[rkhunter] Add /dev/.mount to ALLOW_HIDDENDIR - bug #697599
Kevin Fenzi
kevin at fedoraproject.org
Thu Apr 21 21:49:53 UTC 2011
commit 2a753b3b8d26c639985fd2918b34f7888125a08c
Author: Kevin Fenzi <kevin at tummy.com>
Date: Thu Apr 21 15:49:36 2011 -0600
Add /dev/.mount to ALLOW_HIDDENDIR - bug #697599
rkhunter-1.3.8-fedoraconfig.patch | 13 +++++++------
rkhunter.spec | 5 ++++-
2 files changed, 11 insertions(+), 7 deletions(-)
---
diff --git a/rkhunter-1.3.8-fedoraconfig.patch b/rkhunter-1.3.8-fedoraconfig.patch
index a7728f8..059db09 100644
--- a/rkhunter-1.3.8-fedoraconfig.patch
+++ b/rkhunter-1.3.8-fedoraconfig.patch
@@ -1,6 +1,6 @@
diff -Nur rkhunter-1.3.8.orig/files/rkhunter.conf rkhunter-1.3.8/files/rkhunter.conf
--- rkhunter-1.3.8.orig/files/rkhunter.conf 2010-11-13 13:25:22.000000000 -0700
-+++ rkhunter-1.3.8/files/rkhunter.conf 2011-04-13 13:58:11.190895105 -0600
++++ rkhunter-1.3.8/files/rkhunter.conf 2011-04-21 15:45:15.705280977 -0600
@@ -94,16 +94,19 @@
# sure that the directory permissions are tight.
#
@@ -85,7 +85,7 @@ diff -Nur rkhunter-1.3.8.orig/files/rkhunter.conf rkhunter-1.3.8/files/rkhunter.
#
# Allow the specified commands to have the immutable attribute set.
-@@ -495,6 +505,14 @@
+@@ -495,6 +505,15 @@
#ALLOWHIDDENDIR="/dev/.initramfs"
#ALLOWHIDDENDIR="/dev/.SRC-unix"
#ALLOWHIDDENDIR="/dev/.mdadm"
@@ -97,10 +97,11 @@ diff -Nur rkhunter-1.3.8.orig/files/rkhunter.conf rkhunter-1.3.8/files/rkhunter.
+ALLOWHIDDENDIR=/dev/.SRC-unix
+ALLOWHIDDENDIR=/dev/.mdadm
+ALLOWHIDDENDIR=/dev/.systemd
++ALLOWHIDDENDIR=/dev/.mount
#
# Allow the specified hidden files to be whitelisted.
-@@ -519,6 +537,25 @@
+@@ -519,6 +538,25 @@
#ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha384hmac.hmac"
#ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha512hmac.hmac"
#ALLOWHIDDENFILE="/usr/sbin/.sshd.hmac"
@@ -126,7 +127,7 @@ diff -Nur rkhunter-1.3.8.orig/files/rkhunter.conf rkhunter-1.3.8/files/rkhunter.
#
# Allow the specified processes to use deleted files. The
-@@ -583,6 +620,8 @@
+@@ -583,6 +621,8 @@
#
#ALLOWDEVFILE="/dev/shm/pulse-shm-*"
#ALLOWDEVFILE="/dev/shm/sem.ADBE_*"
@@ -135,7 +136,7 @@ diff -Nur rkhunter-1.3.8.orig/files/rkhunter.conf rkhunter-1.3.8/files/rkhunter.
#
# This setting tells rkhunter where the inetd configuration
-@@ -721,6 +760,7 @@
+@@ -721,6 +761,7 @@
# The option may be specified more than once.
#
#SUSPSCAN_DIRS="/tmp /var/tmp"
@@ -143,7 +144,7 @@ diff -Nur rkhunter-1.3.8.orig/files/rkhunter.conf rkhunter-1.3.8/files/rkhunter.
#
# Directory for temporary files. A memory-based one is better (faster).
-@@ -976,3 +1016,5 @@
+@@ -976,3 +1017,5 @@
# both programs, then disable the 'hidden_procs' test.
#
#DISABLE_UNHIDE=0
diff --git a/rkhunter.spec b/rkhunter.spec
index c901375..a50dc15 100644
--- a/rkhunter.spec
+++ b/rkhunter.spec
@@ -1,6 +1,6 @@
Name: rkhunter
Version: 1.3.8
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: A host-based tool to scan for rootkits, backdoors and local exploits
Group: Applications/System
@@ -93,6 +93,9 @@ EOF
%{_mandir}/man8/*
%changelog
+* Thu Apr 21 2011 Kevin Fenzi <kevin at scrye.com> - 1.3.8-5
+- Add /dev/.mount to ALLOW_HIDDENDIR - bug #697599
+
* Wed Apr 13 2011 Kevin Fenzi <kevin at scrye.com> - 1.3.8-4
- Don't send warning emails anymore. They cause selinux issues and are not very helpful.
- Fixes bug #660544
More information about the scm-commits
mailing list