diff --git a/system/chkrootkit/README b/system/chkrootkit/README new file mode 100644 index 0000000000..31c9fa8506 --- /dev/null +++ b/system/chkrootkit/README @@ -0,0 +1,16 @@ +chkrootkit (Check Rootkit) is a common unix-based program intended to help +system administrators check their system for known rootkits. It is a shell +script using common UNIX/Linux tools like the strings and grep commands to +search core system programs for signatures and for comparing a traversal of the +/proc filesystem with the output of the ps (process status) command to look for +discrepancies. + +It can be used from a "rescue disc" (typically a LiveCD) or it can optionally +use an alternative directory from which to run all of its own commands. These +techniques allow chkrootkit to trust the commands upon which it depends a bit +more. + +There are inherent limitations to the reliability of any program that attempts +to detect compromises (such as rootkits and computer viruses). Newer rootkits +may specifically attempt to detect and compromise copies of the chkrootkit +programs or take other measures to evade detection by them. diff --git a/system/chkrootkit/chkrootkit.SlackBuild b/system/chkrootkit/chkrootkit.SlackBuild new file mode 100644 index 0000000000..df19761dde --- /dev/null +++ b/system/chkrootkit/chkrootkit.SlackBuild @@ -0,0 +1,88 @@ +#!/bin/sh + +# Slackware build script for chkrootkit + +# Copyright 2007 Michiel van Wessem (http://michielvwessem.wordpress.com) +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# Modified by the SlackBuilds.org project + +set -e + +PRGNAM=chkrootkit +VERSION=0.47 +ARCH=${ARCH:-i486} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +DOCFILES="ACKNOWLEDGMENTS COPYRIGHT README* chkrootkit.lsm" + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar -xzvf $CWD/$PRGNAM.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +chmod -R u+w,go+r-w,a-s . + +if [ "$ARCH" = "i486" ]; then + sed -i 's#-DHAVE_LASTLOG_H#-O2 -march=i486 -mtune=i686#' Makefile +elif [ "$ARCH" = "i686" ]; then + sed -i 's#-DHAVE_LASTLOG_H#-O2 -march=i686 -mtune=i686#' Makefile +fi + +SCFLAGS="$SLKCFLAGS" make +# Lets make our own fancy make install +DESTDIR=$PKG/usr/lib/chkrootkit/bin +mkdir -p $DESTDIR +for BINPRG in $(ls -l | grep "rwx\|\-x" | grep -v "\." | awk '{ print $8 }'); do + install -m0755 $BINPRG $DESTDIR +done + +# Thanks to Erik Jan Tromp (alphageek) for the suggestion on this +# Install a wrapper script +mkdir -p $PKG/usr/sbin +cat << EOF > $PKG/usr/sbin/chkrootkit +#!/bin/sh +PRGNAM=chkrootkit +PRGDIR=/usr/lib/\$PRGNAM/bin +cd \$PRGDIR && exec ./$PRGNAM \$* +EOF +chmod 0755 $PKG/usr/sbin/$PRGNAM + +( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null +) + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a $DOCFILES $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz diff --git a/system/chkrootkit/chkrootkit.info b/system/chkrootkit/chkrootkit.info new file mode 100644 index 0000000000..3022468223 --- /dev/null +++ b/system/chkrootkit/chkrootkit.info @@ -0,0 +1,8 @@ +PRGNAM="chkrootkit" +VERSION="0.47" +HOMEPAGE="http://www.chkrootkit.org" +DOWNLOAD="ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz" +MD5SUM="4c6455d202cef35395a673386e4bf01a" +MAINTAINER="Michiel van Wessem" +EMAIL="michiel.van.wessem@gmail.com" +APPROVED="rworkman" diff --git a/system/chkrootkit/slack-desc b/system/chkrootkit/slack-desc new file mode 100644 index 0000000000..a697ea4f9a --- /dev/null +++ b/system/chkrootkit/slack-desc @@ -0,0 +1,11 @@ +chkrootkit: chkrootkit (Check Rootkit) +chkrootkit: +chkrootkit: chkrootkit is a common unix-based program intended to help system +chkrootkit: administrators check their system for known rootkits. It is a shell +chkrootkit: script using common UNIX/Linux tools like the strings and grep +chkrootkit: commands to search core system programs for signatures and for +chkrootkit: comparing a traversal of the /proc filesystem with the output of +chkrootkit: the ps (process status) command to look for discrepancies. +chkrootkit: +chkrootkit: Homepage: http://www.chkrootkit.org +chkrootkit: