/[smeserver]/rpms/rkhunter/sme7/rkhunter.spec
ViewVC logotype

Diff of /rpms/rkhunter/sme7/rkhunter.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

Revision 1.12 by slords, Wed Apr 9 13:51:56 2008 UTC Revision 1.15 by snetram, Thu May 14 17:10:05 2009 UTC
# Line 1  Line 1 
1  # $Id$  # $Id: rkhunter.spec,v 1.14 2009/04/07 07:30:35 snetram Exp $
2    
3  # No debuginfo:  Name:           rkhunter
4  %define debug_package %{nil}  Version:        1.3.4
5    Release:        8%{?dist}
6  # If you want to debug, uncomment the next line and remove  Summary:        A host-based tool to scan for rootkits, backdoors and local exploits
7  # the duplicate percent sign (due to macro expansion)  
8  #%%dump  Group:          Applications/System
9    License:        GPLv2+
10  %define name rkhunter  URL:            http://rkhunter.sourceforge.net/
11  %define ver 1.3.2  Source0:        http://downloads.sourceforge.net/rkhunter/rkhunter-%{version}.tar.gz
12  %define rel 2  Source1:        http://downloads.sourceforge.net/rkhunter/rkhunter-%{version}.tar.gz.sha1.txt
13  %define epoch 0  Source2:        01-rkhunter
14    Source3:        rkhunter.sysconfig
15  # Don't change this define or also:  Patch0:         rkhunter-1.3.4-smeconfig.patch
16  # 1. installer.sh --layout custom /temporary/dir/usr --striproot /temporary/dir --install  BuildArch:      noarch
17  # 2. rewrite the files section below.  BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
18  %define _prefix /usr  
19    Requires:       coreutils, binutils, modutils, findutils, grep, mktemp
20  # We can't let RPM do the dependencies automatic because it'll then pick up  Requires:       e2fsprogs, procps, lsof, prelink, iproute, net-tools, wget
21  # a correct but undesirable perl dependency, which rkhunter does not require  Requires:       perl, perl(strict), perl(IO::Socket), mailx, logrotate
 # in order to function properly.  
 AutoReqProv: no  
   
 Name: %{name}  
 Summary: %{name} scans for rootkits, backdoors and local exploits  
 Version: %{ver}  
 Release: %{rel}%{dist}  
 Epoch: %{epoch}  
 License: GPL  
 Group: Applications/System  
 Source0: %{name}-%{version}.tar.gz  
 Patch0: rkhunter-installer.patch  
 Patch1: rkhunter-nolib.patch  
 BuildArch: noarch  
 Requires: filesystem, bash, grep, findutils, net-tools, coreutils, e2fsprogs, modutils, procps, binutils, wget, perl  
 Provides: %{name}  
 URL: http://rkhunter.sourceforge.net/  
 BuildRoot: %{_tmppath}/%{name}-%{version}  
22    
23  %description  %description
24  Rootkit Hunter is a scanning tool to ensure you are about 99.9%%  Rootkit Hunter (RKH) is an easy-to-use tool which checks
25  clean of nasty tools. It scans for rootkits, backdoors and local  computers running UNIX (clones) for the presence of rootkits
26  exploits by running tests like:  and other unwanted tools.
         - File hash check  
         - Look for default files used by rootkits  
         - Wrong file permissions for binaries  
         - Look for suspected strings in LKM and KLD modules  
         - Look for hidden files  
         - Optional scan within plaintext and binary files  
         - Software version checks  
         - Application tests  
   
 Rootkit Hunter is released as a GPL licensed project and free for everyone to use.  
   
27    
28  %prep  %prep
29    
30  %setup -q  %setup -q
31    
32  %patch0 -p1  %patch0 -p1
33  %patch1 -p1  
34    %{__cat} <<'EOF' >%{name}.logrotate
35    %{_localstatedir}/log/%{name}/%{name}.log {
36        weekly
37        notifempty
38        create 640 root root
39    }
40    EOF
41    
42  %build  %build
43    # Nothing to be built
44    
45  %install  %install
46  MANPATH=""  %{__rm} -rf $RPM_BUILD_ROOT
 export MANPATH  
47    
48  sh ./installer.sh --layout RPM --install  %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_bindir}
49    %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_sysconfdir}/{cron.daily,sysconfig,logrotate.d}
50  sed -i 's_#ALLOWPROCLISTEN=/sbin/dhclient_ALLOWPROCLISTEN=/sbin/dhclient_' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf  %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts
51  sed -i 's_#ALLOWPROCLISTEN=/usr/sbin/pppoe_ALLOWPROCLISTEN=/sbin/pppoe_' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf  %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}
52  sed -i 's_#ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz_ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz_' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf  %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_mandir}/man8
53  sed -i '/#ALLOWPROCLISTEN=\/usr\/bin\/dhcpcd/iALLOWPROCLISTEN=\/usr\/sbin\/dhcpd' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf  %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db
54  sed -i '/#ALLOWPROCDELFILE=\/usr\/sbin\/mysqld/aALLOWPROCDELFILE=\/usr\/sbin\/httpd' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf  %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/run/%{name}
55  sed -i '/ALLOWPROCDELFILE=\/usr\/sbin\/httpd/aALLOWPROCDELFILE=\/usr\/sbin\/asterisk' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf  %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/log/%{name}
56  sed -i '/ALLOWPROCDELFILE=\/usr\/sbin\/httpd/aALLOWPROCDELFILE=\/usr\/bin\/freshclam' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf  %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n
57    
58  # Make a cron.daily file to mail us the reports  %{__install} -m755 -p files/%{name}             ${RPM_BUILD_ROOT}%{_bindir}/
59  %{__mkdir} -p "${RPM_BUILD_ROOT}/%{_sysconfdir}/cron.daily"  
60  %{__cat} > "${RPM_BUILD_ROOT}/%{_sysconfdir}/cron.daily/01-rkhunter" <<EOF  %{__install} -m644 -p files/backdoorports.dat   ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
61  #!/bin/sh  %{__install} -m644 -p files/defaulthashes.dat   ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
62  %{_bindir}/rkhunter --cronjob --update --disable apps,suspscan,system_commands --rwo  %{__install} -m644 -p files/md5blacklist.dat    ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
63  exit 0  %{__install} -m644 -p files/mirrors.dat         ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
64  EOF  %{__install} -m644 -p files/os.dat              ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
65  %{__chmod} a+rwx,g-w,o-rwx ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/01-rkhunter  %{__install} -m644 -p files/programs_bad.dat    ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
66    %{__install} -m644 -p files/programs_good.dat   ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
67    %{__install} -m644 -p files/i18n/cn             ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/
68    %{__install} -m644 -p files/i18n/en             ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/
69    
70    %{__install} -m644 -p files/CHANGELOG           ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
71    %{__install} -m644 -p files/LICENSE             ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
72    %{__install} -m644 -p files/README              ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
73    %{__install} -m644 -p files/WISHLIST            ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
74    %{__install} -m755 -p files/check_modules.pl    ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/
75    %{__install} -m755 -p files/check_port.pl       ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/
76    %{__install} -m755 -p files/check_update.sh     ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/
77    %{__install} -m644 -p files/*.8                 ${RPM_BUILD_ROOT}%{_mandir}/man8/
78    # Don't ship these unless we want to Require the perl modules
79    #%{__install} -m750 -p files/filehashmd5.pl      ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/
80    #%{__install} -m750 -p files/filehashsha1.pl     ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/
81    %{__install} -m755 -p files/showfiles.pl        ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/
82    %{__install} -m755 -p %{SOURCE2}                ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/%{name}
83    %{__install} -m644 -p %{name}.logrotate         ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name}
84    %{__install} -m640 -p files/%{name}.conf        ${RPM_BUILD_ROOT}%{_sysconfdir}/
85    %{__install} -m640 -p %{SOURCE3}                ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name}
86    
87    %clean
88    %{__rm} -rf $RPM_BUILD_ROOT
89    
90  %post  %post
91  # Only do this on an initial install  # Only do this on an initial install
92  if [ $1 -eq 1 ]; then  if [ $1 -eq 1 ]; then
93          %{__cp} -p /etc/passwd /var/rkhunter/tmp >/dev/null 2>&1 || :      %{__cp} -p /etc/passwd /var/lib/rkhunter/ >/dev/null 2>&1 || :
94          %{__cp} -p /etc/group /var/rkhunter/tmp >/dev/null 2>&1 || :      %{__cp} -p /etc/group /var/lib/rkhunter/ >/dev/null 2>&1 || :
95  fi  fi
96    
   
 %preun  
 # Only do this when removing the RPM  
 if [ $1 -eq 0 ]; then  
         %{__rm} -f /var/log/rkhunter.log /var/log/rkhunter.log.old >/dev/null 2>&1  
         %{__rm} -rf /var/rkhunter/* >/dev/null 2>&1  
 fi  
   
   
 %clean  
 if [ "$RPM_BUILD_ROOT" = "/" ]; then  
         echo Invalid Build root \'"$RPM_BUILD_ROOT"\'  
         exit 1  
 else  
         rm -rf $RPM_BUILD_ROOT  
 fi  
   
   
 %define docdir %{_prefix}/share/doc/%{name}-%{version}  
97  %files  %files
98  %defattr(-,root,root)  %defattr(-,root,root,-)
99  %attr(640,root,root) %config(noreplace) %{_sysconfdir}/%{name}.conf  %doc %{_docdir}/%{name}-%{version}/*
100  %attr(750,root,root) %{_prefix}/bin/%{name}  %{_bindir}/%{name}
101  %attr(750,root,root) %dir %{_libdir}/%{name}  %dir %{_datadir}/%{name}
102  %attr(750,root,root) %dir %{_libdir}/%{name}/scripts  %{_datadir}/%{name}/scripts
103  %attr(750,root,root) %{_libdir}/%{name}/scripts/*.pl  %{_sysconfdir}/cron.daily/%{name}
104  %attr(750,root,root) %{_libdir}/%{name}/scripts/*.sh  %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
105  %attr(644,root,root) %doc %{_prefix}/share/man/man8/%{name}.8.gz  %dir %{_var}/lib/%{name}
106  %attr(755,root,root) %dir %{docdir}  %{_var}/lib/%{name}/db
107  %attr(644,root,root) %doc %{docdir}/*  %{_var}/lib/%{name}/db/i18n
108  %attr(750,root,root) %dir %{_var}/%{name}  %dir %{_var}/run/%{name}
109  %attr(750,root,root) %dir %{_var}/%{name}/db  %dir %{_var}/log/%{name}
110  %attr(640,root,root) %{_var}/%{name}/db/*.dat  %config(noreplace) %{_sysconfdir}/%{name}.conf
111  %attr(750,root,root) %dir %{_var}/%{name}/db/i18n  %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
112  %attr(640,root,root) %{_var}/%{name}/db/i18n/*  %dir %{_docdir}/%{name}-%{version}
113  %attr(750,root,root) %dir %{_var}/%{name}/tmp  %{_mandir}/man8/*
 %{_sysconfdir}/cron.daily/01-rkhunter  
   
114    
115  %changelog  %changelog
116  * Sun Mar 2 2008 Shad L. Lords <slords@mail.com> 1.3.2-2  * Thu May 14 2009 Jonathan Martens <smeserver-contribs@snetram.nl> 1.3.4-8
117  - Allow freshclam to use deleted files. [SME: 3876]  - Bump version number in order to move package to SME Contribs [SME: 5172]
   
 * Fri Feb 29 2008 Shad L. Lords <slords@mail.com> 1.3.2-1  
 - Update to rkhunter v1.3.2 [SME: 4000]  
   
 * Wed Jan 30 2008 Shad L. Lords <slords@mail.com> 1.3.0-6  
 - Fix asterisk to allow deleted files. [SME: 3795]  
118    
119  * Tue Jan 29 2008 Shad L. Lords <slords@mail.com> 1.3.0-5  * Tue Apr 7 2009 Jonathan Martens <smeserver-contribs@snetram.nl> 1.3.4-7
120  - Correct pppoe binary location.  - Remove quotes in DISABLE_TESTS setting [SME: 5149]
 - Add asterisk binary to allow deleted files. [SME: 3795]  
121    
122  * Mon Jan 7 2008 Shad L. Lords <slords@mail.com> 1.3.0-4  * Thu Apr 2 2009 Shad L. Lords <slords@mail.com> 1.3.4-6
123  - Disable scan for suspicious files until fixed [SME: 3713]  - Update to epel version of rkhunter
   
 * Mon Dec 17 2007 Shad L. Lords <slords@mail.com> 1.3.0-3  
 - Change /var/lib to /var to be consistent with previous versions  
   
 * Mon Dec 17 2007 Shad L. Lords <slords@mail.com> 1.3.0-2  
 - Add a few more services for sme tests  
   
 * Mon Dec 17 2007 Shad L. Lords <slords@mail.com> 1.3.0-1  
 - Fix installer to not install in local  
124  - Set parameters for sme specific tests  - Set parameters for sme specific tests
125    
126  * Sun Feb 11 2007 unSpawn - pre-1.3.0  * Sun Mar 08 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-5
127  - Sync spec with fixes, installer and CVS  - Fix typo in patch file
128    
129  * Sun Nov 12 2006 unSpawn - 1.2.9  * Wed Mar 04 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-4
130  - Re-spec, new installer  - Rework spec file
131    - Add check for the new hmac ssh files
132  * Fri Sep 29 2006 unSpawn - 1.2.9  
133  - Updated for release 1.2.9  * Thu Feb 26 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-3
134    - Update cron job to include hostname (thanks  Manuel Wolfshant)
135    
136    * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.4-2
137    - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
138    
139    * Fri Jan 02 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-1
140    - Update to 1.3.4
141    - Use libdir as tmp dir - bug #456340
142    
143    * Sat Dec 13 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-6
144    - Fix cron job sending as attachment - bug #472679
145    - Fix cron job trying to send with colors - bug #475916
146    
147    * Wed Sep 03 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-5
148    - Patch debug tmp file issue - bug #460628
149    
150    * Mon Jun 16 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-4
151    - Fix cron script to only mail on warn/error - bug #450703
152    - Fix conditional to account for fc10 rsyslog
153    
154    * Mon Apr 28 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-3
155    - Change cron to run after prelink - bug #438622
156    
157    * Wed Mar 26 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-2
158    - Move things to more standard locations for selinux - bug #438184
159    - Add exception for pulseaudio file - bug #438622
160    
161    * Thu Feb 28 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-1
162    - Update to 1.3.2
163    - Fix cron script
164    
165    * Thu Feb 28 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.0-2
166    - Use /etc/redhat-release for EPEL and /etc/fedora release for Fedora.
167    - Add conditionals to support EPEL
168    - Fix man page warning.
169    
170    * Sun Feb 03 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.0-1
171    - Revive package, clean up spec
172    - Update to 1.3.0
173    
174    * Sat Mar 18 2006 Greg Houlette <tamaster@pobox.com> - 1.2.8-3
175    - Made an RPM transparent change to move the sha1 canary check
176      file out of CVS and into the external lookaside cache (whose
177      filename changes with every new package release anyway...)
178    
179    * Fri Mar 17 2006 Greg Houlette <tamaster@pobox.com> - 1.2.8-2
180    - Fixed architectural dependency during package creation eliminating
181      use of _libdir configure macro (x86_64 /usr/lib64 mis-targeting)
182    
183    * Tue Mar 7 2006 Greg Houlette <tamaster@pobox.com> - 1.2.8-1
184    - New package version release
185    - reworked the .spec file to support optional dist tag
186    - Updated the application check default patchfile (chunk failure)
187    - Changed to SHA1 for optional message digest (canary check)
188    - Added a couple of suggested skip entries to rkhunter.conf
189    
190    * Mon Jun 11 2005 Greg Houlette <tamaster@pobox.com> - 1.2.7-1
191    - Added signature auto-updating to CRON scan (new script)
192    - Removed BOOTSCAN pending rewrite to full SysV Init scan in background
193    - Added the --append-log command line option
194    - Added Date Stamping to output
195    - Fixed bug in /etc/group missing report
196    - New package version release
197    
198    * Sun Jan 2 2005 Greg Houlette <tamaster@tekarmory.com> - 0:1.1.9-1
199    - New package version release
200    - Added the --run-application-check command line option
201      to listing in command help
202    - Replaced 'Here' Doc editing of rkhunter.conf file
203      with in-place Perl edit
204    - tweaked rpmbuild -bb Autoclean
205    
206    * Fri Oct 15 2004 Greg Houlette - 0:1.1.8-0.fdr.1 (revisited)
207    - Removed redundant buildrequires /bin/sh, coreutils and perl
208    - Revise postun scriptlet
209    - Added /usr/share/doc/rkhunter-1.1.8/ to files list
210    
211    * Mon Oct 11 2004 Greg Houlette - 0:1.1.8-0.fdr.1
212    - Changed Release Tag to 0.fdr.1 (testing) for QA
213    - Removed wget from dependencies
214    - Hid (temporarily) the --skip-application-check command
215      line option from being listed in help
216    - Fixed the spec files list, again!
217    
218    * Fri Oct 8 2004 Greg Houlette - 0:1.1.8-0.fdr.0.2.beta2
219    - Unified and disabled the md5 canary check in prep
220      (check is now optional) removing the sha1 cross-check
221    - Fixed the spec files list, adding the /var/rkhunter
222      directory and the /usr/bin/rkhunter executable
223    - Fixed missing dependencies (rkh uses runtime checks)
224    - Disabled "auto-clean" for rpmbuild -bb
225    - Changed Application version scan default to
226      disabled awaiting backport fix in upstream sources
227    - Fixed shared_man_search.patch, configuration files
228      verify and added postun(install) cleanup
229    
230    * Fri Oct 1 2004 Greg Houlette - 0:1.1.8-0.fdr.0.1.beta1
231    - More cosmetic patchwork
232    - Changed Release Tag to beta1 (pre-release) for QA submit
233    
234    * Tue Sep 28 2004 Greg Houlette - 0:1.1.8-0.fdr.1
235    - Removed hidden_search.patch (1.1.7) after it was
236      merged into upstream source by Michael Boelen
237    - Removed .spec file from md5 and sha1 file checks
238      (it must be modifiable by Fedora QA release build)
239    - Added BOOTSCAN description file to documentation
240    - Restructured dynamic file creation ('Here' Docs)
241      moving them to the "prep" stage so that *_ALL_*
242      files are available prior to the "build" stage
243      (for inspection purposes)
244    - Added a /etc/sysconfig/rkhunter parameters file
245    
246    * Sun Aug 29 2004 Greg Houlette - 0:1.1.7-0.fdr.1
247    - Cosmetic patchwork
248    
249    * Sat Aug 21 2004 Greg Houlette - 0:1.1.6-0.fdr.1
250    - Moderate reworking of .spec file for packaging standards
251    - Added md5 and sha1 file checks to prep procedure for source .rpm
252    - Included an optional rc.local replacement for scan on boot (with full logging)
253    
254  * Tue Aug 10 2004 Michael Boelen - 1.1.5  * Tue Aug 10 2004 Michael Boelen - 1.1.5
255  - Added update script  - Added update script
# Line 209  fi Line 293  fi
293    
294  * Mon Mar 29 2004 Doncho N. Gunchev - 1.0.0-0  * Mon Mar 29 2004 Doncho N. Gunchev - 1.0.0-0
295  - initial .spec file  - initial .spec file
   
   


Legend:
Removed lines/characters  
Changed lines/characters
  Added lines/characters

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed