Commit 55d8ba96 authored by Daniele's avatar Daniele

Importing chkrootkit from Arch Linux, as requested here:...

Importing chkrootkit from Arch Linux, as requested here: http://chakra-project.org/bbs/viewtopic.php?pid=43905
parent 2442f127
# Original Arch Linux Maintainer: Eric Bélanger <eric@archlinux.org>
pkgname=chkrootkit
pkgver=0.49
pkgrel=1
pkgdesc="Locally checks for signs of a rootkit."
arch=('i686' 'x86_64')
url="http://www.chkrootkit.org"
depends=('sh' 'net-tools')
license=('BSD')
source=("ftp://ftp.pangeia.com.br/pub/seg/pac/${pkgname}.tar.gz"
'chkrootkit.cron'
'fix-tools-path.patch'
'backslashes.patch'
'kallsyms.patch')
md5sums=('304d840d52840689e0ab0af56d6d3a18'
'f4b6494270f708bf016e087104681739'
'858b9e4fe1c38ca712f24f0ca1535c1e'
'd6e43518968607682a7eed86123891ec'
'a1afdd938b09c11a5200aad0a8abed9d')
sha1sums=('cec1a3c482b95b20d3a946b07fffb23290abc4a6'
'6dda90abf779b6f5c3bacd638e1231f34635575d'
'8d488aa47d7a74755eee94158bbe66c84061592e'
'8a81ed7a109ad087685ad362ffe82e64d6997d83'
'295d729516d31fa7e810bd6e61296e1da827915d')
build() {
cd "${srcdir}/${pkgname}-${pkgver}"
sed -i 's|/var/adm|/var/log|' check_wtmpx.c chklastlog.c chkutmp.c chkwtmp.c
patch -p0 -i "${srcdir}/fix-tools-path.patch"
patch -p1 -i "${srcdir}/backslashes.patch"
patch -p1 -i "${srcdir}/kallsyms.patch"
make
}
package() {
cd "${srcdir}/${pkgname}-${pkgver}"
for i in check_wtmpx chkdirs chklastlog chkproc chkrootkit \
chkutmp chkwtmp ifpromisc strings-static ; do
install -D -m755 "${i}" "${pkgdir}/usr/sbin/${i}"
done
install -D -m744 "${srcdir}/chkrootkit.cron" "${pkgdir}/etc/cron.weekly/chkrootkit"
install -D -m644 COPYRIGHT "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
}
# vim:set ts=2 sw=2 et:
Author: James R. Van Zandt <jrv@debian.org>
Description: Two of the chkrootkit messages have unnecessary backslashes (#498063)
--- a/chkrootkit
+++ b/chkrootkit
@@ -672,7 +672,7 @@ etc/ld.so.hash sbin/init.zk usr/lib/in.h
if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
"$SYSTEM" != "FreeBSD" ]
then
- echo "Possible t0rn v8 \(or variation\) rootkit installed"
+ echo "Possible t0rn v8 (or variation) rootkit installed"
else
if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
fi
@@ -726,7 +726,7 @@ etc/ld.so.hash sbin/init.zk usr/lib/in.h
if [ -d ${ROOTDIR}dev/ptyxx -o -r "${ROOTDIR}usr/lib/.ark?" -o \
-d ${ROOTDIR}usr/doc/"... " ]; then
- echo "Possible Ambient's rootkit \(ark\) installed"
+ echo "Possible Ambient's rootkit (ark) installed"
else
if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
fi
#!/bin/sh
/usr/sbin/chkrootkit -q
--- chkrootkit
+++ chkrootkit
@@ -17,6 +17,8 @@ unalias netstat > /dev/null 2>&1
unalias ps > /dev/null 2>&1
unalias dirname > /dev/null 2>&1
+cd /usr/sbin
+
# Workaround for recent GNU coreutils
_POSIX2_VERSION=199209
export _POSIX2_VERSION
--- a/chkrootkit
+++ b/chkrootkit
@@ -308,7 +316,7 @@ lkm ()
fi
if [ "${EXPERT}" = "t" ]; then
- [ -r /proc/ksyms ] && ${egrep} -i "adore|sebek" < /proc/ksyms 2>/dev/null
+ [ -r /proc/kallsyms ] && ${egrep} -i "adore|sebek" < /proc/kallsyms 2>/dev/null
[ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null
PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
[ "$PV" = "" ] && PV=2
@@ -318,14 +326,14 @@ lkm ()
fi
### adore LKM
- [ -r /proc/ksyms ] && \
- if `${egrep} -i adore < /proc/ksyms >/dev/null 2>&1`; then
+ [ -r /proc/kallsyms ] && \
+ if `${egrep} -i adore < /proc/kallsyms >/dev/null 2>&1`; then
echo "Warning: Adore LKM installed"
fi
### sebek LKM (Adore based)
- [ -r /proc/ksyms ] && \
- if `${egrep} -i sebek < /proc/ksyms >/dev/null 2>&1`; then
+ [ -r /proc/kallsyms ] && \
+ if `${egrep} -i sebek < /proc/kallsyms >/dev/null 2>&1`; then
echo "Warning: Sebek LKM installed"
fi
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment