Attachment 4348 Details for Bug 6699 – Patch to remove check for the string HOME in /sbin/init.

[patch] Patch to remove check for the string HOME in /sbin/init.

chkrootkit.patch (text/plain), 1.18 KB, created by Dave Hodgins on 2013-09-11 22:32:17 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Dave Hodgins

Created: 2013-09-11 22:32:17 CEST

Size: 1.18 KB

patch

obsolete

>--- /usr/sbin/chkrootkit.original	2013-01-11 10:07:02.000000000 -0500
>+++ /usr/sbin/chkrootkit	2013-09-11 16:27:54.540045781 -0400
>@@ -526,7 +526,8 @@
>       ${egrep} "\.hk" ${ROOTDIR}etc/rc.d/init.d/network 2>/dev/null
> 
>       ## Suckit rootkit
>-      expertmode_output "${strings} ${ROOTDIR}sbin/init | ${egrep} HOME"
>+### In /lib/systemd/systemd, it's normal to have the string HOME. Removing the check mga#6699
>+###      expertmode_output "${strings} ${ROOTDIR}sbin/init | ${egrep} HOME"
>       expertmode_output "cat ${ROOTDIR}proc/1/maps | ${egrep} init."
>       expertmode_output "cat ${ROOTDIR}dev/.golf"
> 
>@@ -980,7 +981,8 @@
>    ### Suckit
>    if [ -f ${ROOTDIR}sbin/init ]; then
>       if [ "${QUIET}" != "t" ];then printn "Searching for Suckit rootkit... "; fi
>-      if [ ${SYSTEM} != "HP-UX" ] && ( ${strings} ${ROOTDIR}sbin/init | ${egrep} HOME  || \
>+### In /lib/systemd/systemd, it's normal to have the string HOME. Enusring check will fail mga#6699
>+      if [ ${SYSTEM} != "HP-UX" ] && ( ${strings} ${ROOTDIR}sbin/init | ${egrep} DoNotFindHOME  || \
> 	      cat ${ROOTDIR}/proc/1/maps | ${egrep} "init." ) >/dev/null 2>&1
>         then
>         echo "Warning: ${ROOTDIR}sbin/init INFECTED"

--- /usr/sbin/chkrootkit.original	2013-01-11 10:07:02.000000000 -0500
+++ /usr/sbin/chkrootkit	2013-09-11 16:27:54.540045781 -0400
@@ -526,7 +526,8 @@
       ${egrep} "\.hk" ${ROOTDIR}etc/rc.d/init.d/network 2>/dev/null
 
       ## Suckit rootkit
-      expertmode_output "${strings} ${ROOTDIR}sbin/init | ${egrep} HOME"
+### In /lib/systemd/systemd, it's normal to have the string HOME. Removing the check mga#6699
+###      expertmode_output "${strings} ${ROOTDIR}sbin/init | ${egrep} HOME"
       expertmode_output "cat ${ROOTDIR}proc/1/maps | ${egrep} init."
       expertmode_output "cat ${ROOTDIR}dev/.golf"
 
@@ -980,7 +981,8 @@
    ### Suckit
    if [ -f ${ROOTDIR}sbin/init ]; then
       if [ "${QUIET}" != "t" ];then printn "Searching for Suckit rootkit... "; fi
-      if [ ${SYSTEM} != "HP-UX" ] && ( ${strings} ${ROOTDIR}sbin/init | ${egrep} HOME  || \
+### In /lib/systemd/systemd, it's normal to have the string HOME. Enusring check will fail mga#6699
+      if [ ${SYSTEM} != "HP-UX" ] && ( ${strings} ${ROOTDIR}sbin/init | ${egrep} DoNotFindHOME  || \
 	      cat ${ROOTDIR}/proc/1/maps | ${egrep} "init." ) >/dev/null 2>&1
         then
         echo "Warning: ${ROOTDIR}sbin/init INFECTED"

Actions: View | Diff

Attachments on bug 6699: 4348 | 4349