--- /dev/null
+--- chkrootkit Fri Sep 12 14:47:14 2003
++++ chkrootkit Mon Sep 15 18:29:16 2003
+@@ -25,7 +25,7 @@
+ tcpdump top telnetd timed traceroute vdir w write"
+
+ # Tools
+-TOOLS="aliens asp bindshell lkm rexedcs sniffer w55808 wted scalper slapper z2"
++TOOLS="aliens asp bindshell lkm rexedcs sniffer promisctest w55808 wted scalper slapper z2"
+
+ # Return Codes
+ INFECTED=0
+@@ -172,6 +172,39 @@
+ fi
+ fi
+ }
++
++promisctest () {
++ # Add gratutuous printf for "regular" mode output ("./chkrootkit promisctest")
++ printf "%s\n"; ip="/sbin/ip"
++ ${egrep} /proc/version -qe "2\.(4|5|6)"; KERNVER="$?"
++ case "${KERNVER:0:1}" in
++ 0)
++ if [ ! -x ${ip} ]; then
++ printf "%snot tested: can't exec ${ip}\n"
++ return ${NOT_TESTED}
++ fi
++ ${ip} link show | ${egrep} "^[0-9]" | while read DEVF; do
++ DEVF=( ${DEVF} )
++ printf "%s${DEVF[@]}" | ${egrep} -qe "PROMISC"; STATUS="$?"
++ case "${STATUS:0:1}" in
++ 1)
++ if [ "${EXPERT}" = "t" ]; then
++ printf "%s${DEVF[1]} has device flags:\t${DEVF[2]}\n"
++ else printf "%s${DEVF[1]}\tis not promisc\n"
++ fi;;
++ 0)
++ if [ "${EXPERT}" = "t" ]; then
++ printf "%s${DEVF[1]} has device flags:\t${DEVF[2]}\n"
++ else printf "%s${DEVF[1]}\tIS PROMISC\n"
++ fi;;
++ esac
++ done;;
++ *)
++ echo "not tested."
++ return ${NOT_TESTED};;
++ esac
++ }
++
+
+ z2 () {
+ if [ ! -x ./chklastlog ]; then