Moved from app-admin/chkrootkit to app-forensics/chkrootkit.

15 files changed, 565 insertions, 0 deletions

diff --git a/app-forensics/chkrootkit/ChangeLog b/app-forensics/chkrootkit/ChangeLog
new file mode 100644
index 000000000000..bad72f6ffe5a
--- /dev/null
+++ b/app-forensics/chkrootkit/ChangeLog
@@ -0,0 +1,180 @@
+# ChangeLog for app-admin/chkrootkit
+# Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/chkrootkit/ChangeLog,v 1.1 2004/09/12 06:58:28 dragonheart Exp $
+
+*chkrootkit-0.43-r2 (12 Sep 2004)
+
+  12 Sep 2004; Daniel Black <dragonheart@gentoo.org> +metadata.xml,
+  +files/chkrootkit-0.37-gentoo.diff, +files/chkrootkit.cron,
+  +chkrootkit-0.37.ebuild, +chkrootkit-0.43-r2.ebuild,
+  +chkrootkit-0.43-r3.ebuild, +chkrootkit-0.43-r4.ebuild,
+  +chkrootkit-0.43.ebuild:
+  Moved from app-admin/chkrootkit to app-forensics/chkrootkit.
+
+  11 Sep 2004; Aaron Walker <ka0ttic@gentoo.org> metadata.xml:
+  Updated metadata info.
+
+  28 Aug 2004; Bryan Østergaard <kloeri@gentoo.org> chkrootkit-0.43-r4.ebuild:
+  Fix bug 62049.
+
+*chkrootkit-0.43-r4 (27 Aug 2004)
+
+  27 Aug 2004; <pyrania@gentoo.org> +files/chkrootkit.cron,
+  +chkrootkit-0.43-r4.ebuild:
+  Added cron.weekly entry - disabled per default. See bug # 56267.
+
+  26 Aug 2004; Jason Wever <weeve@gentoo.org> chkrootkit-0.43-r2.ebuild:
+  Stable on sparc.
+
+  22 Aug 2004; Bryan Østergaard <kloeri@gentoo.org> :
+  Fix digest again..
+
+  22 Aug 2004; Bryan Østergaard <kloeri@gentoo.org> :
+  Fix broken digest.
+
+  22 Aug 2004; Bryan Østergaard <kloeri@gentoo.org> chkrootkit-0.43-r2.ebuild:
+  Stable on alpha + x86.
+
+*chkrootkit-0.43-r3 (22 Aug 2004)
+
+  22 Aug 2004; Bryan Østergaard <kloeri@gentoo.org>
+  -files/chkrootkit-0.39a-gentoo.diff, -files/chkrootkit-0.41-gentoo.diff,
+  -files/chkrootkit-0.42b-gentoo.diff, chkrootkit-0.43-r2.ebuild,
+  +chkrootkit-0.43-r3.ebuild, chkrootkit-0.43.ebuild:
+  Fix bug 57700, new revision by Aaron Walker. Move big patches to gentoo
+  mirrors and clean out stray patches from files/.
+
+  29 Jul 2004; <solar@gentoo.org> chkrootkit-0.43-r2.ebuild:
+  app-admin/chkrootkit: strings-static is not static. bug 57701
+
+  27 Jul 2004; Michael Sterrett <mr_bones_@gentoo.org>
+  -chkrootkit-0.42b.ebuild, -chkrootkit-0.43-r1.ebuild:
+  prune ebuilds
+
+  24 Jul 2004; <solar@gentoo.org> chkrootkit-0.43-r1.ebuild,
+  chkrootkit-0.43-r2.ebuild, chkrootkit-0.43.ebuild:
+  force broken chklastlog to use /var/log vs /var/adm. bug 57698
+
+*chkrootkit-0.43-r2 (08 Jul 2004)
+
+  08 Jul 2004; Martin Holzer <mholzer@gentoo.org>
+  +files/chkrootkit-0.43-r2-gentoo.diff, chkrootkit-0.43-r1.ebuild,
+  +chkrootkit-0.43-r2.ebuild:
+  fixing a forgotten string.
+
+*chkrootkit-0.43-r1 (03 Jul 2004)
+
+  03 Jul 2004; <pyrania@gentoo.org> +files/chkrootkit-0.43-r1-gentoo.diff,
+  +chkrootkit-0.43-r1.ebuild:
+  Fixed the buggy patch.. Closing bug #55796.
+
+  29 Jun 2004; Aron Griffis <agriffis@gentoo.org> chkrootkit-0.42b.ebuild,
+  chkrootkit-0.43.ebuild:
+  add sed-4 dep
+
+  23 Jun 2004; <malc@gentoo.org> chkrootkit-0.43.ebuild:
+  Mark stable on amd64
+
+  16 Jun 2004; Bryan Østergaard <kloeri@gentoo.org> chkrootkit-0.43.ebuild:
+  Stable on alpha.
+
+  07 Jun 2004; Jason Wever <weeve@gentoo.org> chkrootkit-0.43.ebuild:
+  Stable on sparc.
+
+  06 Jun 2004; Daniel Black <dragonheart@gentoo.org> chkrootkit-0.37.ebuild,
+  chkrootkit-0.43.ebuild, +metadata.xml:
+  x86 stable. QA fix on 0.37 - IUSE
+
+  01 Jun 2004; Michael Sterrett <mr_bones_@gentoo.org>
+  chkrootkit-0.42b.ebuild, chkrootkit-0.43.ebuild:
+  fix depend; tidy
+
+  30 Apr 2004; Martin Holzer <mholzer@gentoo.org> chkrootkit-0.43.ebuild,
+  files/chkrootkit-0.43-gentoo.diff:
+  finaly closes 41040.
+
+  09 Apr 2004; <solar@gentoo.org> chkrootkit-0.42b.ebuild:
+  Added filter-ldflags -pie to avoid static linking problems when LDFLAGS=-pie
+  is used. bug 47057
+
+  02 Mar 2004; Jason Wever <weeve@gentoo.org> chkrootkit-0.42b.ebuild:
+  Stable on sparc I am, yes.
+
+*chkrootkit-0.43 (29 Feb 2004)
+
+  29 Feb 2004; Markus Nigbur <pyrania@gentoo.org> chkrootkit-0.43.ebuild:
+  Version bump. Closing #41040.
+
+  29 Feb 2004; Markus Nigbur <pyrania@gentoo.org> chkrootkit-0.42b.ebuild:
+  Stable on x86
+
+  08 Feb 2004; Dylan Carlson <absinthe@gentoo.org> chkrootkit-0.42b.ebuild:
+  added amd64 keyword.
+
+  04 Jan 2004; Jason Wever <weeve@gentoo.org> chkrootkit-0.37.ebuild,
+  chkrootkit-0.39a.ebuild, chkrootkit-0.41-r1.ebuild, chkrootkit-0.42b.ebuild:
+  Marked 0.41-r1 stable on sparc and updated copyright info in all ebuilds.
+
+  24 Nov 2003; Seemant Kulleen <seemant@gentoo.org> chkrootkit-0.42b.ebuild:
+  coreutils fix -- head -1 to head -n 1 syntax
+
+  16 Oct 2003; Aron Griffis <agriffis@gentoo.org> chkrootkit-0.42b.ebuild:
+  Stable on alpha
+
+  14 Oct 2003; Chuck Short <zul@gentoo.org> chkrootkit-0.42b.ebuild:
+  Added ~ia64 to keywords.
+
+*chkrootkit-0.42b (06 Oct 2003)
+
+  06 Oct 2003; Martin Holzer <mholzer@gentoo.org> chkrootkit-0.42b.ebuild,
+  files/chkrootkit-0.42b-gentoo.diff:
+  Version bumped. Closes #30368
+
+  03 Oct 2003; Aron Griffis <agriffis@gentoo.org> chkrootkit-0.41-r1.ebuild:
+  Stable on alpha
+
+*chkrootkit-0.41-r1 (18 Jul 2003)
+
+  18 Jul 2003; Martin Holzer <mholzer@gentoo.org> chkrootkit-0.41-r1.ebuild,
+  chkrootkit-0.41.ebuild, files/chkrootkit-0.41-gentoo.diff:
+  little bugfix.
+
+*chkrootkit-0.41 (16 Jul 2003)
+
+  16 Jul 2003; Martin Holzer <mholzer@gentoo.org> chkrootkit-0.41.ebuild:
+  Version bumped. Ebuild ssubmitted by Daniel Seyffer <gentoo-bugs@seyffer.de>
+  in #24313.
+
+*chkrootkit-0.39a (27 Feb 2003)
+
+  27 Feb 2003; Daniel Ahlberg <aliz@gentoo.org> :
+  Version bump. Found by Daniel Seyffer <gentoo-bugs@seyffer.de> in #15743.
+
+  06 Dec 2002; Rodney Rees <manson@gentoo.org> : changed sparc ~sparc keywords
+ 
+*chkrootkit-0.37 (18 Sept 2002)
+
+  15 Dec 2002; Bjoern Brauel <bjb@gentoo.org> chkrootkit-0.37.ebuild :
+  Add alpha to KEYWORDS
+
+  29 Nov 2002; Daniel Ahlberg <aliz@gentoo.org> chkrootkit-0.37.ebuild :
+  Added patch from Kurt V. Hindenburg <khindenburg@cherrynebula.net> in #11164.
+
+  18 Sept 2002; Daniel Seyffer <gentoo@getroot.de> 
+  chkrootkit-0.37.ebuild :
+  New features according to www.chkrootkit.org:
+  chklastlog.c fix; chkproc.c improvements; 
+  new rootkits detected: 
+	OpenBSD rk v1 
+	Illogic rootkit  
+	SK rootkit  
+  new worms detected: 
+	Scalper (FreeBSD/Apache chunked encoding worm) 
+	Slapper (Apache/mod_ssl Worm) 
+
+*chkrootkit-0.36 (18 Jul 2002)
+  
+  29 Jul 2002; Calum Selkirk <cselkirk@gentoo.org> chkrootkit-0.36.ebuild :
+  Added ppc KEYWORDS. Added RDEPEND.
+
+  18 Jul 2002; Daniel Robbins <drobbins@gentoo.org>: Added missing ChangeLog
diff --git a/app-forensics/chkrootkit/Manifest b/app-forensics/chkrootkit/Manifest
new file mode 100644
index 000000000000..b98f790590d3
--- /dev/null
+++ b/app-forensics/chkrootkit/Manifest
@@ -0,0 +1,24 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+MD5 6bbc32b04f7961ae408cc394b4c43d85 chkrootkit-0.43-r2.ebuild 925
+MD5 f746627867c6acedf3102019aa4521ff chkrootkit-0.37.ebuild 744
+MD5 2f68956f6c770fee44088d901846f9c2 chkrootkit-0.43.ebuild 963
+MD5 a0e208e7261f919222f7bee7c3f82f4a chkrootkit-0.43-r4.ebuild 1107
+MD5 baba1d946b2bf6de88e80ba50c7d6f3a ChangeLog 5887
+MD5 f8d10f350e91f30316ea4e1bd1e76470 metadata.xml 254
+MD5 19e68377b97301d5a838bd5f192cfa6c chkrootkit-0.43-r3.ebuild 926
+MD5 0fae3f5676335dc0c50bdf5658aa69b8 files/digest-chkrootkit-0.43-r2 142
+MD5 e4f72853578cf59cb609efc280621591 files/digest-chkrootkit-0.43-r3 142
+MD5 e4f72853578cf59cb609efc280621591 files/digest-chkrootkit-0.43-r4 142
+MD5 f97957a94793b86fd018b32e44811f89 files/chkrootkit-0.37-gentoo.diff 4531
+MD5 bb6a980a762d72e1928231eabf4a9304 files/chkrootkit.cron 78
+MD5 7cf45be07aafbbaa3252ce9ece31d5b6 files/digest-chkrootkit-0.37 66
+MD5 e403f736d82cbf43e0780a5bb62993cb files/digest-chkrootkit-0.43 66
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.6 (GNU/Linux)
+
+iD8DBQFBQz7wEZCkKN40op4RApbPAKC9kSMzvAeIpktTADPrinMx6OM6nQCfcMgl
+rVsV7cKDh9CJfU3XbTA/j9Q=
+=+C1C
+-----END PGP SIGNATURE-----
diff --git a/app-forensics/chkrootkit/chkrootkit-0.37.ebuild b/app-forensics/chkrootkit/chkrootkit-0.37.ebuild
new file mode 100644
index 000000000000..bd2199c4a388
--- /dev/null
+++ b/app-forensics/chkrootkit/chkrootkit-0.37.ebuild
@@ -0,0 +1,31 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/chkrootkit/chkrootkit-0.37.ebuild,v 1.1 2004/09/12 06:58:28 dragonheart Exp $
+
+inherit eutils
+
+DESCRIPTION="a tool to locally check for signs of a rootkit"
+HOMEPAGE="http://www.chkrootkit.org/"
+SRC_URI="ftp://ftp.pangeia.com.br/pub/seg/pac/${P}.tar.gz"
+
+LICENSE="AMS"
+SLOT="0"
+KEYWORDS="x86 ppc sparc alpha"
+IUSE=""
+
+DEPEND="virtual/libc"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/${PF}-gentoo.diff
+}
+
+src_compile() {
+	make sense || die
+}
+
+src_install() {
+	dosbin check_wtmpx chklastlog chkproc chkrootkit chkwtmp ifpromisc || die
+	dodoc README README.chklastlog README.chkwtmp
+}
diff --git a/app-forensics/chkrootkit/chkrootkit-0.43-r2.ebuild b/app-forensics/chkrootkit/chkrootkit-0.43-r2.ebuild
new file mode 100644
index 000000000000..5b0420c6247a
--- /dev/null
+++ b/app-forensics/chkrootkit/chkrootkit-0.43-r2.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/chkrootkit/chkrootkit-0.43-r2.ebuild,v 1.1 2004/09/12 06:58:28 dragonheart Exp $
+
+inherit eutils
+
+DESCRIPTION="a tool to locally check for signs of a rootkit"
+HOMEPAGE="http://www.chkrootkit.org/"
+SRC_URI="ftp://ftp.pangeia.com.br/pub/seg/pac/${P}.tar.gz
+		mirror://gentoo/${PF}-gentoo.diff.gz"
+
+LICENSE="AMS"
+SLOT="0"
+KEYWORDS="x86 ~ppc sparc alpha ~ia64 ~amd64"
+IUSE=""
+
+DEPEND="virtual/libc
+	>=sys-apps/sed-4"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${WORKDIR}/${PF}-gentoo.diff
+	sed -i 's:${head} -:${head} -n :' chkrootkit
+	sed -i 's:/var/adm:/var/log:g' chklastlog.c
+}
+
+src_compile() {
+	make sense || die
+}
+
+src_install() {
+	dosbin check_wtmpx chklastlog chkproc chkrootkit chkwtmp ifpromisc \
+		strings-static || die
+	dodoc README README.chklastlog README.chkwtmp
+}
diff --git a/app-forensics/chkrootkit/chkrootkit-0.43-r3.ebuild b/app-forensics/chkrootkit/chkrootkit-0.43-r3.ebuild
new file mode 100644
index 000000000000..682252a86ec8
--- /dev/null
+++ b/app-forensics/chkrootkit/chkrootkit-0.43-r3.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/chkrootkit/chkrootkit-0.43-r3.ebuild,v 1.1 2004/09/12 06:58:28 dragonheart Exp $
+
+inherit eutils
+
+DESCRIPTION="a tool to locally check for signs of a rootkit"
+HOMEPAGE="http://www.chkrootkit.org/"
+SRC_URI="ftp://ftp.pangeia.com.br/pub/seg/pac/${P}.tar.gz
+		 mirror://gentoo/${PF}-gentoo.diff.gz"
+
+LICENSE="AMS"
+SLOT="0"
+KEYWORDS="~x86 ~ppc ~sparc ~alpha ~ia64 ~amd64"
+IUSE=""
+
+DEPEND="virtual/libc
+	>=sys-apps/sed-4"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${WORKDIR}/${PF}-gentoo.diff
+	sed -i 's:${head} -:${head} -n :' chkrootkit
+	sed -i 's:/var/adm:/var/log:g' chklastlog.c
+}
+
+src_compile() {
+	make sense || die
+}
+
+src_install() {
+	dosbin chkdirs chklastlog chkproc chkrootkit chkwtmp ifpromisc \
+		strings-static || die
+	dodoc README README.chklastlog README.chkwtmp
+}
diff --git a/app-forensics/chkrootkit/chkrootkit-0.43-r4.ebuild b/app-forensics/chkrootkit/chkrootkit-0.43-r4.ebuild
new file mode 100644
index 000000000000..9ac6b0989c12
--- /dev/null
+++ b/app-forensics/chkrootkit/chkrootkit-0.43-r4.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/chkrootkit/chkrootkit-0.43-r4.ebuild,v 1.1 2004/09/12 06:58:28 dragonheart Exp $
+
+inherit eutils
+
+DESCRIPTION="a tool to locally check for signs of a rootkit"
+HOMEPAGE="http://www.chkrootkit.org/"
+SRC_URI="ftp://ftp.pangeia.com.br/pub/seg/pac/${P}.tar.gz
+		 mirror://gentoo/${P}-r3-gentoo.diff.gz"
+
+LICENSE="AMS"
+SLOT="0"
+KEYWORDS="~x86 ~ppc ~sparc ~alpha ~ia64 ~amd64"
+IUSE=""
+
+DEPEND="virtual/libc
+	>=sys-apps/sed-4"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${WORKDIR}/${P}-r3-gentoo.diff
+	sed -i 's:${head} -:${head} -n :' chkrootkit
+	sed -i 's:/var/adm:/var/log:g' chklastlog.c
+}
+
+src_compile() {
+	make sense || die
+}
+
+src_install() {
+	dosbin chkdirs chklastlog chkproc chkrootkit chkwtmp ifpromisc \
+		strings-static || die
+	dodoc README README.chklastlog README.chkwtmp
+
+	exeinto /etc/cron.weekly
+	doexe ${FILESDIR}/chkrootkit.cron
+}
+
+pkg_postinst() {
+	echo
+	einfo "Edit chkrootkit.cron in /etc/cron.weekly"
+	einfo "to activate chkrootkit!"
+	echo
+}
diff --git a/app-forensics/chkrootkit/chkrootkit-0.43.ebuild b/app-forensics/chkrootkit/chkrootkit-0.43.ebuild
new file mode 100644
index 000000000000..d8d942546f83
--- /dev/null
+++ b/app-forensics/chkrootkit/chkrootkit-0.43.ebuild
@@ -0,0 +1,37 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/chkrootkit/chkrootkit-0.43.ebuild,v 1.1 2004/09/12 06:58:28 dragonheart Exp $
+
+inherit eutils
+
+DESCRIPTION="a tool to locally check for signs of a rootkit"
+HOMEPAGE="http://www.chkrootkit.org/"
+SRC_URI="ftp://ftp.pangeia.com.br/pub/seg/pac/${P}.tar.gz
+		 mirror://gentoo/${P}-gentoo.diff.gz"
+
+LICENSE="AMS"
+SLOT="0"
+KEYWORDS="x86 ~ppc sparc alpha ~ia64 amd64"
+IUSE=""
+
+DEPEND="virtual/libc
+	>=sys-apps/sed-4"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${WORKDIR}/${P}-gentoo.diff
+	sed -i 's:${head} -:${head} -n :' chkrootkit
+	sed -i 's:/var/adm:/var/log:g' chklastlog.c
+}
+
+src_compile() {
+	make sense || die
+	make strings || die
+}
+
+src_install() {
+	dosbin check_wtmpx chklastlog chkproc chkrootkit chkwtmp ifpromisc || die
+	newsbin strings strings-static || die
+	dodoc README README.chklastlog README.chkwtmp
+}
diff --git a/app-forensics/chkrootkit/files/chkrootkit-0.37-gentoo.diff b/app-forensics/chkrootkit/files/chkrootkit-0.37-gentoo.diff
new file mode 100644
index 000000000000..71212baa9fb6
--- /dev/null
+++ b/app-forensics/chkrootkit/files/chkrootkit-0.37-gentoo.diff
@@ -0,0 +1,152 @@
+--- chkrootkit-0.37/chkrootkit	2002-09-16 18:03:11.000000000 -0500
++++ chkrootkit	2002-11-24 15:08:33.000000000 -0500
+@@ -10,6 +10,15 @@
+ # (C)1997-2002 Nelson Murilo, Pangeia Informatica, AMS Foundation and others.
+ # All rights reserved
+ 
++# Gentoo specific : Could use `type <command> | cut -f 3 -d " "`
++IFPROMISC="/usr/sbin/ifpromisc"
++CHKLASTLOG="/usr/sbin/chklastlog"
++CHKPROC="/usr/sbin/chkproc"
++CHKWTMP="/usr/sbin/chkwtmp"
++CHECK_WTMPX="/usr/sbin/check_wtmpx"
++# ebuild doesn't install chkrootkit's strings; use gnus.
++STRINGS="/usr/bin/strings"
++
+ ### workaround for some Bourne shell implementations
+ unalias login > /dev/null 2>&1
+ unalias ls > /dev/null 2>&1
+@@ -125,22 +134,22 @@
+        return ${NOT_TESTED}
+     fi
+ 
+-    if [ ! -x ./ifpromisc ]; then
+-      echo "not tested: can't exec ./ifpromisc"
++    if [ ! -x $IFPROMISC ]; then
++      echo "not tested: can't exec $IFPROMISC"
+       return ${NOT_TESTED}
+     fi
+ 
+     if [ "${EXPERT}" = "t" ]; then
+-        expertmode_output "./ifpromisc"
++        expertmode_output "$IFPROMISC"
+         return 5
+     fi
+     echo
+-    ./ifpromisc
++    $IFPROMISC
+ }
+ 
+ z2 () {
+-    if [ ! -x ./chklastlog ]; then
+-      echo "not tested: can't exec ./chklastlog"
++    if [ ! -x $CHKLASTLOG ]; then
++      echo "not tested: can't exec $CHKLASTLOG"
+       return ${NOT_TESTED}
+     fi
+ 
+@@ -148,31 +157,31 @@
+     LASTLOG=`loc lastlog lastlog "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
+ 
+     if [ "${EXPERT}" = "t" ]; then
+-        expertmode_output "./chklastlog -f ${WTMP} -l ${LASTLOG}"
++        expertmode_output "$CHKLASTLOG -f ${WTMP} -l ${LASTLOG}"
+         return 5
+     fi
+ 
+-    if ./chklastlog -f ${WTMP} -l ${LASTLOG}
++    if $CHKLASTLOG -f ${WTMP} -l ${LASTLOG}
+     then
+       if [ "${QUIET}" != "t" ]; then echo "nothing deleted"; fi
+     fi
+ }
+ 
+ wted () {
+-    if [ ! -x ./chkwtmp ]; then
+-      echo "not tested: can't exec ./chkwtmp"
++    if [ ! -x $CHKWTMP ]; then
++      echo "not tested: can't exec $CHKWTMP"
+       return ${NOT_TESTED}
+     fi
+ 
+     if [ "$SYSTEM" = "SunOS" ]; then
+-       if [ ! -x ./check_wtmpx ]; then
+-          echo "not tested: can't exec ./check_wtmpx"
++       if [ ! -x $CHECK_WTMPX ]; then
++          echo "not tested: can't exec $CHECK_WTMPX"
+        else
+           if [ "${EXPERT}" = "t" ]; then
+-             expertmode_output "./check_wtmpx"
++             expertmode_output "$CHECK_WTMPX"
+               return 5
+           fi
+-          if ./check_wtmpx
++          if $CHECK_WTMPX
+              then
+              if [ "${QUIET}" != "t" ]; then \
+                 echo "nothing deleted in /var/adm/wtmpx"; fi
+@@ -183,11 +192,11 @@
+     WTMP=`loc wtmp wtmp "${ROOTDIR}var/log ${ROOTDIR}var/adm"`
+ 
+     if [ "${EXPERT}" = "t" ]; then
+-        expertmode_output "./chkwtmp -f ${WTMP}"
++        expertmode_output "$CHKWTMP -f ${WTMP}"
+         return 5
+     fi
+ 
+-    if ./chkwtmp -f ${WTMP}
++    if $CHKWTMP -f ${WTMP}
+     then
+       if [ "${QUIET}" != "t" ]; then echo "nothing deleted"; fi
+     fi
+@@ -225,15 +234,15 @@
+ {
+     if [ \( "${SYSTEM}" = "Linux"  -o \( "${SYSTEM}" = "FreeBSD" -a \
+        ${V} -gt 43 \) \) -a "${ROOTDIR}" = "/" ]; then
+-      if [ ! -x ./chkproc ]; then
+-        echo "not tested: can't exec ./chkproc"
++      if [ ! -x $CHKPROC ]; then
++        echo "not tested: can't exec $CHKPROC"
+         return ${NOT_TESTED}
+       fi
+ 
+       if [ "${EXPERT}" = "t" ]; then
+          [ -r /proc/ksyms ] &&  ${egrep} -i adore < /proc/ksyms 2>/dev/null
+          [ -d /proc/knark ] &&  ${ls} -la /proc/knark 2> /dev/null
+-          expertmode_output "./chkproc -v"
++          expertmode_output "$CHKPROC -v"
+           return 5
+       fi
+ 
+@@ -248,7 +257,7 @@
+          echo "Warning: Knark LKM installed"
+       fi
+ 
+-      if ./chkproc
++      if $CHKPROC
+       then
+            if [ "${QUIET}" != "t" ]; then echo "nothing detected"; fi
+       else
+@@ -1293,18 +1302,18 @@
+ 
+    if [ "${SYSTEM}" = "Linux" ]
+    then
+-      if [ ! -x ./strings ]; then
+-        printn "can't exec ./strings-static, "
++      if [ ! -x $STRINGS ]; then
++        print "can't exec $STRINGS, "
+         return ${NOT_TESTED}
+       fi
+ 
+       if [ "${EXPERT}" = "t" ]; then
+-          expertmode_output "./strings -a ${CMD}"
++          expertmode_output "$STRINGS -a ${CMD}"
+           return 5
+       fi
+ 
+       ### strings must be a statically linked binary.
+-      if ./strings-static -a ${CMD} > /dev/null 2>&1
++      if $STRINGS -a ${CMD} > /dev/null 2>&1
+       then
+          STATUS=${INFECTED}
+       fi
diff --git a/app-forensics/chkrootkit/files/chkrootkit.cron b/app-forensics/chkrootkit/files/chkrootkit.cron
new file mode 100644
index 000000000000..9f7eb17b13b1
--- /dev/null
+++ b/app-forensics/chkrootkit/files/chkrootkit.cron
@@ -0,0 +1,6 @@
+#!/bin/sh
+#
+# uncomment this to make it work
+#
+
+#exec /usr/sbin/chkrootkit -q
diff --git a/app-forensics/chkrootkit/files/digest-chkrootkit-0.37 b/app-forensics/chkrootkit/files/digest-chkrootkit-0.37
new file mode 100644
index 000000000000..c261bbd08184
--- /dev/null
+++ b/app-forensics/chkrootkit/files/digest-chkrootkit-0.37
@@ -0,0 +1 @@
+MD5 b0feebea67655daa440da92099dd5187 chkrootkit-0.37.tar.gz 25312
diff --git a/app-forensics/chkrootkit/files/digest-chkrootkit-0.43 b/app-forensics/chkrootkit/files/digest-chkrootkit-0.43
new file mode 100644
index 000000000000..95c0defa2730
--- /dev/null
+++ b/app-forensics/chkrootkit/files/digest-chkrootkit-0.43
@@ -0,0 +1 @@
+MD5 08646b9bf3a9dc45c25a40946962a839 chkrootkit-0.43.tar.gz 33355
diff --git a/app-forensics/chkrootkit/files/digest-chkrootkit-0.43-r2 b/app-forensics/chkrootkit/files/digest-chkrootkit-0.43-r2
new file mode 100644
index 000000000000..b9938202483f
--- /dev/null
+++ b/app-forensics/chkrootkit/files/digest-chkrootkit-0.43-r2
@@ -0,0 +1,2 @@
+MD5 08646b9bf3a9dc45c25a40946962a839 chkrootkit-0.43.tar.gz 33355
+MD5 076dfd75c534abf510755f366429324e chkrootkit-0.43-r2-gentoo.diff.gz 3759
diff --git a/app-forensics/chkrootkit/files/digest-chkrootkit-0.43-r3 b/app-forensics/chkrootkit/files/digest-chkrootkit-0.43-r3
new file mode 100644
index 000000000000..3d6c11302694
--- /dev/null
+++ b/app-forensics/chkrootkit/files/digest-chkrootkit-0.43-r3
@@ -0,0 +1,2 @@
+MD5 08646b9bf3a9dc45c25a40946962a839 chkrootkit-0.43.tar.gz 33355
+MD5 51abc2b0a8cafd07df9ad3f62e0667aa chkrootkit-0.43-r3-gentoo.diff.gz 3759
diff --git a/app-forensics/chkrootkit/files/digest-chkrootkit-0.43-r4 b/app-forensics/chkrootkit/files/digest-chkrootkit-0.43-r4
new file mode 100644
index 000000000000..3d6c11302694
--- /dev/null
+++ b/app-forensics/chkrootkit/files/digest-chkrootkit-0.43-r4
@@ -0,0 +1,2 @@
+MD5 08646b9bf3a9dc45c25a40946962a839 chkrootkit-0.43.tar.gz 33355
+MD5 51abc2b0a8cafd07df9ad3f62e0667aa chkrootkit-0.43-r3-gentoo.diff.gz 3759
diff --git a/app-forensics/chkrootkit/metadata.xml b/app-forensics/chkrootkit/metadata.xml
new file mode 100644
index 000000000000..d31152aca840
--- /dev/null
+++ b/app-forensics/chkrootkit/metadata.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<herd>no-herd</herd>
+	<maintainer>
+		<email>ka0ttic@gentoo.org</email>
+		<name>Aaron Walker</name>
+	</maintainer>
+</pkgmetadata>