#!/bin/sh
set -ue

# note that all variables can be changed by editing $CONFIG
CONFIG=/etc/chkrootkit/chkrootkit.conf

CHKROOTKIT=/usr/sbin/chkrootkit

LOG_DIR=/var/log/chkrootkit

OUTPUT="$LOG_DIR/log.today"
RAW_OUTPUT="$OUTPUT.raw"
EXPECTED_OUTPUT="$LOG_DIR/log.expected"

# If you do not want to use ionice, set IONICE="" in $CONFIG
if [ -x /usr/bin/ionice ] && /usr/bin/ionice -c3 true 2>/dev/null; then
		IONICE="/usr/bin/ionice -c3"
else
		IONICE=""
fi

RUN_DAILY=false # $CONFIG should set this to 'true'
DIFF_MODE=false
RUN_DAILY_OPTS=""

## lines matching patterns in here are omitted entirely from the output, if the file exists.
IGNORE_FILE="/etc/chkrootkit/chkrootkit.ignore"

## The output (after any IGNORE_FILE) is passed through $FILTER)
FILTER="sed -re 's![[:alnum:]]+: PACKET SNIFFER\(((/lib/systemd/systemd-networkd|(/usr)?/sbin/(dhclient|dhcpc?d[0-9]*|wpa_supplicant|NetworkManager))\[[0-9]+\](, )?)+\)!<interface>: PACKET SNIFFER\([systemd-networkd|dhclient|dhcpd|dhcpcd|wpa_supplicant|NetworkManager]{PID}\)!' -e 's/(! [[:alnum:]+-]+)\s+[0-9]+/\1 {PID}/'"

if [ ! -x "$CHKROOTKIT" ]; then
	exit 0
fi

if [ -r "$CONFIG" ]; then
	. "$CONFIG"
fi

# support upgrades from bullseye where $OLD_CONFIG was used
OLD_CONFIG=/etc/chkrootkit.conf
if [ -r "$OLD_CONFIG" ]; then
		echo "WARNING: $OLD_CONFIG is deprecated. Please put your settings in $CONFIG instead: $OLD_CONFIG will be ignored in a future release and should be deleted."
		. $OLD_CONFIG
fi

if [ "$RUN_DAILY" = "false" ]; then
		exit 0
fi

if [ ! -r "$IGNORE_FILE" ]; then
	IGNORE_FILE=/dev/null
fi

if [ -z "$FILTER" ]; then
		# explicitly disabled
		FILTER=cat
elif ! echo "test" | eval "$FILTER" >/dev/null 2>&1; then
		echo "Ignoring invalid \$FILTER='$FILTER'"
		FILTER=cat
fi

# Run, filter, and save output
eval "$IONICE" "$CHKROOTKIT" "$RUN_DAILY_OPTS" 2>&1 \
		| tee "$RAW_OUTPUT" 2>&1 \
		| eval "$FILTER" \
		| egrep -v -f "$IGNORE_FILE" 2>&1 \
		> "$OUTPUT" 2>&1 || true

# show results
if [ "$DIFF_MODE" = "false" ]; then
		cat "$OUTPUT" 2>&1 || true
elif [ ! -f "$EXPECTED_OUTPUT" ]; then
		echo "No file $LOG_DIR/log.expected"
		echo "This file should contain expected output from chkrootkit"
		echo
		echo "Today's run produced the following output:"
		echo "--- [ BEGIN: cat $OUTPUT ] ---"
		cat "$LOG_DIR/log.today" 2>&1 || true
		echo "--- [ END: cat $OUTPUT ] ---"
		echo
		echo "To create this file containing all output from today's run, do (as root)"
		echo "# cp -a $OUTPUT $EXPECTED_OUTPUT"
		echo "# (note that unedited output is in $RAW_OUTPUT)"
elif ! diff -q "$EXPECTED_OUTPUT" "$OUTPUT" > /dev/null 2>&1; then
		echo "chkrootkit output was not as expected."
		echo
		echo "The difference is:"
		echo "--- [ BEGIN: diff -u $EXPECTED_OUTPUT $OUTPUT ] ---"
		diff -u "$EXPECTED_OUTPUT" "$OUTPUT" 2>&1 || true
		echo "--- [ END: diff -u $EXPECTED_OUTPUT $OUTPUT ] ---"
		echo
		echo "To update the expected output, run (as root)"
		echo "#  cp -a -f $OUTPUT $EXPECTED_OUTPUT"
		echo "# (note that unedited output is in $RAW_OUTPUT)"
fi
