/[smeserver]/rpms/rkhunter/sme8/rkhunter.spec
ViewVC logotype

Diff of /rpms/rkhunter/sme8/rkhunter.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

Revision 1.4 by bytegw, Mon Dec 17 22:24:22 2007 UTC Revision 1.14 by snetram, Tue Apr 7 07:30:35 2009 UTC
# Line 1  Line 1 
1  # No debuginfo:  # $Id: rkhunter.spec,v 1.13 2009/04/02 18:01:20 slords Exp $
 %define debug_package %{nil}  
2    
3  # If you want to debug, uncomment the next line and remove  Name:           rkhunter
4  # the duplicate percent sign (due to macro expansion)  Version:        1.3.4
5  #%%dump  Release:        7%{?dist}
6    Summary:        A host-based tool to scan for rootkits, backdoors and local exploits
7  %define name rkhunter  
8  %define ver 1.3.0  Group:          Applications/System
9  %define rel 2  License:        GPLv2+
10  %define epoch 0  URL:            http://rkhunter.sourceforge.net/
11    Source0:        http://downloads.sourceforge.net/rkhunter/rkhunter-%{version}.tar.gz
12  # Don't change this define or also:  Source1:        http://downloads.sourceforge.net/rkhunter/rkhunter-%{version}.tar.gz.sha1.txt
13  # 1. installer.sh --layout custom /temporary/dir/usr --striproot /temporary/dir --install  Source2:        01-rkhunter
14  # 2. rewrite the files section below.  Source3:        rkhunter.sysconfig
15  %define _prefix /usr  Patch0:         rkhunter-1.3.4-smeconfig.patch
16    BuildArch:      noarch
17  # We can't let RPM do the dependencies automatic because it'll then pick up  BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
18  # a correct but undesirable perl dependency, which rkhunter does not require  
19  # in order to function properly.  Requires:       coreutils, binutils, modutils, findutils, grep, mktemp
20  AutoReqProv: no  Requires:       e2fsprogs, procps, lsof, prelink, iproute, net-tools, wget
21    Requires:       perl, perl(strict), perl(IO::Socket), mailx, logrotate
 Name: %{name}  
 Summary: %{name} scans for rootkits, backdoors and local exploits  
 Version: %{ver}  
 Release: %{rel}%{dist}  
 Epoch: %{epoch}  
 License: GPL  
 Group: Applications/System  
 Source0: %{name}-%{version}.tar.gz  
 Patch0: rkhunter-installer.patch  
 BuildArch: noarch  
 Requires: filesystem, bash, grep, findutils, net-tools, coreutils, e2fsprogs, modutils, procps, binutils, wget, perl  
 Provides: %{name}  
 URL: http://rkhunter.sourceforge.net/  
 BuildRoot: %{_tmppath}/%{name}-%{version}  
22    
23  %description  %description
24  Rootkit Hunter is a scanning tool to ensure you are about 99.9%%  Rootkit Hunter (RKH) is an easy-to-use tool which checks
25  clean of nasty tools. It scans for rootkits, backdoors and local  computers running UNIX (clones) for the presence of rootkits
26  exploits by running tests like:  and other unwanted tools.
         - File hash check  
         - Look for default files used by rootkits  
         - Wrong file permissions for binaries  
         - Look for suspected strings in LKM and KLD modules  
         - Look for hidden files  
         - Optional scan within plaintext and binary files  
         - Software version checks  
         - Application tests  
   
 Rootkit Hunter is released as a GPL licensed project and free for everyone to use.  
   
27    
28  %prep  %prep
29    
30  %setup -q  %setup -q
31    
32  %patch0 -p1  %patch0 -p1
33    
34    %{__cat} <<'EOF' >%{name}.logrotate
35    %{_localstatedir}/log/%{name}/%{name}.log {
36        weekly
37        notifempty
38        create 640 root root
39    }
40    EOF
41    
42  %build  %build
43    # Nothing to be built
44    
45  %install  %install
46  sh ./installer.sh --layout RPM --install  %{__rm} -rf $RPM_BUILD_ROOT
47    
48  sed -i 's_#ALLOWPROCLISTEN=/sbin/dhclient_ALLOWPROCLISTEN=/sbin/dhclient_' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf  %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_bindir}
49  sed -i 's_#ALLOWPROCLISTEN=/usr/sbin/pppoe_ALLOWPROCLISTEN=/usr/sbin/pppoe_' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf  %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_sysconfdir}/{cron.daily,sysconfig,logrotate.d}
50  sed -i 's_#ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz_ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz_' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf  %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts
51  sed -i '/#ALLOWPROCLISTEN=\/usr\/bin\/dhcpcd/iALLOWPROCLISTEN=\/usr\/sbin\/dhcpd' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf  %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}
52  sed -i '/#ALLOWPROCDELFILE=\/usr\/sbin\/mysqld/aALLOWPROCDELFILE=\/usr\/sbin\/httpd' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf  %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_mandir}/man8
53    %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db
54  # Make a cron.daily file to mail us the reports  %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/run/%{name}
55  %{__mkdir} -p "${RPM_BUILD_ROOT}/%{_sysconfdir}/cron.daily"  %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/log/%{name}
56  %{__cat} > "${RPM_BUILD_ROOT}/%{_sysconfdir}/cron.daily/01-rkhunter" <<EOF  %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n
57  #!/bin/sh  
58  %{_bindir}/rkhunter --cronjob --update --disable apps,system_commands --rwo  %{__install} -m755 -p files/%{name}             ${RPM_BUILD_ROOT}%{_bindir}/
59  exit 0  
60  EOF  %{__install} -m644 -p files/backdoorports.dat   ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
61  %{__chmod} a+rwx,g-w,o-rwx ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/01-rkhunter  %{__install} -m644 -p files/defaulthashes.dat   ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
62    %{__install} -m644 -p files/md5blacklist.dat    ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
63    %{__install} -m644 -p files/mirrors.dat         ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
64    %{__install} -m644 -p files/os.dat              ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
65    %{__install} -m644 -p files/programs_bad.dat    ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
66    %{__install} -m644 -p files/programs_good.dat   ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
67    %{__install} -m644 -p files/i18n/cn             ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/
68    %{__install} -m644 -p files/i18n/en             ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/
69    
70    %{__install} -m644 -p files/CHANGELOG           ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
71    %{__install} -m644 -p files/LICENSE             ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
72    %{__install} -m644 -p files/README              ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
73    %{__install} -m644 -p files/WISHLIST            ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
74    %{__install} -m755 -p files/check_modules.pl    ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/
75    %{__install} -m755 -p files/check_port.pl       ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/
76    %{__install} -m755 -p files/check_update.sh     ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/
77    %{__install} -m644 -p files/*.8                 ${RPM_BUILD_ROOT}%{_mandir}/man8/
78    # Don't ship these unless we want to Require the perl modules
79    #%{__install} -m750 -p files/filehashmd5.pl      ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/
80    #%{__install} -m750 -p files/filehashsha1.pl     ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/
81    %{__install} -m755 -p files/showfiles.pl        ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/
82    %{__install} -m755 -p %{SOURCE2}                ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/%{name}
83    %{__install} -m644 -p %{name}.logrotate         ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name}
84    %{__install} -m640 -p files/%{name}.conf        ${RPM_BUILD_ROOT}%{_sysconfdir}/
85    %{__install} -m640 -p %{SOURCE3}                ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name}
86    
87    %clean
88    %{__rm} -rf $RPM_BUILD_ROOT
89    
90  %post  %post
91  # Only do this on an initial install  # Only do this on an initial install
92  if [ $1 -eq 1 ]; then  if [ $1 -eq 1 ]; then
93          %{__cp} -p /etc/passwd /var/lib/rkhunter/tmp >/dev/null 2>&1 || :      %{__cp} -p /etc/passwd /var/lib/rkhunter/ >/dev/null 2>&1 || :
94          %{__cp} -p /etc/group /var/lib/rkhunter/tmp >/dev/null 2>&1 || :      %{__cp} -p /etc/group /var/lib/rkhunter/ >/dev/null 2>&1 || :
 fi  
   
   
 %preun  
 # Only do this when removing the RPM  
 if [ $1 -eq 0 ]; then  
         %{__rm} -f /var/log/rkhunter.log /var/log/rkhunter.log.old >/dev/null 2>&1  
         %{__rm} -rf /var/lib/rkhunter/* >/dev/null 2>&1  
 fi  
   
   
 %clean  
 if [ "$RPM_BUILD_ROOT" = "/" ]; then  
         echo Invalid Build root \'"$RPM_BUILD_ROOT"\'  
         exit 1  
 else  
         rm -rf $RPM_BUILD_ROOT  
95  fi  fi
96    
   
 %define docdir %{_prefix}/share/doc/%{name}-%{version}  
97  %files  %files
98  %defattr(-,root,root)  %defattr(-,root,root,-)
99  %attr(640,root,root) %config(noreplace) %{_sysconfdir}/%{name}.conf  %doc %{_docdir}/%{name}-%{version}/*
100  %attr(750,root,root) %{_prefix}/bin/%{name}  %{_bindir}/%{name}
101  %attr(750,root,root) %dir %{_libdir}/%{name}  %dir %{_datadir}/%{name}
102  %attr(750,root,root) %dir %{_libdir}/%{name}/scripts  %{_datadir}/%{name}/scripts
103  %attr(750,root,root) %{_libdir}/%{name}/scripts/*.pl  %{_sysconfdir}/cron.daily/%{name}
104  %attr(750,root,root) %{_libdir}/%{name}/scripts/*.sh  %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
105  %attr(644,root,root) %doc %{_prefix}/share/man/man8/%{name}.8.gz  %dir %{_var}/lib/%{name}
106  %attr(755,root,root) %dir %{docdir}  %{_var}/lib/%{name}/db
107  %attr(644,root,root) %doc %{docdir}/*  %{_var}/lib/%{name}/db/i18n
108  %attr(750,root,root) %dir %{_var}/lib/%{name}  %dir %{_var}/run/%{name}
109  %attr(750,root,root) %dir %{_var}/lib/%{name}/db  %dir %{_var}/log/%{name}
110  %attr(640,root,root) %{_var}/lib/%{name}/db/*.dat  %config(noreplace) %{_sysconfdir}/%{name}.conf
111  %attr(750,root,root) %dir %{_var}/lib/%{name}/db/i18n  %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
112  %attr(640,root,root) %{_var}/lib/%{name}/db/i18n/*  %dir %{_docdir}/%{name}-%{version}
113  %attr(750,root,root) %dir %{_var}/lib/%{name}/tmp  %{_mandir}/man8/*
 %{_sysconfdir}/cron.daily/01-rkhunter  
   
114    
115  %changelog  %changelog
116  * Mon Dec 17 2007 Shad L. Lords <slords@mail.com> 1.3.0-2  * Tue Apr 7 2009 Jonathan Martens <smeserver-contribs@snetram.nl> 1.3.4-7
117  - Add a few more services for sme tests  - Remove quotes in DISABLE_TESTS setting [SME: 5149]
118    
119  * Mon Dec 17 2007 Shad L. Lords <slords@mail.com> 1.3.0-1  * Thu Apr 2 2009 Shad L. Lords <slords@mail.com>
120  - Fix installer to not install in local  1.3.4-6
121    - Update to epel version of rkhunter
122  - Set parameters for sme specific tests  - Set parameters for sme specific tests
123    
124  * Sun Feb 11 2007 unSpawn - pre-1.3.0  * Sun Mar 08 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-5
125  - Sync spec with fixes, installer and CVS  - Fix typo in patch file
   
 * Sun Nov 12 2006 unSpawn - 1.2.9  
 - Re-spec, new installer  
126    
127  * Fri Sep 29 2006 unSpawn - 1.2.9  * Wed Mar 04 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-4
128  - Updated for release 1.2.9  - Rework spec file
129    - Add check for the new hmac ssh files
130    
131    * Thu Feb 26 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-3
132    - Update cron job to include hostname (thanks  Manuel Wolfshant)
133    
134    * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.4-2
135    - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
136    
137    * Fri Jan 02 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-1
138    - Update to 1.3.4
139    - Use libdir as tmp dir - bug #456340
140    
141    * Sat Dec 13 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-6
142    - Fix cron job sending as attachment - bug #472679
143    - Fix cron job trying to send with colors - bug #475916
144    
145    * Wed Sep 03 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-5
146    - Patch debug tmp file issue - bug #460628
147    
148    * Mon Jun 16 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-4
149    - Fix cron script to only mail on warn/error - bug #450703
150    - Fix conditional to account for fc10 rsyslog
151    
152    * Mon Apr 28 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-3
153    - Change cron to run after prelink - bug #438622
154    
155    * Wed Mar 26 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-2
156    - Move things to more standard locations for selinux - bug #438184
157    - Add exception for pulseaudio file - bug #438622
158    
159    * Thu Feb 28 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-1
160    - Update to 1.3.2
161    - Fix cron script
162    
163    * Thu Feb 28 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.0-2
164    - Use /etc/redhat-release for EPEL and /etc/fedora release for Fedora.
165    - Add conditionals to support EPEL
166    - Fix man page warning.
167    
168    * Sun Feb 03 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.0-1
169    - Revive package, clean up spec
170    - Update to 1.3.0
171    
172    * Sat Mar 18 2006 Greg Houlette <tamaster@pobox.com> - 1.2.8-3
173    - Made an RPM transparent change to move the sha1 canary check
174      file out of CVS and into the external lookaside cache (whose
175      filename changes with every new package release anyway...)
176    
177    * Fri Mar 17 2006 Greg Houlette <tamaster@pobox.com> - 1.2.8-2
178    - Fixed architectural dependency during package creation eliminating
179      use of _libdir configure macro (x86_64 /usr/lib64 mis-targeting)
180    
181    * Tue Mar 7 2006 Greg Houlette <tamaster@pobox.com> - 1.2.8-1
182    - New package version release
183    - reworked the .spec file to support optional dist tag
184    - Updated the application check default patchfile (chunk failure)
185    - Changed to SHA1 for optional message digest (canary check)
186    - Added a couple of suggested skip entries to rkhunter.conf
187    
188    * Mon Jun 11 2005 Greg Houlette <tamaster@pobox.com> - 1.2.7-1
189    - Added signature auto-updating to CRON scan (new script)
190    - Removed BOOTSCAN pending rewrite to full SysV Init scan in background
191    - Added the --append-log command line option
192    - Added Date Stamping to output
193    - Fixed bug in /etc/group missing report
194    - New package version release
195    
196    * Sun Jan 2 2005 Greg Houlette <tamaster@tekarmory.com> - 0:1.1.9-1
197    - New package version release
198    - Added the --run-application-check command line option
199      to listing in command help
200    - Replaced 'Here' Doc editing of rkhunter.conf file
201      with in-place Perl edit
202    - tweaked rpmbuild -bb Autoclean
203    
204    * Fri Oct 15 2004 Greg Houlette - 0:1.1.8-0.fdr.1 (revisited)
205    - Removed redundant buildrequires /bin/sh, coreutils and perl
206    - Revise postun scriptlet
207    - Added /usr/share/doc/rkhunter-1.1.8/ to files list
208    
209    * Mon Oct 11 2004 Greg Houlette - 0:1.1.8-0.fdr.1
210    - Changed Release Tag to 0.fdr.1 (testing) for QA
211    - Removed wget from dependencies
212    - Hid (temporarily) the --skip-application-check command
213      line option from being listed in help
214    - Fixed the spec files list, again!
215    
216    * Fri Oct 8 2004 Greg Houlette - 0:1.1.8-0.fdr.0.2.beta2
217    - Unified and disabled the md5 canary check in prep
218      (check is now optional) removing the sha1 cross-check
219    - Fixed the spec files list, adding the /var/rkhunter
220      directory and the /usr/bin/rkhunter executable
221    - Fixed missing dependencies (rkh uses runtime checks)
222    - Disabled "auto-clean" for rpmbuild -bb
223    - Changed Application version scan default to
224      disabled awaiting backport fix in upstream sources
225    - Fixed shared_man_search.patch, configuration files
226      verify and added postun(install) cleanup
227    
228    * Fri Oct 1 2004 Greg Houlette - 0:1.1.8-0.fdr.0.1.beta1
229    - More cosmetic patchwork
230    - Changed Release Tag to beta1 (pre-release) for QA submit
231    
232    * Tue Sep 28 2004 Greg Houlette - 0:1.1.8-0.fdr.1
233    - Removed hidden_search.patch (1.1.7) after it was
234      merged into upstream source by Michael Boelen
235    - Removed .spec file from md5 and sha1 file checks
236      (it must be modifiable by Fedora QA release build)
237    - Added BOOTSCAN description file to documentation
238    - Restructured dynamic file creation ('Here' Docs)
239      moving them to the "prep" stage so that *_ALL_*
240      files are available prior to the "build" stage
241      (for inspection purposes)
242    - Added a /etc/sysconfig/rkhunter parameters file
243    
244    * Sun Aug 29 2004 Greg Houlette - 0:1.1.7-0.fdr.1
245    - Cosmetic patchwork
246    
247    * Sat Aug 21 2004 Greg Houlette - 0:1.1.6-0.fdr.1
248    - Moderate reworking of .spec file for packaging standards
249    - Added md5 and sha1 file checks to prep procedure for source .rpm
250    - Included an optional rc.local replacement for scan on boot (with full logging)
251    
252  * Tue Aug 10 2004 Michael Boelen - 1.1.5  * Tue Aug 10 2004 Michael Boelen - 1.1.5
253  - Added update script  - Added update script
# Line 181  fi Line 291  fi
291    
292  * Mon Mar 29 2004 Doncho N. Gunchev - 1.0.0-0  * Mon Mar 29 2004 Doncho N. Gunchev - 1.0.0-0
293  - initial .spec file  - initial .spec file
   
   

Legend:
Removed lines/characters  
Changed lines/characters
  Added lines/characters
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed