ports/70149: [maintainer update] Update port: security/rkhunter Rootkit detection tool

Sat Aug 7 22:00:41 UTC 2004

>Number:         70149
>Category:       ports
>Synopsis:       [maintainer update] Update port: security/rkhunter Rootkit detection tool
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 07 22:00:41 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     bugghy <bugghy at rootshell.be>
>Release:        FreeBSD 5.2.1-RELEASE-p9 i386
>Organization:
>Environment:
System: FreeBSD illusion.com 5.2.1-RELEASE-p9 FreeBSD 5.2.1-RELEASE-p9 #5: Thu Aug 5 00:54:05 GMT 2004 root at illusion.com:/usr/obj/usr/src/sys/BUGNERIC i386
>Description:
Rootkit Hunter is scanning tool to ensure you for about 99.9% you're
clean of nasty tools.

This tool scans for rootkits, backdoors and local exploits by running
tests like:

- MD5/SHA1 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
>How-To-Repeat:
>Fix:
diff -ruN rkhunter-old/Makefile rkhunter/Makefile

--- rkhunter-old/Makefile	Mon Jul 26 17:54:49 2004
+++ rkhunter/Makefile	Sun Aug  8 00:10:09 2004
@@ -6,11 +6,11 @@
 #
 
 PORTNAME=	rkhunter
-PORTVERSION=	1.1.3
+PORTVERSION=	1.1.4
 CATEGORIES=	security
 MASTER_SITES=	http://downloads.rootkit.nl/
 
-MAINTAINER=	ports at FreeBSD.org
+MAINTAINER=	bugghy at SAFe-mail.net
 COMMENT=	Rootkit detection tool
 
 RUN_DEPENDS=	${SITE_PERL}/${PERL_ARCH}/Digest/SHA1.pm:${PORTSDIR}/security/p5-Digest-SHA1
diff -ruN rkhunter-old/distinfo rkhunter/distinfo
--- rkhunter-old/distinfo	Mon Jul 26 17:54:49 2004
+++ rkhunter/distinfo	Sun Aug  8 00:08:51 2004
@@ -1,2 +1,2 @@
-MD5 (rkhunter-1.1.3.tar.gz) = 62271204de0fa0d2bf1b8489b1458dc7
-SIZE (rkhunter-1.1.3.tar.gz) = 98309
+MD5 (rkhunter-1.1.4.tar.gz) = 08938c110c8363c62c82dad0571517d0
+SIZE (rkhunter-1.1.4.tar.gz) = 102147
diff -ruN rkhunter-old/files/patch-installer.sh rkhunter/files/patch-installer.sh
--- rkhunter-old/files/patch-installer.sh	Sun Jul 25 21:23:48 2004
+++ rkhunter/files/patch-installer.sh	Sun Aug  8 00:22:35 2004
@@ -1,22 +1,7 @@
---- installer.sh.orig	Sun Jul 25 16:20:28 2004
-+++ installer.sh	Sun Jul 25 17:19:48 2004
-@@ -69,6 +69,7 @@
-           ;;
-       *)
-           echo "Wrong parameter"
-+          exit
- 	  ;;
-   esac
-   shift
-@@ -111,21 +112,18 @@
- overwrite:check_port.pl:/scripts/check_port.pl:Portscanner
- overwrite:filehashmd5.pl:/scripts/filehashmd5.pl:MD5%%Digest%%generator
- overwrite:filehashsha1.pl:/scripts/filehashsha1.pl:SHA1%%Digest%%generator
--verwrite:showfiles.pl:/scripts/showfiles.pl:Directory%%viewer
-+overwrite:showfiles.pl:/scripts/showfiles.pl:Directory%%viewer
- overwrite:backdoorports.dat:/db/backdoorports.dat:Database%%Backdoor%%ports
- overwrite:mirrors.dat:/db/mirrors.dat:Database%%Update%%mirrors
- overwrite:os.dat:/db/os.dat:Database%%Operating%%Systems
+--- installer.sh.old	Sun Aug  8 00:16:28 2004
++++ installer.sh	Sun Aug  8 00:21:52 2004
+@@ -120,15 +120,12 @@
+ overwrite:programs_good.dat:/db/programs_good.dat:Database%%Program%%versions
  overwrite:defaulthashes.dat:/db/defaulthashes.dat:Database%%Default%%file%%hashes
  overwrite:md5blacklist.dat:/db/md5blacklist.dat:Database%%MD5%%blacklisted%%files
 -overwrite:CHANGELOG:/docs/CHANGELOG:Changelog
@@ -33,7 +18,7 @@
  "
  
  # Create directories (only if they do not exist)
-@@ -134,10 +132,7 @@
+@@ -137,10 +134,7 @@
  ${INSTALLDIR}/etc
  ${INSTALLDIR}/bin
  ${INSTALLDIR}/lib/rkhunter/db
@@ -44,16 +29,17 @@
  "
  
  CHECKDIR="/usr/local"
-@@ -345,8 +340,6 @@
+@@ -347,9 +341,6 @@
+ #################################################################################
  
  
- # Clean active window
+-# Clean active window
 -clear
 -
  echo "${INSTALLER_NAME} ${INSTALLER_VERSION} (${INSTALLER_COPYRIGHT})"
  echo $ECHOOPT "---------------"
  echo "Starting installation/update"
-@@ -467,7 +460,7 @@
+@@ -470,7 +461,7 @@
    if [ -f ${INSTALLPREFIX}${CURFILE} ]
      then
        #error redirection in .rkhunter it's just for a clear display if user run not as root
@@ -62,7 +48,7 @@
        if [ $? -eq 0 ]
          then
  	  echo $E "OK"
-@@ -482,10 +475,10 @@
+@@ -485,10 +476,10 @@
   
  done
  
@@ -75,7 +61,7 @@
      echo "Configuration updated with installation path (${INSTALLDIR})"
    else
      echo "Configuration already updated."
-@@ -495,7 +488,7 @@
+@@ -498,7 +489,7 @@
  then
  	echo ""
  	echo $E "$t17"
diff -ruN rkhunter-old/files/patch-os.dat rkhunter/files/patch-os.dat
--- rkhunter-old/files/patch-os.dat	Tue Jul 27 20:28:18 2004
+++ rkhunter/files/patch-os.dat	Thu Jan  1 00:00:00 1970
@@ -1,12 +0,0 @@
-$FreeBSD: ports/security/rkhunter/files/patch-os.dat,v 1.1 2004/07/27 20:28:18 glewis Exp $
-
---- files/os.dat.orig	Mon Jul 26 13:37:35 2004
-+++ files/os.dat	Mon Jul 26 13:38:02 2004
-@@ -69,6 +69,7 @@
- 207:OpenBSD 3.4 (i386):/bin/md5:/usr/local/bin:
- 208:FreeBSD 4.9 (i386):/sbin/md5 -q:/usr/local/bin:
- 209:FreeBSD 5.2.1 (i386):/sbin/md5 -q:/usr/local/bin:
-+210:FreeBSD 4.10 (i386):/sbin/md5 -q:/usr/local/bin:
- 300:Sun Solaris 8 (sparc):/bin/ls:/bin:
- 400:IBM AIX 5.4:/bin/ls:/bin:
- 401:IBM AIX 5.3:/bin/ls:/bin:
diff -ruN rkhunter-old/pkg-plist rkhunter/pkg-plist
--- rkhunter-old/pkg-plist	Sun Jul 25 21:23:47 2004
+++ rkhunter/pkg-plist	Sun Aug  8 00:25:48 2004
@@ -3,10 +3,13 @@
 lib/rkhunter/db/backdoorports.dat
 lib/rkhunter/db/mirrors.dat
 lib/rkhunter/db/os.dat
+lib/rkhunter/db/programs_bad.dat
+lib/rkhunter/db/programs_good.dat
 lib/rkhunter/db/defaulthashes.dat
 lib/rkhunter/db/md5blacklist.dat
 lib/rkhunter/scripts/check_modules.pl
 lib/rkhunter/scripts/check_port.pl
+lib/rkhunter/scripts/check_update.sh
 lib/rkhunter/scripts/filehashmd5.pl
 lib/rkhunter/scripts/filehashsha1.pl
 lib/rkhunter/scripts/showfiles.pl

>Release-Note:
>Audit-Trail:
>Unformatted:

