diff -Nur chkrootkit-0.39a.orig/chkrootkit chkrootkit-0.39a/chkrootkit --- chkrootkit-0.39a.orig/chkrootkit Thu Jan 30 23:45:57 2003 +++ chkrootkit-0.39a/chkrootkit Sat Feb 8 16:49:10 2003 @@ -130,22 +130,22 @@ return ${NOT_TESTED} fi - if [ ! -x ./ifpromisc ]; then - echo "not tested: can't exec ./ifpromisc" + if [ ! -x /usr/bin/chkrootkit-ifpromisc ]; then + echo "not tested: can't exec /usr/bin/chkrootkit-ifpromisc" return ${NOT_TESTED} fi if [ "${EXPERT}" = "t" ]; then - expertmode_output "./ifpromisc" + expertmode_output "/usr/bin/chkrootkit-ifpromisc" return 5 fi echo - ./ifpromisc + /usr/bin/chkrootkit-ifpromisc } z2 () { - if [ ! -x ./chklastlog ]; then - echo "not tested: can't exec ./chklastlog" + if [ ! -x /usr/bin/chkrootkit-chklastlog ]; then + echo "not tested: can't exec /usr/bin/chkrootkit-chklastlog" return ${NOT_TESTED} fi @@ -153,31 +153,31 @@ LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"` if [ "${EXPERT}" = "t" ]; then - expertmode_output "./chklastlog -f ${WTMP} -l ${LASTLOG}" + expertmode_output "/usr/bin/chkrootkit-chklastlog -f ${WTMP} -l ${LASTLOG}" return 5 fi - if ./chklastlog -f ${WTMP} -l ${LASTLOG} + if /usr/bin/chkrootkit-chklastlog -f ${WTMP} -l ${LASTLOG} then if [ "${QUIET}" != "t" ]; then echo "nothing deleted"; fi fi } wted () { - if [ ! -x ./chkwtmp ]; then - echo "not tested: can't exec ./chkwtmp" + if [ ! -x /usr/bin/chkrootkit-chkwtmp ]; then + echo "not tested: can't exec /usr/bin/chkrootkit-chkwtmp" return ${NOT_TESTED} fi if [ "$SYSTEM" = "SunOS" ]; then - if [ ! -x ./check_wtmpx ]; then - echo "not tested: can't exec ./check_wtmpx" + if [ ! -x /usr/bin/chkrootkit-check_wtmpx ]; then + echo "not tested: can't exec /usr/bin/chkrootkit-check_wtmpx" else if [ "${EXPERT}" = "t" ]; then - expertmode_output "./check_wtmpx" + expertmode_output "/usr/bin/chkrootkit-check_wtmpx" return 5 fi - if ./check_wtmpx + if /usr/bin/chkrootkit-check_wtmpx then if [ "${QUIET}" != "t" ]; then \ echo "nothing deleted in /var/adm/wtmpx"; fi @@ -187,12 +187,12 @@ WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"` if [ "${EXPERT}" = "t" ]; then - expertmode_output "./chkwtmp -f ${WTMP}" + expertmode_output "/usr/bin/chkrootkit-chkwtmp -f ${WTMP}" return 5 fi fi - if ./chkwtmp -f ${WTMP} + if /usr/bin/chkrootkit-chkwtmp -f ${WTMP} then if [ "${QUIET}" != "t" ]; then echo "nothing deleted"; fi fi @@ -231,8 +231,8 @@ prog="" if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \ ${V} -gt 43 \) \) -a "${ROOTDIR}" = "/" ]; then - [ ! -x ./chkproc ] && prog="./chkproc" - [ ! -x ./chkdirs ] && prog="$prog ./chkdirs" + [ ! -x /usr/bin/chkrootkit-chkproc ] && prog="/usr/bin/chkrootkit-chkproc" + [ ! -x /usr/bin/chkrootkit-chkdirs ] && prog="$prog /usr/bin/chkrootkit-chkdirs" if [ "$prog" != "" ]; then # echo "not tested: can't exec $prog" return ${NOT_TESTED} @@ -241,7 +241,7 @@ if [ "${EXPERT}" = "t" ]; then [ -r /proc/ksyms ] && ${egrep} -i "adore|sebek" < /proc/ksyms 2>/dev/null [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null - expertmode_output "./chkproc -v -v" + expertmode_output "/usr/bin/chkrootkit-chkproc -v -v" return 5 fi @@ -262,7 +262,7 @@ echo "Warning: Knark LKM installed" fi - if ./chkproc + if /usr/bin/chkrootkit-chkproc then if [ "${QUIET}" != "t" ]; then echo "nothing detected"; fi else @@ -1350,18 +1350,18 @@ if [ "${SYSTEM}" = "Linux" ] then - if [ ! -x ./strings ]; then - printn "can't exec ./strings-static, " + if [ ! -x /usr/bin/chkrootkit-strings ]; then + printn "can't exec /usr/bin/chkrootkit-strings-static, " return ${NOT_TESTED} fi if [ "${EXPERT}" = "t" ]; then - expertmode_output "./strings -a ${CMD}" + expertmode_output "/usr/bin/chkrootkit-strings -a ${CMD}" return 5 fi ### strings must be a statically linked binary. - if ./strings-static -a ${CMD} > /dev/null 2>&1 + if /usr/bin/chkrootkit-strings-static -a ${CMD} > /dev/null 2>&1 then STATUS=${INFECTED} fi