[RFR] templates://chkrootkit/{templates}

[Christian Perrier <bubulle@debian.org>]

Please find, for review, the debconf templates and packages descriptions for the chkrootkit source package.

This review will last from Thursday, February 07, 2008 to Sunday, February 17, 2008.

Please send reviews as unified diffs (diff -u) against the original
files. Comments about your proposed changes will be appreciated.

Your review should be sent as an answer to this mail.

When appropriate, I will send intermediate requests for review, with
"[RFRn]" (n>=2) as a subject tag.

When we will reach a consensus, I send a "Last Chance For
Comments" mail with "[LCFC]" as a subject tag.

Finally, the reviewed templates will be sent to the package maintainer
as a bug report, and a mail will be sent to this list with "[BTS]" as
a subject tag.

Rationale:
--- ../chkrootkit.old/debian/templates	2008-01-25 06:11:55.793191524 +0100
+++ debian/templates	2008-02-07 07:39:52.391264965 +0100
@@ -1,25 +1,26 @@
 Template: chkrootkit/run_daily
 Type: boolean
 Default: false
-_Description: Would you like to run chkrootkit automatically every day?
- chkrootkit can be run automatically via cron.daily if you like.  If you
- answer yes to this question, you'll also be given the opportunity to
+_Description: Should chkrootkit be run automatically every day?

We generally discourage "would you like" stuff and recommend being a
bit more neutral in wording

+ The chkrootkit program can be run automatically via a daily cron job. If you
+ choose this option, you'll also be given the opportunity to
  specify options for the daily run.

This is an attempt to avoid a leading lowercase letter.

"via cron.daily" is slightly jargonish so mention "daily cron job" ;

The most important part: "if you answer yes" shouldn't be used
(reasons are well developed in the Develoepr's Reference and lintian
warns about this). We recommend using "If you choose this option".

 
 Template: chkrootkit/run_daily_opts
 Type: string
-_Default: -q
-_Description: What arguments would you like to pass to the daily chkrootkit run?
+Default: -q

"-q" is obviously not a translatable string

+_Description: Arguments to use with chkrootkit in the daily run:

string templates should not use the interrogative form


  The following are useful arguments to pass to chkrookit:
-   * -r <root> specifies an alternate root directory
-   * -n do not attempt to analyze nfs mounted files
-   * -q run in quiet mode [highly recommended]
+   -r <root>: specifies an alternate root directory;
+   -n       : do not attempt to analyze nfs mounted files;
+   -q       : run in quiet mode [highly recommended].

This is the enumeration style we generally recommend.
 
 Template: chkrootkit/diff_mode
 Type: boolean
 Default: false
-_Description: Only report problems if they differ from yesterday's problems?
- Choosing yes here instructs the cron.daily call of chkrootkit to
- only report problems if they differ from the previous day's run.
+_Description: Only report problems if they differ from previous day's
problems?

"yesterday" seems to mean "the day before the day the package was
installed" which is obviously not what's meant.

+ If you choose this option, chkrootkit will
+ only report problems when they differ from the previous day's run.

Here as well, avoid "answer yes" style


  .
- Use this option with care.
+ Using this option is not recommended as it is likely to hide existing
+ security problems.

I think the rationale needs to be developed and the template shouldn't
say "not recommended" without some explanations.


--- ../chkrootkit.old/debian/control	2008-01-25 06:11:55.793191524 +0100
+++ debian/control	2008-02-07 07:43:41.119264961 +0100
@@ -8,21 +8,25 @@
 Package: chkrootkit
 Architecture: any
 Depends: ${shlibs:Depends}, binutils, net-tools, debconf | debconf-2.0, procps
-Description: Checks for signs of rootkits on the local system
- chkrootkit identifies whether the target computer is infected with a rootkit.
+Description: rootkit detection software

package synopsis should avoid verb sentences. I also propose this more
generic description

+ The chkrootkit program identifies whether the target computer is infected
+ with a 'rootkit'. Rootkits are set of programs and hacks designed to
+ take control of a target machine by using known security flaws.

Again, avoid leading lowercase

I took the liberty of explaining what a rootkit is. Please feel free
to correct this.


  Some of the rootkits that chkrootkit identifies are: 
-  1. lrk3, lrk4, lrk5, lrk6 (and some variants);
-  2. Solaris rootkit;
-  3. FreeBSD rootkit;
-  4. t0rn (including latest variant);
-  5. Ambient's Rootkit for Linux (ARK);
-  6. Ramen Worm;
-  7. rh[67]-shaper;
-  8. RSHA;
-  9. Romanian rootkit;
-  10. RK17;
-  11. Lion Worm;
-  12. Adore Worm.
- Please note that this is not a definitive test, it does not ensure that the
- target has not been cracked. In addition to running chkrootkit, one should
- perform more specific tests.
+ .
+  - lrk3, lrk4, lrk5, lrk6 (and some variants);
+  - Solaris rootkit;
+  - FreeBSD rootkit;
+  - t0rn (including latest variant);
+  - Ambient's Rootkit for Linux (ARK);
+  - Ramen Worm;
+  - rh[67]-shaper;
+  - RSHA;
+  - Romanian rootkit;
+  - RK17;
+  - Lion Worm;
+  - Adore Worm.
+ .
+ One should note that chkrootkit not detecting intrusions does not
+ necessarily mean the target computer was not attacked or compromised.
+ In addition to running chkrootkit, more specific tests should be performed.


I'm frankly not enthusiast about the long enumeration. I suppose that
chkrootkit detected kits vary over time. So the alternative I propose
is just dropping the list. At least, it should use the now established
standard for enumerations.

I also propose splitting the paragraphs in a few paragraphs to improve
readability.



-- 


Template: chkrootkit/run_daily
Type: boolean
Default: false
_Description: Should chkrootkit be run automatically every day?
 The chkrootkit program can be run automatically via a daily cron job. If you
 choose this option, you'll also be given the opportunity to
 specify options for the daily run.

Template: chkrootkit/run_daily_opts
Type: string
Default: -q
_Description: Arguments to use with chkrootkit in the daily run:
 The following are useful arguments to pass to chkrookit:
   -r <root>: specifies an alternate root directory;
   -n       : do not attempt to analyze nfs mounted files;
   -q       : run in quiet mode [highly recommended].

Template: chkrootkit/diff_mode
Type: boolean
Default: false
_Description: Only report problems if they differ from previous day's problems?
 If you choose this option, chkrootkit will
 only report problems when they differ from the previous day's run.
 .
 Using this option is not recommended as it is likely to hide existing
 security problems.

--- chkrootkit.old/debian/templates	2008-01-25 06:11:55.793191524 +0100
+++ chkrootkit/debian/templates	2008-02-07 18:48:10.703705589 +0100
@@ -1,25 +1,26 @@
 Template: chkrootkit/run_daily
 Type: boolean
 Default: false
-_Description: Would you like to run chkrootkit automatically every day?
- chkrootkit can be run automatically via cron.daily if you like.  If you
- answer yes to this question, you'll also be given the opportunity to
+_Description: Should chkrootkit be run automatically every day?
+ The chkrootkit program can be run automatically via a daily cron job. If you
+ choose this option, you'll also be given the opportunity to
  specify options for the daily run.
 
 Template: chkrootkit/run_daily_opts
 Type: string
-_Default: -q
-_Description: What arguments would you like to pass to the daily chkrootkit run?
+Default: -q
+_Description: Arguments to use with chkrootkit in the daily run:
  The following are useful arguments to pass to chkrookit:
-   * -r <root> specifies an alternate root directory
-   * -n do not attempt to analyze nfs mounted files
-   * -q run in quiet mode [highly recommended]
+   -r <root>: specifies an alternate root directory;
+   -n       : do not attempt to analyze nfs mounted files;
+   -q       : run in quiet mode [highly recommended].
 
 Template: chkrootkit/diff_mode
 Type: boolean
 Default: false
-_Description: Only report problems if they differ from yesterday's problems?
- Choosing yes here instructs the cron.daily call of chkrootkit to
- only report problems if they differ from the previous day's run.
+_Description: Only report problems if they differ from previous day's problems?
+ If you choose this option, chkrootkit will
+ only report problems when they differ from the previous day's run.
  .
- Use this option with care.
+ Using this option is not recommended as it is likely to hide existing
+ security problems.
--- chkrootkit.old/debian/control	2008-01-25 06:11:55.793191524 +0100
+++ chkrootkit/debian/control	2008-02-07 18:49:56.882638947 +0100
@@ -8,21 +8,25 @@
 Package: chkrootkit
 Architecture: any
 Depends: ${shlibs:Depends}, binutils, net-tools, debconf | debconf-2.0, procps
-Description: Checks for signs of rootkits on the local system
- chkrootkit identifies whether the target computer is infected with a rootkit.
+Description: rootkit detection software
+ The chkrootkit program identifies whether the target computer is infected
+ with a 'rootkit'. Rootkits are set of programs and hacks designed to
+ take control of a target machine by using known security flaws.
  Some of the rootkits that chkrootkit identifies are: 
-  1. lrk3, lrk4, lrk5, lrk6 (and some variants);
-  2. Solaris rootkit;
-  3. FreeBSD rootkit;
-  4. t0rn (including latest variant);
-  5. Ambient's Rootkit for Linux (ARK);
-  6. Ramen Worm;
-  7. rh[67]-shaper;
-  8. RSHA;
-  9. Romanian rootkit;
-  10. RK17;
-  11. Lion Worm;
-  12. Adore Worm.
- Please note that this is not a definitive test, it does not ensure that the
- target has not been cracked. In addition to running chkrootkit, one should
- perform more specific tests.
+ .
+  - lrk3, lrk4, lrk5, lrk6 (and some variants);
+  - Solaris rootkit;
+  - FreeBSD rootkit;
+  - t0rn (including latest variant);
+  - Ambient's Rootkit for Linux (ARK);
+  - Ramen Worm;
+  - rh[67]-shaper;
+  - RSHA;
+  - Romanian rootkit;
+  - RK17;
+  - Lion Worm;
+  - Adore Worm.
+ .
+ One should note that chkrootkit not detecting intrusions does not
+ necessarily mean the target computer was not attacked or compromised.
+ In addition to running chkrootkit, more specific tests should be performed.

Source: chkrootkit
Section: misc
Priority: optional
Maintainer: lantz moore <lmoore@debian.org>
Standards-Version: 3.6.2
Build-Depends: debhelper (>> 4.0.0), libc6.1-dev [ia64], po-debconf

Package: chkrootkit
Architecture: any
Depends: ${shlibs:Depends}, binutils, net-tools, debconf | debconf-2.0, procps
Description: rootkit detection software
 The chkrootkit program identifies whether the target computer is infected
 with a 'rootkit'. Rootkits are set of programs and hacks designed to
 take control of a target machine by using known security flaws.
 Some of the rootkits that chkrootkit identifies are: 
 .
  - lrk3, lrk4, lrk5, lrk6 (and some variants);
  - Solaris rootkit;
  - FreeBSD rootkit;
  - t0rn (including latest variant);
  - Ambient's Rootkit for Linux (ARK);
  - Ramen Worm;
  - rh[67]-shaper;
  - RSHA;
  - Romanian rootkit;
  - RK17;
  - Lion Worm;
  - Adore Worm.
 .
 One should note that chkrootkit not detecting intrusions does not
 necessarily mean the target computer was not attacked or compromised.
 In addition to running chkrootkit, more specific tests should be performed.

Attachment: signature.asc
Description: Digital signature