On Sat, 5 Mar 2005, Don Erickson wrote:
Okay, here's a quick perl script to check some of the system utilites for consistency with the output of the knoppix versions, once you've installed the knoppix cd as described in the earlier email.
----------------------------------------------
#!/usr/bin/perl #Don Erickson 2005 ######################################################################## # # This script will test the output of commonly trojaned programs # # The live Knoppix disc must be cloop mounted at /tmp/knoppix/ ####################################################################### @testthese = ("/bin/ps ax","/bin/df","/bin/netstat","/sbin/ifconfig","/bin/ls -R","/sbin/iptables -L","/usr/bin/du / -x --exclude=tmp");
$i=0; $outfile="/tmp/testresults.txt"; $sysout="/tmp/sysout";$knoppixout="/tmp/knoppixout";
open(OUTFILE,">$outfile") || die "Can't open /tmp/$outfile"; close(OUTFILE,"$outfile"); #|| die "Can't close /tmp/$outfile"; open(OUTFILE,">>$outfile") || die "Can't open /tmp/$outfile";
foreach (@testthese) { print "Testing output of '$testthese[$i]'\n"; print OUTFILE "\n########\nDiff of $testthese[$i] <system >knoppix\n\n";
$thistest=$testthese[$i];
system("$thistest > $sysout") == 0; system("env LD_LIBRARY_PATH=/tmp/knoppix/lib /tmp/knoppix/$thistest > $knoppixout") == 0; system("env LD_LIBRARY_PATH=/tmp/knoppix/lib /tmp/knoppix/usr/bin/diff $sysout $knoppixout >> $outfile") == 0; $i++;
}
print OUTFILE "Tests concluded.\n"; print "Tests concluded.\n"; print "Read the results in $outfile\n";
-------------------------------------------------
All implied warrantees null and void, etc. etc.
Regards,
-Don