# HG changeset patch # User Pascal Bellard # Date 1220458555 0 # Node ID 7399e315d04a77cb9b3f8b3a6eae3b7d3640d957 # Parent c7714dc13119304be619a87a7284eecb08ee4071 Add chkrootkit diff -r c7714dc13119 -r 7399e315d04a chkrootkit/receipt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/chkrootkit/receipt Wed Sep 03 16:15:55 2008 +0000 @@ -0,0 +1,32 @@ +# SliTaz package receipt. + +PACKAGE="chkrootkit" +VERSION="0.48" +CATEGORY="system-tools" +SHORT_DESC="Locally checks for signs of a rootkit." +MAINTAINER="pascal.bellard@slitaz.org" +TARBALL="$PACKAGE.tar.gz" +WEB_SITE="http://www.chkrootkit.org/" +WGET_URL="ftp://ftp.pangeia.com.br/pub/seg/pac/$TARBALL" + +# Rules to configure and make the package. +compile_rules() +{ + cd $src + patch -p1 < ../stuff/chkrootkit.u + make sense +} + +# Rules to gen a SliTaz package suitable for Tazpkg. +genpkg_rules() +{ + mkdir -p $fs/usr/share/chkrootkit + for i in $(cd $src ; ls); do + case "$i" in + README*) cp $src/$i $fs/usr/share/chkrootkit;; + Makefile|*.*);; + *) cp $src/$i $fs/usr/share/chkrootkit;; + esac + done +} + diff -r c7714dc13119 -r 7399e315d04a chkrootkit/stuff/chkrootkit.u --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/chkrootkit/stuff/chkrootkit.u Wed Sep 03 16:15:55 2008 +0000 @@ -0,0 +1,52 @@ +--- chkrootkit-0.48/chkrootkit ++++ chkrootkit-0.48/chkrootkit +@@ -562,8 +562,13 @@ + if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then + expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \ + -size 0" +- expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \ ++ if ls -l ${ROOTDIR}/usr/bin/find | ${egrep} -q 'bin/busybox$'; then ++ expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \ ++ -type l" ++ else ++ expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \ + \( -links 2 -o -type l \)" ++ fi + fi + + return 5 +@@ -957,7 +962,9 @@ + ### Suckit + if [ -f ${ROOTDIR}sbin/init ]; then + if [ "${QUIET}" != "t" ];then printn "Searching for Suckit rootkit... "; fi +- if [ ${SYSTEM} != "HP-UX" ] && ( ${strings} ${ROOTDIR}sbin/init | ${egrep} HOME || \ ++ if [ ${SYSTEM} != "HP-UX" ] && \ ++ ((! ls -l ${ROOTDIR}sbin/init | ${egrep} -q "bin/busybox$" && \ ++ ${strings} ${ROOTDIR}sbin/init | ${egrep} HOME) || \ + cat ${ROOTDIR}/proc/1/maps | ${egrep} "init." ) >/dev/null 2>&1 + then + echo "Warning: ${ROOTDIR}sbin/init INFECTED" +@@ -1127,7 +1134,12 @@ + files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0` + [ ! -z "${files}" ] && \ + echo "Warning: \`${files}' file size is zero" +- files1=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' \( -links 2 -o -type l \)` ++ if ls -l ${ROOTDIR}/usr/bin/find | ${egrep} -q 'bin/busybox$'; then ++ files1='-type l' ++ else ++ files1='\( -links 2 -o -type l \)' ++ fi ++ files1=`eval ${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' $files1` + [ ! -z "${files1}" ] && \ + echo "Warning: \`${files}' is linked to another file" + fi +@@ -1537,6 +1549,9 @@ + chk_netstat () { + STATUS=${NOT_INFECTED} + NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero" ++ if ls -l /bin/netstat | ${egrep} -q " busybox$"; then ++ return ${STATUS} ++ fi + CMD=`loc netstat netstat $pth` + + if [ "${EXPERT}" = "t" ]; then