           SPELL=chkrootkit
         VERSION=0.50
          SOURCE=$SPELL-$VERSION.tar.gz
SOURCE_DIRECTORY=$BUILD_DIRECTORY/$SPELL-$VERSION
   SOURCE_URL[0]=ftp://ftp.pangeia.com.br/pub/seg/pac/$SOURCE
   SOURCE_URL[1]=http://www.mirrors.wiretapped.net/security/host-security/$SPELL/$SOURCE
   SOURCE_URL[2]=ftp://gd.tuwien.ac.at/infosys/security/$SPELL/$SOURCE
   SOURCE_URL[3]=http://www.spenneberg.org/chkrootkit-mirror/files/$SOURCE
   SOURCE_URL[4]=http://ftp.bit.nl/mirror/$SPELL/$SOURCE
     SOURCE_HASH=sha512:9f26fd34e85b58b13dedc5f38a889ae258bb2c0f1ff40e99c149e23f93890e956f94204b1bb2241584454e99168c53b583f52777083454237f3ba343424dba1c
        WEB_SITE=http://www.chkrootkit.org
         ENTERED=20020925
      PATCHLEVEL=1
      LICENSE[0]=/usr/share/doc/chkrootkit/COPYRIGHT
        KEYWORDS="security rootkit scan"
           SHORT="Locally checks for signs of a rootkit."
cat << EOF
chkrootkit is a tool to locally check for signs of a rootkit. It 
contains:

 * chkrootkit: shell script that checks system binaries for rootkit 
   modification.
 * ifpromisc: checks if the interface is in promiscuous mode.
 * chklastlog: checks for lastlog deletions.
 * chkwtmp: checks for wtmp deletions.
 * check_wtmpx: checks for wtmpx deletions. (Solaris only)
 * chkproc: checks for signs of LKM trojans.
 * chkdirs: checks for signs of LKM trojans.
 * strings: quick and dirty strings replacement.
 * chkutmp: checks for utmp deletions.
EOF
