           SPELL=chkrootkit
         VERSION=0.46a
          SOURCE=$SPELL-$VERSION.tar.gz
SOURCE_DIRECTORY=$BUILD_DIRECTORY/$SPELL-$VERSION
   SOURCE_URL[0]=ftp://ftp.pangeia.com.br/pub/seg/pac/$SOURCE
   SOURCE_URL[1]=http://www.mirrors.wiretapped.net/security/host-security/$SPELL/$SOURCE
   SOURCE_URL[2]=ftp://gd.tuwien.ac.at/infosys/security/$SPELL/$SOURCE
   SOURCE_URL[3]=http://www.spenneberg.org/chkrootkit-mirror/files/$SOURCE
   SOURCE_URL[4]=http://ftp.bit.nl/mirror/$SPELL/$SOURCE
     SOURCE_HASH=sha512:187745f219e8b803762775aac904a0385730bf11cad20e17eb0018dd9be3123b8d4d1daa7ddee0feb44a6ab54fc76585286caf50d7def2937354e570d061f63d
        WEB_SITE=http://www.chkrootkit.org
         ENTERED=20020925
      LICENSE[0]=/usr/share/doc/chkrootkit/COPYRIGHT
        KEYWORDS="security"
           SHORT="Locally checks for signs of a rootkit."
cat << EOF
chkrootkit is a tool to locally check for signs of a rootkit. It 
contains:

 * chkrootkit: shell script that checks system binaries for rootkit 
   modification.
 * ifpromisc.c: checks if the interface is in promiscuous mode.
 * chklastlog.c: checks for lastlog deletions.
 * chkwtmp.c: checks for wtmp deletions.
 * check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
 * chkproc.c: checks for signs of LKM trojans.
 * chkdirs.c: checks for signs of LKM trojans.
 * strings.c: quick and dirty strings replacement.
 * chkutmp.c: checks for utmp deletions.
EOF
