]>
Commit | Line | Data |
---|---|---|
1 | # TODO | |
2 | # - move programs to sbindir? | |
3 | Summary: chkrootkit - locally checks for signs of a rootkit | |
4 | Summary(pl.UTF-8): chkrootkit - narzędzie do lokalnego szukania oznak rootkitów | |
5 | Name: chkrootkit | |
6 | Version: 0.52 | |
7 | Release: 1 | |
8 | License: AMS (BSD like; look at COPYRIGHT) | |
9 | Group: Applications/Networking | |
10 | Source0: ftp://ftp.pangeia.com.br/pub/seg/pac/%{name}-%{version}.tar.gz | |
11 | # Source0-md5: 0c864b41cae9ef9381292b51104b0a04 | |
12 | Source1: %{name}-check | |
13 | Source2: %{name}.sysconfig | |
14 | Patch0: %{name}-CC.patch | |
15 | Patch1: %{name}-nostrip.patch | |
16 | Patch2: %{name}-names.patch | |
17 | Patch3: %{name}-wtmp.patch | |
18 | Patch4: %{name}-usebash.patch | |
19 | Patch5: %{name}-utmpx.patch | |
20 | URL: http://www.chkrootkit.org/ | |
21 | BuildRequires: glibc-static | |
22 | Requires: bash | |
23 | Requires: binutils | |
24 | Requires: mktemp | |
25 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) | |
26 | ||
27 | %description | |
28 | Chkrootkit is a toolkit to locally check for signs of a rootkit. | |
29 | - chkrootkit: a shell script that checks system binaries for rootkit | |
30 | modification. (If you can't trust rpm -Va) | |
31 | - ifpromisc: checks if the network interface is in promiscuous mode. | |
32 | (If you can't trust netstat) | |
33 | - chklastlog: checks for lastlog deletions. | |
34 | - chkwtmp: checks for wtmp deletions. | |
35 | - check_wtmpx: checks for wtmpx deletions. (Solaris only) | |
36 | - chkproc: checks for signs of LKM trojans. (kernel modules) | |
37 | - strings: quick and dirty strings replacement. | |
38 | ||
39 | This package is a little outdated, please use rkhunter or similar for | |
40 | better results. | |
41 | ||
42 | %description -l pl.UTF-8 | |
43 | Chkrootkit to zestaw narzędzi do lokalnego sprawdzania oznak użycia | |
44 | rootkitów. | |
45 | - chkrootkit: skrypt powłoki sprawdzający binarne pliki systemowe na | |
46 | obecność modyfikacji typowych dla rootkitów (jeśli nie można zaufać | |
47 | rpm -Va) | |
48 | - ifpromisc: sprawdza czy interfejs sieciowy jest w trybie promiscuous | |
49 | (gdy nie można zaufać netstat) | |
50 | - chklastlog: sprawdza czy logi nie były kasowane | |
51 | - chkwtmp: sprawdza kasowanie wtmpx | |
52 | - check_wtmpx: sprawdza kasowanie w wtmpx deletions (tylko Solaris) | |
53 | - chkproc: szuka oznak trojanów LKM (moduły jądra) | |
54 | - strings: szybko i brzydko napisany zamiennik programu strings. | |
55 | ||
56 | Pakiet ten jest przestarzały, lepiej używać rkhunter lub podobnego. | |
57 | ||
58 | %prep | |
59 | %setup -q | |
60 | %patch0 -p1 | |
61 | %patch1 -p1 | |
62 | %patch2 -p1 | |
63 | %patch3 -p1 | |
64 | %patch4 -p1 | |
65 | %patch5 -p1 | |
66 | ||
67 | %build | |
68 | CC="%{__cc}" | |
69 | export CC | |
70 | %{__make} sense | |
71 | ||
72 | %install | |
73 | rm -rf $RPM_BUILD_ROOT | |
74 | install -d $RPM_BUILD_ROOT{%{_bindir},/etc/{sysconfig,cron.weekly}} | |
75 | ||
76 | for x in check_wtmpx chkdirs chklastlog chkproc chkwtmp ifpromisc strings-static chkutmp; do | |
77 | install $x $RPM_BUILD_ROOT%{_bindir}/%{name}-$x | |
78 | done | |
79 | ||
80 | install chkrootkit $RPM_BUILD_ROOT%{_bindir} | |
81 | ||
82 | install %{SOURCE1} $RPM_BUILD_ROOT/etc/cron.weekly | |
83 | install %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/chkrootkit | |
84 | ||
85 | %clean | |
86 | rm -rf $RPM_BUILD_ROOT | |
87 | ||
88 | %files | |
89 | %defattr(644,root,root,755) | |
90 | %doc COPYRIGHT README README.chklastlog README.chkwtmp | |
91 | %attr(750,root,root) /etc/cron.weekly/chkrootkit-check | |
92 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/chkrootkit | |
93 | %attr(755,root,root) %{_bindir}/* |