/[smeserver]/rpms/rkhunter/sme8/rkhunter.spec
ViewVC logotype

Diff of /rpms/rkhunter/sme8/rkhunter.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

Revision 1.8 by slords, Tue Feb 5 16:36:41 2008 UTC Revision 1.16 by slords, Wed Apr 27 15:19:44 2011 UTC
# Line 1  Line 1 
1  # No debuginfo:  Name:           rkhunter
2  %define debug_package %{nil}  Version:        1.3.8
3    Release:        3%{?dist}
4  # If you want to debug, uncomment the next line and remove  Summary:        A host-based tool to scan for rootkits, backdoors and local exploits
5  # the duplicate percent sign (due to macro expansion)  
6  #%%dump  Group:          Applications/System
7    License:        GPLv2+
8  %define name rkhunter  URL:            http://rkhunter.sourceforge.net/
9  %define ver 1.3.0  Source0:        http://downloads.sourceforge.net/rkhunter/rkhunter-%{version}.tar.gz
10  %define rel 6  Source2:        01-rkhunter
11  %define epoch 0  Source3:        rkhunter.sysconfig
12    Patch0:         rkhunter-1.3.8-fedoraconfig.patch
13  # Don't change this define or also:  BuildArch:      noarch
14  # 1. installer.sh --layout custom /temporary/dir/usr --striproot /temporary/dir --install  BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
15  # 2. rewrite the files section below.  
16  %define _prefix /usr  Requires:       coreutils, binutils, modutils, findutils, grep, mktemp
17    Requires:       e2fsprogs, procps, lsof, prelink, iproute, net-tools, wget
18  # We can't let RPM do the dependencies automatic because it'll then pick up  Requires:       perl, perl(strict), perl(IO::Socket), mailx, logrotate
 # a correct but undesirable perl dependency, which rkhunter does not require  
 # in order to function properly.  
 AutoReqProv: no  
   
 Name: %{name}  
 Summary: %{name} scans for rootkits, backdoors and local exploits  
 Version: %{ver}  
 Release: %{rel}%{dist}  
 Epoch: %{epoch}  
 License: GPL  
 Group: Applications/System  
 Source0: %{name}-%{version}.tar.gz  
 Patch0: rkhunter-installer.patch  
 Patch1: rkhunter-nolib.patch  
 BuildArch: noarch  
 Requires: filesystem, bash, grep, findutils, net-tools, coreutils, e2fsprogs, modutils, procps, binutils, wget, perl  
 Provides: %{name}  
 URL: http://rkhunter.sourceforge.net/  
 BuildRoot: %{_tmppath}/%{name}-%{version}  
19    
20  %description  %description
21  Rootkit Hunter is a scanning tool to ensure you are about 99.9%%  Rootkit Hunter (RKH) is an easy-to-use tool which checks
22  clean of nasty tools. It scans for rootkits, backdoors and local  computers running UNIX (clones) for the presence of rootkits
23  exploits by running tests like:  and other unwanted tools.
         - File hash check  
         - Look for default files used by rootkits  
         - Wrong file permissions for binaries  
         - Look for suspected strings in LKM and KLD modules  
         - Look for hidden files  
         - Optional scan within plaintext and binary files  
         - Software version checks  
         - Application tests  
   
 Rootkit Hunter is released as a GPL licensed project and free for everyone to use.  
   
24    
25  %prep  %prep
 %setup -q  
 %patch0 -p1  
 %patch1 -p1  
26    
27  %build  %setup -q
28    
29  %install  %patch0 -p1
 sh ./installer.sh --layout RPM --install  
30    
31  sed -i 's_#ALLOWPROCLISTEN=/sbin/dhclient_ALLOWPROCLISTEN=/sbin/dhclient_' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf  %{__cat} <<'EOF' >%{name}.logrotate
32  sed -i 's_#ALLOWPROCLISTEN=/usr/sbin/pppoe_ALLOWPROCLISTEN=/sbin/pppoe_' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf  %{_localstatedir}/log/%{name}/%{name}.log {
33  sed -i 's_#ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz_ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz_' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf      weekly
34  sed -i '/#ALLOWPROCLISTEN=\/usr\/bin\/dhcpcd/iALLOWPROCLISTEN=\/usr\/sbin\/dhcpd' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf      notifempty
35  sed -i '/#ALLOWPROCDELFILE=\/usr\/sbin\/mysqld/aALLOWPROCDELFILE=\/usr\/sbin\/httpd' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf      create 640 root root
36  sed -i '/ALLOWPROCDELFILE=\/usr\/sbin\/httpd/aALLOWPROCDELFILE=\/usr\/sbin\/asterisk' ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}.conf  }
   
 # Make a cron.daily file to mail us the reports  
 %{__mkdir} -p "${RPM_BUILD_ROOT}/%{_sysconfdir}/cron.daily"  
 %{__cat} > "${RPM_BUILD_ROOT}/%{_sysconfdir}/cron.daily/01-rkhunter" <<EOF  
 #!/bin/sh  
 %{_bindir}/rkhunter --cronjob --update --disable apps,suspscan,system_commands --rwo  
 exit 0  
37  EOF  EOF
 %{__chmod} a+rwx,g-w,o-rwx ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/01-rkhunter  
38    
39    %build
40    # Nothing to be built
41    
42  %post  %install
43  # Only do this on an initial install  %{__rm} -rf $RPM_BUILD_ROOT
 if [ $1 -eq 1 ]; then  
         %{__cp} -p /etc/passwd /var/rkhunter/tmp >/dev/null 2>&1 || :  
         %{__cp} -p /etc/group /var/rkhunter/tmp >/dev/null 2>&1 || :  
 fi  
   
   
 %preun  
 # Only do this when removing the RPM  
 if [ $1 -eq 0 ]; then  
         %{__rm} -f /var/log/rkhunter.log /var/log/rkhunter.log.old >/dev/null 2>&1  
         %{__rm} -rf /var/rkhunter/* >/dev/null 2>&1  
 fi  
44    
45    %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_bindir}
46    %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_sysconfdir}/{cron.daily,sysconfig,logrotate.d}
47    %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts
48    %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}
49    %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_mandir}/man8
50    %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db
51    %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/log/%{name}
52    %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n
53    
54    %{__install} -m755 -p files/%{name}             ${RPM_BUILD_ROOT}%{_bindir}/
55    
56    %{__install} -m644 -p files/backdoorports.dat   ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
57    %{__install} -m644 -p files/mirrors.dat         ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
58    %{__install} -m644 -p files/programs_bad.dat    ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
59    %{__install} -m644 -p files/i18n/cn             ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/
60    %{__install} -m644 -p files/i18n/en             ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/
61    
62    %{__install} -m644 -p files/CHANGELOG           ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
63    %{__install} -m644 -p files/LICENSE             ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
64    %{__install} -m644 -p files/README              ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
65    %{__install} -m755 -p files/check_modules.pl    ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/
66    %{__install} -m644 -p files/*.8                 ${RPM_BUILD_ROOT}%{_mandir}/man8/
67    # Don't ship these unless we want to Require the perl modules
68    #%{__install} -m750 -p files/filehashmd5.pl      ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/
69    #%{__install} -m750 -p files/filehashsha1.pl     ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/
70    %{__install} -m755 -p %{SOURCE2}                ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/%{name}
71    %{__install} -m644 -p %{name}.logrotate         ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name}
72    %{__install} -m640 -p files/%{name}.conf        ${RPM_BUILD_ROOT}%{_sysconfdir}/
73    %{__install} -m640 -p %{SOURCE3}                ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name}
74    
75  %clean  %clean
76  if [ "$RPM_BUILD_ROOT" = "/" ]; then  %{__rm} -rf $RPM_BUILD_ROOT
         echo Invalid Build root \'"$RPM_BUILD_ROOT"\'  
         exit 1  
 else  
         rm -rf $RPM_BUILD_ROOT  
 fi  
   
77    
 %define docdir %{_prefix}/share/doc/%{name}-%{version}  
78  %files  %files
79  %defattr(-,root,root)  %defattr(-,root,root,-)
80  %attr(640,root,root) %config(noreplace) %{_sysconfdir}/%{name}.conf  %doc %{_docdir}/%{name}-%{version}/*
81  %attr(750,root,root) %{_prefix}/bin/%{name}  %{_bindir}/%{name}
82  %attr(750,root,root) %dir %{_libdir}/%{name}  %dir %{_datadir}/%{name}
83  %attr(750,root,root) %dir %{_libdir}/%{name}/scripts  %{_datadir}/%{name}/scripts
84  %attr(750,root,root) %{_libdir}/%{name}/scripts/*.pl  %{_sysconfdir}/cron.daily/%{name}
85  %attr(750,root,root) %{_libdir}/%{name}/scripts/*.sh  %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
86  %attr(644,root,root) %doc %{_prefix}/share/man/man8/%{name}.8.gz  %dir %{_var}/lib/%{name}
87  %attr(755,root,root) %dir %{docdir}  %{_var}/lib/%{name}/db
88  %attr(644,root,root) %doc %{docdir}/*  %{_var}/lib/%{name}/db/i18n
89  %attr(750,root,root) %dir %{_var}/%{name}  %dir %{_var}/log/%{name}
90  %attr(750,root,root) %dir %{_var}/%{name}/db  %config(noreplace) %{_sysconfdir}/%{name}.conf
91  %attr(640,root,root) %{_var}/%{name}/db/*.dat  %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
92  %attr(750,root,root) %dir %{_var}/%{name}/db/i18n  %dir %{_docdir}/%{name}-%{version}
93  %attr(640,root,root) %{_var}/%{name}/db/i18n/*  %{_mandir}/man8/*
 %attr(750,root,root) %dir %{_var}/%{name}/tmp  
 %{_sysconfdir}/cron.daily/01-rkhunter  
   
94    
95  %changelog  %changelog
96  * Wed Jan 30 2008 Shad L. Lords <slords@mail.com> 1.3.0-6  * Wed Dec 08 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.8-3
97  - Fix asterisk to allow deleted files. [SME: 3795]  - Adjust ssh config to the right default.
   
 * Tue Jan 29 2008 Shad L. Lords <slords@mail.com> 1.3.0-5  
 - Correct pppoe binary location.  
 - Add asterisk binary to allow deleted files. [SME: 3795]  
   
 * Mon Jan 7 2008 Shad L. Lords <slords@mail.com> 1.3.0-4  
 - Disable scan for suspicious files until fixed [SME: 3713]  
98    
99  * Mon Dec 17 2007 Shad L. Lords <slords@mail.com> 1.3.0-3  * Tue Dec 07 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.8-2
100  - Change /var/lib to /var to be consistent with previous versions  - Adjust config some - bug #596775
101    
102  * Mon Dec 17 2007 Shad L. Lords <slords@mail.com> 1.3.0-2  * Fri Nov 26 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.8-1
103  - Add a few more services for sme tests  - Update to 1.3.8
104    
105  * Mon Dec 17 2007 Shad L. Lords <slords@mail.com> 1.3.0-1  * Wed Nov 24 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.6-9
106  - Fix installer to not install in local  - Drop /var/run as it's not used anymore - bug #656684
107  - Set parameters for sme specific tests  
108    * Wed Oct 06 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.6-8
109  * Sun Feb 11 2007 unSpawn - pre-1.3.0  - Add patch to make rkhunter use unhide if installed - bug #636396
110  - Sync spec with fixes, installer and CVS  
111    * Sat Jun 05 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.6-7
112  * Sun Nov 12 2006 unSpawn - 1.2.9  - Add ipsec.hmac exclude - bug #560594
113  - Re-spec, new installer  
114    * Fri May 28 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.6-6
115  * Fri Sep 29 2006 unSpawn - 1.2.9  - Add exclude for md-device-map - bug #596731
116  - Updated for release 1.2.9  - Supress ssh version check - bug #596775
117    
118    * Sat Mar 06 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.6-5
119    - Change config to not specify XINETD_PATH - bug #560562
120    
121    * Sat Jan 23 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.6-4
122    - Change email to just root instead of root@localhost - bug #553179
123    - Add .k5login.5.gz to files whitelist - bug #553134
124    
125    * Tue Jan 05 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.6-3
126    - Add some more ssh hmac files to whitelist - bug #552621
127    - Re-add /dev/.mdadm.map to whitelisted files - bug #539405
128    
129    * Tue Dec 01 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.6-2
130    - Disable apps check by default - bug #543065
131    
132    * Sun Nov 29 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.6-1
133    - Update to 1.3.6
134    
135    * Thu Nov 26 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-9
136    - Add exception for /dev/.mdadm file - bug #539405
137    
138    * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.4-8
139    - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
140    
141    * Fri Jul 03 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-7
142    - Add exception for software raid udev file - bug #509253
143    
144    * Sat Jun 06 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-6
145    - Add /usr/bin/.fipscheck.hmac to ok files - bug #494096
146    
147    * Sun Mar 08 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-5
148    - Fix typo in patch file
149    
150    * Wed Mar 04 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-4
151    - Rework spec file
152    - Add check for the new hmac ssh files
153    
154    * Thu Feb 26 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-3
155    - Update cron job to include hostname (thanks  Manuel Wolfshant)
156    
157    * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.4-2
158    - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
159    
160    * Fri Jan 02 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-1
161    - Update to 1.3.4
162    - Use libdir as tmp dir - bug #456340
163    
164    * Sat Dec 13 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-6
165    - Fix cron job sending as attachment - bug #472679
166    - Fix cron job trying to send with colors - bug #475916
167    
168    * Wed Sep 03 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-5
169    - Patch debug tmp file issue - bug #460628
170    
171    * Mon Jun 16 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-4
172    - Fix cron script to only mail on warn/error - bug #450703
173    - Fix conditional to account for fc10 rsyslog
174    
175    * Mon Apr 28 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-3
176    - Change cron to run after prelink - bug #438622
177    
178    * Wed Mar 26 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-2
179    - Move things to more standard locations for selinux - bug #438184
180    - Add exception for pulseaudio file - bug #438622
181    
182    * Thu Feb 28 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-1
183    - Update to 1.3.2
184    - Fix cron script
185    
186    * Thu Feb 28 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.0-2
187    - Use /etc/redhat-release for EPEL and /etc/fedora release for Fedora.
188    - Add conditionals to support EPEL
189    - Fix man page warning.
190    
191    * Sun Feb 03 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.0-1
192    - Revive package, clean up spec
193    - Update to 1.3.0
194    
195    * Sat Mar 18 2006 Greg Houlette <tamaster@pobox.com> - 1.2.8-3
196    - Made an RPM transparent change to move the sha1 canary check
197      file out of CVS and into the external lookaside cache (whose
198      filename changes with every new package release anyway...)
199    
200    * Fri Mar 17 2006 Greg Houlette <tamaster@pobox.com> - 1.2.8-2
201    - Fixed architectural dependency during package creation eliminating
202      use of _libdir configure macro (x86_64 /usr/lib64 mis-targeting)
203    
204    * Tue Mar 7 2006 Greg Houlette <tamaster@pobox.com> - 1.2.8-1
205    - New package version release
206    - reworked the .spec file to support optional dist tag
207    - Updated the application check default patchfile (chunk failure)
208    - Changed to SHA1 for optional message digest (canary check)
209    - Added a couple of suggested skip entries to rkhunter.conf
210    
211    * Mon Jun 11 2005 Greg Houlette <tamaster@pobox.com> - 1.2.7-1
212    - Added signature auto-updating to CRON scan (new script)
213    - Removed BOOTSCAN pending rewrite to full SysV Init scan in background
214    - Added the --append-log command line option
215    - Added Date Stamping to output
216    - Fixed bug in /etc/group missing report
217    - New package version release
218    
219    * Sun Jan 2 2005 Greg Houlette <tamaster@tekarmory.com> - 0:1.1.9-1
220    - New package version release
221    - Added the --run-application-check command line option
222      to listing in command help
223    - Replaced 'Here' Doc editing of rkhunter.conf file
224      with in-place Perl edit
225    - tweaked rpmbuild -bb Autoclean
226    
227    * Fri Oct 15 2004 Greg Houlette - 0:1.1.8-0.fdr.1 (revisited)
228    - Removed redundant buildrequires /bin/sh, coreutils and perl
229    - Revise postun scriptlet
230    - Added /usr/share/doc/rkhunter-1.1.8/ to files list
231    
232    * Mon Oct 11 2004 Greg Houlette - 0:1.1.8-0.fdr.1
233    - Changed Release Tag to 0.fdr.1 (testing) for QA
234    - Removed wget from dependencies
235    - Hid (temporarily) the --skip-application-check command
236      line option from being listed in help
237    - Fixed the spec files list, again!
238    
239    * Fri Oct 8 2004 Greg Houlette - 0:1.1.8-0.fdr.0.2.beta2
240    - Unified and disabled the md5 canary check in prep
241      (check is now optional) removing the sha1 cross-check
242    - Fixed the spec files list, adding the /var/rkhunter
243      directory and the /usr/bin/rkhunter executable
244    - Fixed missing dependencies (rkh uses runtime checks)
245    - Disabled "auto-clean" for rpmbuild -bb
246    - Changed Application version scan default to
247      disabled awaiting backport fix in upstream sources
248    - Fixed shared_man_search.patch, configuration files
249      verify and added postun(install) cleanup
250    
251    * Fri Oct 1 2004 Greg Houlette - 0:1.1.8-0.fdr.0.1.beta1
252    - More cosmetic patchwork
253    - Changed Release Tag to beta1 (pre-release) for QA submit
254    
255    * Tue Sep 28 2004 Greg Houlette - 0:1.1.8-0.fdr.1
256    - Removed hidden_search.patch (1.1.7) after it was
257      merged into upstream source by Michael Boelen
258    - Removed .spec file from md5 and sha1 file checks
259      (it must be modifiable by Fedora QA release build)
260    - Added BOOTSCAN description file to documentation
261    - Restructured dynamic file creation ('Here' Docs)
262      moving them to the "prep" stage so that *_ALL_*
263      files are available prior to the "build" stage
264      (for inspection purposes)
265    - Added a /etc/sysconfig/rkhunter parameters file
266    
267    * Sun Aug 29 2004 Greg Houlette - 0:1.1.7-0.fdr.1
268    - Cosmetic patchwork
269    
270    * Sat Aug 21 2004 Greg Houlette - 0:1.1.6-0.fdr.1
271    - Moderate reworking of .spec file for packaging standards
272    - Added md5 and sha1 file checks to prep procedure for source .rpm
273    - Included an optional rc.local replacement for scan on boot (with full logging)
274    
275  * Tue Aug 10 2004 Michael Boelen - 1.1.5  * Tue Aug 10 2004 Michael Boelen - 1.1.5
276  - Added update script  - Added update script
# Line 197  fi Line 314  fi
314    
315  * Mon Mar 29 2004 Doncho N. Gunchev - 1.0.0-0  * Mon Mar 29 2004 Doncho N. Gunchev - 1.0.0-0
316  - initial .spec file  - initial .spec file
   
   

Legend:
Removed lines/characters  
Changed lines/characters
  Added lines/characters
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed