Please find, for review, the debconf templates and packages descriptions for the chkrootkit source package. This review will last from Thursday, February 07, 2008 to Sunday, February 17, 2008. Please send reviews as unified diffs (diff -u) against the original files. Comments about your proposed changes will be appreciated. Your review should be sent as an answer to this mail. When appropriate, I will send intermediate requests for review, with "[RFRn]" (n>=2) as a subject tag. When we will reach a consensus, I send a "Last Chance For Comments" mail with "[LCFC]" as a subject tag. Finally, the reviewed templates will be sent to the package maintainer as a bug report, and a mail will be sent to this list with "[BTS]" as a subject tag. Rationale: --- ../chkrootkit.old/debian/templates 2008-01-25 06:11:55.793191524 +0100 +++ debian/templates 2008-02-07 07:39:52.391264965 +0100 @@ -1,25 +1,26 @@ Template: chkrootkit/run_daily Type: boolean Default: false -_Description: Would you like to run chkrootkit automatically every day? - chkrootkit can be run automatically via cron.daily if you like. If you - answer yes to this question, you'll also be given the opportunity to +_Description: Should chkrootkit be run automatically every day? We generally discourage "would you like" stuff and recommend being a bit more neutral in wording + The chkrootkit program can be run automatically via a daily cron job. If you + choose this option, you'll also be given the opportunity to specify options for the daily run. This is an attempt to avoid a leading lowercase letter. "via cron.daily" is slightly jargonish so mention "daily cron job" ; The most important part: "if you answer yes" shouldn't be used (reasons are well developed in the Develoepr's Reference and lintian warns about this). We recommend using "If you choose this option". Template: chkrootkit/run_daily_opts Type: string -_Default: -q -_Description: What arguments would you like to pass to the daily chkrootkit run? +Default: -q "-q" is obviously not a translatable string +_Description: Arguments to use with chkrootkit in the daily run: string templates should not use the interrogative form The following are useful arguments to pass to chkrookit: - * -r <root> specifies an alternate root directory - * -n do not attempt to analyze nfs mounted files - * -q run in quiet mode [highly recommended] + -r <root>: specifies an alternate root directory; + -n : do not attempt to analyze nfs mounted files; + -q : run in quiet mode [highly recommended]. This is the enumeration style we generally recommend. Template: chkrootkit/diff_mode Type: boolean Default: false -_Description: Only report problems if they differ from yesterday's problems? - Choosing yes here instructs the cron.daily call of chkrootkit to - only report problems if they differ from the previous day's run. +_Description: Only report problems if they differ from previous day's problems? "yesterday" seems to mean "the day before the day the package was installed" which is obviously not what's meant. + If you choose this option, chkrootkit will + only report problems when they differ from the previous day's run. Here as well, avoid "answer yes" style . - Use this option with care. + Using this option is not recommended as it is likely to hide existing + security problems. I think the rationale needs to be developed and the template shouldn't say "not recommended" without some explanations. --- ../chkrootkit.old/debian/control 2008-01-25 06:11:55.793191524 +0100 +++ debian/control 2008-02-07 07:43:41.119264961 +0100 @@ -8,21 +8,25 @@ Package: chkrootkit Architecture: any Depends: ${shlibs:Depends}, binutils, net-tools, debconf | debconf-2.0, procps -Description: Checks for signs of rootkits on the local system - chkrootkit identifies whether the target computer is infected with a rootkit. +Description: rootkit detection software package synopsis should avoid verb sentences. I also propose this more generic description + The chkrootkit program identifies whether the target computer is infected + with a 'rootkit'. Rootkits are set of programs and hacks designed to + take control of a target machine by using known security flaws. Again, avoid leading lowercase I took the liberty of explaining what a rootkit is. Please feel free to correct this. Some of the rootkits that chkrootkit identifies are: - 1. lrk3, lrk4, lrk5, lrk6 (and some variants); - 2. Solaris rootkit; - 3. FreeBSD rootkit; - 4. t0rn (including latest variant); - 5. Ambient's Rootkit for Linux (ARK); - 6. Ramen Worm; - 7. rh[67]-shaper; - 8. RSHA; - 9. Romanian rootkit; - 10. RK17; - 11. Lion Worm; - 12. Adore Worm. - Please note that this is not a definitive test, it does not ensure that the - target has not been cracked. In addition to running chkrootkit, one should - perform more specific tests. + . + - lrk3, lrk4, lrk5, lrk6 (and some variants); + - Solaris rootkit; + - FreeBSD rootkit; + - t0rn (including latest variant); + - Ambient's Rootkit for Linux (ARK); + - Ramen Worm; + - rh[67]-shaper; + - RSHA; + - Romanian rootkit; + - RK17; + - Lion Worm; + - Adore Worm. + . + One should note that chkrootkit not detecting intrusions does not + necessarily mean the target computer was not attacked or compromised. + In addition to running chkrootkit, more specific tests should be performed. I'm frankly not enthusiast about the long enumeration. I suppose that chkrootkit detected kits vary over time. So the alternative I propose is just dropping the list. At least, it should use the now established standard for enumerations. I also propose splitting the paragraphs in a few paragraphs to improve readability. --
Template: chkrootkit/run_daily Type: boolean Default: false _Description: Should chkrootkit be run automatically every day? The chkrootkit program can be run automatically via a daily cron job. If you choose this option, you'll also be given the opportunity to specify options for the daily run. Template: chkrootkit/run_daily_opts Type: string Default: -q _Description: Arguments to use with chkrootkit in the daily run: The following are useful arguments to pass to chkrookit: -r <root>: specifies an alternate root directory; -n : do not attempt to analyze nfs mounted files; -q : run in quiet mode [highly recommended]. Template: chkrootkit/diff_mode Type: boolean Default: false _Description: Only report problems if they differ from previous day's problems? If you choose this option, chkrootkit will only report problems when they differ from the previous day's run. . Using this option is not recommended as it is likely to hide existing security problems.
--- chkrootkit.old/debian/templates 2008-01-25 06:11:55.793191524 +0100 +++ chkrootkit/debian/templates 2008-02-07 18:48:10.703705589 +0100 @@ -1,25 +1,26 @@ Template: chkrootkit/run_daily Type: boolean Default: false -_Description: Would you like to run chkrootkit automatically every day? - chkrootkit can be run automatically via cron.daily if you like. If you - answer yes to this question, you'll also be given the opportunity to +_Description: Should chkrootkit be run automatically every day? + The chkrootkit program can be run automatically via a daily cron job. If you + choose this option, you'll also be given the opportunity to specify options for the daily run. Template: chkrootkit/run_daily_opts Type: string -_Default: -q -_Description: What arguments would you like to pass to the daily chkrootkit run? +Default: -q +_Description: Arguments to use with chkrootkit in the daily run: The following are useful arguments to pass to chkrookit: - * -r <root> specifies an alternate root directory - * -n do not attempt to analyze nfs mounted files - * -q run in quiet mode [highly recommended] + -r <root>: specifies an alternate root directory; + -n : do not attempt to analyze nfs mounted files; + -q : run in quiet mode [highly recommended]. Template: chkrootkit/diff_mode Type: boolean Default: false -_Description: Only report problems if they differ from yesterday's problems? - Choosing yes here instructs the cron.daily call of chkrootkit to - only report problems if they differ from the previous day's run. +_Description: Only report problems if they differ from previous day's problems? + If you choose this option, chkrootkit will + only report problems when they differ from the previous day's run. . - Use this option with care. + Using this option is not recommended as it is likely to hide existing + security problems. --- chkrootkit.old/debian/control 2008-01-25 06:11:55.793191524 +0100 +++ chkrootkit/debian/control 2008-02-07 18:49:56.882638947 +0100 @@ -8,21 +8,25 @@ Package: chkrootkit Architecture: any Depends: ${shlibs:Depends}, binutils, net-tools, debconf | debconf-2.0, procps -Description: Checks for signs of rootkits on the local system - chkrootkit identifies whether the target computer is infected with a rootkit. +Description: rootkit detection software + The chkrootkit program identifies whether the target computer is infected + with a 'rootkit'. Rootkits are set of programs and hacks designed to + take control of a target machine by using known security flaws. Some of the rootkits that chkrootkit identifies are: - 1. lrk3, lrk4, lrk5, lrk6 (and some variants); - 2. Solaris rootkit; - 3. FreeBSD rootkit; - 4. t0rn (including latest variant); - 5. Ambient's Rootkit for Linux (ARK); - 6. Ramen Worm; - 7. rh[67]-shaper; - 8. RSHA; - 9. Romanian rootkit; - 10. RK17; - 11. Lion Worm; - 12. Adore Worm. - Please note that this is not a definitive test, it does not ensure that the - target has not been cracked. In addition to running chkrootkit, one should - perform more specific tests. + . + - lrk3, lrk4, lrk5, lrk6 (and some variants); + - Solaris rootkit; + - FreeBSD rootkit; + - t0rn (including latest variant); + - Ambient's Rootkit for Linux (ARK); + - Ramen Worm; + - rh[67]-shaper; + - RSHA; + - Romanian rootkit; + - RK17; + - Lion Worm; + - Adore Worm. + . + One should note that chkrootkit not detecting intrusions does not + necessarily mean the target computer was not attacked or compromised. + In addition to running chkrootkit, more specific tests should be performed.
Source: chkrootkit Section: misc Priority: optional Maintainer: lantz moore <lmoore@debian.org> Standards-Version: 3.6.2 Build-Depends: debhelper (>> 4.0.0), libc6.1-dev [ia64], po-debconf Package: chkrootkit Architecture: any Depends: ${shlibs:Depends}, binutils, net-tools, debconf | debconf-2.0, procps Description: rootkit detection software The chkrootkit program identifies whether the target computer is infected with a 'rootkit'. Rootkits are set of programs and hacks designed to take control of a target machine by using known security flaws. Some of the rootkits that chkrootkit identifies are: . - lrk3, lrk4, lrk5, lrk6 (and some variants); - Solaris rootkit; - FreeBSD rootkit; - t0rn (including latest variant); - Ambient's Rootkit for Linux (ARK); - Ramen Worm; - rh[67]-shaper; - RSHA; - Romanian rootkit; - RK17; - Lion Worm; - Adore Worm. . One should note that chkrootkit not detecting intrusions does not necessarily mean the target computer was not attacked or compromised. In addition to running chkrootkit, more specific tests should be performed.
Attachment:
signature.asc
Description: Digital signature