summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'app-admin/chkrootkit')
-rw-r--r--app-admin/chkrootkit/ChangeLog8
-rw-r--r--app-admin/chkrootkit/Manifest17
-rw-r--r--app-admin/chkrootkit/chkrootkit-0.43-r1.ebuild35
-rw-r--r--app-admin/chkrootkit/files/chkrootkit-0.43-r1-gentoo.diff975
-rw-r--r--app-admin/chkrootkit/files/digest-chkrootkit-0.43-r11
5 files changed, 1028 insertions, 8 deletions
diff --git a/app-admin/chkrootkit/ChangeLog b/app-admin/chkrootkit/ChangeLog
index afee6c3f8944..02d7769a4f4a 100644
--- a/app-admin/chkrootkit/ChangeLog
+++ b/app-admin/chkrootkit/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for app-admin/chkrootkit
# Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/chkrootkit/ChangeLog,v 1.31 2004/06/29 19:22:55 agriffis Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/chkrootkit/ChangeLog,v 1.32 2004/07/03 11:44:04 pyrania Exp $
+
+*chkrootkit-0.43-r1 (03 Jul 2004)
+
+ 03 Jul 2004; <pyrania@gentoo.org> +files/chkrootkit-0.43-r1-gentoo.diff,
+ +chkrootkit-0.43-r1.ebuild:
+ Fixed the buggy patch.. Closing bug #55796.
29 Jun 2004; Aron Griffis <agriffis@gentoo.org> chkrootkit-0.42b.ebuild,
chkrootkit-0.43.ebuild:
diff --git a/app-admin/chkrootkit/Manifest b/app-admin/chkrootkit/Manifest
index 6b719dd9583a..26438ec5f2f8 100644
--- a/app-admin/chkrootkit/Manifest
+++ b/app-admin/chkrootkit/Manifest
@@ -1,13 +1,16 @@
-MD5 87ad17000b825940390dd435d3374c30 chkrootkit-0.42b.ebuild 917
+MD5 3cdc538ed7b89514dfd5787aacf78669 ChangeLog 4104
MD5 f746627867c6acedf3102019aa4521ff chkrootkit-0.37.ebuild 744
-MD5 8504a0702cb50555ee5f329a0391aa16 chkrootkit-0.43.ebuild 882
-MD5 f914d8026eded070c3bf5aa430ee2ccd ChangeLog 3917
+MD5 0db824fd85e6d804cec910766001b9ad chkrootkit-0.43-r1.ebuild 886
MD5 1652522405f5936eb29776ef8d5ffa5b metadata.xml 310
+MD5 87ad17000b825940390dd435d3374c30 chkrootkit-0.42b.ebuild 917
+MD5 8504a0702cb50555ee5f329a0391aa16 chkrootkit-0.43.ebuild 882
MD5 cb48ba04bfdc24c6ab155896f6c13344 files/chkrootkit-0.43-gentoo.diff 30128
-MD5 be7c7597652c846de193642182e3d69e files/digest-chkrootkit-0.42b 67
-MD5 f97957a94793b86fd018b32e44811f89 files/chkrootkit-0.37-gentoo.diff 4531
-MD5 e9f2cc0eace779d1cad291deb9d9c7e1 files/chkrootkit-0.39a-gentoo.diff 28218
MD5 4a7462549213c3ef88c11df667b2eeda files/chkrootkit-0.41-gentoo.diff 30253
MD5 3259dda202b238de8bc2fb5b23a298c6 files/chkrootkit-0.42b-gentoo.diff 30932
-MD5 7cf45be07aafbbaa3252ce9ece31d5b6 files/digest-chkrootkit-0.37 66
+MD5 be7c7597652c846de193642182e3d69e files/digest-chkrootkit-0.42b 67
+MD5 7fc015bb14817d40e62bb17ca3a2b968 files/chkrootkit-0.43-r1-gentoo.diff 30730
+MD5 e9f2cc0eace779d1cad291deb9d9c7e1 files/chkrootkit-0.39a-gentoo.diff 28218
MD5 e403f736d82cbf43e0780a5bb62993cb files/digest-chkrootkit-0.43 66
+MD5 f97957a94793b86fd018b32e44811f89 files/chkrootkit-0.37-gentoo.diff 4531
+MD5 7cf45be07aafbbaa3252ce9ece31d5b6 files/digest-chkrootkit-0.37 66
+MD5 e403f736d82cbf43e0780a5bb62993cb files/digest-chkrootkit-0.43-r1 66
diff --git a/app-admin/chkrootkit/chkrootkit-0.43-r1.ebuild b/app-admin/chkrootkit/chkrootkit-0.43-r1.ebuild
new file mode 100644
index 000000000000..f0ab29a3f350
--- /dev/null
+++ b/app-admin/chkrootkit/chkrootkit-0.43-r1.ebuild
@@ -0,0 +1,35 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/chkrootkit/chkrootkit-0.43-r1.ebuild,v 1.1 2004/07/03 11:44:04 pyrania Exp $
+
+inherit eutils
+
+DESCRIPTION="a tool to locally check for signs of a rootkit"
+HOMEPAGE="http://www.chkrootkit.org/"
+SRC_URI="ftp://ftp.pangeia.com.br/pub/seg/pac/${P}.tar.gz"
+
+LICENSE="AMS"
+SLOT="0"
+KEYWORDS="~x86 ~ppc ~sparc ~alpha ~ia64 ~amd64"
+IUSE=""
+
+DEPEND="virtual/libc
+ >=sys-apps/sed-4"
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+ epatch ${FILESDIR}/${P}-gentoo.diff
+ sed -i 's:${head} -:${head} -n :' chkrootkit
+}
+
+src_compile() {
+ make sense || die
+ make strings || die
+}
+
+src_install() {
+ dosbin check_wtmpx chklastlog chkproc chkrootkit chkwtmp ifpromisc || die
+ newsbin strings strings-static || die
+ dodoc README README.chklastlog README.chkwtmp
+}
diff --git a/app-admin/chkrootkit/files/chkrootkit-0.43-r1-gentoo.diff b/app-admin/chkrootkit/files/chkrootkit-0.43-r1-gentoo.diff
new file mode 100644
index 000000000000..282f38bba0b4
--- /dev/null
+++ b/app-admin/chkrootkit/files/chkrootkit-0.43-r1-gentoo.diff
@@ -0,0 +1,975 @@
+diff -Naur chkrootkit-0.43_/chkrootkit chkrootkit-0.43/chkrootkit
+--- chkrootkit-0.43_/chkrootkit 2004-07-03 13:26:45.026335552 +0200
++++ chkrootkit-0.43/chkrootkit 2004-07-03 13:28:57.327222760 +0200
+@@ -10,6 +10,14 @@
+ # (C)1997-2003 Nelson Murilo, Pangeia Informatica, AMS Foundation and others.
+ # All rights reserved
+
++# Gentoo specific : Could use `type <command> | cut -f 3 -d " "`
++IFPROMISC="/usr/sbin/ifpromisc"
++CHKLASTLOG="/usr/sbin/chklastlog"
++CHKPROC="/usr/sbin/chkproc"
++CHKWTMP="/usr/sbin/chkwtmp"
++CHECK_WTMPX="/usr/sbin/check_wtmpx"
++STRINGS="/usr/sbin/strings-static"
++
+ ### workaround for some Bourne shell implementations
+ unalias login > /dev/null 2>&1
+ unalias ls > /dev/null 2>&1
+@@ -116,7 +124,7 @@
+
+ if [ "${EXPERT}" = "t" ]; then
+ expertmode_output "${egrep} ^asp ${ROOTDIR}etc/inetd.conf"
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+@@ -132,7 +140,7 @@
+ STATUS=${INFECTED}
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${ASP_LABEL}" >/dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${ASP_LABEL}" >/dev/null 2>&1
+ then
+ echo "INFECTED"
+ STATUS=${INFECTED}
+@@ -151,20 +159,20 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "./ifpromisc" -v
++ expertmode_output "${IFPROMISC}" -v
+ return 5
+ fi
+- if [ ! -x ./ifpromisc ]; then
+- echo "not tested: can't exec ./ifpromisc"
++ if [ ! -x ${IFPROMISC} ]; then
++ echo "not tested: can't exec ${IFPROMISC}"
+ return ${NOT_TESTED}
+ else
+- [ "${QUIET}" != "t" ] && ./ifpromisc -v || ./ifpromisc -q
++ [ "${QUIET}" != "t" ] && ${IFPROMISC} -v || ${IFPROMISC} -q
+ fi
+ }
+
+ z2 () {
+- if [ ! -x ./chklastlog ]; then
+- echo "not tested: can't exec ./chklastlog"
++ if [ ! -x ${CHKLASTLOG} ]; then
++ echo "not tested: can't exec ${CHKLASTLOG}"
+ return ${NOT_TESTED}
+ fi
+
+@@ -178,32 +186,32 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "./chklastlog -f ${WTMP} -l ${LASTLOG}"
++ expertmode_output "${CHKLASTLOG} -f ${WTMP} -l ${LASTLOG}"
+ return 5
+ fi
+
+- if ./chklastlog -f ${WTMP} -l ${LASTLOG}
++ if ${CHKLASTLOG} -f ${WTMP} -l ${LASTLOG}
+ then
+ if [ "${QUIET}" != "t" ]; then echo "nothing deleted"; fi
+ fi
+ }
+
+ wted () {
+- if [ ! -x ./chkwtmp ]; then
+- echo "not tested: can't exec ./chkwtmp"
++ if [ ! -x ${CHKWTMP} ]; then
++ echo "not tested: can't exec ${CHKWTMP}"
+ return ${NOT_TESTED}
+ fi
+
+ if [ "$SYSTEM" = "SunOS" ]; then
+- if [ ! -x ./check_wtmpx ]; then
+- echo "not tested: can't exec ./check_wtmpx"
++ if [ ! -x ${CHECK_WTMPX} ]; then
++ echo "not tested: can't exec ${CHECK_WTMPX}"
+ else
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "./check_wtmpx"
++ expertmode_output "${CHECK_WTMPX}"
+ return 5
+ fi
+ if [ -f ${ROOTDIR}var/adm/wtmp ]; then
+- if ./check_wtmpx
++ if ${CHECK_WTMPX}
+ then
+ if [ "${QUIET}" != "t" ]; then \
+ echo "nothing deleted in /var/adm/wtmpx"; fi
+@@ -214,12 +222,12 @@
+ WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "./chkwtmp -f ${WTMP}"
++ expertmode_output "${CHKWTMP} -f ${WTMP}"
+ return 5
+ fi
+ fi
+
+- if ./chkwtmp -f ${WTMP}
++ if ${CHKWTMP} -f ${WTMP}
+ then
+ if [ "${QUIET}" != "t" ]; then echo "nothing deleted"; fi
+ fi
+@@ -258,7 +266,7 @@
+ prog=""
+ if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
+ ${V} -gt 43 \) \) -a "${ROOTDIR}" = "/" ]; then
+- [ ! -x ./chkproc ] && prog="./chkproc"
++ [ ! -x ${CHKPROC} ] && prog="${CHKPROC}"
+ [ ! -x ./chkdirs ] && prog="$prog ./chkdirs"
+ if [ "$prog" != "" ]; then
+ # echo "not tested: can't exec $prog"
+@@ -268,7 +276,7 @@
+ if [ "${EXPERT}" = "t" ]; then
+ [ -r /proc/ksyms ] && ${egrep} -i "adore|sebek" < /proc/ksyms 2>/dev/null
+ [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
+- expertmode_output "./chkproc -v -v"
++ expertmode_output "${CHKPROC} -v -v"
+ return 5
+ fi
+
+@@ -289,7 +297,7 @@
+ echo "Warning: Knark LKM installed"
+ fi
+
+- if ./chkproc
++ if ${CHKPROC}
+ then
+ if [ "${QUIET}" != "t" ]; then echo "nothing detected"; fi
+ else
+@@ -465,7 +473,7 @@
+ ${egrep} "\.hk" ${ROOTDIR}etc/rc.d/init.d/network 2>/dev/null
+
+ ## Suckit rootkit
+- expertmode_output "${strings} ${ROOTDIR}sbin/init | ${egrep} HOME"
++ expertmode_output "${STRINGS} ${ROOTDIR}sbin/init | ${egrep} HOME"
+ expertmode_output "cat ${ROOTDIR}proc/1/maps | ${egrep} init."
+
+ ## Volc rootkit
+@@ -890,7 +898,7 @@
+ ### Suckit
+ if [ -f ${ROOTDIR}sbin/init ]; then
+ if [ "${QUIET}" != "t" ];then printn "Searching for Suckit rootkit ... "; fi
+- if [ ${SYSTEM} != "HP-UX" ] && ( ${strings} ${ROOTDIR}sbin/init | ${egrep} HOME || \
++ if [ ${SYSTEM} != "HP-UX" ] && ( ${STRINGS} ${ROOTDIR}sbin/init | ${egrep} HOME || \
+ cat ${ROOTDIR}/proc/1/maps | ${egrep} "init." ) >/dev/null 2>&1
+ then
+ echo "Warning: ${ROOTDIR}sbin/init INFECTED"
+@@ -1068,20 +1076,20 @@
+ STATUS=${NOT_INFECTED}
+ CMD=`loc chfn chfn $pth`
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+ case "${SYSTEM}" in
+ Linux)
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi;;
+ FreeBSD)
+ [ $V -gt 50 ] && n=1 || n=2
+- if [ `${strings} -a ${CMD} | \
++ if [ `${STRINGS} -a ${CMD} | \
+ ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
+ then
+ STATUS=${INFECTED}
+@@ -1096,16 +1104,16 @@
+ REDHAT_PAM_LABEL="*NOT*"
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+ case "${SYSTEM}" in
+ Linux)
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
+ >/dev/null 2>&1
+ then
+- if ${strings} -a ${CMD} | ${egrep} "${REDHAT_PAM_LABEL}" \
++ if ${STRINGS} -a ${CMD} | ${egrep} "${REDHAT_PAM_LABEL}" \
+ >/dev/null 2>&1
+ then
+ :
+@@ -1115,7 +1123,7 @@
+ fi;;
+ FreeBSD)
+ [ $V -gt 50 ] && n=1 || n=2
+- if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
++ if [ `${STRINGS} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne $n ]
+ then
+ STATUS=${INFECTED}
+ fi;;
+@@ -1128,13 +1136,13 @@
+ CMD=`loc login login $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+ if [ "$SYSTEM" = "SunOS" ]; then
+ TROJED_L_L="porcao|/bin/xstat"
+- if ${strings} -a ${CMD} | ${egrep} "${TROJED_L_L}" >/dev/null 2>&1 ]; then
++ if ${STRINGS} -a ${CMD} | ${egrep} "${TROJED_L_L}" >/dev/null 2>&1 ]; then
+ return ${INFECTED}
+ else
+ return ${NOT_TESTED}
+@@ -1142,7 +1150,7 @@
+ fi
+ GENERAL="^root$"
+ TROJED_L_L="vejeta|xlogin|^@\(#\)klogin\.c|lets_log|sukasuka|/usr/lib/.ark?|SucKIT"
+- ret=`${strings} -a ${CMD} | ${egrep} -c "${GENERAL}"`
++ ret=`${STRINGS} -a ${CMD} | ${egrep} -c "${GENERAL}"`
+ if [ ${ret} -gt 0 ]; then
+ case ${ret} in
+ 1) [ "${SYSTEM}" = "OpenBSD" -a ${V} -le 27 -o ${V} -ge 30 ] && \
+@@ -1153,7 +1161,7 @@
+ *) STATUS=${INFECTED};;
+ esac
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${TROJED_L_L}" 2>&1 >/dev/null
++ if ${STRINGS} -a ${CMD} | ${egrep} "${TROJED_L_L}" 2>&1 >/dev/null
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1169,14 +1177,14 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ fi
+
+ if [ "${SYSTEM}" = "OpenBSD" -o "${SYSTEM}" = "SunOS" ]
+ then
+ return ${NOT_TESTED}
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}|/lib/security" \
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}|/lib/security" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -1194,11 +1202,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -1217,11 +1225,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${SYSLOG_I_L}" >/dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${SYSLOG_I_L}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1238,11 +1246,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${HDPARM_INFECTED_LABEL}" \
++ if ${STRINGS} -a ${CMD} | ${egrep} "${HDPARM_INFECTED_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -1260,11 +1268,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GPM_INFECTED_LABEL}" \
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GPM_INFECTED_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -1282,11 +1290,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${MINGETTY_INFECTED_LABEL}" \
++ if ${STRINGS} -a ${CMD} | ${egrep} "${MINGETTY_INFECTED_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -1304,11 +1312,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${SENDMAIL_INFECTED_LABEL}" \
++ if ${STRINGS} -a ${CMD} | ${egrep} "${SENDMAIL_INFECTED_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -1322,11 +1330,11 @@
+ CMD=`loc ls ls $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${LS_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${LS_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1339,11 +1347,11 @@
+ CMD=`loc du du $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${DU_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${DU_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1363,11 +1371,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${NAMED_I_L}" \
++ if ${STRINGS} -a ${CMD} | ${egrep} "${NAMED_I_L}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -1381,11 +1389,11 @@
+ CMD=`loc netstat netstat $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${NETSTAT_I_L}" \
++ if ${STRINGS} -a ${CMD} | ${egrep} "${NETSTAT_I_L}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -1400,11 +1408,11 @@
+ CMD=`loc ps ps $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${PS_I_L}" >/dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${PS_I_L}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1422,11 +1430,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${PSTREE_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${PSTREE_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1444,11 +1452,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1466,11 +1474,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1488,11 +1496,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1505,8 +1513,8 @@
+
+ if [ "${SYSTEM}" = "Linux" ]
+ then
+- if [ ! -x ./strings-static ]; then
+- printn "can't exec ./strings-static, "
++ if [ ! -x i${STRINGS} ]; then
++ printn "can't exec ${STRINGS}, "
+ return ${NOT_TESTED}
+ fi
+
+@@ -1516,7 +1524,7 @@
+ fi
+
+ ### strings must be a statically linked binary.
+- if ./strings-static -a ${CMD} > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1531,11 +1539,11 @@
+ CMD=`loc basename basename $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1555,11 +1563,11 @@
+ CMD=`loc dirname dirname $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1580,11 +1588,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1596,12 +1604,12 @@
+ CMD=`loc rpcinfo rpcinfo $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1618,19 +1626,19 @@
+ CMD=`loc date date $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+ [ "${SYSTEM}" = "FreeBSD" -a $V -gt 50 ] &&
+ {
+- if [ `${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" | \
++ if [ `${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" | \
+ ${egrep} -c "$S_L"` -ne 2 ]; then
+ STATUS=${INFECTED}
+ fi
+ } ||
+ {
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1647,12 +1655,12 @@
+ CMD=`loc echo echo $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1668,12 +1676,12 @@
+ CMD=`loc env env $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1695,11 +1703,11 @@
+ fi
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1713,11 +1721,11 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1732,11 +1740,11 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${INIT_INFECTED_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${INIT_INFECTED_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1750,11 +1758,11 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1768,11 +1776,11 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1784,12 +1792,12 @@
+ CMD=`loc write write $pth`
+ WRITE_ROOTKIT_LABEL="bash|elite$|vejeta|\.ark"
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${WRITE_ROOTKIT_LABEL}" | grep -v locale > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${WRITE_ROOTKIT_LABEL}" | grep -v locale > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1806,11 +1814,11 @@
+ W_INFECTED_LABEL="uname -a"
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${W_INFECTED_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${W_INFECTED_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1826,11 +1834,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${VDIR_INFECTED_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${VDIR_INFECTED_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1862,7 +1870,7 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+ STATUS=${INFECTED}
+@@ -1879,12 +1887,12 @@
+ MAIL_INFECTED_LABEL="sh -i"
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${MAIL_INFECTED_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${MAIL_INFECTED_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1904,12 +1912,12 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1926,11 +1934,11 @@
+ CMD=`loc egrep egrep $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${EGREP_INFECTED_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${EGREP_INFECTED_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1943,12 +1951,12 @@
+ CMD=`loc grep grep $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ expertmode_output "${ls} -l ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GREP_INFECTED_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${GREP_INFECTED_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1970,11 +1978,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${TOP_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1992,10 +2000,10 @@
+ fi
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${RLOGIN_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${RLOGIN_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -2010,10 +2018,10 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${LSOF_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${LSOF_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -2028,10 +2036,10 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${AMD_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${AMD_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -2046,10 +2054,10 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${SLOGIN_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${SLOGIN_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -2068,10 +2076,10 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${CRON_INFECTED_LABEL}" >/dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${CRON_INFECTED_LABEL}" >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -2083,18 +2091,18 @@
+ CMD="${ROOTDIR}sbin/ifconfig"
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+ IFCONFIG_NOT_INFECTED_LABEL="PROMISC"
+ IFCONFIG_INFECTED_LABEL="/dev/tux|/session.null"
+- if ${strings} -a ${CMD} | ${egrep} "${IFCONFIG_NOT_INFECTED_LABEL}" \
++ if ${STRINGS} -a ${CMD} | ${egrep} "${IFCONFIG_NOT_INFECTED_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${NOT_INFECTED}
+ fi
+- if ${strings} -a ${CMD} | ${egrep} "${IFCONFIG_INFECTED_LABEL}" \
++ if ${STRINGS} -a ${CMD} | ${egrep} "${IFCONFIG_INFECTED_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -2114,12 +2122,12 @@
+ return ${NOT_FOUND}
+ fi
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+ RSHD_INFECTED_LABEL="HISTFILE"
+- if ${strings} -a ${CMD} | ${egrep} "${RSHD_INFECTED_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${RSHD_INFECTED_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ if ${egrep} "^#.*rshd" ${ROOTDIR}etc/inetd.conf >/dev/null 2>&1 -o \
+@@ -2155,11 +2163,11 @@
+ [ "tcpd" = "${CMD}" ] && return ${NOT_FOUND};
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${TCPD_INFECTED_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${TCPD_INFECTED_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -2176,11 +2184,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${SSHD2_INFECTED_LABEL}" \
++ if ${STRINGS} -a ${CMD} | ${egrep} "${SSHD2_INFECTED_LABEL}" \
+ > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -2197,11 +2205,11 @@
+ CMD=`loc su su $pth`
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${SU_INFECTED_LABEL}" > /dev/null 2>&1
++ if ${STRINGS} -a ${CMD} | ${egrep} "${SU_INFECTED_LABEL}" > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -2221,11 +2229,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${FINGER_INFECTED_LABEL}" \
++ if ${STRINGS} -a ${CMD} | ${egrep} "${FINGER_INFECTED_LABEL}" \
+ > /dev/null 2>&1
+ then
+ STATUS=${INFECTED}
+@@ -2273,11 +2281,11 @@
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- expertmode_output "${strings} -a ${CMD}"
++ expertmode_output "${STRINGS} -a ${CMD}"
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${TELNETD_INFECTED_LABEL}" \
++ if ${STRINGS} -a ${CMD} | ${egrep} "${TELNETD_INFECTED_LABEL}" \
+ >/dev/null 2>&1
+ then
+ STATUS=${INFECTED}
diff --git a/app-admin/chkrootkit/files/digest-chkrootkit-0.43-r1 b/app-admin/chkrootkit/files/digest-chkrootkit-0.43-r1
new file mode 100644
index 000000000000..95c0defa2730
--- /dev/null
+++ b/app-admin/chkrootkit/files/digest-chkrootkit-0.43-r1
@@ -0,0 +1 @@
+MD5 08646b9bf3a9dc45c25a40946962a839 chkrootkit-0.43.tar.gz 33355