From 415856bdd4f48ab4f2732996f0bae58595092bbe Mon Sep 17 00:00:00 2001
From: Parabola <dev@list.parabolagnulinux.org>
Date: Tue, 5 Apr 2011 14:26:38 +0000
Subject: Tue Apr  5 14:26:38 UTC 2011

---
 extra/chkrootkit/PKGBUILD             |  24 +++++
 extra/chkrootkit/fix-tools-path.patch | 161 ++++++++++++++++++++++++++++++++++
 2 files changed, 185 insertions(+)
 create mode 100644 extra/chkrootkit/PKGBUILD
 create mode 100644 extra/chkrootkit/fix-tools-path.patch

(limited to 'extra/chkrootkit')

diff --git a/extra/chkrootkit/PKGBUILD b/extra/chkrootkit/PKGBUILD
new file mode 100644
index 000000000..e47387bcc
--- /dev/null
+++ b/extra/chkrootkit/PKGBUILD
@@ -0,0 +1,24 @@
+# $Id: PKGBUILD 52041 2009-09-14 15:18:27Z giovanni $
+# Maintainer: Hugo Doria <hugo@archlinux.org>
+# Contributor: Gregor Ibic <gregor.ibic@intelicom.si>
+
+pkgname=chkrootkit
+pkgver=0.49
+pkgrel=1
+pkgdesc="Locally checks for signs of a rootkit."
+arch=('i686' 'x86_64')
+url="http://www.chkrootkit.org"
+depends=('bash')
+license=('BSD')
+source=(ftp://ftp.pangeia.com.br/pub/seg/pac/${pkgname}.tar.gz fix-tools-path.patch)
+md5sums=('304d840d52840689e0ab0af56d6d3a18' '6a2f3038114b8b14e1ad74e30fe44eee')
+
+build() {
+  cd ${srcdir}/${pkgname}-${pkgver}
+  patch -p0 < ${srcdir}/fix-tools-path.patch
+  chown root:root *
+  make sense || return 1
+  find ${srcdir}/${pkgname}-${pkgver} -perm /u+x -type f \
+    -execdir install -D -m755 "{}" ${pkgdir}/usr/bin/"{}" ";"
+  install -D -m644 COPYRIGHT $startdir/pkg/usr/share/licenses/$pkgname/LICENSE.txt
+}
diff --git a/extra/chkrootkit/fix-tools-path.patch b/extra/chkrootkit/fix-tools-path.patch
new file mode 100644
index 000000000..2f3c38528
--- /dev/null
+++ b/extra/chkrootkit/fix-tools-path.patch
@@ -0,0 +1,161 @@
+--- chkrootkit	2008-01-19 11:01:15.000000000 +0100
++++ chkrootkit	2008-11-01 13:11:14.000000000 +0100
+@@ -158,23 +158,23 @@
+     fi
+ 
+     if [ "${EXPERT}" = "t" ]; then
+-        expertmode_output "./ifpromisc" -v
++        expertmode_output "/usr/bin/ifpromisc" -v
+         return 5
+     fi
+-    if [ ! -x ./ifpromisc ]; then
+-      echo "not tested: can't exec ./ifpromisc"
++    if [ ! -x /usr/bin/ifpromisc ]; then
++      echo "not tested: can't exec /usr/bin/ifpromisc"
+       return ${NOT_TESTED}
+     else
+-      [ "${QUIET}" != "t" ] && ./ifpromisc -v || ./ifpromisc -q
++      [ "${QUIET}" != "t" ] && /usr/bin/ifpromisc -v || /usr/bin/ifpromisc -q
+     fi
+ }
+ 
+ chkutmp() {
+-    if [ ! -x ./chkutmp ]; then
+-      echo "not tested: can't exec ./chkutmp"
++    if [ ! -x /usr/bin/chkutmp ]; then
++      echo "not tested: can't exec /usr/bin/chkutmp"
+       return ${NOT_TESTED}
+     fi
+-    if ./chkutmp
++    if /usr/bin/chkutmp
+     then
+       if [ "${QUIET}" != "t" ]; then echo "chkutmp: nothing deleted"; fi
+     fi
+@@ -182,8 +182,8 @@
+ }
+ 
+ z2 () {
+-    if [ ! -x ./chklastlog ]; then
+-      echo "not tested: can't exec ./chklastlog"
++    if [ ! -x /usr/bin/chklastlog ]; then
++      echo "not tested: can't exec /usr/bin/chklastlog"
+       return ${NOT_TESTED}
+     fi
+ 
+@@ -196,32 +196,32 @@
+     fi
+ 
+     if [ "${EXPERT}" = "t" ]; then
+-        expertmode_output "./chklastlog -f ${WTMP} -l ${LASTLOG}"
++        expertmode_output "/usr/bin/chklastlog -f ${WTMP} -l ${LASTLOG}"
+         return 5
+     fi
+ 
+-    if ./chklastlog -f ${WTMP} -l ${LASTLOG}
++    if /usr/bin/chklastlog -f ${WTMP} -l ${LASTLOG}
+     then
+       if [ "${QUIET}" != "t" ]; then echo "chklastlog: nothing deleted"; fi
+     fi
+ }
+ 
+ wted () {
+-    if [ ! -x ./chkwtmp ]; then
+-      echo "not tested: can't exec ./chkwtmp"
++    if [ ! -x /usr/bin/chkwtmp ]; then
++      echo "not tested: can't exec /usr/bin/chkwtmp"
+       return ${NOT_TESTED}
+     fi
+ 
+    if [ "$SYSTEM" = "SunOS" ]; then
+-       if [ ! -x ./check_wtmpx ]; then
+-          echo "not tested: can't exec ./check_wtmpx"
++       if [ ! -x /usr/bin/check_wtmpx ]; then
++          echo "not tested: can't exec /usr/bin/check_wtmpx"
+        else
+           if [ "${EXPERT}" = "t" ]; then
+-             expertmode_output "./check_wtmpx"
++             expertmode_output "/usr/bin/check_wtmpx"
+               return 5
+           fi
+ 	  if [ -f ${ROOTDIR}var/adm/wtmp ]; then
+-             if ./check_wtmpx
++             if /usr/bin/check_wtmpx
+                 then
+                 if [ "${QUIET}" != "t" ]; then \
+                    echo "check_wtmpx: nothing deleted in /var/adm/wtmpx"; fi
+@@ -232,12 +232,12 @@
+        WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
+ 
+        if [ "${EXPERT}" = "t" ]; then
+-          expertmode_output "./chkwtmp -f ${WTMP}"
++          expertmode_output "/usr/bin/chkwtmp -f ${WTMP}"
+           return 5
+        fi
+     fi
+ 
+-    if ./chkwtmp -f ${WTMP}
++    if /usr/bin/chkwtmp -f ${WTMP}
+     then
+       if [ "${QUIET}" != "t" ]; then echo "chkwtmp: nothing deleted"; fi
+     fi
+@@ -275,8 +275,8 @@
+     prog=""
+     if [  \( "${SYSTEM}" = "Linux"  -o \( "${SYSTEM}" = "FreeBSD" -a \
+        `echo ${V} | ${awk} '{ if ($1 > 4.3 || $1 < 6.0) print 1; else print 0 }'` -eq 1 \) \) -a "${ROOTDIR}" = "/" ]; then
+-      [  -x ./chkproc -a "`find /proc | wc -l`" -gt 1 ] && prog="./chkproc"
+-      [  -x ./chkdirs ] && prog="$prog ./chkdirs"
++      [  -x /usr/bin/chkproc -a "`find /proc | wc -l`" -gt 1 ] && prog="/usr/bin/chkproc"
++      [  -x /usr/bin/chkdirs ] && prog="$prog /usr/bin/chkdirs"
+       if [ "$prog" = "" ]; then
+          echo "not tested: can't exec $prog"
+          return ${NOT_TESTED}
+@@ -288,7 +288,7 @@
+          PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
+          [ "$PV" = "" ] &&  PV=2
+          [ "${SYSTEM}" = "SunOS" ] && PV=0
+-         expertmode_output "./chkproc -v -v -p $PV"
++         expertmode_output "/usr/bin/chkproc -v -v -p $PV"
+          return 5
+       fi
+ 
+@@ -315,7 +315,7 @@
+       if [ "${DEBUG}" = "t" ]; then
+            ${echo} "*** PV=$PV ***"
+       fi
+-      if ./chkproc -p ${PV}; then
++      if /usr/bin/chkproc -p ${PV}; then
+          if [ "${QUIET}" != "t" ]; then echo "chkproc: nothing detected"; fi
+       else
+          echo "chkproc: Warning: Possible LKM Trojan installed"
+@@ -324,7 +324,7 @@
+       for i in /usr/share /usr/bin /usr/sbin /lib; do
+          [ -d $i ] && dirs="$dirs $i"
+       done
+-      if ./chkdirs $dirs;  then
++      if /usr/bin/chkdirs $dirs;  then
+          if [ "${QUIET}" != "t" ]; then echo "chkdirs: nothing detected"; fi
+       else
+ 	    echo "chkdirs: Warning: Possible LKM Trojan installed"
+@@ -1690,18 +1690,18 @@
+ 
+    if [ "${SYSTEM}" = "Linux" ]
+    then
+-      if [ ! -x ./strings-static ]; then
+-        printn "can't exec ./strings-static, "
++      if [ ! -x /usr/bin/strings-static ]; then
++        printn "can't exec /usr/bin/strings-static, "
+         return ${NOT_TESTED}
+       fi
+ 
+       if [ "${EXPERT}" = "t" ]; then
+-          expertmode_output "./strings-static -a ${CMD}"
++          expertmode_output "/usr/bin/strings-static -a ${CMD}"
+           return 5
+       fi
+ 
+       ### strings must be a statically linked binary.
+-      if ./strings-static -a ${CMD} > /dev/null 2>&1
++      if /usr/bin/strings-static -a ${CMD} > /dev/null 2>&1
+       then
+          STATUS=${INFECTED}
+       fi
-- 
cgit v1.2.3-54-g00ecf