diff options
Diffstat (limited to 'app-forensics/chkrootkit')
5 files changed, 101 insertions, 4 deletions
diff --git a/app-forensics/chkrootkit/ChangeLog b/app-forensics/chkrootkit/ChangeLog index 93fbcdee80fe..3212d896b8f0 100644 --- a/app-forensics/chkrootkit/ChangeLog +++ b/app-forensics/chkrootkit/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for app-forensics/chkrootkit # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-forensics/chkrootkit/ChangeLog,v 1.20 2005/01/01 14:22:35 eradicator Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-forensics/chkrootkit/ChangeLog,v 1.21 2005/01/23 14:37:46 dragonheart Exp $ + +*chkrootkit-0.44-r1 (23 Jan 2005) + + 23 Jan 2005; Daniel Black <dragonheart@gentoo.org> + +files/chkrootkit-0.44-coreutils-static-falsepositive.patch, + +chkrootkit-0.44-r1.ebuild: + Revision bump to solve false detections with static coreutils (du and ls). Bug + #73372 refers. Thanks to the author Nelson Murilo <nelson@pangeia.com.br> for + a very rapid response. 28 Dec 2004; Ciaran McCreesh <ciaranm@gentoo.org> : Change encoding to UTF-8 for GLEP 31 compliance diff --git a/app-forensics/chkrootkit/Manifest b/app-forensics/chkrootkit/Manifest index ff5252a62fd6..55d98e56f2f6 100644 --- a/app-forensics/chkrootkit/Manifest +++ b/app-forensics/chkrootkit/Manifest @@ -1,9 +1,22 @@ -MD5 aa1fec71df83b39454613886f02c8eb2 ChangeLog 8408 +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +MD5 81f57955b535c6550e4d61525b41079e ChangeLog 8777 +MD5 7460fdec86596dcf99c66fbb167712af metadata.xml 256 MD5 af9f831421f3a9ae71e16830253e6269 chkrootkit-0.43-r3.ebuild 935 MD5 ada3a40144dfe72cb9c42b83cb593f8d chkrootkit-0.43-r4.ebuild 1110 -MD5 7460fdec86596dcf99c66fbb167712af metadata.xml 256 +MD5 36a5acc29c7e5e78bc9b28e23ac29dca chkrootkit-0.44-r1.ebuild 1590 MD5 db8a5f22ed8787ae2c777965cd31af0c chkrootkit-0.44.ebuild 1446 -MD5 1f4cc273611ca05137d997b8d4bad9de files/digest-chkrootkit-0.44 140 +MD5 1f4cc273611ca05137d997b8d4bad9de files/digest-chkrootkit-0.44-r1 140 MD5 bb6a980a762d72e1928231eabf4a9304 files/chkrootkit.cron 78 MD5 e4f72853578cf59cb609efc280621591 files/digest-chkrootkit-0.43-r3 142 MD5 e4f72853578cf59cb609efc280621591 files/digest-chkrootkit-0.43-r4 142 +MD5 1f4cc273611ca05137d997b8d4bad9de files/digest-chkrootkit-0.44 140 +MD5 99d10c59971b4836291ff235c6f480a6 files/chkrootkit-0.44-coreutils-static-falsepositive.patch 793 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.0 (GNU/Linux) + +iD8DBQFB87bAmdTrptrqvGERAvWtAJ9fFFXIgyLz90dQ6bmKvcoTuqdGUQCeK/wK +aYzCtS3KRpw3fDfNamLDu8M= +=EcqG +-----END PGP SIGNATURE----- diff --git a/app-forensics/chkrootkit/chkrootkit-0.44-r1.ebuild b/app-forensics/chkrootkit/chkrootkit-0.44-r1.ebuild new file mode 100644 index 000000000000..62cb9a6f5535 --- /dev/null +++ b/app-forensics/chkrootkit/chkrootkit-0.44-r1.ebuild @@ -0,0 +1,53 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-forensics/chkrootkit/chkrootkit-0.44-r1.ebuild,v 1.1 2005/01/23 14:37:46 dragonheart Exp $ + +inherit eutils flag-o-matic toolchain-funcs + +DESCRIPTION="a tool to locally check for signs of a rootkit" +HOMEPAGE="http://www.chkrootkit.org/" +SRC_URI="ftp://ftp.pangeia.com.br/pub/seg/pac/${P}.tar.gz + mirror://gentoo/${P}-gentoo.diff.bz2" + +LICENSE="AMS" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 ppc ~ppc64 s390 sparc x86" +IUSE="" + +DEPEND="virtual/libc" + +src_unpack() { + unpack ${A} + cd ${S} + epatch ${WORKDIR}/${P}-gentoo.diff || die "patch failed" + sed -i 's:${head} -:${head} -n :' chkrootkit || die "sed chkrootkit failed" + sed -i 's:/var/adm:/var/log:g' chklastlog.c || die "sed chklastlog.c failed" + epatch ${FILESDIR}/${P}-coreutils-static-falsepositive.patch || die "patch failed" +} + +src_compile() { + emake \ + CC=$(tc-getCC) \ + CFLAGS="${CFLAGS}" \ + LDFLAGS="${LDFLAGS}" \ + sense || die "emake sense failed" +} + +src_install() { + dosbin chkdirs chklastlog chkproc chkrootkit chkwtmp ifpromisc \ + strings-static || die + dodoc README README.chklastlog README.chkwtmp + + exeinto /etc/cron.weekly + newexe ${FILESDIR}/${PN}.cron ${PN} || die +} + +pkg_postinst() { + echo + einfo "Edit /etc/cron.weekly/chkrootkit to activate chkrootkit!" + einfo + einfo "Some applications, such as portsentry, will cause chkrootkit" + einfo "to produce false positives. Read the chkrootkit FAQ at" + einfo "http://www.chkrootkit.org/ for more information." + echo +} diff --git a/app-forensics/chkrootkit/files/chkrootkit-0.44-coreutils-static-falsepositive.patch b/app-forensics/chkrootkit/files/chkrootkit-0.44-coreutils-static-falsepositive.patch new file mode 100644 index 000000000000..4aa692e775a7 --- /dev/null +++ b/app-forensics/chkrootkit/files/chkrootkit-0.44-coreutils-static-falsepositive.patch @@ -0,0 +1,20 @@ +--- chkrootkit.orig 2005-01-23 23:29:05.017022840 +0930 ++++ chkrootkit 2005-01-23 23:30:07.494524816 +0930 +@@ -1354,7 +1354,7 @@ + + chk_ls () { + STATUS=${NOT_INFECTED} +-LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|/prof|/dev/tux|/security|file\.h" ++LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h" + CMD=`loc ls ls $pth` + + if [ "${EXPERT}" = "t" ]; then +@@ -1371,7 +1371,7 @@ + + chk_du () { + STATUS=${NOT_INFECTED} +- DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|/prof|/dev/tux|file\.h" ++ DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h" + CMD=`loc du du $pth` + + if [ "${EXPERT}" = "t" ]; then diff --git a/app-forensics/chkrootkit/files/digest-chkrootkit-0.44-r1 b/app-forensics/chkrootkit/files/digest-chkrootkit-0.44-r1 new file mode 100644 index 000000000000..c0c0cd666607 --- /dev/null +++ b/app-forensics/chkrootkit/files/digest-chkrootkit-0.44-r1 @@ -0,0 +1,2 @@ +MD5 8f6dbb3204c24e9b71490142cb2953ee chkrootkit-0.44.tar.gz 34163 +MD5 26971ac3a44146d35ed3155e665606e3 chkrootkit-0.44-gentoo.diff.bz2 4049 |