]>
Commit | Line | Data |
---|---|---|
19189016 ER |
1 | # TODO |
2 | # - move programs to sbindir? | |
28acecd5 | 3 | Summary: chkrootkit - locally checks for signs of a rootkit |
0fbeccf1 | 4 | Summary(pl.UTF-8): chkrootkit - narzędzie do lokalnego szukania oznak rootkitów |
28acecd5 | 5 | Name: chkrootkit |
a46ed243 | 6 | Version: 0.52 |
c36d9de3 | 7 | Release: 1 |
bb5a5d05 | 8 | License: AMS (BSD like; look at COPYRIGHT) |
28acecd5 | 9 | Group: Applications/Networking |
8540c100 | 10 | Source0: ftp://ftp.pangeia.com.br/pub/seg/pac/%{name}-%{version}.tar.gz |
a46ed243 | 11 | # Source0-md5: 0c864b41cae9ef9381292b51104b0a04 |
f7da0b40 PG |
12 | Source1: %{name}-check |
13 | Source2: %{name}.sysconfig | |
2aec166f | 14 | Patch0: %{name}-CC.patch |
15 | Patch1: %{name}-nostrip.patch | |
85af4f47 | 16 | Patch2: %{name}-names.patch |
f6d980d6 | 17 | Patch3: %{name}-wtmp.patch |
37dcec89 | 18 | Patch4: %{name}-usebash.patch |
c855298d | 19 | Patch5: %{name}-utmpx.patch |
28acecd5 | 20 | URL: http://www.chkrootkit.org/ |
2aec166f | 21 | BuildRequires: glibc-static |
37dcec89 | 22 | Requires: bash |
8540c100 | 23 | Requires: binutils |
19189016 | 24 | Requires: mktemp |
1a9c367d | 25 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
28acecd5 | 26 | |
27 | %description | |
28 | Chkrootkit is a toolkit to locally check for signs of a rootkit. | |
298f8130 | 29 | - chkrootkit: a shell script that checks system binaries for rootkit |
30 | modification. (If you can't trust rpm -Va) | |
31 | - ifpromisc: checks if the network interface is in promiscuous mode. | |
32 | (If you can't trust netstat) | |
33 | - chklastlog: checks for lastlog deletions. | |
34 | - chkwtmp: checks for wtmp deletions. | |
35 | - check_wtmpx: checks for wtmpx deletions. (Solaris only) | |
36 | - chkproc: checks for signs of LKM trojans. (kernel modules) | |
37 | - strings: quick and dirty strings replacement. | |
28acecd5 | 38 | |
433feb26 JB |
39 | This package is a little outdated, please use rkhunter or similar for |
40 | better results. | |
517a4527 | 41 | |
c100ffb7 JR |
42 | %description -l pl.UTF-8 |
43 | Chkrootkit to zestaw narzędzi do lokalnego sprawdzania oznak użycia | |
44 | rootkitów. | |
45 | - chkrootkit: skrypt powłoki sprawdzający binarne pliki systemowe na | |
46 | obecność modyfikacji typowych dla rootkitów (jeśli nie można zaufać | |
298f8130 | 47 | rpm -Va) |
48 | - ifpromisc: sprawdza czy interfejs sieciowy jest w trybie promiscuous | |
c100ffb7 JR |
49 | (gdy nie można zaufać netstat) |
50 | - chklastlog: sprawdza czy logi nie były kasowane | |
298f8130 | 51 | - chkwtmp: sprawdza kasowanie wtmpx |
52 | - check_wtmpx: sprawdza kasowanie w wtmpx deletions (tylko Solaris) | |
c100ffb7 | 53 | - chkproc: szuka oznak trojanów LKM (moduły jądra) |
298f8130 | 54 | - strings: szybko i brzydko napisany zamiennik programu strings. |
28acecd5 | 55 | |
c100ffb7 | 56 | Pakiet ten jest przestarzały, lepiej używać rkhunter lub podobnego. |
517a4527 | 57 | |
28acecd5 | 58 | %prep |
1a9c367d | 59 | %setup -q |
26e0b045 | 60 | %patch0 -p1 |
2aec166f | 61 | %patch1 -p1 |
64df06f4 | 62 | %patch2 -p1 |
f6d980d6 | 63 | %patch3 -p1 |
37dcec89 | 64 | %patch4 -p1 |
c855298d | 65 | %patch5 -p1 |
2aec166f | 66 | |
28acecd5 | 67 | %build |
433feb26 | 68 | CC="%{__cc}" |
2aec166f | 69 | export CC |
28acecd5 | 70 | %{__make} sense |
71 | ||
72 | %install | |
73 | rm -rf $RPM_BUILD_ROOT | |
f7da0b40 | 74 | install -d $RPM_BUILD_ROOT{%{_bindir},/etc/{sysconfig,cron.weekly}} |
584fa78d | 75 | |
c855298d | 76 | for x in check_wtmpx chkdirs chklastlog chkproc chkwtmp ifpromisc strings-static chkutmp; do |
c57110e4 | 77 | install $x $RPM_BUILD_ROOT%{_bindir}/%{name}-$x |
2aec166f | 78 | done |
584fa78d | 79 | |
c57110e4 | 80 | install chkrootkit $RPM_BUILD_ROOT%{_bindir} |
64df06f4 | 81 | |
c57110e4 | 82 | install %{SOURCE1} $RPM_BUILD_ROOT/etc/cron.weekly |
f7da0b40 PG |
83 | install %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/chkrootkit |
84 | ||
28acecd5 | 85 | %clean |
bb5a5d05 | 86 | rm -rf $RPM_BUILD_ROOT |
28acecd5 | 87 | |
88 | %files | |
89 | %defattr(644,root,root,755) | |
93967f78 | 90 | %doc COPYRIGHT README README.chklastlog README.chkwtmp |
f7da0b40 | 91 | %attr(750,root,root) /etc/cron.weekly/chkrootkit-check |
8540c100 | 92 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/chkrootkit |
bb5a5d05 | 93 | %attr(755,root,root) %{_bindir}/* |