|
[-]
[+]
|
Changed |
rkhunter.spec
|
|
|
|
[-]
[+]
|
Added |
rkhunter-1.3.6-installer.patch
^
|
| @@ -0,0 +1,11 @@
+--- installer.sh.orig 2009-11-28 00:02:57.000000000 +0100
++++ installer.sh 2009-11-29 16:56:59.000000000 +0100
+@@ -155,7 +155,7 @@
+ ;;
+ RPM)
+ if [ -n "${RPM_BUILD_ROOT}" ]; then
+- PREFIX="${RPM_BUILD_ROOT}/usr/local"
++ PREFIX="${RPM_BUILD_ROOT}/usr"
+ else
+ echo "RPM installation chosen but \$RPM_BUILD_ROOT variable not found: exiting."
+ exit 1
|
|
[-]
[+]
|
Added |
rkhunter-config-1.3.6.patch
^
|
| @@ -0,0 +1,113 @@
+--- rkhunter-1.3.6.orig/files/rkhunter.conf 2009-11-28 23:13:19.000000000 +0100
++++ rkhunter-1.3.6/files/rkhunter.conf 2010-04-22 10:29:12.878085047 +0200
+@@ -71,7 +71,7 @@
+ # NOTE: This option should be present in the configuration file.
+ #
+ #MAIL-ON-WARNING=me@mydomain root@mydomain
+-MAIL-ON-WARNING=""
++MAIL-ON-WARNING=root@localhost
+
+ #
+ # Specify the mail command to use if MAIL-ON-WARNING is set.
+@@ -196,7 +196,7 @@
+ # file, then a value here of 'yes' or 'unset' will not cause a warning.
+ # This option has a default value of 'no'.
+ #
+-ALLOW_SSH_ROOT_USER=no
++ALLOW_SSH_ROOT_USER=yes
+
+ #
+ # Set this option to '1' to allow the use of the SSH-1 protocol, but note
+@@ -299,7 +299,7 @@
+ #
+ # Whenever this option is changed 'rkhunter --propupd' must be run.
+ #
+-#PKGMGR=NONE
++PKGMGR=RPM
+
+ #
+ # It is possible that a file which is part of a package may be modified
+@@ -392,10 +392,12 @@
+ # Allow the specified commands to be scripts.
+ # One command per line (use multiple SCRIPTWHITELIST lines).
+ #
+-#SCRIPTWHITELIST=/sbin/ifup
+-#SCRIPTWHITELIST=/sbin/ifdown
+-#SCRIPTWHITELIST=/usr/bin/groups
+-
++SCRIPTWHITELIST=/sbin/ifup
++SCRIPTWHITELIST=/sbin/ifdown
++SCRIPTWHITELIST=/usr/bin/groups
++SCRIPTWHITELIST=/usr/bin/whatis
++SCRIPTWHITELIST=/usr/bin/ldd
++SCRIPTWHITELIST=/usr/bin/GET
+ #
+ # Allow the specified commands to have the immutable attribute set.
+ # One command per line (use multiple IMMUTWHITELIST lines).
+@@ -406,11 +408,11 @@
+ # Allow the specified hidden directories.
+ # One directory per line (use multiple ALLOWHIDDENDIR lines).
+ #
+-#ALLOWHIDDENDIR=/etc/.java
+-#ALLOWHIDDENDIR=/dev/.udev
++ALLOWHIDDENDIR=/etc/.java
++ALLOWHIDDENDIR=/dev/.udev
+ #ALLOWHIDDENDIR=/dev/.udevdb
+ #ALLOWHIDDENDIR=/dev/.udev.tdb
+-#ALLOWHIDDENDIR=/dev/.static
++ALLOWHIDDENDIR=/dev/.static
+ #ALLOWHIDDENDIR=/dev/.initramfs
+ #ALLOWHIDDENDIR=/dev/.SRC-unix
+ #ALLOWHIDDENDIR=/dev/.mdadm
+@@ -420,15 +422,15 @@
+ # One file per line (use multiple ALLOWHIDDENFILE lines).
+ #
+ #ALLOWHIDDENFILE=/etc/.java
+-#ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
+-#ALLOWHIDDENFILE=/etc/.pwd.lock
++ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
++ALLOWHIDDENFILE=/etc/.pwd.lock
+ #ALLOWHIDDENFILE=/etc/.init.state
+ #ALLOWHIDDENFILE=/lib/.libcrypto.so.0.9.8e.hmac
+ #ALLOWHIDDENFILE=/lib/.libcrypto.so.6.hmac
+ #ALLOWHIDDENFILE=/lib/.libssl.so.0.9.8e.hmac
+ #ALLOWHIDDENFILE=/lib/.libssl.so.6.hmac
+-#ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac
+-#ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
++ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac
++ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
+ #ALLOWHIDDENFILE=/usr/lib/.libfipscheck.so.1.1.0.hmac
+ #ALLOWHIDDENFILE=/usr/lib/.libfipscheck.so.1.hmac
+ #ALLOWHIDDENFILE=/usr/lib/.libgcrypt.so.11.hmac
+@@ -436,7 +438,7 @@
+ #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha256hmac.hmac
+ #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha384hmac.hmac
+ #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha512hmac.hmac
+-#ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
++ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
+
+ #
+ # Allow the specified processes to use deleted files.
+@@ -546,7 +548,12 @@
+ # Only one service (file) per line (use multiple XINETD_ALLOWED_SVC lines).
+ #
+ #XINETD_ALLOWED_SVC=/etc/xinetd.d/echo
+-
++XINETD_ALLOWED_SVC=/etc/xinetd.d/ftp_psa
++XINETD_ALLOWED_SVC=/etc/xinetd.d/smtp_psa
++XINETD_ALLOWED_SVC=/etc/xinetd.d/smtps_psa
++XINETD_ALLOWED_SVC=/etc/xinetd.d/poppassd_psa
++XINETD_ALLOWED_SVC=/etc/xinetd.d/submission_psa
++XINETD_ALLOWED_SVC=/etc/xinetd.d/nrpe
+ #
+ # This option tells rkhunter the local system startup file pathnames.
+ # It is a space-separated list of files and directories. The directories
+@@ -605,7 +612,7 @@
+ #
+ # Note above that for the Apache web server, the name 'httpd' is used.
+ #
+-#APP_WHITELIST=""
++APP_WHITELIST="httpd apache2 named proftpd openssl php php5 sshd"
+
+ #
+ # Scan for suspicious files in directories containing temporary files and
|
|
|
Added |
rkhunter-1.3.6.tar.bz2
^
|
|
[-]
[+]
|
Added |
rkhunter.spec.old
^
|
| @@ -0,0 +1,170 @@
+#
+# spec file for package rkhunter (Version 1.3.6)
+#
+# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# This file and all modifications and additions to the pristine
+# package are under the same license as the package itself.
+#
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+# norootforbuild
+# usedforbuild aaa_base acl attr audit-libs autoconf automake bash bind-libs bind-utils binutils bison bzip2 coreutils cpio cpp cpp41 cracklib cvs cyrus-sasl db diffutils e2fsprogs file filesystem fillup findutils flex gawk gcc gcc41 gdbm gdbm-devel gettext gettext-devel glibc glibc-devel glibc-locale gpm grep groff gzip info insserv klogd less libacl libattr libcom_err libgcc41 libltdl libmudflap41 libnscd libstdc++41 libtool libvolume_id libxcrypt libzio linux-kernel-headers m4 make man mktemp module-init-tools ncurses ncurses-devel net-tools netcfg openldap2-client openssl pam pam-modules patch perl permissions popt procinfo procps psmisc pwdutils rcs readline rpm sed strace sysvinit tar tcpd texinfo timezone unzip util-linux vim zlib zlib-devel
+
+Name: rkhunter
+URL: http://www.rootkit.nl/
+License: GNU General Public License (GPL)
+Group: System/Monitoring
+Autoreqprov: on
+Summary: Rootkit Scans for Rootkits, Backdoors, and Local Exploits
+Version: 1.3.6
+Release: 1
+Source0: http://downloads.rootkit.nl/%{name}-%{version}.tar.bz2
+# Got via rkhunter --update, then packed from /var/lib/rkhunter/
+Source1: newdb.tar.bz2
+Patch0: rkhunter-10.0.patch
+Requires: coreutils wget
+BuildArch: noarch
+BuildRoot: %{_tmppath}/%{name}-%{version}-build
+
+%description
+Rootkit scanner is scanning tool that can give you 99.9% certainty that
+your system is clean of nasty tools. This tool scans for rootkits,
+backdoors, and local exploits by running tests like:
+
+- Comparing MD5 hashes
+
+- Looking for default files used by rootkits
+
+- Checking for wrong file permissions for binaries
+
+- Looking for suspected strings in LKM and KLD modules
+
+- Looking for hidden files
+
+- Optionally scanning within plain text and binary files
+
+- Checking software versions
+
+- Testing applications
+
+
+
+Authors:
+--------
+ Michael Boelen <michael@rootkit.nl>
+
+%debug_package
+%prep
+%setup -q
+# -n %{name}
+# updated database
+tar xf %{SOURCE1}
+mv db/* files
+#%patch0 -p1
+
+%build
+sed -e 's/\${MYDIR}\/lib/\/usr\/share/;' files/rkhunter >files/rkhunter.new
+mv files/rkhunter.new files/rkhunter
+
+%install
+# Well... This could be a bit smaller if the install
+# script was able to handle DSTDIR for example...
+%{__mkdir} -p ${RPM_BUILD_ROOT}%{_bindir}
+%{__mkdir} -p ${RPM_BUILD_ROOT}%{_sysconfdir}
+%{__mkdir} -p ${RPM_BUILD_ROOT}/usr/share
+%{__mkdir} -p ${RPM_BUILD_ROOT}/usr/share/rkhunter/scripts
+%{__mkdir} -p ${RPM_BUILD_ROOT}%{_docdir}/rkhunter-%{version}
+%{__mkdir} -p ${RPM_BUILD_ROOT}%{_mandir}/man8
+%{__mkdir} -p ${RPM_BUILD_ROOT}%{_var}/lib/rkhunter/{db,tmp}
+%{__chmod} ug+rwx,o-rwx ${RPM_BUILD_ROOT}%{_var}/lib/rkhunter/tmp
+%{__install} -m750 -p files/rkhunter ${RPM_BUILD_ROOT}%{_bindir}/
+%{__install} -m640 -p files/backdoorports.dat ${RPM_BUILD_ROOT}%{_var}/lib/rkhunter/db/
+%{__install} -m640 -p files/defaulthashes.dat ${RPM_BUILD_ROOT}%{_var}/lib/rkhunter/db/
+%{__install} -m640 -p files/mirrors.dat ${RPM_BUILD_ROOT}%{_var}/lib/rkhunter/db/
+%{__install} -m640 -p files/os.dat ${RPM_BUILD_ROOT}%{_var}/lib/rkhunter/db/
+%{__install} -m640 -p files/md5blacklist.dat ${RPM_BUILD_ROOT}%{_var}/lib/rkhunter/db/
+%{__install} -m640 -p files/programs_bad.dat ${RPM_BUILD_ROOT}%{_var}/lib/rkhunter/db/
+%{__install} -m640 -p files/programs_good.dat ${RPM_BUILD_ROOT}%{_var}/lib/rkhunter/db/
+%{__install} -m644 -p files/CHANGELOG ${RPM_BUILD_ROOT}%{_docdir}/rkhunter-%{version}/
+%{__install} -m644 -p files/LICENSE ${RPM_BUILD_ROOT}%{_docdir}/rkhunter-%{version}/
+%{__install} -m644 -p files/README ${RPM_BUILD_ROOT}%{_docdir}/rkhunter-%{version}/
+%{__install} -m644 -p files/WISHLIST ${RPM_BUILD_ROOT}%{_docdir}/rkhunter-%{version}/
+%{__install} -m644 -p files/development/*.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
+%{__install} -m750 -p files/check_modules.pl ${RPM_BUILD_ROOT}/usr/share/rkhunter/scripts/
+%{__install} -m750 -p files/check_port.pl ${RPM_BUILD_ROOT}/usr/share/rkhunter/scripts/
+%{__install} -m750 -p files/filehashmd5.pl ${RPM_BUILD_ROOT}/usr/share/rkhunter/scripts/
+%{__install} -m750 -p files/filehashsha1.pl ${RPM_BUILD_ROOT}/usr/share/rkhunter/scripts/
+%{__install} -m750 -p files/showfiles.pl ${RPM_BUILD_ROOT}/usr/share/rkhunter/scripts/
+%{__install} -m750 -p files/check_update.sh ${RPM_BUILD_ROOT}/usr/share/rkhunter/scripts/
+# (cjo) Put installation root in configuration file, then copy the rest
+# of the file from the original.
+cat > ${RPM_BUILD_ROOT}%{_sysconfdir}/rkhunter.conf << EOF
+## Next three lines installed automatically by RPM. Do not change
+## unless you know what you're doing...
+INSTALLDIR=%{_prefix}
+DBDIR=%{_var}/lib/rkhunter/db
+TMPDIR=%{_var}/lib/rkhunter/tmp
+EOF
+cat files/rkhunter.conf >> ${RPM_BUILD_ROOT}%{_sysconfdir}/rkhunter.conf
+%{__chmod} 640 ${RPM_BUILD_ROOT}%{_sysconfdir}/rkhunter.conf
+# Only root should use rkhunter (at least for now)
+%{__chmod} o-rwx -R ${RPM_BUILD_ROOT}/usr/share/rkhunter
+%{__chmod} o-rwx -R ${RPM_BUILD_ROOT}%{_var}/lib/rkhunter/db
+# make a cron.daily file to mail us the reports
+%{__mkdir} -p "${RPM_BUILD_ROOT}/%{_sysconfdir}/cron.daily"
+%{__cat} > "${RPM_BUILD_ROOT}/%{_sysconfdir}/cron.daily/suse.de-rkhunter" <<EOF
+#!/bin/sh
+%{_bindir}/rkhunter --quiet --cronjob
+EOF
+%{__chmod} a+rwx,g-w,o-w ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/suse.de-rkhunter
+
+%clean
+[ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] \
+ && rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(-,root,root,-)
+%{_bindir}/rkhunter
+%dir /usr/share/rkhunter
+%doc %{_docdir}/rkhunter-%{version}
+%{_mandir}/man8/*
+/usr/share/rkhunter/scripts
+%dir %{_var}/lib/rkhunter
+%dir %{_var}/lib/rkhunter/tmp
+%{_var}/lib/rkhunter/db
+%config(noreplace) %verify(not mtime) %{_sysconfdir}/rkhunter.conf
+%attr(755,root,root) %{_sysconfdir}/cron.daily/suse.de-rkhunter
+
+%changelog -n rkhunter
+* Wed Nov 22 2006 - meissner@suse.de
+- use correct string for i586. #223221
+* Thu Nov 16 2006 - meissner@suse.de
+- Detect openSUSE as product correctly. #216053
+- renamed cron script to have "suse.de-" prefix.
+* Tue Nov 07 2006 - meissner@suse.de
+- Include the current database from upstream. #216053
+- daily cron script to mode 755
+* Wed Jul 19 2006 - meissner@suse.de
+- New version 1.2.8
+ - some hashes and version updated
+ - small fixes
+- Added SUSE Linux 10 hashes
+* Thu Mar 23 2006 - meissner@suse.de
+- detect 10.1. #148471
+* Wed Jan 25 2006 - mls@suse.de
+- converted neededforbuild to BuildRequires
+* Thu Dec 01 2005 - meissner@suse.de
+- Order ALLOW* directives in the right section.
+- Do not |mail in a cronjob, just let cron do it for itself.
+- Quiet down output so it usually should not mail.
+- Enable MAIL_ON_WARNING, send mail to root. #132683
+* Wed Sep 07 2005 - meissner@suse.de
+- ignore /etc/.pwd.lock, /etc/.java too. #115128
+* Thu Aug 18 2005 - meissner@suse.de
+- recognize 10.0, ignore /dev/.udevdb/.
+* Fri Aug 12 2005 - meissner@suse.de
+- Use /usr/share/rkhunter instead of /usr/%%_lib/rkhunter.
+- Fixed some other problems.
+* Mon Jul 11 2005 - meissner@suse.de
+- Initial import of rkhunter 1.2.7.
|
