chkrootkit 0.49-4ubuntu1 / etc / cron.daily / chkrootkit

This file is indexed.

/etc/cron.daily/chkrootkit is in chkrootkit 0.49-4ubuntu1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/bin/sh

set -e

CHKROOTKIT=/usr/sbin/chkrootkit
CF=/etc/chkrootkit.conf
LOG_DIR=/var/log/chkrootkit

if [ ! -x $CHKROOTKIT ]; then
  exit 0
fi

if [ -f $CF ]; then
    . $CF
fi

if [ "$RUN_DAILY" = "true" ]; then
    if [ "$DIFF_MODE" = "true" ]; then
				eval $CHKROOTKIT $RUN_DAILY_OPTS > $LOG_DIR/log.today.raw 2>&1
				# the sed expression replaces the messages about /sbin/dhclient3 /usr/sbin/dhcpd3
				# with a message that is the same whatever order eth0 and eth1 were scanned
				sed -r -e 's,eth(0|1)(:[0-9])?: PACKET SNIFFER\((/sbin/dhclient3|/usr/sbin/dhcpd3)\[[0-9]+\]\),eth\[0|1\]: PACKET SNIFFER\([dhclient3|dhcpd3]{PID}\),' \
				-e 's/(! \w+\s+)[ 0-9]{4}[0-9]/\1#####/' $LOG_DIR/log.today.raw > $LOG_DIR/log.today
        if [ ! -f $LOG_DIR/log.expected ]; then
						echo "ERROR: No file $LOG_DIR/log.expected"
						echo "This file should contain expected output from chkrootkit"
						echo
						echo "Today's run produced the following output:"
						echo "--- [ BEGIN: cat $LOG_DIR/log.today  ] ---"
						cat $LOG_DIR/log.today
						echo "--- [ END: cat $LOG_DIR/log.today ] ---"
						echo
						echo "To create this file containing all output from today's run, do (as root)"
						echo "# cp -a $LOG_DIR/log.today $LOG_DIR/log.expected"
						echo "# (note that unedited output is in $LOG_DIR/log.today.raw)"
				elif ! diff -q $LOG_DIR/log.expected $LOG_DIR/log.today > /dev/null 2>&1; then
						echo "ERROR: chkrootkit output was not as expected."
						echo
						echo "The difference is:"
						echo "---[ BEGIN: diff -u $LOG_DIR/log.expected $LOG_DIR/log.today ] ---"
						diff -u $LOG_DIR/log.expected $LOG_DIR/log.today || true
						echo "---[ END: diff -u $LOG_DIR/log.expected $LOG_DIR/log.today ] ---"
						echo
           					echo "To update the expected output, run (as root)"
						echo "#  cp -a -f $LOG_DIR/log.today $LOG_DIR/log.expected"
						echo "# (note that unedited output is in $LOG_DIR/log.today.raw)"
        fi
    else
        eval $CHKROOTKIT $RUN_DAILY_OPTS
    fi
fi

APT Browse - Built by Thomas Orozco.