297- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2298: CMD=`loc vdir vdir $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2299- VDIR_INFECTED_LABEL="/lib/volc"
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2317- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2318: CMD=`loc tar tar $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2319- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2337- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2338: CMD=`loc in.rexedcs in.rexedcs $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2339- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2354- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2355: CMD=`loc mail mail $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2356- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2383- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2384: CMD=`loc biff biff $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2385- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2409- EGREP_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2410: CMD=`loc egrep egrep $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2411- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2431- GREP_INFECTED_LABEL="givemer"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2432: CMD=`loc grep grep $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2433- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2458- FIND_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|^/prof|/home/virus|/security|file\.h"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2459: CMD=`loc find find $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2460-
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2480- RLOGIN_INFECTED_LABEL="p1r0c4|r00t"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2481: CMD=`loc in.rlogind in.rlogind $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2482- if [ ! -x "${CMD}" ]; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2483: CMD=`loc rlogind rlogind $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2484- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2501- LSOF_INFECTED_LABEL="^/prof"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2502: CMD=`loc lsof lsof $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2503- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2519- AMD_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2520: CMD=`loc amd amd $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2521- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2537- SLOGIN_INFECTED_LABEL="homo"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2538: CMD=`loc slogin slogin $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2539- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2555- CRON_INFECTED_LABEL="/dev/hda|/dev/hda[0-7]|/dev/hdc0"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2556: CMD=`loc cron cron $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2557- if [ "${?}" -ne 0 ]; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2558: CMD=`loc crond crond $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2559- fi
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2576- STATUS=${INFECTED}
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2577: CMD=`loc ifconfig ifconfig $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2578- if [ "${?}" -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2606- FreeBSD) CMD="${ROOTDIR}usr/libexec/rshd";;
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2607: *) CMD=`loc rshd rshd $pth`;;
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2608- esac
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2649- if ${ps} auwx | ${egrep} xinetd | ${egrep} -v grep >/dev/null 2>&1; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2650: CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2651- fi
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2652: [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2653-
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2695- SU_INFECTED_LABEL="satori|vejeta|conf\.inv"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2696: CMD=`loc su su $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2697- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2717- FINGER_INFECTED_LABEL="cterm100|${GENERIC_ROOTKIT_LABEL}"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2718: CMD=`loc fingerd fingerd $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2719-
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2720- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2721: CMD=`loc in.fingerd in.fingerd $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2722- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2745- if [ -r ${ROOTDIR}etc/shells ]; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2746: SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2747- fi
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2769- TELNETD_INFECTED_LABEL='cterm100|vt350|VT100|ansi-term|/dev/hda[0-7]'
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2770: CMD=`loc telnetd telnetd $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2771-
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2772- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2773: CMD=`loc in.telnetd in.telnetd $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2774- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2816- else
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2817: if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2818- ${echo} -n "$1"
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2904-### PATH used by loc
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2905:pth=`echo $PATH | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2906-pth="$pth /sbin /usr/sbin /lib /usr/lib /usr/libexec ."
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2912- ### use the path provided with the -p option
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2913: chkrkpth=`echo ${CHKRKPATH} | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2914-fi
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2916-for file in $cmdlist; do
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2917: xxx=`loc $file $file $chkrkpth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2918- eval $file=$xxx
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2935-
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2936:SYSTEM=`${uname} -s`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2937:VERSION=`${uname} -r`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2938-if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2940-else
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2941: V=`echo $VERSION| ${sed} -e 's/[-_@].*//'| ${awk} -F . '{ print $1 "." $2 $3 }'`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2942-fi
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2946-{
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2947: if `$echo a | $head -n 1 >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2948: $head -n `echo $1 | tr -d "-"`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2949- else
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2973-
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:2974:if [ `${id} | ${cut} -d= -f2 | ${cut} -d\( -f1` -ne 0 ]; then
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-2975- echo "$0 needs root privileges"
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-3004- ### remove trailing `/'
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:3005: ROOTDIR=`echo ${ROOTDIR} | ${sed} -e 's/\/*$//g'`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-3006-
##############################################
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-3029- netstat="netstat"
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit:3030: CMD=`loc ss ss $pth`
chkrootkit-0.53/.pc/24_ser2net_exception_in_scalper.patch/chkrootkit-3031- [ ${?} -eq 0 ] && netstat="ss"
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-162- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:163: CMD=`loc asp asp $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-164-
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-227-
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:228: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:229: LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-230-
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-269- else
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:270: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-271-
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-297- fi
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:298: for P in `echo $PORT | ${sed} 's/|/ /g'`; do
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-299- if ${netstat} "${OPT}" | ${egrep} "^tcp.*LIST|^udp" | ${egrep} \
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-316- if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:317: `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-318- [ -x ./chkproc -a "`find /proc 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc"
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-327- [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:328: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-329- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-336- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:337: if `${egrep} -i adore < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-338- echo "Warning: Adore LKM installed"
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-342- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:343: if `${egrep} -i sebek < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-344- echo "Warning: Sebek LKM installed"
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-351-
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:352: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.11) print 1; else print 2 }'`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-353- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-593- ## rootedoor
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:594: for i in `$echo ${PATH}|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-595- expertmode_output "${ls} -l ${ROOTDIR}${i}/rootedoor"
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-653- var/spool/lp/admins/.lp var/adm/sa/.adm usr/lib/lib.so1.so"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:654: files=`${find} ${ROOTDIR}dev -type f -exec ${egrep} -l "^[0-5] " {} \;`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-655- if [ "${files}" != "" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-662- echo "Suspect directory ${i} FOUND! Looking for sniffer logs"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:663: files=`${find} ${ROOTDIR}${i}`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-664- echo
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-733- [ -d ${ROOTDIR}usr/local/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/local/lib"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:734: if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-735- "$SYSTEM" != "FreeBSD" ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-776-
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:777: files=`${find} ${DIR} -name ".[A-Za-z]*" -o -name "...*" -o -name ".. *"`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:778: dirs=`${find} ${DIR} -type d -name ".*"`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-779- if [ "${files}" = "" -a "${dirs}" = "" ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-838-
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:839: files=`${find} ${ROOTDIR}usr/bin -name mailrc`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-840- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-882-
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:883: files=`${find} ${CGIDIR} -name last.cgi`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-884- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-898- echo "${files}"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:899: files=`${find} ${ROOTDIR}usr/lib/lib ${ROOTDIR}usr/lib/libt 2>/dev/null`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-900- [ "${files}" != "" ] && echo ${files}
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-917-
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:918: files=`${find} ${ROOTDIR}dev -name chr`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-919- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-926- if [ "${QUIET}" != "t" ];then printn "Searching for Sadmind/IIS Worm... "; fi
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:927: files=`${find} ${ROOTDIR}dev/cuc 2> /dev/null`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-928- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-971- if [ "${QUIET}" != "t" ];then printn "Searching for T.R.K... "; fi
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:972: files=`${find} ${ROOTDIR}usr/bin -name xchk -o -name xsf >/dev/null 2>&1`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-973- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-981- if [ "${QUIET}" != "t" ];then printn "Searching for Mithra... "; fi
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:982: files=`${find} ${ROOTDIR}usr/lib/locale -name uboot 2> /dev/null`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-983- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-992- if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:993: files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-994- if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1003- if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1004: files=`find ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1005- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1008- echo "${files}"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1009: echo `loc epic epic $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1010- fi
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1162- found=0
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1163: for i in `$echo $PATH|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1164- if [ -f "${ROOTDIR}${i}/rootedoor" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1183- printn "Searching for common ssh-scanners default files... "; fi
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1184: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2 2> /dev/null`"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1185- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1226- printn "Searching for 64-bit Linux Rootkit modules... "; fi
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1227: files="`${find} ${ROOTDIR}/lib/modules ${findargs} -name module_init.ko 2 2> /dev/null`"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1228- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1250- printn "Searching for Backdoor.Linux.Mokes.a ... "; fi
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1251: files="`${find} ${ROOTDIR}tmp/ ${findargs} -name "ss0-[0-9]*" -o -name "kk-[0-9]*" 2> /dev/null`"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1252- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1260- printn "Searching for Malicious TinyDNS ... "; fi
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1261: files="`${find} "${ROOTDIR}home/ ./" 2> /dev/null`"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1262- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1270- printn "Searching for Linux.Xor.DDoS ... "; fi
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1271: files="`${find} ${ROOTDIR}tmp/ ${findargs} -executable -type f 2> /dev/null`"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1272- if [ "${files}" = "" ]; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1273: files="`${ls} ${ROOTDIR}etc/cron.hourly/udev.sh 2> /dev/null`"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1274- files="$files $($ls ${ROOTDIR}etc/cron.hourly/gcc.sh 2> /dev/null)"
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1325- printn "Searching for suspect PHP files... "; fi
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1326: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1327-if [ `echo abc | _head -1` = "abc" ]; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1328: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -n 1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1329-else
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1330: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1331-fi
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1346- if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1347: files=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' -size 0`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1348- [ ! -z "${files}" ] && \
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1349- echo "Warning: \`${files}' file size is zero"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1350: files1=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1351- [ ! -z "${files1}" ] && \
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1401- if [ -n "${RUNNING}" ]; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1402: for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1403- do
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1419-# cat <<EOF
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1420:#`$1 2>&1`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1421-#EOF
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1442- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1443: CMD=`loc chfn chfn $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1444- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1458- FreeBSD)
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1459: [ `echo $V | ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1460- if [ `${strings} -a ${CMD} | \
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1470- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1471: CMD=`loc chsh chsh $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1472- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1494- FreeBSD)
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1495: [ `echo $V | ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1496: if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1497- then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1505- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1506: CMD=`loc login login $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1507- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1527- TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1528: ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1529- if [ ${ret} -gt 0 ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1534- 2) [ "${SYSTEM}" = "FreeBSD" -o ${SYSTEM} = "NetBSD" -o ${SYSTEM} = \
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1535:"OpenBSD" -a `echo ${V} | ${awk} '{ if ($1 >= 2.8) print 1; else print 0 }'` -eq 1 ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1536- 6|7) [ "${SYSTEM}" = "HP-UX" ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1548- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1549: CMD=`loc passwd passwd $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1550-
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1601-SYSLOG_I_L="/usr/lib/pt07|/dev/pty[pqrs]|/dev/hd[als][0-7]|/dev/ddtz1|/dev/ptyxx|/dev/tux|syslogs\.h"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1602: CMD=`loc syslogd syslogd $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1603-
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1623- HDPARM_INFECTED_LABEL="/dev/ida"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1624: CMD=`loc hdparm hdparm $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1625- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1645- GPM_INFECTED_LABEL="mingetty"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1646: CMD=`loc gpm gpm $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1647- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1667- MINGETTY_INFECTED_LABEL="Dimensioni|pacchetto"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1668: CMD=`loc mingetty mingetty $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1669- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1689- SENDMAIL_INFECTED_LABEL="fuck"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1690: CMD=`loc sendmail sendmail $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1691- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1711-LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1712: CMD=`loc ls ls $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1713- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1733- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1734: CMD=`loc du du $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1735- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1755- NAMED_I_L="blah|bye"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1756: CMD=`loc named named $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1757-
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1758- if [ ! -r "${CMD}" ]; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1759: CMD=`loc in.named in.named $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1760- if [ ! -r "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1780-NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1781: CMD=`loc netstat netstat $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1782- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1804-/dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1805: CMD=`loc ps ps $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1806- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1827-
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1828: CMD=`loc pstree pstree $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1829- if [ ! -r "${CMD}" ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1849-
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1850: CMD=`loc crontab crontab $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1851-
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1875-
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1876: CMD=`loc top top $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1877-
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1897- TOP_INFECTED_LABEL="/dev/pty[pqrs]"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1898: CMD=`loc pidof pidof $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1899-
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1919- TOP_INFECTED_LABEL="/dev/ttyop|/dev/pty[pqrs]|/dev/hda[0-7]|/dev/hdp|/dev/ptyxx|/dev/tux|proc\.h"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1920: CMD=`loc killall killall $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1921-
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1967- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1968: CMD=`loc basename basename $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1969- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1996- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:1997: CMD=`loc dirname dirname $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-1998- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2021- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2022: CMD=`loc traceroute traceroute $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2023-
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2042- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2043: CMD=`loc rpcinfo rpcinfo $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2044-
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2069- S_L="/bin/.*sh"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2070: CMD=`loc date date $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2071- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2081- fi
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2082: [ "${SYSTEM}" = "FreeBSD" -a `echo $V | ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2083- {
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2104- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2105: CMD=`loc echo echo $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2106- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2130- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2131: CMD=`loc env env $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2132- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2157- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2158: CMD=`loc timed timed $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2159- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2160: CMD=`loc in.timed in.timed $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2161- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2178- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2179: CMD=`loc in.identd in.identd $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2180- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2197- INIT_INFECTED_LABEL="UPX"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2198: CMD=`loc init init $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2199- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2215- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2216: CMD=`loc in.pop2d in.pop2d $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2217- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2233- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2234: CMD=`loc in.pop3d in.pop3d $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2235- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2251- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2252: CMD=`loc write write $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2253- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2277- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2278: CMD=`loc w w $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2279- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2299- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2300: CMD=`loc vdir vdir $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2301- VDIR_INFECTED_LABEL="/lib/volc"
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2319- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2320: CMD=`loc tar tar $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2321- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2339- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2340: CMD=`loc in.rexedcs in.rexedcs $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2341- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2356- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2357: CMD=`loc mail mail $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2358- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2385- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2386: CMD=`loc biff biff $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2387- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2411- EGREP_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2412: CMD=`loc egrep egrep $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2413- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2433- GREP_INFECTED_LABEL="givemer"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2434: CMD=`loc grep grep $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2435- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2460- FIND_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|^/prof|/home/virus|/security|file\.h"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2461: CMD=`loc find find $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2462-
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2482- RLOGIN_INFECTED_LABEL="p1r0c4|r00t"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2483: CMD=`loc in.rlogind in.rlogind $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2484- if [ ! -x "${CMD}" ]; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2485: CMD=`loc rlogind rlogind $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2486- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2503- LSOF_INFECTED_LABEL="^/prof"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2504: CMD=`loc lsof lsof $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2505- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2521- AMD_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2522: CMD=`loc amd amd $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2523- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2539- SLOGIN_INFECTED_LABEL="homo"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2540: CMD=`loc slogin slogin $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2541- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2557- CRON_INFECTED_LABEL="/dev/hda|/dev/hda[0-7]|/dev/hdc0"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2558: CMD=`loc cron cron $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2559- if [ "${?}" -ne 0 ]; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2560: CMD=`loc crond crond $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2561- fi
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2578- STATUS=${INFECTED}
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2579: CMD=`loc ifconfig ifconfig $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2580- if [ "${?}" -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2608- FreeBSD) CMD="${ROOTDIR}usr/libexec/rshd";;
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2609: *) CMD=`loc rshd rshd $pth`;;
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2610- esac
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2651- if ${ps} auwx | ${egrep} xinetd | ${egrep} -v grep >/dev/null 2>&1; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2652: CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2653- fi
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2654: [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2655-
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2697- SU_INFECTED_LABEL="satori|vejeta|conf\.inv"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2698: CMD=`loc su su $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2699- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2719- FINGER_INFECTED_LABEL="cterm100|${GENERIC_ROOTKIT_LABEL}"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2720: CMD=`loc fingerd fingerd $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2721-
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2722- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2723: CMD=`loc in.fingerd in.fingerd $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2724- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2747- if [ -r ${ROOTDIR}etc/shells ]; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2748: SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2749- fi
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2771- TELNETD_INFECTED_LABEL='cterm100|vt350|VT100|ansi-term|/dev/hda[0-7]'
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2772: CMD=`loc telnetd telnetd $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2773-
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2774- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2775: CMD=`loc in.telnetd in.telnetd $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2776- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2818- else
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2819: if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2820- ${echo} -n "$1"
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2906-### PATH used by loc
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2907:pth=`echo $PATH | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2908-pth="$pth /sbin /usr/sbin /lib /usr/lib /usr/libexec ."
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2914- ### use the path provided with the -p option
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2915: chkrkpth=`echo ${CHKRKPATH} | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2916-fi
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2918-for file in $cmdlist; do
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2919: xxx=`loc $file $file $chkrkpth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2920- eval $file=$xxx
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2937-
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2938:SYSTEM=`${uname} -s`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2939:VERSION=`${uname} -r`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2940-if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2942-else
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2943: V=`echo $VERSION| ${sed} -e 's/[-_@].*//'| ${awk} -F . '{ print $1 "." $2 $3 }'`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2944-fi
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2948-{
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2949: if `$echo a | $head -n 1 >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2950: $head -n `echo $1 | tr -d "-"`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2951- else
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2975-
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:2976:if [ `${id} | ${cut} -d= -f2 | ${cut} -d\( -f1` -ne 0 ]; then
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-2977- echo "$0 needs root privileges"
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-3006- ### remove trailing `/'
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:3007: ROOTDIR=`echo ${ROOTDIR} | ${sed} -e 's/\/*$//g'`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-3008-
##############################################
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-3031- netstat="netstat"
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit:3032: CMD=`loc ss ss $pth`
chkrootkit-0.53/.pc/25_fix-nfs-legacy-sniffers.patch/chkrootkit-3033- [ ${?} -eq 0 ] && netstat="ss"
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-162- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:163: CMD=`loc asp asp $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-164-
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-207-# [ "${QUIET}" != "t" ] && ./ifpromisc -v || ./ifpromisc -q
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:208: outmsg=`[ "${QUIET}" != "t" ] && ./ifpromisc -v || ./ifpromisc -q`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:209: [ "$EXCLUDES_SNIF" ] && outmsg=`echo $outmsg | grep -Ev "$EXCLUDES_SNIF"`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-210- [ "$outmsg" ] && echo $outmsg
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-230-
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:231: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:232: LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-233-
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-272- else
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:273: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-274-
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-300- fi
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:301: for P in `echo $PORT | ${sed} 's/|/ /g'`; do
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-302- if ${netstat} "${OPT}" | ${egrep} "^tcp.*LIST|^udp" | ${egrep} \
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-319- if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:320: `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-321- [ -x ./chkproc -a "`find /proc 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc"
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-330- [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:331: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-332- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-339- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:340: if `${egrep} -i adore < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-341- echo "Warning: Adore LKM installed"
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-345- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:346: if `${egrep} -i sebek < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-347- echo "Warning: Sebek LKM installed"
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-354-
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:355: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.11) print 1; else print 2 }'`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-356- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-596- ## rootedoor
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:597: for i in `$echo ${PATH}|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-598- expertmode_output "${ls} -l ${ROOTDIR}${i}/rootedoor"
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-656- var/spool/lp/admins/.lp var/adm/sa/.adm usr/lib/lib.so1.so"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:657: files=`${find} ${ROOTDIR}dev -type f -exec ${egrep} -l "^[0-5] " {} \;`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-658- if [ "${files}" != "" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-665- echo "Suspect directory ${i} FOUND! Looking for sniffer logs"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:666: files=`${find} ${ROOTDIR}${i}`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-667- echo
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-736- [ -d ${ROOTDIR}usr/local/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/local/lib"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:737: if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-738- "$SYSTEM" != "FreeBSD" ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-779-
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:780: files=`${find} ${DIR} -name ".[A-Za-z]*" -o -name "...*" -o -name ".. *"`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:781: dirs=`${find} ${DIR} -type d -name ".*"`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-782- if [ "${files}" = "" -a "${dirs}" = "" ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-840-
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:841: files=`${find} ${ROOTDIR}usr/bin -name mailrc`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-842- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-884-
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:885: files=`${find} ${CGIDIR} -name last.cgi`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-886- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-900- echo "${files}"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:901: files=`${find} ${ROOTDIR}usr/lib/lib ${ROOTDIR}usr/lib/libt 2>/dev/null`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-902- [ "${files}" != "" ] && echo ${files}
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-919-
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:920: files=`${find} ${ROOTDIR}dev -name chr`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-921- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-928- if [ "${QUIET}" != "t" ];then printn "Searching for Sadmind/IIS Worm... "; fi
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:929: files=`${find} ${ROOTDIR}dev/cuc 2> /dev/null`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-930- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-973- if [ "${QUIET}" != "t" ];then printn "Searching for T.R.K... "; fi
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:974: files=`${find} ${ROOTDIR}usr/bin -name xchk -o -name xsf >/dev/null 2>&1`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-975- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-983- if [ "${QUIET}" != "t" ];then printn "Searching for Mithra... "; fi
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:984: files=`${find} ${ROOTDIR}usr/lib/locale -name uboot 2> /dev/null`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-985- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-994- if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:995: files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-996- if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1005- if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1006: files=`find ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1007- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1010- echo "${files}"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1011: echo `loc epic epic $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1012- fi
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1164- found=0
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1165: for i in `$echo $PATH|tr -s ':' ' '`; do
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1166- if [ -f "${ROOTDIR}${i}/rootedoor" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1185- printn "Searching for common ssh-scanners default files... "; fi
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1186: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2 2> /dev/null`"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1187- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1228- printn "Searching for 64-bit Linux Rootkit modules... "; fi
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1229: files="`${find} ${ROOTDIR}/lib/modules ${findargs} -name module_init.ko 2 2> /dev/null`"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1230- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1252- printn "Searching for Backdoor.Linux.Mokes.a ... "; fi
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1253: files="`${find} ${ROOTDIR}tmp/ ${findargs} -name "ss0-[0-9]*" -o -name "kk-[0-9]*" 2> /dev/null`"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1254- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1262- printn "Searching for Malicious TinyDNS ... "; fi
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1263: files="`${find} "${ROOTDIR}home/ ./" 2> /dev/null`"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1264- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1272- printn "Searching for Linux.Xor.DDoS ... "; fi
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1273: files="`${find} ${ROOTDIR}tmp/ ${findargs} -executable -type f 2> /dev/null`"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1274- if [ "${files}" = "" ]; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1275: files="`${ls} ${ROOTDIR}etc/cron.hourly/udev.sh 2> /dev/null`"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1276- files="$files $($ls ${ROOTDIR}etc/cron.hourly/gcc.sh 2> /dev/null)"
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1327- printn "Searching for suspect PHP files... "; fi
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1328: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1329-if [ `echo abc | _head -1` = "abc" ]; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1330: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -n 1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1331-else
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1332: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1333-fi
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1348- if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1349: files=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' -size 0`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1350- [ ! -z "${files}" ] && \
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1351- echo "Warning: \`${files}' file size is zero"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1352: files1=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1353- [ ! -z "${files1}" ] && \
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1403- if [ -n "${RUNNING}" ]; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1404: for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1405- do
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1421-# cat <<EOF
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1422:#`$1 2>&1`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1423-#EOF
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1446- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1447: CMD=`loc chfn chfn $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1448- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1462- FreeBSD)
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1463: [ `echo $V | ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1464- if [ `${strings} -a ${CMD} | \
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1474- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1475: CMD=`loc chsh chsh $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1476- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1498- FreeBSD)
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1499: [ `echo $V | ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1500: if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1501- then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1509- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1510: CMD=`loc login login $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1511- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1531- TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1532: ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1533- if [ ${ret} -gt 0 ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1538- 2) [ "${SYSTEM}" = "FreeBSD" -o ${SYSTEM} = "NetBSD" -o ${SYSTEM} = \
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1539:"OpenBSD" -a `echo ${V} | ${awk} '{ if ($1 >= 2.8) print 1; else print 0 }'` -eq 1 ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1540- 6|7) [ "${SYSTEM}" = "HP-UX" ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1552- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1553: CMD=`loc passwd passwd $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1554-
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1605-SYSLOG_I_L="/usr/lib/pt07|/dev/pty[pqrs]|/dev/hd[als][0-7]|/dev/ddtz1|/dev/ptyxx|/dev/tux|syslogs\.h"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1606: CMD=`loc syslogd syslogd $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1607-
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1627- HDPARM_INFECTED_LABEL="/dev/ida"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1628: CMD=`loc hdparm hdparm $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1629- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1649- GPM_INFECTED_LABEL="mingetty"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1650: CMD=`loc gpm gpm $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1651- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1671- MINGETTY_INFECTED_LABEL="Dimensioni|pacchetto"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1672: CMD=`loc mingetty mingetty $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1673- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1693- SENDMAIL_INFECTED_LABEL="fuck"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1694: CMD=`loc sendmail sendmail $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1695- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1715-LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1716: CMD=`loc ls ls $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1717- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1737- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1738: CMD=`loc du du $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1739- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1759- NAMED_I_L="blah|bye"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1760: CMD=`loc named named $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1761-
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1762- if [ ! -r "${CMD}" ]; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1763: CMD=`loc in.named in.named $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1764- if [ ! -r "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1784-NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1785: CMD=`loc netstat netstat $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1786- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1808-/dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1809: CMD=`loc ps ps $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1810- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1831-
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1832: CMD=`loc pstree pstree $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1833- if [ ! -r "${CMD}" ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1853-
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1854: CMD=`loc crontab crontab $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1855-
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1879-
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1880: CMD=`loc top top $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1881-
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1901- TOP_INFECTED_LABEL="/dev/pty[pqrs]"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1902: CMD=`loc pidof pidof $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1903-
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1923- TOP_INFECTED_LABEL="/dev/ttyop|/dev/pty[pqrs]|/dev/hda[0-7]|/dev/hdp|/dev/ptyxx|/dev/tux|proc\.h"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1924: CMD=`loc killall killall $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1925-
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1971- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:1972: CMD=`loc basename basename $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-1973- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2000- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2001: CMD=`loc dirname dirname $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2002- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2025- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2026: CMD=`loc traceroute traceroute $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2027-
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2046- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2047: CMD=`loc rpcinfo rpcinfo $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2048-
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2073- S_L="/bin/.*sh"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2074: CMD=`loc date date $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2075- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2085- fi
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2086: [ "${SYSTEM}" = "FreeBSD" -a `echo $V | ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2087- {
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2108- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2109: CMD=`loc echo echo $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2110- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2134- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2135: CMD=`loc env env $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2136- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2161- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2162: CMD=`loc timed timed $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2163- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2164: CMD=`loc in.timed in.timed $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2165- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2182- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2183: CMD=`loc in.identd in.identd $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2184- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2201- INIT_INFECTED_LABEL="UPX"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2202: CMD=`loc init init $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2203- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2219- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2220: CMD=`loc in.pop2d in.pop2d $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2221- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2237- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2238: CMD=`loc in.pop3d in.pop3d $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2239- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2255- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2256: CMD=`loc write write $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2257- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2281- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2282: CMD=`loc w w $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2283- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2303- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2304: CMD=`loc vdir vdir $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2305- VDIR_INFECTED_LABEL="/lib/volc"
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2323- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2324: CMD=`loc tar tar $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2325- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2343- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2344: CMD=`loc in.rexedcs in.rexedcs $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2345- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2360- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2361: CMD=`loc mail mail $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2362- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2389- STATUS=${NOT_INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2390: CMD=`loc biff biff $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2391- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2415- EGREP_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2416: CMD=`loc egrep egrep $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2417- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2437- GREP_INFECTED_LABEL="givemer"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2438: CMD=`loc grep grep $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2439- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2464- FIND_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|^/prof|/home/virus|/security|file\.h"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2465: CMD=`loc find find $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2466-
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2486- RLOGIN_INFECTED_LABEL="p1r0c4|r00t"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2487: CMD=`loc in.rlogind in.rlogind $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2488- if [ ! -x "${CMD}" ]; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2489: CMD=`loc rlogind rlogind $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2490- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2507- LSOF_INFECTED_LABEL="^/prof"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2508: CMD=`loc lsof lsof $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2509- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2525- AMD_INFECTED_LABEL="blah"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2526: CMD=`loc amd amd $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2527- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2543- SLOGIN_INFECTED_LABEL="homo"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2544: CMD=`loc slogin slogin $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2545- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2561- CRON_INFECTED_LABEL="/dev/hda|/dev/hda[0-7]|/dev/hdc0"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2562: CMD=`loc cron cron $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2563- if [ "${?}" -ne 0 ]; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2564: CMD=`loc crond crond $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2565- fi
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2582- STATUS=${INFECTED}
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2583: CMD=`loc ifconfig ifconfig $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2584- if [ "${?}" -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2612- FreeBSD) CMD="${ROOTDIR}usr/libexec/rshd";;
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2613: *) CMD=`loc rshd rshd $pth`;;
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2614- esac
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2655- if ${ps} auwx | ${egrep} xinetd | ${egrep} -v grep >/dev/null 2>&1; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2656: CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2657- fi
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2658: [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2659-
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2701- SU_INFECTED_LABEL="satori|vejeta|conf\.inv"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2702: CMD=`loc su su $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2703- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2723- FINGER_INFECTED_LABEL="cterm100|${GENERIC_ROOTKIT_LABEL}"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2724: CMD=`loc fingerd fingerd $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2725-
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2726- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2727: CMD=`loc in.fingerd in.fingerd $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2728- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2751- if [ -r ${ROOTDIR}etc/shells ]; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2752: SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2753- fi
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2775- TELNETD_INFECTED_LABEL='cterm100|vt350|VT100|ansi-term|/dev/hda[0-7]'
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2776: CMD=`loc telnetd telnetd $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2777-
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2778- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2779: CMD=`loc in.telnetd in.telnetd $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2780- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2822- else
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2823: if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2824- ${echo} -n "$1"
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2915-### PATH used by loc
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2916:pth=`echo $PATH | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2917-pth="$pth /sbin /usr/sbin /lib /usr/lib /usr/libexec ."
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2923- ### use the path provided with the -p option
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2924: chkrkpth=`echo ${CHKRKPATH} | sed -e "s/:/ /g"`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2925-fi
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2927-for file in $cmdlist; do
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2928: xxx=`loc $file $file $chkrkpth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2929- eval $file=$xxx
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2946-
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2947:SYSTEM=`${uname} -s`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2948:VERSION=`${uname} -r`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2949-if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2951-else
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2952: V=`echo $VERSION| ${sed} -e 's/[-_@].*//'| ${awk} -F . '{ print $1 "." $2 $3 }'`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2953-fi
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2957-{
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2958: if `$echo a | $head -n 1 >/dev/null 2>&1` ; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2959: $head -n `echo $1 | tr -d "-"`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2960- else
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2984-
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:2985:if [ `${id} | ${cut} -d= -f2 | ${cut} -d\( -f1` -ne 0 ]; then
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-2986- echo "$0 needs root privileges"
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-3015- ### remove trailing `/'
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:3016: ROOTDIR=`echo ${ROOTDIR} | ${sed} -e 's/\/*$//g'`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-3017-
##############################################
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-3040- netstat="netstat"
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit:3041: CMD=`loc ss ss $pth`
chkrootkit-0.53/.pc/26_improve-info-help-display.patch/chkrootkit-3042- [ ${?} -eq 0 ] && netstat="ss"
##############################################
chkrootkit-0.53/chkrootkit-162- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:163: CMD=`loc asp asp $pth`
chkrootkit-0.53/chkrootkit-164-
##############################################
chkrootkit-0.53/chkrootkit-207-# [ "${QUIET}" != "t" ] && ./ifpromisc -v || ./ifpromisc -q
chkrootkit-0.53/chkrootkit:208: outmsg=`[ "${QUIET}" != "t" ] && ./ifpromisc -v || ./ifpromisc -q`
chkrootkit-0.53/chkrootkit:209: [ "$EXCLUDES_SNIF" ] && outmsg=`echo $outmsg | grep -Ev "$EXCLUDES_SNIF"`
chkrootkit-0.53/chkrootkit-210- [ "$outmsg" ] && echo $outmsg
##############################################
chkrootkit-0.53/chkrootkit-230-
chkrootkit-0.53/chkrootkit:231: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/chkrootkit:232: LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/chkrootkit-233-
##############################################
chkrootkit-0.53/chkrootkit-272- else
chkrootkit-0.53/chkrootkit:273: WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
chkrootkit-0.53/chkrootkit-274-
##############################################
chkrootkit-0.53/chkrootkit-300- fi
chkrootkit-0.53/chkrootkit:301: for P in `echo $PORT | ${sed} 's/|/ /g'`; do
chkrootkit-0.53/chkrootkit-302- if ${netstat} "${OPT}" | ${egrep} "^tcp.*LIST|^udp" | ${egrep} \
##############################################
chkrootkit-0.53/chkrootkit-319- if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
chkrootkit-0.53/chkrootkit:320: `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
chkrootkit-0.53/chkrootkit-321- [ -x ./chkproc -a "`find /proc 2>/dev/null| wc -l`" -gt 1 ] && prog="./chkproc"
##############################################
chkrootkit-0.53/chkrootkit-330- [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
chkrootkit-0.53/chkrootkit:331: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
chkrootkit-0.53/chkrootkit-332- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/chkrootkit-339- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/chkrootkit:340: if `${egrep} -i adore < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/chkrootkit-341- echo "Warning: Adore LKM installed"
##############################################
chkrootkit-0.53/chkrootkit-345- [ -r /proc/$KALLSYMS ] && \
chkrootkit-0.53/chkrootkit:346: if `${egrep} -i sebek < /proc/$KALLSYMS >/dev/null 2>&1`; then
chkrootkit-0.53/chkrootkit-347- echo "Warning: Sebek LKM installed"
##############################################
chkrootkit-0.53/chkrootkit-354-
chkrootkit-0.53/chkrootkit:355: PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.11) print 1; else print 2 }'`
chkrootkit-0.53/chkrootkit-356- [ "$PV" = "" ] && PV=2
##############################################
chkrootkit-0.53/chkrootkit-596- ## rootedoor
chkrootkit-0.53/chkrootkit:597: for i in `$echo ${PATH}|tr -s ':' ' '`; do
chkrootkit-0.53/chkrootkit-598- expertmode_output "${ls} -l ${ROOTDIR}${i}/rootedoor"
##############################################
chkrootkit-0.53/chkrootkit-656- var/spool/lp/admins/.lp var/adm/sa/.adm usr/lib/lib.so1.so"
chkrootkit-0.53/chkrootkit:657: files=`${find} ${ROOTDIR}dev -type f -exec ${egrep} -l "^[0-5] " {} \;`
chkrootkit-0.53/chkrootkit-658- if [ "${files}" != "" ]; then
##############################################
chkrootkit-0.53/chkrootkit-665- echo "Suspect directory ${i} FOUND! Looking for sniffer logs"
chkrootkit-0.53/chkrootkit:666: files=`${find} ${ROOTDIR}${i}`
chkrootkit-0.53/chkrootkit-667- echo
##############################################
chkrootkit-0.53/chkrootkit-736- [ -d ${ROOTDIR}usr/local/lib ] && LIBS="${LIBS} ${ROOTDIR}usr/local/lib"
chkrootkit-0.53/chkrootkit:737: if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
chkrootkit-0.53/chkrootkit-738- "$SYSTEM" != "FreeBSD" ]
##############################################
chkrootkit-0.53/chkrootkit-779-
chkrootkit-0.53/chkrootkit:780: files=`${find} ${DIR} -name ".[A-Za-z]*" -o -name "...*" -o -name ".. *"`
chkrootkit-0.53/chkrootkit:781: dirs=`${find} ${DIR} -type d -name ".*"`
chkrootkit-0.53/chkrootkit-782- if [ "${files}" = "" -a "${dirs}" = "" ]
##############################################
chkrootkit-0.53/chkrootkit-840-
chkrootkit-0.53/chkrootkit:841: files=`${find} ${ROOTDIR}usr/bin -name mailrc`
chkrootkit-0.53/chkrootkit-842- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/chkrootkit-884-
chkrootkit-0.53/chkrootkit:885: files=`${find} ${CGIDIR} -name last.cgi`
chkrootkit-0.53/chkrootkit-886- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/chkrootkit-900- echo "${files}"
chkrootkit-0.53/chkrootkit:901: files=`${find} ${ROOTDIR}usr/lib/lib ${ROOTDIR}usr/lib/libt 2>/dev/null`
chkrootkit-0.53/chkrootkit-902- [ "${files}" != "" ] && echo ${files}
##############################################
chkrootkit-0.53/chkrootkit-919-
chkrootkit-0.53/chkrootkit:920: files=`${find} ${ROOTDIR}dev -name chr`
chkrootkit-0.53/chkrootkit-921- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/chkrootkit-928- if [ "${QUIET}" != "t" ];then printn "Searching for Sadmind/IIS Worm... "; fi
chkrootkit-0.53/chkrootkit:929: files=`${find} ${ROOTDIR}dev/cuc 2> /dev/null`
chkrootkit-0.53/chkrootkit-930- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/chkrootkit-973- if [ "${QUIET}" != "t" ];then printn "Searching for T.R.K... "; fi
chkrootkit-0.53/chkrootkit:974: files=`${find} ${ROOTDIR}usr/bin -name xchk -o -name xsf >/dev/null 2>&1`
chkrootkit-0.53/chkrootkit-975- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/chkrootkit-983- if [ "${QUIET}" != "t" ];then printn "Searching for Mithra... "; fi
chkrootkit-0.53/chkrootkit:984: files=`${find} ${ROOTDIR}usr/lib/locale -name uboot 2> /dev/null`
chkrootkit-0.53/chkrootkit-985- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/chkrootkit-994- if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
chkrootkit-0.53/chkrootkit:995: files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
chkrootkit-0.53/chkrootkit-996- if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
##############################################
chkrootkit-0.53/chkrootkit-1005- if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
chkrootkit-0.53/chkrootkit:1006: files=`find ${ROOTDIR}tmp -name xp -o -name kidd0.c 2>/dev/null`
chkrootkit-0.53/chkrootkit-1007- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/chkrootkit-1010- echo "${files}"
chkrootkit-0.53/chkrootkit:1011: echo `loc epic epic $pth`
chkrootkit-0.53/chkrootkit-1012- fi
##############################################
chkrootkit-0.53/chkrootkit-1164- found=0
chkrootkit-0.53/chkrootkit:1165: for i in `$echo $PATH|tr -s ':' ' '`; do
chkrootkit-0.53/chkrootkit-1166- if [ -f "${ROOTDIR}${i}/rootedoor" ]; then
##############################################
chkrootkit-0.53/chkrootkit-1185- printn "Searching for common ssh-scanners default files... "; fi
chkrootkit-0.53/chkrootkit:1186: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name vuln.txt -o -name ssh-scan -o -name pscan2 2> /dev/null`"
chkrootkit-0.53/chkrootkit-1187- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/chkrootkit-1228- printn "Searching for 64-bit Linux Rootkit modules... "; fi
chkrootkit-0.53/chkrootkit:1229: files="`${find} ${ROOTDIR}/lib/modules ${findargs} -name module_init.ko 2 2> /dev/null`"
chkrootkit-0.53/chkrootkit-1230- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/chkrootkit-1252- printn "Searching for Backdoor.Linux.Mokes.a ... "; fi
chkrootkit-0.53/chkrootkit:1253: files="`${find} ${ROOTDIR}tmp/ ${findargs} -name "ss0-[0-9]*" -o -name "kk-[0-9]*" 2> /dev/null`"
chkrootkit-0.53/chkrootkit-1254- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/chkrootkit-1262- printn "Searching for Malicious TinyDNS ... "; fi
chkrootkit-0.53/chkrootkit:1263: files="`${find} "${ROOTDIR}home/ ./" 2> /dev/null`"
chkrootkit-0.53/chkrootkit-1264- if [ "${files}" = "" ]; then
##############################################
chkrootkit-0.53/chkrootkit-1272- printn "Searching for Linux.Xor.DDoS ... "; fi
chkrootkit-0.53/chkrootkit:1273: files="`${find} ${ROOTDIR}tmp/ ${findargs} -executable -type f 2> /dev/null`"
chkrootkit-0.53/chkrootkit-1274- if [ "${files}" = "" ]; then
chkrootkit-0.53/chkrootkit:1275: files="`${ls} ${ROOTDIR}etc/cron.hourly/udev.sh 2> /dev/null`"
chkrootkit-0.53/chkrootkit-1276- files="$files $($ls ${ROOTDIR}etc/cron.hourly/gcc.sh 2> /dev/null)"
##############################################
chkrootkit-0.53/chkrootkit-1327- printn "Searching for suspect PHP files... "; fi
chkrootkit-0.53/chkrootkit:1328: files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`"
chkrootkit-0.53/chkrootkit-1329-if [ `echo abc | _head -1` = "abc" ]; then
chkrootkit-0.53/chkrootkit:1330: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -n 1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
chkrootkit-0.53/chkrootkit-1331-else
chkrootkit-0.53/chkrootkit:1332: fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec sh -c 'head -1 "$1" 2> /dev/null | grep -q "^#!.*php" && echo "$1"' {} {} \;`"
chkrootkit-0.53/chkrootkit-1333-fi
##############################################
chkrootkit-0.53/chkrootkit-1348- if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then
chkrootkit-0.53/chkrootkit:1349: files=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' -size 0`
chkrootkit-0.53/chkrootkit-1350- [ ! -z "${files}" ] && \
chkrootkit-0.53/chkrootkit-1351- echo "Warning: \`${files}' file size is zero"
chkrootkit-0.53/chkrootkit:1352: files1=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' \( -links 2 -o -type l \)`
chkrootkit-0.53/chkrootkit-1353- [ ! -z "${files1}" ] && \
##############################################
chkrootkit-0.53/chkrootkit-1403- if [ -n "${RUNNING}" ]; then
chkrootkit-0.53/chkrootkit:1404: for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth`
chkrootkit-0.53/chkrootkit-1405- do
##############################################
chkrootkit-0.53/chkrootkit-1421-# cat <<EOF
chkrootkit-0.53/chkrootkit:1422:#`$1 2>&1`
chkrootkit-0.53/chkrootkit-1423-#EOF
##############################################
chkrootkit-0.53/chkrootkit-1446- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:1447: CMD=`loc chfn chfn $pth`
chkrootkit-0.53/chkrootkit-1448- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/chkrootkit-1462- FreeBSD)
chkrootkit-0.53/chkrootkit:1463: [ `echo $V | ${awk} '{ if ( $1 >= 5.0) print 1; else print 0 }'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/chkrootkit-1464- if [ `${strings} -a ${CMD} | \
##############################################
chkrootkit-0.53/chkrootkit-1474- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:1475: CMD=`loc chsh chsh $pth`
chkrootkit-0.53/chkrootkit-1476- [ ${?} -ne 0 ] && return ${NOT_FOUND}
##############################################
chkrootkit-0.53/chkrootkit-1498- FreeBSD)
chkrootkit-0.53/chkrootkit:1499: [ `echo $V | ${awk} '{ if ($1 >= 5.0) print 1; else print 0}'` -eq 1 ] && n=1 || n=2
chkrootkit-0.53/chkrootkit:1500: if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
chkrootkit-0.53/chkrootkit-1501- then
##############################################
chkrootkit-0.53/chkrootkit-1509- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:1510: CMD=`loc login login $pth`
chkrootkit-0.53/chkrootkit-1511- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-1531- TROJED_L_L="vejeta|^xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT|cocola"
chkrootkit-0.53/chkrootkit:1532: ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
chkrootkit-0.53/chkrootkit-1533- if [ ${ret} -gt 0 ]; then
##############################################
chkrootkit-0.53/chkrootkit-1538- 2) [ "${SYSTEM}" = "FreeBSD" -o ${SYSTEM} = "NetBSD" -o ${SYSTEM} = \
chkrootkit-0.53/chkrootkit:1539:"OpenBSD" -a `echo ${V} | ${awk} '{ if ($1 >= 2.8) print 1; else print 0 }'` -eq 1 ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
chkrootkit-0.53/chkrootkit-1540- 6|7) [ "${SYSTEM}" = "HP-UX" ] && STATUS=${NOT_INFECTED} || STATUS=${INFECTED};;
##############################################
chkrootkit-0.53/chkrootkit-1552- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:1553: CMD=`loc passwd passwd $pth`
chkrootkit-0.53/chkrootkit-1554-
##############################################
chkrootkit-0.53/chkrootkit-1605-SYSLOG_I_L="/usr/lib/pt07|/dev/pty[pqrs]|/dev/hd[als][0-7]|/dev/ddtz1|/dev/ptyxx|/dev/tux|syslogs\.h"
chkrootkit-0.53/chkrootkit:1606: CMD=`loc syslogd syslogd $pth`
chkrootkit-0.53/chkrootkit-1607-
##############################################
chkrootkit-0.53/chkrootkit-1627- HDPARM_INFECTED_LABEL="/dev/ida"
chkrootkit-0.53/chkrootkit:1628: CMD=`loc hdparm hdparm $pth`
chkrootkit-0.53/chkrootkit-1629- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/chkrootkit-1649- GPM_INFECTED_LABEL="mingetty"
chkrootkit-0.53/chkrootkit:1650: CMD=`loc gpm gpm $pth`
chkrootkit-0.53/chkrootkit-1651- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/chkrootkit-1671- MINGETTY_INFECTED_LABEL="Dimensioni|pacchetto"
chkrootkit-0.53/chkrootkit:1672: CMD=`loc mingetty mingetty $pth`
chkrootkit-0.53/chkrootkit-1673- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/chkrootkit-1693- SENDMAIL_INFECTED_LABEL="fuck"
chkrootkit-0.53/chkrootkit:1694: CMD=`loc sendmail sendmail $pth`
chkrootkit-0.53/chkrootkit-1695- if [ ! -r ${CMD} ]
##############################################
chkrootkit-0.53/chkrootkit-1715-LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h"
chkrootkit-0.53/chkrootkit:1716: CMD=`loc ls ls $pth`
chkrootkit-0.53/chkrootkit-1717- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-1737- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h"
chkrootkit-0.53/chkrootkit:1738: CMD=`loc du du $pth`
chkrootkit-0.53/chkrootkit-1739- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-1759- NAMED_I_L="blah|bye"
chkrootkit-0.53/chkrootkit:1760: CMD=`loc named named $pth`
chkrootkit-0.53/chkrootkit-1761-
chkrootkit-0.53/chkrootkit-1762- if [ ! -r "${CMD}" ]; then
chkrootkit-0.53/chkrootkit:1763: CMD=`loc in.named in.named $pth`
chkrootkit-0.53/chkrootkit-1764- if [ ! -r "${CMD}" ]; then
##############################################
chkrootkit-0.53/chkrootkit-1784-NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero"
chkrootkit-0.53/chkrootkit:1785: CMD=`loc netstat netstat $pth`
chkrootkit-0.53/chkrootkit-1786- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-1808-/dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so"
chkrootkit-0.53/chkrootkit:1809: CMD=`loc ps ps $pth`
chkrootkit-0.53/chkrootkit-1810- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-1831-
chkrootkit-0.53/chkrootkit:1832: CMD=`loc pstree pstree $pth`
chkrootkit-0.53/chkrootkit-1833- if [ ! -r "${CMD}" ]
##############################################
chkrootkit-0.53/chkrootkit-1853-
chkrootkit-0.53/chkrootkit:1854: CMD=`loc crontab crontab $pth`
chkrootkit-0.53/chkrootkit-1855-
##############################################
chkrootkit-0.53/chkrootkit-1879-
chkrootkit-0.53/chkrootkit:1880: CMD=`loc top top $pth`
chkrootkit-0.53/chkrootkit-1881-
##############################################
chkrootkit-0.53/chkrootkit-1901- TOP_INFECTED_LABEL="/dev/pty[pqrs]"
chkrootkit-0.53/chkrootkit:1902: CMD=`loc pidof pidof $pth`
chkrootkit-0.53/chkrootkit-1903-
##############################################
chkrootkit-0.53/chkrootkit-1923- TOP_INFECTED_LABEL="/dev/ttyop|/dev/pty[pqrs]|/dev/hda[0-7]|/dev/hdp|/dev/ptyxx|/dev/tux|proc\.h"
chkrootkit-0.53/chkrootkit:1924: CMD=`loc killall killall $pth`
chkrootkit-0.53/chkrootkit-1925-
##############################################
chkrootkit-0.53/chkrootkit-1971- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:1972: CMD=`loc basename basename $pth`
chkrootkit-0.53/chkrootkit-1973- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-2000- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:2001: CMD=`loc dirname dirname $pth`
chkrootkit-0.53/chkrootkit-2002- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-2025- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:2026: CMD=`loc traceroute traceroute $pth`
chkrootkit-0.53/chkrootkit-2027-
##############################################
chkrootkit-0.53/chkrootkit-2046- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:2047: CMD=`loc rpcinfo rpcinfo $pth`
chkrootkit-0.53/chkrootkit-2048-
##############################################
chkrootkit-0.53/chkrootkit-2073- S_L="/bin/.*sh"
chkrootkit-0.53/chkrootkit:2074: CMD=`loc date date $pth`
chkrootkit-0.53/chkrootkit-2075- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-2085- fi
chkrootkit-0.53/chkrootkit:2086: [ "${SYSTEM}" = "FreeBSD" -a `echo $V | ${awk} '{ if ($1 > 4.9) print 1; else print 0 }'` -eq 1 ] &&
chkrootkit-0.53/chkrootkit-2087- {
##############################################
chkrootkit-0.53/chkrootkit-2108- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:2109: CMD=`loc echo echo $pth`
chkrootkit-0.53/chkrootkit-2110- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-2134- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:2135: CMD=`loc env env $pth`
chkrootkit-0.53/chkrootkit-2136- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-2161- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:2162: CMD=`loc timed timed $pth`
chkrootkit-0.53/chkrootkit-2163- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/chkrootkit:2164: CMD=`loc in.timed in.timed $pth`
chkrootkit-0.53/chkrootkit-2165- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/chkrootkit-2182- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:2183: CMD=`loc in.identd in.identd $pth`
chkrootkit-0.53/chkrootkit-2184- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/chkrootkit-2201- INIT_INFECTED_LABEL="UPX"
chkrootkit-0.53/chkrootkit:2202: CMD=`loc init init $pth`
chkrootkit-0.53/chkrootkit-2203- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/chkrootkit-2219- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:2220: CMD=`loc in.pop2d in.pop2d $pth`
chkrootkit-0.53/chkrootkit-2221- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/chkrootkit-2237- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:2238: CMD=`loc in.pop3d in.pop3d $pth`
chkrootkit-0.53/chkrootkit-2239- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/chkrootkit-2255- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:2256: CMD=`loc write write $pth`
chkrootkit-0.53/chkrootkit-2257- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-2281- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:2282: CMD=`loc w w $pth`
chkrootkit-0.53/chkrootkit-2283- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-2303- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:2304: CMD=`loc vdir vdir $pth`
chkrootkit-0.53/chkrootkit-2305- VDIR_INFECTED_LABEL="/lib/volc"
##############################################
chkrootkit-0.53/chkrootkit-2323- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:2324: CMD=`loc tar tar $pth`
chkrootkit-0.53/chkrootkit-2325- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-2343- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:2344: CMD=`loc in.rexedcs in.rexedcs $pth`
chkrootkit-0.53/chkrootkit-2345- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-2360- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:2361: CMD=`loc mail mail $pth`
chkrootkit-0.53/chkrootkit-2362- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-2389- STATUS=${NOT_INFECTED}
chkrootkit-0.53/chkrootkit:2390: CMD=`loc biff biff $pth`
chkrootkit-0.53/chkrootkit-2391- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-2415- EGREP_INFECTED_LABEL="blah"
chkrootkit-0.53/chkrootkit:2416: CMD=`loc egrep egrep $pth`
chkrootkit-0.53/chkrootkit-2417- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-2437- GREP_INFECTED_LABEL="givemer"
chkrootkit-0.53/chkrootkit:2438: CMD=`loc grep grep $pth`
chkrootkit-0.53/chkrootkit-2439- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-2464- FIND_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|^/prof|/home/virus|/security|file\.h"
chkrootkit-0.53/chkrootkit:2465: CMD=`loc find find $pth`
chkrootkit-0.53/chkrootkit-2466-
##############################################
chkrootkit-0.53/chkrootkit-2486- RLOGIN_INFECTED_LABEL="p1r0c4|r00t"
chkrootkit-0.53/chkrootkit:2487: CMD=`loc in.rlogind in.rlogind $pth`
chkrootkit-0.53/chkrootkit-2488- if [ ! -x "${CMD}" ]; then
chkrootkit-0.53/chkrootkit:2489: CMD=`loc rlogind rlogind $pth`
chkrootkit-0.53/chkrootkit-2490- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/chkrootkit-2507- LSOF_INFECTED_LABEL="^/prof"
chkrootkit-0.53/chkrootkit:2508: CMD=`loc lsof lsof $pth`
chkrootkit-0.53/chkrootkit-2509- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/chkrootkit-2525- AMD_INFECTED_LABEL="blah"
chkrootkit-0.53/chkrootkit:2526: CMD=`loc amd amd $pth`
chkrootkit-0.53/chkrootkit-2527- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/chkrootkit-2543- SLOGIN_INFECTED_LABEL="homo"
chkrootkit-0.53/chkrootkit:2544: CMD=`loc slogin slogin $pth`
chkrootkit-0.53/chkrootkit-2545- if [ ! -x "${CMD}" ]; then
##############################################
chkrootkit-0.53/chkrootkit-2561- CRON_INFECTED_LABEL="/dev/hda|/dev/hda[0-7]|/dev/hdc0"
chkrootkit-0.53/chkrootkit:2562: CMD=`loc cron cron $pth`
chkrootkit-0.53/chkrootkit-2563- if [ "${?}" -ne 0 ]; then
chkrootkit-0.53/chkrootkit:2564: CMD=`loc crond crond $pth`
chkrootkit-0.53/chkrootkit-2565- fi
##############################################
chkrootkit-0.53/chkrootkit-2582- STATUS=${INFECTED}
chkrootkit-0.53/chkrootkit:2583: CMD=`loc ifconfig ifconfig $pth`
chkrootkit-0.53/chkrootkit-2584- if [ "${?}" -ne 0 ]; then
##############################################
chkrootkit-0.53/chkrootkit-2612- FreeBSD) CMD="${ROOTDIR}usr/libexec/rshd";;
chkrootkit-0.53/chkrootkit:2613: *) CMD=`loc rshd rshd $pth`;;
chkrootkit-0.53/chkrootkit-2614- esac
##############################################
chkrootkit-0.53/chkrootkit-2655- if ${ps} auwx | ${egrep} xinetd | ${egrep} -v grep >/dev/null 2>&1; then
chkrootkit-0.53/chkrootkit:2656: CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/chkrootkit-2657- fi
chkrootkit-0.53/chkrootkit:2658: [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth`
chkrootkit-0.53/chkrootkit-2659-
##############################################
chkrootkit-0.53/chkrootkit-2701- SU_INFECTED_LABEL="satori|vejeta|conf\.inv"
chkrootkit-0.53/chkrootkit:2702: CMD=`loc su su $pth`
chkrootkit-0.53/chkrootkit-2703- if [ "${?}" -ne 0 ]
##############################################
chkrootkit-0.53/chkrootkit-2723- FINGER_INFECTED_LABEL="cterm100|${GENERIC_ROOTKIT_LABEL}"
chkrootkit-0.53/chkrootkit:2724: CMD=`loc fingerd fingerd $pth`
chkrootkit-0.53/chkrootkit-2725-
chkrootkit-0.53/chkrootkit-2726- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/chkrootkit:2727: CMD=`loc in.fingerd in.fingerd $pth`
chkrootkit-0.53/chkrootkit-2728- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/chkrootkit-2751- if [ -r ${ROOTDIR}etc/shells ]; then
chkrootkit-0.53/chkrootkit:2752: SHELLS="`cat ${ROOTDIR}etc/shells | ${egrep} -v '^#'`";
chkrootkit-0.53/chkrootkit-2753- fi
##############################################
chkrootkit-0.53/chkrootkit-2775- TELNETD_INFECTED_LABEL='cterm100|vt350|VT100|ansi-term|/dev/hda[0-7]'
chkrootkit-0.53/chkrootkit:2776: CMD=`loc telnetd telnetd $pth`
chkrootkit-0.53/chkrootkit-2777-
chkrootkit-0.53/chkrootkit-2778- if [ ${?} -ne 0 ]; then
chkrootkit-0.53/chkrootkit:2779: CMD=`loc in.telnetd in.telnetd $pth`
chkrootkit-0.53/chkrootkit-2780- if [ ${?} -ne 0 ]; then
##############################################
chkrootkit-0.53/chkrootkit-2822- else
chkrootkit-0.53/chkrootkit:2823: if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then
chkrootkit-0.53/chkrootkit-2824- ${echo} -n "$1"
##############################################
chkrootkit-0.53/chkrootkit-2915-### PATH used by loc
chkrootkit-0.53/chkrootkit:2916:pth=`echo $PATH | sed -e "s/:/ /g"`
chkrootkit-0.53/chkrootkit-2917-pth="$pth /sbin /usr/sbin /lib /usr/lib /usr/libexec ."
##############################################
chkrootkit-0.53/chkrootkit-2923- ### use the path provided with the -p option
chkrootkit-0.53/chkrootkit:2924: chkrkpth=`echo ${CHKRKPATH} | sed -e "s/:/ /g"`
chkrootkit-0.53/chkrootkit-2925-fi
##############################################
chkrootkit-0.53/chkrootkit-2927-for file in $cmdlist; do
chkrootkit-0.53/chkrootkit:2928: xxx=`loc $file $file $chkrkpth`
chkrootkit-0.53/chkrootkit-2929- eval $file=$xxx
##############################################
chkrootkit-0.53/chkrootkit-2946-
chkrootkit-0.53/chkrootkit:2947:SYSTEM=`${uname} -s`
chkrootkit-0.53/chkrootkit:2948:VERSION=`${uname} -r`
chkrootkit-0.53/chkrootkit-2949-if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
##############################################
chkrootkit-0.53/chkrootkit-2951-else
chkrootkit-0.53/chkrootkit:2952: V=`echo $VERSION| ${sed} -e 's/[-_@].*//'| ${awk} -F . '{ print $1 "." $2 $3 }'`
chkrootkit-0.53/chkrootkit-2953-fi
##############################################
chkrootkit-0.53/chkrootkit-2957-{
chkrootkit-0.53/chkrootkit:2958: if `$echo a | $head -n 1 >/dev/null 2>&1` ; then
chkrootkit-0.53/chkrootkit:2959: $head -n `echo $1 | tr -d "-"`
chkrootkit-0.53/chkrootkit-2960- else
##############################################
chkrootkit-0.53/chkrootkit-2984-
chkrootkit-0.53/chkrootkit:2985:if [ `${id} | ${cut} -d= -f2 | ${cut} -d\( -f1` -ne 0 ]; then
chkrootkit-0.53/chkrootkit-2986- echo "$0 needs root privileges"
##############################################
chkrootkit-0.53/chkrootkit-3015- ### remove trailing `/'
chkrootkit-0.53/chkrootkit:3016: ROOTDIR=`echo ${ROOTDIR} | ${sed} -e 's/\/*$//g'`
chkrootkit-0.53/chkrootkit-3017-
##############################################
chkrootkit-0.53/chkrootkit-3040- netstat="netstat"
chkrootkit-0.53/chkrootkit:3041: CMD=`loc ss ss $pth`
chkrootkit-0.53/chkrootkit-3042- [ ${?} -eq 0 ] && netstat="ss"