adore rootkit

modules/utilities/unix/compromised/adore_rootkit_static/adore_rootkit_static.pp

@@ -0,0 +1 @@
+include adore_rootkit_static::install

modules/utilities/unix/compromised/adore_rootkit_static/manifests/install.pp

@@ -0,0 +1,27 @@
+class adore_rootkit_static::install {
+
+  # TODO: rootkit configuration
+  # $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+  # $hidden_ports = join($secgen_parameters['hidden_ports'], "\|")
+  # $hidden_strings = join($secgen_parameters['hidden_strings'], "\|")
+
+  file { '/bin/ls':
+    source => 'puppet:///modules/adore_rootkit_static/ls',
+    mode   => '0755',
+    owner => 'root',
+    group => 'root',
+  }
+  file { '/bin/netstat':
+    source => 'puppet:///modules/adore_rootkit_static/netstat',
+    mode   => '0755',
+    owner => 'root',
+    group => 'root',
+  }
+  file { '/bin/ps':
+    source => 'puppet:///modules/adore_rootkit_static/ps',
+    mode   => '0755',
+    owner => 'root',
+    group => 'root',
+  }
+
+}

modules/utilities/unix/compromised/adore_rootkit_static/secgen_metadata.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+
+<utility xmlns="http://www.github/cliffe/SecGen/utility"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://www.github/cliffe/SecGen/utility">
+  <name>Adore rootkit</name>
+  <author>Z. Cliffe Schreuders</author>
+  <module_license>MIT</module_license>
+  <description>Some static rootkit binaries from the Adore rootkit. (Not compiled by SecGen.)
+  </description>
+
+  <type>userspace_rootkit</type>
+  <platform>linux</platform>
+
+  <!-- TODO: install Adore with configuration -->
+
+  <!-- <read_fact>hidden_ports</read_fact>
+  <read_fact>hidden_strings</read_fact>
+
+  <default_input into="hidden_ports">
+    <value>4444</value>
+    <value>12345</value>
+  </default_input>
+  <default_input into="hidden_strings">
+    <value>hideme</value>
+    <value>hme</value>
+  </default_input> -->
+
+</utility>