--- chkrootkit-0.47.orig/chkrootkit +++ chkrootkit-0.47/chkrootkit @@ -17,6 +17,11 @@ unalias ps > /dev/null 2>&1 unalias dirname > /dev/null 2>&1 +# the base chkrootkit is designed to be run from it's build directory, +# therefor it uses "./" as a prefix to all it's executables. we need to +# change to /usr/lib/chkrootkit to keep this working +cd /usr/lib/chkrootkit + # Workaround for recent GNU coreutils _POSIX2_VERSION=199209 export _POSIX2_VERSION @@ -28,8 +33,10 @@ pop2 pop3 ps pstree rpcinfo rlogind rshd slogin sendmail sshd syslogd tar tcpd \ tcpdump top telnetd timed traceroute vdir w write" +# i removed chkutmp from this list, for now, because it doesn't seem quite +# ready for prime time # Tools -TOOLS="aliens asp bindshell lkm rexedcs sniffer w55808 wted scalper slapper z2 chkutmp" +TOOLS="aliens asp bindshell lkm rexedcs sniffer w55808 wted scalper slapper z2" # Return Codes INFECTED=0 @@ -196,11 +203,11 @@ fi if [ "${EXPERT}" = "t" ]; then - expertmode_output "./chklastlog -f ${WTMP} -l ${LASTLOG}" + expertmode_output "./chklastlog ${QUIET_ARG} -f ${WTMP} -l ${LASTLOG}" return 5 fi - if ./chklastlog -f ${WTMP} -l ${LASTLOG} + if ./chklastlog ${QUIET_ARG} -f ${WTMP} -l ${LASTLOG} then if [ "${QUIET}" != "t" ]; then echo "chklastlog: nothing deleted"; fi fi @@ -235,12 +242,12 @@ expertmode_output "./chkwtmp -f ${WTMP}" return 5 fi - fi - if ./chkwtmp -f ${WTMP} - then - if [ "${QUIET}" != "t" ]; then echo "chkwtmp: nothing deleted"; fi - fi + if ./chkwtmp -f ${WTMP} + then + if [ "${QUIET}" != "t" ]; then echo "chkwtmp: nothing deleted"; fi + fi + fi } bindshell () { PORT="114|145|465|511|600|1008|1524|1999|1978|2881|3049|3133|3879|4000|4369|5190|5665|6667|10008|12321|23132|27374|29364|30999|31336|31337|37998|45454|47017|47889|60001|7222" @@ -353,9 +360,8 @@ ### sniffer's logs expertmode_output "${find} ${ROOTDIR}dev ${ROOTDIR}usr ${ROOTDIR}tmp \ ${ROOTDIR}lib ${ROOTDIR}etc ${ROOTDIR}var ${findargs} -name tcp.log -o -name \ -.linux-sniff -o -name sniff-l0g -o -name core_ -o" - expertmode_output "${find} ${ROOTDIR}usr/lib -name in.httpd -o \ --name in.pop3d" +.linux-sniff -o -name sniff-l0g -o -name core_ -o -wholename ${ROOTDIR}usr/lib/in.httpd -o \ +-wholename ${ROOTDIR}usr/lib/in.pop3d" ### t0rn expertmode_output "${find} ${ROOTDIR}etc ${ROOTDIR}sbin \ @@ -705,9 +711,29 @@ then if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi else + if [ "${QUIET}" = "t" ]; then + printn "The following suspicious files and directories were found:" + fi echo - echo ${files} - echo ${dirs} + + if [ -n "${EXCLUDES}" ]; then + for name in $files; do + for exclude in $EXCLUDES; do + if [ $name = $exclude ]; then continue 2; fi + done + echo $name + done + for name in $dirs; do + for exclude in $EXCLUDES; do + if [ $name = $exclude ]; then continue 2; fi + done + echo $name + done + echo + else + echo ${files} + echo ${dirs} + fi fi ### LPD Worm @@ -715,7 +741,7 @@ printn "Searching for LPD Worm files and dirs... "; fi if ${egrep} "^kork" ${ROOTDIR}etc/passwd > /dev/null 2>&1 || \ - ${egrep} "^ *666 " ${ROOTDIR}etc/inetd.conf > /dev/null 2>&1 ; + ${egrep} '^[[:space:]]*666[[:space:]]' ${ROOTDIR}etc/inetd.conf > /dev/null 2>&1 ; then echo "Possible LPD worm installed" elif [ -d ${ROOTDIR}dev/.kork -o -f ${ROOTDIR}bin/.ps -o \ @@ -1049,7 +1075,7 @@ ### ESRK if [ "${QUIET}" != "t" ]; then printn "Searching for ESRK rootkit default files... "; fi - if [ -d "${ROOTDIR}usr/lib/tcl5.3" ]; then + if [ -d "${ROOTDIR}/usr/lib/tcl5.3" ]; then echo "Possible ESRK rootkit installed" else if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi @@ -1139,14 +1165,16 @@ ${egrep} -v grep | ${egrep} -v chkrootkit | _head -1 | \ ${awk} '{ print $5 }'` - for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth` - do - CMD="${i}" - if [ -r "${i}" ] - then - return 0 - fi - done + if [ -n "${RUNNING}" ]; then + for i in ${ROOTDIR}${RUNNING} ${ROOTDIR}usr/sbin/${1} `loc ${1} ${1} $pth` + do + CMD="${i}" + if [ -r "${i}" ] + then + return 0 + fi + done + fi return 1 } @@ -2309,7 +2337,7 @@ fi [ -z "${CMD}" ] && CMD=`loc tcpd tcpd $pth` - [ "tcpd" = "${CMD}" ] && return ${NOT_FOUND}; + [ "tcpd" = "${CMD}" -o ! -f "${CMD}" ] && return ${NOT_FOUND}; if [ "${EXPERT}" = "t" ]; then expertmode_output "${strings} -a ${CMD}" @@ -2475,7 +2503,12 @@ -x) EXPERT=t;; - -q) QUIET=t;; + -e) shift + EXCLUDES="$1 $EXCLUDES";; + + -q) QUIET=t + QUIET_ARG="-q" + ;; -V) echo >&2 "chkrootkit version ${CHKROOTKIT_VERSION}" exit 1;; @@ -2493,6 +2526,8 @@ -d debug -q quiet mode -x expert mode + -e exclude known false positive files/dirs, quoted, + space separated, READ WARNING IN README -r dir use dir as the root directory -p dir1:dir2:dirN path for the external commands used by chkrootkit -n skip NFS mounted dirs" --- chkrootkit-0.47.orig/debian/config +++ chkrootkit-0.47/debian/config @@ -0,0 +1,51 @@ +#!/bin/sh -e + +CF=/etc/chkrootkit.conf + +. /usr/share/debconf/confmodule +db_version 2.0 + +db_capb backup + +db_title "chkrootkit" + +if [ -f $CF ]; then + . $CF || true + case "$RUN_DAILY" in + true|false);; + *) RUN_DAILY="false";; + esac + case "$DIFF_MODE" in + true|false);; + *) DIFF_MODE="false";; + esac + db_set chkrootkit/run_daily "$RUN_DAILY" + db_set chkrootkit/run_daily_opts "$RUN_DAILY_OPTS" + db_set chkrootkit/diff_mode "$DIFF_MODE" +fi + +STATE=1 +while [ "$STATE" -gt 0 -a "$STATE" -lt 4 ]; do + case "$STATE" in + 1) db_input medium chkrootkit/run_daily || true;; + 2) + db_get chkrootkit/run_daily + if [ "$RET" = "true" ]; then + db_input medium chkrootkit/run_daily_opts || true + fi + ;; + 3) + db_get chkrootkit/run_daily + if [ "$RET" = "true" ]; then + db_input medium chkrootkit/diff_mode || true + fi + + ;; + esac + + if db_go; then + STATE=$(($STATE + 1)) + else + STATE=$(($STATE - 1)) + fi +done --- chkrootkit-0.47.orig/debian/postrm +++ chkrootkit-0.47/debian/postrm @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e + +[ "$1" = "purge" ] && rm -f /etc/chkrootkit.conf + +#DEBHELPER# --- chkrootkit-0.47.orig/debian/chkrootkit.install +++ chkrootkit-0.47/debian/chkrootkit.install @@ -0,0 +1,3 @@ +chkrootkit usr/sbin +chk{lastlog,wtmp,utmp,dirs,proc} /usr/lib/chkrootkit +{ifpromisc,check_wtmpx,strings-static} /usr/lib/chkrootkit --- chkrootkit-0.47.orig/debian/docs +++ chkrootkit-0.47/debian/docs @@ -0,0 +1,5 @@ +README +README.chklastlog +README.chkwtmp +ACKNOWLEDGMENTS +debian/README.FALSE-POSITIVES \ No newline at end of file --- chkrootkit-0.47.orig/debian/README.Debian +++ chkrootkit-0.47/debian/README.Debian @@ -0,0 +1,12 @@ +README.Debian for chkrootkit +---------------------------- + +if chkrootkit says that it may have found a rootkit, "don't panic." +first, inspect your system and make sure that chkrootkit hasn't found a +false positive. by design, chkrootkit is a bit trigger happy. it's +better to be safe than to be sorry, i suppose. + +please see README.FALSE-POSITIVES for a brief discussion on false +positives and a list of know packages that cause false positives. + + -- lmoore , Thu Apr 21 17:13:59 2005 --- chkrootkit-0.47.orig/debian/rules +++ chkrootkit-0.47/debian/rules @@ -0,0 +1,98 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + + + + +CFLAGS = -Wall -g `getconf LFS_CFLAGS` + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + INSTALL_PROGRAM += -s +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + + touch configure-stamp + + +build: build-stamp + +build-stamp: configure-stamp + dh_testdir + + # Add here commands to compile the package. + $(MAKE) CFLAGS="$(CFLAGS) -DHAVE_LASTLOG_H -DLASTLOG_FILENAME='\"/var/log/lastlog\"' -DWTEMP_FILENAME='\"/var/log/wtmp\"'" + #/usr/bin/docbook-to-man debian/chkrootkit.sgml > chkrootkit.1 + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + # Add here commands to clean up after the build process. + -$(MAKE) clean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/chkrootkit. + #$(MAKE) install DESTDIR=$(CURDIR)/debian/chkrootkit + dh_install + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs + dh_installexamples +# dh_install +# dh_installmenu + dh_installdebconf +# dh_installlogrotate +# dh_installemacsen +# dh_installpam +# dh_installmime +# dh_installinit + dh_installcron +# dh_installinfo + dh_installman debian/chklastlog.1 debian/chkrootkit.1 debian/chkwtmp.1 + dh_link + dh_strip + dh_compress + dh_fixperms +# dh_perl +# dh_python +# dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- chkrootkit-0.47.orig/debian/templates +++ chkrootkit-0.47/debian/templates @@ -0,0 +1,25 @@ +Template: chkrootkit/run_daily +Type: boolean +Default: false +_Description: Would you like to run chkrootkit automatically every day? + chkrootkit can be run automatically via cron.daily if you like. If you + answer yes to this question, you'll also be given the opportunity to + specify options for the daily run. + +Template: chkrootkit/run_daily_opts +Type: string +_Default: -q +_Description: What arguments would you like to pass to the daily chkrootkit run? + The following are useful arguments to pass to chkrookit: + * -r specifies an alternate root directory + * -n do not attempt to analyze nfs mounted files + * -q run in quiet mode [highly recommended] + +Template: chkrootkit/diff_mode +Type: boolean +Default: false +_Description: Only report problems if they differ from yesterday's problems? + Choosing yes here instructs the cron.daily call of chkrootkit to + only report problems if they differ from the previous day's run. + . + Use this option with care. --- chkrootkit-0.47.orig/debian/README.FALSE-POSITIVES +++ chkrootkit-0.47/debian/README.FALSE-POSITIVES @@ -0,0 +1,85 @@ +the false positives that have been reported to me have fallen into to five +basic camps: hidden process, hidden files under /usr/lib, a specific file +is found, legitimate sniffers, and listening on well known ports. + +the hidden processes problem *seems* to be a thing of the past. mostly it +was due to the difference between how threads were reported under 2.4 and +2.6. + +the hidden files issue continues to crop up now and again. basically, +if chkrootkit sees a hidden file (a file that begins with .) under +/usr/lib, it flags it as suspicious. there are various packages that +contain these hidden files and they are innocuous. however, it appears +that arbitrary hidden files under /usr/lib is a sign of a rootkit, so, +again, it's the safe vs sorry argument. + +the well known port issue also comes up frequently. the problem is that +many well known ports are also used by rootkits (to get around firewalls +and as camouflage). chkrootkit doesn't currently do any additional +checking when it finds a process listening on a port that's known to have +been used for a rootkit. + +the sniffer check is just an informational check, it doesn't necessarily +mean that you've been rooted. there are several legitimate sniffers out +there; however, you may still want to check that the sniffer is the one +that you think it is, etc. + +In general, any process starting at around same time as lkm test may +trigger a warning. Just try while true;do chkrootkit lkm;sleep 1;done +during normal system use. See also FAQ 6 on www.chkrootkit.org -- paolo + +chroot environments may cause "suspicious file" false positives. + +bindshell listens on a lot of ports. these ports are also used by other +legitimate programs. chkrootkit's detection algorithm cannot determine +the difference between a legitimate program and bindshell. + +below is a (non-exhaustive) list of packages that are known to cause false +positives. before filing a bug report, please check this list. + +listens on well known ports + *radius: the Slapper worm listens on 1812 + bitlbee: LDP worms listen on port 6667 + cfs: bindshell listens on port 3049 + erlang-base: bindshell listens on port 4369 + exim-tls: bindshell listens on port 465 + mldonkey-server: bindshell listens on port 4000 + portsentry: listens on several ports that chkrootkit sees as rootkit ports + postfix-tls: bindshell listens on port 465 + reaim: bindshell listens on port 5190 + +legitimate sniffers + dhcpd + ethereal + knockd + p0f + pppoe + tcpdump + +hidden files http://www.chkrootkit.org/faq/#8 + perl packages sometimes have .packlist files + blackdown java + blender + geomview + gnustep-make + kaffe + obliq + mindi + r-cran-hmisc + realplay + scilab + smlnj + subversion + tiger + twiki + viewglob + +contains specific files + asp: Ramen Worms contain the file /usr/bin/asp + libgcj-common: the 'OBSD rk v1' contains + /usr/lib/security, + /usr/lib/security/classpath.security + /usr/lib/security/libgcj.security. + libproc-dev: t0rn v8 contains a libproc.a + run: ZK rootkits contain /usr/bin/run + slice: RH-Sharpe contains /usr/bin/slice --- chkrootkit-0.47.orig/debian/chkrootkit.1 +++ chkrootkit-0.47/debian/chkrootkit.1 @@ -0,0 +1,59 @@ +.TH chkrootkit 1 "10 January 2003" +.SH NAME +chkrootkit +\- Determine whether the system is infected with a rootkit +.SH SYNOPSIS +.B chkrootkit +[\fIOPTION\fR]... [\fITESTNAME\fR]... +.SH DESCRIPTION +.B chkrootkit +examines certain elements of the target system and determines +whether they have been tampered with. Some tools which +.B chkrootkit +applies while analyzing binaries and log files can be found at +\fI\//usr/lib/chkrootkit\fR. + +.SH OPTIONS +.TP +\fB\-h\fR +Print a short help message and exit. +.TP +\fB\-V\fR +Print version information and exit. +.TP +\fB\-l\fR +Print available tests. +.TP +\fB\-d\fR +Enter debug mode. +.TP +\fB\-x\fR +Enter expert mode. +.TP +\fB\-e\fR +Exclude known false positive files/dirs, quoted, space separated. +.TP +\fB\-q\fR +Enter quiet mode. +.TP +\fB\-r\fR +.B dir +Use +.B dir +as the root directory. +.TP +\fB\-p\fR +.B dir1:dir2:dirN +Specify the path for the external commands used by chkrootkit. +.TP +\fB\-n\fR +skip NFS mounted dirs + +.SH "AUTHOR" +Manual page written by Yotam Rubin +.I +and lantz moore +.I +for the Debian project. It may be used by others. +.SH SEE ALSO +\fBstrings\fR(1) --- chkrootkit-0.47.orig/debian/postinst +++ chkrootkit-0.47/debian/postinst @@ -0,0 +1,42 @@ +#!/bin/sh + +CF=/etc/chkrootkit.conf + +set -e +. /usr/share/debconf/confmodule + +if [ ! -f $CF ]; then + echo "RUN_DAILY=\"false\"" > $CF + echo "RUN_DAILY_OPTS=\"-q\"" >> $CF + echo "DIFF_MODE=\"false\"" >> $CF +else + if ! egrep -q '\bRUN_DAILY\b' $CF > /dev/null; then + echo "RUN_DAILY=\"false\"" >> $CF + fi + if ! egrep -q '\bRUN_DAILY_OPTS\b' $CF > /dev/null; then + echo "RUN_DAILY_OPTS=\"-q\"" >> $CF + fi + if ! egrep -q '\bDIFF_MODE\b' $CF > /dev/null; then + echo "DIFF_MODE=\"false\"" >> $CF + fi +fi + +db_version 2.0 + +db_get chkrootkit/run_daily +RUN_DAILY="$RET" +db_get chkrootkit/run_daily_opts +RUN_DAILY_OPTS="$RET" +db_get chkrootkit/diff_mode +DIFF_MODE="$RET" + +cp -a -f $CF $CF.tmp +sed -e "s,^ *RUN_DAILY=.*,RUN_DAILY=\"$RUN_DAILY\"," \ + -e "s,^ *RUN_DAILY_OPTS=.*,RUN_DAILY_OPTS=\"$RUN_DAILY_OPTS\"," \ + -e "s,^ *DIFF_MODE=.*,DIFF_MODE=\"$DIFF_MODE\"," \ + < $CF > $CF.tmp +mv -f $CF.tmp $CF + +#DEBHELPER# + +exit 0 --- chkrootkit-0.47.orig/debian/prerm +++ chkrootkit-0.47/debian/prerm @@ -0,0 +1,6 @@ +#!/bin/sh +set -e + +#DEBHELPER# + +exit 0 --- chkrootkit-0.47.orig/debian/changelog +++ chkrootkit-0.47/debian/changelog @@ -0,0 +1,311 @@ +chkrootkit (0.47-1.1ubuntu0.3) hardy-proposed; urgency=low + + * debian/chkrootkit.1: Added -e option to manpage, as suggested by + SRU verification. (LP: #575945) + + -- Marc Deslauriers Wed, 23 Jun 2010 08:26:53 -0400 + +chkrootkit (0.47-1.1ubuntu0.2) hardy-proposed; urgency=low + + * README,chkrootkit: Added -e option to exclude specific + files/directories from the checks. This helps filter out dotfile + false positives. Backported from newer release. + (LP: #575945) + + -- Marc Deslauriers Wed, 09 Jun 2010 14:35:53 -0400 + +chkrootkit (0.47-1.1ubuntu0.1) hardy-security; urgency=low + + * Fix for problem killing random processes (LP: #279752) + + -- Francois Marier Wed, 08 Oct 2008 09:59:36 +1300 + +chkrootkit (0.47-1.1) unstable; urgency=low + + * Non-maintainer upload to fix pending l10n issues. + * Debconf translations: + - Portuguese. Closes: #409449 + - Galician. Closes: #412196 + - All PO files converted to UTF-8, except Japanese + + -- Christian Perrier Mon, 5 Mar 2007 07:51:28 +0100 + +chkrootkit (0.47-1) unstable; urgency=low + + * New upstream release + + -- lantz moore Sat, 18 Nov 2006 00:59:53 -0800 + +chkrootkit (0.46a-4) unstable; urgency=low + + * don't throw away results of find (closes: 365715) + * fixed spelling mistake in chkwtmp.1 (closes: 365567) + * added debconf translations (closes: 358045,364296,374027) + * removed showtee libfl check since it would cause a + false positive on most debian systems (closes: 387312,387358) + * use -wholename in find instead of -name (closes: 389520) + * tightened up LPD inetd regex (closes: 322889) + * added knockd to README.FALSE-POSITIVES (closes: 356774) + + -- lantz moore Sat, 30 Sep 2006 13:25:07 -0700 + +chkrootkit (0.46a-3) unstable; urgency=low + + * really adding german debconf translation (closes: 326139) + * use SIGXFSZ instead of hardcoded 25 (closes: 346333) + + -- lantz moore Fri, 17 Feb 2006 20:55:58 -0800 + +chkrootkit (0.46a-2) unstable; urgency=low + + * better handling of long command lines in chkproc (closes: 328991) + * fixed sign issue on ifpromisc:find_packet_info (closes: 333068) + * more user friendly output of suspicious files in quiet mode (closes: 306787) + + -- lantz moore Fri, 25 Nov 2005 23:32:54 -0800 + +chkrootkit (0.46a-1) unstable; urgency=low + + * New upstream release (closes: 337943) + * added findargs to the 'shell history anomalies' test (closes: 297680) + * added quieting capability to chklastlog (closes: 306263) + * the wted test was running even when no wtmp file was found, fixed (see: 306449) + * added note to README.FALSE-POSITIVE + - mindi has hidden files (closes: 306784) + - erlang-base's epmd listens on a bindshell port (closes: 309386) + - perl has .packlist files (closes: 309387) + - realplay has .realplayerrc (closes: 309942) + - smlnj has .{cm,run,heap} files (closes: 323191) + - gnustep-make has .GNUsteprc (closes: 337962) + - pipsecd listens on a scalper port (closes: 307349) + * added optional depends debconf-2.0 (closes: 331777) + * added debconf translations (closes: 310029,326139,306648,311107,313250,333487,318873,334394) + * output suspicious files on separate lines (closes: 316610) + * added dependency on procps (closes: 333710) + + -- lantz moore Thu, 24 Nov 2005 13:17:21 -0800 + +chkrootkit (0.45-1) unstable; urgency=low + + * New upstream release (closes: 305708, 305710) + * use -f for conf file test (closes: 289647) + * added debconf translations + (closes: 294775,291754,287755,286473,286041) + * added more false positives to README.Debian: + - blackdown java (closes: 286870, 290816) + - blender (closes: 287062) + - mldonkey-server (closes: 304561, 295889) + - twiki (closes: 298394) + - viewglob, kaffe (closes: 287109,286057) + - bitlbee (closes: 234566) + - tiger (closes: 223428) + - radius (closes: 192438,229673) + * only run chkrootkit from cron.daily if the package is still installed + (closes: 300217,291494) + * disabled chkutmp as it seems unstable + * getCMD now only runs test if ps shows the prog as running + (closes: 262586) + * added ability for the daily run to only report problems if they differ + from the previous days run (closes: 290690,286735) + * removed an invalid changelog entry + + -- lantz moore Thu, 21 Apr 2005 17:28:26 -0700 + +chkrootkit (0.44-2) unstable; urgency=low + + * use the right conf var in cron.daily (closes: #285061) + * fixed bad exit code in cron.daily (closes: #285093) + * fixed misspelling in templates (closes: #285096) + + -- lantz moore Fri, 10 Dec 2004 09:23:31 -0800 + +chkrootkit (0.44-1) unstable; urgency=low + + * New upstream release (closes: #277785) + * applied gender patch from jason@debian.org (closes: #264511) + * false positives already reported in README.debian + (closes: #265571,#276761,#251719,#245983,#222060,#222035,#192772) + * new false positives listed in README.debian (closes: #227624) + * remove bashism from debian/rules (closes: #227065) + * add getconf LFS_CFLAGS to CFLAGS (closes: #263702) + * build-depends on po-debconf + + -- lantz moore Wed, 8 Dec 2004 12:28:48 -0800 + +chkrootkit (0.43-2) unstable; urgency=low + + * debconf and cron.daily support (closes: #223466) + + -- lantz moore Sat, 10 Jan 2004 14:08:15 -0800 + +chkrootkit (0.43-1) unstable; urgency=low + + * New upstream release (closes: #127610) + * added dependency on net-tools (closes: #224029) + * added note about dhcpd false positive (closes: #225827) + * added note about chroot environs (closes: #211379) + * added note about subversion metadata dirs (closes: #204910) + + -- lantz moore Sat, 10 Jan 2004 11:24:37 -0800 + +chkrootkit (0.42b-1) unstable; urgency=low + + * New upstream bug-fix release + * fixed a couple bugs with find, ls, and expertmode_output + (closes: #211185,#222062) + * ifpromisc now parses /proc/net/packet so that it can provide better + diagnostics. (forwarded patch upstream) (closes: #214990) + * added note about postfix-tls in README.Debian (closes: #222105) + * added note about cfs in README.Debian (closes: #193784) + * added note about procps in README.Debian (closes: #222811) + * fixed gnomeview -> geomview "misspelling" in README.Debian + (closes: #218796) + * added note about run in README.Debian (closes: #222778) + * added note about pppoe in README.Debian (closes: #222593) + * added note about r-cran-hmisc & scilab (closes: #222793) + * added note about procps bug (closes: #222811) + * removed build-depends on dbs + + -- lantz moore Fri, 5 Dec 2003 16:03:51 -0800 + +chkrootkit (0.42-2) unstable; urgency=low + + * build-depend on versioned debhelper + + -- lantz moore Sun, 14 Sep 2003 15:05:03 -0700 + +chkrootkit (0.42-1) unstable; urgency=low + + * New upstream release (closes: #210933, #202198) + * added note about gnomeview false alarm (closes: #206521) + + -- lantz moore Sun, 14 Sep 2003 14:42:26 -0700 + +chkrootkit (0.41-2.1) unstable; urgency=high + + * Fix FTBFS, thus urgency=high (closes: #203853) + + -- Benjamin Drieu Fri, 5 Sep 2003 11:36:17 +0200 + +chkrootkit (0.41-2) unstable; urgency=low + + * fixed some issues with ROOTDIR not being used appropriately + + -- lantz moore Sun, 20 Jul 2003 13:15:35 -0700 + +chkrootkit (0.41-1) unstable; urgency=low + + * New upstream release (closes: #199406, #185575) + * integrated partial patch from #189090 + * ifproc should be quiet again (closes: #190978) + + -- lantz moore Sun, 20 Jul 2003 10:55:45 -0700 + +chkrootkit (0.40-1) unstable; urgency=low + + * New upstream release (closes: #186847) + * using dbs + + -- lantz moore Sun, 13 Apr 2003 13:19:25 -0700 + +chkrootkit (0.38-1) unstable; urgency=low + + * New upstream release (closes: #175447) + * Added note to README.Debian (closes: #132079, #160539, #167459) + + -- lantz moore Sun, 5 Jan 2003 12:41:49 -0800 + +chkrootkit (0.37-2) unstable; urgency=low + + * Added debhelper build-depends. (closes: #163281) + + -- lantz moore Fri, 4 Oct 2002 22:54:25 -0700 + +chkrootkit (0.37-1) unstable; urgency=low + + * New upstream release. (closes: Bug#153163) + * applied "quiet" patch from BTS. (closes: Bug#163154) + * retooled debian/rules to use debhelper. (closes: #162726, #142422) + + -- lantz moore Wed, 2 Oct 2002 21:34:54 -0700 + +chkrootkit (0.36-1) unstable; urgency=low + + * New upstream release + + -- Yotam Rubin Sun, 7 Jul 2002 18:04:49 +0300 + +chkrootkit (0.35-2) unstable; urgency=low + + * Updated contact address. + + -- Yotam Rubin Wed, 22 May 2002 16:21:20 +0300 + +chkrootkit (0.35-1) unstable; urgency=low + + * New upstream release. Closes: Bug#131152. + * Provided location of upstream sources in copyright. Closes: Bug#129551. + * Added the -q argument to chkrootkit's manual page. Closes: Bug#128898. + * Disabled line break on line 91. Closes: Bug#128916. + * Fixed indentation in chkrootkit's manual page. Closes: Bug#129552 + + -- Yotam Rubin Thu, 31 Jan 2002 11:28:20 +0200 + +chkrootkit (0.34-4) unstable; urgency=low + + * Fixed kernel version checking error. Patch from David Coe. + Closes: Bug#128841, Bug#128840 + * Added missing manual pages for chktwmp and chklastlog. Closes: Bug#127846 + * Documented false alarm with noflushd. Closes: Bug#127976. + + -- Yotam Rubin Sat, 12 Jan 2002 13:29:37 +0200 + +chkrootkit (0.34-3) unstable; urgency=low + + * Shortened short description. + + -- Yotam Rubin Mon, 12 Nov 2001 23:17:05 +0200 + +chkrootkit (0.34-2) unstable; urgency=low + + * Added depends on binutils. Closes: Bug#118948 + + -- Yotam Rubin Sun, 11 Nov 2001 02:19:59 +0200 + +chkrootkit (0.34-1) unstable; urgency=low + + * Updated chkrootkit's README file. + * Documented possible false alarms situations in README.Debian. + (Closes Bug#102993, Bug#105614) + + -- Yotam Rubin Tue, 9 Oct 2001 20:52:41 +0200 + +chkrootkit (0.33-1) unstable; urgency=low + + * New upstream release + + -- Yotam Rubin Wed, 13 Jun 2001 22:08:28 +0300 + +chkrootkit (0.32-2) unstable; urgency=low + + * Fixed find expression in line 461. Closes: Bug#97649 + + -- Yotam Rubin Wed, 16 May 2001 12:29:35 +0300 + +chkrootkit (0.31-3) unstable; urgency=low + + * Various manual page fixes. + + -- Yotam Rubin Sat, 14 Apr 2001 19:30:06 +0300 + +chkrootkit (0.31-2) unstable; urgency=low + + * Uploaded package. Closes: #93787 + + -- Yotam Rubin Sat, 12 Apr 2001 01:43:02 +0300 + +chkrootkit (0.31-1) unstable; urgency=low + + * First Debian release + + -- Yotam Rubin Thu, 12 Apr 2001 19:50:25 +0300 --- chkrootkit-0.47.orig/debian/compat +++ chkrootkit-0.47/debian/compat @@ -0,0 +1 @@ +4 --- chkrootkit-0.47.orig/debian/po/cs.po +++ chkrootkit-0.47/debian/po/cs.po @@ -0,0 +1,89 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-04-21 16:19-0700\n" +"PO-Revision-Date: 2005-06-12 17:53+0200\n" +"Last-Translator: Miroslav Kure \n" +"Language-Team: Czech \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "Would you like to run chkrootkit automatically every day?" +msgstr "Chcete spouštět chrootkit automaticky každý den?" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "" +"chkrootkit can be run automatically via cron.daily if you like. If you " +"answer yes to this question, you'll also be given the opportunity to specify " +"options for the daily run." +msgstr "" +"chrootkit se může spouštět automaticky přes cron.daily. Pokud zde odpovíte " +"ano, budete moci zadat parametry, se kterými se bude chrootkit spouštět." + +#. Type: string +#. Default +#: ../templates:11 +msgid "-q" +msgstr "-q" + +#. Type: string +#. Description +#: ../templates:12 +msgid "What arguments would you like to pass to the daily chkrootkit run?" +msgstr "Jaké parametry chcete předat chrootkitu denně spouštěnému z cronu?" + +#. Type: string +#. Description +#: ../templates:12 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" * -r specifies an alternate root directory\n" +" * -n do not attempt to analyze nfs mounted files\n" +" * -q run in quiet mode [highly recommended]" +msgstr "" +"chrootkitu můžete předat následující užitečné parametry:\n" +" * -r zadá alternativní kořenový adresář\n" +" * -n nebude analyzovat soubory připojené přes nfs\n" +" * -q spustí se v tichém režimu [velmi doporučeno]" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Only report problems if they differ from yesterday's problems?" +msgstr "Hlásit problémy pouze pokud se liší od těch včerejších?" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "" +"Choosing yes here instructs the cron.daily call of chkrootkit to only report " +"problems if they differ from the previous day's run." +msgstr "" +"Odpovíte-li ano, bude chkrootkit spouštěný z cron.daily hlásit problémy " +"pouze tehdy, pokud se výstup liší od toho z předchozího dne." + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Use this option with care." +msgstr "Tuto možnost používejte velmi opatrně." --- chkrootkit-0.47.orig/debian/po/ja.po +++ chkrootkit-0.47/debian/po/ja.po @@ -0,0 +1,90 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit 0.45-1\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-04-21 16:19-0700\n" +"PO-Revision-Date: 2005-05-14 01:26+0900\n" +"Last-Translator: Hideki Yamane \n" +"Language-Team: Japanese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=EUC-JP\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "Would you like to run chkrootkit automatically every day?" +msgstr "ưŪ chkrootkit ¹Ԥޤ?" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "" +"chkrootkit can be run automatically via cron.daily if you like. If you " +"answer yes to this question, you'll also be given the opportunity to specify " +"options for the daily run." +msgstr "" +"˾硢chkrootkit cron.dairy ͳǼưŪ˼¹Ԥޤμ" +"֤Ϥפ硢¹ԤݤΥץǤޤ" + +#. Type: string +#. Default +#: ../templates:11 +msgid "-q" +msgstr "-q" + +#. Type: string +#. Description +#: ../templates:12 +msgid "What arguments would you like to pass to the daily chkrootkit run?" +msgstr "ɤΰ chkrootkit μ¹Ի˻ꤷޤ?" + +#. Type: string +#. Description +#: ../templates:12 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" * -r specifies an alternate root directory\n" +" * -n do not attempt to analyze nfs mounted files\n" +" * -q run in quiet mode [highly recommended]" +msgstr "" +"chkrootkit ΰǤϰʲͭѤǤ:\n" +" * -r ̤Υǥ쥯ȥ root ǥ쥯ȥȤƻꤷޤ\n" +" * -n nfs ޥȤ줿եʬϤ褦Ȥޤ\n" +" * -q Žͥ⡼ɤưޤ [ˤ]" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Only report problems if they differ from yesterday's problems?" +msgstr "ȤκʬäΤߡ𤹤褦ˤޤ?" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "" +"Choosing yes here instructs the cron.daily call of chkrootkit to only report " +"problems if they differ from the previous day's run." +msgstr "" +"ǡ֤Ϥפȡ chkrootkit cron.daily ƤӽФФư" +"ȰäƤΤ𤹤褦ꤷޤ" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Use this option with care." +msgstr "ΥץդƻȤäƤ" --- chkrootkit-0.47.orig/debian/po/pt.po +++ chkrootkit-0.47/debian/po/pt.po @@ -0,0 +1,82 @@ +# Portuguese translation of chkrookit debconf messages. +# Copyright (C) 2007 Carlos Lisboa +# This file is distributed under the same license as the chkrookit package. +# Carlos Lisboa , 2007. +# +msgid "" +msgstr "" +"Project-Id-Version: chkrookit\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2007-01-13 18:56+0100\n" +"PO-Revision-Date: 2007-02-02 20:33+0000\n" +"Last-Translator: Carlos Lisboa \n" +"Language-Team: Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Would you like to run chkrootkit automatically every day?" +msgstr "Deseja correr o chkrootkit automaticamente todos os dias?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"chkrootkit can be run automatically via cron.daily if you like. If you " +"answer yes to this question, you'll also be given the opportunity to specify " +"options for the daily run." +msgstr "" +"O chkrootkit pode ser corrido automaticamente via cron.daily, se desejar. Se " +"responder afirmativamente a esta questão, ser-lhe-á dada a oportunidade de " +"especificar as opções para o arranque diário." + +#. Type: string +#. Default +#: ../templates:2001 +msgid "-q" +msgstr "-q" + +#. Type: string +#. Description +#: ../templates:2002 +msgid "What arguments would you like to pass to the daily chkrootkit run?" +msgstr "Que argumentos deseja passar para a execução diária do chkrootkit?" + +#. Type: string +#. Description +#: ../templates:2002 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" * -r specifies an alternate root directory\n" +" * -n do not attempt to analyze nfs mounted files\n" +" * -q run in quiet mode [highly recommended]" +msgstr "" +"A seguir estão argumentos úteis que pode passar ao chkrootkit:\n" +" * -r especifica um directório raiz alternativo\n" +" * -n não tentar analizar os ficheiros nfs montados\n" +" * -q correr no modo silencioso [altamente recomendado]" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Only report problems if they differ from yesterday's problems?" +msgstr "Apenas reportar problemas se diferirem com os problemas de ontem?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Choosing yes here instructs the cron.daily call of chkrootkit to only report " +"problems if they differ from the previous day's run." +msgstr "" +"Escolhendo 'sim' aqui, instrui o cron.daily a chamar o chkrootkit para " +"apenas reportar os problemas que diferirem dos dias anteriores." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Use this option with care." +msgstr "Utilize esta opção com cuidado." --- chkrootkit-0.47.orig/debian/po/it.po +++ chkrootkit-0.47/debian/po/it.po @@ -0,0 +1,84 @@ +# Italian translations of po-debconf templates for chkrootkit. +# Copyright (c) 2005 Software in the Public Interest +# This file is distributed under the same license as the chkrootkit package. +# Luca Monducci, 2004 - 2005 +# +msgid "" +msgstr "" +"Project-Id-Version: chkrookit_0.45\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-04-21 16:19-0700\n" +"PO-Revision-Date: 2005-04-25 17:48+0100\n" +"Last-Translator: Luca Monducci \n" +"Language-Team: Italian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "Would you like to run chkrootkit automatically every day?" +msgstr "Eseguire automaticamente chkrootkit ogni giorno?" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "" +"chkrootkit can be run automatically via cron.daily if you like. If you " +"answer yes to this question, you'll also be given the opportunity to specify " +"options for the daily run." +msgstr "" +"chkrootkit può essere eseguito automaticamente via cron.daily. Se si accetta " +"questa opzione verrà data l'oppurtunità di specificare le opzioni " +"dell'esecuzione giornaliera." + +#. Type: string +#. Default +#: ../templates:11 +msgid "-q" +msgstr "-q" + +#. Type: string +#. Description +#: ../templates:12 +msgid "What arguments would you like to pass to the daily chkrootkit run?" +msgstr "Quali argomenti passare all'esecuzione giornaliera di chkrootkit?" + +#. Type: string +#. Description +#: ../templates:12 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" * -r specifies an alternate root directory\n" +" * -n do not attempt to analyze nfs mounted files\n" +" * -q run in quiet mode [highly recommended]" +msgstr "" +"I seguenti sono argomenti che è utile passare a chkrootkit:\n" +" * -r specifica una directory root alternativa\n" +" * -n non prova ad analizzare i file montati con nfs\n" +" * -q esecuzione in modalità silenziosa [raccomandata]" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Only report problems if they differ from yesterday's problems?" +msgstr "" +"Segnalare solo i problemi che non si erano verificati il giorno precedente?" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "" +"Choosing yes here instructs the cron.daily call of chkrootkit to only report " +"problems if they differ from the previous day's run." +msgstr "" +"Rispondere sì per impostare la chiamata di chkrootkit in cron.daily in modo " +"da segnalare solo i problemi che non si erano verificati nell'esecuzione del " +"giorno precedente." + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Use this option with care." +msgstr "Usare questa opzione con cautela." --- chkrootkit-0.47.orig/debian/po/pt_BR.po +++ chkrootkit-0.47/debian/po/pt_BR.po @@ -0,0 +1,96 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"pt_BR utf-8\n" +"Project-Id-Version: chkrootkit\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-04-21 16:19-0700\n" +"PO-Revision-Date: 2006-07-04 00:48-0300\n" +"Last-Translator: Felipe Augusto van de Wiel (faw) \n" +"Language-Team: l10n portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "Would you like to run chkrootkit automatically every day?" +msgstr "Você gostaria de executar o chkrootkit automaticamente todos os dias ?" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "" +"chkrootkit can be run automatically via cron.daily if you like. If you " +"answer yes to this question, you'll also be given the opportunity to specify " +"options for the daily run." +msgstr "" +"O chkrootkit pode ser executado automaticamente através do cron.daily caso " +"você deseje. Caso você responda afirmativamente a esta pergunta, você terá a " +"oportunidade de especificar opções para a execução diária." + +#. Type: string +#. Default +#: ../templates:11 +msgid "-q" +msgstr "-q" + +#. Type: string +#. Description +#: ../templates:12 +msgid "What arguments would you like to pass to the daily chkrootkit run?" +msgstr "" +"Quais argumentos você gostaria de passar para a execução diária do " +"chkrootkit ?" + +#. Type: string +#. Description +#: ../templates:12 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" * -r specifies an alternate root directory\n" +" * -n do not attempt to analyze nfs mounted files\n" +" * -q run in quiet mode [highly recommended]" +msgstr "" +"Os seguintes argumentos são úteis para serem passados ao chkrootkit :\n" +" * -r especifica um diretório raiz alternativo\n" +" * -n não tenta analisar arquivos montados via nfs\n" +" * -q executa em modo silencioso [altamente recomendado]" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Only report problems if they differ from yesterday's problems?" +msgstr "" +"Somente relatar problemas caso os mesmos sejam diferentes dos problemas de " +"ontem ?" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "" +"Choosing yes here instructs the cron.daily call of chkrootkit to only report " +"problems if they differ from the previous day's run." +msgstr "" +"Responder afirmativamente aqui instruirá a chamada cron.daily do chkrootkit " +"a somente relatar problemas caso os mesmos sejam diferentes dos problemas " +"relatados na execução do dia anterior." + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Use this option with care." +msgstr "Utilize esta opção com cuidado." --- chkrootkit-0.47.orig/debian/po/fr.po +++ chkrootkit-0.47/debian/po/fr.po @@ -0,0 +1,91 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-04-21 16:19-0700\n" +"PO-Revision-Date: 2005-07-14 14:44+0200\n" +"Last-Translator: Jean-Luc Coulon (f5ibh) \n" +"Language-Team: French >\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "Would you like to run chkrootkit automatically every day?" +msgstr "Faut-il lancer chkrootkit quotidiennement ?" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "" +"chkrootkit can be run automatically via cron.daily if you like. If you " +"answer yes to this question, you'll also be given the opportunity to specify " +"options for the daily run." +msgstr "" +"Chkrootkit peut-être lancé automatiquement par l'intermédiaire d'une tâche " +"quotidienne de cron. Si vous choisissez cette option, vous pourrez alors " +"préciser les réglages qui seront utilisés lors de cette exécution " +"quotidienne." + +#. Type: string +#. Default +#: ../templates:11 +msgid "-q" +msgstr "-q" + +#. Type: string +#. Description +#: ../templates:12 +msgid "What arguments would you like to pass to the daily chkrootkit run?" +msgstr "Options à utiliser pour la tâche quotidienne :" + +#. Type: string +#. Description +#: ../templates:12 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" * -r specifies an alternate root directory\n" +" * -n do not attempt to analyze nfs mounted files\n" +" * -q run in quiet mode [highly recommended]" +msgstr "" +"Les options suivantes peuvent être passées à chkrootkit :\n" +" * -r  : répertoire racine à utiliser ;\n" +" * -n  : pas d'analyse des fichiers sur les montages NFS ;\n" +" * -q  : exécution en mode silencieux [hautement recommandé]." + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Only report problems if they differ from yesterday's problems?" +msgstr "" +"Faut-il signaler seulement les problèmes différents de ceux de la veille ?" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "" +"Choosing yes here instructs the cron.daily call of chkrootkit to only report " +"problems if they differ from the previous day's run." +msgstr "" +"Si vous choisissez cette option, l'exécution de chkrootkit par une tâche " +"quotidienne (« cron.daily ») ne signalera les problèmes que s'ils sont " +"différents de ceux découverts lors de l'exécution de la veille." + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Use this option with care." +msgstr "Il est conseillé d'utiliser cette option avec discernement." --- chkrootkit-0.47.orig/debian/po/templates.pot +++ chkrootkit-0.47/debian/po/templates.pot @@ -0,0 +1,82 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-04-21 16:19-0700\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "Would you like to run chkrootkit automatically every day?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "" +"chkrootkit can be run automatically via cron.daily if you like. If you " +"answer yes to this question, you'll also be given the opportunity to specify " +"options for the daily run." +msgstr "" + +#. Type: string +#. Default +#: ../templates:11 +msgid "-q" +msgstr "" + +#. Type: string +#. Description +#: ../templates:12 +msgid "What arguments would you like to pass to the daily chkrootkit run?" +msgstr "" + +#. Type: string +#. Description +#: ../templates:12 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" * -r specifies an alternate root directory\n" +" * -n do not attempt to analyze nfs mounted files\n" +" * -q run in quiet mode [highly recommended]" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Only report problems if they differ from yesterday's problems?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "" +"Choosing yes here instructs the cron.daily call of chkrootkit to only report " +"problems if they differ from the previous day's run." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Use this option with care." +msgstr "" --- chkrootkit-0.47.orig/debian/po/nl.po +++ chkrootkit-0.47/debian/po/nl.po @@ -0,0 +1,93 @@ +# translation of chkrootkit_0.46a-3_templates.po to Dutch +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit_0.46a-3_nl\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-04-21 16:19-0700\n" +"PO-Revision-Date: 2006-04-21 14:37+0200\n" +"Last-Translator: Kurt De Bree \n" +"Language-Team: Dutch \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.10.2\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "Would you like to run chkrootkit automatically every day?" +msgstr "Wilt u chkrootkit dagelijks automatisch laten uitvoeren?" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "" +"chkrootkit can be run automatically via cron.daily if you like. If you " +"answer yes to this question, you'll also be given the opportunity to specify " +"options for the daily run." +msgstr "" +"U kunt chkrootkit automatisch via cron.daily laten uitvoeren. Als u \"ja\" " +"op deze vraag antwoordt, wordt u de mogelijkheid geboden om argumenten voor " +"deze dagelijkse actie te specifiëren." + +#. Type: string +#. Default +#: ../templates:11 +msgid "-q" +msgstr "-q" + +#. Type: string +#. Description +#: ../templates:12 +msgid "What arguments would you like to pass to the daily chkrootkit run?" +msgstr "" +"Welke argumenten wilt u aan de dagelijkse aanroep van chkrootkit meegeven?" + +#. Type: string +#. Description +#: ../templates:12 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" * -r specifies an alternate root directory\n" +" * -n do not attempt to analyze nfs mounted files\n" +" * -q run in quiet mode [highly recommended]" +msgstr "" +"De volgende argumenten komen van pas om aan chkrootkit mee te geven:\n" +" * -r specifiëert een alternatieve root-map\n" +" * -n nfs-gekoppelde bestanden uitsluiten\n" +" * -q \"stille modus\" (sterk aanbevolen)" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Only report problems if they differ from yesterday's problems?" +msgstr "" +"Problemen enkel rapporteren als ze de dag voordien nog niet voorkwamen?" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "" +"Choosing yes here instructs the cron.daily call of chkrootkit to only report " +"problems if they differ from the previous day's run." +msgstr "" +"Als u hier \"ja\" antwoordt zal chkrootkit opgedragen worden enkel problemen " +"te rapporteren indien die van de vorige dag afwijken." + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Use this option with care." +msgstr "Wees voorzichtig bij het gebruik van deze optie." --- chkrootkit-0.47.orig/debian/po/ca.po +++ chkrootkit-0.47/debian/po/ca.po @@ -0,0 +1,94 @@ +# translation of ca.po to +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: ca\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-04-21 16:19-0700\n" +"PO-Revision-Date: 2006-03-14 23:16+0100\n" +"Last-Translator: Miguel Gea Milvaques\n" +"Language-Team: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.1\n" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "Would you like to run chkrootkit automatically every day?" +msgstr "Voleu que s'execute automàticament chkrootkit cada dia?" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "" +"chkrootkit can be run automatically via cron.daily if you like. If you " +"answer yes to this question, you'll also be given the opportunity to specify " +"options for the daily run." +msgstr "" +"Si voleu, el chkrootkit es pot executar diàriament via cron. Si contesteu sí " +"a aquesta pregunta, tindreu l'oportunitat d'especificar les opcions per " +"l'execució diària." + +#. Type: string +#. Default +#: ../templates:11 +msgid "-q" +msgstr "-q" + +#. Type: string +#. Description +#: ../templates:12 +msgid "What arguments would you like to pass to the daily chkrootkit run?" +msgstr "" +"Quins paràmetres voleu passar-li al chkrootkit quan s'execute diàriament?" + +#. Type: string +#. Description +#: ../templates:12 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" * -r specifies an alternate root directory\n" +" * -n do not attempt to analyze nfs mounted files\n" +" * -q run in quiet mode [highly recommended]" +msgstr "" +"Els paràmetres següents són d'utilitat per passar-los al chkrootkit:\n" +" * -r especifica un directori arrel alternatiu\n" +" * -n no intenta analitzar els fitxers muntats per nfs\n" +" * -q executa en mode silenciós [molt recomanat]" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Only report problems if they differ from yesterday's problems?" +msgstr "" +"Voleu que s'informe dels problemes tan sols si són diferents dels del dia " +"d'abans?" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "" +"Choosing yes here instructs the cron.daily call of chkrootkit to only report " +"problems if they differ from the previous day's run." +msgstr "" +"Si escolliu sí ací, prepararà el cron.daily per que l'execució del " +"chkrootkit tan sols informe de problemes que són diferents des del dia " +"anterior." + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Use this option with care." +msgstr "Utilitzeu aquesta opció amb cura." --- chkrootkit-0.47.orig/debian/po/POTFILES.in +++ chkrootkit-0.47/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] templates --- chkrootkit-0.47.orig/debian/po/sv.po +++ chkrootkit-0.47/debian/po/sv.po @@ -0,0 +1,90 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# , fuzzy +# +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit 0.45-1\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-04-21 16:19-0700\n" +"PO-Revision-Date: 2005-10-13 09:00+0200\n" +"Last-Translator: Daniel Nylander \n" +"Language-Team: Swedish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "Would you like to run chkrootkit automatically every day?" +msgstr "Vill du köra chkrootkit automatiskt varje dag?" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "" +"chkrootkit can be run automatically via cron.daily if you like. If you " +"answer yes to this question, you'll also be given the opportunity to specify " +"options for the daily run." +msgstr "" +"chkrootkit kan köras automatiskt via ett cron.daily-skript om du vill. Om " +"du svara ja på denna fråga kommer du även att få chansen att specificera " +"inställningar för den dagliga körningen." + +#. Type: string +#. Default +#: ../templates:11 +msgid "-q" +msgstr "-q" + +#. Type: string +#. Description +#: ../templates:12 +msgid "What arguments would you like to pass to the daily chkrootkit run?" +msgstr "" +"Vilka argument vill du skicka till den dagliga körningen av chkrootkit?" + +#. Type: string +#. Description +#: ../templates:12 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" * -r specifies an alternate root directory\n" +" * -n do not attempt to analyze nfs mounted files\n" +" * -q run in quiet mode [highly recommended]" +msgstr "" +"Följande argument är användbara för att skicka till chkrootkit:\n" +" * -r specificera en alternativ rotmapp\n" +" * -n försök inte att analysera NFS-monterade filer\n" +" * -q kör i tyst läge [mycket rekommenderat]" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Only report problems if they differ from yesterday's problems?" +msgstr "Rapportera bara problem om de skiljer sig från gårdagens problem?" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "" +"Choosing yes here instructs the cron.daily call of chkrootkit to only report " +"problems if they differ from the previous day's run." +msgstr "" +"Välja ja här instruerar cron.daily att kalla upp chkrootkit för att bara " +"rapportera problem om de skiljer sig från gårdagens körning." + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Use this option with care." +msgstr "Använd denna funktion med försiktighet." --- chkrootkit-0.47.orig/debian/po/es.po +++ chkrootkit-0.47/debian/po/es.po @@ -0,0 +1,99 @@ +# chkrootkit po-debconf translation to Spanish +# Copyright (C) 2005 Software in the Public Interest +# This file is distributed under the same license as the chkrootkit package. +# +# Changes: +# - Initial translation +# César Gómez Martín +# +# Traductores, si no conoce el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Equipo de traducción al español, por favor, lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish/ +# especialmente las notas de traducción en +# http://www.debian.org/intl/spanish/notas +# +# - La guía de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-04-21 16:19-0700\n" +"PO-Revision-Date: 2005-10-07 17:43+0100\n" +"Last-Translator: César Gómez Martín \n" +"Language-Team: Debian l10n spanish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Spanish\n" +"X-Poedit-Country: SPAIN\n" +"X-Poedit-SourceCharset: utf-8\n" + +#. Type: boolean +#: ../templates:4 +msgid "Would you like to run chkrootkit automatically every day?" +msgstr "¿Desea que chkrootkit se ejecute cada día automáticamente?" + +#. Type: boolean +#: ../templates:4 +msgid "" +"chkrootkit can be run automatically via cron.daily if you like. If you " +"answer yes to this question, you'll also be given the opportunity to specify " +"options for the daily run." +msgstr "" +"Si desea, chkrootkit se puede ejecutar automáticamente a través de cron." +"daily. Si responde afirmativamente a esta pregunta, también tendrá la " +"oportunidad de especificar las opciones de la ejecución diaria." + +#. Type: string +#: ../templates:11 +msgid "-q" +msgstr "-q" + +#. Type: string +#: ../templates:12 +msgid "What arguments would you like to pass to the daily chkrootkit run?" +msgstr "¿Qué argumentos desea pasarle a la ejecución diaria de chkrootkit?" + +#. Type: string +#: ../templates:12 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" * -r specifies an alternate root directory\n" +" * -n do not attempt to analyze nfs mounted files\n" +" * -q run in quiet mode [highly recommended]" +msgstr "" +"Argumentos útiles para pasarle a chkrootkit:\n" +" * -r especifica un directorio raíz alternativo\n" +" * -n no intenta analizar ficheros montados a través de nfs\n" +" * -q ejecución en modo silencioso [altamente recomendado]" + +#. Type: boolean +#: ../templates:21 +msgid "Only report problems if they differ from yesterday's problems?" +msgstr "" +"¿Desea que se informe de los problemas sólo cuando sean distintos a los del " +"día anterior?" + +#. Type: boolean +#: ../templates:21 +msgid "" +"Choosing yes here instructs the cron.daily call of chkrootkit to only report " +"problems if they differ from the previous day's run." +msgstr "" +"Si contesta afirmativamente, la llamada cron.daily de chkrootkit sólo " +"informará de problemas si éstos son distintos a los del día anterior." + +#. Type: boolean +#: ../templates:21 +msgid "Use this option with care." +msgstr "Use esta opción con cuidado." --- chkrootkit-0.47.orig/debian/po/de.po +++ chkrootkit-0.47/debian/po/de.po @@ -0,0 +1,88 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2005-04-21 16:19-0700\n" +"PO-Revision-Date: 2005-09-02 01:50+0200\n" +"Last-Translator: Daniel Knabl \n" +"Language-Team: German \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "Would you like to run chkrootkit automatically every day?" +msgstr "Möchten Sie, dass chkrootkit automatisch täglich ausgeführt wird?" + +#. Type: boolean +#. Description +#: ../templates:4 +msgid "" +"chkrootkit can be run automatically via cron.daily if you like. If you " +"answer yes to this question, you'll also be given the opportunity to specify " +"options for the daily run." +msgstr "" +"Wenn Sie wollen.kann chkrootkit automatisch täglich mittels cron laufen. " +"Wenn Sie hier mit JA antworten, dann können Sie weitere Optionen für die " +"tägliche Ausführung angeben." + +#. Type: string +#. Default +#: ../templates:11 +msgid "-q" +msgstr "-q" + +#. Type: string +#. Description +#: ../templates:12 +msgid "What arguments would you like to pass to the daily chkrootkit run?" +msgstr "Mit welchen Paramtern soll chkrootkit täglich gestartet werden?" + +#. Type: string +#. Description +#: ../templates:12 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" * -r specifies an alternate root directory\n" +" * -n do not attempt to analyze nfs mounted files\n" +" * -q run in quiet mode [highly recommended]" +msgstr "" +"Die folgenden Argumente können an chkrootkit übergeben werden:\n" +" * -r gibt ein anderes Wurzelverzeichnis an\n" +"..* -n schließt nfs-gemountete Verzeichnisse aus\n" +" * -q \"stiller\" Modus [sehr empfohlen]" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Only report problems if they differ from yesterday's problems?" +msgstr "Probleme nur berichten, wenn sie von Problemen vom Vortag abweichen?" + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "" +"Choosing yes here instructs the cron.daily call of chkrootkit to only report " +"problems if they differ from the previous day's run." +msgstr "" +"Wenn sie hier JA wählen, wird chkrootkit aufgefordert, nur Probleme zu " +"berichten sofern sie von Problemen am Vortag abweichen." + +#. Type: boolean +#. Description +#: ../templates:21 +msgid "Use this option with care." +msgstr "Benutzen Sie diese Option mit Vorsicht." --- chkrootkit-0.47.orig/debian/po/gl.po +++ chkrootkit-0.47/debian/po/gl.po @@ -0,0 +1,82 @@ +# Galician translation of chkrootkit's debconf templates +# This file is distributed under the same license as the chkrootkit package. +# Jacobo Tarrio , 2007. +# +msgid "" +msgstr "" +"Project-Id-Version: chkrootkit\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2007-01-13 18:56+0100\n" +"PO-Revision-Date: 2007-02-24 15:27+0100\n" +"Last-Translator: Jacobo Tarrio \n" +"Language-Team: Galician \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Would you like to run chkrootkit automatically every day?" +msgstr "¿Quere executar chkrootkit automaticamente cada día?" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"chkrootkit can be run automatically via cron.daily if you like. If you " +"answer yes to this question, you'll also be given the opportunity to specify " +"options for the daily run." +msgstr "" +"Pódese executar chkrootkit automaticamente mediante cron.daily, se quere. Se " +"resposta \"si\" a esta pregunta, háselle dar tamén a oportunidade de " +"especificar opcións para a execución diaria." + +#. Type: string +#. Default +#: ../templates:2001 +msgid "-q" +msgstr "-q" + +#. Type: string +#. Description +#: ../templates:2002 +msgid "What arguments would you like to pass to the daily chkrootkit run?" +msgstr "¿Que argumentos quere pasar á execución diaria de chkrootkit?" + +#. Type: string +#. Description +#: ../templates:2002 +msgid "" +"The following are useful arguments to pass to chkrookit:\n" +" * -r specifies an alternate root directory\n" +" * -n do not attempt to analyze nfs mounted files\n" +" * -q run in quiet mode [highly recommended]" +msgstr "" +"Estes son algúns argumentos útiles para lle pasar a chkrootkit:\n" +" * -r indica un directorio raíz alternativo\n" +" * -n non tenta analizar ficheiros montados por NFS\n" +" * -q executa en modo silencioso [recoméndase]" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Only report problems if they differ from yesterday's problems?" +msgstr "¿Informar dos problemas só se son diferentes dos do día anterior?" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Choosing yes here instructs the cron.daily call of chkrootkit to only report " +"problems if they differ from the previous day's run." +msgstr "" +"Se escolle \"si\" aquí ha facer que a execución diaria de chkrootkit só " +"informe dos problemas se son diferentes dos que apareceron na execución do " +"día anterior." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Use this option with care." +msgstr "Empregue esta opción con coidado." --- chkrootkit-0.47.orig/debian/cron.daily +++ chkrootkit-0.47/debian/cron.daily @@ -0,0 +1,27 @@ +#!/bin/sh -e + +CHKROOTKIT=/usr/sbin/chkrootkit +CF=/etc/chkrootkit.conf +LOG_DIR=/var/cache/chkrootkit + +if [ ! -x $CHKROOTKIT ]; then + exit 0 +fi + +if [ -f $CF ]; then + . $CF +fi + +if [ "$RUN_DAILY" = "true" ]; then + if [ "$DIFF_MODE" = "true" ]; then + $CHKROOTKIT $RUN_DAILY_OPTS > $LOG_DIR/log.new 2>&1 + if [ ! -f $LOG_DIR/log.old ] \ + || ! diff -q $LOG_DIR/log.old $LOG_DIR/log.new > /dev/null 2>&1; then + cat $LOG_DIR/log.new + fi + mv $LOG_DIR/log.new $LOG_DIR/log.old + else + $CHKROOTKIT $RUN_DAILY_OPTS + fi +fi + --- chkrootkit-0.47.orig/debian/chklastlog.1 +++ chkrootkit-0.47/debian/chklastlog.1 @@ -0,0 +1,48 @@ +.\" +.\" Copyright (c) DFN-CERT, Univ. of Hamburg 1994 +.\" +.\" Univ. Hamburg, Dept. of Computer Science +.\" DFN-CERT +.\" Vogt-Koelln-Strasse 30 +.\" 22527 Hamburg +.\" Germany +.\" +.\" @(#) $Header: chklastlog.1,v +.TH CHKLASTLOG 1 "Thu Oct 12 1994" +.AT 3 +.SH NAME +chklastlog \- check lastlog-file for deleted entries +.SH SYNOPSIS +.na +.B chklastlog +.ad +.SH DESCRIPTION +.LP +\fIChklastlog\fP is reading all entries from the file \fI/var/adm/wtmp\fP +(file with informations about logins and logouts) and checks for every user +found in this file whether there is an entry in the file +\fI/var/adm/lastlog\fP, too. The program will complain about userids with +logins but no lastlogin information. + +To run chklastlog you need read permission on the files /var/adm/wtmp +and /var/adm/lastlogin. Normally these files are world-readable and +no special privileges are required to run the checker. +.. +.HD +.SH "FILES" +.PD 0 +.TP 20 +.B /var/adm/wtmp +login data base +.TP +.B /var/adm/lastlog +last login times +.PD +.SH "SEE ALSO" +wtmp(4), who(1), last(1) +.SH "LIMITATIONS" +This program only works if the user has not logged in after the deletion +of their lastlog entry. + +This program was designed to run on SunOS 4.x systems only. On other +systems the output is undefined... --- chkrootkit-0.47.orig/debian/copyright +++ chkrootkit-0.47/debian/copyright @@ -0,0 +1,31 @@ +This package was Debianized by lantz moore +from sources obtain from: +ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit-0.40.tar.gz + + +copyright: + +# @(#)COPYRIGHT 1.2 (Pangeia Informatica) 2/21/97 + +Copyright 1996-2003 - Pangeia Informatica, All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. --- chkrootkit-0.47.orig/debian/control +++ chkrootkit-0.47/debian/control @@ -0,0 +1,29 @@ +Source: chkrootkit +Section: misc +Priority: optional +Maintainer: Ubuntu Core Developers +XSBC-Original-Maintainer: lantz moore +Standards-Version: 3.6.2 +Build-Depends: debhelper (>> 4.0.0), libc6.1-dev [ia64], po-debconf + +Package: chkrootkit +Architecture: any +Depends: ${shlibs:Depends}, binutils, net-tools, debconf | debconf-2.0, procps +Description: Checks for signs of rootkits on the local system + chkrootkit identifies whether the target computer is infected with a rootkit. + Some of the rootkits that chkrootkit identifies are: + 1. lrk3, lrk4, lrk5, lrk6 (and some variants); + 2. Solaris rootkit; + 3. FreeBSD rootkit; + 4. t0rn (including latest variant); + 5. Ambient's Rootkit for Linux (ARK); + 6. Ramen Worm; + 7. rh[67]-shaper; + 8. RSHA; + 9. Romanian rootkit; + 10. RK17; + 11. Lion Worm; + 12. Adore Worm. + Please note that this is not a definitive test, it does not ensure that the + target has not been cracked. In addition to running chkrootkit, one should + perform more specific tests. --- chkrootkit-0.47.orig/debian/chkwtmp.1 +++ chkrootkit-0.47/debian/chkwtmp.1 @@ -0,0 +1,45 @@ +.\" +.\" Copyright (c) DFN-CERT, Univ. of Hamburg 1994 +.\" +.\" Univ. Hamburg, Dept. of Computer Science +.\" DFN-CERT +.\" Vogt-Koelln-Strasse 30 +.\" 22527 Hamburg +.\" Germany +.\" +.\" @(#) $Header: chkwtmp.1,v +.TH CHKWTMP 1 "Thu Oct 12 1994" +.AT 3 +.SH NAME +chkwtmp \- check wtmp-file for deleted entries +.SH SYNOPSIS +.na +.B chkwtmp +.ad +.SH DESCRIPTION +.LP +\fIChkwtmp\fP examines the file \fI/var/adm/wtmp\fP for entries with no +information (containing only null-bytes). If such entries are found the +program prints the time window for the original entry. This is done +by displaying the timestamps of the wtmp-entry before and after the +deleted entry. + +To run chkwtmp you need read permission on the file /var/adm/wtmp. +Normally this file is world-readable and no special privileges are +required to run the checker. +.. +.HD +.SH "FILES" +.PD 0 +.TP 20 +.B /var/adm/wtmp +login data base +.PD +.SH "SEE ALSO" +wtmp(4), who(1) +.SH "LIMITATIONS" +An entry is recognized as overwritten if the time-information has been +overwritten with null-bytes. + +This program was designed to run on SunOS 4.x systems only. On other +systems the output is undefined... --- chkrootkit-0.47.orig/debian/dirs +++ chkrootkit-0.47/debian/dirs @@ -0,0 +1,3 @@ +usr/sbin +usr/lib/chkrootkit +var/cache/chkrootkit \ No newline at end of file --- chkrootkit-0.47.orig/ifpromisc.c +++ chkrootkit-0.47/ifpromisc.c @@ -51,6 +51,8 @@ #include #include #include +#include +#include struct interface { @@ -73,8 +75,9 @@ int index; int type; int proto; - int inode; + ino_t inode; char *cmd; + char *pid; struct packet_info *next; }; @@ -109,9 +112,9 @@ int type = 0; unsigned int proto = 0; int index = 0; - unsigned int inode = 0; + unsigned long inode = 0; - if (sscanf(buf, "%*p %*d %d %x %d %*d %*u %*u %u", + if (sscanf(buf, "%*p %*d %d %x %d %*d %*u %*u %lu", &type, &proto, &index, &inode) == 4) { struct packet_info *pi; @@ -136,7 +139,7 @@ } /* look up an entry from /proc/net/packet by inode */ -static struct packet_info *find_packet_info(int inode) +static struct packet_info *find_packet_info(ino_t inode) { struct packet_info *p; for (p = proc_net_packet; p; p = p->next) @@ -166,7 +169,10 @@ if ((dir = opendir(path)) == NULL) { - perror(path); + if (errno != ENOENT) + { + perror(path); + } return; } @@ -185,7 +191,10 @@ if (stat(path, &statbuf) == -1) { - perror(path); + if (errno != ENOENT) + { + perror(path); + } continue; } @@ -200,6 +209,7 @@ snprintf(path, sizeof(path), "/proc/%s/exe", process); readlink(path, link, sizeof(link) - 1); info->cmd = strdup(link); + info->pid = strdup(process); } } @@ -233,46 +243,42 @@ } /* return 1 if index is a member of pcap_session_list, 0 otherwise. */ -static int has_packet_socket(int index) +static struct packet_info *has_packet_socket(int index) { struct packet_info *p; for (p = proc_net_packet; p; p = p->next) { if (p->index == index) { - return 1; + return p; } } - return 0; + return NULL; } #endif /* __linux__ */ static void ife_print(struct interface *ptr) { #ifdef __linux__ - int promisc = ptr->flags & IFF_PROMISC; - int has_packet = has_packet_socket(ptr->index); + int promisc = ptr->flags & IFF_PROMISC; + struct packet_info *sniffer = has_packet_socket(ptr->index); + struct packet_info *p; - if (promisc || has_packet) + if (promisc || sniffer) { printf("%s:", ptr->name); if (promisc) printf(" PROMISC"); - if (has_packet) + + if (sniffer) { - struct packet_info *p; - printf(" PF_PACKET("); - p = proc_net_packet; - if (p) + printf(" PACKET SNIFFER("); + printf("%s[%s]", sniffer->cmd, sniffer->pid); + for (p = sniffer->next; p; p = p->next) { - printf("%s", p->cmd); - - for (p = p->next; p; p = p->next) + if (p->index == ptr->index) { - if (p->index == ptr->index) - { - printf(", %s", p->cmd); - } + printf(", %s[%s]", p->cmd, p->pid); } } printf(")"); @@ -282,7 +288,7 @@ else { if (!q) - printf("%s: not promisc and no PF_PACKET sockets\n", + printf("%s: not promisc and no packet sniffer sockets\n", ptr->name); } #else @@ -346,8 +352,6 @@ #endif continue; } - if (!memcmp(ifr->ifr_name, "lo", 2)) - continue; ife_print(&ife); } } --- chkrootkit-0.47.orig/chklastlog.c +++ chkrootkit-0.47/chklastlog.c @@ -104,6 +104,8 @@ struct stat wtmp_stat; struct s_localpwd *localpwd; uid_t *uid; + int quiet = 0; + char wtmpfile[128], lastlogfile[128]; memcpy(wtmpfile, WTMP_FILENAME, 127); @@ -125,10 +127,18 @@ ++argv; memcpy(lastlogfile, *argv, 127); } + else if (!memcmp("-q", *argv, 2)) + { + quiet = 1; + } } - signal(SIGALRM, read_status); - alarm(5); + if (!quiet) + { + signal(SIGALRM, read_status); + alarm(5); + } + for (i=0; i