ports/70359: [maintainer update] Update port: security/rkhunter Rootkit detection tool
bugghy
bugghy at phenix.rootshell.be
Thu Aug 12 10:50:30 UTC 2004
>Number: 70359
>Category: ports
>Synopsis: [maintainer update] Update port: security/rkhunter Rootkit detection tool
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Thu Aug 12 10:50:29 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: bugghy <bugghy at rootshell.be>
>Release: FreeBSD 5.2.1-RELEASE-p9 i386
>Organization:
>Environment:
System: FreeBSD illusion.com 5.2.1-RELEASE-p9 FreeBSD 5.2.1-RELEASE-p9
>Description:
Rootkit Hunter is scanning tool to ensure you for about 99.9% you're clean of nasty tools.
This tool scans for rootkits, backdoors and local exploits by running
tests like:
- MD5/SHA1 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
>How-To-Repeat:
>Fix:
diff -ruN rkhunter-old/Makefile rkhunter/Makefile
--- rkhunter-old/Makefile Thu Aug 12 11:15:22 2004
+++ rkhunter/Makefile Thu Aug 12 11:15:37 2004
@@ -6,7 +6,7 @@
#
PORTNAME= rkhunter
-PORTVERSION= 1.1.4
+PORTVERSION= 1.1.5
CATEGORIES= security
MASTER_SITES= http://downloads.rootkit.nl/
diff -ruN rkhunter-old/distinfo rkhunter/distinfo
--- rkhunter-old/distinfo Thu Aug 12 11:15:22 2004
+++ rkhunter/distinfo Thu Aug 12 11:17:03 2004
@@ -1,2 +1,2 @@
-MD5 (rkhunter-1.1.4.tar.gz) = 08938c110c8363c62c82dad0571517d0
-SIZE (rkhunter-1.1.4.tar.gz) = 102147
+MD5 (rkhunter-1.1.5.tar.gz) = 750df8c8ab7855bc81ba10504694a33a
+SIZE (rkhunter-1.1.5.tar.gz) = 103822
diff -ruN rkhunter-old/files/lol rkhunter/files/lol
--- rkhunter-old/files/lol Thu Jan 1 00:00:00 1970
+++ rkhunter/files/lol Thu Aug 12 11:35:37 2004
@@ -0,0 +1,72 @@
+--- installer.sh.old Thu Aug 12 11:20:01 2004
++++ installer.sh Thu Aug 12 11:30:36 2004
+@@ -120,15 +120,12 @@
+ overwrite:programs_good.dat:/db/programs_good.dat:Database%%Program%%versions
+ overwrite:defaulthashes.dat:/db/defaulthashes.dat:Database%%Default%%file%%hashes
+ overwrite:md5blacklist.dat:/db/md5blacklist.dat:Database%%MD5%%blacklisted%%files
+-overwrite:CHANGELOG:/docs/CHANGELOG:Changelog
+-overwrite:README:/docs/README:Readme%%and%%FAQ
+-overwrite:WISHLIST:/docs/WISHLIST:Wishlist%%and%%TODO
+ "
+
+ # Prefix: INSTALLDIR
+ INSTALLFILES2="
+-nooverwrite:rkhunter.conf:/usr/local/etc/rkhunter.conf:RK%%Hunter%%configuration%%file
+-overwrite:rkhunter:/usr/local/bin/rkhunter:RK%%Hunter%%binary
++nooverwrite:rkhunter.conf:/etc/rkhunter.conf.sample:RK%%Hunter%%configuration%%file
++overwrite:rkhunter:/bin/rkhunter:RK%%Hunter%%binary
+ "
+
+ # Create directories (only if they do not exist)
+@@ -137,10 +134,7 @@
+ ${INSTALLDIR}/etc
+ ${INSTALLDIR}/bin
+ ${INSTALLDIR}/lib/rkhunter/db
+-${INSTALLDIR}/lib/rkhunter/docs
+ ${INSTALLDIR}/lib/rkhunter/scripts
+-${INSTALLDIR}/lib/rkhunter/tmp
+-/usr/local/etc
+ "
+
+ CHECKDIR="/usr/local"
+@@ -347,9 +341,6 @@
+ #################################################################################
+
+
+-# Clean active window
+-clear
+-
+ echo "${INSTALLER_NAME} ${INSTALLER_VERSION} (${INSTALLER_COPYRIGHT})"
+ echo $ECHOOPT "---------------"
+ echo "Starting installation/update"
+@@ -468,7 +459,7 @@
+ echo "Skipped (no overwrite)"
+ else
+ #error redirection in .rkhunter it's just for a clear display if user run not as root
+- cp -f ${INSTALLPREFIX}${CURFILE} ${NEWFILE} 2> ~/.rkhunter.log
++ cp -f ${INSTALLPREFIX}${CURFILE} "${INSTALLDIR}/${NEWFILE}" 2> ~/.rkhunter.log
+ if [ $? -eq 0 ]
+ then
+ echo $E "OK"
+@@ -481,10 +472,10 @@
+
+ done
+
+-INSTALLDIRCHECK=`cat /usr/local/etc/rkhunter.conf | grep "INSTALLDIR="`
++INSTALLDIRCHECK=`cat $INSTALLDIR/etc/rkhunter.conf.sample | grep "INSTALLDIR="`
+ if [ "${INSTALLDIRCHECK}" = "" ]
+ then
+- echo "INSTALLDIR=${INSTALLDIR}" >> /usr/local/etc/rkhunter.conf
++ echo "INSTALLDIR=${INSTALLDIR}" >> $INSTALLDIR/etc/rkhunter.conf.sample
+ echo "Configuration updated with installation path (${INSTALLDIR})"
+ else
+ echo "Configuration already updated."
+@@ -494,7 +485,7 @@
+ then
+ echo ""
+ echo $E "$t17"
+- echo "$t18 (/usr/local/bin/rkhunter)"
++ echo "$t18 (${INSTALLDIR}/bin/rkhunter)"
+ else
+ echo ""
+ echo $E "$t19"
diff -ruN rkhunter-old/files/patch-installer.sh rkhunter/files/patch-installer.sh
--- rkhunter-old/files/patch-installer.sh Thu Aug 12 11:15:22 2004
+++ rkhunter/files/patch-installer.sh Thu Aug 12 11:50:19 2004
@@ -1,5 +1,5 @@
---- installer.sh.old Sun Aug 8 00:16:28 2004
-+++ installer.sh Sun Aug 8 00:21:52 2004
+--- installer.sh.old Thu Aug 12 11:20:01 2004
++++ installer.sh Thu Aug 12 11:30:36 2004
@@ -120,15 +120,12 @@
overwrite:programs_good.dat:/db/programs_good.dat:Database%%Program%%versions
overwrite:defaulthashes.dat:/db/defaulthashes.dat:Database%%Default%%file%%hashes
@@ -11,9 +11,9 @@
# Prefix: INSTALLDIR
INSTALLFILES2="
--overwrite:rkhunter.conf:/usr/local/etc/rkhunter.conf:RK%%Hunter%%configuration%%file
+-nooverwrite:rkhunter.conf:/usr/local/etc/rkhunter.conf:RK%%Hunter%%configuration%%file
-overwrite:rkhunter:/usr/local/bin/rkhunter:RK%%Hunter%%binary
-+overwrite:rkhunter.conf:/etc/rkhunter.conf.sample:RK%%Hunter%%configuration%%file
++nooverwrite:rkhunter.conf:/etc/rkhunter.conf:RK%%Hunter%%configuration%%file
+overwrite:rkhunter:/bin/rkhunter:RK%%Hunter%%binary
"
@@ -39,29 +39,29 @@
echo "${INSTALLER_NAME} ${INSTALLER_VERSION} (${INSTALLER_COPYRIGHT})"
echo $ECHOOPT "---------------"
echo "Starting installation/update"
-@@ -470,7 +461,7 @@
- if [ -f ${INSTALLPREFIX}${CURFILE} ]
- then
+@@ -468,7 +459,7 @@
+ echo "Skipped (no overwrite)"
+ else
#error redirection in .rkhunter it's just for a clear display if user run not as root
- cp -f ${INSTALLPREFIX}${CURFILE} ${NEWFILE} 2> ~/.rkhunter.log
+ cp -f ${INSTALLPREFIX}${CURFILE} "${INSTALLDIR}/${NEWFILE}" 2> ~/.rkhunter.log
if [ $? -eq 0 ]
then
echo $E "OK"
-@@ -485,10 +476,10 @@
+@@ -481,10 +472,10 @@
done
-INSTALLDIRCHECK=`cat /usr/local/etc/rkhunter.conf | grep "INSTALLDIR="`
-+INSTALLDIRCHECK=`cat $INSTALLDIR/etc/rkhunter.conf.sample | grep "INSTALLDIR="`
++INSTALLDIRCHECK=`cat $INSTALLDIR/etc/rkhunter.conf | grep "INSTALLDIR="`
if [ "${INSTALLDIRCHECK}" = "" ]
then
- echo "INSTALLDIR=${INSTALLDIR}" >> /usr/local/etc/rkhunter.conf
-+ echo "INSTALLDIR=${INSTALLDIR}" >> $INSTALLDIR/etc/rkhunter.conf.sample
++ echo "INSTALLDIR=${INSTALLDIR}" >> $INSTALLDIR/etc/rkhunter.conf
echo "Configuration updated with installation path (${INSTALLDIR})"
else
echo "Configuration already updated."
-@@ -498,7 +489,7 @@
+@@ -494,7 +485,7 @@
then
echo ""
echo $E "$t17"
diff -ruN rkhunter-old/files/pkg-message.in rkhunter/files/pkg-message.in
--- rkhunter-old/files/pkg-message.in Thu Aug 12 11:15:22 2004
+++ rkhunter/files/pkg-message.in Thu Aug 12 11:45:38 2004
@@ -1,7 +1,6 @@
#############################################################################
Installed additional documentation in: PREFIX/share/doc/rkhunter
- Copy PREFIX/etc/rkhunter.conf.sample to PREFIX/etc/rkhunter.conf
#############################################################################
diff -ruN rkhunter-old/pkg-plist rkhunter/pkg-plist
--- rkhunter-old/pkg-plist Thu Aug 12 11:15:22 2004
+++ rkhunter/pkg-plist Thu Aug 12 11:37:44 2004
@@ -1,4 +1,3 @@
-etc/rkhunter.conf.sample
bin/rkhunter
lib/rkhunter/db/backdoorports.dat
lib/rkhunter/db/mirrors.dat
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list