[rkhunter] Update to 1.4.2
Kevin Fenzi
kevin at fedoraproject.org
Fri Mar 14 16:14:42 UTC 2014
commit 564630b7cfcb08e6fb93facea915bd777101889a
Author: Kevin Fenzi <kevin at scrye.com>
Date: Fri Mar 14 10:14:33 2014 -0600
Update to 1.4.2
.gitignore | 1 +
rkhunter-1.4.0-allowdevfile-space.patch | 21 ---
rkhunter-1.4.0-fedoraconfig.patch | 214 -------------------------------
rkhunter-1.4.2-fedoraconfig.patch | 186 +++++++++++++++++++++++++++
rkhunter.spec | 14 +-
sources | 2 +-
6 files changed, 194 insertions(+), 244 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index ddd820d..8ffe1c8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
rkhunter-1.3.6.tar.gz
/rkhunter-1.3.8.tar.gz
/rkhunter-1.4.0.tar.gz
+/rkhunter-1.4.2.tar.gz
diff --git a/rkhunter-1.4.2-fedoraconfig.patch b/rkhunter-1.4.2-fedoraconfig.patch
new file mode 100644
index 0000000..d6e6f07
--- /dev/null
+++ b/rkhunter-1.4.2-fedoraconfig.patch
@@ -0,0 +1,186 @@
+diff -Nur rkhunter-1.4.2.orig/files/rkhunter.conf rkhunter-1.4.2/files/rkhunter.conf
+--- rkhunter-1.4.2.orig/files/rkhunter.conf 2014-02-23 19:38:01.000000000 -0700
++++ rkhunter-1.4.2/files/rkhunter.conf 2014-03-05 17:23:47.171809385 -0700
+@@ -155,6 +155,7 @@
+ # default directory beneath the installation directory.
+ #
+ #TMPDIR=/var/lib/rkhunter/tmp
++TMPDIR=/var/lib/rkhunter
+
+ #
+ # This option specifies the database directory to use.
+@@ -163,7 +164,7 @@
+ # subsequently commented out or removed, then the program will assume a
+ # default directory beneath the installation directory.
+ #
+-#DBDIR=/var/lib/rkhunter/db
++DBDIR=/var/lib/rkhunter/db
+
+ #
+ # This option specifies the script directory to use.
+@@ -172,6 +173,7 @@
+ # subsequently commented out or removed, then the program will not run.
+ #
+ #SCRIPTDIR=/usr/local/lib/rkhunter/scripts
++SCRIPTDIR=/usr/share/rkhunter/scripts
+
+ #
+ # This option can be used to modify the command directory list used by rkhunter
+@@ -228,7 +230,7 @@
+ #
+ # The default value is '/var/log/rkhunter.log'.
+ #
+-LOGFILE=/var/log/rkhunter.log
++LOGFILE=/var/log/rkhunter/rkhunter.log
+
+ #
+ # Set this option to '1' if the log file is to be appended to whenever rkhunter
+@@ -238,6 +240,7 @@
+ # The default value is '0'.
+ #
+ #APPEND_LOG=0
++APPEND_LOG=1
+
+ #
+ # Set the following option to '1' if the log file is to be copied when rkhunter
+@@ -304,6 +307,7 @@
+ # The default value is 'no'.
+ #
+ #ALLOW_SSH_ROOT_USER=no
++ALLOW_SSH_ROOT_USER=unset
+
+ #
+ # Set this option to '1' to allow the use of the SSH-1 protocol, but note
+@@ -318,6 +322,7 @@
+ # The default value is '0'.
+ #
+ #ALLOW_SSH_PROT_V1=0
++ALLOW_SSH_PROT_V1=2
+
+ #
+ # This setting tells rkhunter the directory containing the SSH configuration
+@@ -350,7 +355,8 @@
+ # program defaults.
+ #
+ ENABLE_TESTS=ALL
+-DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps
++#DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps
++DISABLE_TESTS=suspscan hidden_ports deleted_files packet_cap_apps apps
+
+ #
+ # The HASH_CMD option can be used to specify the command to use for the file
+@@ -422,6 +428,7 @@
+ # Also see the PKGMGR_NO_VRFY and USE_SUNSUM options.
+ #
+ #PKGMGR=NONE
++PKGMGR=RPM
+
+ #
+ # It is possible that a file, which is part of a package, may have been
+@@ -545,6 +552,9 @@
+ # The default value is the null string.
+ #
+ #EXISTWHITELIST=""
++EXISTWHITELIST=/bin/ad
++# FreeIPA Certificate Authority
++EXISTWHITELIST=/var/log/pki-ca/system
+
+ #
+ # Whitelist various attributes of the specified file. The attributes are those
+@@ -575,6 +585,12 @@
+ # The default value is the null string.
+ #
+ #SCRIPTWHITELIST=/usr/bin/groups
++SCRIPTWHITELIST=/usr/bin/whatis
++SCRIPTWHITELIST=/usr/bin/ldd
++SCRIPTWHITELIST=/usr/bin/groups
++SCRIPTWHITELIST=/usr/bin/GET
++SCRIPTWHITELIST=/sbin/ifup
++SCRIPTWHITELIST=/sbin/ifdown
+
+ #
+ # Allow the specified file to have the immutable attribute set.
+@@ -605,6 +621,19 @@
+ #ALLOWHIDDENDIR=/dev/.udev
+ #ALLOWHIDDENDIR=/dev/.udevdb
+ #ALLOWHIDDENDIR=/dev/.mdadm
++ALLOWHIDDENDIR="/etc/.java"
++ALLOWHIDDENDIR=/dev/.udev
++ALLOWHIDDENDIR=/dev/.udevdb
++ALLOWHIDDENDIR=/dev/.udev.tdb
++ALLOWHIDDENDIR=/dev/.static
++ALLOWHIDDENDIR=/dev/.initramfs
++ALLOWHIDDENDIR=/dev/.SRC-unix
++ALLOWHIDDENDIR=/dev/.mdadm
++ALLOWHIDDENDIR=/dev/.systemd
++ALLOWHIDDENDIR=/dev/.mount
++# for etckeeper
++ALLOWHIDDENDIR=/etc/.git
++ALLOWHIDDENDIR=/etc/.bzr
+
+ #
+ # Allow the specified hidden file to be whitelisted.
+@@ -620,6 +649,30 @@
+ #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha1hmac.hmac
+ #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha256hmac.hmac
+ #ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
++ALLOWHIDDENFILE="/usr/share/man/man1/..1.gz"
++ALLOWHIDDENFILE=/lib*/.libcrypto.so.*.hmac
++ALLOWHIDDENFILE=/lib*/.libssl.so.*.hmac
++ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac
++ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
++ALLOWHIDDENFILE=/usr/bin/.ssh-keygen.hmac
++ALLOWHIDDENFILE=/usr/bin/.ssh-keyscan.hmac
++ALLOWHIDDENFILE=/usr/bin/.ssh-add.hmac
++ALLOWHIDDENFILE=/usr/bin/.ssh-agent.hmac
++ALLOWHIDDENFILE=/usr/lib*/.libfipscheck.so.*.hmac
++ALLOWHIDDENFILE=/usr/lib*/.libgcrypt.so.*.hmac
++ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha1hmac.hmac
++ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha256hmac.hmac
++ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha384hmac.hmac
++ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha512hmac.hmac
++ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
++ALLOWHIDDENFILE=/dev/.mdadm.map
++ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz
++ALLOWHIDDENFILE=/usr/share/man/man5/.k5identity.5.gz
++ALLOWHIDDENFILE=/usr/sbin/.ipsec.hmac
++# etckeeper
++ALLOWHIDDENFILE=/etc/.etckeeper
++ALLOWHIDDENFILE=/etc/.gitignore
++ALLOWHIDDENFILE=/etc/.bzrignore
+
+ #
+ # Allow the specified process to use deleted files. The process name may be
+@@ -681,6 +734,16 @@
+ #
+ #ALLOWDEVFILE=/dev/shm/pulse-shm-*
+ #ALLOWDEVFILE=/dev/shm/sem.ADBE_*
++ALLOWDEVFILE=/dev/shm/pulse-shm-*
++ALLOWDEVFILE=/dev/md/md-device-map
++# tomboy creates this one
++ALLOWDEVFILE="/dev/shm/mono.*"
++# created by libv4l
++ALLOWDEVFILE="/dev/shm/libv4l-*"
++# created by spice video
++ALLOWDEVFILE="/dev/shm/spice.*"
++# created by mdadm
++ALLOWDEVFILE="/dev/md/autorebuild.pid"
+
+ #
+ # This option is used to indicate if the Phalanx2 test is to perform a basic
+@@ -1004,6 +1067,9 @@
+ #
+ #RTKT_DIR_WHITELIST=""
+ #RTKT_FILE_WHITELIST=""
++RTKT_FILE_WHITELIST=/bin/ad
++# FreeIPA Certificate Authority
++RTKT_FILE_WHITELIST=/var/log/pki-ca/system
+
+ #
+ # The following option can be used to whitelist shared library files that would
+@@ -1222,3 +1288,5 @@
+ #
+ #EMPTY_LOGFILES=""
+ #MISSING_LOGFILES=""
++
++INSTALLDIR="/usr"
diff --git a/rkhunter.spec b/rkhunter.spec
index 9742e40..f322617 100644
--- a/rkhunter.spec
+++ b/rkhunter.spec
@@ -2,8 +2,8 @@
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
Name: rkhunter
-Version: 1.4.0
-Release: 9%{?dist}
+Version: 1.4.2
+Release: 1%{?dist}
Summary: A host-based tool to scan for rootkits, backdoors and local exploits
Group: Applications/System
@@ -12,10 +12,7 @@ URL: http://rkhunter.sourceforge.net/
Source0: http://downloads.sourceforge.net/rkhunter/rkhunter-%{version}.tar.gz
Source2: 01-rkhunter
Source3: rkhunter.sysconfig
-Patch0: rkhunter-1.4.0-fedoraconfig.patch
-# Patch to help with spaces in allow dev file.
-# https://bugzilla.redhat.com/show_bug.cgi?id=984180
-Patch1: rkhunter-1.4.0-allowdevfile-space.patch
+Patch0: rkhunter-1.4.2-fedoraconfig.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -35,8 +32,6 @@ and other unwanted tools.
%patch0 -p1
-%patch1 -p1
-
%{__cat} <<'EOF' >%{name}.logrotate
%{_localstatedir}/log/%{name}/%{name}.log {
weekly
@@ -104,6 +99,9 @@ EOF
%{_mandir}/man8/*
%changelog
+* Fri Mar 14 2014 Kevin Fenzi <kevin at scrye.com> 1.4.2-1
+- Update to 1.4.2
+
* Sun Sep 01 2013 Kevin Fenzi <kevin at scrye.com> 1.4.0-9
- Add patch for now to help spaces in allowdev file handling. Fixes bug #984180
diff --git a/sources b/sources
index 01cf4f6..873ec5b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-37b1ceb79a5ff3debca335d6550ac6b0 rkhunter-1.4.0.tar.gz
+85ad366b7f3999eb2a9371e39a1a4df7 rkhunter-1.4.2.tar.gz
More information about the scm-commits
mailing list