revealrk searches for hidden processes. If you have a kernel mod

rootkit loaded into memory without hiding any process, don't expect to find anything. Reveal RootKit is intended to run out of cron or similar services on a regular basis and avoids verbose output as long as nothing was found. WWW: http://sourceforge.net/projects/revealrk PR: ports/174981
svn path=/head/; revision=311188
2024-11-26 00:55:14 +00:00 · 2013-01-29 21:06:36 +00:00 · 2013-01-29 21:06:36 +00:00 · 6c6fff35bb · 2021-03-31 03:12:20 +00:00
commit 6c6fff35bb
parent b7817fc389
5 changed files with 62 additions and 0 deletions
--- a/security/Makefile
+++ b/security/Makefile
@ -817,6 +817,7 @@
    SUBDIR += regripper
    SUBDIR += regripperplugins
    SUBDIR += retranslator
+    SUBDIR += revealrk
    SUBDIR += revelation
    SUBDIR += rifiuti2
    SUBDIR += rkhunter
--- a/security/revealrk/Makefile
+++ b/security/revealrk/Makefile
@ -0,0 +1,27 @@
+# $FreeBSD$
+
+PORTNAME=	revealrk
+PORTVERSION=	1.0.1
+CATEGORIES=	security
+MASTER_SITES=	SF/${PORTNAME}/
+EXTRACT_SUFX=	.tgz
+
+MAINTAINER=	fbsd-ports@opsec.eu
+COMMENT=	Search hidden procs/rootkits from cron with low false positive rate
+
+LICENSE=	GPLv3
+
+PLIST_FILES=	bin/revealrk
+MAN1=		revealrk.1
+
+MANCOMPRESSED=	yes
+NO_MANCOMPRESS=	yes
+
+USE_SCONS=	yes
+.if !empty(PREFIX)
+SCONS_ARGS=	--prefix=${PREFIX}
+.else
+SCONS_ARGS=	--prefix=${LOCALBASE}
+.endif
+
+.include <bsd.port.mk>
--- a/security/revealrk/distinfo
+++ b/security/revealrk/distinfo
@ -0,0 +1,2 @@
+SHA256 (revealrk-1.0.1.tgz) = 7da7bd1709d06e5771c5c6d9c147ae1613f24c04633693e14afeee004d7cb844
+SIZE (revealrk-1.0.1.tgz) = 34039
--- a/security/revealrk/files/patch-SConstruct
+++ b/security/revealrk/files/patch-SConstruct
@ -0,0 +1,22 @@
+--- SConstruct.orig	2013-01-04 23:07:07.000000000 +0100
+++ SConstruct	2013-01-04 23:08:37.000000000 +0100
+@@ -13,7 +13,7 @@
+ pkg_files = prog_files + Split('revealrk.1 SConstruct changelog license.txt README INSTALL cron.example Makefile config.h')
+ 
+ debug     = not ARGUMENTS.get('debug', '0').lower() in ['0', 'false', 'no']
+-prefix    = GetOption('prefix') or '/'
+prefix    = GetOption('prefix') or '/usr'
+ clean_all = not GetOption('clean_all') is None
+ static    = not GetOption('static') is None
+ build_tgz = not GetOption('tgz') is None
+@@ -147,8 +147,8 @@
+         conf.env.Append(LINKFLAGS = ' -static')
+     env = conf.Finish()
+ 
+-env.Alias('install', env.AddPostAction(env.Install(prefix + '/usr/bin', target), env.Action('strip ' + prefix + '/usr/bin/' + target)))
+-env.Alias('install', env.AddPostAction(env.Install(prefix + '/usr/share/man/man1', target + '.1'), env.Action('gzip -f ' + prefix + '/usr/share/man/man1/' + target + '.1')))
+env.Alias('install', env.AddPostAction(env.Install(prefix + '/bin', target), env.Action('strip ' + prefix + '/bin/' + target)))
+env.Alias('install', env.AddPostAction(env.Install(prefix + '/man/man1', target + '.1'), env.Action('gzip -f ' + prefix + '/man/man1/' + target + '.1')))
+ 
+ if clean_all:
+     env.Clean('distclean', Split('config.log .sconf_temp .sconsign.dblite'))
--- a/security/revealrk/pkg-descr
+++ b/security/revealrk/pkg-descr
@ -0,0 +1,10 @@
+
+revealrk searches for hidden processes. If you have a kernel mod
+rootkit loaded into memory without hiding any process, don't expect
+to find anything.
+
+Reveal RootKit is intended to run out of cron or similar services
+on a regular basis and avoids verbose output as long as nothing was
+found.
+
+WWW: http://sourceforge.net/projects/revealrk