[arch-commits] Commit in chkrootkit/trunk (5 files)
Eric Bélanger
eric at archlinux.org
Fri Sep 23 03:31:22 UTC 2011
Date: Thursday, September 22, 2011 @ 23:31:21
Author: eric
Revision: 138433
upgpkg: chkrootkit 0.49-3
Move binaries from /usr/bin to /usr/sbin, Remove unneeded chkrootkit.orig (FS#26093), Add weekly cron job, Added patches for output and to work with recent kernels
Added:
chkrootkit/trunk/backslashes.patch
chkrootkit/trunk/chkrootkit.cron
chkrootkit/trunk/kallsyms.patch
Modified:
chkrootkit/trunk/PKGBUILD
chkrootkit/trunk/fix-tools-path.patch
----------------------+
PKGBUILD | 23 ++++--
backslashes.patch | 22 ++++++
chkrootkit.cron | 2
fix-tools-path.patch | 170 ++-----------------------------------------------
kallsyms.patch | 30 ++++++++
5 files changed, 81 insertions(+), 166 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2011-09-22 23:55:35 UTC (rev 138432)
+++ PKGBUILD 2011-09-23 03:31:21 UTC (rev 138433)
@@ -3,29 +3,40 @@
pkgname=chkrootkit
pkgver=0.49
-pkgrel=2
+pkgrel=3
pkgdesc="Locally checks for signs of a rootkit"
arch=('i686' 'x86_64')
url="http://www.chkrootkit.org"
depends=('sh' 'net-tools')
license=('BSD')
-source=(ftp://ftp.pangeia.com.br/pub/seg/pac/${pkgname}.tar.gz fix-tools-path.patch)
+source=(ftp://ftp.pangeia.com.br/pub/seg/pac/${pkgname}.tar.gz chkrootkit.cron \
+ fix-tools-path.patch backslashes.patch kallsyms.patch)
md5sums=('304d840d52840689e0ab0af56d6d3a18'
- '6a2f3038114b8b14e1ad74e30fe44eee')
+ 'f4b6494270f708bf016e087104681739'
+ '3e5f2d5e2f4fa7a0d780baec9039c07f'
+ '758f892dcf73e8a2a4694662fba366d4'
+ 'd087f3aad8a9e97fea496ef83e4f1d48')
sha1sums=('cec1a3c482b95b20d3a946b07fffb23290abc4a6'
- 'f192cda177ec1920ce3313ed983ac44ee571ca6c')
+ '6dda90abf779b6f5c3bacd638e1231f34635575d'
+ '7fcad8117a064f0a6910134e8bb3a55de110650f'
+ 'e22546f445c145cf05dbc1a10f7b196fcd1c8202'
+ 'dc5b402ee69a7a5ae622ecfd733682516df54e88')
build() {
cd "${srcdir}/${pkgname}-${pkgver}"
+ sed -i 's|/var/adm|/var/log|' check_wtmpx.c chklastlog.c chkutmp.c chkwtmp.c
patch -p0 -i "${srcdir}/fix-tools-path.patch"
+ patch -p1 -i "${srcdir}/backslashes.patch"
+ patch -p1 -i "${srcdir}/kallsyms.patch"
make
}
package() {
cd "${srcdir}/${pkgname}-${pkgver}"
- for i in check_wtmpx chkdirs chklastlog chkproc chkrootkit chkrootkit.orig \
+ for i in check_wtmpx chkdirs chklastlog chkproc chkrootkit \
chkutmp chkwtmp ifpromisc strings-static ; do
- install -D -m755 $i "${pkgdir}/usr/bin/$i"
+ install -D -m755 $i "${pkgdir}/usr/sbin/$i"
done
+ install -D -m744 "${srcdir}/chkrootkit.cron" "${pkgdir}/etc/cron.weekly/chkrootkit"
install -D -m644 COPYRIGHT "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
}
Added: backslashes.patch
===================================================================
--- backslashes.patch (rev 0)
+++ backslashes.patch 2011-09-23 03:31:21 UTC (rev 138433)
@@ -0,0 +1,22 @@
+Author: James R. Van Zandt <jrv at debian.org>
+Description: Two of the chkrootkit messages have unnecessary backslashes (#498063)
+--- a/chkrootkit
++++ b/chkrootkit
+@@ -672,7 +672,7 @@ etc/ld.so.hash sbin/init.zk usr/lib/in.h
+ if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
+ "$SYSTEM" != "FreeBSD" ]
+ then
+- echo "Possible t0rn v8 \(or variation\) rootkit installed"
++ echo "Possible t0rn v8 (or variation) rootkit installed"
+ else
+ if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
+ fi
+@@ -726,7 +726,7 @@ etc/ld.so.hash sbin/init.zk usr/lib/in.h
+
+ if [ -d ${ROOTDIR}dev/ptyxx -o -r "${ROOTDIR}usr/lib/.ark?" -o \
+ -d ${ROOTDIR}usr/doc/"... " ]; then
+- echo "Possible Ambient's rootkit \(ark\) installed"
++ echo "Possible Ambient's rootkit (ark) installed"
+ else
+ if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
+ fi
Added: chkrootkit.cron
===================================================================
--- chkrootkit.cron (rev 0)
+++ chkrootkit.cron 2011-09-23 03:31:21 UTC (rev 138433)
@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/sbin/chkrootkit -q
Modified: fix-tools-path.patch
===================================================================
--- fix-tools-path.patch 2011-09-22 23:55:35 UTC (rev 138432)
+++ fix-tools-path.patch 2011-09-23 03:31:21 UTC (rev 138433)
@@ -1,161 +1,11 @@
---- chkrootkit 2008-01-19 11:01:15.000000000 +0100
-+++ chkrootkit 2008-11-01 13:11:14.000000000 +0100
-@@ -158,23 +158,23 @@
- fi
+--- chkrootkit
++++ chkrootkit
+@@ -17,6 +17,8 @@ unalias netstat > /dev/null 2>&1
+ unalias ps > /dev/null 2>&1
+ unalias dirname > /dev/null 2>&1
- if [ "${EXPERT}" = "t" ]; then
-- expertmode_output "./ifpromisc" -v
-+ expertmode_output "/usr/bin/ifpromisc" -v
- return 5
- fi
-- if [ ! -x ./ifpromisc ]; then
-- echo "not tested: can't exec ./ifpromisc"
-+ if [ ! -x /usr/bin/ifpromisc ]; then
-+ echo "not tested: can't exec /usr/bin/ifpromisc"
- return ${NOT_TESTED}
- else
-- [ "${QUIET}" != "t" ] && ./ifpromisc -v || ./ifpromisc -q
-+ [ "${QUIET}" != "t" ] && /usr/bin/ifpromisc -v || /usr/bin/ifpromisc -q
- fi
- }
-
- chkutmp() {
-- if [ ! -x ./chkutmp ]; then
-- echo "not tested: can't exec ./chkutmp"
-+ if [ ! -x /usr/bin/chkutmp ]; then
-+ echo "not tested: can't exec /usr/bin/chkutmp"
- return ${NOT_TESTED}
- fi
-- if ./chkutmp
-+ if /usr/bin/chkutmp
- then
- if [ "${QUIET}" != "t" ]; then echo "chkutmp: nothing deleted"; fi
- fi
-@@ -182,8 +182,8 @@
- }
-
- z2 () {
-- if [ ! -x ./chklastlog ]; then
-- echo "not tested: can't exec ./chklastlog"
-+ if [ ! -x /usr/bin/chklastlog ]; then
-+ echo "not tested: can't exec /usr/bin/chklastlog"
- return ${NOT_TESTED}
- fi
-
-@@ -196,32 +196,32 @@
- fi
-
- if [ "${EXPERT}" = "t" ]; then
-- expertmode_output "./chklastlog -f ${WTMP} -l ${LASTLOG}"
-+ expertmode_output "/usr/bin/chklastlog -f ${WTMP} -l ${LASTLOG}"
- return 5
- fi
-
-- if ./chklastlog -f ${WTMP} -l ${LASTLOG}
-+ if /usr/bin/chklastlog -f ${WTMP} -l ${LASTLOG}
- then
- if [ "${QUIET}" != "t" ]; then echo "chklastlog: nothing deleted"; fi
- fi
- }
-
- wted () {
-- if [ ! -x ./chkwtmp ]; then
-- echo "not tested: can't exec ./chkwtmp"
-+ if [ ! -x /usr/bin/chkwtmp ]; then
-+ echo "not tested: can't exec /usr/bin/chkwtmp"
- return ${NOT_TESTED}
- fi
-
- if [ "$SYSTEM" = "SunOS" ]; then
-- if [ ! -x ./check_wtmpx ]; then
-- echo "not tested: can't exec ./check_wtmpx"
-+ if [ ! -x /usr/bin/check_wtmpx ]; then
-+ echo "not tested: can't exec /usr/bin/check_wtmpx"
- else
- if [ "${EXPERT}" = "t" ]; then
-- expertmode_output "./check_wtmpx"
-+ expertmode_output "/usr/bin/check_wtmpx"
- return 5
- fi
- if [ -f ${ROOTDIR}var/adm/wtmp ]; then
-- if ./check_wtmpx
-+ if /usr/bin/check_wtmpx
- then
- if [ "${QUIET}" != "t" ]; then \
- echo "check_wtmpx: nothing deleted in /var/adm/wtmpx"; fi
-@@ -232,12 +232,12 @@
- WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
-
- if [ "${EXPERT}" = "t" ]; then
-- expertmode_output "./chkwtmp -f ${WTMP}"
-+ expertmode_output "/usr/bin/chkwtmp -f ${WTMP}"
- return 5
- fi
- fi
-
-- if ./chkwtmp -f ${WTMP}
-+ if /usr/bin/chkwtmp -f ${WTMP}
- then
- if [ "${QUIET}" != "t" ]; then echo "chkwtmp: nothing deleted"; fi
- fi
-@@ -275,8 +275,8 @@
- prog=""
- if [ \( "${SYSTEM}" = "Linux" -o \( "${SYSTEM}" = "FreeBSD" -a \
- `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
-- [ -x ./chkproc -a "`find /proc | wc -l`" -gt 1 ] && prog="./chkproc"
-- [ -x ./chkdirs ] && prog="$prog ./chkdirs"
-+ [ -x /usr/bin/chkproc -a "`find /proc | wc -l`" -gt 1 ] && prog="/usr/bin/chkproc"
-+ [ -x /usr/bin/chkdirs ] && prog="$prog /usr/bin/chkdirs"
- if [ "$prog" = "" ]; then
- echo "not tested: can't exec $prog"
- return ${NOT_TESTED}
-@@ -288,7 +288,7 @@
- PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
- [ "$PV" = "" ] && PV=2
- [ "${SYSTEM}" = "SunOS" ] && PV=0
-- expertmode_output "./chkproc -v -v -p $PV"
-+ expertmode_output "/usr/bin/chkproc -v -v -p $PV"
- return 5
- fi
-
-@@ -315,7 +315,7 @@
- if [ "${DEBUG}" = "t" ]; then
- ${echo} "*** PV=$PV ***"
- fi
-- if ./chkproc -p ${PV}; then
-+ if /usr/bin/chkproc -p ${PV}; then
- if [ "${QUIET}" != "t" ]; then echo "chkproc: nothing detected"; fi
- else
- echo "chkproc: Warning: Possible LKM Trojan installed"
-@@ -324,7 +324,7 @@
- for i in /usr/share /usr/bin /usr/sbin /lib; do
- [ -d $i ] && dirs="$dirs $i"
- done
-- if ./chkdirs $dirs; then
-+ if /usr/bin/chkdirs $dirs; then
- if [ "${QUIET}" != "t" ]; then echo "chkdirs: nothing detected"; fi
- else
- echo "chkdirs: Warning: Possible LKM Trojan installed"
-@@ -1690,18 +1690,18 @@
-
- if [ "${SYSTEM}" = "Linux" ]
- then
-- if [ ! -x ./strings-static ]; then
-- printn "can't exec ./strings-static, "
-+ if [ ! -x /usr/bin/strings-static ]; then
-+ printn "can't exec /usr/bin/strings-static, "
- return ${NOT_TESTED}
- fi
-
- if [ "${EXPERT}" = "t" ]; then
-- expertmode_output "./strings-static -a ${CMD}"
-+ expertmode_output "/usr/bin/strings-static -a ${CMD}"
- return 5
- fi
-
- ### strings must be a statically linked binary.
-- if ./strings-static -a ${CMD} > /dev/null 2>&1
-+ if /usr/bin/strings-static -a ${CMD} > /dev/null 2>&1
- then
- STATUS=${INFECTED}
- fi
++cd /usr/sbin
++
+ # Workaround for recent GNU coreutils
+ _POSIX2_VERSION=199209
+ export _POSIX2_VERSION
Added: kallsyms.patch
===================================================================
--- kallsyms.patch (rev 0)
+++ kallsyms.patch 2011-09-23 03:31:21 UTC (rev 138433)
@@ -0,0 +1,30 @@
+--- a/chkrootkit
++++ b/chkrootkit
+@@ -308,7 +316,7 @@ lkm ()
+ fi
+
+ if [ "${EXPERT}" = "t" ]; then
+- [ -r /proc/ksyms ] && ${egrep} -i "adore|sebek" < /proc/ksyms 2>/dev/null
++ [ -r /proc/kallsyms ] && ${egrep} -i "adore|sebek" < /proc/kallsyms 2>/dev/null
+ [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
+ PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
+ [ "$PV" = "" ] && PV=2
+@@ -318,14 +326,14 @@ lkm ()
+ fi
+
+ ### adore LKM
+- [ -r /proc/ksyms ] && \
+- if `${egrep} -i adore < /proc/ksyms >/dev/null 2>&1`; then
++ [ -r /proc/kallsyms ] && \
++ if `${egrep} -i adore < /proc/kallsyms >/dev/null 2>&1`; then
+ echo "Warning: Adore LKM installed"
+ fi
+
+ ### sebek LKM (Adore based)
+- [ -r /proc/ksyms ] && \
+- if `${egrep} -i sebek < /proc/ksyms >/dev/null 2>&1`; then
++ [ -r /proc/kallsyms ] && \
++ if `${egrep} -i sebek < /proc/kallsyms >/dev/null 2>&1`; then
+ echo "Warning: Sebek LKM installed"
+ fi
+
More information about the arch-commits
mailing list