/[smecontribs]/rpms/smeserver-rkhunter/contribs9/smeserver-rkhunter-1.4.0.bz10376.disableupdate.patch
ViewVC logotype

Annotation of /rpms/smeserver-rkhunter/contribs9/smeserver-rkhunter-1.4.0.bz10376.disableupdate.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Thu Jul 6 22:06:34 2017 UTC (7 years, 4 months ago) by unnilennium
Branch: MAIN
CVS Tags: smeserver-rkhunter-1_4_0-4_el6_sme, HEAD
* Thu Jul 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> 1.4.0-4.sme
- disabling as default update for rkh because of CVE-2017-7480 [SME: 10376]
- added property updateMirrors to handle this

1 unnilennium 1.1 diff -Nur smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/cron.daily/rkhunter/10script smeserver-rkhunter-1.4.0/root/etc/e-smith/templates/etc/cron.daily/rkhunter/10script
2     --- smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/cron.daily/rkhunter/10script 2015-08-13 10:07:14.000000000 -0400
3     +++ smeserver-rkhunter-1.4.0/root/etc/e-smith/templates/etc/cron.daily/rkhunter/10script 2017-07-06 18:02:46.609000000 -0400
4     @@ -33,7 +33,12 @@
5     if [ -x $RKHUNTER ]; then
6     /bin/echo -e "\n--------------------- Start Rootkit Hunter Update ---------------------" \
7     > $TMPFILE1
8     - /bin/nice -n 10 $RKHUNTER --update --nocolors 2>&1 >> $TMPFILE1
9     + updatestatus=$(/sbin/e-smith/config getprop rkhunter updateMirrors) || echo 'disabled'
10     + if [ "$updatestatus" == 'enabled' ]; then
11     + /bin/nice -n 10 $RKHUNTER --update --nocolors 2>&1 >> $TMPFILE1
12     + else
13     + echo "Rootkit Hunter Update disabled see https://bugs.contribs.org/show_bug.cgi?id=10376 " 2>&1 >> $TMPFILE1
14     + fi
15     /bin/echo -e "\n---------------------- Start Rootkit Hunter Scan ----------------------" \
16     >> $TMPFILE1
17     /bin/nice -n 10 $RKHUNTER $RKHUNTER_FLAGS 2>&1 >> $TMPFILE1
18     diff -Nur smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/005mirrors20update smeserver-rkhunter-1.4.0/root/etc/e-smith/templates/etc/rkhunter.conf/005mirrors20update
19     --- smeserver-rkhunter-1.4.0.old/root/etc/e-smith/templates/etc/rkhunter.conf/005mirrors20update 2009-04-02 17:13:16.000000000 -0400
20     +++ smeserver-rkhunter-1.4.0/root/etc/e-smith/templates/etc/rkhunter.conf/005mirrors20update 2017-07-06 17:51:46.512000000 -0400
21     @@ -6,4 +6,7 @@
22     # If this option is set to 0, the mirrors file can only be updated
23     # manually. This may be useful if only using local mirrors.
24     #
25     -UPDATE_MIRRORS=1
26     +{
27     + my $update= (($rkhunter{updateMirrors}|| 'disabled' ) eq 'enabled') ? 1 : 0;
28     + $OUT = "UPDATE_MIRRORS= $update\n";
29     +}

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed