chkrootkit-0.50-9.fc22$>H*NlϹru>9=8?=(d   F48\`o~ H |       X  \ |  D  ( 8C9 C:2CG/TH/I0$X0@Y0T\0|]0^2$ b2d3e3f3l3t4u4hv4w;x;y<\2=$Cchkrootkit0.509.fc22Tool to locally check for signs of a rootkitchkrootkit is a tool to locally check for signs of a rootkit. It contains: * chkrootkit: shell script that checks system binaries for rootkit modification. * ifpromisc: checks if the network interface is in promiscuous mode. * chklastlog: checks for lastlog deletions. * chkwtmp: checks for wtmp deletions. * chkproc: checks for signs of LKM trojans. * chkdirs: checks for signs of LKM trojans. * strings: quick and dirty strings replacement. * chkutmp: checks for utmp deletions.W}Gbuildhw-10.phx2.fedoraproject.orgEFedora ProjectFedora ProjectBSD and GPLv2+ and PythonFedora ProjectApplications/Systemhttp://www.chkrootkit.orglinuxi686 4I4)* *8/)* $>?8) 1F&A큤A큤W}FW}GW}GW}GW}GW}GW}GW}GW}GW}GW}GW}GW}GW}GW}GW}GW}GW}GS|RRSW}GRW}FS|W}F066a39edb2354f6b3ce3181f147906bfc0294f625392f06fcdcbb106d9e6527a5780c026690567b9e9052954b55111ceab915dad83d2f28871ba7339c073d0d5e2a95d68cdd672ae23521348d31ff1378c790985ba6b66e6fd9411617658bee6838bfc2190b69367d9ad7c12dc6f75fb99dbd5d65b3ec94a22d51a4aafc74531419465d0445d3fa55eed1fcc10f592d7e2520015b800d7a786fc83e5d5ac97f317103ca0b94ba835956509ce993894b24682fae88278c8053461e2e446c2ada3065469f94e8edd6dc6d454ce897b38e2a33e925038c2960d15682d71d2a210b1a88cae932901a7b1a59ffbeab118ac4d38789f09f732b34336d38b8db17d517757d8954f96c5421f4c158785fde6904471a81ab1f171105e6fd565ca9ad5d02d88f5c08eeee4a98ca6a62ab680312e22bb64d85e3ac665c19c8d4756d266a74846c009a845ce06b99b0e2c624f7cf258a247cf6e1f1ce1855ad9e2f5374c6fec40cad1b6372481208664e6865f31b4959b2bac6f3b9b29ed1c93724bd5af258933b2949e6a0a4bbf8b371d6de783d5d69c43876881afeec1659dd5f55853327f371e8c4e04e7233c5c90972e309f9a89c912a83eb74693a7d8327e7b10a5c39332c20d48b501a7ad043d0953df44d6ad93f15e28cb8fc8bff1f87b6f4b0168274d34cf5cfc5628af468ec171edea9f491b47bf1d6a07266b0a7c5bf1faf8f03c69cef05e975d879668f22d74b7b0635bd13c8f7c05184621069cf56d76e289f2ce0fd61dd3bd32365001933ad21376551a5895afe7ebf085b605c0b02e5b6191d254706fe39d35411023e5419d92c2277ba480d9be09454cbcbcd3e31c6175736c574d6c7d66ff37379b137e33eeadf6e6de2dca02101f84818296616c77e040b67e8d07be421a4c481e42d7414b80988c65bdf1469e3a970494c54b98bb51d8ef64cbad1ac353249d83fe7dc846c7bf4618109fe01d570cb71c78b60f52d461/usr/bin/consolehelperstrings-staticrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootchkrootkit-0.50-9.fc22.src.rpmapplication()application(chkrootkit.desktop)chkrootkitchkrootkit(x86-32)config(chkrootkit)@@@@@@@@@    @/bin/sh/usr/bin/consolehelperconfig(chkrootkit)libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.7)net-toolsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)0.50-9.fc223.0.4-14.6.0-14.0-15.2-14.12.0.1W|WgWgVUa@TFJSGSS[S @QQ@P@OO@MQ0@L@KJi@Jf@JeI@IH|@H?@GG߮G@GD@GGl@FFT,E@EE3@E3@E@E8@DDFCs6@CBPB9q@BAa;@ABA#D@R@?1@@?1@@=? ?!?m?e>1>1>H>s>s>"@>@>@>|P@>i@Jon Ciesla - 0.50-9Jon Ciesla - 0.50-8Jon Ciesla - 0.50-7Fedora Release Engineering - 0.50-6Fedora Release Engineering - 0.50-5Jon Ciesla - 0.50-4Fedora Release Engineering - 0.50-3Fedora Release Engineering - 0.50-2Jon Ciesla - 0.50-1Jon Ciesla - 0.49-9Fedora Release Engineering - 0.49-8Jon Ciesla - 0.49-7Fedora Release Engineering - 0.49-6Jon Ciesla - 0.49-5Fedora Release Engineering - 0.49-4Fedora Release Engineering - 0.49-3Jon Ciesla 0.49-2Jon Ciesla 0.49-1Fedora Release Engineering - 0.48-14Jon Ciesla 0.48-13Jon Ciesla 0.48-12Michael Schwendt - 0.48-11Fedora Release Engineering - 0.48-10Tom "spot" Callaway - 0.48-9Michael Schwendt - 0.48-8Michael Schwendt - 0.48-7Michael Schwendt - 0.48-6Michael Schwendt - 0.48-5Michael Schwendt - 0.48-3Michael Schwendt - 0.48-2Michael Schwendt - 0.48-1Michael Schwendt Michael Schwendt - 0.47-7Michael Schwendt - 0.47-6Michael Schwendt - 0.47-5Michael Schwendt - 0.47-4Michael Schwendt - 0.47-3Michael Schwendt Michael Schwendt - 0.47-1Michael Schwendt Michael Schwendt - 0.46a-2Michael Schwendt - 0.46a-1Michael Schwendt - 0.45-4Michael Schwendt - 0.45-3Michael Schwendt - 0.45-2Michael Schwendt - 0:0.45-1Michael Schwendt - 0:0.44-0.fdr.2Michael Schwendt - 0:0.44-0.fdr.1Phillip Compton - 0:0.43-0.fdr.5Michael Schwendt - 0:0.43-0.fdr.4Michael Schwendt - 0:0.43-0.fdr.3Michael Schwendt - 0:0.43-0.fdr.2Michael Schwendt - 0:0.43-0.fdr.1Michael Schwendt - 0:0.42-0.fdr.3.bPhillip Compton - 0:0.42-0.fdr.2.bPhillip Compton - 0:0.42-0.fdr.1.bPhillip Compton - 0:0.42-0.fdr.1Phillip Compton - 0:0.41-0.fdr.3Phillip Compton - 0:0.41-0.fdr.2Phillip Compton - 0:0.41-0.fdr.1Phillip Compton - 0:0.40-0.fdr.3Phillip Compton - 0:0.40-0.fdr.2Phillip Compton - 0:0.40-0.fdr.1Phillip Compton - 0:0.39a-0.fdr.4Phillip Compton - 0.39a-0.fdr.3Phillip Compton - 0.39a-0.fdr.2Phillip Compton - 0.39a-0.fdr.1- Require net-tools, BZ 1352433- Patch for windigo false positive, BZ 1234420.- Patch for windigo false positive, BZ 1234436.- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Patch for suckit false positive, BZ 636231.- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Latest upstream, BZ 1104775. - Dropped upstreamed patch. - Fixed bad changelog date.- Patch for CVE-2014-0476, BZ 1104456, 11044567.- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Drop desktop vendor tag.- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Add hardened build.- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Updated outofbounds patch, BZ 577979 and 626067.- New upstream, including upstreamed patches.- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Additional items in chkutmp patch.- Patch to fix crash in chkutmp on x86_64.- update .desktop file for Icon Theme Specification - no longer add X-Fedora category to .desktop file - Fedora > 10: conditional BR glibc-static as needed for strings-static- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- fix license tag- Let chkproc default to procps version 3.- Build with large file API (#441638).- Delete the "suspect PHP files" check. Not only does it trigger SIGPIPE for file names which contain special unescaped characters, the second half is doubtful (it doesn't print any filenames and gets confused by binary file contents).- Fix the empty warning of the shell history files anomalies check. - Initialise two variables in chkdirs.c to silence compiler.- rebuilt for GCC 4.3 as requested by Fedora Release Engineering (only in devel)- Install README with mode 0644.- Update to 0.48 (new tests, enhanced tests, minor bug-fixes).- rebuilt- Fix obsolete PAM pam_stack usage (#241038) to make desktop menu and consolehelper work again.- Make chklastlog default to /var/log/lastlog and /var/log/wtmp, which can be set with options -l and -f, too, however.- Upstream wants to disable the OBSD rk v1 check on Linux with next release.- Don't like the previous patch yet, since it is unsafe and makes -p more difficult, so removed it again.- Patch OpenBSD rootkit check to not report libgcj file /usr/lib/security/classpath.security without querying the RPM database about that file - Add README.false_positives- rebuilt- Update to 0.47. - mark PAM and consolehelper files in /etc as config- rebuilt- rebuilt for FC5- Update to 0.46a.- Pass on command-line arguments to main program (#166321).- Create debuginfo package, remove stripping from Makefile in %prep, build with optflags.- Make GCC4 shut up by including more C headers in chkproc.c/chkwtmp.c- Update to 0.45, trim description.- Fix inetd/sshd checks.- Update to 0.44.- License COPYRIGHTED -> BSD-like (#1746).- rh80 doesn't have sed -i, use perl instead (#1326). - Obsolete chkrootkit-strings patch due to soft-link since 0.43-0.fdr.1.- Make in %build section (#1326).- Substitute a few hardcoded paths (#1326).- Update to 0.43. - Add dependency on consolehelper binary. - Drop patched chkrootkit script due to change in 0.42-0.fdr.3.b. - Make available "strings-static" as "strings", too.- Make /usr/bin/chkrootkit enter chkrootkit home directory. This puts its own helper tools into its search path.- Move binaries out of %{_datadir}.- Updated to 0.42b.- Updated to 0.42. - Moved pam and console entries into seperate files. - Install into %{_datadir} not %{_libdir}.- Moved chkrootkit.lsm into docs. - Explicitly set file permissions for icon and desktop entry on install. - No longer include backup of original chkrootkit script.- Removed unnecessary files.- Updated to 0.41.- Modified the chkrootkit scrip to execute the other sub programs correctly when called from the menu entry.- Removed hardcoded path.- Updated to 0.40- Added Epoch:0. - Added desktop-file-utils to BuildRequires. - Changed category to X-Fedora-Extra. - Moved desktop entry into seperate file.- Added Icon. - Added desktop entry. - Added pam entry.- Spec Cleanup.- Initial RPM release. 0.50-9.fc220.50-9.fc220.50-9.fc22 chkrootkitchkrootkitchkrootkitchkrootkitXchkrootkit-0.50check_wtmpxchkdirschklastlogchkprocchkrootkitchkutmpchkwtmpifpromiscstringsstrings-staticchkrootkitchkrootkit.desktopchkrootkitACKNOWLEDGMENTSCOPYRIGHTREADMEREADME.chklastlogREADME.chkwtmpREADME.false_positiveschkrootkit.lsmchkrootkit.png/etc/pam.d//etc/security/console.apps//usr/bin//usr/lib//usr/lib/chkrootkit-0.50//usr/sbin//usr/share/applications//usr/share/doc//usr/share/doc/chkrootkit//usr/share/pixmaps/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnu   ASCII textPOSIX shell script, ASCII text executabledirectoryELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=fc7b0bdf13c80102e48d26c2bcca628eb8fac10c, strippedELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=ebd08219b7e7ffc04e81691c4ff2ea5f0c5c215e, strippedELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=a14d3a8dab869c99aaa4b7e354d6c42db19c5627, strippedELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=8625066f5cf883e2245c2a5443a5531562a8a75b, strippedELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=0a613ef49da09be42706afb2e52b74fa4da3e803, strippedELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=1edf5be5d133e616f51859db959673d0e2c92357, strippedELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=d05945d13a86c95da21e6cdcb77095af435dcb11, strippedELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, for GNU/Linux 2.6.32, BuildID[sha1]=3659ba423b5d49750de0c5b6e925689aec982b3d, strippedISO-8859 textLinux Software Map entry, ASCII textPNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced !'/0RRRRRRR RRRRRR RRRRRRR RRRRRRRRR RRRRRR RRRRRR R RRRRRRPP?p7zXZ !#,`]"k%fPpY$z/wٛWaXdRWͮ!8 *mcEKGzM3,Eɍ3nyZCZ }/;)r1Ȩ&^mKOPa2~Ck9o|,* LPʃ3?fUs8YU,7.19G)/Rv mkYŢn? ,bVcm*Y@xr [u\踈~wB-,srݭ3 _s*+wOGWBWl|c͐fD kOd۲VQaïnt#5 Ǵ  EKoWuLxN p|ud ^˶:4o=1x7a1-rz7 S|Vg2A$$6ާ7u ;6`u.e 3c?VF,fYz ?.:9KtCXwXJu2n͉:-'XN9RYJ`w'B h43;} 2&2]DuޝG;N2Ea:LeƑ];ȥ*~$}^.?&ԺU*}+}I4V;(m(2d.BXc& (w..>;L*P1gգ ?G wpÛ_6>s ll|֪* zQA羢f WTPe 1),JlCP3FU^U/ vhE_U<7ɭ̄:O64f`T>Aؾ5.ȜyrKE^93C$w!̦TԿBTC1]1aƂBI)KQ鬽|(N rCRF@"2wtL[4e?e X&3Vi)*GU,{,ML~mpFz4x,*[]V+Z()dɍ(Y oqyA2u+9ouV7~)7Ζ^:]exKMұ̈́B:_l|tozє'v] ˴xsV`gm: (KIT7du]Y :W4FfJrl evHT];cӛuf/&΍y"(K״h1E շoYT+=P6I M{TM"{xXUo@ b 0mB *XS ۖJ/ւ@@;(ϐNg>~KnQ #-@X2hcn[Gd:[z}D A3J>W ;3;&G:6y>p7IJN~S'Ӎ N.Y~:ȬdAĩJ뢒y2z}V}H`7o6b! 8+c+I>:hu uÝNTp6֡kj {O 0[M(ʩ;SaؤG䱦W,{`,!DqnpM RojԪʭ]ݲV3Fg[E6n:S\[lF_63Z-:ZtN/#s^G;Zi_A"M.r2]3FF#票vƲCkBhXV3u-f(c']Q|q㲘 \ [: d2k YZ