diff options
Diffstat (limited to 'app-forensics/rkhunter')
-rw-r--r-- | app-forensics/rkhunter/Manifest | 10 | ||||
-rw-r--r-- | app-forensics/rkhunter/files/rkhunter-1.3.cron | 133 | ||||
-rw-r--r-- | app-forensics/rkhunter/files/rkhunter-1.4.2.conf.patch | 38 | ||||
-rw-r--r-- | app-forensics/rkhunter/files/rkhunter.bash-completion | 87 | ||||
-rw-r--r-- | app-forensics/rkhunter/metadata.xml | 8 | ||||
-rw-r--r-- | app-forensics/rkhunter/rkhunter-1.4.2.ebuild | 64 | ||||
-rw-r--r-- | app-forensics/rkhunter/rkhunter-1.4.4.ebuild | 65 |
7 files changed, 405 insertions, 0 deletions
diff --git a/app-forensics/rkhunter/Manifest b/app-forensics/rkhunter/Manifest new file mode 100644 index 000000000000..79e7945512b0 --- /dev/null +++ b/app-forensics/rkhunter/Manifest @@ -0,0 +1,10 @@ +AUX rkhunter-1.3.cron 3927 SHA256 525b2680a025eb612600aadb52047718ecfd198b012ab938da150c143cc374e0 SHA512 a99eb535c12b6715031aa367ba0ae70ed1761a03b74c57d173512006e466ef56bfc7ffb15364d4f36d39597277a8cf3b35e7286462bfd6ec9d44877dd1653d4d WHIRLPOOL de51ce8cd50ad27504ba40911bf8a422b3c59239f5bccb99d9d8e86a52672e2086b9d17d6966d7848e82d14cd6fa75bea7964472f3b9a0f1983ec6ddcc40898f +AUX rkhunter-1.4.2.conf.patch 1250 SHA256 ce828b367b04286e5ca9b564455bfadbb9cdfe01dfb0d6601f45adb49265142c SHA512 654887bea5d3b7388c11c9a59d3d924d763268c3552bee82a0bcf9b5077803eaa0cf16b7346aeaac44e817bfdd30e5d74abd10d12eb07f0bc1a97c57b850aefe WHIRLPOOL ccac3d0bd526a48b303ef6ca71ab8bbeb2f177d7fe6788b6b8bd194e7436e4afcbc9db3e016f1af50cc6b29a390b9407121e14e908a024eb01086d955b238c47 +AUX rkhunter.bash-completion 2499 SHA256 cdd08c1e6b79d2875d88c35d0c0bf9d85d84b4a1b21b97eb208883466d1efd39 SHA512 8fba540f5425169810b8baaf2e801638e3286aa93a69d4a96f5916e3bc9b632edaef6b509b8ca58f8047a7c7d4bb4bf348ad7923e855edce3dd0432725a944e7 WHIRLPOOL af6dbc3d95201b149604161986dd68b9551dc8f300e833e904624fb45adf27df74bdf504975d135142fd4065afb86d323569e73e129178c69dc442faa536f537 +DIST rkhunter-1.4.2.tar.gz 277707 SHA256 789cc84a21faf669da81e648eead2e62654cfbe0b2d927119d8b1e55b22b65c3 SHA512 a4e45caaaf5b8262619ebb890784c75c4e30db4c6c0eba305f86d419142b4796c95bc55fe8846dce8d58bc7636bdb365a4a8c41707f64d4d81373687c5a3b0d4 WHIRLPOOL 911ed8e37e112516adba3afb63e3d4862d061ea35cd4b8becea455922d6b2a744f4b8e7cf92685cff29c3192c594dfc58ba3c194f371dd4d95530bd4c09c5d84 +DIST rkhunter-1.4.4.tar.gz 297626 SHA256 a8807c83f9f325312df05aa215fa75ad697c7a16163175363c2066baa26dda77 SHA512 87e9c617220765678cc4519eee27d1d56185c3a7fb1d6338c8fb984ac4f5176c31bb54b69e1de615d66a0cf1e72b672e66b368e37851a459def69463cbb8661e WHIRLPOOL 92c92a693443c978aa7f49944e84075b116c8c4295ff8e9ad54e2bee8242299aaea2d591a9a184dc484b73b33f61210c8b87cfdcea4f2437e386f633ba12f2cb +EBUILD rkhunter-1.4.2.ebuild 1411 SHA256 d02e361bcd6e16ec86e351a307156b7c779bb8d684129791beeeef5771b77492 SHA512 e4b2f70f6417f3a44d918ab310460dd45f7fae760458f7b9804752a79beffabea832dd195c85efeb8e31d1b71d7196b1df70a8cdc5a562d0a4ef575888820ada WHIRLPOOL 7d68ff0ed6c3684ef6aca2d05d6b0089d250fccf3aefb3c0b8c1b1784b522da9d4a26f5d611191cd6c1c7a65a093ce85688925c712dcb178068cf88598c8a992 +EBUILD rkhunter-1.4.4.ebuild 1433 SHA256 92ffcc0f04d6b1a7971aa49ddea6258543d2e8f2cfebcdf1568a3d60237b66b5 SHA512 b35bcfd29d9a8e7f5054975d777cd0b52c251d80df5fb38ec81000b6d6b4f12c6cd81433e4bcf0761a67442dba90049d6f35c3ba8f43e51bfeaed535605184c7 WHIRLPOOL 50edb2fffdcf011b23e12838b78a6ecf8bc6e280c7d2d90f724287c70d6141feedb7c2d2ca50a3d4a732615cda70cdc3941b4ebebec3d6e8103b1e347eae54ad +MISC ChangeLog 3011 SHA256 8ac2848c498d2656567cd8d425cbdc5d9149106db88b00202d01d708e498cf2c SHA512 aa8d505e1dff2cd6a4c259d2fca2bd46f9c33638c06b6251260f9cbe733e44b2cd9244648d66f843a22db006aead75fd4c7fb79cdf0e90357778ee5f1bff8654 WHIRLPOOL 644ae4cef603bc9bf2e4870d797d3189a101bf5d5622cc53aabeba263bbaf158ed19e52d96206cbac19f0e8d8f2e1f92789dc2775f5ded9e085084f9d3896162 +MISC ChangeLog-2015 17596 SHA256 10217ae7177bd40896f0e8bbbcf74d0178e2431434aed2423bee2157c5b87e25 SHA512 c4a26dabfddaad9216e06cfa792acfa4c0c9fd78ba2a9d5a14e89a96670e5a98d04df035a5f71bdb50733e8598360371f36176e45a5b58b5bcaf0d552858eb49 WHIRLPOOL f72b3bde48a002ea7691fd29493a23d1e4cc03fdbe6a67b381f0f656cee36b5dcc624574f6faca05831cc25aa22eaeaf7ee2cd327496201a010dc23720a5b2b8 +MISC metadata.xml 250 SHA256 b7958445feebc53822c26943827589ae43981f57398e4907fd2f2b176f34b17b SHA512 ab31238a72b35a1f33056cf1736628bbf367fc20f4dc93735d11617ed668f295567e1865844d727e666de07c56d84f8b5cfd1eec41c91cd836789a420ea2dda9 WHIRLPOOL da0de8660e95e8b3f4482d30d1895cdf4f10e89a4d514dbfabfaf3fd1720dd653b41f5daade271242340eab2f51beaf15a53ed0828a3acce6e37ad6e4d624bae diff --git a/app-forensics/rkhunter/files/rkhunter-1.3.cron b/app-forensics/rkhunter/files/rkhunter-1.3.cron new file mode 100644 index 000000000000..468667cf9d94 --- /dev/null +++ b/app-forensics/rkhunter/files/rkhunter-1.3.cron @@ -0,0 +1,133 @@ +#!/bin/bash +# original author: Aaron Walker <ka0ttic@gentoo.org> + +########################## Begin Configuration ############################### + +# Default options - more options may be added depending on the +# configuration variables you set below +# --cronjob implies -c, --nocolor, --sk +RKHUNTER_OPTS="--cronjob --summary" + +# Set this to 'yes' to enable ; this script does nothing otherwise +ENABLE=no + +# Automatically update rkhunter's dat files prior to running? +UPDATE=no + +# Set this to 'yes' if you wish the output to be mailed to you +SEND_EMAIL=no + +# NOTE: the following EMAIL_* variables are only relevant if you set the +# SEND_EMAIL variable to 'yes' +EMAIL_SUBJECT="${HOSTNAME}: rkhunter output" +EMAIL_RECIPIENT=root +EMAIL_CMD="|mail -s \"${EMAIL_SUBJECT}\" ${EMAIL_RECIPIENT}" + +# Log rkhunter output? +LOG=no + +# The default log location is /var/log/rkhunter.log. Set this variable if +# you'd like to use an alternate location. +#LOGFILE="" + +# By default, the log file created by rkhunter is world-readable (0644). If +# you'd like to modify the permissions afterwards, set this variable. The +# value of this variable, must be a valid chmod argument such as '0600' or +# 'u+rw,go-rwx'. See the chmod(1) manual page for more information. +#LOGFILE_PERMS="0600" + +# By default, rkhunter overwrites the previous log. Set this variable +# to 'yes' if you'd like the log output appended to the logfile, instead +# of overwriting it. +SAVE_OLD_LOGS=no + +# Set to 1 to recieve only warnings & errors +# Set to 2 to recieve ALL rkhunter output +# Set to 3 to recieve rkhunter report +VERBOSITY=3 + +########################### End Configuration ################################ + +# exit immediately, unless enabled +[[ "${ENABLE}" == "yes" ]] || exit 0 + +# debug mode? (mainly for my benefit) +if [[ -n "${1}" ]] && [[ ${1} = "-d" ]] ; then + set -o verbose -o xtrace +fi + +[[ -z "${LOGFILE}" ]] && LOGFILE="/var/log/rkhunter.log" + +# moved this out of config section since it'll +# probably never need to be changed +RKHUNTER_EXEC="/usr/sbin/rkhunter" + +# sanity check +if [[ ! -x "${RKHUNTER_EXEC}" ]] ; then + echo "${RKHUNTER_EXEC} does not exist or is not executable!" + exit 1 +fi + +# we create a few tmp files, so let's at least make +# them readable/writable by root only +umask 0077 + +# all output goes to this temp file +_tmpout=$(mktemp /tmp/rkhunter.cron.XXXXXX) +exec > ${_tmpout} 2>&1 + +# update data files +if [[ "${UPDATE}" == "yes" ]] ; then + # save the output of --update in a tmp file so that it can be mailed + # along with the scan output; otherwise the user will get 2 mails + ${RKHUNTER_EXEC} --nocolor --update +fi + +# formulate options string according to user configuration +[[ "${LOG}" == "yes" ]] && \ + RKHUNTER_OPTS="${RKHUNTER_OPTS} --createlogfile ${LOGFILE}" + +case "${VERBOSITY}" in + # warnings and errors only + 1) RKHUNTER_OPTS="${RKHUNTER_OPTS} --quiet" ;; + # default rkhunter output (no extra options) +# 2) ;; + # default to option 3 + *) ;; +esac + +# save old log +if [[ "${LOG}" == "yes" && "${SAVE_OLD_LOGS}" == "yes" ]] ; then + if [[ -e "${LOGFILE}" ]] ; then + _tmpfile=$(mktemp ${LOGFILE}.XXXXXX) + mv -f ${LOGFILE} ${_tmpfile} + echo -e "--\nrkhunter.cron commencing at: $(date)\n--" >> ${_tmpfile} + fi +fi + +# finally, run rkhunter +CMD="${RKHUNTER_EXEC} ${RKHUNTER_OPTS}" +eval ${CMD} +RV=$? + +# email output? +if [[ "${SEND_EMAIL}" == "yes" ]] ; then + CMD="cat ${_tmpout} ${EMAIL_CMD}" + eval ${CMD} +fi + +# remove temp file +[[ -n "${_tmpout}" ]] && rm -f ${_tmpout} + +[[ "${LOG}" != "yes" ]] && exit ${RV} + +# from this point on, we can assume logging is enabled + +# append new log to old log and restore +if [[ -n "${_tmpfile}" ]] ; then + cat ${LOGFILE} >> ${_tmpfile} + mv ${_tmpfile} ${LOGFILE} +fi + +chmod ${LOGFILE_PERMS:-0644} ${LOGFILE} +exit ${RV} diff --git a/app-forensics/rkhunter/files/rkhunter-1.4.2.conf.patch b/app-forensics/rkhunter/files/rkhunter-1.4.2.conf.patch new file mode 100644 index 000000000000..8fd49ab421da --- /dev/null +++ b/app-forensics/rkhunter/files/rkhunter-1.4.2.conf.patch @@ -0,0 +1,38 @@ +diff -Naur rkhunter-1.4.2/files/rkhunter.conf rkhunter-1.4.2-fixed/files/rkhunter.conf +--- rkhunter-1.4.2/files/rkhunter.conf 2014-01-25 16:29:51.000000000 -0500 ++++ rkhunter-1.4.2-fixed/files/rkhunter.conf 2014-05-27 11:58:11.098750088 -0400 +@@ -72,6 +72,7 @@ + # to use. + # + ++INSTALLDIR=/usr + + # + # If this option is set to '1', it specifies that the mirrors file +@@ -154,7 +155,7 @@ + # subsequently commented out or removed, then the program will assume a + # default directory beneath the installation directory. + # +-#TMPDIR=/var/lib/rkhunter/tmp ++TMPDIR=/var/lib/rkhunter/tmp + + # + # This option specifies the database directory to use. +@@ -163,7 +164,7 @@ + # subsequently commented out or removed, then the program will assume a + # default directory beneath the installation directory. + # +-#DBDIR=/var/lib/rkhunter/db ++DBDIR=/var/lib/rkhunter/db + + # + # This option specifies the script directory to use. +@@ -171,7 +172,7 @@ + # The installer program will set the default directory. If this default is + # subsequently commented out or removed, then the program will not run. + # +-#SCRIPTDIR=/usr/local/lib/rkhunter/scripts ++SCRIPTDIR=/usr/lib/rkhunter/scripts + + # + # This option can be used to modify the command directory list used by rkhunter diff --git a/app-forensics/rkhunter/files/rkhunter.bash-completion b/app-forensics/rkhunter/files/rkhunter.bash-completion new file mode 100644 index 000000000000..a28f96f510d1 --- /dev/null +++ b/app-forensics/rkhunter/files/rkhunter.bash-completion @@ -0,0 +1,87 @@ +# rkhunter completion + +_rkhunter() { + local cur prev opts + COMPREPLY=() + cur=${COMP_WORDS[COMP_CWORD]} + prev=${COMP_WORDS[COMP_CWORD-1]} + opts="-c --checkall --createlogfile --cronjob --display-logfile -h --help\ + --nocolors --report-mode --report-warnings-only \ + --skip-application-check --skip-keypress --quick --quiet --update \ + --version --versioncheck --bindir --configfile --dbdir --rootdir \ + --tmpdir --disable-md5-check --disable-passwd-check \ + --scan-knownbad-files" + + if [[ "${cur}" == -* ]] || [[ ${COMP_CWORD} -eq 1 ]]; then + COMPREPLY=($(compgen -W "${opts}" -- "${cur}")) + fi + + case "${prev}" in + --createlogfile) + COMPREPLY=($(compgen -o filenames -A file -W "${opts/--createlogfile}" \ + -- "${cur}")) + ;; + --display-logfile) + COMPREPLY=($(compgen -W "${opts/--display-logfile}" -- "${cur}")) + ;; + --*dir) + COMPREPLY=($(compgen -o dirnames -A directory -- "${cur}")) + ;; + --*file) + COMPREPLY=($(compgen -o filenames -A file -- "${cur}")) + ;; + -c|--checkall) + COMPREPLY=($(compgen -W "${opts/-c --checkall}" -- "${cur}")) + ;; + --cronjob) + COMPREPLY=($(compgen -W "${opts/--cronjob}" -- "${cur}")) + ;; + -h|--help) + COMPREPLY=($(compgen -W "${opts/-h --help}" -- "${cur}")) + ;; + --nocolors) + COMPREPLY=($(compgen -W "${opts/--nocolors}" -- "${cur}")) + ;; + --report-mode) + COMPREPLY=($(compgen -W "${opts/--report-mode}" -- "${cur}")) + ;; + --report-warnings-only) + COMPREPLY=($(compgen -W "${opts/--report-warnings-only}" -- \ + "${cur}")) + ;; + --skip-application-check) + COMPREPLY=($(compgen -W "${opts/--skip-application-check}" -- \ + "${cur}")) + ;; + --skip-keypress) + COMPREPLY=($(compgen -W "${opts/--skip-keypress}" -- "${cur}")) + ;; + --quick) + COMPREPLY=($(compgen -W "${opts/--quick}" -- "${cur}")) + ;; + --quiet) + COMPREPLY=($(compgen -W "${opts/--quiet}" -- "${cur}")) + ;; + --update) + COMPREPLY=($(compgen -W "${opts/--update}" -- "${cur}")) + ;; + --version) + COMPREPLY=($(compgen -W "${opts/--version}" -- "${cur}")) + ;; + --versioncheck) + COMPREPLY=($(compgen -W "${opts/--versioncheck}" -- "${cur}")) + ;; + --disable-md5-check) + COMPREPLY=($(compgen -W "${opts/--disable-md5-check}" -- "${cur}")) + ;; + --disable-passwd-check) + COMPREPLY=($(compgen -W "${opts/--disable-passwd-check}" -- \ + "${cur}")) + ;; + --scan-knownbad-files) + COMPREPLY=($(compgen -W "${opts/--scan-knownbad-files}" -- \ + "${cur}")) + ;; + esac +} +complete -F _rkhunter rkhunter diff --git a/app-forensics/rkhunter/metadata.xml b/app-forensics/rkhunter/metadata.xml new file mode 100644 index 000000000000..df05a2cbf56a --- /dev/null +++ b/app-forensics/rkhunter/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <!-- maintainer-needed --> + <upstream> + <remote-id type="sourceforge">rkhunter</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-forensics/rkhunter/rkhunter-1.4.2.ebuild b/app-forensics/rkhunter/rkhunter-1.4.2.ebuild new file mode 100644 index 000000000000..abaf05c31f4c --- /dev/null +++ b/app-forensics/rkhunter/rkhunter-1.4.2.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit eutils bash-completion-r1 + +DESCRIPTION="Rootkit Hunter scans for known and unknown rootkits, backdoors, and sniffers" +HOMEPAGE="http://rkhunter.sf.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 ~mips ppc x86" +IUSE="" + +RDEPEND=" + app-shells/bash + dev-lang/perl + sys-process/lsof[rpc] + virtual/cron + virtual/mailx +" + +S="${WORKDIR}/${P}/files" + +src_prepare() { + epatch "${FILESDIR}/${P}.conf.patch" +} + +src_install() { + # rkhunter requires to be root + dosbin ${PN} + + insinto /etc + doins ${PN}.conf + + exeinto /usr/lib/${PN}/scripts + doexe *.pl + + insinto /var/lib/${PN}/db + doins *.dat + + insinto /var/lib/${PN}/db/i18n + doins i18n/* + + doman ${PN}.8 + dodoc ACKNOWLEDGMENTS CHANGELOG FAQ README + + exeinto /etc/cron.daily + newexe "${FILESDIR}/${PN}-1.3.cron" ${PN} + + newbashcomp "${FILESDIR}/${PN}.bash-completion" ${PN} +} + +pkg_postinst() { + elog "A cron script has been installed to /etc/cron.daily/rkhunter." + elog "To enable it, edit /etc/cron.daily/rkhunter and follow the" + elog "directions." + elog "If you want ${PN} to send mail, you will need to install" + elog "virtual/mailx or alter the EMAIL_CMD variable in the" + elog "cron script and possibly the MAIL_CMD variable in the" + elog "${PN}.conf file to use another mail client." +} diff --git a/app-forensics/rkhunter/rkhunter-1.4.4.ebuild b/app-forensics/rkhunter/rkhunter-1.4.4.ebuild new file mode 100644 index 000000000000..e8eaba4a2a01 --- /dev/null +++ b/app-forensics/rkhunter/rkhunter-1.4.4.ebuild @@ -0,0 +1,65 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit bash-completion-r1 + +DESCRIPTION="Rootkit Hunter scans for known and unknown rootkits, backdoors, and sniffers" +HOMEPAGE="http://rkhunter.sf.net/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~mips ~ppc ~x86" +IUSE="" + +RDEPEND=" + app-shells/bash + dev-lang/perl + sys-process/lsof[rpc] + virtual/cron + virtual/mailx +" + +S="${WORKDIR}/${P}/files" + +src_prepare() { + default + eapply -p2 "${FILESDIR}/${PN}-1.4.2.conf.patch" +} + +src_install() { + # rkhunter requires to be root + dosbin ${PN} + + insinto /etc + doins ${PN}.conf + + exeinto /usr/lib/${PN}/scripts + doexe *.pl + + insinto /var/lib/${PN}/db + doins *.dat + + insinto /var/lib/${PN}/db/i18n + doins i18n/* + + doman ${PN}.8 + dodoc ACKNOWLEDGMENTS CHANGELOG FAQ README + + exeinto /etc/cron.daily + newexe "${FILESDIR}/${PN}-1.3.cron" ${PN} + + newbashcomp "${FILESDIR}/${PN}.bash-completion" ${PN} +} + +pkg_postinst() { + elog "A cron script has been installed to /etc/cron.daily/rkhunter." + elog "To enable it, edit /etc/cron.daily/rkhunter and follow the" + elog "directions." + elog "If you want ${PN} to send mail, you will need to install" + elog "virtual/mailx or alter the EMAIL_CMD variable in the" + elog "cron script and possibly the MAIL_CMD variable in the" + elog "${PN}.conf file to use another mail client." +} |