Bug 174981 - [new port] security/revealrk 1.0.1
Summary: [new port] security/revealrk 1.0.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Greg Larkin
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-04 22:40 UTC by Kurt Jaeger
Modified: 2013-01-29 21:10 UTC (History)
1 user (show)

See Also:


Attachments
file.shar (2.92 KB, text/plain)
2013-01-04 22:40 UTC, Kurt Jaeger
no flags Details
revealrk.shar (3.01 KB, application/x-shar)
2013-01-29 20:13 UTC, Kurt Jaeger
no flags Details
revealrk.shar (2.91 KB, application/x-shar)
2013-01-29 20:42 UTC, Kurt Jaeger
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Kurt Jaeger 2013-01-04 22:40:00 UTC
	revealrk searches for hidden processes (rootkits)

Fix: #!/bin/sh
How-To-Repeat: 	-
Comment 1 Greg Larkin freebsd_committer 2013-01-19 04:12:53 UTC
Responsible Changed
From-To: freebsd-ports-bugs->glarkin

I'll take it.
Comment 2 Greg Larkin freebsd_committer 2013-01-29 20:11:16 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Kurt,

Would you mind resubmitting the shar file as an attachment?  For some
reason, it has been embedded inline with the PR, and it's easier to
manage if it appears as a directly-downloadable file.

Thank you,
Greg

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlEILOQACgkQ0sRouByUApAeLgCdF3y1ViEYBksVFsrBSF8jLSET
k/wAnjGu5n50rk5m5Icdy+RyQQ/74icX
=Y8ft
-----END PGP SIGNATURE-----
Comment 3 Kurt Jaeger 2013-01-29 20:13:35 UTC
Hi!

> Would you mind resubmitting the shar file as an attachment?  For some
> reason, it has been embedded inline with the PR, and it's easier to
> manage if it appears as a directly-downloadable file.

Attached.

-- 
pi@opsec.eu            +49 171 3101372                         7 years to go !
Comment 4 Greg Larkin freebsd_committer 2013-01-29 20:36:32 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 1/29/13 3:13 PM, Kurt Jaeger wrote:
> Hi!
> 
>> Would you mind resubmitting the shar file as an attachment?  For
>> some reason, it has been embedded inline with the PR, and it's
>> easier to manage if it appears as a directly-downloadable file.
> 
> Attached.
> 

Excellent, thank you for the quick turnaround.  I ran portlint, and it
came up with some things that should be tweaked.  Can you take a look
and post an update when you have time?

WARN: /root/Ports/head/security/revealrk/pkg-plist: There are only 2
items in the plist.  Consider using PLIST_FILES instead of pkg-plist
when installing less than 6 items.

WARN: Makefile: possible direct use of "/usr/local" found. if so, use
${PREFIX} or ${LOCALBASE}, as appropriate.

WARN: Makefile: COMMENT exceeds 70 characters limit.

WARN: Makefile: manpage for chapter 1 should be listed in MAN1, even
if compression is not necessary.

Thank you,
Greg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlEIMtAACgkQ0sRouByUApAxSQCeIp0eKsa8SrJp4uhtt44H0Bkr
aOEAnA+YbGMqU3VE5idoJK83k1pFIsJ1
=2hbK
-----END PGP SIGNATURE-----
Comment 5 Kurt Jaeger 2013-01-29 20:42:18 UTC
Hi!

> Excellent, thank you for the quick turnaround.  I ran portlint, and it
> came up with some things that should be tweaked.  Can you take a look
> and post an update when you have time?

Attached.

-- 
pi@opsec.eu            +49 171 3101372                         7 years to go !
Comment 6 dfilter service freebsd_committer 2013-01-29 21:06:52 UTC
Author: glarkin
Date: Tue Jan 29 21:06:36 2013
New Revision: 311188
URL: http://svnweb.freebsd.org/changeset/ports/311188

Log:
  revealrk searches for hidden processes. If you have a kernel mod
  rootkit loaded into memory without hiding any process, don't expect
  to find anything.
  
  Reveal RootKit is intended to run out of cron or similar services
  on a regular basis and avoids verbose output as long as nothing was
  found.
  
  WWW: http://sourceforge.net/projects/revealrk
  
  PR:		ports/174981

Added:
  head/security/revealrk/
  head/security/revealrk/Makefile   (contents, props changed)
  head/security/revealrk/distinfo   (contents, props changed)
  head/security/revealrk/files/
  head/security/revealrk/files/patch-SConstruct   (contents, props changed)
  head/security/revealrk/pkg-descr   (contents, props changed)
Modified:
  head/security/Makefile

Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile	Tue Jan 29 20:12:47 2013	(r311187)
+++ head/security/Makefile	Tue Jan 29 21:06:36 2013	(r311188)
@@ -817,6 +817,7 @@
     SUBDIR += regripper
     SUBDIR += regripperplugins
     SUBDIR += retranslator
+    SUBDIR += revealrk
     SUBDIR += revelation
     SUBDIR += rifiuti2
     SUBDIR += rkhunter

Added: head/security/revealrk/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/revealrk/Makefile	Tue Jan 29 21:06:36 2013	(r311188)
@@ -0,0 +1,27 @@
+# $FreeBSD$
+
+PORTNAME=	revealrk
+PORTVERSION=	1.0.1
+CATEGORIES=	security
+MASTER_SITES=	SF/${PORTNAME}/
+EXTRACT_SUFX=	.tgz
+
+MAINTAINER=	fbsd-ports@opsec.eu
+COMMENT=	Search hidden procs/rootkits from cron with low false positive rate
+
+LICENSE=	GPLv3
+
+PLIST_FILES=	bin/revealrk
+MAN1=		revealrk.1
+
+MANCOMPRESSED=	yes
+NO_MANCOMPRESS=	yes
+
+USE_SCONS=	yes
+.if !empty(PREFIX)
+SCONS_ARGS=	--prefix=${PREFIX}
+.else
+SCONS_ARGS=	--prefix=${LOCALBASE}
+.endif
+
+.include <bsd.port.mk>

Added: head/security/revealrk/distinfo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/revealrk/distinfo	Tue Jan 29 21:06:36 2013	(r311188)
@@ -0,0 +1,2 @@
+SHA256 (revealrk-1.0.1.tgz) = 7da7bd1709d06e5771c5c6d9c147ae1613f24c04633693e14afeee004d7cb844
+SIZE (revealrk-1.0.1.tgz) = 34039

Added: head/security/revealrk/files/patch-SConstruct
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/revealrk/files/patch-SConstruct	Tue Jan 29 21:06:36 2013	(r311188)
@@ -0,0 +1,22 @@
+--- SConstruct.orig	2013-01-04 23:07:07.000000000 +0100
++++ SConstruct	2013-01-04 23:08:37.000000000 +0100
+@@ -13,7 +13,7 @@
+ pkg_files = prog_files + Split('revealrk.1 SConstruct changelog license.txt README INSTALL cron.example Makefile config.h')
+ 
+ debug     = not ARGUMENTS.get('debug', '0').lower() in ['0', 'false', 'no']
+-prefix    = GetOption('prefix') or '/'
++prefix    = GetOption('prefix') or '/usr'
+ clean_all = not GetOption('clean_all') is None
+ static    = not GetOption('static') is None
+ build_tgz = not GetOption('tgz') is None
+@@ -147,8 +147,8 @@
+         conf.env.Append(LINKFLAGS = ' -static')
+     env = conf.Finish()
+ 
+-env.Alias('install', env.AddPostAction(env.Install(prefix + '/usr/bin', target), env.Action('strip ' + prefix + '/usr/bin/' + target)))
+-env.Alias('install', env.AddPostAction(env.Install(prefix + '/usr/share/man/man1', target + '.1'), env.Action('gzip -f ' + prefix + '/usr/share/man/man1/' + target + '.1')))
++env.Alias('install', env.AddPostAction(env.Install(prefix + '/bin', target), env.Action('strip ' + prefix + '/bin/' + target)))
++env.Alias('install', env.AddPostAction(env.Install(prefix + '/man/man1', target + '.1'), env.Action('gzip -f ' + prefix + '/man/man1/' + target + '.1')))
+ 
+ if clean_all:
+     env.Clean('distclean', Split('config.log .sconf_temp .sconsign.dblite'))

Added: head/security/revealrk/pkg-descr
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/revealrk/pkg-descr	Tue Jan 29 21:06:36 2013	(r311188)
@@ -0,0 +1,10 @@
+
+revealrk searches for hidden processes. If you have a kernel mod
+rootkit loaded into memory without hiding any process, don't expect
+to find anything.
+
+Reveal RootKit is intended to run out of cron or similar services
+on a regular basis and avoids verbose output as long as nothing was
+found.
+
+WWW: http://sourceforge.net/projects/revealrk
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 7 Greg Larkin freebsd_committer 2013-01-29 21:07:39 UTC
State Changed
From-To: open->closed

Committed with minor tweaks to Makefile (MANCOMPRESSED/NO_MANCOMPRESS), 
thank you!