Changes of Revision 23
| [-] | Changed | rkhunter.spec |
|
x 1 2 Group: System/Monitoring3 Autoreqprov: on4 Summary: Rootkit Scans for Rootkits, Backdoors, and Local Exploits5 -Version: 1.3.66 -Release: 47 +Version: 1.3.88 +Release: 19 Source0: http://downloads.rootkit.nl/%{realname}-%{version}.tar.bz210 #Patch0: %{realname}-10.0_os.dat.patch11 Patch1: %{realname}-config-%{version}.patch12 13 %attr(755,root,root) %{_sysconfdir}/cron.daily/ix-rkhunter14 15 %changelog -n rkhunter16 +* Sun Dec 26 2010 Carsten Schoene <cs@linux-administrator.com> - 1.3.8-117 +- new upstream release 1.3.818 +- reworked all patches for new version19 +20 * Mon Dec 20 2010 Carsten Schoene <cs@linux-administrator.com> - 1.3.6-421 - updated script whitelist with files for ksplice22 23 |
||
| [+] | Added | rkhunter-1.3.8-installer.patch ^ |
| @@ -0,0 +1,14 @@ +--- installer.sh.orig 2010-11-16 22:34:48.000000000 +0100 ++++ installer.sh 2010-12-26 16:07:14.588360614 +0100 +@@ -163,9 +163,9 @@ + if [ -n "${RPM_BUILD_ROOT}" ]; then + if [ "${RPM_BUILD_ROOT}" = "/" ]; then + RPM_USING_ROOT=1 +- PREFIX="/usr/local" ++ PREFIX="/usr" + else +- PREFIX="${RPM_BUILD_ROOT}/usr/local" ++ PREFIX="${RPM_BUILD_ROOT}/usr" + fi + else + echo "RPM installation chosen but \$RPM_BUILD_ROOT variable not found. Exiting." | ||
| [+] | Added | rkhunter-config-1.3.8.patch ^ |
| @@ -0,0 +1,119 @@ +--- rkhunter-1.3.8/files/rkhunter.conf.orig 2010-11-13 21:25:22.000000000 +0100 ++++ rkhunter-1.3.8/files/rkhunter.conf 2010-12-26 16:56:46.468993681 +0100 +@@ -76,7 +76,7 @@ + # NOTE: This option should be present in the configuration file. + # + #MAIL-ON-WARNING=me@mydomain root@mydomain +-MAIL-ON-WARNING="" ++MAIL-ON-WARNING=sudreport@internetx.de + + # + # Specify the mail command to use if MAIL-ON-WARNING is set. +@@ -213,7 +213,7 @@ + # file, then a value here of 'unset' can be used to avoid warning messages. + # This option has a default value of 'no'. + # +-ALLOW_SSH_ROOT_USER=no ++ALLOW_SSH_ROOT_USER=yes + + # + # Set this option to '1' to allow the use of the SSH-1 protocol, but note +@@ -224,7 +224,7 @@ + # configuration file, then a value of '2' may be set here in order to + # suppress a warning message. This option has a default value of '0'. + # +-ALLOW_SSH_PROT_V1=0 ++ALLOW_SSH_PROT_V1=1 + + # + # This setting tells rkhunter the directory containing the SSH configuration +@@ -323,7 +323,7 @@ + # + # Whenever this option is changed 'rkhunter --propupd' must be run. + # +-#PKGMGR=NONE ++PKGMGR=RPM + + # + # It is possible that a file which is part of a package may be modified +@@ -464,9 +464,14 @@ + # be specified more than once. The option may use wildcard + # characters. + # +-#SCRIPTWHITELIST="/sbin/ifup /sbin/ifdown" +-#SCRIPTWHITELIST="/usr/bin/groups" +- ++SCRIPTWHITELIST=/sbin/ifup ++SCRIPTWHITELIST=/sbin/ifdown ++SCRIPTWHITELIST=/usr/bin/groups ++SCRIPTWHITELIST=/usr/bin/whatis ++SCRIPTWHITELIST=/usr/bin/ldd ++SCRIPTWHITELIST=/usr/bin/GET ++SCRIPTWHITELIST=/sbin/depmod.ksplice ++SCRIPTWHITELIST=/sbin/modprobe.ksplice + # + # Allow the specified commands to have the immutable attribute set. + # +@@ -489,9 +494,9 @@ + # The option may be specified more than once. The option + # may use wildcard characters. + # +-#ALLOWHIDDENDIR="/etc/.java" +-#ALLOWHIDDENDIR="/dev/.udev /dev/.udevdb /dev/.udev.tdb" +-#ALLOWHIDDENDIR="/dev/.static" ++ALLOWHIDDENDIR="/etc/.java" ++ALLOWHIDDENDIR="/dev/.udev /dev/.udevdb /dev/.udev.tdb" ++ALLOWHIDDENDIR="/dev/.static" + #ALLOWHIDDENDIR="/dev/.initramfs" + #ALLOWHIDDENDIR="/dev/.SRC-unix" + #ALLOWHIDDENDIR="/dev/.mdadm" +@@ -504,13 +509,13 @@ + # characters. + # + #ALLOWHIDDENFILE="/etc/.java" +-#ALLOWHIDDENFILE="/usr/share/man/man1/..1.gz" +-#ALLOWHIDDENFILE="/etc/.pwd.lock" ++ALLOWHIDDENFILE="/usr/share/man/man1/..1.gz" ++ALLOWHIDDENFILE="/etc/.pwd.lock" + #ALLOWHIDDENFILE="/etc/.init.state" + #ALLOWHIDDENFILE="/lib/.libcrypto.so.0.9.8e.hmac /lib/.libcrypto.so.6.hmac" + #ALLOWHIDDENFILE="/lib/.libssl.so.0.9.8e.hmac /lib/.libssl.so.6.hmac" +-#ALLOWHIDDENFILE="/usr/bin/.fipscheck.hmac" +-#ALLOWHIDDENFILE="/usr/bin/.ssh.hmac" ++ALLOWHIDDENFILE="/usr/bin/.fipscheck.hmac" ++ALLOWHIDDENFILE="/usr/bin/.ssh.hmac" + #ALLOWHIDDENFILE="/usr/lib/.libfipscheck.so.1.1.0.hmac" + #ALLOWHIDDENFILE="/usr/lib/.libfipscheck.so.1.hmac" + #ALLOWHIDDENFILE="/usr/lib/.libgcrypt.so.11.hmac" +@@ -518,7 +523,7 @@ + #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha256hmac.hmac" + #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha384hmac.hmac" + #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha512hmac.hmac" +-#ALLOWHIDDENFILE="/usr/sbin/.sshd.hmac" ++ALLOWHIDDENFILE="/usr/sbin/.sshd.hmac" + + # + # Allow the specified processes to use deleted files. The +@@ -633,7 +638,12 @@ + # be specified more than once. + # + #XINETD_ALLOWED_SVC=/etc/xinetd.d/echo +- ++XINETD_ALLOWED_SVC=/etc/xinetd.d/ftp_psa ++XINETD_ALLOWED_SVC=/etc/xinetd.d/smtp_psa ++XINETD_ALLOWED_SVC=/etc/xinetd.d/smtps_psa ++XINETD_ALLOWED_SVC=/etc/xinetd.d/poppassd_psa ++XINETD_ALLOWED_SVC=/etc/xinetd.d/submission_psa ++XINETD_ALLOWED_SVC=/etc/xinetd.d/nrpe + # + # This option tells rkhunter the local system startup file pathnames. + # The directories will be searched for files. By default rkhunter +@@ -704,7 +714,7 @@ + # + # Note above that for the Apache web server, the name 'httpd' is used. + # +-#APP_WHITELIST="" ++APP_WHITELIST="httpd:2.2.3 named proftpd openssl:0.9.8e php:5.1.6 sshd:4.3p2" + + # + # Scan for suspicious files in directories containing temporary files and | ||
| Added | rkhunter-1.3.8.tar.bz2 ^ | |