--- chkrootkit-0.49.orig/debian/chkrootkit.1 +++ chkrootkit-0.49/debian/chkrootkit.1 @@ -0,0 +1,57 @@ +.TH chkrootkit 1 "10 January 2003" +.SH NAME +chkrootkit +\- Determine whether the system is infected with a rootkit +.SH SYNOPSIS +.B chkrootkit +[\fIOPTION\fR]... [\fITESTNAME\fR]... +.SH DESCRIPTION +.B chkrootkit +examines certain elements of the target system and determines +whether they have been tampered with. Some tools which +.B chkrootkit +applies while analyzing binaries and log files can be found at +\fI\//usr/lib/chkrootkit\fR. + +.SH OPTIONS +.TP +\fB\-h\fR +Print a short help message and exit. +.TP +\fB\-V\fR +Print version information and exit. +.TP +\fB\-l\fR +Print available tests. +.TP +\fB\-d\fR +Enter debug mode. +.TP +\fB\-x\fR +Enter expert mode. +.TP +\fB\-e\fR +Exclude known false positive files/dirs, quoted, space separated. +.TP +\fB\-q\fR +Enter quiet mode. +.TP +\fB\-r \fIdir\fR +Use +.I dir +as the root directory. +.TP +\fB\-p \fIdir1\fR:\fIdir2\fR:\fIdirN\fR +Specify the path for the external commands used by chkrootkit. +.TP +\fB\-n\fR +skip NFS mounted dirs + +.SH "AUTHOR" +Manual page written by Yotam Rubin +.I +and lantz moore +.I +for the Debian project. It may be used by others. +.SH SEE ALSO +\fBstrings\fR(1) --- chkrootkit-0.49.orig/debian/config +++ chkrootkit-0.49/debian/config @@ -0,0 +1,53 @@ +#!/bin/sh + +set -e + +CF=/etc/chkrootkit.conf + +. /usr/share/debconf/confmodule +db_version 2.0 + +db_capb backup + +db_title "chkrootkit" + +if [ -f $CF ]; then + . $CF || true + case "$RUN_DAILY" in + true|false);; + *) RUN_DAILY="false";; + esac + case "$DIFF_MODE" in + true|false);; + *) DIFF_MODE="false";; + esac + db_set chkrootkit/run_daily "$RUN_DAILY" + db_set chkrootkit/run_daily_opts "$RUN_DAILY_OPTS" + db_set chkrootkit/diff_mode "$DIFF_MODE" +fi + +STATE=1 +while [ "$STATE" -gt 0 -a "$STATE" -lt 4 ]; do + case "$STATE" in + 1) db_input medium chkrootkit/run_daily || true;; + 2) + db_get chkrootkit/run_daily + if [ "$RET" = "true" ]; then + db_input medium chkrootkit/run_daily_opts || true + fi + ;; + 3) + db_get chkrootkit/run_daily + if [ "$RET" = "true" ]; then + db_input medium chkrootkit/diff_mode || true + fi + + ;; + esac + + if db_go; then + STATE=$(($STATE + 1)) + else + STATE=$(($STATE - 1)) + fi +done --- chkrootkit-0.49.orig/debian/postinst +++ chkrootkit-0.49/debian/postinst @@ -0,0 +1,43 @@ +#!/bin/sh + +CF=/etc/chkrootkit.conf + +set -e +. /usr/share/debconf/confmodule + +if [ ! -f $CF ]; then + echo "RUN_DAILY=\"false\"" > $CF + echo "RUN_DAILY_OPTS=\"-q\"" >> $CF + echo "DIFF_MODE=\"false\"" >> $CF +else + if ! egrep -q '\bRUN_DAILY\b' $CF > /dev/null; then + echo "RUN_DAILY=\"false\"" >> $CF + fi + if ! egrep -q '\bRUN_DAILY_OPTS\b' $CF > /dev/null; then + echo "RUN_DAILY_OPTS=\"-q\"" >> $CF + fi + if ! egrep -q '\bDIFF_MODE\b' $CF > /dev/null; then + echo "DIFF_MODE=\"false\"" >> $CF + fi +fi + +db_version 2.0 + +db_get chkrootkit/run_daily +RUN_DAILY="$RET" +db_get chkrootkit/run_daily_opts +RUN_DAILY_OPTS="$RET" +db_get chkrootkit/diff_mode +DIFF_MODE="$RET" + +cp -a -f $CF $CF.tmp +sed -e "s,^ *RUN_DAILY=.*,RUN_DAILY=\"$RUN_DAILY\"," \ + -e "s,^ *RUN_DAILY_OPTS=.*,RUN_DAILY_OPTS=\"$RUN_DAILY_OPTS\"," \ + -e "s,^ *DIFF_MODE=.*,DIFF_MODE=\"$DIFF_MODE\"," \ + < $CF > $CF.tmp +mv -f $CF.tmp $CF + + +#DEBHELPER# + +exit 0 --- chkrootkit-0.49.orig/debian/control +++ chkrootkit-0.49/debian/control @@ -0,0 +1,27 @@ +Source: chkrootkit +Section: misc +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Giuseppe Iuculano +Uploaders: Mike Forbes +Standards-Version: 3.8.3 +Build-Depends: debhelper (>= 7), po-debconf, quilt (>= 0.40) +Homepage: http://www.chkrootkit.org/ +Vcs-Git: git://git.debian.org/git/collab-maint/chkrootkit.git +Vcs-Browser: http://git.debian.org/?p=collab-maint/chkrootkit.git +DM-Upload-Allowed: yes + +Package: chkrootkit +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, binutils, net-tools, debconf, procps +Description: rootkit detector + The chkrootkit security scanner searches the local system for signs + that it is infected with a 'rootkit'. Rootkits are set of programs + and hacks designed to take control of a target machine by using known + security flaws. + . + Types that chkrootkit can identify are listed on the project's home page. + . + Please note that where chkrootkit detects no intrusions, this does + not guarantee that the system is uncompromised. In addition to + running chkrootkit, more specific tests should always be performed. --- chkrootkit-0.49.orig/debian/docs +++ chkrootkit-0.49/debian/docs @@ -0,0 +1,5 @@ +README +README.chklastlog +README.chkwtmp +ACKNOWLEDGMENTS +debian/README.FALSE-POSITIVES \ No newline at end of file --- chkrootkit-0.49.orig/debian/README.source +++ chkrootkit-0.49/debian/README.source @@ -0,0 +1,5 @@ +This package uses quilt to manage all modifications to the upstream +source. Changes are stored in the source package as diffs in +debian/patches and applied during the build. + +See /usr/share/doc/quilt/README.source for a detailed explanation. --- chkrootkit-0.49.orig/debian/changelog +++ chkrootkit-0.49/debian/changelog @@ -0,0 +1,472 @@ +chkrootkit (0.49-3ubuntu0.1) lucid-security; urgency=medium + + * SECURITY UPDATE: root escalation via missing quotes in slapper() + - debian/patches/CVE-2014-0476.patch: make sure file_port is properly + quoted in chkrootkit. + - CVE-2014-0476 + + -- Marc Deslauriers Wed, 04 Jun 2014 09:02:04 -0400 + +chkrootkit (0.49-3) unstable; urgency=low + + * [543dafe] Fixed chkutmp parser and added a regexp to ignore PIDs in + chkutmp output, thanks to Aaron M. Ucko. (Closes: #542327) + * [d016db0] chkutmp: sort ps output by tty,ruser,args. Thanks to Aaron + M. Ucko + * [c1fb66c] Updated to standards version 3.8.3 (No changes needed) + + -- Giuseppe Iuculano Fri, 28 Aug 2009 10:29:14 +0200 + +chkrootkit (0.49-2) unstable; urgency=low + + * [3ee046b] Provide exit code at the end of chkrootkit script, thanks + to Arjan Opmeer (Closes: #541060) + + -- Giuseppe Iuculano Sat, 15 Aug 2009 08:27:37 +0200 + +chkrootkit (0.49-1) unstable; urgency=low + + * [70bf018] Imported Upstream version 0.49 + * [508aa04] Refreshed patches, removed nophpcheck.patch and + fixchkdirsinppc.patch + * [64b0759] Fix a typo in chkrootkit -q check, thanks to Jesse Norell + (Closes: #538277) + * [bdc9cac] Updated to standards version 3.8.2 (No changes needed) + + -- Giuseppe Iuculano Sun, 09 Aug 2009 12:09:43 +0200 + +chkrootkit (0.48-10) unstable; urgency=low + + * [5feed88] Add a symlink for chklastlog and chkwtmp in /usr/sbin + * [d194ed8] debian/cron.daily: Updated the dhcpd regexp to handle + ethernet aliases. Thanks Richard Salts. (Closes: #525370) + * [360a01a] Updated to standards version 3.8.1 (No changes needed) + * [f757c97] Bump to debhelper 7 compatibility levels + * [9f66bca] debian/control: Updated Vcs-Browser field + * [0d019b3] debian/rules: use dh_prep instead of deprecated dh_clean + -k + * [a73e8f6] use set -e in debian/config and debian/cron.daily and fix + pedantic lintian warning maintainer-script-without-set-e + + -- Giuseppe Iuculano Fri, 24 Apr 2009 12:05:04 +0200 + +chkrootkit (0.48-9) unstable; urgency=low + + * [5e5e86d] Updated Spanish debconf translation, thanks to Francisco + Javier Cuadrado (Closes: #507753) + * [bda385f] Switch to quilt + * [730645f] debian/README.source: Updated with quilt info + * [4f11213] debian/patches/excludes.patch: extend -e options also for + files associated with specific rootkits (Closes: #498062) and write + rootkit filenames (Closes: #126160), thanks to James R. Van Zandt. + * [fe81414] debian/cron.daily: Warns about the change until the user + acknowledges the change. (Closes: #286735, #445955) Thanks to + Richard Lewis + * [d22dd97] Use /var/log/chkrootkit as log dir instead of + /var/cache/chkrootkit, and remove it on purge + + -- Giuseppe Iuculano Wed, 07 Jan 2009 19:14:36 +0100 + +chkrootkit (0.48-8) unstable; urgency=low + + * debian/patches/fixchkdirsinppc.dpatch: This trivial patch fixes "chkdirs + called with wrong arguments" issue on powerpc. Thanks to Enrico Zini + (Closes: #501066) + * debian/control: Removed pointless libc6.1-dev [ia64] depends + introduced as a workaround for an old bug in kernel-headers (2.4.x) + + -- Giuseppe Iuculano Wed, 26 Nov 2008 17:38:58 +0100 + +chkrootkit (0.48-7) unstable; urgency=low + + * New maintainer, thanks to Francois Marier for the prior work on chkrootkit. + (Closes: #506721) + * debian/patches/fixwarnings.dpatch: Some little fixes to silence compiler. + * added debian/README.source to document dpatch usage, as required by Debian + Policy since 3.8.0 + * debian/control: + + Set me as maintainer + + set DM-Upload-Allowed: yes control field + + Added ${misc:Depends} in Depends + * debian/patches/nophpcheck.dpatch: Delete the "suspect PHP files" check. + Not only does it trigger SIGPIPE for file names which contain special + unescaped characters, the second half is doubtful (it doesn't print any + filenames and gets confused by binary file contents). (Closes: #479187) + * debian/patches/logpath.dpatch: Read logs from /var/log instead of /var/adm + * debian/patches/procpsv3.dpatch: Let chkproc default to procps version 3. + (Closes: #477945) (Closes: #497253) + + -- Giuseppe Iuculano Tue, 25 Nov 2008 12:09:17 +0100 + +chkrootkit (0.48-6) unstable; urgency=low + + * Move all upstream code changes to dpatch + * Swap maintainer and uploader fields + * Allow more than one -e option (closes: #489334) + * Line-up reports using printf (closes: #343284) + * Remove superfluous backslashes (closes: #498063) + + -- Francois Marier Sun, 23 Nov 2008 13:52:20 +1300 + +chkrootkit (0.48-5) unstable; urgency=low + + * Remove filtering/ignore stuff from the cron job and the README.Debian + * Update Swedish debconf translation (closes: #491759) + + -- Francois Marier Wed, 23 Jul 2008 17:25:49 +1200 + +chkrootkit (0.48-4) unstable; urgency=low + + * Taken this package over with permission from Francois + * Added updated Japanese translation (closes: #489937) + + -- Mike Forbes Wed, 09 Jul 2008 15:49:33 +1200 + +chkrootkit (0.48-3) unstable; urgency=low + + * Add nfs-common to the list of false positives (closes: #484781) + * Use passive FTP in the watch file + * Bump Standards-Version up to 3.8.0 + + -- Francois Marier Tue, 17 Jun 2008 14:27:06 +1200 + +chkrootkit (0.48-2) unstable; urgency=high + + * Remove check for Enye LKM, which was causing unrelated + software to die, hence the urgency (closes: #457828) + * Improve layout of main manpage (closes: #469724) + * Remove stripping in the upstream Makefile (closes: #436626) + * Add errors messages when commands are not found (closes: #347879) + * Fix shell history anomaly (closes: #402477) + * New option to exclude false positives from the list of reported + dotfiles (closes: #406493, #426068) + * Rename /proc/ksyms to /proc/kallsyms on 2.6 kernels (closes: #411128) + * Fix NFS-skipping -n option (closes: #234469) + * Debconf templates and debian/control reviewed by the debian-l10n- + english team as part of the Smith review project. (closes: #466967) + + -- Francois Marier Mon, 21 Apr 2008 22:41:11 +1200 + +chkrootkit (0.48-1) unstable; urgency=low + + * New upstream release (closes: #471241) + * Set myself as maintainer for this orphaned package + * Add upstream homepage and packaging git repo + * Add watch file + + * Packaging fixes: + - Always run debconf-updatepo in the clean target + - Bump Standards-Version to 3.7.3 and debhelper to 6 + - Cleaned-up copyright file + - Remove empty prerm script + - Fix make clean lintian warning + - Don't translate default '-q' argument + - Fix trivial errors in manpages + - Remove unneeded lines in debian/rules + + * Debconf templates: + - Fix lintian warnings + - New Norwegian translation (closes: #467531) + - New Basque translation (closes: #468044) + - New Finnish translation (closes: #468216) + - New Vietnamese translation (closes: #468480) + - New Russian translation (closes: #470510) + - Updated Galician translation (closes: #468079) + - Updated Spanish translation (closes: #469284) + - Updated French translation (closes: #469300) + - Updated Italian translation (closes: #469986) + - Updated German translation (closes: #469988) + - Updated Czech translation (closes: #470151) + - Updated Portugese translation (closes: #470950) + + -- Francois Marier Sun, 20 Apr 2008 23:01:41 +1200 + +chkrootkit (0.47-1.1) unstable; urgency=low + + * Non-maintainer upload to fix pending l10n issues. + * Debconf translations: + - Portuguese. Closes: #409449 + - Galician. Closes: #412196 + - All PO files converted to UTF-8, except Japanese + + -- Christian Perrier Mon, 5 Mar 2007 07:51:28 +0100 + +chkrootkit (0.47-1) unstable; urgency=low + + * New upstream release + + -- lantz moore Sat, 18 Nov 2006 00:59:53 -0800 + +chkrootkit (0.46a-4) unstable; urgency=low + + * don't throw away results of find (closes: 365715) + * fixed spelling mistake in chkwtmp.1 (closes: 365567) + * added debconf translations (closes: 358045,364296,374027) + * removed showtee libfl check since it would cause a + false positive on most debian systems (closes: 387312,387358) + * use -wholename in find instead of -name (closes: 389520) + * tightened up LPD inetd regex (closes: 322889) + * added knockd to README.FALSE-POSITIVES (closes: 356774) + + -- lantz moore Sat, 30 Sep 2006 13:25:07 -0700 + +chkrootkit (0.46a-3) unstable; urgency=low + + * really adding german debconf translation (closes: 326139) + * use SIGXFSZ instead of hardcoded 25 (closes: 346333) + + -- lantz moore Fri, 17 Feb 2006 20:55:58 -0800 + +chkrootkit (0.46a-2) unstable; urgency=low + + * better handling of long command lines in chkproc (closes: 328991) + * fixed sign issue on ifpromisc:find_packet_info (closes: 333068) + * more user friendly output of suspicious files in quiet mode (closes: 306787) + + -- lantz moore Fri, 25 Nov 2005 23:32:54 -0800 + +chkrootkit (0.46a-1) unstable; urgency=low + + * New upstream release (closes: 337943) + * added findargs to the 'shell history anomalies' test (closes: 297680) + * added quieting capability to chklastlog (closes: 306263) + * the wted test was running even when no wtmp file was found, fixed (see: 306449) + * added note to README.FALSE-POSITIVE + - mindi has hidden files (closes: 306784) + - erlang-base's epmd listens on a bindshell port (closes: 309386) + - perl has .packlist files (closes: 309387) + - realplay has .realplayerrc (closes: 309942) + - smlnj has .{cm,run,heap} files (closes: 323191) + - gnustep-make has .GNUsteprc (closes: 337962) + - pipsecd listens on a scalper port (closes: 307349) + * added optional depends debconf-2.0 (closes: 331777) + * added debconf translations (closes: 310029,326139,306648,311107,313250,333487,318873,334394) + * output suspicious files on separate lines (closes: 316610) + * added dependency on procps (closes: 333710) + + -- lantz moore Thu, 24 Nov 2005 13:17:21 -0800 + +chkrootkit (0.45-1) unstable; urgency=low + + * New upstream release (closes: 305708, 305710) + * use -f for conf file test (closes: 289647) + * added debconf translations + (closes: 294775,291754,287755,286473,286041) + * added more false positives to README.Debian: + - blackdown java (closes: 286870, 290816) + - blender (closes: 287062) + - mldonkey-server (closes: 304561, 295889) + - twiki (closes: 298394) + - viewglob, kaffe (closes: 287109,286057) + - bitlbee (closes: 234566) + - tiger (closes: 223428) + - radius (closes: 192438,229673) + * only run chkrootkit from cron.daily if the package is still installed + (closes: 300217,291494) + * disabled chkutmp as it seems unstable + * getCMD now only runs test if ps shows the prog as running + (closes: 262586) + * added ability for the daily run to only report problems if they differ + from the previous days run (closes: 290690,286735) + * removed an invalid changelog entry + + -- lantz moore Thu, 21 Apr 2005 17:28:26 -0700 + +chkrootkit (0.44-2) unstable; urgency=low + + * use the right conf var in cron.daily (closes: #285061) + * fixed bad exit code in cron.daily (closes: #285093) + * fixed misspelling in templates (closes: #285096) + + -- lantz moore Fri, 10 Dec 2004 09:23:31 -0800 + +chkrootkit (0.44-1) unstable; urgency=low + + * New upstream release (closes: #277785) + * applied gender patch from jason@debian.org (closes: #264511) + * false positives already reported in README.debian + (closes: #265571,#276761,#251719,#245983,#222060,#222035,#192772) + * new false positives listed in README.debian (closes: #227624) + * remove bashism from debian/rules (closes: #227065) + * add getconf LFS_CFLAGS to CFLAGS (closes: #263702) + * build-depends on po-debconf + + -- lantz moore Wed, 8 Dec 2004 12:28:48 -0800 + +chkrootkit (0.43-2) unstable; urgency=low + + * debconf and cron.daily support (closes: #223466) + + -- lantz moore Sat, 10 Jan 2004 14:08:15 -0800 + +chkrootkit (0.43-1) unstable; urgency=low + + * New upstream release (closes: #127610) + * added dependency on net-tools (closes: #224029) + * added note about dhcpd false positive (closes: #225827) + * added note about chroot environs (closes: #211379) + * added note about subversion metadata dirs (closes: #204910) + + -- lantz moore Sat, 10 Jan 2004 11:24:37 -0800 + +chkrootkit (0.42b-1) unstable; urgency=low + + * New upstream bug-fix release + * fixed a couple bugs with find, ls, and expertmode_output + (closes: #211185,#222062) + * ifpromisc now parses /proc/net/packet so that it can provide better + diagnostics. (forwarded patch upstream) (closes: #214990) + * added note about postfix-tls in README.Debian (closes: #222105) + * added note about cfs in README.Debian (closes: #193784) + * added note about procps in README.Debian (closes: #222811) + * fixed gnomeview -> geomview "misspelling" in README.Debian + (closes: #218796) + * added note about run in README.Debian (closes: #222778) + * added note about pppoe in README.Debian (closes: #222593) + * added note about r-cran-hmisc & scilab (closes: #222793) + * added note about procps bug (closes: #222811) + * removed build-depends on dbs + + -- lantz moore Fri, 5 Dec 2003 16:03:51 -0800 + +chkrootkit (0.42-2) unstable; urgency=low + + * build-depend on versioned debhelper + + -- lantz moore Sun, 14 Sep 2003 15:05:03 -0700 + +chkrootkit (0.42-1) unstable; urgency=low + + * New upstream release (closes: #210933, #202198) + * added note about gnomeview false alarm (closes: #206521) + + -- lantz moore Sun, 14 Sep 2003 14:42:26 -0700 + +chkrootkit (0.41-2.1) unstable; urgency=high + + * Fix FTBFS, thus urgency=high (closes: #203853) + + -- Benjamin Drieu Fri, 5 Sep 2003 11:36:17 +0200 + +chkrootkit (0.41-2) unstable; urgency=low + + * fixed some issues with ROOTDIR not being used appropriately + + -- lantz moore Sun, 20 Jul 2003 13:15:35 -0700 + +chkrootkit (0.41-1) unstable; urgency=low + + * New upstream release (closes: #199406, #185575) + * integrated partial patch from #189090 + * ifproc should be quiet again (closes: #190978) + + -- lantz moore Sun, 20 Jul 2003 10:55:45 -0700 + +chkrootkit (0.40-1) unstable; urgency=low + + * New upstream release (closes: #186847) + * using dbs + + -- lantz moore Sun, 13 Apr 2003 13:19:25 -0700 + +chkrootkit (0.38-1) unstable; urgency=low + + * New upstream release (closes: #175447) + * Added note to README.Debian (closes: #132079, #160539, #167459) + + -- lantz moore Sun, 5 Jan 2003 12:41:49 -0800 + +chkrootkit (0.37-2) unstable; urgency=low + + * Added debhelper build-depends. (closes: #163281) + + -- lantz moore Fri, 4 Oct 2002 22:54:25 -0700 + +chkrootkit (0.37-1) unstable; urgency=low + + * New upstream release. (closes: Bug#153163) + * applied "quiet" patch from BTS. (closes: Bug#163154) + * retooled debian/rules to use debhelper. (closes: #162726, #142422) + + -- lantz moore Wed, 2 Oct 2002 21:34:54 -0700 + +chkrootkit (0.36-1) unstable; urgency=low + + * New upstream release + + -- Yotam Rubin Sun, 7 Jul 2002 18:04:49 +0300 + +chkrootkit (0.35-2) unstable; urgency=low + + * Updated contact address. + + -- Yotam Rubin Wed, 22 May 2002 16:21:20 +0300 + +chkrootkit (0.35-1) unstable; urgency=low + + * New upstream release. Closes: Bug#131152. + * Provided location of upstream sources in copyright. Closes: Bug#129551. + * Added the -q argument to chkrootkit's manual page. Closes: Bug#128898. + * Disabled line break on line 91. Closes: Bug#128916. + * Fixed indentation in chkrootkit's manual page. Closes: Bug#129552 + + -- Yotam Rubin Thu, 31 Jan 2002 11:28:20 +0200 + +chkrootkit (0.34-4) unstable; urgency=low + + * Fixed kernel version checking error. Patch from David Coe. + Closes: Bug#128841, Bug#128840 + * Added missing manual pages for chktwmp and chklastlog. Closes: Bug#127846 + * Documented false alarm with noflushd. Closes: Bug#127976. + + -- Yotam Rubin Sat, 12 Jan 2002 13:29:37 +0200 + +chkrootkit (0.34-3) unstable; urgency=low + + * Shortened short description. + + -- Yotam Rubin Mon, 12 Nov 2001 23:17:05 +0200 + +chkrootkit (0.34-2) unstable; urgency=low + + * Added depends on binutils. Closes: Bug#118948 + + -- Yotam Rubin Sun, 11 Nov 2001 02:19:59 +0200 + +chkrootkit (0.34-1) unstable; urgency=low + + * Updated chkrootkit's README file. + * Documented possible false alarms situations in README.Debian. + (Closes Bug#102993, Bug#105614) + + -- Yotam Rubin Tue, 9 Oct 2001 20:52:41 +0200 + +chkrootkit (0.33-1) unstable; urgency=low + + * New upstream release + + -- Yotam Rubin Wed, 13 Jun 2001 22:08:28 +0300 + +chkrootkit (0.32-2) unstable; urgency=low + + * Fixed find expression in line 461. Closes: Bug#97649 + + -- Yotam Rubin Wed, 16 May 2001 12:29:35 +0300 + +chkrootkit (0.31-3) unstable; urgency=low + + * Various manual page fixes. + + -- Yotam Rubin Sat, 14 Apr 2001 19:30:06 +0300 + +chkrootkit (0.31-2) unstable; urgency=low + + * Uploaded package. Closes: #93787 + + -- Yotam Rubin Sat, 12 Apr 2001 01:43:02 +0300 + +chkrootkit (0.31-1) unstable; urgency=low + + * First Debian release + + -- Yotam Rubin Thu, 12 Apr 2001 19:50:25 +0300 --- chkrootkit-0.49.orig/debian/cron.daily +++ chkrootkit-0.49/debian/cron.daily @@ -0,0 +1,51 @@ +#!/bin/sh + +set -e + +CHKROOTKIT=/usr/sbin/chkrootkit +CF=/etc/chkrootkit.conf +LOG_DIR=/var/log/chkrootkit + +if [ ! -x $CHKROOTKIT ]; then + exit 0 +fi + +if [ -f $CF ]; then + . $CF +fi + +if [ "$RUN_DAILY" = "true" ]; then + if [ "$DIFF_MODE" = "true" ]; then + $CHKROOTKIT $RUN_DAILY_OPTS > $LOG_DIR/log.today.raw 2>&1 + # the sed expression replaces the messages about /sbin/dhclient3 /usr/sbin/dhcpd3 + # with a message that is the same whatever order eth0 and eth1 were scanned + sed -r -e 's,eth(0|1)(:[0-9])?: PACKET SNIFFER\((/sbin/dhclient3|/usr/sbin/dhcpd3)\[[0-9]+\]\),eth\[0|1\]: PACKET SNIFFER\([dhclient3|dhcpd3]{PID}\),' \ + -e 's/(! \w+\s+)[ 0-9]{4}[0-9]/\1#####/' $LOG_DIR/log.today.raw > $LOG_DIR/log.today + if [ ! -f $LOG_DIR/log.expected ]; then + echo "ERROR: No file $LOG_DIR/log.expected" + echo "This file should contain expected output from chkrootkit" + echo + echo "Today's run produced the following output:" + echo "--- [ BEGIN: cat $LOG_DIR/log.today ] ---" + cat $LOG_DIR/log.today + echo "--- [ END: cat $LOG_DIR/log.today ] ---" + echo + echo "To create this file containing all output from today's run, do (as root)" + echo "# cp -a $LOG_DIR/log.today $LOG_DIR/log.expected" + echo "# (note that unedited output is in $LOG_DIR/log.today.raw)" + elif ! diff -q $LOG_DIR/log.expected $LOG_DIR/log.today > /dev/null 2>&1; then + echo "ERROR: chkrootkit output was not as expected." + echo + echo "The difference is:" + echo "---[ BEGIN: diff -u $LOG_DIR/log.expected $LOG_DIR/log.today ] ---" + diff -u $LOG_DIR/log.expected $LOG_DIR/log.today || true + echo "---[ END: diff -u $LOG_DIR/log.expected $LOG_DIR/log.today ] ---" + echo + echo "To update the expected output, run (as root)" + echo "# cp -a -f $LOG_DIR/log.today $LOG_DIR/log.expected" + echo "# (note that unedited output is in $LOG_DIR/log.today.raw)" + fi + else + $CHKROOTKIT $RUN_DAILY_OPTS + fi +fi --- chkrootkit-0.49.orig/debian/chklastlog.1 +++ chkrootkit-0.49/debian/chklastlog.1 @@ -0,0 +1,46 @@ +.\" +.\" Copyright (c) DFN-CERT, Univ. of Hamburg 1994 +.\" +.\" Univ. Hamburg, Dept. of Computer Science +.\" DFN-CERT +.\" Vogt-Koelln-Strasse 30 +.\" 22527 Hamburg +.\" Germany +.\" +.\" @(#) $Header: chklastlog.1,v +.TH CHKLASTLOG 1 "Thu Oct 12 1994" +.AT 3 +.SH NAME +chklastlog \- check lastlog-file for deleted entries +.SH SYNOPSIS +.na +.B chklastlog +.ad +.SH DESCRIPTION +.LP +\fIChklastlog\fP is reading all entries from the file \fI/var/log/wtmp\fP +(file with informations about logins and logouts) and checks for every user +found in this file whether there is an entry in the file +\fI/var/log/lastlog\fP, too. The program will complain about userids with +logins but no lastlogin information. + +To run chklastlog you need read permission on the files /var/log/wtmp +and /var/log/lastlogin. Normally these files are world-readable and +no special privileges are required to run the checker. +.SH "FILES" +.PD 0 +.TP 20 +.B /var/log/wtmp +login data base +.TP +.B /var/log/lastlog +last login times +.PD +.SH "SEE ALSO" +wtmp(4), who(1), last(1) +.SH "LIMITATIONS" +This program only works if the user has not logged in after the deletion +of their lastlog entry. + +This program was designed to run on SunOS 4.x systems only. On other +systems the output is undefined... --- chkrootkit-0.49.orig/debian/compat +++ chkrootkit-0.49/debian/compat @@ -0,0 +1 @@ +7 --- chkrootkit-0.49.orig/debian/chkrootkit.install +++ chkrootkit-0.49/debian/chkrootkit.install @@ -0,0 +1,3 @@ +chkrootkit usr/sbin +chk{lastlog,wtmp,utmp,dirs,proc} /usr/lib/chkrootkit +{ifpromisc,check_wtmpx,strings-static} /usr/lib/chkrootkit --- chkrootkit-0.49.orig/debian/templates +++ chkrootkit-0.49/debian/templates @@ -0,0 +1,35 @@ +# These templates have been reviewed by the debian-l10n-english +# team +# +# If modifications/additions/rewording are needed, please ask +# debian-l10n-english@lists.debian.org for advice. +# +# Even minor modifications require translation updates and such +# changes should be coordinated with translators and reviewers. + +Template: chkrootkit/run_daily +Type: boolean +Default: false +_Description: Should chkrootkit be run automatically every day? + The chkrootkit program can be run automatically via a daily cron job. If you + choose this option, you'll also be given the opportunity to + specify options for the daily run. + +Template: chkrootkit/run_daily_opts +Type: string +Default: -q +_Description: Arguments to use with chkrootkit in the daily run: + The following are useful arguments to pass to chkrookit: + -r : use an alternate root directory; + -n : do not attempt to analyze NFS-mounted files; + -q : run in quiet mode [highly recommended]. + +Template: chkrootkit/diff_mode +Type: boolean +Default: false +_Description: Only report problems if they differ from previous day's problems? + If you choose this option, chkrootkit will + only report problems when they differ from the previous day's run. + . + Using this option is not recommended as it is likely to hide existing + security problems. --- chkrootkit-0.49.orig/debian/dirs +++ chkrootkit-0.49/debian/dirs @@ -0,0 +1,3 @@ +usr/sbin +usr/lib/chkrootkit +var/log/chkrootkit --- chkrootkit-0.49.orig/debian/README.FALSE-POSITIVES +++ chkrootkit-0.49/debian/README.FALSE-POSITIVES @@ -0,0 +1,86 @@ +the false positives that have been reported to me have fallen into to five +basic camps: hidden process, hidden files under /usr/lib, a specific file +is found, legitimate sniffers, and listening on well known ports. + +the hidden processes problem *seems* to be a thing of the past. mostly it +was due to the difference between how threads were reported under 2.4 and +2.6. + +the hidden files issue continues to crop up now and again. basically, +if chkrootkit sees a hidden file (a file that begins with .) under +/usr/lib, it flags it as suspicious. there are various packages that +contain these hidden files and they are innocuous. however, it appears +that arbitrary hidden files under /usr/lib is a sign of a rootkit, so, +again, it's the safe vs sorry argument. + +the well known port issue also comes up frequently. the problem is that +many well known ports are also used by rootkits (to get around firewalls +and as camouflage). chkrootkit doesn't currently do any additional +checking when it finds a process listening on a port that's known to have +been used for a rootkit. + +the sniffer check is just an informational check, it doesn't necessarily +mean that you've been rooted. there are several legitimate sniffers out +there; however, you may still want to check that the sniffer is the one +that you think it is, etc. + +In general, any process starting at around same time as lkm test may +trigger a warning. Just try while true;do chkrootkit lkm;sleep 1;done +during normal system use. See also FAQ 6 on www.chkrootkit.org -- paolo + +chroot environments may cause "suspicious file" false positives. + +bindshell listens on a lot of ports. these ports are also used by other +legitimate programs. chkrootkit's detection algorithm cannot determine +the difference between a legitimate program and bindshell. + +below is a (non-exhaustive) list of packages that are known to cause false +positives. before filing a bug report, please check this list. + +listens on well known ports + *radius: the Slapper worm listens on 1812 + bitlbee: LDP worms listen on port 6667 + cfs: bindshell listens on port 3049 + erlang-base: bindshell listens on port 4369 + exim-tls: bindshell listens on port 465 + mldonkey-server: bindshell listens on port 4000 + nfs-common: rpc.statd listens on port 3049 + portsentry: listens on several ports that chkrootkit sees as rootkit ports + postfix-tls: bindshell listens on port 465 + reaim: bindshell listens on port 5190 + +legitimate sniffers + dhcpd + ethereal + knockd + p0f + pppoe + tcpdump + +hidden files http://www.chkrootkit.org/faq/#8 + perl packages sometimes have .packlist files + blackdown java + blender + geomview + gnustep-make + kaffe + obliq + mindi + r-cran-hmisc + realplay + scilab + smlnj + subversion + tiger + twiki + viewglob + +contains specific files + asp: Ramen Worms contain the file /usr/bin/asp + libgcj-common: the 'OBSD rk v1' contains + /usr/lib/security, + /usr/lib/security/classpath.security + /usr/lib/security/libgcj.security. + libproc-dev: t0rn v8 contains a libproc.a + run: ZK rootkits contain /usr/bin/run + slice: RH-Sharpe contains /usr/bin/slice --- chkrootkit-0.49.orig/debian/copyright +++ chkrootkit-0.49/debian/copyright @@ -0,0 +1,33 @@ +This package was Debianized by lantz moore +from sources obtain from: + + ftp://ftp.pangeia.com.br/pub/seg/pac/ + +Upstream authors: + Nelson Murilo + Klaus Steding-Jessen + +Copyright: (C) 1996-2003 Pangeia Informatica + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. --- chkrootkit-0.49.orig/debian/chkwtmp.1 +++ chkrootkit-0.49/debian/chkwtmp.1 @@ -0,0 +1,43 @@ +.\" +.\" Copyright (c) DFN-CERT, Univ. of Hamburg 1994 +.\" +.\" Univ. Hamburg, Dept. of Computer Science +.\" DFN-CERT +.\" Vogt-Koelln-Strasse 30 +.\" 22527 Hamburg +.\" Germany +.\" +.\" @(#) $Header: chkwtmp.1,v +.TH CHKWTMP 1 "Thu Oct 12 1994" +.AT 3 +.SH NAME +chkwtmp \- check wtmp-file for deleted entries +.SH SYNOPSIS +.na +.B chkwtmp +.ad +.SH DESCRIPTION +.LP +\fIChkwtmp\fP examines the file \fI/var/log/wtmp\fP for entries with no +information (containing only null-bytes). If such entries are found the +program prints the time window for the original entry. This is done +by displaying the timestamps of the wtmp-entry before and after the +deleted entry. + +To run chkwtmp you need read permission on the file /var/log/wtmp. +Normally this file is world-readable and no special privileges are +required to run the checker. +.SH "FILES" +.PD 0 +.TP 20 +.B /var/log/wtmp +login data base +.PD +.SH "SEE ALSO" +wtmp(4), who(1) +.SH "LIMITATIONS" +An entry is recognized as overwritten if the time-information has been +overwritten with null-bytes. + +This program was designed to run on SunOS 4.x systems only. On other +systems the output is undefined... --- chkrootkit-0.49.orig/debian/watch +++ chkrootkit-0.49/debian/watch @@ -0,0 +1,2 @@ +version=3 +opts=pasv ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit-(.*)\.tar\.gz --- chkrootkit-0.49.orig/debian/postrm +++ chkrootkit-0.49/debian/postrm @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e + +[ "$1" = "purge" ] && rm -rf /etc/chkrootkit.conf /var/cache/chkrootkit/ /var/log/chkrootkit/ + +#DEBHELPER# --- chkrootkit-0.49.orig/debian/README.Debian +++ chkrootkit-0.49/debian/README.Debian @@ -0,0 +1,12 @@ +README.Debian for chkrootkit +---------------------------- + +if chkrootkit says that it may have found a rootkit, "don't panic." +first, inspect your system and make sure that chkrootkit hasn't found a +false positive. by design, chkrootkit is a bit trigger happy. it's +better to be safe than to be sorry, i suppose. + +please see README.FALSE-POSITIVES for a brief discussion on false +positives and a list of know packages that cause false positives. + + -- lmoore , Thu Apr 21 17:13:59 2005 --- chkrootkit-0.49.orig/debian/links +++ chkrootkit-0.49/debian/links @@ -0,0 +1,2 @@ +/usr/lib/chkrootkit/chkwtmp /usr/sbin/chkwtmp +/usr/lib/chkrootkit/chklastlog /usr/sbin/chklastlog --- chkrootkit-0.49.orig/debian/rules +++ chkrootkit-0.49/debian/rules @@ -0,0 +1,79 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +include /usr/share/quilt/quilt.make + +CFLAGS = -Wall -g `getconf LFS_CFLAGS` + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + INSTALL_PROGRAM += -s +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + touch configure-stamp + +build: build-stamp + +build-stamp: $(QUILT_STAMPFN) configure-stamp + dh_testdir + # Add here commands to compile the package. + $(MAKE) CFLAGS="$(CFLAGS) -DHAVE_LASTLOG_H -DLASTLOG_FILENAME='\"/var/log/lastlog\"' -DWTEMP_FILENAME='\"/var/log/wtmp\"'" + touch build-stamp + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + # Add here commands to clean up after the build process. + [ ! -f Makefile ] || $(MAKE) clean + dh_clean + debconf-updatepo + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + # Add here commands to install the package into debian/chkrootkit. + #$(MAKE) install DESTDIR=$(CURDIR)/debian/chkrootkit + dh_install + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs + dh_installexamples + dh_installdebconf + dh_installcron + dh_installman debian/chklastlog.1 debian/chkrootkit.1 debian/chkwtmp.1 + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- chkrootkit-0.49.orig/debian/po/nl.po +++ chkrootkit-0.49/debian/po/nl.po @@ -0,0 +1,117 @@ +# translation of chkrootkit_0.46a-3_templates.po to Dutch +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit_0.46a-3_nl\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2006-04-21 14:37+0200\n" +"Last-Translator: Kurt De Bree \n" +"Language-Team: Dutch \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.10.2\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +#, fuzzy +#| msgid "Would you like to run chkrootkit automatically every day?" +msgid "Should chkrootkit be run automatically every day?" +msgstr "Wilt u chkrootkit dagelijks automatisch laten uitvoeren?" + +#. Type: boolean +#. Description +#: ../templates:2001 +#, fuzzy +#| msgid "" +#| "chkrootkit can be run automatically via cron.daily if you like. If you " +#| "answer yes to this question, you'll also be given the opportunity to " +#| "specify options for the daily run." +msgid "" +"The chkrootkit program can be run automatically via a daily cron job. If you " +"choose this option, you'll also be given the opportunity to specify options " +"for the daily run." +msgstr "" +"U kunt chkrootkit automatisch via cron.daily laten uitvoeren. Als u \"ja\" " +"op deze vraag antwoordt, wordt u de mogelijkheid geboden om argumenten voor " +"deze dagelijkse actie te specifiëren." + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "" + +#. Type: string +#. Description +#: ../templates:3001 +#, fuzzy +#| msgid "" +#| "The following are useful arguments to pass to chkrookit:\n" +#| " * -r specifies an alternate root directory\n" +#| " * -n do not attempt to analyze nfs mounted files\n" +#| " * -q run in quiet mode [highly recommended]" +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"De volgende argumenten komen van pas om aan chkrootkit mee te geven:\n" +" * -r specifiëert een alternatieve root-map\n" +" * -n nfs-gekoppelde bestanden uitsluiten\n" +" * -q \"stille modus\" (sterk aanbevolen)" + +#. Type: boolean +#. Description +#: ../templates:4001 +#, fuzzy +#| msgid "Only report problems if they differ from yesterday's problems?" +msgid "Only report problems if they differ from previous day's problems?" +msgstr "" +"Problemen enkel rapporteren als ze de dag voordien nog niet voorkwamen?" + +#. Type: boolean +#. Description +#: ../templates:4001 +#, fuzzy +#| msgid "" +#| "Choosing yes here instructs the cron.daily call of chkrootkit to only " +#| "report problems if they differ from the previous day's run." +msgid "" +"If you choose this option, chkrootkit will only report problems when they " +"differ from the previous day's run." +msgstr "" +"Als u hier \"ja\" antwoordt zal chkrootkit opgedragen worden enkel problemen " +"te rapporteren indien die van de vorige dag afwijken." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Using this option is not recommended as it is likely to hide existing " +"security problems." +msgstr "" + +#~ msgid "-q" +#~ msgstr "-q" + +#~ msgid "What arguments would you like to pass to the daily chkrootkit run?" +#~ msgstr "" +#~ "Welke argumenten wilt u aan de dagelijkse aanroep van chkrootkit meegeven?" + +#~ msgid "Use this option with care." +#~ msgstr "Wees voorzichtig bij het gebruik van deze optie." --- chkrootkit-0.49.orig/debian/po/nb.po +++ chkrootkit-0.49/debian/po/nb.po @@ -0,0 +1,83 @@ +# translation of ckhrootkit.po to +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: ckhrootkit\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2008-02-26 08:54+0100\n" +"Last-Translator: Bjørn Steensrud\n" +"Language-Team: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Should chkrootkit be run automatically every day?" +msgstr "Skal chkrootkit kjøres automatisk hver dag?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"The chkrootkit program can be run automatically via a daily cron job. If you " +"choose this option, you'll also be given the opportunity to specify options " +"for the daily run." +msgstr "" +"Programmet chkrootkit kan kjøres automatisk som en daglig cron-jobb. Hvis du " +"velger denne, så får du også mulighet til å oppgi valg for den daglige " +"kjøringen." + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "Argumenter som skal brukes med chkrootkit i den daglige kjøringen:" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"Føglende er nyttige argumenter til chkrookit:\n" +" -r : bruk en annen rotmappe;\n" +" -n : ikke forsøk å analysere NFS-monterte filer;\n" +" -q : kjør på stille måte [anbefales sterkt]." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Only report problems if they differ from previous day's problems?" +msgstr "" +"Skal problemer rapporteres bare hvis de er forskjellige fra forrige dags " +"problemer?" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"If you choose this option, chkrootkit will only report problems when they " +"differ from the previous day's run." +msgstr "" +"Hvis du velger dette vil chkrootkit melde om problemer som er annerledes enn " +"i gårsdagens kjøring." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Using this option is not recommended as it is likely to hide existing " +"security problems." +msgstr "" +"Det anbefales ikke å bruke dette siden det lett kan skjule eksisterende " +"sikkerhetsproblemer." --- chkrootkit-0.49.orig/debian/po/pt_BR.po +++ chkrootkit-0.49/debian/po/pt_BR.po @@ -0,0 +1,120 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2006-07-04 00:48-0300\n" +"Last-Translator: Felipe Augusto van de Wiel (faw) \n" +"Language-Team: l10n portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"pt_BR utf-8\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +#, fuzzy +#| msgid "Would you like to run chkrootkit automatically every day?" +msgid "Should chkrootkit be run automatically every day?" +msgstr "Você gostaria de executar o chkrootkit automaticamente todos os dias ?" + +#. Type: boolean +#. Description +#: ../templates:2001 +#, fuzzy +#| msgid "" +#| "chkrootkit can be run automatically via cron.daily if you like. If you " +#| "answer yes to this question, you'll also be given the opportunity to " +#| "specify options for the daily run." +msgid "" +"The chkrootkit program can be run automatically via a daily cron job. If you " +"choose this option, you'll also be given the opportunity to specify options " +"for the daily run." +msgstr "" +"O chkrootkit pode ser executado automaticamente através do cron.daily caso " +"você deseje. Caso você responda afirmativamente a esta pergunta, você terá a " +"oportunidade de especificar opções para a execução diária." + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "" + +#. Type: string +#. Description +#: ../templates:3001 +#, fuzzy +#| msgid "" +#| "The following are useful arguments to pass to chkrookit:\n" +#| " * -r specifies an alternate root directory\n" +#| " * -n do not attempt to analyze nfs mounted files\n" +#| " * -q run in quiet mode [highly recommended]" +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"Os seguintes argumentos são úteis para serem passados ao chkrootkit :\n" +" * -r especifica um diretório raiz alternativo\n" +" * -n não tenta analisar arquivos montados via nfs\n" +" * -q executa em modo silencioso [altamente recomendado]" + +#. Type: boolean +#. Description +#: ../templates:4001 +#, fuzzy +#| msgid "Only report problems if they differ from yesterday's problems?" +msgid "Only report problems if they differ from previous day's problems?" +msgstr "" +"Somente relatar problemas caso os mesmos sejam diferentes dos problemas de " +"ontem ?" + +#. Type: boolean +#. Description +#: ../templates:4001 +#, fuzzy +#| msgid "" +#| "Choosing yes here instructs the cron.daily call of chkrootkit to only " +#| "report problems if they differ from the previous day's run." +msgid "" +"If you choose this option, chkrootkit will only report problems when they " +"differ from the previous day's run." +msgstr "" +"Responder afirmativamente aqui instruirá a chamada cron.daily do chkrootkit " +"a somente relatar problemas caso os mesmos sejam diferentes dos problemas " +"relatados na execução do dia anterior." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Using this option is not recommended as it is likely to hide existing " +"security problems." +msgstr "" + +#~ msgid "-q" +#~ msgstr "-q" + +#~ msgid "What arguments would you like to pass to the daily chkrootkit run?" +#~ msgstr "" +#~ "Quais argumentos você gostaria de passar para a execução diária do " +#~ "chkrootkit ?" + +#~ msgid "Use this option with care." +#~ msgstr "Utilize esta opção com cuidado." --- chkrootkit-0.49.orig/debian/po/es.po +++ chkrootkit-0.49/debian/po/es.po @@ -0,0 +1,98 @@ +# chkrootkit po-debconf translation to Spanish +# Copyright (C) 2005, 2008 Software in the Public Interest +# This file is distributed under the same license as the chkrootkit package. +# +# Changes: +# - Initial translation +# César Gómez Martín , 2005 +# +# - Updates +# Francisco Javier Cuadrado , 2008 +# +# Traductores, si no conoce el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traducción al español, por favor, lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish/ +# especialmente las notas de traducción en +# http://www.debian.org/intl/spanish/notas +# +# - La guía de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit 0.48-5\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2008-11-21 23:10+0100\n" +"Last-Translator: Francisco Javier Cuadrado \n" +"Language-Team: Debian l10n spanish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Should chkrootkit be run automatically every day?" +msgstr "¿Desea que chkrootkit se ejecute cada día automáticamente?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "The chkrootkit program can be run automatically via a daily cron job. If you choose this option, you'll also be given the opportunity to specify options for the daily run." +msgstr "Si desea, chkrootkit se puede ejecutar automáticamente mediante una tarea diaria de cron. Si escoge esta opción, también tendrá la oportunidad de especificar las opciones de la ejecución diaria." + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "Argumentos que usará chkrootkit en la ejecución diaria:" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"Argumentos útiles para pasarle a chkrootkit:\n" +"-r : especifica un directorio raíz alternativo.\n" +"-n : no intenta analizar archivos montados a través de nfs.\n" +"-q : ejecución en modo silencioso (altamente recomendado)." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Only report problems if they differ from previous day's problems?" +msgstr "¿Desea que se informe de los problemas sólo cuando sean distintos a los del día anterior?" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "If you choose this option, chkrootkit will only report problems when they differ from the previous day's run." +msgstr "Si elige esta opción, chkrootkit sólo informará de los problemas distintos a su anterior ejecución diaria." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Using this option is not recommended as it is likely to hide existing security problems." +msgstr "No es recomendable usar esta opción, ya que suele ocultar problemas de seguridad existentes." + +#~ msgid "-q" +#~ msgstr "-q" +#~ msgid "What arguments would you like to pass to the daily chkrootkit run?" +#~ msgstr "¿Qué argumentos desea pasarle a la ejecución diaria de chkrootkit?" +#~ msgid "Use this option with care." +#~ msgstr "Use esta opción con cuidado." + --- chkrootkit-0.49.orig/debian/po/ru.po +++ chkrootkit-0.49/debian/po/ru.po @@ -0,0 +1,84 @@ +# translation of ru.po to Russian +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Yuri Kozlov , 2008. +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit 0.47-1.2\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2008-03-02 11:52+0300\n" +"Last-Translator: Yuri Kozlov \n" +"Language-Team: Russian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%" +"10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Should chkrootkit be run automatically every day?" +msgstr "Запускать chkrootkit автоматически каждый день?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"The chkrootkit program can be run automatically via a daily cron job. If you " +"choose this option, you'll also be given the opportunity to specify options " +"for the daily run." +msgstr "" +"Программа chkrootkit может запускаться автоматически как ежедневное задание " +"cron. Если вы ответите утвердительно, то также сможете указать параметры для " +"ежедневного запуска." + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "Параметры для ежедневного запуска chkrootkit:" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"Полезные параметры chkrookit:\n" +" -r <каталог>: использовать другой корневой каталог\n" +" -n : не обрабатывать файлы на смонтированных разделах NFS\n" +" -q : не выводить сообщения при работе (настоятельно рекомендуется)" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Only report problems if they differ from previous day's problems?" +msgstr "" +"Сообщать только о проблемах, которые появились с момента предыдущего запуска?" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"If you choose this option, chkrootkit will only report problems when they " +"differ from the previous day's run." +msgstr "" +"Если вы ответите утвердительно, то chkrootkit сообщит только о проблемах, " +"появившихся с момента предыдущего запуска." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Using this option is not recommended as it is likely to hide existing " +"security problems." +msgstr "" +"Использование этого параметра не рекомендуется, так как это, по всей " +"вероятности, скроет существующие проблемы с безопасностью." --- chkrootkit-0.49.orig/debian/po/fr.po +++ chkrootkit-0.49/debian/po/fr.po @@ -0,0 +1,82 @@ +# Translation of chkrootkit debconf templates to French +# Copyright (c) 2008 Jean-Luc Coulon (f5ibh) +# This file is distributed under the same licence as the chkrootkit package. +# +# Jean-Luc Coulon (f5ibh) , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2008-03-01 15:30+0100\n" +"Last-Translator: Jean-Luc Coulon (f5ibh) \n" +"Language-Team: French >\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Should chkrootkit be run automatically every day?" +msgstr "Faut-il lancer chkrootkit automatiquement chaque jour ?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"The chkrootkit program can be run automatically via a daily cron job. If you " +"choose this option, you'll also be given the opportunity to specify options " +"for the daily run." +msgstr "" +"Chkrootkit peut être lancé automatiquement par l'intermédiaire d'une tâche " +"quotidienne de cron. Si vous choisissez cette option, vous pourrez alors " +"préciser les réglages qui seront utilisés lors de cette exécution " +"quotidienne." + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "Paramètres à utiliser lors de l'exécution journalière de chkrootkit :" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"Les options suivantes peuvent être utilement passées à chkrootkit :\n" +" -r  : répertoire racine à utiliser ;\n" +" -n : pas d'analyse des fichiers sur les montages NFS ;\n" +" -q : exécution en mode silencieux [hautement recommandé]." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Only report problems if they differ from previous day's problems?" +msgstr "Signaler seulement les problèmes différents de ceux de la veille ?" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"If you choose this option, chkrootkit will only report problems when they " +"differ from the previous day's run." +msgstr "" +"Si vous choisissez cette option, chkrootkit ne signalera les problèmes que " +"s'ils sont différents de ceux découverts lors de l'exécution de la veille." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Using this option is not recommended as it is likely to hide existing " +"security problems." +msgstr "" +"Il est déconseillé de choisir cette option car elle peut facilement masquer " +"des problèmes de sécurité existants." --- chkrootkit-0.49.orig/debian/po/it.po +++ chkrootkit-0.49/debian/po/it.po @@ -0,0 +1,80 @@ +# Italian translations of po-debconf templates for chkrootkit. +# Copyright (c) 2005 Software in the Public Interest +# This file is distributed under the same license as the chkrootkit package. +# Luca Monducci , 2004-2008 +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit 0.47\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2008-03-08 11:54+0100\n" +"Last-Translator: Luca Monducci \n" +"Language-Team: Italian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Should chkrootkit be run automatically every day?" +msgstr "Eseguire automaticamente chkrootkit tutti i giorni?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"The chkrootkit program can be run automatically via a daily cron job. If you " +"choose this option, you'll also be given the opportunity to specify options " +"for the daily run." +msgstr "" +"Il programma chkrootkit può essere eseguito automaticamente tramite un job " +"quotidiano di cron. Se si accetta, verrà data l'opportunità di specificare " +"le opzioni per l'esecuzione giornaliera." + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "Argomenti da usare con l'esecuzione giornaliera di chkrootkit:" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"I seguenti sono argomenti utili da passare a chkrootkit:\n" +" -r : usa una directory root alternativa;\n" +" -n : non analizza i file montati tramite NFS;\n" +" -q : esecuzione in modalità silenziosa [raccomandata]." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Only report problems if they differ from previous day's problems?" +msgstr "Segnalare i problemi solo se diversi da quelli del giorno precedente?" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"If you choose this option, chkrootkit will only report problems when they " +"differ from the previous day's run." +msgstr "" +"Se si accetta, chkrootkit segnalerà solo i problemi che non si erano " +"verificati nell'esecuzione del giorno precedente." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Using this option is not recommended as it is likely to hide existing " +"security problems." +msgstr "" +"Si raccomanda di non usare questa opzione poiché potrebbe nascondere dei " +"problemi di sicurezza esistenti." --- chkrootkit-0.49.orig/debian/po/pt.po +++ chkrootkit-0.49/debian/po/pt.po @@ -0,0 +1,91 @@ +# Portuguese translation of chkrookit debconf messages. +# Copyright (C) 2007 Carlos Lisboa +# This file is distributed under the same license as the chkrookit package. +# Carlos Lisboa , 2007. +# Ricardo Silva , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: chkrookit\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2008-03-14 18:21+0000\n" +"Last-Translator: Ricardo Silva \n" +"Language-Team: Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Should chkrootkit be run automatically every day?" +msgstr "Deseja correr o chkrootkit automaticamente todos os dias?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"The chkrootkit program can be run automatically via a daily cron job. If you " +"choose this option, you'll also be given the opportunity to specify options " +"for the daily run." +msgstr "" +"O programa chkrootkit pode ser corrido automaticamente através de um " +"trabalho diário no cron. Se escolher esta opção, ser-lhe-á dada a " +"oportunidade de especificar as opções para o arranque diário." + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "Argumentos a passar ao chkrootkit na execução diária:" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"A seguir estão argumentos úteis que pode passar ao chkrootkit:\n" +" -r : especificar um directório raiz alternativo;\n" +" -n : não tentar analizar os ficheiros montados em NFS;\n" +" -q : correr no modo silencioso [altamente recomendado]." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Only report problems if they differ from previous day's problems?" +msgstr "" +"Apenas reportar problemas se diferirem com os problemas do dia anterior?" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"If you choose this option, chkrootkit will only report problems when they " +"differ from the previous day's run." +msgstr "" +"Se escolher esta opção, o chkrootkit só irá reportar problemas se diferirem " +"dos problemas do dia anterior." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Using this option is not recommended as it is likely to hide existing " +"security problems." +msgstr "" +"O uso desta opção não é recomendado já que é possível que esconda problemas " +"de segurança existentes." + +#~ msgid "-q" +#~ msgstr "-q" + +#~ msgid "What arguments would you like to pass to the daily chkrootkit run?" +#~ msgstr "Que argumentos deseja passar para a execução diária do chkrootkit?" + +#~ msgid "Use this option with care." +#~ msgstr "Utilize esta opção com cuidado." --- chkrootkit-0.49.orig/debian/po/cs.po +++ chkrootkit-0.49/debian/po/cs.po @@ -0,0 +1,88 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2008-03-09 13:27+0100\n" +"Last-Translator: Miroslav Kure \n" +"Language-Team: Czech \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Should chkrootkit be run automatically every day?" +msgstr "Má se chkrootkit spouštět automaticky každý den?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"The chkrootkit program can be run automatically via a daily cron job. If you " +"choose this option, you'll also be given the opportunity to specify options " +"for the daily run." +msgstr "" +"chkrootkit se může spouštět automaticky každý den jako cronová úloha. Pokud " +"zde odpovíte kladně, budete moci zadat parametry, se kterými se má " +"chkrootkit spouštět." + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "Parametry, které se mají použít při každodenním spouštění:" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"chkrootkitu můžete předat následující užitečné parametry:\n" +" -r použije alternativní kořenový adresář\n" +" -n nebude analyzovat soubory připojené přes NFS\n" +" -q spustí se v tichém režimu [doporučeno]." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Only report problems if they differ from previous day's problems?" +msgstr "Hlásit problémy pouze pokud se liší od těch minulých?" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"If you choose this option, chkrootkit will only report problems when they " +"differ from the previous day's run." +msgstr "" +"Vyberete-li tuto možnost, bude chkrootkit hlásit problémy pouze tehdy, pokud " +"se liší od těch z předchozího dne." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Using this option is not recommended as it is likely to hide existing " +"security problems." +msgstr "" +"Tato možnost se příliš nedoporučuje, protože může skrývat stávající " +"bezpečnostní problémy." --- chkrootkit-0.49.orig/debian/po/gl.po +++ chkrootkit-0.49/debian/po/gl.po @@ -0,0 +1,88 @@ +# Galician translation of chkrootkit's debconf templates +# This file is distributed under the same license as the chkrootkit package. +# Jacobo Tarrio , 2007. +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2008-02-26 22:17+0000\n" +"Last-Translator: Jacobo Tarrio \n" +"Language-Team: Galician \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Should chkrootkit be run automatically every day?" +msgstr "¿Quere executar chkrootkit automaticamente cada día?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"The chkrootkit program can be run automatically via a daily cron job. If you " +"choose this option, you'll also be given the opportunity to specify options " +"for the daily run." +msgstr "" +"Pódese executar o programa chkrootkit automaticamente mediante unha tarefa " +"diaria de cron. Se escolle esta opción, tamén se lle ha dar a oportunidade " +"de especificar opcións para a execución diaria." + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "Argumentos a empregar con chkrootkit na execución diaria:" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"Estes son algúns argumentos útiles para lle pasar a chkrootkit:\n" +" -r : emprega un directorio raíz alternativo;\n" +" -n : non tenta analizar ficheiros montados por NFS;\n" +" -q : executa en modo silencioso [recoméndase]." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Only report problems if they differ from previous day's problems?" +msgstr "¿Informar dos problemas só se son diferentes dos do día anterior?" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"If you choose this option, chkrootkit will only report problems when they " +"differ from the previous day's run." +msgstr "" +"Se escolle esta opción, chkrootkit só ha informar dos problemas se son " +"diferentes dos que apareceron na execución do día anterior." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Using this option is not recommended as it is likely to hide existing " +"security problems." +msgstr "" +"Non se recomenda empregar esta opción xa que pode ocultar problemas de " +"seguridade existentes." + +#~ msgid "-q" +#~ msgstr "-q" + +#~ msgid "What arguments would you like to pass to the daily chkrootkit run?" +#~ msgstr "¿Que argumentos quere pasar á execución diaria de chkrootkit?" + +#~ msgid "Use this option with care." +#~ msgstr "Empregue esta opción con coidado." --- chkrootkit-0.49.orig/debian/po/ca.po +++ chkrootkit-0.49/debian/po/ca.po @@ -0,0 +1,118 @@ +# translation of ca.po to +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: ca\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2006-03-14 23:16+0100\n" +"Last-Translator: Miguel Gea Milvaques\n" +"Language-Team: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.1\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +#, fuzzy +#| msgid "Would you like to run chkrootkit automatically every day?" +msgid "Should chkrootkit be run automatically every day?" +msgstr "Voleu que s'execute automàticament chkrootkit cada dia?" + +#. Type: boolean +#. Description +#: ../templates:2001 +#, fuzzy +#| msgid "" +#| "chkrootkit can be run automatically via cron.daily if you like. If you " +#| "answer yes to this question, you'll also be given the opportunity to " +#| "specify options for the daily run." +msgid "" +"The chkrootkit program can be run automatically via a daily cron job. If you " +"choose this option, you'll also be given the opportunity to specify options " +"for the daily run." +msgstr "" +"Si voleu, el chkrootkit es pot executar diàriament via cron. Si contesteu sí " +"a aquesta pregunta, tindreu l'oportunitat d'especificar les opcions per " +"l'execució diària." + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "" + +#. Type: string +#. Description +#: ../templates:3001 +#, fuzzy +#| msgid "" +#| "The following are useful arguments to pass to chkrookit:\n" +#| " * -r specifies an alternate root directory\n" +#| " * -n do not attempt to analyze nfs mounted files\n" +#| " * -q run in quiet mode [highly recommended]" +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"Els paràmetres següents són d'utilitat per passar-los al chkrootkit:\n" +" * -r especifica un directori arrel alternatiu\n" +" * -n no intenta analitzar els fitxers muntats per nfs\n" +" * -q executa en mode silenciós [molt recomanat]" + +#. Type: boolean +#. Description +#: ../templates:4001 +#, fuzzy +#| msgid "Only report problems if they differ from yesterday's problems?" +msgid "Only report problems if they differ from previous day's problems?" +msgstr "" +"Voleu que s'informe dels problemes tan sols si són diferents dels del dia " +"d'abans?" + +#. Type: boolean +#. Description +#: ../templates:4001 +#, fuzzy +#| msgid "" +#| "Choosing yes here instructs the cron.daily call of chkrootkit to only " +#| "report problems if they differ from the previous day's run." +msgid "" +"If you choose this option, chkrootkit will only report problems when they " +"differ from the previous day's run." +msgstr "" +"Si escolliu sí ací, prepararà el cron.daily per que l'execució del " +"chkrootkit tan sols informe de problemes que són diferents des del dia " +"anterior." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Using this option is not recommended as it is likely to hide existing " +"security problems." +msgstr "" + +#~ msgid "-q" +#~ msgstr "-q" + +#~ msgid "What arguments would you like to pass to the daily chkrootkit run?" +#~ msgstr "" +#~ "Quins paràmetres voleu passar-li al chkrootkit quan s'execute diàriament?" + +#~ msgid "Use this option with care." +#~ msgstr "Utilitzeu aquesta opció amb cura." --- chkrootkit-0.49.orig/debian/po/POTFILES.in +++ chkrootkit-0.49/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] templates --- chkrootkit-0.49.orig/debian/po/eu.po +++ chkrootkit-0.49/debian/po/eu.po @@ -0,0 +1,81 @@ +# translation of chkrootkit_templates.po to Euskara +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Piarres Beobide , 2008. +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit_templates\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2008-02-26 10:55+0100\n" +"Last-Translator: Piarres Beobide \n" +"Language-Team: Euskara \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Should chkrootkit be run automatically every day?" +msgstr "Chkrootkit egunero automatikoki abiarazi behar al da?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"The chkrootkit program can be run automatically via a daily cron job. If you " +"choose this option, you'll also be given the opportunity to specify options " +"for the daily run." +msgstr "" +"Chkrootkit programa automatikoki abiarazi daiteke cron lan baten bidez. " +"Aukera hautatzen baduzu, eguneroko abiorako argumentu gehigarriak ezartzeko " +"aukera izango duzu." + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "Eguneroko abioan chkrootkit-ekin erabiltzeko argumentuak:" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"Hurrengo aukerak erabilgarriak dira chkrootkit-ekin erabiltzeko:\n" +" -r : erabili aukerako beste erroa direktorio bat;\n" +" -n : Ez saiatu NFS bidez muntaturiko fitxategiak arakatzen;\n" +" -q : Isiltasun moduan abiarazi [oso gomendagarria]." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Only report problems if they differ from previous day's problems?" +msgstr "Arazoen berri aurreko egunekoen ezerdinak badira bakarrik eman?" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"If you choose this option, chkrootkit will only report problems when they " +"differ from the previous day's run." +msgstr "" +"Aukera hau hautaz chkrootkit-ek aurkitzen dituen arazoak aurreko egunekoen " +"ezberdinak badira bakarrik ohartuko du erabiltzailea." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Using this option is not recommended as it is likely to hide existing " +"security problems." +msgstr "" +"Aukera hau erabiltzea ez da gomendatzen segurtasun arazoak ezkutatu ditzake " +"eta." --- chkrootkit-0.49.orig/debian/po/fi.po +++ chkrootkit-0.49/debian/po/fi.po @@ -0,0 +1,76 @@ +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2008-02-27 21:04+0200\n" +"Last-Translator: Esko Arajärvi \n" +"Language-Team: Finnish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Finnish\n" +"X-Poedit-Country: FINLAND\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Should chkrootkit be run automatically every day?" +msgstr "Tulisiko chkrootkit ajaa automaattisesti joka päivä?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"The chkrootkit program can be run automatically via a daily cron job. If you " +"choose this option, you'll also be given the opportunity to specify options " +"for the daily run." +msgstr "" +"Ohjelma chkrootkit voidaan ajaa automaattisesti päivittäisenä cron-työnä. " +"Jos valitset tämän vaihtoehdon, voit määrittää päivittäisen ajon valitsimet." + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "Päivittäisen chkrootkitin ajon argumentit:" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"Seuraavat chkrootkitin valitsimet ovat hyödyllisiä:\n" +" -r : käytä toista juurihakemistoa\n" +" -n: älä tutki NFS-liitettyjä tiedostoja\n" +" -q: aja hiljaisessa tilassa (erittäin suositeltavaa)" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Only report problems if they differ from previous day's problems?" +msgstr "Raportoidaanko vain edellisen päivän ongelmista poikkeavat ongelmat?" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"If you choose this option, chkrootkit will only report problems when they " +"differ from the previous day's run." +msgstr "" +"Jos valitset tämän vaihtoehdon, chkrootkit raportoi vain ongelmat, jotka " +"poikkeavat edellisen päivän ajosta." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Using this option is not recommended as it is likely to hide existing " +"security problems." +msgstr "" +"Tämän valitsimen käyttöä ei suositella, koska se saattaa piilottaa olemassa " +"olevia turvallisuusongelmia." --- chkrootkit-0.49.orig/debian/po/templates.pot +++ chkrootkit-0.49/debian/po/templates.pot @@ -0,0 +1,70 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Should chkrootkit be run automatically every day?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"The chkrootkit program can be run automatically via a daily cron job. If you " +"choose this option, you'll also be given the opportunity to specify options " +"for the daily run." +msgstr "" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Only report problems if they differ from previous day's problems?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"If you choose this option, chkrootkit will only report problems when they " +"differ from the previous day's run." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Using this option is not recommended as it is likely to hide existing " +"security problems." +msgstr "" --- chkrootkit-0.49.orig/debian/po/vi.po +++ chkrootkit-0.49/debian/po/vi.po @@ -0,0 +1,81 @@ +# Vietnamese translation for Chroot Kit. +# Copyright © 2008 Free Software Foundation, Inc. +# Clytie Siddall , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit 0.47-1.2\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2008-02-29 20:33+1030\n" +"Last-Translator: Clytie Siddall \n" +"Language-Team: Vietnamese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: LocFactoryEditor 1.7b3\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Should chkrootkit be run automatically every day?" +msgstr "Có nên tự động chạy chrootkit hàng ngày không?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"The chkrootkit program can be run automatically via a daily cron job. If you " +"choose this option, you'll also be given the opportunity to specify options " +"for the daily run." +msgstr "" +"Chương trình chrootkit có khả năng được tự động chạy thông qua một công việc " +"định thời (cron) hàng ngày. Bật tùy chọn này thì bạn cũng có dịp ghi rõ các " +"tùy chọn cho tiến trình chạy hàng ngày." + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "Các đối số cần dùng với chrootkit khi chạy hàng ngày:" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"Các đối số sau có ích khi được gửi cho chkrookit:\n" +" -r : dùng một thư mục gốc xen kẽ\n" +" -n : đừng thử phân tích tập tin được NFS lắp;\n" +" -q : chạy ở chế độ im (rất khuyến khích)." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Only report problems if they differ from previous day's problems?" +msgstr "Chỉ thông báo lỗi khác với các lỗi của ngày trước không?" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"If you choose this option, chkrootkit will only report problems when they " +"differ from the previous day's run." +msgstr "" +"Bật tùy chọn này thì chrootkit sẽ chỉ thông báo lỗi khi nó khác với các lỗi " +"được gặp bởi tiến trình chạy vào ngày trước." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Using this option is not recommended as it is likely to hide existing " +"security problems." +msgstr "" +"Không khuyên bạn hiệu lực tùy chọn này, vì nó rất có thể ẩn các vấn đề bảo " +"mật đã có." --- chkrootkit-0.49.orig/debian/po/ja.po +++ chkrootkit-0.49/debian/po/ja.po @@ -0,0 +1,98 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit 0.48-3\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2008-07-08 18:26+0900\n" +"Last-Translator: Hideki Yamane (Debian-JP) \n" +"Language-Team: Japanese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Should chkrootkit be run automatically every day?" +msgstr "毎日自動的に chkrootkit を実行しますか?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"The chkrootkit program can be run automatically via a daily cron job. If you " +"choose this option, you'll also be given the opportunity to specify options " +"for the daily run." +msgstr "" +"chkrootkit プログラムを cron.dairy 経由で自動的に実行できます。このオプションを" +"選んだ場合、毎日実行する際のオプションも指定できます。" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "日次で実行される際に chkrootkit で使われる引数" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"以下が chkrootkit に与えられる有用な引数です:\n" +" -r : 別のディレクトリを root ディレクトリとして指定します\n" +" -n : nfs マウントされたファイルは分析しようとしません\n" +" -q : 静粛モードで動作します [非常にお勧め]" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Only report problems if they differ from previous day's problems?" +msgstr "前日の問題との差分があった場合のみ、問題を報告するようにしますか?" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"If you choose this option, chkrootkit will only report problems when they " +"differ from the previous day's run." +msgstr "" +"このオプションを選ぶと、chkrootkit は前日の動作と違っていた場合のみ問題を" +"報告します。" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Using this option is not recommended as it is likely to hide existing " +"security problems." +msgstr "" +"このオプションの利用は、存在しているセキュリティ問題を隠すことになり得るので" +"お勧めできません。" + +#~ msgid "-q" +#~ msgstr "-q" + +#~ msgid "What arguments would you like to pass to the daily chkrootkit run?" +#~ msgstr "どの引数を毎日の chkrootkit の実行時に指定しますか?" + +#~ msgid "Use this option with care." +#~ msgstr "このオプションは注意して使ってください。" + --- chkrootkit-0.49.orig/debian/po/de.po +++ chkrootkit-0.49/debian/po/de.po @@ -0,0 +1,91 @@ +# Translation of freevo debconf templates to German +# Copyright (C) Daniel Knabl , 2005. +# Copyright (C) Helge Kreutzmann , 2008. +# This file is distributed under the same license as the freevo package. +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit 0.47-1.2\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2008-03-06 23:16+0100\n" +"Last-Translator: Daniel Knabl \n" +"Language-Team: de \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Should chkrootkit be run automatically every day?" +msgstr "Soll Chkrootkit täglich automatisch ausgeführt werden?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"The chkrootkit program can be run automatically via a daily cron job. If you " +"choose this option, you'll also be given the opportunity to specify options " +"for the daily run." +msgstr "" +"Chkrootkit kann täglich automatisch über einen Cron-Auftrag laufen. Falls " +"Sie diese Option wählen, dann können Sie weitere Optionen für die tägliche " +"Ausführung angeben." + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "" +"Argumente, die beim täglichen Lauf von Chkrootkit verwandt werden sollen:" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"Die folgenden Argumente können an Chkrootkit übergeben werden:\n" +" -r : verwende ein anderes Wurzelverzeichnis\n" +" -n : schließe via NFS eingehängte Verzeichnisse aus\n" +" -q : »stiller« Modus [sehr empfohlen]" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Only report problems if they differ from previous day's problems?" +msgstr "" +"Probleme nur berichten, falls sie von Problemen des Vortages abweichen?" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"If you choose this option, chkrootkit will only report problems when they " +"differ from the previous day's run." +msgstr "" +"Falls Sie diese Option wählen, wird Chkrootkit nur Probleme berichten, wenn " +"sich diese von denen des Vortages unterscheiden." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "" +"Using this option is not recommended as it is likely to hide existing " +"security problems." +msgstr "" +"Die Verwendung dieser Option wird nicht empfohlen, da sie wahrscheinlich " +"existierende Sicherheitsprobleme versteckt." + +#~ msgid "-q" +#~ msgstr "-q" + +#~ msgid "What arguments would you like to pass to the daily chkrootkit run?" +#~ msgstr "Mit welchen Argumenten soll chkrootkit täglich gestartet werden?" + +#~ msgid "Use this option with care." +#~ msgstr "Benutzen Sie diese Option mit Vorsicht." --- chkrootkit-0.49.orig/debian/po/sv.po +++ chkrootkit-0.49/debian/po/sv.po @@ -0,0 +1,82 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# , fuzzy +# +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit 0.45-1\n" +"Report-Msgid-Bugs-To: chkrootkit@packages.debian.org\n" +"POT-Creation-Date: 2008-02-26 08:06+0100\n" +"PO-Revision-Date: 2008-07-21 13:56+0100\n" +"Last-Translator: Martin Bagge \n" +"Language-Team: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Should chkrootkit be run automatically every day?" +msgstr "Vill du köra chkrootkit automatiskt varje dag?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "The chkrootkit program can be run automatically via a daily cron job. If you choose this option, you'll also be given the opportunity to specify options for the daily run." +msgstr "chkrootkit kan köras automatiskt via ett cron.daily-skript om du vill. Om du svarar ja på denna fråga kommer du även att få chansen att specificera inställningar för den dagliga körningen." + +#. Type: string +#. Description +#: ../templates:3001 +msgid "Arguments to use with chkrootkit in the daily run:" +msgstr "Använd dessa argument när chkrootkit dagligen körs automatiskt:" + +#. Type: string +#. Description +#: ../templates:3001 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" -r : use an alternate root directory;\n" +" -n : do not attempt to analyze NFS-mounted files;\n" +" -q : run in quiet mode [highly recommended]." +msgstr "" +"Följande argument är användbara för att skicka till chkrootkit:\n" +"-r : specificera en alternativ rotmapp\n" +"-n : försök inte att analysera NFS-monterade filer\n" +"-q : kör i tyst läge [mycket rekommenderat]" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Only report problems if they differ from previous day's problems?" +msgstr "Rapportera bara problem om de skiljer sig från gårdagens körning?" + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "If you choose this option, chkrootkit will only report problems when they differ from the previous day's run." +msgstr "Detta instruerar cron.daily att chkrootkit bara rapporterar problem om de skiljer sig från gårdagens körning." + +#. Type: boolean +#. Description +#: ../templates:4001 +msgid "Using this option is not recommended as it is likely to hide existing security problems." +msgstr "Det här alternativet kan dölja existerande säkerhetsproblem och bär inte användas." + +#~ msgid "-q" +#~ msgstr "-q" +#~ msgid "What arguments would you like to pass to the daily chkrootkit run?" +#~ msgstr "" +#~ "Vilka argument vill du skicka till den dagliga körningen av chkrootkit?" +#~ msgid "Use this option with care." +#~ msgstr "Använd denna funktion med försiktighet." + --- chkrootkit-0.49.orig/debian/patches/backslashes.patch +++ chkrootkit-0.49/debian/patches/backslashes.patch @@ -0,0 +1,22 @@ +Author: James R. Van Zandt +Description: Two of the chkrootkit messages have unnecessary backslashes (#498063) +--- a/chkrootkit ++++ b/chkrootkit +@@ -672,7 +672,7 @@ etc/ld.so.hash sbin/init.zk usr/lib/in.h + if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \ + "$SYSTEM" != "FreeBSD" ] + then +- echo "Possible t0rn v8 \(or variation\) rootkit installed" ++ echo "Possible t0rn v8 (or variation) rootkit installed" + else + if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi + fi +@@ -726,7 +726,7 @@ etc/ld.so.hash sbin/init.zk usr/lib/in.h + + if [ -d ${ROOTDIR}dev/ptyxx -o -r "${ROOTDIR}usr/lib/.ark?" -o \ + -d ${ROOTDIR}usr/doc/"... " ]; then +- echo "Possible Ambient's rootkit \(ark\) installed" ++ echo "Possible Ambient's rootkit (ark) installed" + else + if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi + fi --- chkrootkit-0.49.orig/debian/patches/procpsv3.patch +++ chkrootkit-0.49/debian/patches/procpsv3.patch @@ -0,0 +1,13 @@ +Author: Giuseppe Iuculano +Description: Let chkproc default to procps version 3. +--- a/chkproc.c ++++ b/chkproc.c +@@ -146,7 +146,7 @@ int main(int argc, char **argv) + psinfo_t psbuf; + #endif + +- pv = verbose = 0; ++ pv = 3; verbose = 0; + + if (!proc) + { --- chkrootkit-0.49.orig/debian/patches/quiet.patch +++ chkrootkit-0.49/debian/patches/quiet.patch @@ -0,0 +1,275 @@ +Author: lantz moore +Description: hide all output from tests (#142422, #190978, #229869, #306263) +--- a/chkrootkit ++++ b/chkrootkit +@@ -221,11 +221,11 @@ z2 () { + fi + + if [ "${EXPERT}" = "t" ]; then +- expertmode_output "./chklastlog -f ${WTMP} -l ${LASTLOG}" ++ expertmode_output "./chklastlog ${QUIET_ARG} -f ${WTMP} -l ${LASTLOG}" + return 5 + fi + +- if ./chklastlog -f ${WTMP} -l ${LASTLOG} ++ if ./chklastlog ${QUIET_ARG} -f ${WTMP} -l ${LASTLOG} + then + if [ "${QUIET}" != "t" ]; then echo "chklastlog: nothing deleted"; fi + fi +@@ -745,6 +745,9 @@ etc/ld.so.hash sbin/init.zk usr/lib/in.h + then + if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi + else ++ if [ "${QUIET}" != "t" ]; then ++ printn "The following suspicious files and directories were found:" ++ fi + echo + echo ${files} + echo ${dirs} +@@ -1312,6 +1315,11 @@ chk_chsh () { + chk_login () { + STATUS=${NOT_INFECTED} + CMD=`loc login login $pth` ++ if [ "${?}" -ne 0 ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${strings} -a ${CMD}" +@@ -1354,6 +1362,11 @@ chk_passwd () { + if [ ! -x ${CMD} -a -x ${ROOTDIR}usr/bin/passwd ]; then + CMD="${ROOTDIR}usr/bin/passwd" + fi ++ if [ ! -r "${CMD}" ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${strings} -a ${CMD}" +@@ -1508,6 +1521,11 @@ chk_ls () { + STATUS=${NOT_INFECTED} + LS_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrs]|/dev/hdl0|\.tmp/lsfile|/dev/hdcc|/dev/ptyxx|duarawkz|^/prof|/dev/tux|/security|file\.h" + CMD=`loc ls ls $pth` ++ if [ "${?}" -ne 0 ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${strings} -a ${CMD}" +@@ -1525,6 +1543,11 @@ chk_du () { + STATUS=${NOT_INFECTED} + DU_INFECTED_LABEL="/dev/ttyof|/dev/pty[pqrsx]|w0rm|^/prof|/dev/tux|file\.h" + CMD=`loc du du $pth` ++ if [ "${?}" -ne 0 ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${strings} -a ${CMD}" +@@ -1567,6 +1590,11 @@ chk_netstat () { + STATUS=${NOT_INFECTED} + NETSTAT_I_L="/dev/hdl0/dev/xdta|/dev/ttyoa|/dev/pty[pqrsx]|/dev/cui|/dev/hdn0|/dev/cui221|/dev/dszy|/dev/ddth3|/dev/caca|^/prof|/dev/tux|grep|addr\.h|__bzero" + CMD=`loc netstat netstat $pth` ++ if [ "${?}" -ne 0 ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${strings} -a ${CMD}" +@@ -1586,6 +1614,11 @@ chk_ps () { + PS_I_L="/dev/xmx|\.1proc|/dev/ttyop|/dev/pty[pqrsx]|/dev/cui|/dev/hda[0-7]|\ + /dev/hdp|/dev/cui220|/dev/dsx|w0rm|/dev/hdaa|duarawkz|/dev/tux|/security|^proc\.h|ARRRGH\.so" + CMD=`loc ps ps $pth` ++ if [ "${?}" -ne 0 ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${strings} -a ${CMD}" +@@ -1744,6 +1777,11 @@ chk_ldsopreload() { + chk_basename () { + STATUS=${NOT_INFECTED} + CMD=`loc basename basename $pth` ++ if [ "${?}" -ne 0 ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${strings} -a ${CMD}" +@@ -1768,6 +1806,11 @@ chk_basename () { + chk_dirname () { + STATUS=${NOT_INFECTED} + CMD=`loc dirname dirname $pth` ++ if [ "${?}" -ne 0 ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${strings} -a ${CMD}" +@@ -1836,6 +1879,11 @@ chk_date () { + STATUS=${NOT_INFECTED} + S_L="/bin/.*sh" + CMD=`loc date date $pth` ++ if [ "${?}" -ne 0 ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${strings} -a ${CMD}" +@@ -1866,6 +1914,11 @@ chk_date () { + chk_echo () { + STATUS=${NOT_INFECTED} + CMD=`loc echo echo $pth` ++ if [ "${?}" -ne 0 ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${strings} -a ${CMD}" +@@ -1887,6 +1940,11 @@ chk_echo () { + chk_env () { + STATUS=${NOT_INFECTED} + CMD=`loc env env $pth` ++ if [ "${?}" -ne 0 ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${strings} -a ${CMD}" +@@ -2003,6 +2061,11 @@ chk_pop3 () { + chk_write () { + STATUS=${NOT_INFECTED} + CMD=`loc write write $pth` ++ if [ "${?}" -ne 0 ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + WRITE_ROOTKIT_LABEL="bash|elite$|vejeta|\.ark" + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${strings} -a ${CMD}" +@@ -2024,6 +2087,11 @@ chk_write () { + chk_w () { + STATUS=${NOT_INFECTED} + CMD=`loc w w $pth` ++ if [ "${?}" -ne 0 ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + W_INFECTED_LABEL="uname -a" + + if [ "${EXPERT}" = "t" ]; then +@@ -2061,6 +2129,11 @@ chk_vdir () { + chk_tar () { + STATUS=${NOT_INFECTED} + CMD=`loc tar tar $pth` ++ if [ "${?}" -ne 0 ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${ls} -l ${CMD}" +@@ -2148,6 +2221,11 @@ chk_egrep () { + STATUS=${NOT_INFECTED} + EGREP_INFECTED_LABEL="blah" + CMD=`loc egrep egrep $pth` ++ if [ "${?}" -ne 0 ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${strings} -a ${CMD}" +@@ -2165,6 +2243,11 @@ chk_grep () { + STATUS=${NOT_INFECTED} + GREP_INFECTED_LABEL="givemer" + CMD=`loc grep grep $pth` ++ if [ "${?}" -ne 0 ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${strings} -a ${CMD}" +@@ -2422,6 +2505,11 @@ chk_su () { + STATUS=${NOT_INFECTED} + SU_INFECTED_LABEL="satori|vejeta|conf\.inv" + CMD=`loc su su $pth` ++ if [ "${?}" -ne 0 ] ++ then ++ if [ "${QUIET}" != "t" ]; then echo "not found"; fi ++ return ${NOT_FOUND} ++ fi + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${strings} -a ${CMD}" +@@ -2569,7 +2657,9 @@ do + + -x) EXPERT=t;; + +- -q) QUIET=t;; ++ -q) QUIET=t ++ QUIET_ARG="-q" ++ ;; + + -V) echo >&2 "chkrootkit version ${CHKROOTKIT_VERSION}" + exit 1;; +--- a/chklastlog.c ++++ b/chklastlog.c +@@ -103,6 +103,8 @@ int main(int argc, char*argv[]) { + struct stat wtmp_stat; + struct s_localpwd *localpwd; + uid_t *uid; ++ int quiet = 0; ++ + char wtmpfile[128], lastlogfile[128]; + + memcpy(wtmpfile, WTMP_FILENAME, 127); +@@ -124,10 +126,18 @@ int main(int argc, char*argv[]) { + ++argv; + memcpy(lastlogfile, *argv, 127); + } ++ else if (!memcmp("-q", *argv, 2)) ++ { ++ quiet = 1; ++ } + } + +- signal(SIGALRM, read_status); +- alarm(5); ++ if (!quiet) ++ { ++ signal(SIGALRM, read_status); ++ alarm(5); ++ } ++ + for (i=0; i +Description: disabling this check which was killing random processes (#457828) +--- a/chkproc.c ++++ b/chkproc.c +@@ -364,11 +364,13 @@ int main(int argc, char **argv) + retdir+= errno; + } + /* Check for Enye LKM */ ++ /* Disabled, see #421864 + if (stat(ENYELKM, &sb) && kill (12345, 58) >= 0) + { + printf("Enye LKM found\n"); + retdir+= errno; + } ++ */ + #endif + return (retdir+retps); + } --- chkrootkit-0.49.orig/debian/patches/exitcode.patch +++ chkrootkit-0.49/debian/patches/exitcode.patch @@ -0,0 +1,10 @@ +Provide exit code at the end of chkrootkit script, thanks to Arjan Opmeer (Closes: #541060) +--- a/chkrootkit ++++ b/chkrootkit +@@ -2886,5 +2886,5 @@ do + + fi + done +- ++exit 0 + ### chkrootkit ends here. --- chkrootkit-0.49.orig/debian/patches/nophpcheck.patch +++ chkrootkit-0.49/debian/patches/nophpcheck.patch @@ -0,0 +1,30 @@ +Author: Giuseppe Iuculano +Description: Delete the "suspect PHP files" check. +--- a/chkrootkit ++++ b/chkrootkit +@@ -1146,25 +1146,6 @@ ${find} ${ROOTDIR}usr/sbin -name in.slog + fi + + ### +- ### Suspect PHP files +- ### +- if [ "${QUIET}" != "t" ]; then +- printn "Searching for suspect PHP files... "; fi +- files="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -name '*.php' 2> /dev/null`" +-if [ `echo abc | head -n 1` = "abc" ]; then +- fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -n 1 {} \; | $egrep '#!.*php' 2> /dev/null`" +-else +- fileshead="`${find} ${ROOTDIR}tmp ${ROOTDIR}var/tmp ${findargs} -type f -exec head -1 {} \; | grep '#!.*php' 2> /dev/null`" +-fi +- if [ "${files}" = "" -a "${fileshead}" = "" ]; then +- if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi +- else +- echo +- echo "${files}" +- echo "${fileshead}" +- fi +- +- ### + ### shell history anomalies + ### + if [ "${QUIET}" != "t" ]; then \ --- chkrootkit-0.49.orig/debian/patches/series +++ chkrootkit-0.49/debian/patches/series @@ -0,0 +1,17 @@ +nostrip.patch +workingdir.patch +linedup_reports.patch +backslashes.patch +disable_enye.patch +quiet.patch +promisc.patch +kallsyms.patch +unidentified.patch +excludes.patch +fixwarnings.patch +#nophpcheck.patch +logpath.patch +procpsv3.patch +exitcode.patch +chkutmp.diff +CVE-2014-0476.patch --- chkrootkit-0.49.orig/debian/patches/workingdir.patch +++ chkrootkit-0.49/debian/patches/workingdir.patch @@ -0,0 +1,15 @@ +Author: unknown +Description: the base chkrootkit is designed to be run from it's build directory, +therefor it uses "./" as a prefix to all it's executables. we need to +change to /usr/lib/chkrootkit to keep this working +--- a/chkrootkit ++++ b/chkrootkit +@@ -17,6 +17,8 @@ unalias netstat > /dev/null 2>&1 + unalias ps > /dev/null 2>&1 + unalias dirname > /dev/null 2>&1 + ++cd /usr/lib/chkrootkit ++ + # Workaround for recent GNU coreutils + _POSIX2_VERSION=199209 + export _POSIX2_VERSION --- chkrootkit-0.49.orig/debian/patches/excludes.patch +++ chkrootkit-0.49/debian/patches/excludes.patch @@ -0,0 +1,212 @@ +Author: Francois Marier +Description: add the ability to exclude specific files/directories from the checks +--- a/README ++++ b/README +@@ -123,6 +123,8 @@ + -d debug + -q quiet mode + -x expert mode ++ -e exclude known false positive files/dirs, quoted, ++ space separated, READ WARNING IN README + -r dir use dir as the root directory + -p dir1:dir2:dirN path for the external commands used by chkrootkit + -n skip NFS mounted dirs +@@ -181,6 +183,31 @@ + + # ./chkrootkit -r /mnt + ++ Sometimes the test for dot files in system directories will report ++ false positives for legitimate files. It has been argued that while ++ chkrootkit could be made to ignore these false positives, that might ++ result in attackers deliberately using those names in order to avoid ++ detection. For that reason chkrootkit does not exclude any false ++ positives by default. However, many people use chkrootkit as a ++ daily cron job, and having these false positives means that the ++ administrator gets daily emails reporting these files. This probably ++ would result in the administrator: ++ A) not checking those files each time they were reported, which ++ means than an attacker could still use those names to avoid ++ detection ++ B) getting into the habit of deleting the reports without looking ++ closely at them, which means they are more likely to miss a real ++ problem ++ Because the above would result in less security, there is support for ++ excluding files, using the -e flag, for example: ++ ++ # ./chkrootkit -e '/lib/init/rw/.mdadm /lib/init/rw/.ramfs' ++ ++ WARNING: by using this option you are giving attackers a way to avoid ++ detection! Make absolutely sure that these are truly false positives ++ and do a periodic check of any excluded files to make sure they are ++ still the legitimate files you think they are. ++ + + 7. Output Messages + ------------------ +--- a/chkrootkit ++++ b/chkrootkit +@@ -651,27 +651,43 @@ etc/ld.so.hash sbin/init.zk usr/lib/in.h + echo ${files} + fi + +- ### HiDrootkit +- if [ "${QUIET}" != "t" ]; then printn \ +- "Searching for HiDrootkit's default dir... "; fi +- if [ -d ${ROOTDIR}var/lib/games/.k ] +- then +- echo "Possible HiDrootkit installed" ++lookfor_rootkit() { ++ rkname=$1; files=$2; dirs=$3; # file/directory names cannot have whitespace ++ if [ "${QUIET}" != "t" ]; then \ ++ printn "Searching for rootkit $rkname's default files... "; fi ++ ++ bad=""; ++ for f in $files ; do ++ if [ -r ${ROOTDIR}${f} ]; then ++ for exclude in $EXCLUDES; do ++ if [ /${f} = $exclude ]; then continue 2; fi ++ done ++ bad="$bad ${ROOTDIR}$f"; ++ fi ++ done ++ for d in $dirs ; do ++ if [ -d ${ROOTDIR}${d} ]; then ++ for exclude in $EXCLUDES; do ++ if [ /${d} = $exclude ]; then continue 2; fi ++ done ++ bad="$bad ${ROOTDIR}$d"; ++ fi ++ done ++ if [ "$bad" != "" ]; then ++ echo "Possible $rkname rootkit installed:" ++ echo "$bad" + else +- if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi ++ if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi + fi ++} ++ ++ ### HiDrootkit ++ ++ lookfor_rootkit "HiDrootkit" "" "var/lib/games/.k" + + ### t0rn +- if [ "${QUIET}" != "t" ]; then printn\ +- "Searching for t0rn's default files and dirs... "; fi +- if [ -f ${ROOTDIR}etc/ttyhash -o -f ${ROOTDIR}sbin/xlogin -o \ +- -d ${ROOTDIR}usr/src/.puta -o -r ${ROOTDIR}lib/ldlib.tk -o \ +- -d ${ROOTDIR}usr/info/.t0rn ] +- then +- echo "Possible t0rn rootkit installed" +- else +- if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi +- fi ++ lookfor_rootkit "t0rn" "etc/ttyhash sbin/xlogin lib/ldlib.tk" \ ++ "usr/src/.puta usr/info/.t0rn" + + ### t0rn v8 + if [ "${QUIET}" != "t" ]; then \ +@@ -688,47 +704,20 @@ etc/ld.so.hash sbin/init.zk usr/lib/in.h + fi + + ### Lion Worm +- if [ "${QUIET}" != "t" ]; then \ +- printn "Searching for Lion Worm default files and dirs... "; fi +- if [ -d ${ROOTDIR}usr/info/.torn -o -d ${ROOTDIR}dev/.lib -o \ +- -f ${ROOTDIR}bin/in.telnetd -o -f ${ROOTDIR}bin/mjy ] +- then +- echo "Possible Lion worm installed" +- else +- if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi +- fi ++ lookfor_rootkit "Lion" "bin/in.telnetd bin/mjy" "usr/info/.torn dev/.lib" + + ### RSHA rootkit +- if [ "${QUIET}" != "t" ]; then \ +- printn "Searching for RSHA's default files and dir... "; fi +- +- if [ -r "${ROOTDIR}bin/kr4p" -o -r "${ROOTDIR}usr/bin/n3tstat" \ +--o -r "${ROOTDIR}usr/bin/chsh2" -o -r "${ROOTDIR}usr/bin/slice2" \ +--o -r "${ROOTDIR}usr/src/linux/arch/alpha/lib/.lib/.1proc" \ +--o -r "${ROOTDIR}etc/rc.d/arch/alpha/lib/.lib/.1addr" \ +--o -d "${ROOTDIR}etc/rc.d/rsha" \ +--o -d "${ROOTDIR}etc/rc.d/arch/alpha/lib/.lib" ] +- then +- echo "Possible RSHA's rootkit installed" +- else +- if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi +- fi ++ lookfor_rootkit "RSHA" "bin/kr4p usr/bin/n3tstat usr/bin/chsh2 \ ++ usr/bin/slice2 usr/src/linux/arch/alpha/lib/.lib/.1proc \ ++ etc/rc.d/arch/alpha/lib/.lib/.1addr" "etc/rc.d/rsha \ ++ etc/rc.d/arch/alpha/lib/.lib" + + ### RH-Sharpe rootkit +- if [ "${QUIET}" != "t" ]; then \ +- printn "Searching for RH-Sharpe's default files... "; fi +- +- if [ -r "${ROOTDIR}bin/lps" -o -r "${ROOTDIR}usr/bin/lpstree" \ +--o -r "${ROOTDIR}usr/bin/ltop" -o -r "${ROOTDIR}usr/bin/lkillall" \ +--o -r "${ROOTDIR}usr/bin/ldu" -o -r "${ROOTDIR}usr/bin/lnetstat" \ +--o -r "${ROOTDIR}usr/bin/wp" -o -r "${ROOTDIR}usr/bin/shad" \ +--o -r "${ROOTDIR}usr/bin/vadim" -o -r "${ROOTDIR}usr/bin/slice" \ +--o -r "${ROOTDIR}usr/bin/cleaner" -o -r "${ROOTDIR}usr/include/rpcsvc/du" ] +- then +- echo "Possible RH-Sharpe's rootkit installed" +- else +- if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi +- fi ++ lookfor_rootkit "RH-Sharpe" "bin/lps usr/bin/lpstree \ ++ usr/bin/ltop usr/bin/lkillall usr/bin/ldu \ ++ usr/bin/lnetstat usr/bin/wp usr/bin/shad \ ++ usr/bin/vadim usr/bin/slice usr/bin/cleaner \ ++ usr/include/rpcsvc/du" "" + + ### ark rootkit + if [ "${QUIET}" != "t" ]; then printn \ +@@ -759,8 +748,24 @@ etc/ld.so.hash sbin/init.zk usr/lib/in.h + printn "The following suspicious files and directories were found:" + fi + echo +- echo ${files} +- echo ${dirs} ++ ++ if [ -n "${EXCLUDES}" ]; then ++ for name in $files; do ++ for exclude in $EXCLUDES; do ++ if [ $name = $exclude ]; then continue 2; fi ++ done ++ echo $name ++ done ++ for name in $dirs; do ++ for exclude in $EXCLUDES; do ++ if [ $name = $exclude ]; then continue 2; fi ++ done ++ echo $name ++ done ++ else ++ echo ${files} ++ echo ${dirs} ++ fi + fi + + ### LPD Worm +@@ -2669,6 +2674,9 @@ do + + -x) EXPERT=t;; + ++ -e) shift ++ EXCLUDES="$1 $EXCLUDES";; ++ + -q) QUIET=t + QUIET_ARG="-q" + ;; +@@ -2689,6 +2697,8 @@ Options: + -d debug + -q quiet mode + -x expert mode ++ -e exclude known false positive files/dirs, quoted, ++ space separated, READ WARNING IN README + -r dir use dir as the root directory + -p dir1:dir2:dirN path for the external commands used by chkrootkit + -n skip NFS mounted dirs" --- chkrootkit-0.49.orig/debian/patches/chkutmp.diff +++ chkrootkit-0.49/debian/patches/chkutmp.diff @@ -0,0 +1,43 @@ +Fixed chkutmp parser, thanks to Aaron M. Ucko +--- a/chkutmp.c ++++ b/chkutmp.c +@@ -58,9 +58,9 @@ int main () { return 0; } + #endif + + struct ps_line { +- char ps_tty[UT_LINESIZE]; +- char ps_user[UT_NAMESIZE]; +- char ps_args[MAXLENGTH]; ++ char ps_tty[UT_LINESIZE+2]; ++ char ps_user[UT_NAMESIZE+2]; ++ char ps_args[MAXLENGTH+2]; + int ps_pid; + }; + struct utmp_line { +@@ -70,7 +70,7 @@ struct utmp_line { + }; + static char *cmd[] = { + "ps -ef -o \"tty,pid,ruser,args\"", /* solaris */ +- "ps ax -o \"tty,pid,ruser,args\"" /* linux */ ++ "ps axk \"tty,ruser,args\" -o \"tty,pid,ruser,args\"" /* linux */ + }; + int fetchps(struct ps_line *); + int fetchutmp(struct utmp_line *); +@@ -113,6 +113,8 @@ int fetchps(struct ps_line *psl_p) + s++; + for (x = 0; (*d++ = *s++) && x <= MAXLENGTH; x++) /* cmd + args */ + ; ++ if (d[-2] == '\n') ++ d[-2] = '\0'; + i++; + curp++; + } +@@ -202,7 +204,7 @@ int main(int argc, char *argv[]) + "CMD"); + hdr_prntd = 1; + } +- printf("! %-9s %7d %-6s %s", ps_l[h].ps_user, ++ printf("! %-9s %7d %-6s %s\n", ps_l[h].ps_user, + ps_l[h].ps_pid, ps_l[h].ps_tty, ps_l[h].ps_args); + } + } --- chkrootkit-0.49.orig/debian/patches/fixchkdirsinppc.patch +++ chkrootkit-0.49/debian/patches/fixchkdirsinppc.patch @@ -0,0 +1,13 @@ +Author: Giuseppe Iuculano +Description: On ppc a "char" is unsigned. In this case, when getopt returns -1, +--- a/chkdirs.c ++++ b/chkdirs.c +@@ -238,7 +238,7 @@ int main (int argc, char **argv) + { + int norecurse = 0; + int i, retval; +- char c; ++ int c; + + opterr = 0; + while ((c = getopt(argc, argv, "n")) > 0) { --- chkrootkit-0.49.orig/debian/patches/fixwarnings.patch +++ chkrootkit-0.49/debian/patches/fixwarnings.patch @@ -0,0 +1,23 @@ +Author: Giuseppe Iuculano +Description: Some little fixes to silence compiler. +--- a/chklastlog.c ++++ b/chklastlog.c +@@ -173,7 +173,7 @@ int main(int argc, char*argv[]) { + { + if (*uid > MAX_ID) + { +- fprintf(stderr, "MAX_ID is %ld and current uid is %ld, please check\n\r", MAX_ID, *uid ); ++ fprintf(stderr, "MAX_ID is %ld and current uid is %ld, please check\n\r", (long int)MAX_ID, (long int)*uid ); + exit (1); + + } +--- a/chkwtmp.c ++++ b/chkwtmp.c +@@ -30,6 +30,7 @@ + #ifdef SOLARIS2 + #include + #endif ++#include + + #ifdef __FreeBSD__ + #define WTMP_FILENAME "/var/log/wtmp" --- chkrootkit-0.49.orig/debian/patches/nostrip.patch +++ chkrootkit-0.49/debian/patches/nostrip.patch @@ -0,0 +1,41 @@ +Author: Francois Marier +Description: don't strip the main binary, it should be done in debian/rules (#436626) +--- a/Makefile ++++ b/Makefile +@@ -41,36 +41,28 @@ sense: chklastlog chkwtmp ifpromisc chkp + + chklastlog: chklastlog.c + ${CC} ${CFLAGS} -o $@ chklastlog.c +- @strip $@ + + chkwtmp: chkwtmp.c + ${CC} ${CFLAGS} -o $@ chkwtmp.c +- @strip $@ + + ifpromisc: ifpromisc.c + ${CC} ${CFLAGS} ${LDFLAGS} -D_FILE_OFFSET_BITS=64 -o $@ ifpromisc.c +- @strip $@ + + chkproc: chkproc.c + ${CC} ${LDFLAGS} -o $@ chkproc.c +- @strip $@ + + chkdirs: chkdirs.c + ${CC} ${LDFLAGS} -o $@ chkdirs.c +- @strip $@ + + check_wtmpx: check_wtmpx.c + ${CC} ${LDFLAGS} -o $@ check_wtmpx.c +- @strip $@ + + chkutmp: chkutmp.c + ${CC} ${LDFLAGS} -o $@ chkutmp.c +- @strip $@ + + + strings-static: strings.c + ${CC} ${STATIC} ${LDFLAGS} -o $@ strings.c +- @strip $@ + + clean: + rm -f ${OBJS} core chklastlog chkwtmp ifpromisc chkproc chkdirs check_wtmpx strings-static chkutmp --- chkrootkit-0.49.orig/debian/patches/CVE-2014-0476.patch +++ chkrootkit-0.49/debian/patches/CVE-2014-0476.patch @@ -0,0 +1,16 @@ +Description: fix root escalation via missing quotes in slapper() +Origin: Debian's 0.49-5 package + +Index: chkrootkit-0.49/chkrootkit +=================================================================== +--- chkrootkit-0.49.orig/chkrootkit 2014-06-04 08:32:42.700580407 -0400 ++++ chkrootkit-0.49/chkrootkit 2014-06-04 08:35:46.344589206 -0400 +@@ -117,7 +117,7 @@ + fi + for i in ${SLAPPER_FILES}; do + if [ -f ${i} ]; then +- file_port=$file_port $i ++ file_port="$file_port $i" + STATUS=1 + fi + done --- chkrootkit-0.49.orig/debian/patches/unidentified.patch +++ chkrootkit-0.49/debian/patches/unidentified.patch @@ -0,0 +1,146 @@ +Author: Francois Marier +Description: collection of all other changes to upstream source which haven't +been identified yet +--- a/chkrootkit ++++ b/chkrootkit +@@ -268,12 +268,12 @@ wted () { + expertmode_output "./chkwtmp -f ${WTMP}" + return 5 + fi +- fi + +- if ./chkwtmp -f ${WTMP} +- then +- if [ "${QUIET}" != "t" ]; then echo "chkwtmp: nothing deleted"; fi +- fi ++ if ./chkwtmp -f ${WTMP} ++ then ++ if [ "${QUIET}" != "t" ]; then echo "chkwtmp: nothing deleted"; fi ++ fi ++ fi + } + bindshell () { + PORT="114|145|465|511|600|1008|1524|1999|1978|2881|3049|3133|3879|4000|4369|5190|5665|6667|10008|12321|23132|27374|29364|30999|31336|31337|37998|45454|47017|47889|60001|7222" +@@ -368,6 +368,9 @@ lkm () + } + + aliens () { ++ if [ \( -z "${HOME}" -o "${HOME}" = "/" \) -a `id -u` = "0" -a -d "/root" ]; then ++ HOME="/root" ++ fi + if [ "${EXPERT}" = "t" ]; then + ### suspicious files + FILES="usr/bin/sourcemask usr/bin/ras2xm usr/sbin/in.telnet \ +@@ -396,9 +399,8 @@ sbin/vobiscum usr/sbin/jcd usr/sbin/atd + ### sniffer's logs + expertmode_output "${find} ${ROOTDIR}dev ${ROOTDIR}usr ${ROOTDIR}tmp \ + ${ROOTDIR}lib ${ROOTDIR}etc ${ROOTDIR}var ${findargs} -name tcp.log -o -name \ +-.linux-sniff -o -name sniff-l0g -o -name core_ -o" +- expertmode_output "${find} ${ROOTDIR}usr/lib -name in.httpd -o \ +--name in.pop3d" ++.linux-sniff -o -name sniff-l0g -o -name core_ -o -wholename ${ROOTDIR}usr/lib/in.httpd -o \ ++-wholename ${ROOTDIR}usr/lib/in.pop3d" + + ### t0rn + expertmode_output "${find} ${ROOTDIR}etc ${ROOTDIR}sbin \ +@@ -593,9 +595,9 @@ ${ROOTDIR}usr/sbin/initcheck ${ROOTDIR}u + + ### shell history file check + if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then +- expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \ ++ expertmode_output "${find} ${ROOTDIR}${HOME} -maxdepth 1 -name .*history \ + -size 0" +- expertmode_output "${find} ${ROOTDIR}${HOME} ${findargs} -name .*history \ ++ expertmode_output "${find} ${ROOTDIR}${HOME} -maxdepth 1 -name .*history \ + \( -links 2 -o -type l \)" + fi + +@@ -766,7 +768,7 @@ etc/ld.so.hash sbin/init.zk usr/lib/in.h + printn "Searching for LPD Worm files and dirs... "; fi + + if ${egrep} "^kork" ${ROOTDIR}etc/passwd > /dev/null 2>&1 || \ +- ${egrep} "^ *666 " ${ROOTDIR}etc/inetd.conf > /dev/null 2>&1 ; ++ ${egrep} '^[[:space:]]*666[[:space:]]' ${ROOTDIR}etc/inetd.conf > /dev/null 2>&1 ; + then + echo "Possible LPD worm installed" + elif [ -d ${ROOTDIR}dev/.kork -o -f ${ROOTDIR}bin/.ps -o \ +@@ -1100,7 +1102,7 @@ ${find} ${ROOTDIR}usr/sbin -name in.slog + ### ESRK + if [ "${QUIET}" != "t" ]; then + printn "Searching for ESRK rootkit default files... "; fi +- if [ -d "${ROOTDIR}usr/lib/tcl5.3" ]; then ++ if [ -d "${ROOTDIR}/usr/lib/tcl5.3" ]; then + echo "Possible ESRK rootkit installed" + else + if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi +@@ -1164,10 +1166,10 @@ fi + printn "Searching for anomalies in shell history files... "; fi + files="" + if [ ! -z "${SHELL}" -a ! -z "${HOME}" ]; then +- files=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' -size 0` ++ files=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' -size 0` + [ ! -z "${files}" ] && \ + echo "Warning: \`${files}' file size is zero" +- files1=`${find} ${ROOTDIR}${HOME} ${findargs} -name '.*history' \( -links 2 -o -type l \)` ++ files1=`${find} ${ROOTDIR}${HOME} -maxdepth 1 -name '.*history' \( -links 2 -o -type l \)` + [ ! -z "${files1}" ] && \ + echo "Warning: \`${files1}' is linked to another file" + fi +@@ -1219,14 +1221,16 @@ getCMD() { + ${egrep} -v grep | ${egrep} -v chkrootkit | _head -1 | \ + ${awk} '{ print $5 }'` + +- for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth` +- do +- CMD="${i}" +- if [ -r "${i}" ] +- then +- return 0 +- fi +- done ++ if [ -n "${RUNNING}" ]; then ++ for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth` ++ do ++ CMD="${i}" ++ if [ -r "${i}" ] ++ then ++ return 0 ++ fi ++ done ++ fi + return 1 + } + +@@ -1247,10 +1251,10 @@ tnfs () + findargs="" + if find /etc -maxdepth 0 >/dev/null 2>&1; then + find /etc ! -fstype nfs -maxdepth 0 >/dev/null 2>&1 && \ +- findargs="! -fstype nfs " ++ findargs=" -fstype nfs -prune -o " + elif find /etc -prune > /dev/null 2>&1; then + find /etc ! -fstype nfs -prune > /dev/null 2>&1 && \ +- findargs="! -fstype nfs " ++ findargs=" -fstype nfs -prune -o " + fi + } + +@@ -2470,7 +2474,7 @@ chk_tcpd () { + fi + [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth` + +- [ "tcpd" = "${CMD}" ] && return ${NOT_FOUND}; ++ [ "tcpd" = "${CMD}" -o ! -f "${CMD}" ] && return ${NOT_FOUND}; + + if [ "${EXPERT}" = "t" ]; then + expertmode_output "${strings} -a ${CMD}" +--- a/chkproc.c ++++ b/chkproc.c +@@ -358,7 +358,7 @@ int main(int argc, char **argv) + printf("You have % 5d process hidden for ps command\n", retps); + #if defined(__linux__) + kill(1, 100); /* Check for SIGINVISIBLE Adore signal */ +- if (kill (1, SIGXFSZ) < 0 && errno == 3) ++ if (kill (1, SIGXFSZ) == -1 && errno == 3) + { + printf("SIGINVISIBLE Adore found\n"); + retdir+= errno; --- chkrootkit-0.49.orig/debian/patches/kallsyms.patch +++ chkrootkit-0.49/debian/patches/kallsyms.patch @@ -0,0 +1,47 @@ +Author: Francois Marier +Description: ksyms was replaced by kallsyms in 2.6 (#411128) +--- a/chkrootkit ++++ b/chkrootkit +@@ -23,6 +23,14 @@ cd /usr/lib/chkrootkit + _POSIX2_VERSION=199209 + export _POSIX2_VERSION + ++# ksyms/kallsyms, depending on kernel version ++if [ `uname -r | cut -d. -f2` -lt 6 ] ; ++then ++KALLSYMS=ksyms ; ++else ++KALLSYMS=kallsyms ; ++fi ; ++ + # Native commands + TROJAN="amd basename biff chfn chsh cron crontab date du dirname echo egrep \ + env find fingerd gpm grep hdparm su ifconfig inetd inetdconf identd init \ +@@ -308,7 +316,7 @@ lkm () + fi + + if [ "${EXPERT}" = "t" ]; then +- [ -r /proc/ksyms ] && ${egrep} -i "adore|sebek" < /proc/ksyms 2>/dev/null ++ [ -r /proc/$KALLSYMS ] && ${egrep} -i "adore|sebek" < /proc/$KALLSYMS 2>/dev/null + [ -d /proc/knark ] && ${ls} -la /proc/knark 2> /dev/null + PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'` + [ "$PV" = "" ] && PV=2 +@@ -318,14 +326,14 @@ lkm () + fi + + ### adore LKM +- [ -r /proc/ksyms ] && \ +- if `${egrep} -i adore < /proc/ksyms >/dev/null 2>&1`; then ++ [ -r /proc/$KALLSYMS ] && \ ++ if `${egrep} -i adore < /proc/$KALLSYMS >/dev/null 2>&1`; then + echo "Warning: Adore LKM installed" + fi + + ### sebek LKM (Adore based) +- [ -r /proc/ksyms ] && \ +- if `${egrep} -i sebek < /proc/ksyms >/dev/null 2>&1`; then ++ [ -r /proc/$KALLSYMS ] && \ ++ if `${egrep} -i sebek < /proc/$KALLSYMS >/dev/null 2>&1`; then + echo "Warning: Sebek LKM installed" + fi + --- chkrootkit-0.49.orig/debian/patches/promisc.patch +++ chkrootkit-0.49/debian/patches/promisc.patch @@ -0,0 +1,145 @@ +Author: lantz moore +Description: fixes a number of issues related to promiscuous mode +see Debian bugs #333068, #214990 and #202198 +--- a/ifpromisc.c ++++ b/ifpromisc.c +@@ -51,6 +51,8 @@ + #include + #include + #include ++#include ++#include + + struct interface + { +@@ -74,8 +76,9 @@ struct packet_info + int index; + int type; + int proto; +- int inode; ++ ino_t inode; + char *cmd; ++ char *pid; + struct packet_info *next; + }; + +@@ -110,9 +113,9 @@ static void read_proc_net_packet() + int type = 0; + unsigned int proto = 0; + int index = 0; +- unsigned int inode = 0; ++ unsigned long inode = 0; + +- if (sscanf(buf, "%*p %*d %d %x %d %*d %*u %*u %u", ++ if (sscanf(buf, "%*p %*d %d %x %d %*d %*u %*u %lu", + &type, &proto, &index, &inode) == 4) + { + struct packet_info *pi; +@@ -137,7 +140,7 @@ static void read_proc_net_packet() + } + + /* look up an entry from /proc/net/packet by inode */ +-static struct packet_info *find_packet_info(int inode) ++static struct packet_info *find_packet_info(ino_t inode) + { + struct packet_info *p; + for (p = proc_net_packet; p; p = p->next) +@@ -187,7 +190,10 @@ static void walk_process(char *process) + + if (stat(path, &statbuf) == -1) + { +- perror(path); ++ if (errno != ENOENT) ++ { ++ perror(path); ++ } + continue; + } + +@@ -202,6 +208,7 @@ static void walk_process(char *process) + snprintf(path, sizeof(path), "/proc/%s/exe", process); + readlink(path, link, sizeof(link) - 1); + info->cmd = strdup(link); ++ info->pid = strdup(process); + } + } + +@@ -235,46 +242,42 @@ static void walk_processes() + } + + /* return 1 if index is a member of pcap_session_list, 0 otherwise. */ +-static int has_packet_socket(int index) ++static struct packet_info *has_packet_socket(int index) + { + struct packet_info *p; + for (p = proc_net_packet; p; p = p->next) + { + if (p->index == index) + { +- return 1; ++ return p; + } + } +- return 0; ++ return NULL; + } + #endif /* __linux__ */ + + static void ife_print(struct interface *ptr) + { + #ifdef __linux__ +- int promisc = ptr->flags & IFF_PROMISC; +- int has_packet = has_packet_socket(ptr->index); ++ int promisc = ptr->flags & IFF_PROMISC; ++ struct packet_info *sniffer = has_packet_socket(ptr->index); ++ struct packet_info *p; + +- if (promisc || has_packet) ++ if (promisc || sniffer) + { + printf("%s:", ptr->name); + if (promisc) + printf(" PROMISC"); +- if (has_packet) ++ ++ if (sniffer) + { +- struct packet_info *p; +- printf(" PF_PACKET("); +- p = proc_net_packet; +- if (p) ++ printf(" PACKET SNIFFER("); ++ printf("%s[%s]", sniffer->cmd, sniffer->pid); ++ for (p = sniffer->next; p; p = p->next) + { +- printf("%s", p->cmd); +- +- for (p = p->next; p; p = p->next) ++ if (p->index == ptr->index) + { +- if (p->index == ptr->index) +- { +- printf(", %s", p->cmd); +- } ++ printf(", %s[%s]", p->cmd, p->pid); + } + } + printf(")"); +@@ -284,7 +287,7 @@ static void ife_print(struct interface * + else + { + if (!q) +- printf("%s: not promisc and no PF_PACKET sockets\n", ++ printf("%s: not promisc and no packet sniffer sockets\n", + ptr->name); + } + #else +@@ -348,8 +351,6 @@ static void if_print() + #endif + continue; + } +- if (!memcmp(ifr->ifr_name, "lo", 2)) +- continue; + ife_print(&ife); + } + } --- chkrootkit-0.49.orig/debian/patches/linedup_reports.patch +++ chkrootkit-0.49/debian/patches/linedup_reports.patch @@ -0,0 +1,42 @@ +Author: +Description: (printn): Use printf if available (#343284) +--- a/chkrootkit ++++ b/chkrootkit +@@ -2514,10 +2514,34 @@ chk_telnetd () { + + printn () + { +- if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then +- ${echo} -n "$1" ++ printf="use printf" ++ printf_fmt="%-60s" ++ ++ if [ ! "$PRINTF_BIN" ]; then ++ # This is first time call to use. Check environment and ++ # define this global. ++ ++ PRINTF_BIN=`which printf 2> /dev/null` ++ ++ # Set to dummy, if not found ++ [ ! "$PRINTF_BIN" ] && PRINTF_BIN="not exists" ++ ++ # We're done, and won't enter this if-case any more ++ fi ++ ++ # Some messages are continued, so don't use printf ++ case "$1" in ++ *exec*|*bogus*) printf="" ;; ++ esac ++ ++ if [ "$PRINTF_BIN" ] && [ "$printf" ]; then ++ $PRINTF_BIN "$printf_fmt" "$1" + else +- ${echo} "${1}\c" ++ if `${echo} "a\c" | ${egrep} c >/dev/null 2>&1` ; then ++ ${echo} -n "$1" ++ else ++ ${echo} "${1}\c" ++ fi + fi + } + --- chkrootkit-0.49.orig/debian/patches/logpath.patch +++ chkrootkit-0.49/debian/patches/logpath.patch @@ -0,0 +1,76 @@ +Author: Giuseppe Iuculano +Description: Read logs from /var/log instead of /var/adm +--- a/README.chklastlog ++++ b/README.chklastlog +@@ -31,8 +31,8 @@ chklastlog - check lastlog-file for dele + % cc -o chklastlog chklastlog.c + + +- To run chklastlog you need read permission on the files /var/adm/wtmp +- and /var/adm/lastlogin. Normally these files are world-readable and ++ To run chklastlog you need read permission on the files /var/log/wtmp ++ and /var/log/lastlog. Normally these files are world-readable and + no special privileges are required to run the checker. + + The following is an example of the output of chklastlog. +--- a/README.chkwtmp ++++ b/README.chkwtmp +@@ -30,7 +30,7 @@ chkwtmp - check wtmp-file for overwritte + To create chkwtmp under SunOS 4.x, type: + % cc -o chkwtmp chkwtmp.c + +- To run chkwtmp you need read permission on the file /var/adm/wtmp. ++ To run chkwtmp you need read permission on the file /var/log/wtmp. + Normally this file is world-readable and no special privileges are + required to run the checker. + +--- a/check_wtmpx.c ++++ b/check_wtmpx.c +@@ -30,8 +30,8 @@ int main () { return 0; } + #include + #include + +-#define WTMP_FILENAME "/var/adm/wtmp" +-#define WTMPX_FILENAME "/var/adm/wtmpx" ++#define WTMP_FILENAME "/var/log/wtmp" ++#define WTMPX_FILENAME "/var/log/wtmpx" + + + struct file_utmp_entry +--- a/chklastlog.c ++++ b/chklastlog.c +@@ -61,10 +61,10 @@ + #define LASTLOG_FILENAME "/var/log/lastlog" + #endif + #ifndef WTMP_FILENAME +-#define WTMP_FILENAME "/var/adm/wtmp" ++#define WTMP_FILENAME "/var/log/wtmp" + #endif + #ifndef LASTLOG_FILENAME +-#define LASTLOG_FILENAME "/var/adm/lastlog" ++#define LASTLOG_FILENAME "/var/log/lastlog" + #endif + + #define TRUE 1L +--- a/chkutmp.c ++++ b/chkutmp.c +@@ -48,7 +48,7 @@ int main () { return 0; } + #define MAXLENGTH 256 + #define UT_PIDSIZE 12 + #if defined(__sun) +-#define UTMP "/var/adm/utmpx" ++#define UTMP "/var/log/utmpx" + #define UT_LINESIZE 12 + #define UT_NAMESIZE 8 + #define PS_CMD 0 +--- a/chkwtmp.c ++++ b/chkwtmp.c +@@ -36,7 +36,7 @@ + #define WTMP_FILENAME "/var/log/wtmp" + #else + #ifndef WTMP_FILENAME +-#define WTMP_FILENAME "/var/adm/wtmp" ++#define WTMP_FILENAME "/var/log/wtmp" + #endif + #endif +