system/chkrootkit: Initial import

4 files changed, 123 insertions, 0 deletions

diff --git a/system/chkrootkit/README b/system/chkrootkit/README
new file mode 100644
index 000000000000..31c9fa850626
--- /dev/null
+++ b/system/chkrootkit/README
@@ -0,0 +1,16 @@
+chkrootkit (Check Rootkit) is a common unix-based program intended to help 
+system administrators check their system for known rootkits. It is a shell 
+script using common UNIX/Linux tools like the strings and grep commands to 
+search core system programs for signatures and for comparing a traversal of the 
+/proc filesystem with the output of the ps (process status) command to look for 
+discrepancies.
+
+It can be used from a "rescue disc" (typically a LiveCD) or it can optionally 
+use an alternative directory from which to run all of its own commands. These 
+techniques allow chkrootkit to trust the commands upon which it depends a bit 
+more.
+
+There are inherent limitations to the reliability of any program that attempts 
+to detect compromises (such as rootkits and computer viruses). Newer rootkits 
+may specifically attempt to detect and compromise copies of the chkrootkit 
+programs or take other measures to evade detection by them.
diff --git a/system/chkrootkit/chkrootkit.SlackBuild b/system/chkrootkit/chkrootkit.SlackBuild
new file mode 100644
index 000000000000..df19761ddedd
--- /dev/null
+++ b/system/chkrootkit/chkrootkit.SlackBuild
@@ -0,0 +1,88 @@
+#!/bin/sh
+
+# Slackware build script for chkrootkit
+
+# Copyright  2007 Michiel van Wessem (http://michielvwessem.wordpress.com)
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Modified by the SlackBuilds.org project
+
+set -e
+
+PRGNAM=chkrootkit
+VERSION=0.47
+ARCH=${ARCH:-i486}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+DOCFILES="ACKNOWLEDGMENTS COPYRIGHT README* chkrootkit.lsm"
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar -xzvf $CWD/$PRGNAM.tar.gz
+cd $PRGNAM-$VERSION
+chown -R root:root .
+chmod -R u+w,go+r-w,a-s .
+
+if [ "$ARCH" = "i486" ]; then
+    sed -i 's#-DHAVE_LASTLOG_H#-O2 -march=i486 -mtune=i686#' Makefile
+elif [ "$ARCH" = "i686" ]; then
+    sed -i 's#-DHAVE_LASTLOG_H#-O2 -march=i686 -mtune=i686#' Makefile
+fi
+
+SCFLAGS="$SLKCFLAGS" make
+# Lets make our own fancy make install 
+DESTDIR=$PKG/usr/lib/chkrootkit/bin
+mkdir -p $DESTDIR
+for BINPRG in $(ls -l | grep "rwx\|\-x" | grep -v "\." | awk '{ print $8 }'); do 
+    install -m0755 $BINPRG $DESTDIR
+done
+
+# Thanks to Erik Jan Tromp (alphageek) for the suggestion on this
+# Install a wrapper script
+mkdir -p $PKG/usr/sbin
+cat << EOF > $PKG/usr/sbin/chkrootkit
+#!/bin/sh
+PRGNAM=chkrootkit
+PRGDIR=/usr/lib/\$PRGNAM/bin
+cd \$PRGDIR && exec ./$PRGNAM \$*
+EOF
+chmod 0755 $PKG/usr/sbin/$PRGNAM
+
+( cd $PKG
+  find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+  find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+)
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a $DOCFILES $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
diff --git a/system/chkrootkit/chkrootkit.info b/system/chkrootkit/chkrootkit.info
new file mode 100644
index 000000000000..3022468223b2
--- /dev/null
+++ b/system/chkrootkit/chkrootkit.info
@@ -0,0 +1,8 @@
+PRGNAM="chkrootkit"
+VERSION="0.47"
+HOMEPAGE="http://www.chkrootkit.org"
+DOWNLOAD="ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz"
+MD5SUM="4c6455d202cef35395a673386e4bf01a"
+MAINTAINER="Michiel van Wessem"
+EMAIL="michiel.van.wessem@gmail.com"
+APPROVED="rworkman"
diff --git a/system/chkrootkit/slack-desc b/system/chkrootkit/slack-desc
new file mode 100644
index 000000000000..a697ea4f9a5c
--- /dev/null
+++ b/system/chkrootkit/slack-desc
@@ -0,0 +1,11 @@
+chkrootkit: chkrootkit (Check Rootkit) 
+chkrootkit:
+chkrootkit: chkrootkit is a common unix-based program intended to help system 
+chkrootkit: administrators check their system for known rootkits. It is a shell
+chkrootkit: script using common UNIX/Linux tools like the strings and grep 
+chkrootkit: commands to search core system programs for signatures and for 
+chkrootkit: comparing a traversal of the /proc filesystem with the output of  
+chkrootkit: the ps (process status) command to look for discrepancies.
+chkrootkit: 
+chkrootkit: Homepage: http://www.chkrootkit.org
+chkrootkit: