           SPELL=chkrootkit
         VERSION=0.49
          SOURCE=$SPELL-$VERSION.tar.gz
SOURCE_DIRECTORY=$BUILD_DIRECTORY/$SPELL-$VERSION
   SOURCE_URL[0]=ftp://ftp.pangeia.com.br/pub/seg/pac/$SOURCE
   SOURCE_URL[1]=http://www.mirrors.wiretapped.net/security/host-security/$SPELL/$SOURCE
   SOURCE_URL[2]=ftp://gd.tuwien.ac.at/infosys/security/$SPELL/$SOURCE
   SOURCE_URL[3]=http://www.spenneberg.org/chkrootkit-mirror/files/$SOURCE
   SOURCE_URL[4]=http://ftp.bit.nl/mirror/$SPELL/$SOURCE
     SOURCE_HASH=sha512:b796547fc483635ff6ee4e953f7dda34913189459de05b547522b79f8edeef5adae72cc05515b8ff9382cbabffd93cae7d114a40636e14c55da513bb42b05909
        WEB_SITE=http://www.chkrootkit.org
         ENTERED=20020925
      PATCHLEVEL=1
      LICENSE[0]=/usr/share/doc/chkrootkit/COPYRIGHT
        KEYWORDS="security rootkit scan"
           SHORT="Locally checks for signs of a rootkit."
cat << EOF
chkrootkit is a tool to locally check for signs of a rootkit. It 
contains:

 * chkrootkit: shell script that checks system binaries for rootkit 
   modification.
 * ifpromisc: checks if the interface is in promiscuous mode.
 * chklastlog: checks for lastlog deletions.
 * chkwtmp: checks for wtmp deletions.
 * check_wtmpx: checks for wtmpx deletions. (Solaris only)
 * chkproc: checks for signs of LKM trojans.
 * chkdirs: checks for signs of LKM trojans.
 * strings: quick and dirty strings replacement.
 * chkutmp: checks for utmp deletions.
EOF
