Attachment 8291 Details for Bug 19079 – Patch against chkrootkit to hopefully fix the problem.

[patch] Patch against chkrootkit to hopefully fix the problem.

chkrootkit-mga19079.patch (text/plain), 1.13 KB, created by Shlomi Fish on 2016-07-31 15:01:19 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Shlomi Fish

Created: 2016-07-31 15:01:19 CEST

Size: 1.13 KB

patch

obsolete

>--- chkrootkit.orig	2016-07-31 15:55:11.587010303 +0300
>+++ chkrootkit	2016-07-31 15:45:52.833912283 +0300
>@@ -1132,7 +1132,7 @@
>    ## SSJD Operation Windigo  (Linux/Ebury) 
>    if [ "${QUIET}" != "t" ]; then
>       printn "Searching for Linux/Ebury - Operation Windigo ssh... "; fi
>-   if $ssh -G 2>&1 | grep -e illegal -e unknow > /dev/null; then 
>+   if $ssh -Z 2>&1 | grep -e illegal -e unknow > /dev/null; then 
>       if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
>    else
>          echo "Possible Linux/Ebury - Operation Windigo installetd" 
>@@ -2740,6 +2740,7 @@
>     echo "ROOTDIR is \`${ROOTDIR}'"
> fi
> 
>+exit_code=0
> 
> for cmd in ${LIST}
> do
>@@ -2762,6 +2763,10 @@
>             continue
>         fi
> 
>+        if [ ${STATUS} -eq 0 ]; then
>+            exit_code=1
>+        fi
>+
>         case $STATUS in
>         0) echo "INFECTED";;
>         1) echo "not infected";;
>@@ -2776,8 +2781,13 @@
>             printn "Checking \`$cmd'... "
>         fi
>         ${cmd}
>+        STATUS=$?
>+        if [ ${STATUS} -eq "${INFECTED}" ]; then
>+            exit_code=1
>+        fi
> 
>     fi
> done
> 
>+exit "$exit_code"
> ### chkrootkit ends here.

--- chkrootkit.orig	2016-07-31 15:55:11.587010303 +0300
+++ chkrootkit	2016-07-31 15:45:52.833912283 +0300
@@ -1132,7 +1132,7 @@
    ## SSJD Operation Windigo  (Linux/Ebury) 
    if [ "${QUIET}" != "t" ]; then
       printn "Searching for Linux/Ebury - Operation Windigo ssh... "; fi
-   if $ssh -G 2>&1 | grep -e illegal -e unknow > /dev/null; then 
+   if $ssh -Z 2>&1 | grep -e illegal -e unknow > /dev/null; then 
       if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
    else
          echo "Possible Linux/Ebury - Operation Windigo installetd" 
@@ -2740,6 +2740,7 @@
     echo "ROOTDIR is \`${ROOTDIR}'"
 fi
 
+exit_code=0
 
 for cmd in ${LIST}
 do
@@ -2762,6 +2763,10 @@
             continue
         fi
 
+        if [ ${STATUS} -eq 0 ]; then
+            exit_code=1
+        fi
+
         case $STATUS in
         0) echo "INFECTED";;
         1) echo "not infected";;
@@ -2776,8 +2781,13 @@
             printn "Checking \`$cmd'... "
         fi
         ${cmd}
+        STATUS=$?
+        if [ ${STATUS} -eq "${INFECTED}" ]; then
+            exit_code=1
+        fi
 
     fi
 done
 
+exit "$exit_code"
 ### chkrootkit ends here.

Actions: View | Diff

Attachments on bug 19079: 8291 | 8296 | 8298