ports/55919: Teach security/chkrootkit
Yonatan at xpert.com
Yonatan at xpert.com
Sun Aug 24 10:40:27 UTC 2003
>Number: 55919
>Category: ports
>Synopsis: Teach security/chkrootkit
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun Aug 24 03:40:24 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Yonatan at xpert.com
>Release: FreeBSD 4.8-RC i386
>Organization:
>Environment:
System: FreeBSD Temujin 4.8-RC FreeBSD 4.8-RC #1: Sat Apr 12 03:02:22 GMT 2003 root at Temujin:/usr/obj/usr/src/sys/TEMUJIN-G i386
>Description:
I finnaly got fed up with that FAQ about chkrootkit. The solution was either
to add a Q+A to the FAQ or fix the port.
This introduce a new variable, FreeBSD5, that is set to "yes" if we're
running FreeBSD 5 or higher.
This variable is used to fix the tests of the following binaries, so they
would DTRT on FreeBSD 5: chfn chsh date ls ps
I also fixed a bug in the cheking of vdir, but it's irrelevant for FreeBSD.
>How-To-Repeat:
Install the port and run on FreeBSD 5 and higher.
You'll also need to remove the IGNORE from the Makefile.
>Fix:
--- chkrootkit-5fix begins here ---
diff -urN chkrootkit.orig/Makefile chkrootkit/Makefile
--- chkrootkit.orig/Makefile Sun Aug 24 11:25:09 2003
+++ chkrootkit/Makefile Sun Aug 24 12:11:46 2003
@@ -23,10 +23,6 @@
.include <bsd.port.pre.mk>
-.if ${OSVERSION} >= 500000
-IGNORE= "Reports false positives on 5.x"
-.endif
-
pre-patch:
${REINPLACE_CMD} -e "s/^CC/#CC/; s/^CFLAGS/#CFLAGS/" ${WRKSRC}/Makefile
${REINPLACE_CMD} -e \
diff -urN chkrootkit.orig/files/patch-chkrootkit chkrootkit/files/patch-chkrootkit
--- chkrootkit.orig/files/patch-chkrootkit Thu Jan 1 00:00:00 1970
+++ chkrootkit/files/patch-chkrootkit Sun Aug 24 12:08:51 2003
@@ -0,0 +1,84 @@
+--- chkrootkit.orig Sun Aug 24 12:04:58 2003
++++ chkrootkit Sun Aug 24 12:08:26 2003
+@@ -1020,8 +1020,10 @@
+ STATUS=${INFECTED}
+ fi;;
+ FreeBSD)
++ TMP="2"
++ if [ "${FreeBSD5}" = "yes" ]; then TMP="1"; fi
+ if [ `${strings} -a ${CMD} | \
+- ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne 2 ]
++ ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne "${TMP}" ]
+ then
+ STATUS=${INFECTED}
+ fi;;
+@@ -1053,7 +1055,9 @@
+ fi
+ fi;;
+ FreeBSD)
+- if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne 2 ]
++ TMP="2"
++ if [ "${FreeBSD5}" = "yes" ] ; then TMP="1"; fi
++ if [ `${strings} -a ${CMD} | ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne "${TMP}" ]
+ then
+ STATUS=${INFECTED}
+ fi;;
+@@ -1264,7 +1268,10 @@
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${LS_INFECTED_LABEL}" >/dev/null 2>&1
++ TMP="0"
++ if [ "${FreeBSD5}" = "yes" ] ; then TMP="1"; fi
++ if [ `${strings} -a ${CMD} | \
++ ${egrep} -c "${LS_INFECTED_LABEL}"` -ne "${TMP}" ]
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1342,7 +1349,10 @@
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${PS_I_L}" >/dev/null 2>&1
++ TMP="0"
++ if [ "${FreeBSD5}" = "yes" ] ; then TMP="1"; fi
++ if [ `${strings} -a ${CMD} | \
++ ${egrep} -c "${PS_I_L}"` -ne "${TMP}" ]
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1560,7 +1570,10 @@
+ return 5
+ fi
+
+- if ${strings} -a ${CMD} | ${egrep} "${GENERIC_ROOTKIT_LABEL}" > /dev/null 2>&1
++ TMP="0"
++ if [ "${FreeBSD5}" = "yes" ] ; then TMP="2"; fi
++ if [ `${strings} -a ${CMD} | \
++ ${egrep} -c "${GENERIC_ROOTKIT_LABEL}"` -ne "${TMP}" ]
+ then
+ STATUS=${INFECTED}
+ fi
+@@ -1750,7 +1763,7 @@
+ STATUS=${NOT_INFECTED}
+ CMD=`loc vdir vdir $pth`
+ VDIR_INFECTED_LABEL="/lib/volc"
+- if [ -r ${CMD} ]; then
++ if [ ! -r ${CMD} ]; then
+ return ${NOT_FOUND}
+ fi
+
+@@ -2323,6 +2336,13 @@
+
+ SYSTEM=`${uname} -s`
+ VERSION=`${uname} -r`
++
++if [ "${SYSTEM}" = "FreeBSD" ] ; then
++ if [ -n '`uname -r | grep "^5"`' ] ; then
++ FreeBSD5="yes"
++ fi
++fi
++
+ if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
+ V=44
+ else
--- chkrootkit-5fix ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list