Add chkrootkit 0.30, a tool to locally check for signs of a rootkit.

PR:		26115
Submitted by:	Luiz Eduardo R. Cordeiro

5 files changed, 66 insertions, 0 deletions

diff --git a/security/chkrootkit/Makefile b/security/chkrootkit/Makefile
new file mode 100644
index 000000000000..cf8672042719
--- /dev/null
+++ b/security/chkrootkit/Makefile
@@ -0,0 +1,37 @@
+# Ports collection makefile for:	chkrootkit
+# Date created:				13 Mar 2001
+# Whom:					Luiz Eduardo R. Cordeiro
+#
+# $FreeBSD$
+#
+
+PORTNAME=	chkrootkit
+PORTVERSION=	0.30
+CATEGORIES=	security
+MASTER_SITES=	ftp://ftp.pangeia.com.br/pub/seg/pac/
+DISTNAME=	${PORTNAME}
+
+MAINTAINER=	cordeiro@iqm.unicamp.br
+
+WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
+ALL_TARGET=	chkrootkit chklastlog chkwtmp ifpromisc
+
+pre-patch:
+	@${MV} ${WRKSRC}/Makefile ${WRKSRC}/Makefile.orig
+	@${SED} -e "s/^CC/#CC/g" -e "s/^CFLAGS/#CFLAGS/g" \
+		${WRKSRC}/Makefile.orig > ${WRKSRC}/Makefile
+	@${MV} ${WRKSRC}/chkrootkit ${WRKSRC}/chkrootkit.orig
+	@${SED} -e 's#\./chklastlog#${PREFIX}/sbin/chklastlog#' \
+		-e 's#\./chkwtmp#${PREFIX}/sbin/chkwtmp#' \
+		-e 's#\./ifpromisc#${PREFIX}/sbin/ifpromisc#' \
+		${WRKSRC}/chkrootkit.orig > ${WRKSRC}/chkrootkit
+do-install:
+	${INSTALL_SCRIPT}  ${WRKSRC}/chkrootkit ${PREFIX}/sbin
+	${INSTALL_PROGRAM} ${WRKSRC}/chklastlog ${PREFIX}/sbin
+	${INSTALL_PROGRAM} ${WRKSRC}/chkwtmp    ${PREFIX}/sbin
+	${INSTALL_PROGRAM} ${WRKSRC}/ifpromisc  ${PREFIX}/sbin
+	@${MKDIR} ${PREFIX}/share/doc/chkrootkit
+	${CP} -R ${WRKSRC}/COPY*   ${PREFIX}/share/doc/chkrootkit
+	${CP} -R ${WRKSRC}/README* ${PREFIX}/share/doc/chkrootkit
+
+.include <bsd.port.mk>
diff --git a/security/chkrootkit/distinfo b/security/chkrootkit/distinfo
new file mode 100644
index 000000000000..03a2631ca1d4
--- /dev/null
+++ b/security/chkrootkit/distinfo
@@ -0,0 +1 @@
+MD5 (chkrootkit.tar.gz) = 2f1c9ec3c3bf62d50c70e25a52ddc1d7
diff --git a/security/chkrootkit/pkg-comment b/security/chkrootkit/pkg-comment
new file mode 100644
index 000000000000..01bb2f27e1c7
--- /dev/null
+++ b/security/chkrootkit/pkg-comment
@@ -0,0 +1 @@
+A tool to locally check for signs of a rootkit
diff --git a/security/chkrootkit/pkg-descr b/security/chkrootkit/pkg-descr
new file mode 100644
index 000000000000..a5efc8517b41
--- /dev/null
+++ b/security/chkrootkit/pkg-descr
@@ -0,0 +1,18 @@
+Chkrootkit is a tool to locally check for signs of a rootkit.  It
+contains:
+ 
+ * chkrootkit: a shell script that checks system binaries for
+   rootkit modification.
+ * ifpromisc.c: checks if the network interface is in promiscuous
+   mode.
+ * chklastlog.c: checks for lastlog deletions.
+ * chkwtmp.c: checks for wtmp deletions.
+ 
+The following rootkits and worms are currently detected: Solaris
+rootkit, FreeBSD rootkit, lrk3, lrk4, lrk5, lrk6, t0rn, some lrk
+variants, Ambient's Rootkit for Linux (ARK), Ramen Worm,
+rh[67]-shaper, RSHA and Romanian rootkit.
+ 
+Nelson Murilo <nelson@pangeia.com.br>
+
+WWW: http://www.chkrootkit.org.br
diff --git a/security/chkrootkit/pkg-plist b/security/chkrootkit/pkg-plist
new file mode 100644
index 000000000000..b2495db46db6
--- /dev/null
+++ b/security/chkrootkit/pkg-plist
@@ -0,0 +1,9 @@
+sbin/chkrootkit
+sbin/chklastlog
+sbin/chkwtmp
+sbin/ifpromisc
+share/doc/chkrootkit/COPYRIGHT
+share/doc/chkrootkit/README
+share/doc/chkrootkit/README.chklastlog
+share/doc/chkrootkit/README.chkwtmp
+@dirrm share/doc/chkrootkit