[rkhunter] Fix /bin/ad false positive. Fixes bug #831989

Kevin Fenzi kevin at fedoraproject.org
Wed Aug 15 19:58:29 UTC 2012 

commit bdce6211641870c688e210c0a7ed4ca2d1dbe4a3
Author: Kevin Fenzi <kevin at scrye.com>
Date:   Wed Aug 15 13:57:33 2012 -0600

    Fix /bin/ad false positive. Fixes bug #831989

 rkhunter-1.4.0-fedoraconfig.patch |   32 ++++++++++++++++++++++++--------
 rkhunter.spec                     |    5 ++++-
 2 files changed, 28 insertions(+), 9 deletions(-)
---
diff --git a/rkhunter-1.4.0-fedoraconfig.patch b/rkhunter-1.4.0-fedoraconfig.patch
index c9e1db4..c806ca4 100644
--- a/rkhunter-1.4.0-fedoraconfig.patch
+++ b/rkhunter-1.4.0-fedoraconfig.patch
@@ -1,6 +1,6 @@
 diff -Nur rkhunter-1.4.0.orig/files/rkhunter.conf rkhunter-1.4.0/files/rkhunter.conf
 --- rkhunter-1.4.0.orig/files/rkhunter.conf	2011-12-17 14:36:02.000000000 -0700
-+++ rkhunter-1.4.0/files/rkhunter.conf	2012-05-08 06:47:26.140460511 -0600
++++ rkhunter-1.4.0/files/rkhunter.conf	2012-08-15 13:21:16.431852436 -0600
 @@ -100,16 +100,19 @@
  # sure that the directory permissions are tight.
  #
@@ -82,7 +82,15 @@ diff -Nur rkhunter-1.4.0.orig/files/rkhunter.conf rkhunter-1.4.0/files/rkhunter.
  
  #
  # It is possible that a file which is part of a package may be modified
-@@ -468,6 +471,12 @@
+@@ -433,6 +436,7 @@
+ # for each new file, and rkhunter will report this.
+ #
+ #EXISTWHITELIST=""
++EXITWHITELIST=/bin/ad
+ 
+ #
+ # Whitelist various attributes of the specified files.
+@@ -468,6 +472,12 @@
  #
  #SCRIPTWHITELIST="/sbin/ifup /sbin/ifdown"
  #SCRIPTWHITELIST="/usr/bin/groups"
@@ -95,7 +103,7 @@ diff -Nur rkhunter-1.4.0.orig/files/rkhunter.conf rkhunter-1.4.0/files/rkhunter.
  
  #
  # Allow the specified commands to have the immutable attribute set.
-@@ -491,12 +500,24 @@
+@@ -491,12 +501,24 @@
  # The option may be specified more than once. The option
  # may use wildcard characters.
  #
@@ -121,7 +129,7 @@ diff -Nur rkhunter-1.4.0.orig/files/rkhunter.conf rkhunter-1.4.0/files/rkhunter.
  
  #
  # Allow the specified hidden files to be whitelisted.
-@@ -506,7 +527,7 @@
+@@ -506,7 +528,7 @@
  # characters.
  # 
  #ALLOWHIDDENFILE="/etc/.java"
@@ -130,7 +138,7 @@ diff -Nur rkhunter-1.4.0.orig/files/rkhunter.conf rkhunter-1.4.0/files/rkhunter.
  #ALLOWHIDDENFILE="/etc/.pwd.lock"
  #ALLOWHIDDENFILE="/etc/.init.state"
  #ALLOWHIDDENFILE="/lib/.libcrypto.so.0.9.8e.hmac /lib/.libcrypto.so.6.hmac"
-@@ -521,6 +542,29 @@
+@@ -521,6 +543,29 @@
  #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha384hmac.hmac"
  #ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha512hmac.hmac"
  #ALLOWHIDDENFILE="/usr/sbin/.sshd.hmac"
@@ -160,7 +168,7 @@ diff -Nur rkhunter-1.4.0.orig/files/rkhunter.conf rkhunter-1.4.0/files/rkhunter.
  
  #
  # Allow the specified processes to use deleted files. The
-@@ -586,6 +630,14 @@
+@@ -586,6 +631,14 @@
  #
  #ALLOWDEVFILE="/dev/shm/pulse-shm-*"
  #ALLOWDEVFILE="/dev/shm/sem.ADBE_*"
@@ -175,7 +183,7 @@ diff -Nur rkhunter-1.4.0.orig/files/rkhunter.conf rkhunter-1.4.0/files/rkhunter.
  
  #
  # This setting tells rkhunter where the inetd configuration
-@@ -724,6 +776,7 @@
+@@ -724,6 +777,7 @@
  # The option may be specified more than once.
  #
  #SUSPSCAN_DIRS="/tmp /var/tmp"
@@ -183,7 +191,15 @@ diff -Nur rkhunter-1.4.0.orig/files/rkhunter.conf rkhunter-1.4.0/files/rkhunter.
  
  #
  # Directory for temporary files. A memory-based one is better (faster).
-@@ -980,3 +1033,5 @@
+@@ -822,6 +876,7 @@
+ #
+ #RTKT_DIR_WHITELIST=""
+ #RTKT_FILE_WHITELIST=""
++RTKT_FILE_WHITELIST=/bin/ad
+ 
+ #
+ # The following option can be used to whitelist shared library files that would
+@@ -980,3 +1035,5 @@
  # both programs, then disable the 'hidden_procs' test.
  #
  #DISABLE_UNHIDE=0
diff --git a/rkhunter.spec b/rkhunter.spec
index 977ce3c..0dc375a 100644
--- a/rkhunter.spec
+++ b/rkhunter.spec
@@ -1,6 +1,6 @@
 Name:           rkhunter
 Version:        1.4.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        A host-based tool to scan for rootkits, backdoors and local exploits
 
 Group:          Applications/System
@@ -95,6 +95,9 @@ EOF
 %{_mandir}/man8/*
 
 %changelog
+* Wed Aug 15 2012 Kevin Fenzi <kevin at scrye.com> 1.4.0-3
+- Fix /bin/ad false positive. Fixes bug #831989
+
 * Sat Jul 21 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

More information about the scm-commits mailing list