Name: chkrootkit
Version: 0.43
Release: 0.fdr.4.rh80
Epoch: 0
Summary: A tool to locally check for signs of a rootkit
Group: Applications/System
License: COPYRIGHTED
URL: http://www.chkrootkit.org
Source0: ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit-0.43.tar.gz
Source1: chkrootkitX
Source2: chkrootkit.png
Source3: chkrootkit.desktop
Source4: chkrootkit.console
Source5: chkrootkit.pam
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: desktop-file-utils
Requires: %{_bindir}/consolehelper
%description
chkrootkit is a tool to locally check for signs of a rootkit. It contains:
* chkrootkit: shell script that checks system binaries for rootkit
modification. The following tests are made:
o aliens asp bindshell lkm rexedcs sniffer wted scalper slapper z2 amd
basename biff chfn chsh cron date du dirname echo egrep env find fingerd
gpm grep hdparm su ifconfig inetd inetdconf init identd killall ldsopreload
login ls lsof mail mingetty netstat named passwd pidof pop2 pop3 ps pstree
rpcinfo rlogind rshd slogin sendmail sshd syslogd tar tcpd tcpdump top
telnetd timed traceroute vdir w write
* ifpromisc.c: checks if the interface is in promiscuous mode.
* chklastlog.c: checks for lastlog deletions.
* chkwtmp.c: checks for wtmp deletions.
* check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
* chkproc.c: checks for signs of LKM trojans.
* chkdirs.c: checks for signs of LKM trojans.
* strings.c: quick and dirty strings replacement.
%prep
%setup -q -n %{name}-%{version}
%build
make sense
%install
rm -rf ${RPM_BUILD_ROOT}
mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
cat << EOF > .tmp.chkrootkit.sbin
#! /bin/sh
cd %{_libdir}/%{name}-%{version}
./chkrootkit
EOF
install -p -D -m0755 .tmp.chkrootkit.sbin ${RPM_BUILD_ROOT}%{_sbindir}/chkrootkit
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
ln -s %{_bindir}/consolehelper ${RPM_BUILD_ROOT}%{_bindir}/chkrootkit
install -p -D -m0755 %{SOURCE1} ${RPM_BUILD_ROOT}%{_bindir}/chkrootkitX
perl -pi -e 's!/usr/bin!%{_bindir}!' ${RPM_BUILD_ROOT}%{_bindir}/chkrootkitX
install -p -D -m0644 %{SOURCE2} ${RPM_BUILD_ROOT}%{_datadir}/pixmaps/chkrootkit.png
install -p -D -m0644 %{SOURCE4} ${RPM_BUILD_ROOT}%{_sysconfdir}/security/console.apps/chkrootkit
perl -pi -e 's!/usr/sbin!%{_sbindir}!' ${RPM_BUILD_ROOT}%{_sysconfdir}/security/console.apps/chkrootkit
install -p -D -m0644 %{SOURCE5} ${RPM_BUILD_ROOT}%{_sysconfdir}/pam.d/chkrootkit
for f in \
check_wtmpx \
chkdirs \
chklastlog \
chkproc \
chkrootkit \
chkwtmp \
ifpromisc \
strings-static \
; do
install -p -D -m0755 $f ${RPM_BUILD_ROOT}%{_libdir}/%{name}-%{version}/${f}
done
ln -s strings-static ${RPM_BUILD_ROOT}%{_libdir}/%{name}-%{version}/strings
desktop-file-install --vendor fedora \
--dir ${RPM_BUILD_ROOT}%{_datadir}/applications \
--add-category X-Fedora \
%{SOURCE3}
%clean
rm -rf ${RPM_BUILD_ROOT}
%files
%defattr(-,root,root,-)
%doc ACKNOWLEDGMENTS COPYRIGHT README README.chklastlog README.chkwtmp chkrootkit.lsm
%{_sbindir}/chkrootkit
%{_bindir}/chkrootkit
%{_bindir}/chkrootkitX
%{_sysconfdir}/pam.d/chkrootkit
%{_sysconfdir}/security/console.apps/chkrootkit
%{_libdir}/%{name}-%{version}
%{_datadir}/applications/fedora-chkrootkit.desktop
%{_datadir}/pixmaps/chkrootkit.png
%changelog
* Sat Mar 13 2004 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.43-0.fdr.4
- rh80 doesn't have sed -i, use perl instead (#1326).
- Obsolete chkrootkit-strings patch due to soft-link since 0.43-0.fdr.1.
* Fri Feb 27 2004 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.43-0.fdr.3
- Make in %%build section (#1326).
* Fri Feb 27 2004 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.43-0.fdr.2
- Substitute a few hardcoded paths (#1326).
* Thu Feb 26 2004 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.43-0.fdr.1
- Update to 0.43.
- Add dependency on consolehelper binary.
- Drop patched chkrootkit script due to change in 0.42-0.fdr.3.b.
- Make available "strings-static" as "strings", too.
* Wed Dec 10 2003 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:0.42-0.fdr.3.b
- Make /usr/bin/chkrootkit enter chkrootkit home directory.
This puts its own helper tools into its search path.
* Thu Dec 04 2003 Phillip Compton <pcompton[AT]proteinmedia.com> - 0:0.42-0.fdr.2.b
- Move binaries out of %%{_datadir}.
* Sun Sep 21 2003 Phillip Compton <pcompton[AT]proteinmedia.com> - 0:0.42-0.fdr.1.b
- Updated to 0.42b.
* Mon Sep 15 2003 Phillip Compton <pcompton[AT]proteinmedia.com> - 0:0.42-0.fdr.1
- Updated to 0.42.
- Moved pam and console entries into seperate files.
- Install into %%{_datadir} not %%{_libdir}.
* Fri Jun 27 2003 Phillip Compton <pcompton[AT]proteinmedia.com> - 0:0.41-0.fdr.3
- Moved chkrootkit.lsm into docs.
- Explicitly set file permissions for icon and desktop entry on install.
- No longer include backup of original chkrootkit script.
* Fri Jun 27 2003 Phillip Compton <pcompton[AT]proteinmedia.com> - 0:0.41-0.fdr.2
- Removed unnecessary files.
* Sat Jun 21 2003 Phillip Compton <pcompton[AT]proteinmedia.com> - 0:0.41-0.fdr.1
- Updated to 0.41.
* Fri Apr 04 2003 Phillip Compton <pcompton[AT]proteinmedia.com> - 0:0.40-0.fdr.3
- Modified the chkrootkit scrip to execute the other sub programs correctly when called from the menu entry.
* Fri Apr 04 2003 Phillip Compton <pcompton[AT]proteinmedia.com> - 0:0.40-0.fdr.2
- Removed hardcoded path.
* Thu Apr 03 2003 Phillip Compton <pcompton[AT]proteinmedia.com> - 0:0.40-0.fdr.1
- Updated to 0.40
* Tue Apr 01 2003 Phillip Compton <pcompton[AT]proteinmedia.com> - 0:0.39a-0.fdr.4
- Added Epoch:0.
- Added desktop-file-utils to BuildRequires.
- Changed category to X-Fedora-Extra.
- Moved desktop entry into seperate file.
* Wed Mar 26 2003 Phillip Compton <pcompton[AT]proteinmedia.com> - 0.39a-0.fdr.3
- Added Icon.
- Added desktop entry.
- Added pam entry.
* Sat Mar 22 2003 Phillip Compton <pcompton[AT]proteinmedia.com> - 0.39a-0.fdr.2
- Spec Cleanup.
* Sat Mar 08 2003 Phillip Compton <pcompton[AT]proteinmedia.com> - 0.39a-0.fdr.1
- Initial RPM release.