           SPELL=chkrootkit
         VERSION=0.47
          SOURCE=$SPELL-$VERSION.tar.gz
SOURCE_DIRECTORY=$BUILD_DIRECTORY/$SPELL-$VERSION
   SOURCE_URL[0]=ftp://ftp.pangeia.com.br/pub/seg/pac/$SOURCE
   SOURCE_URL[1]=http://www.mirrors.wiretapped.net/security/host-security/$SPELL/$SOURCE
   SOURCE_URL[2]=ftp://gd.tuwien.ac.at/infosys/security/$SPELL/$SOURCE
   SOURCE_URL[3]=http://www.spenneberg.org/chkrootkit-mirror/files/$SOURCE
   SOURCE_URL[4]=http://ftp.bit.nl/mirror/$SPELL/$SOURCE
     SOURCE_HASH=sha512:537850111d1a74a785301621f158ad783df27ec0348c040a0260b6c138974e00711dd51285c4cb4ef128eea117f969b43c7692fe309ce607106c71b2751c7e71
        WEB_SITE=http://www.chkrootkit.org
         ENTERED=20020925
      PATCHLEVEL=1
      LICENSE[0]=/usr/share/doc/chkrootkit/COPYRIGHT
        KEYWORDS="security rootkit scan"
           SHORT="Locally checks for signs of a rootkit."
cat << EOF
chkrootkit is a tool to locally check for signs of a rootkit. It 
contains:

 * chkrootkit: shell script that checks system binaries for rootkit 
   modification.
 * ifpromisc: checks if the interface is in promiscuous mode.
 * chklastlog: checks for lastlog deletions.
 * chkwtmp: checks for wtmp deletions.
 * check_wtmpx: checks for wtmpx deletions. (Solaris only)
 * chkproc: checks for signs of LKM trojans.
 * chkdirs: checks for signs of LKM trojans.
 * strings: quick and dirty strings replacement.
 * chkutmp: checks for utmp deletions.
EOF
