--- rpms/rkhunter/sme8/rkhunter.spec 2008/01/29 19:43:19 1.7 +++ rpms/rkhunter/sme8/rkhunter.spec 2011/04/27 15:19:44 1.16 @@ -1,156 +1,276 @@ -# No debuginfo: -%define debug_package %{nil} - -# If you want to debug, uncomment the next line and remove -# the duplicate percent sign (due to macro expansion) -#%%dump - -%define name rkhunter -%define ver 1.3.0 -%define rel 5 -%define epoch 0 - -# Don't change this define or also: -# 1. installer.sh --layout custom /temporary/dir/usr --striproot /temporary/dir --install -# 2. rewrite the files section below. -%define _prefix /usr - -# We can't let RPM do the dependencies automatic because it'll then pick up -# a correct but undesirable perl dependency, which rkhunter does not require -# in order to function properly. -AutoReqProv: no - -Name: %{name} -Summary: %{name} scans for rootkits, backdoors and local exploits -Version: %{ver} -Release: %{rel}%{dist} -Epoch: %{epoch} -License: GPL -Group: Applications/System -Source0: %{name}-%{version}.tar.gz -Patch0: rkhunter-installer.patch -Patch1: rkhunter-nolib.patch -BuildArch: noarch -Requires: filesystem, bash, grep, findutils, net-tools, coreutils, e2fsprogs, modutils, procps, binutils, wget, perl -Provides: %{name} -URL: http://rkhunter.sourceforge.net/ -BuildRoot: %{_tmppath}/%{name}-%{version} +Name: rkhunter +Version: 1.3.8 +Release: 3%{?dist} +Summary: A host-based tool to scan for rootkits, backdoors and local exploits + +Group: Applications/System +License: GPLv2+ +URL: http://rkhunter.sourceforge.net/ +Source0: http://downloads.sourceforge.net/rkhunter/rkhunter-%{version}.tar.gz +Source2: 01-rkhunter +Source3: rkhunter.sysconfig +Patch0: rkhunter-1.3.8-fedoraconfig.patch +BuildArch: noarch +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +Requires: coreutils, binutils, modutils, findutils, grep, mktemp +Requires: e2fsprogs, procps, lsof, prelink, iproute, net-tools, wget +Requires: perl, perl(strict), perl(IO::Socket), mailx, logrotate %description -Rootkit Hunter is a scanning tool to ensure you are about 99.9%% -clean of nasty tools. It scans for rootkits, backdoors and local -exploits by running tests like: - - File hash check - - Look for default files used by rootkits - - Wrong file permissions for binaries - - Look for suspected strings in LKM and KLD modules - - Look for hidden files - - Optional scan within plaintext and binary files - - Software version checks - - Application tests - -Rootkit Hunter is released as a GPL licensed project and free for everyone to use. - +Rootkit Hunter (RKH) is an easy-to-use tool which checks +computers running UNIX (clones) for the presence of rootkits +and other unwanted tools. %prep -%setup -q -%patch0 -p1 -%patch1 -p1 -%build +%setup -q -%install -sh ./installer.sh --layout RPM --install +%patch0 -p1 -sed -i 's_#ALLOWPROCLISTEN=/sbin/dhclient_ALLOWPROCLISTEN=/sbin/dhclient_' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf -sed -i 's_#ALLOWPROCLISTEN=/usr/sbin/pppoe_ALLOWPROCLISTEN=/sbin/pppoe_' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf -sed -i 's_#ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz_ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz_' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf -sed -i '/#ALLOWPROCLISTEN=\/usr\/bin\/dhcpcd/iALLOWPROCLISTEN=\/usr\/sbin\/dhcpd' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf -sed -i '/#ALLOWPROCDELFILE=\/usr\/sbin\/mysqld/aALLOWPROCDELFILE=\/usr\/sbin\/httpd' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf -sed -i '/#ALLOWPROCLISTEN=\/usr\/local\/bin\/wpa_supplicant/aALLOWPROCLISTEN=\/usr\/sbin\/asterisk' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf - -# Make a cron.daily file to mail us the reports -%{__mkdir} -p "${RPM_BUILD_ROOT}/%{_sysconfdir}/cron.daily" -%{__cat} > "${RPM_BUILD_ROOT}/%{_sysconfdir}/cron.daily/01-rkhunter" <%{name}.logrotate +%{_localstatedir}/log/%{name}/%{name}.log { + weekly + notifempty + create 640 root root +} EOF -%{__chmod} a+rwx,g-w,o-rwx ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/01-rkhunter +%build +# Nothing to be built -%post -# Only do this on an initial install -if [ $1 -eq 1 ]; then - %{__cp} -p /etc/passwd /var/rkhunter/tmp >/dev/null 2>&1 || : - %{__cp} -p /etc/group /var/rkhunter/tmp >/dev/null 2>&1 || : -fi - - -%preun -# Only do this when removing the RPM -if [ $1 -eq 0 ]; then - %{__rm} -f /var/log/rkhunter.log /var/log/rkhunter.log.old >/dev/null 2>&1 - %{__rm} -rf /var/rkhunter/* >/dev/null 2>&1 -fi +%install +%{__rm} -rf $RPM_BUILD_ROOT +%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_bindir} +%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_sysconfdir}/{cron.daily,sysconfig,logrotate.d} +%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts +%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version} +%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_mandir}/man8 +%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db +%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/log/%{name} +%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n + +%{__install} -m755 -p files/%{name} ${RPM_BUILD_ROOT}%{_bindir}/ + +%{__install} -m644 -p files/backdoorports.dat ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/ +%{__install} -m644 -p files/mirrors.dat ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/ +%{__install} -m644 -p files/programs_bad.dat ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/ +%{__install} -m644 -p files/i18n/cn ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/ +%{__install} -m644 -p files/i18n/en ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/ + +%{__install} -m644 -p files/CHANGELOG ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/ +%{__install} -m644 -p files/LICENSE ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/ +%{__install} -m644 -p files/README ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/ +%{__install} -m755 -p files/check_modules.pl ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/ +%{__install} -m644 -p files/*.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/ +# Don't ship these unless we want to Require the perl modules +#%{__install} -m750 -p files/filehashmd5.pl ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/ +#%{__install} -m750 -p files/filehashsha1.pl ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/ +%{__install} -m755 -p %{SOURCE2} ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/%{name} +%{__install} -m644 -p %{name}.logrotate ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name} +%{__install} -m640 -p files/%{name}.conf ${RPM_BUILD_ROOT}%{_sysconfdir}/ +%{__install} -m640 -p %{SOURCE3} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name} %clean -if [ "$RPM_BUILD_ROOT" = "/" ]; then - echo Invalid Build root \'"$RPM_BUILD_ROOT"\' - exit 1 -else - rm -rf $RPM_BUILD_ROOT -fi - +%{__rm} -rf $RPM_BUILD_ROOT -%define docdir %{_prefix}/share/doc/%{name}-%{version} %files -%defattr(-,root,root) -%attr(640,root,root) %config(noreplace) %{_sysconfdir}/%{name}.conf -%attr(750,root,root) %{_prefix}/bin/%{name} -%attr(750,root,root) %dir %{_libdir}/%{name} -%attr(750,root,root) %dir %{_libdir}/%{name}/scripts -%attr(750,root,root) %{_libdir}/%{name}/scripts/*.pl -%attr(750,root,root) %{_libdir}/%{name}/scripts/*.sh -%attr(644,root,root) %doc %{_prefix}/share/man/man8/%{name}.8.gz -%attr(755,root,root) %dir %{docdir} -%attr(644,root,root) %doc %{docdir}/* -%attr(750,root,root) %dir %{_var}/%{name} -%attr(750,root,root) %dir %{_var}/%{name}/db -%attr(640,root,root) %{_var}/%{name}/db/*.dat -%attr(750,root,root) %dir %{_var}/%{name}/db/i18n -%attr(640,root,root) %{_var}/%{name}/db/i18n/* -%attr(750,root,root) %dir %{_var}/%{name}/tmp -%{_sysconfdir}/cron.daily/01-rkhunter - +%defattr(-,root,root,-) +%doc %{_docdir}/%{name}-%{version}/* +%{_bindir}/%{name} +%dir %{_datadir}/%{name} +%{_datadir}/%{name}/scripts +%{_sysconfdir}/cron.daily/%{name} +%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%dir %{_var}/lib/%{name} +%{_var}/lib/%{name}/db +%{_var}/lib/%{name}/db/i18n +%dir %{_var}/log/%{name} +%config(noreplace) %{_sysconfdir}/%{name}.conf +%config(noreplace) %{_sysconfdir}/sysconfig/%{name} +%dir %{_docdir}/%{name}-%{version} +%{_mandir}/man8/* %changelog -* Tue Jan 29 2008 Shad L. Lords 1.3.0-5 -- Correct pppoe binary location. -- Add asterisk binary to allow deleted files. [SME: 3795] - -* Mon Jan 7 2008 Shad L. Lords 1.3.0-4 -- Disable scan for suspicious files until fixed [SME: 3713] - -* Mon Dec 17 2007 Shad L. Lords 1.3.0-3 -- Change /var/lib to /var to be consistent with previous versions +* Wed Dec 08 2010 Kevin Fenzi - 1.3.8-3 +- Adjust ssh config to the right default. -* Mon Dec 17 2007 Shad L. Lords 1.3.0-2 -- Add a few more services for sme tests +* Tue Dec 07 2010 Kevin Fenzi - 1.3.8-2 +- Adjust config some - bug #596775 -* Mon Dec 17 2007 Shad L. Lords 1.3.0-1 -- Fix installer to not install in local -- Set parameters for sme specific tests +* Fri Nov 26 2010 Kevin Fenzi - 1.3.8-1 +- Update to 1.3.8 -* Sun Feb 11 2007 unSpawn - pre-1.3.0 -- Sync spec with fixes, installer and CVS - -* Sun Nov 12 2006 unSpawn - 1.2.9 -- Re-spec, new installer - -* Fri Sep 29 2006 unSpawn - 1.2.9 -- Updated for release 1.2.9 +* Wed Nov 24 2010 Kevin Fenzi - 1.3.6-9 +- Drop /var/run as it's not used anymore - bug #656684 + +* Wed Oct 06 2010 Kevin Fenzi - 1.3.6-8 +- Add patch to make rkhunter use unhide if installed - bug #636396 + +* Sat Jun 05 2010 Kevin Fenzi - 1.3.6-7 +- Add ipsec.hmac exclude - bug #560594 + +* Fri May 28 2010 Kevin Fenzi - 1.3.6-6 +- Add exclude for md-device-map - bug #596731 +- Supress ssh version check - bug #596775 + +* Sat Mar 06 2010 Kevin Fenzi - 1.3.6-5 +- Change config to not specify XINETD_PATH - bug #560562 + +* Sat Jan 23 2010 Kevin Fenzi - 1.3.6-4 +- Change email to just root instead of root@localhost - bug #553179 +- Add .k5login.5.gz to files whitelist - bug #553134 + +* Tue Jan 05 2010 Kevin Fenzi - 1.3.6-3 +- Add some more ssh hmac files to whitelist - bug #552621 +- Re-add /dev/.mdadm.map to whitelisted files - bug #539405 + +* Tue Dec 01 2009 Kevin Fenzi - 1.3.6-2 +- Disable apps check by default - bug #543065 + +* Sun Nov 29 2009 Kevin Fenzi - 1.3.6-1 +- Update to 1.3.6 + +* Thu Nov 26 2009 Kevin Fenzi - 1.3.4-9 +- Add exception for /dev/.mdadm file - bug #539405 + +* Sun Jul 26 2009 Fedora Release Engineering - 1.3.4-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Fri Jul 03 2009 Kevin Fenzi - 1.3.4-7 +- Add exception for software raid udev file - bug #509253 + +* Sat Jun 06 2009 Kevin Fenzi - 1.3.4-6 +- Add /usr/bin/.fipscheck.hmac to ok files - bug #494096 + +* Sun Mar 08 2009 Kevin Fenzi - 1.3.4-5 +- Fix typo in patch file + +* Wed Mar 04 2009 Kevin Fenzi - 1.3.4-4 +- Rework spec file +- Add check for the new hmac ssh files + +* Thu Feb 26 2009 Kevin Fenzi - 1.3.4-3 +- Update cron job to include hostname (thanks Manuel Wolfshant) + +* Wed Feb 25 2009 Fedora Release Engineering - 1.3.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Jan 02 2009 Kevin Fenzi - 1.3.4-1 +- Update to 1.3.4 +- Use libdir as tmp dir - bug #456340 + +* Sat Dec 13 2008 Kevin Fenzi - 1.3.2-6 +- Fix cron job sending as attachment - bug #472679 +- Fix cron job trying to send with colors - bug #475916 + +* Wed Sep 03 2008 Kevin Fenzi - 1.3.2-5 +- Patch debug tmp file issue - bug #460628 + +* Mon Jun 16 2008 Kevin Fenzi - 1.3.2-4 +- Fix cron script to only mail on warn/error - bug #450703 +- Fix conditional to account for fc10 rsyslog + +* Mon Apr 28 2008 Kevin Fenzi - 1.3.2-3 +- Change cron to run after prelink - bug #438622 + +* Wed Mar 26 2008 Kevin Fenzi - 1.3.2-2 +- Move things to more standard locations for selinux - bug #438184 +- Add exception for pulseaudio file - bug #438622 + +* Thu Feb 28 2008 Kevin Fenzi - 1.3.2-1 +- Update to 1.3.2 +- Fix cron script + +* Thu Feb 28 2008 Kevin Fenzi - 1.3.0-2 +- Use /etc/redhat-release for EPEL and /etc/fedora release for Fedora. +- Add conditionals to support EPEL +- Fix man page warning. + +* Sun Feb 03 2008 Kevin Fenzi - 1.3.0-1 +- Revive package, clean up spec +- Update to 1.3.0 + +* Sat Mar 18 2006 Greg Houlette - 1.2.8-3 +- Made an RPM transparent change to move the sha1 canary check + file out of CVS and into the external lookaside cache (whose + filename changes with every new package release anyway...) + +* Fri Mar 17 2006 Greg Houlette - 1.2.8-2 +- Fixed architectural dependency during package creation eliminating + use of _libdir configure macro (x86_64 /usr/lib64 mis-targeting) + +* Tue Mar 7 2006 Greg Houlette - 1.2.8-1 +- New package version release +- reworked the .spec file to support optional dist tag +- Updated the application check default patchfile (chunk failure) +- Changed to SHA1 for optional message digest (canary check) +- Added a couple of suggested skip entries to rkhunter.conf + +* Mon Jun 11 2005 Greg Houlette - 1.2.7-1 +- Added signature auto-updating to CRON scan (new script) +- Removed BOOTSCAN pending rewrite to full SysV Init scan in background +- Added the --append-log command line option +- Added Date Stamping to output +- Fixed bug in /etc/group missing report +- New package version release + +* Sun Jan 2 2005 Greg Houlette - 0:1.1.9-1 +- New package version release +- Added the --run-application-check command line option + to listing in command help +- Replaced 'Here' Doc editing of rkhunter.conf file + with in-place Perl edit +- tweaked rpmbuild -bb Autoclean + +* Fri Oct 15 2004 Greg Houlette - 0:1.1.8-0.fdr.1 (revisited) +- Removed redundant buildrequires /bin/sh, coreutils and perl +- Revise postun scriptlet +- Added /usr/share/doc/rkhunter-1.1.8/ to files list + +* Mon Oct 11 2004 Greg Houlette - 0:1.1.8-0.fdr.1 +- Changed Release Tag to 0.fdr.1 (testing) for QA +- Removed wget from dependencies +- Hid (temporarily) the --skip-application-check command + line option from being listed in help +- Fixed the spec files list, again! + +* Fri Oct 8 2004 Greg Houlette - 0:1.1.8-0.fdr.0.2.beta2 +- Unified and disabled the md5 canary check in prep + (check is now optional) removing the sha1 cross-check +- Fixed the spec files list, adding the /var/rkhunter + directory and the /usr/bin/rkhunter executable +- Fixed missing dependencies (rkh uses runtime checks) +- Disabled "auto-clean" for rpmbuild -bb +- Changed Application version scan default to + disabled awaiting backport fix in upstream sources +- Fixed shared_man_search.patch, configuration files + verify and added postun(install) cleanup + +* Fri Oct 1 2004 Greg Houlette - 0:1.1.8-0.fdr.0.1.beta1 +- More cosmetic patchwork +- Changed Release Tag to beta1 (pre-release) for QA submit + +* Tue Sep 28 2004 Greg Houlette - 0:1.1.8-0.fdr.1 +- Removed hidden_search.patch (1.1.7) after it was + merged into upstream source by Michael Boelen +- Removed .spec file from md5 and sha1 file checks + (it must be modifiable by Fedora QA release build) +- Added BOOTSCAN description file to documentation +- Restructured dynamic file creation ('Here' Docs) + moving them to the "prep" stage so that *_ALL_* + files are available prior to the "build" stage + (for inspection purposes) +- Added a /etc/sysconfig/rkhunter parameters file + +* Sun Aug 29 2004 Greg Houlette - 0:1.1.7-0.fdr.1 +- Cosmetic patchwork + +* Sat Aug 21 2004 Greg Houlette - 0:1.1.6-0.fdr.1 +- Moderate reworking of .spec file for packaging standards +- Added md5 and sha1 file checks to prep procedure for source .rpm +- Included an optional rc.local replacement for scan on boot (with full logging) * Tue Aug 10 2004 Michael Boelen - 1.1.5 - Added update script @@ -194,5 +314,3 @@ fi * Mon Mar 29 2004 Doncho N. Gunchev - 1.0.0-0 - initial .spec file - -