From 5355ea91d27c3345814bcdc4eddb8f1a60ab4279 Mon Sep 17 00:00:00 2001
From: Eugeni Dodonov <eugeni@mandriva.org>
Date: Thu, 28 Jan 2010 15:01:26 +0000
Subject: - check if chkrootkit was removed and send a warning otherwise, and
 also check if chkrootkit was installed before sending diff, fixing #51309

---
 cron-sh/scripts/04_rootkit.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/cron-sh/scripts/04_rootkit.sh b/cron-sh/scripts/04_rootkit.sh
index c1c8503..8060343 100755
--- a/cron-sh/scripts/04_rootkit.sh
+++ b/cron-sh/scripts/04_rootkit.sh
@@ -15,6 +15,9 @@ CHKROOTKIT_DIFF="/var/log/security/chkrootkit.diff"
 
 if [[ -f ${CHKROOTKIT_TODAY} ]]; then
     mv ${CHKROOTKIT_TODAY} ${CHKROOTKIT_YESTERDAY};
+    if [ ! -x /usr/sbin/chkrootkit ]; then
+        printf "\nSecurity Warning: chkrootkit is enabled but was uninstalled\n" >> ${CHKROOTKIT_DIFF}
+    fi    
 fi
 
 ### chkrootkit checks
@@ -41,6 +44,7 @@ fi
 
 ### Changed chkrootkit
 if [[ ${CHECK_CHKROOTKIT} == yes ]]; then
-    Diffcheck ${CHKROOTKIT_TODAY} ${CHKROOTKIT_YESTERDAY} ${CHKROOTKIT_DIFF} "chkrootkit results"
+    if [ -x /usr/sbin/chkrootkit ]; then
+        Diffcheck ${CHKROOTKIT_TODAY} ${CHKROOTKIT_YESTERDAY} ${CHKROOTKIT_DIFF} "chkrootkit results"
+    fi
 fi
-
-- 
cgit v1.2.1