#!/bin/sh
touch="touch"
mkdir="mkdir"
rmdir="echo"
if test "$1" = "--uninstall"; then
    touch="rm -f"
    mkdir="echo"
    rmdir="rmdir"
fi
# https://alias454.com/osquery/
sudo $touch /usr/include/icekey.h /usr/include/iceconf.h /usr/include/iceseed.h #madalin_rootkit
sudo $touch /dev/.kork /bin/.login /bin/.ps # ldp_worm
sudo $touch /dev/cuc #sadmind-iis_worm
sudo $touch /dev/ptyxx # ark_rootkit
sudo $touch '/tmp/.uua' '/tmp/.a'
sudo $touch '/lib/.ligh.gh' '/lib/.libgh.gh' '/lib/.libgh-gh' '/dev/tux' '/dev/tux/.proc' '/dev/tux/.file' # ajakit_rootkit
sudo $touch /usr/lib/tcl5.3 # esrk_rootkit
sudo $touch /var/lib/games/.k
sudo $mkdir /tmp/...
sudo $touch '/tmp/.../a', '/tmp/.../r # 55808.a_worm
sudo $rmdir /tmp/...
sudo $mkdir  '/usr/include/.../' '/usr/lib/.../' '/usr/sbin/.../' # bobkit_rootkit
sudo $touch '/usr/bin/ntpsx' '/tmp/.bkp' '/usr/lib/.bkit- # bobkit_rootkit
sudo $rmdir '/usr/include/.../' '/usr/lib/.../' '/usr/sbin/.../' # bobkit_rootkit
sudo $touch '/usr/bin/xchk' '/usr/bin/xsf' '/usr/bin/xchk' # optickit
sudo $touch /usr/lib/locale/uboot # mithras_rootkit