ChangeLog

# ChangeLog for app-forensics/airt
# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/app-forensics/airt/ChangeLog,v 1.3 2007/02/09 07:13:31 flameeyes Exp $

09 Feb 2007; Diego Pettenò ChangeLog:
Regenerate digest in Manifest2 format.

08 Feb 2007; Diego Pettenò ChangeLog:
Regenerate digest in Manifest2 format.

*airt-0.4-r1 (19 Jul 2005)

19 Jul 2005; Daniel Black
+files/airt-0.4-dismod.patch, +files/airt-0.4-kernelupdate.patch,
+airt-0.4-r1.ebuild:
patch to fix with newer kernels. dismod perl script modified to find the
System.map and dismod executables

26 Jan 2005; Daniel Black +airt-0.4.ebuild,
+metadata.xml:
Initial import as per bug #79524. Thanks to Michael Zanetta
.

Manifest

AUX airt-0.4-dismod.patch 641 RMD160 f386b06d6cc65a6ac6ebaff9078e7c942a90e71c SHA1 06855db69962dc57ad62efc0e5c7c465bdf26f22 SHA256 bbf0315b15e2fbfc1e23b9f2067e80ea3bb43dfc82f87392e8cae77a3d0b9b99
AUX airt-0.4-kernelupdate.patch 6178 RMD160 c00602f571f14bc9276542dc08ec0299374b37db SHA1 02cf4226ae2492703648604a1ef13d80cd34dc4b SHA256 c943d9ea705d6c59e5d6898a8ea1dc25fdeb56d60a98d26ac5dfc00c8ed6876a
DIST airt-0.4.tar.bz2 73609 RMD160 a2596c36afb811a904a4e09b9ae68053e2d8e429 SHA1 e8081b31ac97a446e80a9f63412798aae79d62c4 SHA256 d11a83889a9d88ec7f7379e4dd9ac38b434aff4fe80a6cfab91303ac3b45ca5f
EBUILD airt-0.4-r1.ebuild 1145 RMD160 b2f8312aba40e554e95ff022c7a9008a7040491b SHA1 955c8b8bb9e171aed9eb5cf7063474fba455cca0 SHA256 7c6cfaec32eb469213984d66f7faa4b568700dcd6e02601d19f8ee6ec4f1c216
EBUILD airt-0.4.ebuild 1062 RMD160 53f5114968635fc4ed54d8cf65a97ea2fb7fe1d8 SHA1 eabc3f7c012eee6088e28685d31845c27461545c SHA256 7771035648a7d1c4f13a0a9f9976921b8732f6a2d5ba8d46b096c1583c56a498
MISC ChangeLog 883 RMD160 44a3c058519879caa995ae10e24a2e4bc457d3fc SHA1 9467393db1ad4daf7bae0eea344385c0aa3c5a7d SHA256 22a490b641963a43e7ceb291698cf3271b8ba558be8aeefe7ef8220eb0fe24aa
MISC metadata.xml 707 RMD160 4465ec58af4a3061009056a1a7c105d608969c54 SHA1 b60b9548e29ab337757e31ced554c76d1e15a393 SHA256 35be214c0a81b2289a5269fa739f511545a8f2b325b475f5e3e1c3fe97ba65fe

airt-0.4-r1.ebuild

# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-forensics/airt/airt-0.4-r1.ebuild,v 1.2 2007/07/15 03:01:24 mr_bones_ Exp $

inherit linux-mod toolchain-funcs eutils

DESCRIPTION="AIRT(Advanced incident response tool) is a set of incident response assistant tools on linux platform."
HOMEPAGE="http://159.226.5.93/projects/airt.htm"
SRC_URI="http://159.226.5.93/projects/${P}.tar.bz2"

LICENSE="GPL-2"
KEYWORDS="~x86 -*"
IUSE=""
S=${WORKDIR}/${PN}
DEPEND="virtual/libc"

MODULE_NAMES="sock_hunter(:) process_hunter(:) mod_hunter(:) modumper(:${S}/mod_dumper)"
BUILD_PARAMS="KDIR=${KERNEL_DIR}"
BUILD_TARGETS="default"

src_unpack() {
unpack ${A}
epatch ${FILESDIR}/${P}-kernelupdate.patch
epatch ${FILESDIR}/${P}-dismod.patch
sed -i -e "s|^CC.*|CC = $(tc-getCC) ${CFLAGS}|" -e "s/modumper:/default:/" \
${S}/mod_dumper/Makefile
}

src_compile() {
linux-mod_src_compile
emake -C mod_dumper dismod || die
}

src_install() {
linux-mod_src_install
dosbin mod_dumper/dismod
dosbin mod_dumper/dismod.pl
dodoc CHANGELOG.txt README.txt TODO
}

airt-0.4.ebuild

# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/app-forensics/airt/airt-0.4.ebuild,v 1.3 2007/07/15 03:01:24 mr_bones_ Exp $

inherit linux-mod toolchain-funcs

DESCRIPTION="AIRT(Advanced incident response tool) is a set of incident response assistant tools on linux platform."
HOMEPAGE="http://159.226.5.93/projects/airt.htm"
SRC_URI="http://159.226.5.93/projects/${P}.tar.bz2"

LICENSE="GPL-2"
KEYWORDS="x86 -*"
IUSE=""
S=${WORKDIR}/${PN}
DEPEND="virtual/libc"

MODULE_NAMES="sock_hunter(:) process_hunter(:) mod_hunter(:) modumper(:${S}/mod_dumper)"
BUILD_PARAMS="KDIR=${KERNEL_DIR}"
BUILD_TARGETS="default"

src_unpack() {
unpack ${A}
sed -i -e "s|^CC.*|CC = $(tc-getCC) ${CFLAGS}|" -e "s/modumper:/default:/" \
${S}/mod_dumper/Makefile
}

src_compile() {
linux-mod_src_compile
emake -C mod_dumper dismod || die
}

src_install() {
linux-mod_src_install
dosbin mod_dumper/dismod
dosbin mod_dumper/dismod.pl
dodoc CHANGELOG CHANGELOG.txt README.txt TODO
}

files

metadata.xml




forensics

forensics@gentoo.org
Forensics Herd


AIRT(Advanced incident response tool) is a set of incident response assistant tools on linux platform. It's useful when you want
to know what evil kernel backdoor is still resident on your broken system and what the hell it is.

It is not as same as kstat which can be fooled simply by modifying the sys_write syscall. AIRT searches the kernel backdoors from
underlying system memory by a customed algorithm.