rpms/chkrootkit/devel chkrootkit-0.47-no-openbsd.patch, NONE, 1.1 README.false_positives, 1.1, 1.2 chkrootkit.spec, 1.20, 1.21
Michael Schwendt (mschwendt)
fedora-extras-commits at redhat.com
Wed Jan 31 18:34:27 UTC 2007
Author: mschwendt
Update of /cvs/extras/rpms/chkrootkit/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9061
Modified Files:
README.false_positives chkrootkit.spec
Added Files:
chkrootkit-0.47-no-openbsd.patch
Log Message:
* Wed Jan 31 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.47-5
- Upstream wants to disable the OBSD rk v1 check on Linux with
next release.
chkrootkit-0.47-no-openbsd.patch:
--- NEW FILE chkrootkit-0.47-no-openbsd.patch ---
diff -Nur chkrootkit-0.47-orig/chkrootkit chkrootkit-0.47/chkrootkit
--- chkrootkit-0.47-orig/chkrootkit 2006-10-09 21:20:54.000000000 +0200
+++ chkrootkit-0.47/chkrootkit 2007-01-31 19:28:47.000000000 +0100
@@ -474,13 +474,6 @@
### MithRa's Rootkit
expertmode_output "${find} ${ROOTDIR}usr/lib/locale -name uboot"
-
- ### OpenBSD rootkit v1
- if [ "$SYSTEM" != "SunOS" -a ! -f /usr/lib/security/libgcj.security ]
- then
- expertmode_output "${find} ${ROOTDIR}usr/lib/security"
- fi
-
### LOC rootkit
expertmode_output "${find} ${ROOTDIR}tmp -name xp -o -name kidd0.c"
@@ -892,18 +885,6 @@
echo "${files}"
fi
- ### OpenBSD rootkit v1
- if [ "${SYSTEM}" != "SunOS" -a ! -f ${ROOTDIR}usr/lib/security/libgcj.security ]; then
- files=""
- if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
- files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
- if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
- if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
- else
- echo "${files}"
- fi
- fi
-
### LOC rootkit
files=""
if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi
Index: README.false_positives
===================================================================
RCS file: /cvs/extras/rpms/chkrootkit/devel/README.false_positives,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- README.false_positives 30 Jan 2007 20:06:16 -0000 1.1
+++ README.false_positives 31 Jan 2007 18:33:57 -0000 1.2
@@ -33,22 +33,4 @@
uses the knowledge about white-listed file locations to store its
malicious files.
-
-Another example is a check that looks for files in a place, which is
-used by a valid package nowadays. The output looks like:
-
-Searching for OBSD rk v1... /usr/lib/security
-/usr/lib/security/classpath.security
-
-Both files are included within the "libgcj" package, however,
-
- $ rpm --query --file /usr/lib/security/classpath.security
- libgcj-4.1.1-51.fc6
-
-and are false positives,
-
- $ rpm --verify libgcj
- $
-
-unless something has managed to manipulate the system in a way, so that
-simple checks like above cannot be trusted.
+Also see: http://www.chkrootkit.org/faq/
Index: chkrootkit.spec
===================================================================
RCS file: /cvs/extras/rpms/chkrootkit/devel/chkrootkit.spec,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- chkrootkit.spec 30 Jan 2007 20:47:59 -0000 1.20
+++ chkrootkit.spec 31 Jan 2007 18:33:57 -0000 1.21
@@ -1,6 +1,6 @@
Name: chkrootkit
Version: 0.47
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: Tool to locally check for signs of a rootkit
Group: Applications/System
License: BSD-like
@@ -16,6 +16,7 @@
Patch2: chkrootkit-0.44-inetd.patch
Patch3: chkrootkit-0.45-includes.patch
Patch4: chkrootkit-0.47-warnings.patch
+Patch5: chkrootkit-0.47-no-openbsd.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: desktop-file-utils
@@ -43,6 +44,7 @@
%patch2 -p1 -b .inetd
%patch3 -p1 -b .includes
%patch4 -p1 -b .warnings
+%patch5 -p1 -b .no-openbsd
sed -i -e 's!\s\+ at strip.*!!g' Makefile
@@ -111,6 +113,10 @@
%changelog
+* Wed Jan 31 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.47-5
+- Upstream wants to disable the OBSD rk v1 check on Linux with
+ next release.
+
* Tue Jan 30 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.47-4
- Don't like the previous patch yet, since it is unsafe and
makes -p more difficult, so removed it again.
More information about the scm-commits
mailing list