[Lunar-commits] <moonbase> chkrootkit: +0.01; net-tools hardened a little bit.

Zbigniew Luszpinski zbiggy at lunar-linux.org
Mon Mar 3 11:41:35 CET 2008 

commit 81c797c9447c22c5343d60968be98f0f19dcd5f9
Author: Zbigniew Luszpinski <zbiggy at lunar-linux.org>
Date:   Mon Mar 3 11:41:35 2008 +0100

    chkrootkit: +0.01; net-tools hardened a little bit.
    chkrootkit raised INFECTED false positive on netstat
    because debug data were -actually- not stripped
    in net-tools build script. Thanks to stripping:
    * net-tools binaries are harder to hack (a little bit)
    * size of netstat decreased 3x
---
 net/net-tools/BUILD         |   10 +++++++---
 net/net-tools/DETAILS       |    2 +-
 security/chkrootkit/DETAILS |    6 +++---
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/net/net-tools/BUILD b/net/net-tools/BUILD
index c648aea..386cf81 100644
--- a/net/net-tools/BUILD
+++ b/net/net-tools/BUILD
@@ -4,6 +4,12 @@
   patch_it $SOURCE3 0 &&
   patch_it $SOURCE4 1 &&
   patch_it $SOURCE5 1 &&
+  sedit "s/-O2/$CFLAGS/" Makefile &&
+  sedit "s/LOPTS = /LOPTS = $LDFLAGS -s/" Makefile &&
+
+  # Do not add debug data to protect against hacking
+  # and stop chkrootkit from reporting false positive
+  sedit "s/-g//" Makefile &&
 
   if [ -f $CONFIG_CACHE/net-tools.config.h ]; then
     cp $CONFIG_CACHE/net-tools.config.h config.h
@@ -17,12 +23,10 @@
   fi &&
 
   make            &&
-
   prepare_install &&
 
   make BASEDIR=/ install &&
-
   install -m 755 $SCRIPT_DIRECTORY/ifup   /sbin &&
   install -m 755 $SCRIPT_DIRECTORY/ifdown /sbin
-  
+
 ) > $C_FIFO 2>&1
diff --git a/net/net-tools/DETAILS b/net/net-tools/DETAILS
index 52db419..131aca6 100644
--- a/net/net-tools/DETAILS
+++ b/net/net-tools/DETAILS
@@ -18,7 +18,7 @@
         WEB_SITE=http://www.tazenda.demon.co.uk/phil/net-tools
       MAINTAINER=kc8apf at kc8apf.net
          ENTERED=20010922
-         UPDATED=20070924
+         UPDATED=20080303
            SHORT="net-tools contains essential tools for networking."
 LUNAR_RESTART_SERVICES=off
 cat << EOF
diff --git a/security/chkrootkit/DETAILS b/security/chkrootkit/DETAILS
index ade0a64..7e8c465 100644
--- a/security/chkrootkit/DETAILS
+++ b/security/chkrootkit/DETAILS
@@ -1,12 +1,12 @@
           MODULE=chkrootkit
-         VERSION=0.47
+         VERSION=0.48
           SOURCE=$MODULE.tar.gz
    SOURCE_URL[0]=ftp://ftp.pangeia.com.br/pub/seg/pac/
    SOURCE_URL[1]=http://us.chkrootkit.org/download/
-      SOURCE_VFY=sha1:ef9ba1208572662a0da51dc284de550bf6378143
+      SOURCE_VFY=sha1:edbaf062a78f4210a7dbe9ef935cb86d12695d91
         WEB_SITE=http://www.chkrootkit.org/
          ENTERED=20040124
-         UPDATED=20061103
+         UPDATED=20080229
            SHORT="a tool to locally check for signs of a rootkit"
 
 cat << EOF

More information about the Lunar-commits mailing list