5 files changed, 108 insertions, 0 deletions

diff --git a/security/chkrootkit/Makefile b/security/chkrootkit/Makefile
new file mode 100644
index 000000000000..0655387f2356
--- /dev/null
+++ b/security/chkrootkit/Makefile
@@ -0,0 +1,60 @@
+# Created by: Luiz Eduardo R. Cordeiro
+# $FreeBSD$
+
+PORTNAME=	chkrootkit
+PORTVERSION=	0.50
+CATEGORIES=	security
+MASTER_SITES=	ftp://ftp.pangeia.com.br/pub/seg/pac/ \
+		ftp://gd.tuwien.ac.at/infosys/security/chkrootkit/ \
+		ftp://ftp.digitalvoodoo.org/pub/mirrors/chkrootkit/ \
+		http://www.spenneberg.org/chkrootkit-mirror/files/ \
+		http://www.mirrors.wiretapped.net/security/host-security/chkrootkit/ \
+		http://ftp.uni-stuttgart.de/pub/security/unix/forensics/chkrootkit/ \
+		http://ftp.bit.nl/mirror/chkrootkit/ \
+		http://chkrootkit.mirror.fr/
+
+MAINTAINER=	lacey.leanne@gmail.com
+COMMENT=	Tool to locally check for signs of a rootkit
+
+LICENSE=	BSD2CLAUSE
+
+OPTIONS_DEFINE=	DOCS
+
+SCRIPT_FILES=	chkrootkit
+PROG_FILES=	chklastlog \
+		chkwtmp \
+		chkutmp \
+		chkproc \
+		chkdirs \
+		ifpromisc \
+		check_wtmpx \
+		strings
+ALL_TARGET=	${SCRIPT_FILES} ${PROG_FILES}
+PORTDOCS=	ACKNOWLEDGMENTS \
+		COPYRIGHT \
+		README \
+		README.chklastlog \
+		README.chkwtmp
+
+PLIST_FILES=	${ALL_TARGET:C,^,sbin/,}
+
+BINMODE=	0700
+
+.include <bsd.port.pre.mk>
+
+post-patch:
+	@${REINPLACE_CMD} -E "s/^(CC|CFLAGS)[^a-zA-Z]*=/\1 ?=/" \
+		${WRKSRC}/Makefile
+
+.for prog in ${PROG_FILES}
+	@${REINPLACE_CMD} -E 's,\./(${prog}),${PREFIX}/sbin/\1,g' \
+		${WRKSRC}/chkrootkit
+.endfor
+
+do-install:
+	${INSTALL_SCRIPT}  ${SCRIPT_FILES:C,^,${WRKSRC}/,} ${STAGEDIR}${PREFIX}/sbin
+	${INSTALL_PROGRAM} ${PROG_FILES:C,^,${WRKSRC}/,} ${STAGEDIR}${PREFIX}/sbin
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${PORTDOCS:C,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}
+
+.include <bsd.port.post.mk>
diff --git a/security/chkrootkit/distinfo b/security/chkrootkit/distinfo
new file mode 100644
index 000000000000..c2ef9ede450e
--- /dev/null
+++ b/security/chkrootkit/distinfo
@@ -0,0 +1,2 @@
+SHA256 (chkrootkit-0.50.tar.gz) = 9548fc922b0cb8ddf055faff4a4887f140a31c45f2f5e3aa64aad91ecfa56cc7
+SIZE (chkrootkit-0.50.tar.gz) = 38616
diff --git a/security/chkrootkit/files/patch-chklastlog.c b/security/chkrootkit/files/patch-chklastlog.c
new file mode 100644
index 000000000000..3a35a570cda6
--- /dev/null
+++ b/security/chkrootkit/files/patch-chklastlog.c
@@ -0,0 +1,11 @@
+--- chklastlog.c.orig	2014-05-06 10:12:14 UTC
++++ chklastlog.c
+@@ -33,7 +33,7 @@
+ #else
+ #undef HAVE_LASTLOG_H
+ #endif
+-#if __FreeBSD__ > 9
++#if __FreeBSD__ >= 9
+ int main () { return 0; }
+ #else
+ #include <stdio.h>
diff --git a/security/chkrootkit/files/patch-chkwtmp.c b/security/chkrootkit/files/patch-chkwtmp.c
new file mode 100644
index 000000000000..027560ce3650
--- /dev/null
+++ b/security/chkrootkit/files/patch-chkwtmp.c
@@ -0,0 +1,11 @@
+--- chkwtmp.c.orig	2014-05-06 10:13:16 UTC
++++ chkwtmp.c
+@@ -19,7 +19,7 @@
+    Nelson Murilo, nelson@pangeia.com.br
+ */
+ 
+-#if __FreeBSD__ > 9 
++#if __FreeBSD__ >= 9 
+ int main () { return 0; } 
+ #else
+ #include <stdio.h>
diff --git a/security/chkrootkit/pkg-descr b/security/chkrootkit/pkg-descr
new file mode 100644
index 000000000000..482d1e734c8b
--- /dev/null
+++ b/security/chkrootkit/pkg-descr
@@ -0,0 +1,24 @@
+ Chkrootkit is a tool to locally check for signs of a rootkit.
+ -------------------------------------------------------------
+
+ It contains:
+
+ * chkrootkit: a shell script that checks system binaries for
+   rootkit modification.
+ * ifpromisc.c: checks if the network interface is in promiscuous
+   mode.
+ * chklastlog.c: checks for lastlog deletions.
+ * chkwtmp.c: checks for wtmp deletions.
+ * check_wtmpx.c: checks for wtmpx deletions.  (Solaris only)
+ * chkproc.c: checks for signs of LKM trojans.
+ * chkdirs.c: checks for signs of LKM trojans.
+ * strings.c: quick and dirty strings replacement.
+ * chkutmp.c: checks for utmp deletions.
+
+ For an updated list of rootkits, worms and LKMs detected by
+ chkrootkit please visit: http://www.chkrootkit.org/
+
+Nelson Murilo <nelson@pangeia.com.br>
+Klaus Steding-Jessen <jessen@nic.br>
+
+WWW: http://www.chkrootkit.org/