[packages/chkrootkit.git] / chkrootkit.spec

# TODO
# - move programs to sbindir?
Summary:	chkrootkit - locally checks for signs of a rootkit
Summary(pl.UTF-8):	chkrootkit - narzędzie do lokalnego szukania oznak rootkitów
Name:		chkrootkit
Version:	0.47
Release:	1
License:	AMS (BSD like; look at COPYRIGHT)
Group:		Applications/Networking
Source0:	ftp://ftp.pangeia.com.br/pub/seg/pac/%{name}-%{version}.tar.gz
# Source0-md5:	4c6455d202cef35395a673386e4bf01a
Source1:	%{name}-check
Source2:	%{name}.sysconfig
Patch0:		%{name}-CC.patch
Patch1:		%{name}-nostrip.patch
Patch2:		%{name}-names.patch
Patch3:		%{name}-wtmp.patch
Patch4:		%{name}-usebash.patch
Patch5:		%{name}-utmpx.patch
# Patch5-md5: 0dfeda71b081eaa8c316eca1f81b21f0
URL:		http://www.chkrootkit.org/
BuildRequires:	glibc-static
Requires:	bash
Requires:	binutils
Requires:	mktemp
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%description
Chkrootkit is a toolkit to locally check for signs of a rootkit.
- chkrootkit: a shell script that checks system binaries for rootkit
  modification. (If you can't trust rpm -Va)
- ifpromisc: checks if the network interface is in promiscuous mode.
  (If you can't trust netstat)
- chklastlog: checks for lastlog deletions.
- chkwtmp: checks for wtmp deletions.
- check_wtmpx: checks for wtmpx deletions. (Solaris only)
- chkproc: checks for signs of LKM trojans. (kernel modules)
- strings: quick and dirty strings replacement.

This package is a little outdated, please use rkhunter or similar for
better results.

%description -l pl.UTF-8
Chkrootkit to zestaw narzędzi do lokalnego sprawdzania oznak użycia
rootkitów.
- chkrootkit: skrypt powłoki sprawdzający binarne pliki systemowe na
  obecność modyfikacji typowych dla rootkitów (jeśli nie można zaufać
  rpm -Va)
- ifpromisc: sprawdza czy interfejs sieciowy jest w trybie promiscuous
  (gdy nie można zaufać netstat)
- chklastlog: sprawdza czy logi nie były kasowane
- chkwtmp: sprawdza kasowanie wtmpx
- check_wtmpx: sprawdza kasowanie w wtmpx deletions (tylko Solaris)
- chkproc: szuka oznak trojanów LKM (moduły jądra)
- strings: szybko i brzydko napisany zamiennik programu strings.

Pakiet ten jest przestarzały, lepiej używać rkhunter lub podobnego.

%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1

%build
CC="%{__cc}"
export CC
%{__make} sense

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_bindir},/etc/{sysconfig,cron.weekly}}

for x in check_wtmpx chkdirs chklastlog chkproc chkwtmp ifpromisc strings-static chkutmp; do
	install $x $RPM_BUILD_ROOT%{_bindir}/%{name}-$x
done

install chkrootkit $RPM_BUILD_ROOT%{_bindir}

install %{SOURCE1}	$RPM_BUILD_ROOT/etc/cron.weekly
install %{SOURCE2}	$RPM_BUILD_ROOT/etc/sysconfig/chkrootkit

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(644,root,root,755)
%doc COPYRIGHT README README.chklastlog README.chkwtmp
%attr(750,root,root) /etc/cron.weekly/chkrootkit-check
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/chkrootkit
%attr(755,root,root) %{_bindir}/*
Commit	Line	Data
19189016 ER	1	# TODO
19189016 ER	2	# - move programs to sbindir?
28acecd5	3	Summary: chkrootkit - locally checks for signs of a rootkit
0fbeccf1	4	Summary(pl.UTF-8): chkrootkit - narzędzie do lokalnego szukania oznak rootkitów
28acecd5	5	Name: chkrootkit
58f4dd05	6	Version: 0.47
d0a23021	7	Release: 1
bb5a5d05	8	License: AMS (BSD like; look at COPYRIGHT)
28acecd5	9	Group: Applications/Networking
8540c100	10	Source0: ftp://ftp.pangeia.com.br/pub/seg/pac/%{name}-%{version}.tar.gz
58f4dd05	11	# Source0-md5: 4c6455d202cef35395a673386e4bf01a
f7da0b40 PG	12	Source1: %{name}-check
f7da0b40 PG	13	Source2: %{name}.sysconfig
2aec166f	14	Patch0: %{name}-CC.patch
2aec166f	15	Patch1: %{name}-nostrip.patch
85af4f47	16	Patch2: %{name}-names.patch
f6d980d6	17	Patch3: %{name}-wtmp.patch
37dcec89	18	Patch4: %{name}-usebash.patch
c855298d	19	Patch5: %{name}-utmpx.patch
d031d7b8	20	# Patch5-md5: 0dfeda71b081eaa8c316eca1f81b21f0
28acecd5	21	URL: http://www.chkrootkit.org/
2aec166f	22	BuildRequires: glibc-static
37dcec89	23	Requires: bash
8540c100	24	Requires: binutils
19189016	25	Requires: mktemp
1a9c367d	26	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
28acecd5	27
	28	%description
	29	Chkrootkit is a toolkit to locally check for signs of a rootkit.
298f8130	30	- chkrootkit: a shell script that checks system binaries for rootkit
	31	modification. (If you can't trust rpm -Va)
	32	- ifpromisc: checks if the network interface is in promiscuous mode.
	33	(If you can't trust netstat)
	34	- chklastlog: checks for lastlog deletions.
	35	- chkwtmp: checks for wtmp deletions.
	36	- check_wtmpx: checks for wtmpx deletions. (Solaris only)
	37	- chkproc: checks for signs of LKM trojans. (kernel modules)
	38	- strings: quick and dirty strings replacement.
28acecd5	39
433feb26 JB	40	This package is a little outdated, please use rkhunter or similar for
433feb26 JB	41	better results.
517a4527	42
c100ffb7 JR	43	%description -l pl.UTF-8
	44	Chkrootkit to zestaw narzędzi do lokalnego sprawdzania oznak użycia
	45	rootkitów.
	46	- chkrootkit: skrypt powłoki sprawdzający binarne pliki systemowe na
	47	obecność modyfikacji typowych dla rootkitów (jeśli nie można zaufać
298f8130	48	rpm -Va)
298f8130	49	- ifpromisc: sprawdza czy interfejs sieciowy jest w trybie promiscuous
c100ffb7 JR	50	(gdy nie można zaufać netstat)
c100ffb7 JR	51	- chklastlog: sprawdza czy logi nie były kasowane
298f8130	52	- chkwtmp: sprawdza kasowanie wtmpx
298f8130	53	- check_wtmpx: sprawdza kasowanie w wtmpx deletions (tylko Solaris)
c100ffb7	54	- chkproc: szuka oznak trojanów LKM (moduły jądra)
298f8130	55	- strings: szybko i brzydko napisany zamiennik programu strings.
28acecd5	56
c100ffb7	57	Pakiet ten jest przestarzały, lepiej używać rkhunter lub podobnego.
517a4527	58
28acecd5	59	%prep
1a9c367d	60	%setup -q
26e0b045	61	%patch0 -p1
2aec166f	62	%patch1 -p1
64df06f4	63	%patch2 -p1
f6d980d6	64	%patch3 -p1
37dcec89	65	%patch4 -p1
c855298d	66	%patch5 -p1
2aec166f	67
28acecd5	68	%build
433feb26	69	CC="%{__cc}"
2aec166f	70	export CC
28acecd5	71	%{__make} sense
	72
	73	%install
	74	rm -rf $RPM_BUILD_ROOT
f7da0b40	75	install -d $RPM_BUILD_ROOT{%{_bindir},/etc/{sysconfig,cron.weekly}}
584fa78d	76
c855298d	77	for x in check_wtmpx chkdirs chklastlog chkproc chkwtmp ifpromisc strings-static chkutmp; do
c57110e4	78	install $x $RPM_BUILD_ROOT%{_bindir}/%{name}-$x
2aec166f	79	done
584fa78d	80
c57110e4	81	install chkrootkit $RPM_BUILD_ROOT%{_bindir}
64df06f4	82
c57110e4	83	install %{SOURCE1} $RPM_BUILD_ROOT/etc/cron.weekly
f7da0b40 PG	84	install %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/chkrootkit
f7da0b40 PG	85
28acecd5	86	%clean
bb5a5d05	87	rm -rf $RPM_BUILD_ROOT
28acecd5	88
	89	%files
	90	%defattr(644,root,root,755)
93967f78	91	%doc COPYRIGHT README README.chklastlog README.chkwtmp
f7da0b40	92	%attr(750,root,root) /etc/cron.weekly/chkrootkit-check
8540c100	93	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/chkrootkit
bb5a5d05	94	%attr(755,root,root) %{_bindir}/*