--- /dev/null
+diff -Nru chkrootkit-0.35/chkrootkit chkrootkit-0.35-new/chkrootkit
+--- chkrootkit-0.35/chkrootkit Fri Jan 18 11:49:46 2002
++++ chkrootkit-0.35-new/chkrootkit Wed Feb 13 12:00:38 2002
+@@ -1,6 +1,11 @@
+-#! /bin/sh
++#! /bin/bash
+ # -*- Shell-script -*-
+
++# We have to go to a dir with chkrootkit-* binaries
++# Otherwise some tests will not get executed.
++
++cd /usr/bin
++
+ # $Id: chkrootkit, v 0.35 2002/01/17
+ CHKROOTKIT_VERSION='0.35'
+
+@@ -47,7 +52,7 @@
+
+ if [ "${EXPERT}" = "t" ]; then
+ expertmode_output "${egrep} ^asp ${ROOTDIR}etc/inetd.conf"
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+@@ -63,7 +68,7 @@
+ STATUS=${INFECTED}
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${ASP_LABEL}" >/dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${ASP_LABEL}" >/dev/null 2>&1
+ then
+ echo "INFECTED"
+ STATUS=${INFECTED}
+@@ -81,22 +86,22 @@
+ return ${NOT_TESTED}
+ fi
+
+- if [ ! -x ./ifpromisc ]; then
+- echo "not tested: can't exec ./ifpromisc"
++ if [ ! -x ./chkrootkit-ifpromisc ]; then
++ echo "not tested: can't exec ./chkrootkit-ifpromisc"
+ return ${NOT_TESTED}
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "./ifpromisc"
++ expertmode_output "./chkrootkit-ifpromisc"
+ return 5
+ fi
+ echo
+- ./ifpromisc
++ ./chkrootkit-ifpromisc
+ }
+
+ z2 () {
+- if [ ! -x ./chklastlog ]; then
+- echo "not tested: can't exec ./chklastlog"
++ if [ ! -x ./chkrootkit-chklastlog ]; then
++ echo "not tested: can't exec ./chkrootkit-chklastlog"
+ return ${NOT_TESTED}
+ fi
+
+@@ -104,31 +109,31 @@
+ LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "./chklastlog -f ${WTMP} -l ${LASTLOG}"
++ expertmode_output "./chkrootkit-chklastlog -f ${WTMP} -l ${LASTLOG}"
+ return 5
+ fi
+
+- if ./chklastlog -f ${WTMP} -l ${LASTLOG}
++ if ./chkrootkit-chklastlog -f ${WTMP} -l ${LASTLOG}
+ then
+ if [ "${QUIET}" != "t" ]; then echo "nothing deleted"; fi
+ fi
+ }
+
+ wted () {
+- if [ ! -x ./chkwtmp ]; then
+- echo "not tested: can't exec ./chkwtmp"
++ if [ ! -x ./chkrootkit-chkwtmp ]; then
++ echo "not tested: can't exec ./chkrootkit-chkwtmp"
+ return ${NOT_TESTED}
+ fi
+
+ if [ "$SYSTEM" = "SunOS" ]; then
+- if [ ! -x ./check_wtmpx ]; then
+- echo "not tested: can't exec ./check_wtmpx"
++ if [ ! -x ./chkrootkit-check_wtmpx ]; then
++ echo "not tested: can't exec ./chkrootkit-check_wtmpx"
+ else
+ if [ "${EXPERT}" = "t" ]; then
+ expertmode_output "./chec_wtmpx"
+ return 5
+ fi
+- if ./check_wtmpx
++ if ./chkrootkit-check_wtmpx
+ then
+ if [ "${QUIET}" != "t" ]; then \
+ echo "nothing deleted in /var/adm/wtmpx"; fi
+@@ -139,11 +144,11 @@
+ WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "./chkwtmp -f ${WTMP}"
++ expertmode_output "./chkrootkit-chkwtmp -f ${WTMP}"
+ return 5
+ fi
+
+- if ./chkwtmp -f ${WTMP}
++ if ./chkrootkit-chkwtmp -f ${WTMP}
+ then
+ if [ "${QUIET}" != "t" ]; then echo "nothing deleted"; fi
+ fi
+@@ -181,15 +186,15 @@
+ {
+ if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
+ ${V} -gt 43 \) \) -a "${ROOTDIR}" = "/" ]; then
+- if [ ! -x ./chkproc ]; then
+- echo "not tested: can't exec ./chkproc"
++ if [ ! -x ./chkrootkit-chkproc ]; then
++ echo "not tested: can't exec ./chkrootkit-chkproc"
+ return ${NOT_TESTED}
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+ [ -r /proc/ksyms ] && ${egrep} -i adore < /proc/ksyms 2>/dev/null
+ [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
+- expertmode_output "./chkproc -v"
++ expertmode_output "./chkrootkit-chkproc -v"
+ return 5
+ fi
+
+@@ -204,7 +209,7 @@
+ echo "Warning: Knark LKM installed"
+ fi
+
+- if ./chkproc
++ if ./chkrootkit-chkproc
+ then
+ if [ "${QUIET}" != "t" ]; then echo "nothing detected"; fi
+ else
+@@ -742,19 +747,19 @@
+ CMD=`loc chfn chfn $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+ case "${SYSTEM}" in
+ Linux)
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi;;
+ FreeBSD)
+- if [ `${strings} -a ${CMD} | \
++ if [ `${chkrootkit-strings} -a ${CMD} | \
+ ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne 2 ]
+ then
+ STATUS=${INFECTED}
+@@ -769,16 +774,16 @@
+ REDHAT_PAM_LABEL="*NOT*"
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+ case "${SYSTEM}" in
+ Linux)
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
+ >/dev/null 2>&1
+ then
+- if ${strings} -a ${CMD} | ${egrep} "${REDHAT_PAM_LABEL}" \
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${REDHAT_PAM_LABEL}" \
+ >/dev/null 2>&1
+ then
+ :
+@@ -787,7 +792,7 @@
+ fi
+ fi;;
+ FreeBSD)
+- if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne 2 ]
++ if [ `${chkrootkit-strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne 2 ]
+ then
+ STATUS=${INFECTED}
+ fi;;
+@@ -803,12 +808,12 @@
+ CMD=`loc login login $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+ TROJED_L_L="^root$|vejeta|xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?"
+- ret=`${strings} -a ${CMD} | ${egrep} -c "${TROJED_L_L}"`
++ ret=`${chkrootkit-strings} -a ${CMD} | ${egrep} -c "${TROJED_L_L}"`
+ if [ ${ret} -gt 0 ]; then
+ case ${ret} in
+ 1) [ "${SYSTEM}" = "OpenBSD" -a ${V} -le 27 ] && \
+@@ -831,14 +836,14 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ fi
+
+ if [ "${SYSTEM}" = "OpenBSD" -o "${SYSTEM}" = "SunOS" ]
+ then
+ return ${NOT_TESTED}
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -856,11 +861,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -879,11 +884,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${SYSLOG_I_L}" >/dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${SYSLOG_I_L}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -900,11 +905,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${HDPARM_INFECTED_LABEL}" \
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${HDPARM_INFECTED_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -922,11 +927,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GPM_INFECTED_LABEL}" \
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GPM_INFECTED_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -944,11 +949,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${MINGETTY_INFECTED_LABEL}" \
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${MINGETTY_INFECTED_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -966,11 +971,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${SENDMAIL_INFECTED_LABEL}" \
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${SENDMAIL_INFECTED_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -984,11 +989,11 @@
+ CMD=`loc ls ls $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${LS_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${LS_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1001,11 +1006,11 @@
+ CMD=`loc du du $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${DU_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${DU_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1025,11 +1030,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${NAMED_I_L}" \
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${NAMED_I_L}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -1043,11 +1048,11 @@
+ CMD=`loc netstat netstat $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${NETSTAT_I_L}" \
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${NETSTAT_I_L}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -1062,11 +1067,11 @@
+ CMD=`loc ps ps $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${PS_I_L}" >/dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${PS_I_L}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1084,11 +1089,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${PSTREE_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${PSTREE_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1106,11 +1111,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1128,11 +1133,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1150,11 +1155,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1167,18 +1172,18 @@
+
+ if [ "${SYSTEM}" = "Linux" ]
+ then
+- if [ ! -x ./strings ]; then
+- printn "can't exec ./strings-static, "
++ if [ ! -x ./chkrootkit-strings ]; then
++ printn "can't exec ./chkrootkit-strings-static, "
+ return ${NOT_TESTED}
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "./strings -a ${CMD}"
++ expertmode_output "./chkrootkit-strings -a ${CMD}"
+ return 5
+ fi
+
+- ### strings must be a statically linked binary.
+- if ./strings-static -a ${CMD} > /dev/null 2>&1
++ ### chkrootkit-strings must be a statically linked binary.
++ if ./chkrootkit-strings-static -a ${CMD} > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1193,11 +1198,11 @@
+ CMD=`loc basename basename $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1213,11 +1218,11 @@
+ CMD=`loc dirname dirname $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1238,11 +1243,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1254,12 +1259,12 @@
+ CMD=`loc rpcinfo rpcinfo $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1275,12 +1280,12 @@
+ CMD=`loc date date $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1296,12 +1301,12 @@
+ CMD=`loc echo echo $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1317,12 +1322,12 @@
+ CMD=`loc env env $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1344,11 +1349,11 @@
+ fi
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1362,11 +1367,11 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1380,11 +1385,11 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1398,11 +1403,11 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1414,12 +1419,12 @@
+ CMD=`loc write write $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1455,7 +1460,7 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+ STATUS=${INFECTED}
+@@ -1473,12 +1478,12 @@
+ MAIL_INFECTED_LABEL="sh -i"
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${MAIL_INFECTED_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${MAIL_INFECTED_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1498,12 +1503,12 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1520,11 +1525,11 @@
+ CMD=`loc egrep egrep $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${EGREP_INFECTED_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${EGREP_INFECTED_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1537,12 +1542,12 @@
+ CMD=`loc grep grep $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GREP_INFECTED_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${GREP_INFECTED_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1564,11 +1569,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1586,10 +1591,10 @@
+ fi
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${RLOGIN_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${RLOGIN_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1604,10 +1609,10 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${LSOF_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${LSOF_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1622,10 +1627,10 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${AMD_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${AMD_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1640,10 +1645,10 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${SLOGIN_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${SLOGIN_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1662,10 +1667,10 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${CRON_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${CRON_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1677,12 +1682,12 @@
+ CMD="${ROOTDIR}sbin/ifconfig"
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+ IFCONFIG_NOT_INFECTED_LABEL="PROMISC"
+- if ${strings} -a ${CMD} | ${egrep} "${IFCONFIG_NOT_INFECTED_LABEL}" \
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${IFCONFIG_NOT_INFECTED_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${NOT_INFECTED}
+@@ -1702,12 +1707,12 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+ RSHD_INFECTED_LABEL="HISTFILE"
+- if ${strings} -a ${CMD} | ${egrep} "${RSHD_INFECTED_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${RSHD_INFECTED_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ if ${egrep} "^#.*rshd" ${ROOTDIR}etc/inetd.conf >/dev/null 2>&1 -o \
+@@ -1733,11 +1738,11 @@
+ CMD=${ROOTDIR}${CMD}
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${TCPD_INFECTED_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${TCPD_INFECTED_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1754,11 +1759,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${SSHD2_INFECTED_LABEL}" \
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${SSHD2_INFECTED_LABEL}" \
+ > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -1775,11 +1780,11 @@
+ CMD=`loc su su $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${SU_INFECTED_LABEL}" > /dev/null 2>&1
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${SU_INFECTED_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1799,11 +1804,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${FINGER_INFECTED_LABEL}" \
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${FINGER_INFECTED_LABEL}" \
+ > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -1851,11 +1856,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${chkrootkit-strings} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${TELNETD_INFECTED_LABEL}" \
++ if ${chkrootkit-strings} -a ${CMD} | ${egrep} "${TELNETD_INFECTED_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -1935,7 +1940,7 @@
+ netstat
+ ps
+ sed
+-strings
++chkrootkit-strings
+ uname
+ "
+
projects / packages / chkrootkit.git / commitdiff