--- rpms/rkhunter/sme8/rkhunter.spec	2008/04/09 13:51:56	1.12
+++ rpms/rkhunter/sme8/rkhunter.spec	2009/04/02 18:01:20	1.13
@@ -1,171 +1,249 @@
-# $Id$
+# $Id: rkhunter.spec,v 1.12 2008/04/09 13:51:56 slords Exp $
 
-# No debuginfo:
-%define debug_package %{nil}
-
-# If you want to debug, uncomment the next line and remove
-# the duplicate percent sign (due to macro expansion)
-#%%dump
-
-%define name rkhunter
-%define ver 1.3.2
-%define rel 2
-%define epoch 0
-
-# Don't change this define or also:
-# 1. installer.sh --layout custom /temporary/dir/usr --striproot /temporary/dir --install
-# 2. rewrite the files section below.
-%define _prefix /usr
-
-# We can't let RPM do the dependencies automatic because it'll then pick up
-# a correct but undesirable perl dependency, which rkhunter does not require
-# in order to function properly.
-AutoReqProv: no
-
-Name: %{name}
-Summary: %{name} scans for rootkits, backdoors and local exploits
-Version: %{ver}
-Release: %{rel}%{dist}
-Epoch: %{epoch}
-License: GPL
-Group: Applications/System
-Source0: %{name}-%{version}.tar.gz
-Patch0: rkhunter-installer.patch
-Patch1: rkhunter-nolib.patch
-BuildArch: noarch
-Requires: filesystem, bash, grep, findutils, net-tools, coreutils, e2fsprogs, modutils, procps, binutils, wget, perl
-Provides: %{name}
-URL: http://rkhunter.sourceforge.net/
-BuildRoot: %{_tmppath}/%{name}-%{version}
+Name:           rkhunter
+Version:        1.3.4
+Release:        6%{?dist}
+Summary:        A host-based tool to scan for rootkits, backdoors and local exploits
+
+Group:          Applications/System
+License:        GPLv2+
+URL:            http://rkhunter.sourceforge.net/
+Source0:        http://downloads.sourceforge.net/rkhunter/rkhunter-%{version}.tar.gz
+Source1:        http://downloads.sourceforge.net/rkhunter/rkhunter-%{version}.tar.gz.sha1.txt
+Source2:        01-rkhunter
+Source3:        rkhunter.sysconfig
+Patch0:         rkhunter-1.3.4-smeconfig.patch
+BuildArch:      noarch
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+Requires:       coreutils, binutils, modutils, findutils, grep, mktemp
+Requires:       e2fsprogs, procps, lsof, prelink, iproute, net-tools, wget
+Requires:       perl, perl(strict), perl(IO::Socket), mailx, logrotate
 
 %description
-Rootkit Hunter is a scanning tool to ensure you are about 99.9%%
-clean of nasty tools. It scans for rootkits, backdoors and local
-exploits by running tests like:
-	- File hash check
-	- Look for default files used by rootkits
-	- Wrong file permissions for binaries
-	- Look for suspected strings in LKM and KLD modules
-	- Look for hidden files
-	- Optional scan within plaintext and binary files
-	- Software version checks
-	- Application tests
-
-Rootkit Hunter is released as a GPL licensed project and free for everyone to use.
-
+Rootkit Hunter (RKH) is an easy-to-use tool which checks
+computers running UNIX (clones) for the presence of rootkits
+and other unwanted tools.
 
 %prep
+
 %setup -q
+
 %patch0 -p1
-%patch1 -p1
+
+%{__cat} <<'EOF' >%{name}.logrotate
+%{_localstatedir}/log/%{name}/%{name}.log {
+    weekly
+    notifempty
+    create 640 root root
+}
+EOF
 
 %build
+# Nothing to be built
 
 %install
-MANPATH=""
-export MANPATH
+%{__rm} -rf $RPM_BUILD_ROOT
 
-sh ./installer.sh --layout RPM --install
-
-sed -i 's_#ALLOWPROCLISTEN=/sbin/dhclient_ALLOWPROCLISTEN=/sbin/dhclient_' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf
-sed -i 's_#ALLOWPROCLISTEN=/usr/sbin/pppoe_ALLOWPROCLISTEN=/sbin/pppoe_' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf
-sed -i 's_#ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz_ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz_' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf
-sed -i '/#ALLOWPROCLISTEN=\/usr\/bin\/dhcpcd/iALLOWPROCLISTEN=\/usr\/sbin\/dhcpd' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf
-sed -i '/#ALLOWPROCDELFILE=\/usr\/sbin\/mysqld/aALLOWPROCDELFILE=\/usr\/sbin\/httpd' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf
-sed -i '/ALLOWPROCDELFILE=\/usr\/sbin\/httpd/aALLOWPROCDELFILE=\/usr\/sbin\/asterisk' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf
-sed -i '/ALLOWPROCDELFILE=\/usr\/sbin\/httpd/aALLOWPROCDELFILE=\/usr\/bin\/freshclam' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf
-
-# Make a cron.daily file to mail us the reports
-%{__mkdir} -p "${RPM_BUILD_ROOT}/%{_sysconfdir}/cron.daily"
-%{__cat} > "${RPM_BUILD_ROOT}/%{_sysconfdir}/cron.daily/01-rkhunter" <<EOF
-#!/bin/sh
-%{_bindir}/rkhunter --cronjob --update --disable apps,suspscan,system_commands --rwo
-exit 0
-EOF
-%{__chmod} a+rwx,g-w,o-rwx ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/01-rkhunter
+%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_bindir}
+%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_sysconfdir}/{cron.daily,sysconfig,logrotate.d}
+%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts
+%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}
+%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_mandir}/man8
+%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db
+%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/run/%{name}
+%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/log/%{name}
+%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n
+
+%{__install} -m755 -p files/%{name}             ${RPM_BUILD_ROOT}%{_bindir}/
+
+%{__install} -m644 -p files/backdoorports.dat   ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
+%{__install} -m644 -p files/defaulthashes.dat   ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
+%{__install} -m644 -p files/md5blacklist.dat    ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
+%{__install} -m644 -p files/mirrors.dat         ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
+%{__install} -m644 -p files/os.dat              ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
+%{__install} -m644 -p files/programs_bad.dat    ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
+%{__install} -m644 -p files/programs_good.dat   ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
+%{__install} -m644 -p files/i18n/cn             ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/
+%{__install} -m644 -p files/i18n/en             ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/
+
+%{__install} -m644 -p files/CHANGELOG           ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
+%{__install} -m644 -p files/LICENSE             ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
+%{__install} -m644 -p files/README              ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
+%{__install} -m644 -p files/WISHLIST            ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
+%{__install} -m755 -p files/check_modules.pl    ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/
+%{__install} -m755 -p files/check_port.pl       ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/
+%{__install} -m755 -p files/check_update.sh     ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/
+%{__install} -m644 -p files/*.8                 ${RPM_BUILD_ROOT}%{_mandir}/man8/
+# Don't ship these unless we want to Require the perl modules
+#%{__install} -m750 -p files/filehashmd5.pl      ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/
+#%{__install} -m750 -p files/filehashsha1.pl     ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/
+%{__install} -m755 -p files/showfiles.pl        ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/
+%{__install} -m755 -p %{SOURCE2}                ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/%{name}
+%{__install} -m644 -p %{name}.logrotate         ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name}
+%{__install} -m640 -p files/%{name}.conf        ${RPM_BUILD_ROOT}%{_sysconfdir}/
+%{__install} -m640 -p %{SOURCE3}                ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name}
 
+%clean
+%{__rm} -rf $RPM_BUILD_ROOT
 
 %post
 # Only do this on an initial install
 if [ $1 -eq 1 ]; then
-	%{__cp} -p /etc/passwd /var/rkhunter/tmp >/dev/null 2>&1 || :
-	%{__cp} -p /etc/group /var/rkhunter/tmp >/dev/null 2>&1 || :
+    %{__cp} -p /etc/passwd /var/lib/rkhunter/ >/dev/null 2>&1 || :
+    %{__cp} -p /etc/group /var/lib/rkhunter/ >/dev/null 2>&1 || :
 fi
 
-
-%preun
-# Only do this when removing the RPM
-if [ $1 -eq 0 ]; then
-	%{__rm} -f /var/log/rkhunter.log /var/log/rkhunter.log.old >/dev/null 2>&1
-	%{__rm} -rf /var/rkhunter/* >/dev/null 2>&1
-fi
-
-
-%clean
-if [ "$RPM_BUILD_ROOT" = "/" ]; then
-	echo Invalid Build root \'"$RPM_BUILD_ROOT"\'
-	exit 1
-else
-	rm -rf $RPM_BUILD_ROOT
-fi
-
-
-%define docdir %{_prefix}/share/doc/%{name}-%{version}
 %files
-%defattr(-,root,root)
-%attr(640,root,root) %config(noreplace) %{_sysconfdir}/%{name}.conf
-%attr(750,root,root) %{_prefix}/bin/%{name}
-%attr(750,root,root) %dir %{_libdir}/%{name}
-%attr(750,root,root) %dir %{_libdir}/%{name}/scripts
-%attr(750,root,root) %{_libdir}/%{name}/scripts/*.pl
-%attr(750,root,root) %{_libdir}/%{name}/scripts/*.sh
-%attr(644,root,root) %doc %{_prefix}/share/man/man8/%{name}.8.gz
-%attr(755,root,root) %dir %{docdir}
-%attr(644,root,root) %doc %{docdir}/*
-%attr(750,root,root) %dir %{_var}/%{name}
-%attr(750,root,root) %dir %{_var}/%{name}/db
-%attr(640,root,root) %{_var}/%{name}/db/*.dat
-%attr(750,root,root) %dir %{_var}/%{name}/db/i18n
-%attr(640,root,root) %{_var}/%{name}/db/i18n/*
-%attr(750,root,root) %dir %{_var}/%{name}/tmp
-%{_sysconfdir}/cron.daily/01-rkhunter
-
+%defattr(-,root,root,-)
+%doc %{_docdir}/%{name}-%{version}/*
+%{_bindir}/%{name}
+%dir %{_datadir}/%{name}
+%{_datadir}/%{name}/scripts
+%{_sysconfdir}/cron.daily/%{name}
+%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
+%dir %{_var}/lib/%{name}
+%{_var}/lib/%{name}/db
+%{_var}/lib/%{name}/db/i18n
+%dir %{_var}/run/%{name}
+%dir %{_var}/log/%{name}
+%config(noreplace) %{_sysconfdir}/%{name}.conf
+%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
+%dir %{_docdir}/%{name}-%{version}
+%{_mandir}/man8/*
 
 %changelog
-* Sun Mar 2 2008 Shad L. Lords <slords@mail.com> 1.3.2-2
-- Allow freshclam to use deleted files. [SME: 3876]
-
-* Fri Feb 29 2008 Shad L. Lords <slords@mail.com> 1.3.2-1
-- Update to rkhunter v1.3.2 [SME: 4000]
-
-* Wed Jan 30 2008 Shad L. Lords <slords@mail.com> 1.3.0-6
-- Fix asterisk to allow deleted files. [SME: 3795]
-
-* Tue Jan 29 2008 Shad L. Lords <slords@mail.com> 1.3.0-5
-- Correct pppoe binary location.
-- Add asterisk binary to allow deleted files. [SME: 3795]
-
-* Mon Jan 7 2008 Shad L. Lords <slords@mail.com> 1.3.0-4
-- Disable scan for suspicious files until fixed [SME: 3713]
-
-* Mon Dec 17 2007 Shad L. Lords <slords@mail.com> 1.3.0-3
-- Change /var/lib to /var to be consistent with previous versions
-
-* Mon Dec 17 2007 Shad L. Lords <slords@mail.com> 1.3.0-2
-- Add a few more services for sme tests
-
-* Mon Dec 17 2007 Shad L. Lords <slords@mail.com> 1.3.0-1
-- Fix installer to not install in local
+* Thu Apr 2 2009 Shad L. Lords <slords@mail.com> 1.3.4-6
+- Update to epel version of rkhunter
 - Set parameters for sme specific tests
 
-* Sun Feb 11 2007 unSpawn - pre-1.3.0
-- Sync spec with fixes, installer and CVS
+* Sun Mar 08 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-5
+- Fix typo in patch file
 
-* Sun Nov 12 2006 unSpawn - 1.2.9
-- Re-spec, new installer
-
-* Fri Sep 29 2006 unSpawn - 1.2.9
-- Updated for release 1.2.9
+* Wed Mar 04 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-4
+- Rework spec file
+- Add check for the new hmac ssh files 
+
+* Thu Feb 26 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-3
+- Update cron job to include hostname (thanks  Manuel Wolfshant)
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Fri Jan 02 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-1
+- Update to 1.3.4
+- Use libdir as tmp dir - bug #456340
+
+* Sat Dec 13 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-6
+- Fix cron job sending as attachment - bug #472679
+- Fix cron job trying to send with colors - bug #475916
+
+* Wed Sep 03 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-5
+- Patch debug tmp file issue - bug #460628
+
+* Mon Jun 16 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-4
+- Fix cron script to only mail on warn/error - bug #450703
+- Fix conditional to account for fc10 rsyslog
+
+* Mon Apr 28 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-3
+- Change cron to run after prelink - bug #438622
+
+* Wed Mar 26 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-2
+- Move things to more standard locations for selinux - bug #438184
+- Add exception for pulseaudio file - bug #438622
+
+* Thu Feb 28 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-1
+- Update to 1.3.2
+- Fix cron script
+
+* Thu Feb 28 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.0-2
+- Use /etc/redhat-release for EPEL and /etc/fedora release for Fedora.
+- Add conditionals to support EPEL
+- Fix man page warning. 
+
+* Sun Feb 03 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.0-1
+- Revive package, clean up spec
+- Update to 1.3.0
+
+* Sat Mar 18 2006 Greg Houlette <tamaster@pobox.com> - 1.2.8-3
+- Made an RPM transparent change to move the sha1 canary check
+  file out of CVS and into the external lookaside cache (whose
+  filename changes with every new package release anyway...)
+
+* Fri Mar 17 2006 Greg Houlette <tamaster@pobox.com> - 1.2.8-2
+- Fixed architectural dependency during package creation eliminating
+  use of _libdir configure macro (x86_64 /usr/lib64 mis-targeting)
+
+* Tue Mar 7 2006 Greg Houlette <tamaster@pobox.com> - 1.2.8-1
+- New package version release
+- reworked the .spec file to support optional dist tag
+- Updated the application check default patchfile (chunk failure)
+- Changed to SHA1 for optional message digest (canary check)
+- Added a couple of suggested skip entries to rkhunter.conf
+
+* Mon Jun 11 2005 Greg Houlette <tamaster@pobox.com> - 1.2.7-1
+- Added signature auto-updating to CRON scan (new script)
+- Removed BOOTSCAN pending rewrite to full SysV Init scan in background
+- Added the --append-log command line option
+- Added Date Stamping to output
+- Fixed bug in /etc/group missing report
+- New package version release
+
+* Sun Jan 2 2005 Greg Houlette <tamaster@tekarmory.com> - 0:1.1.9-1
+- New package version release
+- Added the --run-application-check command line option
+  to listing in command help
+- Replaced 'Here' Doc editing of rkhunter.conf file
+  with in-place Perl edit
+- tweaked rpmbuild -bb Autoclean
+
+* Fri Oct 15 2004 Greg Houlette - 0:1.1.8-0.fdr.1 (revisited)
+- Removed redundant buildrequires /bin/sh, coreutils and perl
+- Revise postun scriptlet
+- Added /usr/share/doc/rkhunter-1.1.8/ to files list
+
+* Mon Oct 11 2004 Greg Houlette - 0:1.1.8-0.fdr.1
+- Changed Release Tag to 0.fdr.1 (testing) for QA
+- Removed wget from dependencies
+- Hid (temporarily) the --skip-application-check command
+  line option from being listed in help
+- Fixed the spec files list, again!
+
+* Fri Oct 8 2004 Greg Houlette - 0:1.1.8-0.fdr.0.2.beta2
+- Unified and disabled the md5 canary check in prep
+  (check is now optional) removing the sha1 cross-check
+- Fixed the spec files list, adding the /var/rkhunter
+  directory and the /usr/bin/rkhunter executable
+- Fixed missing dependencies (rkh uses runtime checks)
+- Disabled "auto-clean" for rpmbuild -bb
+- Changed Application version scan default to
+  disabled awaiting backport fix in upstream sources
+- Fixed shared_man_search.patch, configuration files
+  verify and added postun(install) cleanup
+
+* Fri Oct 1 2004 Greg Houlette - 0:1.1.8-0.fdr.0.1.beta1
+- More cosmetic patchwork
+- Changed Release Tag to beta1 (pre-release) for QA submit
+
+* Tue Sep 28 2004 Greg Houlette - 0:1.1.8-0.fdr.1
+- Removed hidden_search.patch (1.1.7) after it was
+  merged into upstream source by Michael Boelen
+- Removed .spec file from md5 and sha1 file checks
+  (it must be modifiable by Fedora QA release build)
+- Added BOOTSCAN description file to documentation
+- Restructured dynamic file creation ('Here' Docs)
+  moving them to the "prep" stage so that *_ALL_*
+  files are available prior to the "build" stage
+  (for inspection purposes)
+- Added a /etc/sysconfig/rkhunter parameters file
+
+* Sun Aug 29 2004 Greg Houlette - 0:1.1.7-0.fdr.1
+- Cosmetic patchwork
+
+* Sat Aug 21 2004 Greg Houlette - 0:1.1.6-0.fdr.1
+- Moderate reworking of .spec file for packaging standards
+- Added md5 and sha1 file checks to prep procedure for source .rpm
+- Included an optional rc.local replacement for scan on boot (with full logging)
 
 * Tue Aug 10 2004 Michael Boelen - 1.1.5
 - Added update script
@@ -209,5 +287,3 @@ fi
 
 * Mon Mar 29 2004 Doncho N. Gunchev - 1.0.0-0
 - initial .spec file
-
-