From owner-freebsd-ports-bugs@FreeBSD.ORG  Sun Jul 25 14:40:26 2004
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E3B5A16A4CE
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sun, 25 Jul 2004 14:40:26 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C5CFF43D49
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sun, 25 Jul 2004 14:40:26 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	i6PEeQc3072651	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Sun, 25 Jul 2004 14:40:26 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i6PEeQe9072650;
	Sun, 25 Jul 2004 14:40:26 GMT
	(envelope-from gnats)
Resent-Date: Sun, 25 Jul 2004 14:40:26 GMT
Resent-Message-Id: <200407251440.i6PEeQe9072650@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	bugghy <bugghy@phenix.rootshell.be>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8496616A4CE
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 25 Jul 2004 14:37:20 +0000 (GMT)
Received: from phenix.rootshell.be (phenix.rootshell.be [217.22.55.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D5D6343D3F
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 25 Jul 2004 14:37:19 +0000 (GMT)
	(envelope-from bugghy@phenix.rootshell.be)
Received: from phenix.rootshell.be (phenix [127.0.0.1])
	by phenix.rootshell.be (8.12.8/8.12.8) with ESMTP id i6PEbIDR027826;
	Sun, 25 Jul 2004 16:37:18 +0200
Received: from localhost (bugghy@localhost)i6PEbFAx021348;
	Sun, 25 Jul 2004 16:37:15 +0200
Message-Id: <Pine.LNX.4.44.0407251636220.32436-100000@phenix.rootshell.be>
Date: Sun, 25 Jul 2004 16:37:15 +0200 (CEST)
From: bugghy <bugghy@phenix.rootshell.be>
To: FreeBSD-gnats-submit@FreeBSD.org
cc: bugghy@SAFe-mail.net
Subject: ports/69574: [maintainer update] Update port: security/rkhunter
 Rootkit detection tool
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>,
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>,
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Jul 2004 14:40:27 -0000

	Note: There was a bad value `maintainer' for the field `>Class:'.
	It was set to the default value of `sw-bug'.


>Number:         69574
>Category:       ports
>Synopsis:       [maintainer update] Update port: security/rkhunter Rootkit
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul 25 14:40:25 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     bugghy <bugghy@rootshell.be>
>Release:        FreeBSD 5.2.1-RELEASE-p9 i386
>Organization:
>Environment:
System: FreeBSD illusion.com 5.2.1-RELEASE-p9 FreeBSD 5.2.1-RELEASE-p9 #4: 
Fri Jul 23 17:19:48 GMT 2004 bugghy@illusio$

>Description:
Rootkit Hunter is scanning tool to ensure you for about 99.9% you're
clean of nasty tools.

This tool scans for rootkits, backdoors and local exploits by running
tests like:

- MD5/SHA1 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files

>How-To-Repeat:
>Fix:
diff -ruN rkhunter.bak/Makefile rkhunter/Makefile
--- rkhunter.bak/Makefile	Sun Jul 25 17:25:17 2004
+++ rkhunter/Makefile	Sun Jul 25 17:26:10 2004
@@ -1,12 +1,12 @@
 # New ports collection makefile for:	rkhunter
-# Date created:		15 May 2004
-# Whom:			Radim Kolar
+# Date created:		25 Jul 2004
+# Whom:			bugghy <bugghy@SAFe-mail.net>
 #
 # $FreeBSD: ports/security/rkhunter/Makefile,v 1.1 2004/05/15 14:00:59 krion Exp $
 #
 
 PORTNAME=	rkhunter
-PORTVERSION=	1.0.8
+PORTVERSION=	1.1.3
 CATEGORIES=	security
 MASTER_SITES=	http://downloads.rootkit.nl/
 
@@ -20,30 +20,19 @@
 NO_BUILD=	yes
 USE_REINPLACE=	yes
 
-PLIST_DIRS=	rkhunter/scripts rkhunter/db rkhunter/docs rkhunter/tmp rkhunter
-PLIST_FILES=	rkhunter/scripts/check_modules.pl \
-		rkhunter/scripts/check_port.pl \
-		rkhunter/scripts/filehashmd5.pl \
-		rkhunter/scripts/filehashsha1.pl \
-		bin/rkhunter \
-		etc/rkhunter.conf \
-		rkhunter/scripts/showfiles.pl \
-		rkhunter/db/backdoorports.dat \
-		rkhunter/db/mirrors.dat \
-		rkhunter/db/os.dat \
-		rkhunter/db/defaulthashes.dat \
-		rkhunter/db/md5blacklist.dat \
-		rkhunter/docs/CHANGELOG \
-		rkhunter/docs/README \
-		rkhunter/docs/WISHLIST
-
 MAN8=		rkhunter.8
 MANCOMPRESSED=	no
 
-pre-install:
-		${REINPLACE_CMD} -e "s,/usr/local,${PREFIX},g" ${WRKSRC}/installer.sh
 do-install:
-		cd ${WRKSRC} && ./installer.sh
+		cd ${WRKSRC} && ./installer.sh --installdir ${PREFIX}
 		${INSTALL_MAN} ${WRKSRC}/files/development/rkhunter.8 ${MAN8PREFIX}/man/man8
+.if !defined(NOPORTDOCS)
+		${MKDIR} ${DOCSDIR}
+		${INSTALL_DATA} ${WRKSRC}/files/CHANGELOG ${DOCSDIR}
+		${INSTALL_DATA} ${WRKSRC}/files/README ${DOCSDIR}
+		${INSTALL_DATA} ${WRKSRC}/files/WISHLIST ${DOCSDIR}
+.endif
+
+		@${SED} -e 's!PREFIX!${PREFIX}!g' ${.CURDIR}/pkg-message
 
 .include <bsd.port.mk>
diff -ruN rkhunter.bak/PROBLEM rkhunter/PROBLEM
--- rkhunter.bak/PROBLEM	Thu Jan  1 00:00:00 1970
+++ rkhunter/PROBLEM	Sun Jul 25 16:49:31 2004
@@ -0,0 +1,8 @@
+1.         t18="See /usr/local/rkhunter/docs for more information. Run 'rkhunter'"
+		it's hardcoded (fbsd uses /usr/local/share/doc/rkhunter)
+
+2.
+
+-verwrite:showfiles.pl:/scripts/showfiles.pl:Directory%%viewer
++overwrite:showfiles.pl:/scripts/showfiles.pl:Directory%%viewer
+
diff -ruN rkhunter.bak/distinfo rkhunter/distinfo
--- rkhunter.bak/distinfo	Sun Jul 25 17:25:17 2004
+++ rkhunter/distinfo	Sun Jul 25 16:12:01 2004
@@ -1,2 +1,2 @@
-MD5 (rkhunter-1.0.8.tar.gz) = bc1006d36e5b2674985c9396b5c46c95
-SIZE (rkhunter-1.0.8.tar.gz) = 77582
+MD5 (rkhunter-1.1.3.tar.gz) = 62271204de0fa0d2bf1b8489b1458dc7
+SIZE (rkhunter-1.1.3.tar.gz) = 98309
diff -ruN rkhunter.bak/files/patch-installer.sh rkhunter/files/patch-installer.sh
--- rkhunter.bak/files/patch-installer.sh	Thu Jan  1 00:00:00 1970
+++ rkhunter/files/patch-installer.sh	Sun Jul 25 17:19:51 2004
@@ -0,0 +1,86 @@
+--- installer.sh.orig	Sun Jul 25 16:20:28 2004
++++ installer.sh	Sun Jul 25 17:19:48 2004
+@@ -69,6 +69,7 @@
+           ;;
+       *)
+           echo "Wrong parameter"
++          exit
+ 	  ;;
+   esac
+   shift
+@@ -111,21 +112,18 @@
+ overwrite:check_port.pl:/scripts/check_port.pl:Portscanner
+ overwrite:filehashmd5.pl:/scripts/filehashmd5.pl:MD5%%Digest%%generator
+ overwrite:filehashsha1.pl:/scripts/filehashsha1.pl:SHA1%%Digest%%generator
+-verwrite:showfiles.pl:/scripts/showfiles.pl:Directory%%viewer
++overwrite:showfiles.pl:/scripts/showfiles.pl:Directory%%viewer
+ overwrite:backdoorports.dat:/db/backdoorports.dat:Database%%Backdoor%%ports
+ overwrite:mirrors.dat:/db/mirrors.dat:Database%%Update%%mirrors
+ overwrite:os.dat:/db/os.dat:Database%%Operating%%Systems
+ overwrite:defaulthashes.dat:/db/defaulthashes.dat:Database%%Default%%file%%hashes
+ overwrite:md5blacklist.dat:/db/md5blacklist.dat:Database%%MD5%%blacklisted%%files
+-overwrite:CHANGELOG:/docs/CHANGELOG:Changelog
+-overwrite:README:/docs/README:Readme%%and%%FAQ
+-overwrite:WISHLIST:/docs/WISHLIST:Wishlist%%and%%TODO
+ "
+ 
+ # Prefix: INSTALLDIR
+ INSTALLFILES2="
+-overwrite:rkhunter.conf:/usr/local/etc/rkhunter.conf:RK%%Hunter%%configuration%%file
+-overwrite:rkhunter:/usr/local/bin/rkhunter:RK%%Hunter%%binary
++overwrite:rkhunter.conf:/etc/rkhunter.conf.sample:RK%%Hunter%%configuration%%file
++overwrite:rkhunter:/bin/rkhunter:RK%%Hunter%%binary
+ "
+ 
+ # Create directories (only if they do not exist)
+@@ -134,10 +132,7 @@
+ ${INSTALLDIR}/etc
+ ${INSTALLDIR}/bin
+ ${INSTALLDIR}/lib/rkhunter/db
+-${INSTALLDIR}/lib/rkhunter/docs
+ ${INSTALLDIR}/lib/rkhunter/scripts
+-${INSTALLDIR}/lib/rkhunter/tmp
+-/usr/local/etc
+ "
+ 
+ CHECKDIR="/usr/local"
+@@ -345,8 +340,6 @@
+ 
+ 
+ # Clean active window
+-clear
+-
+ echo "${INSTALLER_NAME} ${INSTALLER_VERSION} (${INSTALLER_COPYRIGHT})"
+ echo $ECHOOPT "---------------"
+ echo "Starting installation/update"
+@@ -467,7 +460,7 @@
+   if [ -f ${INSTALLPREFIX}${CURFILE} ]
+     then
+       #error redirection in .rkhunter it's just for a clear display if user run not as root
+-      cp -f ${INSTALLPREFIX}${CURFILE} ${NEWFILE} 2> ~/.rkhunter.log
++      cp -f ${INSTALLPREFIX}${CURFILE} "${INSTALLDIR}/${NEWFILE}" 2> ~/.rkhunter.log
+       if [ $? -eq 0 ]
+         then
+ 	  echo $E "OK"
+@@ -482,10 +475,10 @@
+  
+ done
+ 
+-INSTALLDIRCHECK=`cat /usr/local/etc/rkhunter.conf | grep "INSTALLDIR="`
++INSTALLDIRCHECK=`cat $INSTALLDIR/etc/rkhunter.conf.sample | grep "INSTALLDIR="`
+ if [ "${INSTALLDIRCHECK}" = "" ]
+   then
+-    echo "INSTALLDIR=${INSTALLDIR}" >> /usr/local/etc/rkhunter.conf
++    echo "INSTALLDIR=${INSTALLDIR}" >> $INSTALLDIR/etc/rkhunter.conf.sample
+     echo "Configuration updated with installation path (${INSTALLDIR})"
+   else
+     echo "Configuration already updated."
+@@ -495,7 +488,7 @@
+ then
+ 	echo ""
+ 	echo $E "$t17"
+-	echo "$t18 (/usr/local/bin/rkhunter)"
++	echo "$t18 (${INSTALLDIR}/bin/rkhunter)"
+ else
+ 	echo ""
+ 	echo $E "$t19"
diff -ruN rkhunter.bak/files/patch-rkhunter.conf rkhunter/files/patch-rkhunter.conf
--- rkhunter.bak/files/patch-rkhunter.conf	Thu Jan  1 00:00:00 1970
+++ rkhunter/files/patch-rkhunter.conf	Sun Jul 25 17:23:54 2004
@@ -0,0 +1,11 @@
+--- files/rkhunter.conf.orig	Sun Jul 25 17:08:25 2004
++++ files/rkhunter.conf		Sun Jul 25 17:08:48 2004
+@@ -8,7 +8,7 @@
+ 
+ # Use a custom temporary directory (you can override it with the
+ # --tmpdir parameter)
+-#TMPDIR=/tmp
++TMPDIR=/tmp
+ 
+ # Use a custom database directory (you can override it with the
+ # --dbdir parameter)
diff -ruN rkhunter.bak/pkg-descr rkhunter/pkg-descr
--- rkhunter.bak/pkg-descr	Sun Jul 25 17:25:17 2004
+++ rkhunter/pkg-descr	Sun Jul 25 16:22:41 2004
@@ -12,3 +12,7 @@
 - Optional scan within plaintext and binary files
 
 WWW: http://www.rootkit.nl/ 
+
+- bugghy
+bugghy@SAFe-mail.net
+
diff -ruN rkhunter.bak/pkg-message rkhunter/pkg-message
--- rkhunter.bak/pkg-message	Thu Jan  1 00:00:00 1970
+++ rkhunter/pkg-message	Sun Jul 25 16:19:03 2004
@@ -0,0 +1,7 @@
+
+#############################################################################
+  Installed additional documentation in: PREFIX/share/doc/rkhunter
+  Copy PREFIX/etc/rkhunter.conf.sample to PREFIX/etc/rkhunter.conf
+#############################################################################
+
+
diff -ruN rkhunter.bak/pkg-plist rkhunter/pkg-plist
--- rkhunter.bak/pkg-plist	Thu Jan  1 00:00:00 1970
+++ rkhunter/pkg-plist	Sun Jul 25 17:12:09 2004
@@ -0,0 +1,19 @@
+etc/rkhunter.conf.sample
+bin/rkhunter
+lib/rkhunter/db/backdoorports.dat
+lib/rkhunter/db/mirrors.dat
+lib/rkhunter/db/os.dat
+lib/rkhunter/db/defaulthashes.dat
+lib/rkhunter/db/md5blacklist.dat
+lib/rkhunter/scripts/check_modules.pl
+lib/rkhunter/scripts/check_port.pl
+lib/rkhunter/scripts/filehashmd5.pl
+lib/rkhunter/scripts/filehashsha1.pl
+lib/rkhunter/scripts/showfiles.pl
+@dirrm lib/rkhunter/scripts
+@dirrm lib/rkhunter/db
+@dirrm lib/rkhunter
+%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG
+%%PORTDOCS%%%%DOCSDIR%%/README
+%%PORTDOCS%%%%DOCSDIR%%/WISHLIST
+%%PORTDOCS%%@dirrm %%DOCSDIR%%

>Release-Note:
>Audit-Trail:
>Unformatted:
 detection tool