#!/bin/bash
# /usr/local/bin/ebury_windigo
# https://crystalfaeries.net/posix/bin/ebury_windigo
# celeste:crystalfaery EBURY_WINDIGO 2016-11-15 18:04:50+00:00
# https://askubuntu.com/questions/709545/chkrootkit-says-searching-for-linux-ebury-operation-windigo-ssh-possible-l#714485
echo "$0 checks for 'Possible Linux/Ebury - Operation Windigo installetd' reported by chkrootkit."
echo "Result filesize should be less that 15KB:"
sudo find /lib* -type f -name libkeyutils.so* -exec ls -la {} \;
echo "Result should return null:"
sudo find /lib* -type f -name libns2.so
echo "Result should return null:"
sudo netstat -nap | grep "@/proc/udevd"
syntax highlighted by Code2HTML, v. 0.9.1