#!/bin/bash # # chkrootkit.SlackBuild # code: Vicious (michal@scxd.info); improvements: Zielony (e-pl@o2.pl) set -e # PACKAGE GENERAL INFO [EDIT] PKGNAME=chkrootkit VERSION=0.48 BUILD=1X ARCH=i686 URL=ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit-$VERSION.tar.gz CWD=`pwd` TMP=/tmp/$PKGNAME if [ -e $TMP/$PKGNAME-$VERSION/'Makefile' ]; then cd $TMP/$PKGNAME-$VERSION make all else if [ ! -d $TMP/$PKGNAME-$VERSION ]; then rm -rf $TMP/package mkdir -p $TMP/package/install $TMP/package/usr/sbin # PACKAGE DESCRIPTION [EDIT] cat << SLACKDESC | fmt -w $(( 80 - `echo $PKGNAME | wc -c` - 3 )) | perl -pe "s/^/$PKGNAME: /" > $TMP/package/install/slack-desc chkrootkit (rootkit checker) chkrootkit is a tool to locally check for signs of a rootkit. It contains a chkrootkit: shell script that checks system binaries for rootkit modification. The following tests are made: aliens, asp, bindshell, lkm, rexedcs, sniffer, wted, z2, amd, basename, biff, chfn, chsh, cron, date, du, dirname, echo, egrep, env, find, fingerd, gpm, grep, hdparm, su, ifconfig, inetd, inetdconf, identd, killall, login, ls, mail, mingetty, netstat, named, passwd, pidof, pop2, pop3, ps, pstree, rpcinfo, rlogind, rshd, slogin, sendmail, sshd, syslogd, tar, tcpd, top, telnetd, timed, traceroute, and write. ifpromisc.c checks whether the interface is in promiscuous mode, chklastlog.c checks for lastlog deletions, chkwtmp.c checks for wtmp deletions, check_wtmpx.c checks for wtmpx deletions (Solaris only), and chkproc.c checks for signs of LKM trojans. Package prepared by Zielony (e-pl@o2.pl) SLACKDESC cd $TMP # step 1: DOWNLOAD SOURCE PKGFNAME=`ls -t | grep -i $PKGNAME*.t*z* | head -1` if [ -z $PKGFNAME ]; then ( wget -c $URL -P $TMP -O $PKGNAME-$VERSION.${URL//*.} ) # step 2: UNPACK SOURCE AND COMPILE PKGFNAME=`ls -t | grep -i $PKGNAME*.t*z* | head -1` fi EXTENSION=`echo ${PKGFNAME//*.}` if [ $EXTENSION = "bz2" ]; then tar jxvf $PKGFNAME -C $TMP else tar xvfz $PKGFNAME -C $TMP fi chown root:root $TMP -R fi cd $TMP/$PKGNAME-$VERSION if [ "$ARCH" = "i686" ]; then SLKCFLAGS="-O2 -march=i686 -mtune=i686" elif [ "$ARCH" = "i486" ]; then SLKCFLAGS="-O2 -march=i486 -mtune=i686" elif [ "$ARCH" = "i386" ]; then SLKCFLAGS="-O2 -march=i386 -mcpu=i686" elif [ "$ARCH" = "s390" ]; then SLKCFLAGS="-O2" elif [ "$ARCH" = "x86_64" ]; then SLKCFLAGS="-O2" fi sed -i -e 's@./chklastlog@/usr/sbin/chklastlog@g' -e 's@./chkwtmp@/usr/sbin/chkwtmp@g' -e 's@./ifpromisc@/usr/sbin/ifpromisc@g' -e 's@./chkproc@/usr/sbin/chkproc@g' -e 's@./chkdirs@/usr/sbin/chkdirs@g' -e 's@./check_wtmpx@/usr/sbin/check_wtmpx@g' -e 's@./strings-static@/usr/sbin/strings-static@g' -e 's@./chkutmp@/usr/sbin/chkutmp@g' chkrootkit make all CFLAGS="$SLKCFLAGS -DHAVE_LASTLOG_H" fi for i in `find . -type f -perm +a=x`; do cp $i $TMP/package/usr/sbin done mkdir -p $TMP/package/usr/doc/$PKGNAME-$VERSION cp -af ACKNOWLEDGMENTS COPYRIGHT README* $TMP/package/usr/doc/$PKGNAME-$VERSION # step 3: STRIP BINARIES & GZIP MANUALS ( cd $TMP/package find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null ) ( gzip $TMP/package/usr/man/man?/* ) # step 4: CREATE PACKAGE & CLEAN TMP cd $TMP/package if [ `ls | wc -m` -le 8 ]; then echo "Brak plików pakietu!" else ( requiredbuilder -y -s $TMP/package/install $TMP/$PKGNAME-$VERSION ) makepkg -l y -c n $CWD/$PKGNAME-$VERSION-$ARCH-$BUILD.tgz rm -rf $TMP fi