-diff -burN chkrootkit-0.42b.orig/chkrootkit chkrootkit-0.42b/chkrootkit
---- chkrootkit-0.42b.orig/chkrootkit 2003-09-22 22:57:30.383435144 +0200
-+++ chkrootkit-0.42b/chkrootkit 2003-09-22 23:07:24.364136352 +0200
-@@ -151,15 +151,15 @@
+diff -Nur chkrootkit-0.43.orig/chkrootkit chkrootkit-0.43/chkrootkit
+--- chkrootkit-0.43.orig/chkrootkit 2003-12-28 17:48:16.000000000 +0100
++++ chkrootkit-0.43/chkrootkit 2003-12-30 09:09:25.887663096 +0100
+@@ -151,20 +151,20 @@
fi
if [ "${EXPERT}" = "t" ]; then
-- expertmode_output "./ifpromisc"
-+ expertmode_output "/usr/bin/chkrootkit-ifpromisc"
+- expertmode_output "./ifpromisc" -v
++ expertmode_output "/usr/bin/chkrootkit-ifpromisc" -v
return 5
fi
- if [ ! -f ${ROOTDIR}proc/net/packet ]; then
-- if [ ! -x ./ifpromisc ]; then
-- echo "not tested: can't exec ./ifpromisc"
-+ if [ ! -x /usr/bin/chkrootkit-ifpromisc ]; then
-+ echo "not tested: can't exec /usr/bin/chkrootkit-ifpromisc"
- return ${NOT_TESTED}
- fi
-- [ "${QUIET}" != "t" ] && ./ifpromisc || ./ifpromisc -q
-+ [ "${QUIET}" != "t" ] && /usr/bin/chkrootkit-ifpromisc || /usr/bin/chkrootkit-ifpromisc -q
+- if [ ! -x ./ifpromisc ]; then
+- echo "not tested: can't exec ./ifpromisc"
++ if [ ! -x /usr/bin/chkrootkit-ifpromisc ]; then
++ echo "not tested: can't exec /usr/bin/chkrootkit-ifpromisc"
+ return ${NOT_TESTED}
else
- if [ `${egrep} -c "3 0003" ${ROOTDIR}proc/net/packet 2>/dev/null` -gt 0 ]; then
- set `${egrep} ":" $ROOTDIR/proc/net/dev | ${egrep} -v "lo:" | cut -f 1 -d:`
-@@ -174,8 +174,8 @@
+- [ "${QUIET}" != "t" ] && ./ifpromisc -v || ./ifpromisc -q
++ [ "${QUIET}" != "t" ] && /usr/bin/chkrootkit-ifpromisc -v || /usr/bin/chkrootkit-ifpromisc -q
+ fi
}
z2 () {
return ${NOT_TESTED}
fi
-@@ -183,31 +183,31 @@
- LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
+@@ -178,32 +178,32 @@
+ fi
if [ "${EXPERT}" = "t" ]; then
- expertmode_output "./chklastlog -f ${WTMP} -l ${LASTLOG}"
+ expertmode_output "/usr/bin/chkrootkit-check_wtmpx"
return 5
fi
-- if ./check_wtmpx
-+ if /usr/bin/chkrootkit-check_wtmpx
- then
- if [ "${QUIET}" != "t" ]; then \
- echo "nothing deleted in /var/adm/wtmpx"; fi
-@@ -217,12 +217,12 @@
+ if [ -f ${ROOTDIR}var/adm/wtmp ]; then
+- if ./check_wtmpx
++ if /usr/bin/chkrootkit-check_wtmpx
+ then
+ if [ "${QUIET}" != "t" ]; then \
+ echo "nothing deleted in /var/adm/wtmpx"; fi
+@@ -214,12 +214,12 @@
WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
if [ "${EXPERT}" = "t" ]; then
then
if [ "${QUIET}" != "t" ]; then echo "nothing deleted"; fi
fi
-@@ -261,8 +261,8 @@
+@@ -258,8 +258,8 @@
prog=""
if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
${V} -gt 43 \) \) -a "${ROOTDIR}" = "/" ]; then
if [ "$prog" != "" ]; then
# echo "not tested: can't exec $prog"
return ${NOT_TESTED}
-@@ -271,7 +271,7 @@
+@@ -268,7 +268,7 @@
if [ "${EXPERT}" = "t" ]; then
[ -r /proc/ksyms ] && ${egrep} -i "adore|sebek" < /proc/ksyms 2>/dev/null
[ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
return 5
fi
-@@ -292,7 +292,7 @@
+@@ -289,7 +289,7 @@
echo "Warning: Knark LKM installed"
fi
then
if [ "${QUIET}" != "t" ]; then echo "nothing detected"; fi
else
-@@ -1463,18 +1463,18 @@
+@@ -1505,18 +1505,18 @@
if [ "${SYSTEM}" = "Linux" ]
then
-- if [ ! -x ./strings ]; then
+- if [ ! -x ./strings-static ]; then
- printn "can't exec ./strings-static, "
+ if [ ! -x /usr/bin/chkrootkit-strings ]; then
-+ printn "can't exec /usr/bin/chkrootkit-strings-static, "
++ printn "can't exec /usr/bin/chkrootkit-strings, "
return ${NOT_TESTED}
fi
fi
### strings must be a statically linked binary.
-- if ./strings -a ${CMD} > /dev/null 2>&1
+- if ./strings-static -a ${CMD} > /dev/null 2>&1
+ if /usr/bin/chkrootkit-strings -a ${CMD} > /dev/null 2>&1
then
STATUS=${INFECTED}
fi
+diff -Nur chkrootkit-0.43.orig/Makefile chkrootkit-0.43/Makefile
+--- chkrootkit-0.43.orig/Makefile 2003-12-30 09:08:57.815930648 +0100
++++ chkrootkit-0.43/Makefile 2003-12-30 09:09:59.581540848 +0100
+@@ -25,13 +25,13 @@
+
+ SRCS = chklastlog.c chkwtmp.c ifpromisc.c chkproc.c chkdirs.c check_wtmpx.c strings.c
+
+-OBJS = chklastlog.o chkwtmp.o ifpromisc.o chkproc.o chkdirs.o check_wtmpx.o strings-static.o
++OBJS = chklastlog.o chkwtmp.o ifpromisc.o chkproc.o chkdirs.o check_wtmpx.o strings.o
+
+ all:
+ @echo '*** stopping make sense ***'
+ @exec make sense
+
+-sense: chklastlog chkwtmp ifpromisc chkproc chkdirs check_wtmpx strings-static
++sense: chklastlog chkwtmp ifpromisc chkproc chkdirs check_wtmpx strings
+
+ chklastlog: chklastlog.c
+ ${CC} ${CFLAGS} -o $@ chklastlog.c
+@@ -51,8 +51,8 @@
+ check_wtmpx: check_wtmpx.c
+ ${CC} ${LDFLAGS} -o $@ check_wtmpx.c
+
+-strings-static: strings.c
++strings: strings.c
+ ${CC} ${STATIC} ${LDFLAGS} -o $@ strings.c
+
+ clean:
+- rm -f ${OBJS} core chklastlog chkwtmp ifpromisc chkproc chkdirs check_wtmpx strings-static
++ rm -f ${OBJS} core chklastlog chkwtmp ifpromisc chkproc chkdirs check_wtmpx strings