system/chkrootkit: Initial import
This commit is contained in:
Michiel van Wessem
Robby Workman
parent
5c160af0fa
commit
f20809db3f
|
|
@ -0,0 +1,16 @@
|
|||
chkrootkit (Check Rootkit) is a common unix-based program intended to help
|
||||
system administrators check their system for known rootkits. It is a shell
|
||||
script using common UNIX/Linux tools like the strings and grep commands to
|
||||
search core system programs for signatures and for comparing a traversal of the
|
||||
/proc filesystem with the output of the ps (process status) command to look for
|
||||
discrepancies.
|
||||
|
||||
It can be used from a "rescue disc" (typically a LiveCD) or it can optionally
|
||||
use an alternative directory from which to run all of its own commands. These
|
||||
techniques allow chkrootkit to trust the commands upon which it depends a bit
|
||||
more.
|
||||
|
||||
There are inherent limitations to the reliability of any program that attempts
|
||||
to detect compromises (such as rootkits and computer viruses). Newer rootkits
|
||||
may specifically attempt to detect and compromise copies of the chkrootkit
|
||||
programs or take other measures to evade detection by them.
|
||||
|
|
@ -0,0 +1,88 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Slackware build script for chkrootkit
|
||||
|
||||
# Copyright 2007 Michiel van Wessem (http://michielvwessem.wordpress.com)
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use of this script, with or without modification, is
|
||||
# permitted provided that the following conditions are met:
|
||||
#
|
||||
# 1. Redistributions of this script must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
|
||||
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
||||
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
||||
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
# Modified by the SlackBuilds.org project
|
||||
|
||||
set -e
|
||||
|
||||
PRGNAM=chkrootkit
|
||||
VERSION=0.47
|
||||
ARCH=${ARCH:-i486}
|
||||
BUILD=${BUILD:-1}
|
||||
TAG=${TAG:-_SBo}
|
||||
CWD=$(pwd)
|
||||
TMP=${TMP:-/tmp/SBo}
|
||||
PKG=$TMP/package-$PRGNAM
|
||||
OUTPUT=${OUTPUT:-/tmp}
|
||||
|
||||
DOCFILES="ACKNOWLEDGMENTS COPYRIGHT README* chkrootkit.lsm"
|
||||
|
||||
rm -rf $PKG
|
||||
mkdir -p $TMP $PKG $OUTPUT
|
||||
cd $TMP
|
||||
rm -rf $PRGNAM-$VERSION
|
||||
tar -xzvf $CWD/$PRGNAM.tar.gz
|
||||
cd $PRGNAM-$VERSION
|
||||
chown -R root:root .
|
||||
chmod -R u+w,go+r-w,a-s .
|
||||
|
||||
if [ "$ARCH" = "i486" ]; then
|
||||
sed -i 's#-DHAVE_LASTLOG_H#-O2 -march=i486 -mtune=i686#' Makefile
|
||||
elif [ "$ARCH" = "i686" ]; then
|
||||
sed -i 's#-DHAVE_LASTLOG_H#-O2 -march=i686 -mtune=i686#' Makefile
|
||||
fi
|
||||
|
||||
SCFLAGS="$SLKCFLAGS" make
|
||||
# Lets make our own fancy make install
|
||||
DESTDIR=$PKG/usr/lib/chkrootkit/bin
|
||||
mkdir -p $DESTDIR
|
||||
for BINPRG in $(ls -l | grep "rwx\|\-x" | grep -v "\." | awk '{ print $8 }'); do
|
||||
install -m0755 $BINPRG $DESTDIR
|
||||
done
|
||||
|
||||
# Thanks to Erik Jan Tromp (alphageek) for the suggestion on this
|
||||
# Install a wrapper script
|
||||
mkdir -p $PKG/usr/sbin
|
||||
cat << EOF > $PKG/usr/sbin/chkrootkit
|
||||
#!/bin/sh
|
||||
PRGNAM=chkrootkit
|
||||
PRGDIR=/usr/lib/\$PRGNAM/bin
|
||||
cd \$PRGDIR && exec ./$PRGNAM \$*
|
||||
EOF
|
||||
chmod 0755 $PKG/usr/sbin/$PRGNAM
|
||||
|
||||
( cd $PKG
|
||||
find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
|
||||
find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
|
||||
)
|
||||
|
||||
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
|
||||
cp -a $DOCFILES $PKG/usr/doc/$PRGNAM-$VERSION
|
||||
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
|
||||
|
||||
mkdir -p $PKG/install
|
||||
cat $CWD/slack-desc > $PKG/install/slack-desc
|
||||
|
||||
cd $PKG
|
||||
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
PRGNAM="chkrootkit"
|
||||
VERSION="0.47"
|
||||
HOMEPAGE="http://www.chkrootkit.org"
|
||||
DOWNLOAD="ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz"
|
||||
MD5SUM="4c6455d202cef35395a673386e4bf01a"
|
||||
MAINTAINER="Michiel van Wessem"
|
||||
EMAIL="michiel.van.wessem@gmail.com"
|
||||
APPROVED="rworkman"
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
chkrootkit: chkrootkit (Check Rootkit)
|
||||
chkrootkit:
|
||||
chkrootkit: chkrootkit is a common unix-based program intended to help system
|
||||
chkrootkit: administrators check their system for known rootkits. It is a shell
|
||||
chkrootkit: script using common UNIX/Linux tools like the strings and grep
|
||||
chkrootkit: commands to search core system programs for signatures and for
|
||||
chkrootkit: comparing a traversal of the /proc filesystem with the output of
|
||||
chkrootkit: the ps (process status) command to look for discrepancies.
|
||||
chkrootkit:
|
||||
chkrootkit: Homepage: http://www.chkrootkit.org
|
||||
chkrootkit:
|
||||
Loading…
Reference in New Issue