[rkhunter] Fix /bin/ad false positive. Fixes bug #831989
Kevin Fenzi
kevin at fedoraproject.org
Wed Aug 15 19:58:29 UTC 2012
commit bdce6211641870c688e210c0a7ed4ca2d1dbe4a3
Author: Kevin Fenzi <kevin at scrye.com>
Date: Wed Aug 15 13:57:33 2012 -0600
Fix /bin/ad false positive. Fixes bug #831989
rkhunter-1.4.0-fedoraconfig.patch | 32 ++++++++++++++++++++++++--------
rkhunter.spec | 5 ++++-
2 files changed, 28 insertions(+), 9 deletions(-)
---
diff --git a/rkhunter-1.4.0-fedoraconfig.patch b/rkhunter-1.4.0-fedoraconfig.patch
index c9e1db4..c806ca4 100644
--- a/rkhunter-1.4.0-fedoraconfig.patch
+++ b/rkhunter-1.4.0-fedoraconfig.patch
@@ -1,6 +1,6 @@
diff -Nur rkhunter-1.4.0.orig/files/rkhunter.conf rkhunter-1.4.0/files/rkhunter.conf
--- rkhunter-1.4.0.orig/files/rkhunter.conf 2011-12-17 14:36:02.000000000 -0700
-+++ rkhunter-1.4.0/files/rkhunter.conf 2012-05-08 06:47:26.140460511 -0600
++++ rkhunter-1.4.0/files/rkhunter.conf 2012-08-15 13:21:16.431852436 -0600
@@ -100,16 +100,19 @@
# sure that the directory permissions are tight.
#
@@ -82,7 +82,15 @@ diff -Nur rkhunter-1.4.0.orig/files/rkhunter.conf rkhunter-1.4.0/files/rkhunter.
#
# It is possible that a file which is part of a package may be modified
-@@ -468,6 +471,12 @@
+@@ -433,6 +436,7 @@
+ # for each new file, and rkhunter will report this.
+ #
+ #EXISTWHITELIST=""
++EXITWHITELIST=/bin/ad
+
+ #
+ # Whitelist various attributes of the specified files.
+@@ -468,6 +472,12 @@
#
#SCRIPTWHITELIST="/sbin/ifup /sbin/ifdown"
#SCRIPTWHITELIST="/usr/bin/groups"
@@ -95,7 +103,7 @@ diff -Nur rkhunter-1.4.0.orig/files/rkhunter.conf rkhunter-1.4.0/files/rkhunter.
#
# Allow the specified commands to have the immutable attribute set.
-@@ -491,12 +500,24 @@
+@@ -491,12 +501,24 @@
# The option may be specified more than once. The option
# may use wildcard characters.
#
@@ -121,7 +129,7 @@ diff -Nur rkhunter-1.4.0.orig/files/rkhunter.conf rkhunter-1.4.0/files/rkhunter.
#
# Allow the specified hidden files to be whitelisted.
-@@ -506,7 +527,7 @@
+@@ -506,7 +528,7 @@
# characters.
#
#ALLOWHIDDENFILE="/etc/.java"
@@ -130,7 +138,7 @@ diff -Nur rkhunter-1.4.0.orig/files/rkhunter.conf rkhunter-1.4.0/files/rkhunter.
#ALLOWHIDDENFILE="/etc/.pwd.lock"
#ALLOWHIDDENFILE="/etc/.init.state"
#ALLOWHIDDENFILE="/lib/.libcrypto.so.0.9.8e.hmac /lib/.libcrypto.so.6.hmac"
-@@ -521,6 +542,29 @@
+@@ -521,6 +543,29 @@
#ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha384hmac.hmac"
#ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha512hmac.hmac"
#ALLOWHIDDENFILE="/usr/sbin/.sshd.hmac"
@@ -160,7 +168,7 @@ diff -Nur rkhunter-1.4.0.orig/files/rkhunter.conf rkhunter-1.4.0/files/rkhunter.
#
# Allow the specified processes to use deleted files. The
-@@ -586,6 +630,14 @@
+@@ -586,6 +631,14 @@
#
#ALLOWDEVFILE="/dev/shm/pulse-shm-*"
#ALLOWDEVFILE="/dev/shm/sem.ADBE_*"
@@ -175,7 +183,7 @@ diff -Nur rkhunter-1.4.0.orig/files/rkhunter.conf rkhunter-1.4.0/files/rkhunter.
#
# This setting tells rkhunter where the inetd configuration
-@@ -724,6 +776,7 @@
+@@ -724,6 +777,7 @@
# The option may be specified more than once.
#
#SUSPSCAN_DIRS="/tmp /var/tmp"
@@ -183,7 +191,15 @@ diff -Nur rkhunter-1.4.0.orig/files/rkhunter.conf rkhunter-1.4.0/files/rkhunter.
#
# Directory for temporary files. A memory-based one is better (faster).
-@@ -980,3 +1033,5 @@
+@@ -822,6 +876,7 @@
+ #
+ #RTKT_DIR_WHITELIST=""
+ #RTKT_FILE_WHITELIST=""
++RTKT_FILE_WHITELIST=/bin/ad
+
+ #
+ # The following option can be used to whitelist shared library files that would
+@@ -980,3 +1035,5 @@
# both programs, then disable the 'hidden_procs' test.
#
#DISABLE_UNHIDE=0
diff --git a/rkhunter.spec b/rkhunter.spec
index 977ce3c..0dc375a 100644
--- a/rkhunter.spec
+++ b/rkhunter.spec
@@ -1,6 +1,6 @@
Name: rkhunter
Version: 1.4.0
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: A host-based tool to scan for rootkits, backdoors and local exploits
Group: Applications/System
@@ -95,6 +95,9 @@ EOF
%{_mandir}/man8/*
%changelog
+* Wed Aug 15 2012 Kevin Fenzi <kevin at scrye.com> 1.4.0-3
+- Fix /bin/ad false positive. Fixes bug #831989
+
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
More information about the scm-commits
mailing list