[packages/chkrootkit.git] / chkrootkit.spec

# TODO
# - move programs to sbindir?
Summary:	chkrootkit - locally checks for signs of a rootkit
Summary(pl.UTF-8):	chkrootkit - narzędzie do lokalnego szukania oznak rootkitów
Name:		chkrootkit
Version:	0.52
Release:	1
License:	AMS (BSD like; look at COPYRIGHT)
Group:		Applications/Networking
Source0:	ftp://ftp.pangeia.com.br/pub/seg/pac/%{name}-%{version}.tar.gz
# Source0-md5:	0c864b41cae9ef9381292b51104b0a04
Source1:	%{name}-check
Source2:	%{name}.sysconfig
Patch0:		%{name}-CC.patch
Patch1:		%{name}-nostrip.patch
Patch2:		%{name}-names.patch
Patch3:		%{name}-wtmp.patch
Patch4:		%{name}-usebash.patch
Patch5:		%{name}-utmpx.patch
URL:		http://www.chkrootkit.org/
BuildRequires:	glibc-static
Requires:	bash
Requires:	binutils
Requires:	mktemp
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%description
Chkrootkit is a toolkit to locally check for signs of a rootkit.
- chkrootkit: a shell script that checks system binaries for rootkit
  modification. (If you can't trust rpm -Va)
- ifpromisc: checks if the network interface is in promiscuous mode.
  (If you can't trust netstat)
- chklastlog: checks for lastlog deletions.
- chkwtmp: checks for wtmp deletions.
- check_wtmpx: checks for wtmpx deletions. (Solaris only)
- chkproc: checks for signs of LKM trojans. (kernel modules)
- strings: quick and dirty strings replacement.

This package is a little outdated, please use rkhunter or similar for
better results.

%description -l pl.UTF-8
Chkrootkit to zestaw narzędzi do lokalnego sprawdzania oznak użycia
rootkitów.
- chkrootkit: skrypt powłoki sprawdzający binarne pliki systemowe na
  obecność modyfikacji typowych dla rootkitów (jeśli nie można zaufać
  rpm -Va)
- ifpromisc: sprawdza czy interfejs sieciowy jest w trybie promiscuous
  (gdy nie można zaufać netstat)
- chklastlog: sprawdza czy logi nie były kasowane
- chkwtmp: sprawdza kasowanie wtmpx
- check_wtmpx: sprawdza kasowanie w wtmpx deletions (tylko Solaris)
- chkproc: szuka oznak trojanów LKM (moduły jądra)
- strings: szybko i brzydko napisany zamiennik programu strings.

Pakiet ten jest przestarzały, lepiej używać rkhunter lub podobnego.

%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1

%build
CC="%{__cc}"
export CC
%{__make} sense

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_bindir},/etc/{sysconfig,cron.weekly}}

for x in check_wtmpx chkdirs chklastlog chkproc chkwtmp ifpromisc strings-static chkutmp; do
	install $x $RPM_BUILD_ROOT%{_bindir}/%{name}-$x
done

install chkrootkit $RPM_BUILD_ROOT%{_bindir}

install %{SOURCE1}	$RPM_BUILD_ROOT/etc/cron.weekly
install %{SOURCE2}	$RPM_BUILD_ROOT/etc/sysconfig/chkrootkit

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(644,root,root,755)
%doc COPYRIGHT README README.chklastlog README.chkwtmp
%attr(750,root,root) /etc/cron.weekly/chkrootkit-check
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/chkrootkit
%attr(755,root,root) %{_bindir}/*
Commit	Line	Data
19189016 ER	1	# TODO
19189016 ER	2	# - move programs to sbindir?
28acecd5	3	Summary: chkrootkit - locally checks for signs of a rootkit
0fbeccf1	4	Summary(pl.UTF-8): chkrootkit - narzędzie do lokalnego szukania oznak rootkitów
28acecd5	5	Name: chkrootkit
a46ed243	6	Version: 0.52
c36d9de3	7	Release: 1
bb5a5d05	8	License: AMS (BSD like; look at COPYRIGHT)
28acecd5	9	Group: Applications/Networking
8540c100	10	Source0: ftp://ftp.pangeia.com.br/pub/seg/pac/%{name}-%{version}.tar.gz
a46ed243	11	# Source0-md5: 0c864b41cae9ef9381292b51104b0a04
f7da0b40 PG	12	Source1: %{name}-check
f7da0b40 PG	13	Source2: %{name}.sysconfig
2aec166f	14	Patch0: %{name}-CC.patch
2aec166f	15	Patch1: %{name}-nostrip.patch
85af4f47	16	Patch2: %{name}-names.patch
f6d980d6	17	Patch3: %{name}-wtmp.patch
37dcec89	18	Patch4: %{name}-usebash.patch
c855298d	19	Patch5: %{name}-utmpx.patch
28acecd5	20	URL: http://www.chkrootkit.org/
2aec166f	21	BuildRequires: glibc-static
37dcec89	22	Requires: bash
8540c100	23	Requires: binutils
19189016	24	Requires: mktemp
1a9c367d	25	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
28acecd5	26
	27	%description
	28	Chkrootkit is a toolkit to locally check for signs of a rootkit.
298f8130	29	- chkrootkit: a shell script that checks system binaries for rootkit
	30	modification. (If you can't trust rpm -Va)
	31	- ifpromisc: checks if the network interface is in promiscuous mode.
	32	(If you can't trust netstat)
	33	- chklastlog: checks for lastlog deletions.
	34	- chkwtmp: checks for wtmp deletions.
	35	- check_wtmpx: checks for wtmpx deletions. (Solaris only)
	36	- chkproc: checks for signs of LKM trojans. (kernel modules)
	37	- strings: quick and dirty strings replacement.
28acecd5	38
433feb26 JB	39	This package is a little outdated, please use rkhunter or similar for
433feb26 JB	40	better results.
517a4527	41
c100ffb7 JR	42	%description -l pl.UTF-8
	43	Chkrootkit to zestaw narzędzi do lokalnego sprawdzania oznak użycia
	44	rootkitów.
	45	- chkrootkit: skrypt powłoki sprawdzający binarne pliki systemowe na
	46	obecność modyfikacji typowych dla rootkitów (jeśli nie można zaufać
298f8130	47	rpm -Va)
298f8130	48	- ifpromisc: sprawdza czy interfejs sieciowy jest w trybie promiscuous
c100ffb7 JR	49	(gdy nie można zaufać netstat)
c100ffb7 JR	50	- chklastlog: sprawdza czy logi nie były kasowane
298f8130	51	- chkwtmp: sprawdza kasowanie wtmpx
298f8130	52	- check_wtmpx: sprawdza kasowanie w wtmpx deletions (tylko Solaris)
c100ffb7	53	- chkproc: szuka oznak trojanów LKM (moduły jądra)
298f8130	54	- strings: szybko i brzydko napisany zamiennik programu strings.
28acecd5	55
c100ffb7	56	Pakiet ten jest przestarzały, lepiej używać rkhunter lub podobnego.
517a4527	57
28acecd5	58	%prep
1a9c367d	59	%setup -q
26e0b045	60	%patch0 -p1
2aec166f	61	%patch1 -p1
64df06f4	62	%patch2 -p1
f6d980d6	63	%patch3 -p1
37dcec89	64	%patch4 -p1
c855298d	65	%patch5 -p1
2aec166f	66
28acecd5	67	%build
433feb26	68	CC="%{__cc}"
2aec166f	69	export CC
28acecd5	70	%{__make} sense
	71
	72	%install
	73	rm -rf $RPM_BUILD_ROOT
f7da0b40	74	install -d $RPM_BUILD_ROOT{%{_bindir},/etc/{sysconfig,cron.weekly}}
584fa78d	75
c855298d	76	for x in check_wtmpx chkdirs chklastlog chkproc chkwtmp ifpromisc strings-static chkutmp; do
c57110e4	77	install $x $RPM_BUILD_ROOT%{_bindir}/%{name}-$x
2aec166f	78	done
584fa78d	79
c57110e4	80	install chkrootkit $RPM_BUILD_ROOT%{_bindir}
64df06f4	81
c57110e4	82	install %{SOURCE1} $RPM_BUILD_ROOT/etc/cron.weekly
f7da0b40 PG	83	install %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/chkrootkit
f7da0b40 PG	84
28acecd5	85	%clean
bb5a5d05	86	rm -rf $RPM_BUILD_ROOT
28acecd5	87
	88	%files
	89	%defattr(644,root,root,755)
93967f78	90	%doc COPYRIGHT README README.chklastlog README.chkwtmp
f7da0b40	91	%attr(750,root,root) /etc/cron.weekly/chkrootkit-check
8540c100	92	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/chkrootkit
bb5a5d05	93	%attr(755,root,root) %{_bindir}/*