1 Summary: chkrootkit - locally checks for signs of a rootkit
2 Summary(pl): chkrootkit - narzêdzie do lokalnego szukania oznak rootkitów
6 License: AMS (BSD like; look at COPYRIGHT)
7 Group: Applications/Networking
8 Source0: ftp://ftp.pangeia.com.br/pub/seg/pac/%{name}-%{version}.tar.gz
9 # Source0-md5: 57493e24ca81750a200d8bcb4049e858
10 Source1: %{name}-check
11 Source2: %{name}.sysconfig
12 Patch0: %{name}-CC.patch
13 Patch1: %{name}-nostrip.patch
14 Patch2: %{name}-names.patch
15 Patch3: %{name}-wtmp.patch
16 Patch4: %{name}-usebash.patch
17 Patch5: %{name}-utmpx.patch
18 # Patch5-md5: 0dfeda71b081eaa8c316eca1f81b21f0
19 URL: http://www.chkrootkit.org/
20 BuildRequires: glibc-static
23 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
26 Chkrootkit is a toolkit to locally check for signs of a rootkit.
27 - chkrootkit: a shell script that checks system binaries for rootkit
28 modification. (If you can't trust rpm -Va)
29 - ifpromisc: checks if the network interface is in promiscuous mode.
30 (If you can't trust netstat)
31 - chklastlog: checks for lastlog deletions.
32 - chkwtmp: checks for wtmp deletions.
33 - check_wtmpx: checks for wtmpx deletions. (Solaris only)
34 - chkproc: checks for signs of LKM trojans. (kernel modules)
35 - strings: quick and dirty strings replacement.
37 This package is a little outdated, please use rkhunter or similar for
41 Chkrootkit to zestaw narzêdzi do lokalnego sprawdzania oznak u¿ycia
43 - chkrootkit: skrypt pow³oki sprawdzaj±cy binarne pliki systemowe na
44 obecno¶æ modyfikacji typowych dla rootkitów (je¶li nie mo¿na zaufaæ
46 - ifpromisc: sprawdza czy interfejs sieciowy jest w trybie promiscuous
47 (gdy nie mo¿na zaufaæ netstat)
48 - chklastlog: sprawdza czy logi nie by³y kasowane
49 - chkwtmp: sprawdza kasowanie wtmpx
50 - check_wtmpx: sprawdza kasowanie w wtmpx deletions (tylko Solaris)
51 - chkproc: szuka oznak trojanów LKM (modu³y j±dra)
52 - strings: szybko i brzydko napisany zamiennik programu strings.
54 Pakiet ten jest przestarza³y, lepiej u¿ywaæ rkhunter lub podobnego.
71 rm -rf $RPM_BUILD_ROOT
72 install -d $RPM_BUILD_ROOT{%{_bindir},/etc/{sysconfig,cron.weekly}}
74 for x in check_wtmpx chkdirs chklastlog chkproc chkwtmp ifpromisc strings-static chkutmp; do
75 install $x $RPM_BUILD_ROOT%{_bindir}/%{name}-$x
78 install chkrootkit $RPM_BUILD_ROOT%{_bindir}
80 install %{SOURCE1} $RPM_BUILD_ROOT/etc/cron.weekly
81 install %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/chkrootkit
84 rm -rf $RPM_BUILD_ROOT
87 %defattr(644,root,root,755)
88 %doc COPYRIGHT README README.chklastlog README.chkwtmp
89 %attr(750,root,root) /etc/cron.weekly/chkrootkit-check
90 %attr(640,root,root) %config(noreplace) %verify(not mtime size md5) /etc/sysconfig/chkrootkit
91 %attr(755,root,root) %{_bindir}/*