rpms/rkhunter/F-10 rkhunter-1.3.4-fedoraconfig.patch, NONE, 1.1 rkhunter.spec, 1.18, 1.19 01-rkhunter, 1.5, 1.6
Kevin Fenzi
kevin at fedoraproject.org
Wed Mar 11 21:46:23 UTC 2009
- Previous message (by thread): rpms/perl/devel perl-update-Archive-Extract.patch, NONE, 1.1 perl-update-Archive-Tar.patch, NONE, 1.1 perl-update-CGI.patch, NONE, 1.1 perl-update-ExtUtils-CBuilder.patch, NONE, 1.1 perl-update-File-Fetch.patch, NONE, 1.1 perl-update-File-Path.patch, NONE, 1.1 perl-update-File-Temp.patch, NONE, 1.1 perl-update-IPC-Cmd.patch, NONE, 1.1 perl-update-Module-Build.patch, NONE, 1.1 perl-update-Module-CoreList.patch, NONE, 1.1 perl-update-Module-Load-Conditional.patch, NONE, 1.1 perl-update-Pod-Simple.patch, NONE, 1.1 perl-update-Sys-Syslog.patch, NONE, 1.1 perl-update-Test-Harness.patch, NONE, 1.1 perl-update-Test-Simple.patch, NONE, 1.1 perl-update-Time-HiRes.patch, NONE, 1.1 perl-update-constant.patch, NONE, 1.1 .cvsignore, 1.17, 1.18 perl-5.10.0-Change33640.patch, 1.1, 1.2 perl-5.10.0-links.patch, 1.1, 1.2 perl.spec, 1.206, 1.207 sources, 1.17, 1.18 perl-5.10.0-ArchiveTar1.38.patch, 1.1, NONE perl-5.10.0-ArchiveTar1.40.patch, 1.1, NONE perl-5.10.0-CGI-3.38.patch, 1.1, NONE perl-5.10.0-CGI.patch, 1.1, NONE perl-5.10.0-CVE-2008-2827.patch, 1.1, NONE perl-5.10.0-File-Temp-0.20.patch, 1.1, NONE perl-5.10.0-IPC_Cmd-0.42.patch, 1.1, NONE perl-5.10.0-Module-CoreList2.14.patch, 1.1, NONE perl-5.10.0-Module-Load-Conditional-0.24.patch, 1.1, NONE perl-5.10.0-PodSimple.patch, 1.2, NONE perl-5.10.0-SysSyslog-0.24.patch, 1.1, NONE perl-5.10.0-TestHarness3.12.patch, 1.1, NONE perl-5.10.0-TestSimple0.80.patch, 1.1, NONE perl-5.10.0-removeTestHarness.patch, 1.1, NONE
- Next message (by thread): rpms/perl/devel 02_fix_pod2html_dl, NONE, 1.1 07_fix_nullok, NONE, 1.1 08_fix_udp_typo, NONE, 1.1 09_fix_memory_debugging, NONE, 1.1 10_fix_h2ph_include_quote, NONE, 1.1 11_disable_vstring_warning, NONE, 1.1 15_fix_local_symtab, NONE, 1.1 16_fix_perlio_teardown_prototype, NONE, 1.1 17_fix_getopt_long_callback, NONE, 1.1 18_fix_bigint_floats, NONE, 1.1 25_fix_cgi_tempdir, NONE, 1.1 26_fix_pod2man_upgrade, NONE, 1.1 27_fix_sys_syslog_timeout, NONE, 1.1 28_fix_inplace_sort, NONE, 1.1 30_fix_freetmps, NONE, 1.1 31_fix_attributes_unknown_error, NONE, 1.1 32_fix_fork_rand, NONE, 1.1 34_fix_qr-memory-leak-2, NONE, 1.1 36_fix_file_temp_cleanup, NONE, 1.1 37_fix_coredump_indicator, NONE, 1.1 38_fix_weaken_memleak, NONE, 1.1 perl-5.10.0-Archive-Extract-onlystdout.patch, NONE, 1.1 perl-5.10.0-Change34507.patch, NONE, 1.1 perl-5.10.0-fix_file_path_rmtree_setuid.patch, NONE, 1.1 perl-5.10.0-reorderINC.patch, NONE, 1.1 perl-5.10.0-bz448392.patch, 1.1, 1.2 perl.spec, 1.207, 1.208
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kevin
Update of /cvs/extras/rpms/rkhunter/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19916
Modified Files:
rkhunter.spec 01-rkhunter
Added Files:
rkhunter-1.3.4-fedoraconfig.patch
Log Message:
Fix typo in patch file
Rework spec file
Add check for the new hmac ssh files
Update cron job to include hostname (thanks Manuel Wolfshant)
rkhunter-1.3.4-fedoraconfig.patch:
--- NEW FILE rkhunter-1.3.4-fedoraconfig.patch ---
diff -Nur rkhunter-1.3.4.orig/files/rkhunter.conf rkhunter-1.3.4/files/rkhunter.conf
--- rkhunter-1.3.4.orig/files/rkhunter.conf 2008-12-30 14:23:00.000000000 -0700
+++ rkhunter-1.3.4/files/rkhunter.conf 2009-03-04 22:09:48.000000000 -0700
@@ -68,7 +68,7 @@
# NOTE: This option should be present in the configuration file.
#
#MAIL-ON-WARNING=me at mydomain root at mydomain
-MAIL-ON-WARNING=""
+MAIL-ON-WARNING="root at localhost"
#
# Specify the mail command to use if MAIL-ON-WARNING is set.
@@ -84,17 +84,17 @@
# important files will be written to this directory, so be
# sure that the directory permissions are tight.
#
-#TMPDIR=/var/lib/rkhunter/tmp
+TMPDIR=/var/lib/rkhunter/
#
# Specify the database directory to use.
#
-#DBDIR=/var/lib/rkhunter/db
+DBDIR=/var/lib/rkhunter/db
#
# Specify the script directory to use.
#
-#SCRIPTDIR=/usr/local/lib/rkhunter/scripts
+SCRIPTDIR=/usr/share/rkhunter/scripts
#
# Specify the root directory to use.
@@ -123,13 +123,13 @@
#
# NOTE: This option should be present in the configuration file.
#
-LOGFILE=/var/log/rkhunter.log
+LOGFILE=/var/log/rkhunter/rkhunter.log
#
# Set the following option to 1 if the log file is to be appended to
# whenever rkhunter is run.
#
-APPEND_LOG=0
+APPEND_LOG=1
#
# Set the following option to enable the rkhunter check start and finish
@@ -165,7 +165,7 @@
# file, then a value here of 'yes' or 'unset' will not cause a warning.
# This option has a default value of 'no'.
#
-ALLOW_SSH_ROOT_USER=no
+ALLOW_SSH_ROOT_USER=yes
#
# Set this option to '1' to allow the use of the SSH-1 protocol, but note
@@ -205,7 +205,7 @@
# tests, the test names, and how rkhunter behaves when these options are used.
#
ENABLE_TESTS="all"
-DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps"
+DISABLE_TESTS="additional_rkts suspscan hidden_procs deleted_files packet_cap_apps"
#
# The HASH_FUNC option can be used to specify the command to use
@@ -260,7 +260,7 @@
# For any file not part of a package, rkhunter will revert to using
# the HASH_FUNC hash function instead.
#
-#PKGMGR=NONE
+PKGMGR=RPM
#
# Whitelist the hash (content) for the specified files. Only useful
@@ -298,6 +298,12 @@
#SCRIPTWHITELIST=/sbin/ifup
#SCRIPTWHITELIST=/sbin/ifdown
#SCRIPTWHITELIST=/usr/bin/groups
+SCRIPTWHITELIST=/usr/bin/whatis
+SCRIPTWHITELIST=/usr/bin/ldd
+SCRIPTWHITELIST=/usr/bin/groups
+SCRIPTWHITELIST=/usr/bin/GET
+SCRIPTWHITELIST=/sbin/ifup
+SCRIPTWHITELIST=/sbin/ifdown
#
# Allow the specified commands to have the immutable attribute set.
@@ -310,7 +316,7 @@
# One directory per line (use multiple ALLOWHIDDENDIR lines).
#
#ALLOWHIDDENDIR=/etc/.java
-#ALLOWHIDDENDIR=/dev/.udev
+ALLOWHIDDENDIR=/dev/.udev
#ALLOWHIDDENDIR=/dev/.udevdb
#ALLOWHIDDENDIR=/dev/.udev.tdb
#ALLOWHIDDENDIR=/dev/.static
@@ -322,9 +328,18 @@
# One file per line (use multiple ALLOWHIDDENFILE lines).
#
#ALLOWHIDDENFILE=/etc/.java
-#ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
+ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
#ALLOWHIDDENFILE=/etc/.pwd.lock
#ALLOWHIDDENFILE=/etc/.init.state
+#
+# Allow hmac ssh files for Fedora
+#
+ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
+ALLOWHIDDENFILE=/usr/bin/.ssh-keyscan.hmac
+ALLOWHIDDENFILE=/usr/bin/.ssh-keygen.hmac
+ALLOWHIDDENFILE=/usr/bin/.ssh-add.hmac
+ALLOWHIDDENFILE=/usr/bin/.ssh-agent.hmac
+ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
#
# Allow the specified processes to use deleted files.
@@ -367,7 +382,7 @@
# ALLOWDEVFILE lines).
#
#ALLOWDEVFILE=/dev/abc
-#ALLOWDEVFILE=/dev/shm/pulse-shm-*
+ALLOWDEVFILE=/dev/shm/pulse-shm-*
#
# This setting tells rkhunter where the inetd configuration
@@ -460,7 +475,7 @@
# file. This setting will be worked out by rkhunter, and so should not
# usually need to be set.
#
-#SYSLOG_CONFIG_FILE=/etc/syslog.conf
+SYSLOG_CONFIG_FILE=/etc/rsyslog.conf
#
# This option permits the use of syslog remote logging.
@@ -549,7 +564,7 @@
# specified, then RKH will assume the O/S release information is on the
# first non-blank line of the file.
#
-#OS_VERSION_FILE="/etc/release"
+OS_VERSION_FILE="/etc/fedora-release"
#
# The following two options can be used to whitelist files and directories
@@ -578,3 +593,4 @@
#
#MODULES_DIR=""
+INSTALLDIR="/usr"
Index: rkhunter.spec
===================================================================
RCS file: /cvs/extras/rpms/rkhunter/F-10/rkhunter.spec,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- rkhunter.spec 5 Jan 2009 05:16:36 -0000 1.18
+++ rkhunter.spec 11 Mar 2009 21:45:52 -0000 1.19
@@ -1,6 +1,6 @@
Name: rkhunter
Version: 1.3.4
-Release: 1%{?dist}
+Release: 5%{?dist}
Summary: A host-based tool to scan for rootkits, backdoors and local exploits
Group: Applications/System
@@ -10,6 +10,7 @@
Source1: http://downloads.sourceforge.net/rkhunter/rkhunter-%{version}.tar.gz.sha1.txt
Source2: 01-rkhunter
Source3: rkhunter.sysconfig
+Patch0: rkhunter-1.3.4-fedoraconfig.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -26,40 +27,7 @@
%setup -q
-%{__perl} -pi.0001 -e '
- s|^#(MAIL-ON-WARNING=).+$|$1root\@localhost|;
- s|^#(TMPDIR=).+$|$1%{_var}/lib/%{name}|;
- s|^#(DBDIR=).+$|$1%{_var}/lib/%{name}/db|;
- s|^#(SCRIPTDIR=).+$|$1%{_datadir}/%{name}/scripts|;
- s|^#(PKGMGR=).+$|$1RPM|;
-%if 0%{?el4}%{?el5}
- s|^#(OS_VERSION_FILE=).+$|$1/etc/redhat-release|;
-%else
- s|^#(OS_VERSION_FILE=).+$|$1/etc/fedora-release|;
-%endif
- s|^#(ALLOWHIDDENDIR=).+$|$1/dev/.udev|;
- s|^#(ALLOWHIDDENFILE=).+$|$1/usr/share/man/man1/..1.gz|;
- s|^(APPEND_LOG=).+$|$11|;
- s|^(LOGFILE=).+$|$1/var/log/rkhunter/rkhunter.log|;
- s|^(ALLOW_SSH_ROOT_USER=).+$|$1yes|;
- s|^(DISABLE_TESTS=).+$|$1"additional_rkts suspscan hidden_procs deleted_files packet_cap_apps"|;
- ' files/%{name}.conf
-
-# Add Fedora specific configs
-echo "INSTALLDIR=%{_prefix}" >> files/%{name}.conf
-echo "SCRIPTWHITELIST=/usr/bin/whatis" >> files/%name.conf
-echo "SCRIPTWHITELIST=/usr/bin/ldd" >> files/%name.conf
-echo "SCRIPTWHITELIST=/usr/bin/groups" >> files/%name.conf
-echo "SCRIPTWHITELIST=/usr/bin/GET" >> files/%name.conf
-echo "SCRIPTWHITELIST=/sbin/ifup" >> files/%name.conf
-echo "SCRIPTWHITELIST=/sbin/ifdown" >> files/%name.conf
-# in f8/f9/f10
-%if 0%{?fc8}%{?fc9}%{?fc10}
-echo "SYSLOG_CONFIG_FILE=/etc/rsyslog.conf" >> files/%name.conf
-echo "ALLOWDEVFILE=/dev/shm/pulse-shm-*" >> files/%name.conf
-%else
-echo "SYSLOG_CONFIG_FILE=/etc/syslog.conf" >> files/%name.conf
-%endif
+%patch0 -p1
%{__cat} <<'EOF' >%{name}.logrotate
%{_localstatedir}/log/%{name}/%{name}.log {
@@ -136,6 +104,19 @@
%{_mandir}/man8/*
%changelog
+* Sun Mar 08 2009 Kevin Fenzi <kevin at tummy.com> - 1.3.4-5
+- Fix typo in patch file
+
+* Wed Mar 04 2009 Kevin Fenzi <kevin at tummy.com> - 1.3.4-4
+- Rework spec file
+- Add check for the new hmac ssh files
+
+* Thu Feb 26 2009 Kevin Fenzi <kevin at tummy.com> - 1.3.4-3
+- Update cron job to include hostname (thanks Manuel Wolfshant)
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
* Fri Jan 02 2009 Kevin Fenzi <kevin at tummy.com> - 1.3.4-1
- Update to 1.3.4
- Use libdir as tmp dir - bug #456340
Index: 01-rkhunter
===================================================================
RCS file: /cvs/extras/rpms/rkhunter/F-10/01-rkhunter,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- 01-rkhunter 5 Jan 2009 05:18:22 -0000 1.5
+++ 01-rkhunter 11 Mar 2009 21:45:52 -0000 1.6
@@ -42,7 +42,7 @@
>> $TMPFILE1
if [ $XITVAL != 0 ]; then
- /bin/cat $TMPFILE1 | /bin/mail -s 'rkhunter Daily Run' $MAILTO
+ /bin/cat $TMPFILE1 | /bin/mail -s "rkhunter Daily Run on $(hostname)" $MAILTO
fi
/bin/cat $TMPFILE1 >> $LOGFILE
fi
- Previous message (by thread): rpms/perl/devel perl-update-Archive-Extract.patch, NONE, 1.1 perl-update-Archive-Tar.patch, NONE, 1.1 perl-update-CGI.patch, NONE, 1.1 perl-update-ExtUtils-CBuilder.patch, NONE, 1.1 perl-update-File-Fetch.patch, NONE, 1.1 perl-update-File-Path.patch, NONE, 1.1 perl-update-File-Temp.patch, NONE, 1.1 perl-update-IPC-Cmd.patch, NONE, 1.1 perl-update-Module-Build.patch, NONE, 1.1 perl-update-Module-CoreList.patch, NONE, 1.1 perl-update-Module-Load-Conditional.patch, NONE, 1.1 perl-update-Pod-Simple.patch, NONE, 1.1 perl-update-Sys-Syslog.patch, NONE, 1.1 perl-update-Test-Harness.patch, NONE, 1.1 perl-update-Test-Simple.patch, NONE, 1.1 perl-update-Time-HiRes.patch, NONE, 1.1 perl-update-constant.patch, NONE, 1.1 .cvsignore, 1.17, 1.18 perl-5.10.0-Change33640.patch, 1.1, 1.2 perl-5.10.0-links.patch, 1.1, 1.2 perl.spec, 1.206, 1.207 sources, 1.17, 1.18 perl-5.10.0-ArchiveTar1.38.patch, 1.1, NONE perl-5.10.0-ArchiveTar1.40.patch, 1.1, NONE perl-5.10.0-CGI-3.38.patch, 1.1, NONE perl-5.10.0-CGI.patch, 1.1, NONE perl-5.10.0-CVE-2008-2827.patch, 1.1, NONE perl-5.10.0-File-Temp-0.20.patch, 1.1, NONE perl-5.10.0-IPC_Cmd-0.42.patch, 1.1, NONE perl-5.10.0-Module-CoreList2.14.patch, 1.1, NONE perl-5.10.0-Module-Load-Conditional-0.24.patch, 1.1, NONE perl-5.10.0-PodSimple.patch, 1.2, NONE perl-5.10.0-SysSyslog-0.24.patch, 1.1, NONE perl-5.10.0-TestHarness3.12.patch, 1.1, NONE perl-5.10.0-TestSimple0.80.patch, 1.1, NONE perl-5.10.0-removeTestHarness.patch, 1.1, NONE
- Next message (by thread): rpms/perl/devel 02_fix_pod2html_dl, NONE, 1.1 07_fix_nullok, NONE, 1.1 08_fix_udp_typo, NONE, 1.1 09_fix_memory_debugging, NONE, 1.1 10_fix_h2ph_include_quote, NONE, 1.1 11_disable_vstring_warning, NONE, 1.1 15_fix_local_symtab, NONE, 1.1 16_fix_perlio_teardown_prototype, NONE, 1.1 17_fix_getopt_long_callback, NONE, 1.1 18_fix_bigint_floats, NONE, 1.1 25_fix_cgi_tempdir, NONE, 1.1 26_fix_pod2man_upgrade, NONE, 1.1 27_fix_sys_syslog_timeout, NONE, 1.1 28_fix_inplace_sort, NONE, 1.1 30_fix_freetmps, NONE, 1.1 31_fix_attributes_unknown_error, NONE, 1.1 32_fix_fork_rand, NONE, 1.1 34_fix_qr-memory-leak-2, NONE, 1.1 36_fix_file_temp_cleanup, NONE, 1.1 37_fix_coredump_indicator, NONE, 1.1 38_fix_weaken_memleak, NONE, 1.1 perl-5.10.0-Archive-Extract-onlystdout.patch, NONE, 1.1 perl-5.10.0-Change34507.patch, NONE, 1.1 perl-5.10.0-fix_file_path_rmtree_setuid.patch, NONE, 1.1 perl-5.10.0-reorderINC.patch, NONE, 1.1 perl-5.10.0-bz448392.patch, 1.1, 1.2 perl.spec, 1.207, 1.208
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list