wok-4.x rev 1343
Add chkrootkit
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Wed Sep 03 16:15:55 2008 +0000 (2008-09-03) |
| parents | c7714dc13119 |
| children | 0800bd0fc7ba |
| files | chkrootkit/receipt chkrootkit/stuff/chkrootkit.u |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/chkrootkit/receipt Wed Sep 03 16:15:55 2008 +0000 1.3 @@ -0,0 +1,32 @@ 1.4 +# SliTaz package receipt. 1.5 + 1.6 +PACKAGE="chkrootkit" 1.7 +VERSION="0.48" 1.8 +CATEGORY="system-tools" 1.9 +SHORT_DESC="Locally checks for signs of a rootkit." 1.10 +MAINTAINER="pascal.bellard@slitaz.org" 1.11 +TARBALL="$PACKAGE.tar.gz" 1.12 +WEB_SITE="http://www.chkrootkit.org/" 1.13 +WGET_URL="ftp://ftp.pangeia.com.br/pub/seg/pac/$TARBALL" 1.14 + 1.15 +# Rules to configure and make the package. 1.16 +compile_rules() 1.17 +{ 1.18 + cd $src 1.19 + patch -p1 < ../stuff/chkrootkit.u 1.20 + make sense 1.21 +} 1.22 + 1.23 +# Rules to gen a SliTaz package suitable for Tazpkg. 1.24 +genpkg_rules() 1.25 +{ 1.26 + mkdir -p $fs/usr/share/chkrootkit 1.27 + for i in $(cd $src ; ls); do 1.28 + case "$i" in 1.29 + README*) cp $src/$i $fs/usr/share/chkrootkit;; 1.30 + Makefile|*.*);; 1.31 + *) cp $src/$i $fs/usr/share/chkrootkit;; 1.32 + esac 1.33 + done 1.34 +} 1.35 +
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/chkrootkit/stuff/chkrootkit.u Wed Sep 03 16:15:55 2008 +0000 2.3 @@ -0,0 +1,52 @@ 2.4 +--- chkrootkit-0.48/chkrootkit 2.5 ++++ chkrootkit-0.48/chkrootkit 2.6 +@@ -562,8 +562,13 @@ 2.7 + if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then 2.8 + expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \ 2.9 + -size 0" 2.10 +- expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \ 2.11 ++ if ls -l ${ROOTDIR}/usr/bin/find | ${egrep} -q 'bin/busybox$'; then 2.12 ++ expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \ 2.13 ++ -type l" 2.14 ++ else 2.15 ++ expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \ 2.16 + \( -links 2 -o -type l \)" 2.17 ++ fi 2.18 + fi 2.19 + 2.20 + return 5 2.21 +@@ -957,7 +962,9 @@ 2.22 + ### Suckit 2.23 + if [ -f ${ROOTDIR}sbin/init ]; then 2.24 + if [ "${QUIET}" != "t" ];then printn "Searching for Suckit rootkit... "; fi 2.25 +- if [ ${SYSTEM} != "HP-UX" ] && ( ${strings} ${ROOTDIR}sbin/init | ${egrep} HOME || \ 2.26 ++ if [ ${SYSTEM} != "HP-UX" ] && \ 2.27 ++ ((! ls -l ${ROOTDIR}sbin/init | ${egrep} -q "bin/busybox$" && \ 2.28 ++ ${strings} ${ROOTDIR}sbin/init | ${egrep} HOME) || \ 2.29 + cat ${ROOTDIR}/proc/1/maps | ${egrep} "init." ) >/dev/null 2>&1 2.30 + then 2.31 + echo "Warning: ${ROOTDIR}sbin/init INFECTED" 2.32 +@@ -1127,7 +1134,12 @@ 2.33 + files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0` 2.34 + [ ! -z "${files}" ] && \ 2.35 + echo "Warning: \`${files}' file size is zero" 2.36 +- files1=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' \( -links 2 -o -type l \)` 2.37 ++ if ls -l ${ROOTDIR}/usr/bin/find | ${egrep} -q 'bin/busybox$'; then 2.38 ++ files1='-type l' 2.39 ++ else 2.40 ++ files1='\( -links 2 -o -type l \)' 2.41 ++ fi 2.42 ++ files1=`eval ${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' $files1` 2.43 + [ ! -z "${files1}" ] && \ 2.44 + echo "Warning: \`${files}' is linked to another file" 2.45 + fi 2.46 +@@ -1537,6 +1549,9 @@ 2.47 + chk_netstat () { 2.48 + STATUS=${NOT_INFECTED} 2.49 + NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero" 2.50 ++ if ls -l /bin/netstat | ${egrep} -q " busybox$"; then 2.51 ++ return ${STATUS} 2.52 ++ fi 2.53 + CMD=`loc netstat netstat $pth` 2.54 + 2.55 + if [ "${EXPERT}" = "t" ]; then