[rkhunter] Add patch to fix ipcs command in non en locales
Kevin Fenzi
kevin at fedoraproject.org
Sun Apr 6 17:53:17 UTC 2014
commit 17b3bec11261a65e30d5c9cb98239663feff117a
Author: Kevin Fenzi <kevin at scrye.com>
Date: Sun Apr 6 11:53:08 2014 -0600
Add patch to fix ipcs command in non en locales
- Add config to fix freeipa installs. Fixes bug #994567
rkhunter-1.4.2-fedoraconfig.patch | 27 ++++++++++++++++++---------
rkhunter-1.4.2-ipcs-locale.patch | 18 ++++++++++++++++++
rkhunter.spec | 13 +++++++++++--
3 files changed, 47 insertions(+), 11 deletions(-)
---
diff --git a/rkhunter-1.4.2-fedoraconfig.patch b/rkhunter-1.4.2-fedoraconfig.patch
index d6e6f07..2117d1b 100644
--- a/rkhunter-1.4.2-fedoraconfig.patch
+++ b/rkhunter-1.4.2-fedoraconfig.patch
@@ -1,6 +1,6 @@
diff -Nur rkhunter-1.4.2.orig/files/rkhunter.conf rkhunter-1.4.2/files/rkhunter.conf
---- rkhunter-1.4.2.orig/files/rkhunter.conf 2014-02-23 19:38:01.000000000 -0700
-+++ rkhunter-1.4.2/files/rkhunter.conf 2014-03-05 17:23:47.171809385 -0700
+--- rkhunter-1.4.2.orig/files/rkhunter.conf 2014-01-25 14:29:51.000000000 -0700
++++ rkhunter-1.4.2/files/rkhunter.conf 2014-04-06 11:43:15.719800756 -0600
@@ -155,6 +155,7 @@
# default directory beneath the installation directory.
#
@@ -77,17 +77,22 @@ diff -Nur rkhunter-1.4.2.orig/files/rkhunter.conf rkhunter-1.4.2/files/rkhunter.
#
# It is possible that a file, which is part of a package, may have been
-@@ -545,6 +552,9 @@
+@@ -545,6 +552,14 @@
# The default value is the null string.
#
#EXISTWHITELIST=""
+EXISTWHITELIST=/bin/ad
+# FreeIPA Certificate Authority
+EXISTWHITELIST=/var/log/pki-ca/system
++# FreeIPA Certificate Authority
++EXISTWHITELIST=/var/log/pki/pki-tomcat/ca/system
++# Some non default installed files we check
++EXISTWHITELIST=/usr/bin/GET
++EXISTWHITELIST=/usr/bin/whatis
#
# Whitelist various attributes of the specified file. The attributes are those
-@@ -575,6 +585,12 @@
+@@ -575,6 +590,12 @@
# The default value is the null string.
#
#SCRIPTWHITELIST=/usr/bin/groups
@@ -100,7 +105,7 @@ diff -Nur rkhunter-1.4.2.orig/files/rkhunter.conf rkhunter-1.4.2/files/rkhunter.
#
# Allow the specified file to have the immutable attribute set.
-@@ -605,6 +621,19 @@
+@@ -605,6 +626,19 @@
#ALLOWHIDDENDIR=/dev/.udev
#ALLOWHIDDENDIR=/dev/.udevdb
#ALLOWHIDDENDIR=/dev/.mdadm
@@ -120,7 +125,7 @@ diff -Nur rkhunter-1.4.2.orig/files/rkhunter.conf rkhunter-1.4.2/files/rkhunter.
#
# Allow the specified hidden file to be whitelisted.
-@@ -620,6 +649,30 @@
+@@ -620,6 +654,30 @@
#ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha1hmac.hmac
#ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha256hmac.hmac
#ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
@@ -151,7 +156,7 @@ diff -Nur rkhunter-1.4.2.orig/files/rkhunter.conf rkhunter-1.4.2/files/rkhunter.
#
# Allow the specified process to use deleted files. The process name may be
-@@ -681,6 +734,16 @@
+@@ -681,6 +739,18 @@
#
#ALLOWDEVFILE=/dev/shm/pulse-shm-*
#ALLOWDEVFILE=/dev/shm/sem.ADBE_*
@@ -165,20 +170,24 @@ diff -Nur rkhunter-1.4.2.orig/files/rkhunter.conf rkhunter-1.4.2/files/rkhunter.
+ALLOWDEVFILE="/dev/shm/spice.*"
+# created by mdadm
+ALLOWDEVFILE="/dev/md/autorebuild.pid"
++# 389 Directory Server
++ALLOWDEVFILE=/dev/shm/sem.slapd-*.stats
#
# This option is used to indicate if the Phalanx2 test is to perform a basic
-@@ -1004,6 +1067,9 @@
+@@ -1004,6 +1074,11 @@
#
#RTKT_DIR_WHITELIST=""
#RTKT_FILE_WHITELIST=""
+RTKT_FILE_WHITELIST=/bin/ad
+# FreeIPA Certificate Authority
+RTKT_FILE_WHITELIST=/var/log/pki-ca/system
++# FreeIPA Certificate Authority
++RTKT_FILE_WHITELIST=/var/log/pki/pki-tomcat/ca/system
#
# The following option can be used to whitelist shared library files that would
-@@ -1222,3 +1288,5 @@
+@@ -1222,3 +1297,5 @@
#
#EMPTY_LOGFILES=""
#MISSING_LOGFILES=""
diff --git a/rkhunter-1.4.2-ipcs-locale.patch b/rkhunter-1.4.2-ipcs-locale.patch
new file mode 100644
index 0000000..0457e4c
--- /dev/null
+++ b/rkhunter-1.4.2-ipcs-locale.patch
@@ -0,0 +1,18 @@
+diff -Nur rkhunter-1.4.2.orig/files/rkhunter rkhunter-1.4.2/files/rkhunter
+--- rkhunter-1.4.2.orig/files/rkhunter 2014-03-12 14:54:55.000000000 -0600
++++ rkhunter-1.4.2/files/rkhunter 2014-04-06 11:39:44.776583858 -0600
+@@ -13964,11 +13964,11 @@
+ touch "${IPCS_TMPFILE}"
+ FOUND=0; echo $FOUND > "${IPCS_TMPFILE}"
+
+- if [ `${IPCS_CMD} -u 2>/dev/null | awk -F' ' '/segments allocated/ {print $3}'` -ne 0 ]; then
+- ${IPCS_CMD} -m | grep "^0x" | while read RKH_SHM_KEY RKH_SHM_SHMID RKH_SHM_OWNER RKH_SHM_PERMS RKH_SHM_BYTES RKH_SHM_NATTACH RKH_SHM_STATUS; do
++ if [ `LC_ALL=C ${IPCS_CMD} -u 2>/dev/null | awk -F' ' '/segments allocated/ {print $3}'` -ne 0 ]; then
++ LC_ALL=C ${IPCS_CMD} -m | grep "^0x" | while read RKH_SHM_KEY RKH_SHM_SHMID RKH_SHM_OWNER RKH_SHM_PERMS RKH_SHM_BYTES RKH_SHM_NATTACH RKH_SHM_STATUS; do
+ if [ $RKH_SHM_PERMS -eq 666 -a $RKH_SHM_BYTES -ge 1000000 ]; then
+ FOUND=1; echo $FOUND > "${IPCS_TMPFILE}"
+- ${IPCS_CMD} -p | grep "^${RKH_SHM_SHMID}" | while read RKH_SHM_SHMID RKH_SHM_OWNER RKH_SHM_CPID RKH_SHM_LPID; do
++ LC_ALL=C ${IPCS_CMD} -p | grep "^${RKH_SHM_SHMID}" | while read RKH_SHM_SHMID RKH_SHM_OWNER RKH_SHM_CPID RKH_SHM_LPID; do
+ RKH_SHM_PATH=`${READLINK_CMD} -f /proc/${RKH_SHM_CPID}/exe`
+ if [ $VERBOSE_LOGGING -eq 1 ]; then
+ display --to LOG --type PLAIN --result FOUND --log-indent 2 ROOTKIT_MALWARE_IPCS_DETAILS "${RKH_SHM_PATH}" "${RKH_SHM_CPID}" "${RKH_SHM_OWNER}"
diff --git a/rkhunter.spec b/rkhunter.spec
index f322617..e4a1e6e 100644
--- a/rkhunter.spec
+++ b/rkhunter.spec
@@ -3,7 +3,7 @@
Name: rkhunter
Version: 1.4.2
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A host-based tool to scan for rootkits, backdoors and local exploits
Group: Applications/System
@@ -13,6 +13,10 @@ Source0: http://downloads.sourceforge.net/rkhunter/rkhunter-%{version}.ta
Source2: 01-rkhunter
Source3: rkhunter.sysconfig
Patch0: rkhunter-1.4.2-fedoraconfig.patch
+#
+# Fix issue with ipcs command and locales
+#
+Patch1: rkhunter-1.4.2-ipcs-locale.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -31,6 +35,7 @@ and other unwanted tools.
%setup -q
%patch0 -p1
+%patch1 -p1
%{__cat} <<'EOF' >%{name}.logrotate
%{_localstatedir}/log/%{name}/%{name}.log {
@@ -99,6 +104,10 @@ EOF
%{_mandir}/man8/*
%changelog
+* Sun Apr 06 2014 Kevin Fenzi <kevin at scrye.com> 1.4.2-2
+- Add patch to fix ipcs command in non en locales
+- Add config to fix freeipa installs. Fixes bug #994567
+
* Fri Mar 14 2014 Kevin Fenzi <kevin at scrye.com> 1.4.2-1
- Update to 1.4.2
@@ -289,7 +298,7 @@ EOF
- Changed to SHA1 for optional message digest (canary check)
- Added a couple of suggested skip entries to rkhunter.conf
-* Mon Jun 11 2005 Greg Houlette <tamaster at pobox.com> - 1.2.7-1
+* Sat Jun 11 2005 Greg Houlette <tamaster at pobox.com> - 1.2.7-1
- Added signature auto-updating to CRON scan (new script)
- Removed BOOTSCAN pending rewrite to full SysV Init scan in background
- Added the --append-log command line option
More information about the scm-commits
mailing list