rpms/chkrootkit/devel chkrootkit-0.47-no-openbsd.patch, NONE, 1.1 README.false_positives, 1.1, 1.2 chkrootkit.spec, 1.20, 1.21

Wed Jan 31 18:34:27 UTC 2007

Author: mschwendt

Update of /cvs/extras/rpms/chkrootkit/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9061

Modified Files:
	README.false_positives chkrootkit.spec 
Added Files:
	chkrootkit-0.47-no-openbsd.patch 
Log Message:
* Wed Jan 31 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.47-5
- Upstream wants to disable the OBSD rk v1 check on Linux with
  next release.


chkrootkit-0.47-no-openbsd.patch:

--- NEW FILE chkrootkit-0.47-no-openbsd.patch ---
diff -Nur chkrootkit-0.47-orig/chkrootkit chkrootkit-0.47/chkrootkit
--- chkrootkit-0.47-orig/chkrootkit	2006-10-09 21:20:54.000000000 +0200
+++ chkrootkit-0.47/chkrootkit	2007-01-31 19:28:47.000000000 +0100
@@ -474,13 +474,6 @@
        ### MithRa's Rootkit
        expertmode_output "${find} ${ROOTDIR}usr/lib/locale -name uboot"
 
-
-       ### OpenBSD rootkit v1
-       if [ "$SYSTEM" != "SunOS" -a ! -f /usr/lib/security/libgcj.security ]
-          then
-          expertmode_output "${find} ${ROOTDIR}usr/lib/security"
-       fi
-
        ### LOC rootkit
        expertmode_output "${find} ${ROOTDIR}tmp -name xp -o -name kidd0.c"
 
@@ -892,18 +885,6 @@
      echo "${files}"
    fi
 
-   ### OpenBSD rootkit v1
-   if [ "${SYSTEM}" != "SunOS" -a ! -f ${ROOTDIR}usr/lib/security/libgcj.security ]; then
-      files=""
-      if [ "${QUIET}" != "t" ];then printn "Searching for OBSD rk v1... "; fi
-      files=`${find} ${ROOTDIR}usr/lib/security 2>/dev/null`
-      if [ "${files}" = "" -o "${SYSTEM}" = "HP-UX" ]; then
-         if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
-      else
-        echo "${files}"
-      fi
-   fi
-
    ### LOC rootkit
    files=""
    if [ "${QUIET}" != "t" ];then printn "Searching for LOC rootkit... "; fi


Index: README.false_positives
===================================================================
RCS file: /cvs/extras/rpms/chkrootkit/devel/README.false_positives,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- README.false_positives	30 Jan 2007 20:06:16 -0000	1.1
+++ README.false_positives	31 Jan 2007 18:33:57 -0000	1.2
@@ -33,22 +33,4 @@
 uses the knowledge about white-listed file locations to store its
 malicious files.
 
-
-Another example is a check that looks for files in a place, which is
-used by a valid package nowadays. The output looks like:
-
-Searching for OBSD rk v1... /usr/lib/security
-/usr/lib/security/classpath.security
-
-Both files are included within the "libgcj" package, however,
-
-  $ rpm --query --file /usr/lib/security/classpath.security
-  libgcj-4.1.1-51.fc6
-
-and are false positives,
-
-  $ rpm --verify libgcj
-  $
-
-unless something has managed to manipulate the system in a way, so that
-simple checks like above cannot be trusted.
+Also see:  http://www.chkrootkit.org/faq/


Index: chkrootkit.spec
===================================================================
RCS file: /cvs/extras/rpms/chkrootkit/devel/chkrootkit.spec,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- chkrootkit.spec	30 Jan 2007 20:47:59 -0000	1.20
+++ chkrootkit.spec	31 Jan 2007 18:33:57 -0000	1.21
@@ -1,6 +1,6 @@
 Name:           chkrootkit
 Version:        0.47
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        Tool to locally check for signs of a rootkit
 Group:          Applications/System
 License:        BSD-like
@@ -16,6 +16,7 @@
 Patch2:         chkrootkit-0.44-inetd.patch
 Patch3:         chkrootkit-0.45-includes.patch
 Patch4:         chkrootkit-0.47-warnings.patch
+Patch5:         chkrootkit-0.47-no-openbsd.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  desktop-file-utils
@@ -43,6 +44,7 @@
 %patch2 -p1 -b .inetd
 %patch3 -p1 -b .includes
 %patch4 -p1 -b .warnings
+%patch5 -p1 -b .no-openbsd
 sed -i -e 's!\s\+ at strip.*!!g' Makefile
 
 
@@ -111,6 +113,10 @@
 
 
 %changelog
+* Wed Jan 31 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.47-5
+- Upstream wants to disable the OBSD rk v1 check on Linux with
+  next release.
+
 * Tue Jan 30 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 0.47-4
 - Don't like the previous patch yet, since it is unsafe and
   makes -p more difficult, so removed it again.


