Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Aug 2004 12:40:51 +0200 (CEST)
From:      bugghy <bugghy@phenix.rootshell.be>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        bugghy@SAFe-mail.net
Subject:   ports/70359: [maintainer update] Update port: security/rkhunter Rootkit detection tool
Message-ID:  <Pine.LNX.4.44.0408121236550.30922-100000@phenix.rootshell.be>
Resent-Message-ID: <200408121050.i7CAoTxJ092761@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         70359
>Category:       ports
>Synopsis:       [maintainer update] Update port: security/rkhunter Rootkit detection tool
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 12 10:50:29 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     bugghy <bugghy@rootshell.be>
>Release:        FreeBSD 5.2.1-RELEASE-p9 i386
>Organization:
>Environment:
System: FreeBSD illusion.com 5.2.1-RELEASE-p9 FreeBSD 5.2.1-RELEASE-p9
>Description:
Rootkit Hunter is scanning tool to ensure you for about 99.9% you're clean of nasty tools.

This tool scans for rootkits, backdoors and local exploits by running
tests like:

- MD5/SHA1 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
>How-To-Repeat:
>Fix:
diff -ruN rkhunter-old/Makefile rkhunter/Makefile
--- rkhunter-old/Makefile	Thu Aug 12 11:15:22 2004
+++ rkhunter/Makefile	Thu Aug 12 11:15:37 2004
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	rkhunter
-PORTVERSION=	1.1.4
+PORTVERSION=	1.1.5
 CATEGORIES=	security
 MASTER_SITES=	http://downloads.rootkit.nl/
 
diff -ruN rkhunter-old/distinfo rkhunter/distinfo
--- rkhunter-old/distinfo	Thu Aug 12 11:15:22 2004
+++ rkhunter/distinfo	Thu Aug 12 11:17:03 2004
@@ -1,2 +1,2 @@
-MD5 (rkhunter-1.1.4.tar.gz) = 08938c110c8363c62c82dad0571517d0
-SIZE (rkhunter-1.1.4.tar.gz) = 102147
+MD5 (rkhunter-1.1.5.tar.gz) = 750df8c8ab7855bc81ba10504694a33a
+SIZE (rkhunter-1.1.5.tar.gz) = 103822
diff -ruN rkhunter-old/files/lol rkhunter/files/lol
--- rkhunter-old/files/lol	Thu Jan  1 00:00:00 1970
+++ rkhunter/files/lol	Thu Aug 12 11:35:37 2004
@@ -0,0 +1,72 @@
+--- installer.sh.old	Thu Aug 12 11:20:01 2004
++++ installer.sh	Thu Aug 12 11:30:36 2004
+@@ -120,15 +120,12 @@
+ overwrite:programs_good.dat:/db/programs_good.dat:Database%%Program%%versions
+ overwrite:defaulthashes.dat:/db/defaulthashes.dat:Database%%Default%%file%%hashes
+ overwrite:md5blacklist.dat:/db/md5blacklist.dat:Database%%MD5%%blacklisted%%files
+-overwrite:CHANGELOG:/docs/CHANGELOG:Changelog
+-overwrite:README:/docs/README:Readme%%and%%FAQ
+-overwrite:WISHLIST:/docs/WISHLIST:Wishlist%%and%%TODO
+ "
+ 
+ # Prefix: INSTALLDIR
+ INSTALLFILES2="
+-nooverwrite:rkhunter.conf:/usr/local/etc/rkhunter.conf:RK%%Hunter%%configuration%%file
+-overwrite:rkhunter:/usr/local/bin/rkhunter:RK%%Hunter%%binary
++nooverwrite:rkhunter.conf:/etc/rkhunter.conf.sample:RK%%Hunter%%configuration%%file
++overwrite:rkhunter:/bin/rkhunter:RK%%Hunter%%binary
+ "
+ 
+ # Create directories (only if they do not exist)
+@@ -137,10 +134,7 @@
+ ${INSTALLDIR}/etc
+ ${INSTALLDIR}/bin
+ ${INSTALLDIR}/lib/rkhunter/db
+-${INSTALLDIR}/lib/rkhunter/docs
+ ${INSTALLDIR}/lib/rkhunter/scripts
+-${INSTALLDIR}/lib/rkhunter/tmp
+-/usr/local/etc
+ "
+ 
+ CHECKDIR="/usr/local"
+@@ -347,9 +341,6 @@
+ #################################################################################
+ 
+ 
+-# Clean active window
+-clear
+-
+ echo "${INSTALLER_NAME} ${INSTALLER_VERSION} (${INSTALLER_COPYRIGHT})"
+ echo $ECHOOPT "---------------"
+ echo "Starting installation/update"
+@@ -468,7 +459,7 @@
+       echo "Skipped (no overwrite)"
+     else
+       #error redirection in .rkhunter it's just for a clear display if user run not as root
+-      cp -f ${INSTALLPREFIX}${CURFILE} ${NEWFILE} 2> ~/.rkhunter.log
++      cp -f ${INSTALLPREFIX}${CURFILE} "${INSTALLDIR}/${NEWFILE}" 2> ~/.rkhunter.log
+       if [ $? -eq 0 ]
+         then
+ 	  echo $E "OK"
+@@ -481,10 +472,10 @@
+  
+ done
+ 
+-INSTALLDIRCHECK=`cat /usr/local/etc/rkhunter.conf | grep "INSTALLDIR="`
++INSTALLDIRCHECK=`cat $INSTALLDIR/etc/rkhunter.conf.sample | grep "INSTALLDIR="`
+ if [ "${INSTALLDIRCHECK}" = "" ]
+   then
+-    echo "INSTALLDIR=${INSTALLDIR}" >> /usr/local/etc/rkhunter.conf
++    echo "INSTALLDIR=${INSTALLDIR}" >> $INSTALLDIR/etc/rkhunter.conf.sample
+     echo "Configuration updated with installation path (${INSTALLDIR})"
+   else
+     echo "Configuration already updated."
+@@ -494,7 +485,7 @@
+ then
+ 	echo ""
+ 	echo $E "$t17"
+-	echo "$t18 (/usr/local/bin/rkhunter)"
++	echo "$t18 (${INSTALLDIR}/bin/rkhunter)"
+ else
+ 	echo ""
+ 	echo $E "$t19"
diff -ruN rkhunter-old/files/patch-installer.sh rkhunter/files/patch-installer.sh
--- rkhunter-old/files/patch-installer.sh	Thu Aug 12 11:15:22 2004
+++ rkhunter/files/patch-installer.sh	Thu Aug 12 11:50:19 2004
@@ -1,5 +1,5 @@
---- installer.sh.old	Sun Aug  8 00:16:28 2004
-+++ installer.sh	Sun Aug  8 00:21:52 2004
+--- installer.sh.old	Thu Aug 12 11:20:01 2004
++++ installer.sh	Thu Aug 12 11:30:36 2004
 @@ -120,15 +120,12 @@
  overwrite:programs_good.dat:/db/programs_good.dat:Database%%Program%%versions
  overwrite:defaulthashes.dat:/db/defaulthashes.dat:Database%%Default%%file%%hashes
@@ -11,9 +11,9 @@
  
  # Prefix: INSTALLDIR
  INSTALLFILES2="
--overwrite:rkhunter.conf:/usr/local/etc/rkhunter.conf:RK%%Hunter%%configuration%%file
+-nooverwrite:rkhunter.conf:/usr/local/etc/rkhunter.conf:RK%%Hunter%%configuration%%file
 -overwrite:rkhunter:/usr/local/bin/rkhunter:RK%%Hunter%%binary
-+overwrite:rkhunter.conf:/etc/rkhunter.conf.sample:RK%%Hunter%%configuration%%file
++nooverwrite:rkhunter.conf:/etc/rkhunter.conf:RK%%Hunter%%configuration%%file
 +overwrite:rkhunter:/bin/rkhunter:RK%%Hunter%%binary
  "
  
@@ -39,29 +39,29 @@
  echo "${INSTALLER_NAME} ${INSTALLER_VERSION} (${INSTALLER_COPYRIGHT})"
  echo $ECHOOPT "---------------"
  echo "Starting installation/update"
-@@ -470,7 +461,7 @@
-   if [ -f ${INSTALLPREFIX}${CURFILE} ]
-     then
+@@ -468,7 +459,7 @@
+       echo "Skipped (no overwrite)"
+     else
        #error redirection in .rkhunter it's just for a clear display if user run not as root
 -      cp -f ${INSTALLPREFIX}${CURFILE} ${NEWFILE} 2> ~/.rkhunter.log
 +      cp -f ${INSTALLPREFIX}${CURFILE} "${INSTALLDIR}/${NEWFILE}" 2> ~/.rkhunter.log
        if [ $? -eq 0 ]
          then
  	  echo $E "OK"
-@@ -485,10 +476,10 @@
+@@ -481,10 +472,10 @@
   
  done
  
 -INSTALLDIRCHECK=`cat /usr/local/etc/rkhunter.conf | grep "INSTALLDIR="`
-+INSTALLDIRCHECK=`cat $INSTALLDIR/etc/rkhunter.conf.sample | grep "INSTALLDIR="`
++INSTALLDIRCHECK=`cat $INSTALLDIR/etc/rkhunter.conf | grep "INSTALLDIR="`
  if [ "${INSTALLDIRCHECK}" = "" ]
    then
 -    echo "INSTALLDIR=${INSTALLDIR}" >> /usr/local/etc/rkhunter.conf
-+    echo "INSTALLDIR=${INSTALLDIR}" >> $INSTALLDIR/etc/rkhunter.conf.sample
++    echo "INSTALLDIR=${INSTALLDIR}" >> $INSTALLDIR/etc/rkhunter.conf
      echo "Configuration updated with installation path (${INSTALLDIR})"
    else
      echo "Configuration already updated."
-@@ -498,7 +489,7 @@
+@@ -494,7 +485,7 @@
  then
  	echo ""
  	echo $E "$t17"
diff -ruN rkhunter-old/files/pkg-message.in rkhunter/files/pkg-message.in
--- rkhunter-old/files/pkg-message.in	Thu Aug 12 11:15:22 2004
+++ rkhunter/files/pkg-message.in	Thu Aug 12 11:45:38 2004
@@ -1,7 +1,6 @@
 
 #############################################################################
   Installed additional documentation in: PREFIX/share/doc/rkhunter
-  Copy PREFIX/etc/rkhunter.conf.sample to PREFIX/etc/rkhunter.conf
 #############################################################################
 
 
diff -ruN rkhunter-old/pkg-plist rkhunter/pkg-plist
--- rkhunter-old/pkg-plist	Thu Aug 12 11:15:22 2004
+++ rkhunter/pkg-plist	Thu Aug 12 11:37:44 2004
@@ -1,4 +1,3 @@
-etc/rkhunter.conf.sample
 bin/rkhunter
 lib/rkhunter/db/backdoorports.dat
 lib/rkhunter/db/mirrors.dat

>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.44.0408121236550.30922-100000>