[rkhunter] Add /dev/.mount to ALLOW_HIDDENDIR - bug #697599

Kevin Fenzi kevin at fedoraproject.org
Thu Apr 21 21:49:53 UTC 2011 

commit 2a753b3b8d26c639985fd2918b34f7888125a08c
Author: Kevin Fenzi <kevin at tummy.com>
Date:   Thu Apr 21 15:49:36 2011 -0600

    Add /dev/.mount to ALLOW_HIDDENDIR - bug #697599

 rkhunter-1.3.8-fedoraconfig.patch |   13 +++++++------
 rkhunter.spec                     |    5 ++++-
 2 files changed, 11 insertions(+), 7 deletions(-)
---
diff --git a/rkhunter-1.3.8-fedoraconfig.patch b/rkhunter-1.3.8-fedoraconfig.patch
index a7728f8..059db09 100644
--- a/rkhunter-1.3.8-fedoraconfig.patch
+++ b/rkhunter-1.3.8-fedoraconfig.patch
@@ -1,6 +1,6 @@
 diff -Nur rkhunter-1.3.8.orig/files/rkhunter.conf rkhunter-1.3.8/files/rkhunter.conf
 --- rkhunter-1.3.8.orig/files/rkhunter.conf	2010-11-13 13:25:22.000000000 -0700
-+++ rkhunter-1.3.8/files/rkhunter.conf	2011-04-13 13:58:11.190895105 -0600
++++ rkhunter-1.3.8/files/rkhunter.conf	2011-04-21 15:45:15.705280977 -0600
 @@ -94,16 +94,19 @@
  # sure that the directory permissions are tight.
  #
@@ -85,7 +85,7 @@ diff -Nur rkhunter-1.3.8.orig/files/rkhunter.conf rkhunter-1.3.8/files/rkhunter.
  
  #
  # Allow the specified commands to have the immutable attribute set.
-@@ -495,6 +505,14 @@
+@@ -495,6 +505,15 @@
  #ALLOWHIDDENDIR="/dev/.initramfs"
  #ALLOWHIDDENDIR="/dev/.SRC-unix"
  #ALLOWHIDDENDIR="/dev/.mdadm"
@@ -97,10 +97,11 @@ diff -Nur rkhunter-1.3.8.orig/files/rkhunter.conf rkhunter-1.3.8/files/rkhunter.
 +ALLOWHIDDENDIR=/dev/.SRC-unix
 +ALLOWHIDDENDIR=/dev/.mdadm
 +ALLOWHIDDENDIR=/dev/.systemd
++ALLOWHIDDENDIR=/dev/.mount
  
  #
  # Allow the specified hidden files to be whitelisted.
-@@ -519,6 +537,25 @@
+@@ -519,6 +538,25 @@
  #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha384hmac.hmac"
  #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha512hmac.hmac"
  #ALLOWHIDDENFILE="/usr/sbin/.sshd.hmac"
@@ -126,7 +127,7 @@ diff -Nur rkhunter-1.3.8.orig/files/rkhunter.conf rkhunter-1.3.8/files/rkhunter.
  
  #
  # Allow the specified processes to use deleted files. The
-@@ -583,6 +620,8 @@
+@@ -583,6 +621,8 @@
  #
  #ALLOWDEVFILE="/dev/shm/pulse-shm-*"
  #ALLOWDEVFILE="/dev/shm/sem.ADBE_*"
@@ -135,7 +136,7 @@ diff -Nur rkhunter-1.3.8.orig/files/rkhunter.conf rkhunter-1.3.8/files/rkhunter.
  
  #
  # This setting tells rkhunter where the inetd configuration
-@@ -721,6 +760,7 @@
+@@ -721,6 +761,7 @@
  # The option may be specified more than once.
  #
  #SUSPSCAN_DIRS="/tmp /var/tmp"
@@ -143,7 +144,7 @@ diff -Nur rkhunter-1.3.8.orig/files/rkhunter.conf rkhunter-1.3.8/files/rkhunter.
  
  #
  # Directory for temporary files. A memory-based one is better (faster).
-@@ -976,3 +1016,5 @@
+@@ -976,3 +1017,5 @@
  # both programs, then disable the 'hidden_procs' test.
  #
  #DISABLE_UNHIDE=0
diff --git a/rkhunter.spec b/rkhunter.spec
index c901375..a50dc15 100644
--- a/rkhunter.spec
+++ b/rkhunter.spec
@@ -1,6 +1,6 @@
 Name:           rkhunter
 Version:        1.3.8
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        A host-based tool to scan for rootkits, backdoors and local exploits
 
 Group:          Applications/System
@@ -93,6 +93,9 @@ EOF
 %{_mandir}/man8/*
 
 %changelog
+* Thu Apr 21 2011 Kevin Fenzi <kevin at scrye.com> - 1.3.8-5
+- Add /dev/.mount to ALLOW_HIDDENDIR - bug #697599
+
 * Wed Apr 13 2011 Kevin Fenzi <kevin at scrye.com> - 1.3.8-4
 - Don't send warning emails anymore. They cause selinux issues and are not very helpful.
 - Fixes bug #660544

More information about the scm-commits mailing list