[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-extras-commits
Subject: kevin pushed to rkhunter (f26). "- Update to 1.4.4. Fixes bug #1466318 (..more)"
From: notifications () fedoraproject ! org
Date: 2017-06-30 21:17:41
Message-ID: 20170630211741.9575F6046231 () bastion01 ! phx2 ! fedoraproject ! org
[Download RAW message or body]
From 6a0737b2c494a7bf39fb62864f490d2308b51aee Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 30 Jun 2017 15:06:00 -0600
Subject: - Update to 1.4.4. Fixes bug #1466318 - Fix for logger and spaces.
Fixes bug #1284403
---
.gitignore | 1 +
rkhunter-1.4.2-fedoraconfig.patch | 215 --------------------------------------
rkhunter-1.4.2-grepopt.patch | 11 --
rkhunter-1.4.2-ipcs-locale.patch | 18 ----
rkhunter-1.4.4-fedoraconfig.patch | 213 +++++++++++++++++++++++++++++++++++++
rkhunter.spec | 25 ++---
sources | 2 +-
7 files changed, 223 insertions(+), 262 deletions(-)
delete mode 100644 rkhunter-1.4.2-fedoraconfig.patch
delete mode 100644 rkhunter-1.4.2-grepopt.patch
delete mode 100644 rkhunter-1.4.2-ipcs-locale.patch
create mode 100644 rkhunter-1.4.4-fedoraconfig.patch
diff --git a/.gitignore b/.gitignore
index 8ffe1c8..1422757 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ rkhunter-1.3.6.tar.gz
/rkhunter-1.3.8.tar.gz
/rkhunter-1.4.0.tar.gz
/rkhunter-1.4.2.tar.gz
+/rkhunter-1.4.4.tar.gz
diff --git a/rkhunter-1.4.2-fedoraconfig.patch b/rkhunter-1.4.2-fedoraconfig.patch
deleted file mode 100644
index 9b86c3d..0000000
--- a/rkhunter-1.4.2-fedoraconfig.patch
+++ /dev/null
@@ -1,215 +0,0 @@
---- rkhunter-1.4.2.orig/files/rkhunter.conf 2017-01-25 21:03:14.142522097 -0500
-+++ rkhunter-1.4.2/files/rkhunter.conf 2017-01-25 21:05:50.114146953 -0500
-@@ -155,6 +155,7 @@
- # default directory beneath the installation directory.
- #
- #TMPDIR=/var/lib/rkhunter/tmp
-+TMPDIR=/var/lib/rkhunter
-
- #
- # This option specifies the database directory to use.
-@@ -163,7 +164,7 @@
- # subsequently commented out or removed, then the program will assume a
- # default directory beneath the installation directory.
- #
--#DBDIR=/var/lib/rkhunter/db
-+DBDIR=/var/lib/rkhunter/db
-
- #
- # This option specifies the script directory to use.
-@@ -172,6 +173,7 @@
- # subsequently commented out or removed, then the program will not run.
- #
- #SCRIPTDIR=/usr/local/lib/rkhunter/scripts
-+SCRIPTDIR=/usr/share/rkhunter/scripts
-
- #
- # This option can be used to modify the command directory list used by rkhunter
-@@ -228,7 +230,7 @@
- #
- # The default value is '/var/log/rkhunter.log'.
- #
--LOGFILE=/var/log/rkhunter.log
-+LOGFILE=/var/log/rkhunter/rkhunter.log
-
- #
- # Set this option to '1' if the log file is to be appended to whenever rkhunter
-@@ -238,6 +240,7 @@
- # The default value is '0'.
- #
- #APPEND_LOG=0
-+APPEND_LOG=1
-
- #
- # Set the following option to '1' if the log file is to be copied when rkhunter
-@@ -304,6 +307,7 @@
- # The default value is 'no'.
- #
- #ALLOW_SSH_ROOT_USER=no
-+ALLOW_SSH_ROOT_USER=yes
-
- #
- # Set this option to '1' to allow the use of the SSH-1 protocol, but note
-@@ -318,6 +322,7 @@
- # The default value is '0'.
- #
- #ALLOW_SSH_PROT_V1=0
-+ALLOW_SSH_PROT_V1=2
-
- #
- # This setting tells rkhunter the directory containing the SSH configuration
-@@ -350,7 +355,8 @@
- # program defaults.
- #
- ENABLE_TESTS=ALL
--DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps
-+#DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps
-+DISABLE_TESTS=suspscan hidden_ports deleted_files packet_cap_apps apps
-
- #
- # The HASH_CMD option can be used to specify the command to use for the file
-@@ -422,6 +428,7 @@
- # Also see the PKGMGR_NO_VRFY and USE_SUNSUM options.
- #
- #PKGMGR=NONE
-+PKGMGR=RPM
-
- #
- # It is possible that a file, which is part of a package, may have been
-@@ -545,6 +552,14 @@
- # The default value is the null string.
- #
- #EXISTWHITELIST=""
-+EXISTWHITELIST=/bin/ad
-+# FreeIPA Certificate Authority
-+EXISTWHITELIST=/var/log/pki-ca/system
-+# FreeIPA Certificate Authority
-+EXISTWHITELIST=/var/log/pki/pki-tomcat/ca/system
-+# Some non default installed files we check
-+EXISTWHITELIST=/usr/bin/GET
-+EXISTWHITELIST=/usr/bin/whatis
-
- #
- # Whitelist various attributes of the specified file. The attributes are those
-@@ -575,6 +590,12 @@
- # The default value is the null string.
- #
- #SCRIPTWHITELIST=/usr/bin/groups
-+SCRIPTWHITELIST=/usr/bin/whatis
-+SCRIPTWHITELIST=/usr/bin/ldd
-+SCRIPTWHITELIST=/usr/bin/groups
-+SCRIPTWHITELIST=/usr/bin/GET
-+SCRIPTWHITELIST=/sbin/ifup
-+SCRIPTWHITELIST=/sbin/ifdown
-
- #
- # Allow the specified file to have the immutable attribute set.
-@@ -605,6 +626,19 @@
- #ALLOWHIDDENDIR=/dev/.udev
- #ALLOWHIDDENDIR=/dev/.udevdb
- #ALLOWHIDDENDIR=/dev/.mdadm
-+ALLOWHIDDENDIR="/etc/.java"
-+ALLOWHIDDENDIR=/dev/.udev
-+ALLOWHIDDENDIR=/dev/.udevdb
-+ALLOWHIDDENDIR=/dev/.udev.tdb
-+ALLOWHIDDENDIR=/dev/.static
-+ALLOWHIDDENDIR=/dev/.initramfs
-+ALLOWHIDDENDIR=/dev/.SRC-unix
-+ALLOWHIDDENDIR=/dev/.mdadm
-+ALLOWHIDDENDIR=/dev/.systemd
-+ALLOWHIDDENDIR=/dev/.mount
-+# for etckeeper
-+ALLOWHIDDENDIR=/etc/.git
-+ALLOWHIDDENDIR=/etc/.bzr
-
- #
- # Allow the specified hidden file to be whitelisted.
-@@ -620,6 +654,45 @@
- #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha1hmac.hmac
- #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha256hmac.hmac
- #ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
-+ALLOWHIDDENFILE="/usr/share/man/man1/..1.gz"
-+ALLOWHIDDENFILE=/lib*/.libcrypto.so.*.hmac
-+ALLOWHIDDENFILE=/lib*/.libssl.so.*.hmac
-+ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac
-+ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
-+ALLOWHIDDENFILE=/usr/bin/.ssh-keygen.hmac
-+ALLOWHIDDENFILE=/usr/bin/.ssh-keyscan.hmac
-+ALLOWHIDDENFILE=/usr/bin/.ssh-add.hmac
-+ALLOWHIDDENFILE=/usr/bin/.ssh-agent.hmac
-+ALLOWHIDDENFILE=/usr/lib*/.libfipscheck.so.*.hmac
-+ALLOWHIDDENFILE=/usr/lib*/.libgcrypt.so.*.hmac
-+ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha1hmac.hmac
-+ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha256hmac.hmac
-+ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha384hmac.hmac
-+ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha512hmac.hmac
-+ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
-+ALLOWHIDDENFILE=/dev/.mdadm.map
-+ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz
-+ALLOWHIDDENFILE=/usr/share/man/man5/.k5identity.5.gz
-+ALLOWHIDDENFILE=/usr/sbin/.ipsec.hmac
-+# etckeeper
-+ALLOWHIDDENFILE=/etc/.etckeeper
-+ALLOWHIDDENFILE=/etc/.gitignore
-+ALLOWHIDDENFILE=/etc/.bzrignore
-+# systemd
-+ALLOWHIDDENFILE=/etc/.updated
-+
-+
-+# Allow PCS/Pacemaker/Corosync
-+ALLOWDEVFILE=/dev/shm/qb-attrd-*
-+ALLOWDEVFILE=/dev/shm/qb-cfg-*
-+ALLOWDEVFILE=/dev/shm/qb-cib_rw-*
-+ALLOWDEVFILE=/dev/shm/qb-cib_shm-*
-+ALLOWDEVFILE=/dev/shm/qb-corosync-*
-+ALLOWDEVFILE=/dev/shm/qb-cpg-*
-+ALLOWDEVFILE=/dev/shm/qb-lrmd-*
-+ALLOWDEVFILE=/dev/shm/qb-pengine-*
-+ALLOWDEVFILE=/dev/shm/qb-quorum-*
-+ALLOWDEVFILE=/dev/shm/qb-stonith-*
-
- #
- # Allow the specified process to use deleted files. The process name may be
-@@ -681,6 +754,24 @@
- #
- #ALLOWDEVFILE=/dev/shm/pulse-shm-*
- #ALLOWDEVFILE=/dev/shm/sem.ADBE_*
-+ALLOWDEVFILE=/dev/shm/pulse-shm-*
-+ALLOWDEVFILE=/dev/md/md-device-map
-+# tomboy creates this one
-+ALLOWDEVFILE="/dev/shm/mono.*"
-+# created by libv4l
-+ALLOWDEVFILE="/dev/shm/libv4l-*"
-+# created by spice video
-+ALLOWDEVFILE="/dev/shm/spice.*"
-+# created by mdadm
-+ALLOWDEVFILE="/dev/md/autorebuild.pid"
-+# 389 Directory Server
-+ALLOWDEVFILE=/dev/shm/sem.slapd-*.stats
-+# squid proxy
-+ALLOWDEVFILE=/dev/shm/squid-cf*
-+# squid ssl cache
-+ALLOWDEVFILE=/dev/shm/squid-ssl_session_cache.shm
-+# allow lldpad state file
-+ALLOWDEVFILE=/dev/shm/lldpad.state
-
- #
- # This option is used to indicate if the Phalanx2 test is to perform a basic
-@@ -1004,6 +1095,11 @@
- #
- #RTKT_DIR_WHITELIST=""
- #RTKT_FILE_WHITELIST=""
-+RTKT_FILE_WHITELIST=/bin/ad
-+# FreeIPA Certificate Authority
-+RTKT_FILE_WHITELIST=/var/log/pki-ca/system
-+# FreeIPA Certificate Authority
-+RTKT_FILE_WHITELIST=/var/log/pki/pki-tomcat/ca/system
-
- #
- # The following option can be used to whitelist shared library files that would
-@@ -1222,3 +1318,5 @@
- #
- #EMPTY_LOGFILES=""
- #MISSING_LOGFILES=""
-+
-+INSTALLDIR="/usr"
diff --git a/rkhunter-1.4.2-grepopt.patch b/rkhunter-1.4.2-grepopt.patch
deleted file mode 100644
index 6f1f6fb..0000000
--- a/rkhunter-1.4.2-grepopt.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -Nur rkhunter-1.4.2.orig/files/rkhunter rkhunter-1.4.2/files/rkhunter
---- rkhunter-1.4.2.orig/files/rkhunter 2014-12-20 09:07:54.826773450 -0700
-+++ rkhunter-1.4.2/files/rkhunter 2014-12-20 09:08:45.739800180 -0700
-@@ -18480,6 +18480,7 @@
- case "${OPERATING_SYSTEM}" in
- Linux)
- LINUXOS=1
-+ GREP_OPT="-a"
- ;;
- *BSD|DragonFly)
- BSDOS=1
diff --git a/rkhunter-1.4.2-ipcs-locale.patch b/rkhunter-1.4.2-ipcs-locale.patch
deleted file mode 100644
index 0457e4c..0000000
--- a/rkhunter-1.4.2-ipcs-locale.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff -Nur rkhunter-1.4.2.orig/files/rkhunter rkhunter-1.4.2/files/rkhunter
---- rkhunter-1.4.2.orig/files/rkhunter 2014-03-12 14:54:55.000000000 -0600
-+++ rkhunter-1.4.2/files/rkhunter 2014-04-06 11:39:44.776583858 -0600
-@@ -13964,11 +13964,11 @@
- touch "${IPCS_TMPFILE}"
- FOUND=0; echo $FOUND > "${IPCS_TMPFILE}"
-
-- if [ `${IPCS_CMD} -u 2>/dev/null | awk -F' ' '/segments \
allocated/ {print $3}'` -ne 0 ]; then
-- ${IPCS_CMD} -m | grep "^0x" | while read \
RKH_SHM_KEY RKH_SHM_SHMID RKH_SHM_OWNER RKH_SHM_PERMS RKH_SHM_BYTES RKH_SHM_NATTACH \
RKH_SHM_STATUS; do
-+ if [ `LC_ALL=C ${IPCS_CMD} -u 2>/dev/null | awk -F' ' \
'/segments allocated/ {print $3}'` -ne 0 ]; then
-+ LC_ALL=C ${IPCS_CMD} -m | grep "^0x" | while read \
RKH_SHM_KEY RKH_SHM_SHMID RKH_SHM_OWNER RKH_SHM_PERMS RKH_SHM_BYTES RKH_SHM_NATTACH \
RKH_SHM_STATUS; do
- if [ $RKH_SHM_PERMS -eq 666 -a \
$RKH_SHM_BYTES -ge 1000000 ]; then
- FOUND=1; echo $FOUND > \
"${IPCS_TMPFILE}"
-- ${IPCS_CMD} -p | grep \
"^${RKH_SHM_SHMID}" | while read RKH_SHM_SHMID RKH_SHM_OWNER RKH_SHM_CPID \
RKH_SHM_LPID; do
-+ LC_ALL=C ${IPCS_CMD} -p | grep \
"^${RKH_SHM_SHMID}" | while read RKH_SHM_SHMID RKH_SHM_OWNER RKH_SHM_CPID \
RKH_SHM_LPID; do
- \
RKH_SHM_PATH=`${READLINK_CMD} -f /proc/${RKH_SHM_CPID}/exe`
- if [ $VERBOSE_LOGGING -eq 1 \
]; then
- display --to LOG \
--type PLAIN --result FOUND --log-indent 2 ROOTKIT_MALWARE_IPCS_DETAILS \
"${RKH_SHM_PATH}" "${RKH_SHM_CPID}" "${RKH_SHM_OWNER}"
diff --git a/rkhunter-1.4.4-fedoraconfig.patch b/rkhunter-1.4.4-fedoraconfig.patch
new file mode 100644
index 0000000..ca26113
--- /dev/null
+++ b/rkhunter-1.4.4-fedoraconfig.patch
@@ -0,0 +1,213 @@
+diff -Nur rkhunter-1.4.4.orig/files/rkhunter.conf rkhunter-1.4.4/files/rkhunter.conf
+--- rkhunter-1.4.4.orig/files/rkhunter.conf 2017-06-22 18:19:20.000000000 -0600
++++ rkhunter-1.4.4/files/rkhunter.conf 2017-06-30 14:45:05.104227416 -0600
+@@ -158,6 +158,7 @@
+ # default directory beneath the installation directory.
+ #
+ #TMPDIR=/var/lib/rkhunter/tmp
++TMPDIR=/var/lib/rkhunter
+
+ #
+ # This option specifies the database directory to use.
+@@ -167,6 +168,7 @@
+ # default directory beneath the installation directory.
+ #
+ #DBDIR=/var/lib/rkhunter/db
++DBDIR=/var/lib/rkhunter/db
+
+ #
+ # This option specifies the script directory to use.
+@@ -175,6 +177,7 @@
+ # subsequently commented out or removed, then the program will not run.
+ #
+ #SCRIPTDIR=/usr/local/lib/rkhunter/scripts
++SCRIPTDIR=/usr/share/rkhunter/scripts
+
+ #
+ # This option can be used to modify the command directory list used by rkhunter
+@@ -231,7 +234,7 @@
+ #
+ # The default value is '/var/log/rkhunter.log'.
+ #
+-LOGFILE=/var/log/rkhunter.log
++LOGFILE=/var/log/rkhunter/rkhunter.log
+
+ #
+ # Set this option to '1' if the log file is to be appended to whenever rkhunter
+@@ -241,6 +244,7 @@
+ # The default value is '0'.
+ #
+ #APPEND_LOG=0
++APPEND_LOG=1
+
+ #
+ # Set the following option to '1' if the log file is to be copied when rkhunter
+@@ -307,6 +311,7 @@
+ # The default value is 'no'.
+ #
+ #ALLOW_SSH_ROOT_USER=no
++ALLOW_SSH_ROOT_USER=yes
+
+ #
+ # Set this option to '1' to allow the use of the SSH-1 protocol, but note
+@@ -321,6 +326,7 @@
+ # The default value is '0'.
+ #
+ #ALLOW_SSH_PROT_V1=0
++ALLOW_SSH_PROT_V1=2
+
+ #
+ # This setting tells rkhunter the directory containing the SSH configuration
+@@ -353,7 +359,8 @@
+ # program defaults.
+ #
+ ENABLE_TESTS=ALL
+-DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps apps
++#DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps \
apps ++DISABLE_TESTS=suspscan hidden_ports deleted_files packet_cap_apps apps
+
+ #
+ # The HASH_CMD option can be used to specify the command to use for the file
+@@ -434,6 +441,7 @@
+ # Also see the PKGMGR_NO_VRFY and USE_SUNSUM options.
+ #
+ #PKGMGR=NONE
++PKGMGR=RPM
+
+ #
+ # It is possible that a file, which is part of a package, may have been
+@@ -557,6 +565,14 @@
+ # The default value is the null string.
+ #
+ #EXISTWHITELIST=""
++EXISTWHITELIST=/bin/ad
++# FreeIPA Certificate Authority
++EXISTWHITELIST=/var/log/pki-ca/system
++# FreeIPA Certificate Authority
++EXISTWHITELIST=/var/log/pki/pki-tomcat/ca/system
++# Some non default installed files we check
++EXISTWHITELIST=/usr/bin/GET
++EXISTWHITELIST=/usr/bin/whatis
+
+ #
+ # Whitelist various attributes of the specified file. The attributes are those
+@@ -587,6 +603,12 @@
+ # The default value is the null string.
+ #
+ #SCRIPTWHITELIST=/usr/bin/groups
++SCRIPTWHITELIST=/usr/bin/whatis
++SCRIPTWHITELIST=/usr/bin/ldd
++SCRIPTWHITELIST=/usr/bin/groups
++SCRIPTWHITELIST=/usr/bin/GET
++SCRIPTWHITELIST=/sbin/ifup
++SCRIPTWHITELIST=/sbin/ifdown
+
+ #
+ # Allow the specified file to have the immutable attribute set.
+@@ -617,6 +639,19 @@
+ #ALLOWHIDDENDIR=/dev/.udev
+ #ALLOWHIDDENDIR=/dev/.udevdb
+ #ALLOWHIDDENDIR=/dev/.mdadm
++ALLOWHIDDENDIR="/etc/.java"
++ALLOWHIDDENDIR=/dev/.udev
++ALLOWHIDDENDIR=/dev/.udevdb
++ALLOWHIDDENDIR=/dev/.udev.tdb
++ALLOWHIDDENDIR=/dev/.static
++ALLOWHIDDENDIR=/dev/.initramfs
++ALLOWHIDDENDIR=/dev/.SRC-unix
++ALLOWHIDDENDIR=/dev/.mdadm
++ALLOWHIDDENDIR=/dev/.systemd
++ALLOWHIDDENDIR=/dev/.mount
++# for etckeeper
++ALLOWHIDDENDIR=/etc/.git
++ALLOWHIDDENDIR=/etc/.bzr
+
+ #
+ # Allow the specified hidden file to be whitelisted.
+@@ -632,6 +667,32 @@
+ #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha1hmac.hmac
+ #ALLOWHIDDENFILE=/usr/lib/hmaccalc/sha256hmac.hmac
+ #ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
++ALLOWHIDDENFILE="/usr/share/man/man1/..1.gz"
++ALLOWHIDDENFILE=/lib*/.libcrypto.so.*.hmac
++ALLOWHIDDENFILE=/lib*/.libssl.so.*.hmac
++ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac
++ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
++ALLOWHIDDENFILE=/usr/bin/.ssh-keygen.hmac
++ALLOWHIDDENFILE=/usr/bin/.ssh-keyscan.hmac
++ALLOWHIDDENFILE=/usr/bin/.ssh-add.hmac
++ALLOWHIDDENFILE=/usr/bin/.ssh-agent.hmac
++ALLOWHIDDENFILE=/usr/lib*/.libfipscheck.so.*.hmac
++ALLOWHIDDENFILE=/usr/lib*/.libgcrypt.so.*.hmac
++ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha1hmac.hmac
++ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha256hmac.hmac
++ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha384hmac.hmac
++ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha512hmac.hmac
++ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
++ALLOWHIDDENFILE=/dev/.mdadm.map
++ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz
++ALLOWHIDDENFILE=/usr/share/man/man5/.k5identity.5.gz
++ALLOWHIDDENFILE=/usr/sbin/.ipsec.hmac
++# etckeeper
++ALLOWHIDDENFILE=/etc/.etckeeper
++ALLOWHIDDENFILE=/etc/.gitignore
++ALLOWHIDDENFILE=/etc/.bzrignore
++# systemd
++ALLOWHIDDENFILE=/etc/.updated
+
+ #
+ # Allow the specified process to use deleted files. The process name may be
+@@ -701,6 +762,35 @@
+ #
+ #ALLOWDEVFILE=/dev/shm/pulse-shm-*
+ #ALLOWDEVFILE=/dev/shm/sem.ADBE_*
++ALLOWDEVFILE=/dev/shm/pulse-shm-*
++ALLOWDEVFILE=/dev/md/md-device-map
++# tomboy creates this one
++ALLOWDEVFILE="/dev/shm/mono.*"
++# created by libv4l
++ALLOWDEVFILE="/dev/shm/libv4l-*"
++# created by spice video
++ALLOWDEVFILE="/dev/shm/spice.*"
++# created by mdadm
++ALLOWDEVFILE="/dev/md/autorebuild.pid"
++# 389 Directory Server
++ALLOWDEVFILE=/dev/shm/sem.slapd-*.stats
++# squid proxy
++ALLOWDEVFILE=/dev/shm/squid-cf*
++# squid ssl cache
++ALLOWDEVFILE=/dev/shm/squid-ssl_session_cache.shm
++# allow lldpad state file
++ALLOWDEVFILE=/dev/shm/lldpad.state
++# Allow PCS/Pacemaker/Corosync
++ALLOWDEVFILE=/dev/shm/qb-attrd-*
++ALLOWDEVFILE=/dev/shm/qb-cfg-*
++ALLOWDEVFILE=/dev/shm/qb-cib_rw-*
++ALLOWDEVFILE=/dev/shm/qb-cib_shm-*
++ALLOWDEVFILE=/dev/shm/qb-corosync-*
++ALLOWDEVFILE=/dev/shm/qb-cpg-*
++ALLOWDEVFILE=/dev/shm/qb-lrmd-*
++ALLOWDEVFILE=/dev/shm/qb-pengine-*
++ALLOWDEVFILE=/dev/shm/qb-quorum-*
++ALLOWDEVFILE=/dev/shm/qb-stonith-*
+
+ #
+ # Allow the specified process pathnames to use shared memory segments.
+@@ -1035,6 +1125,11 @@
+ #
+ #RTKT_DIR_WHITELIST=""
+ #RTKT_FILE_WHITELIST=""
++RTKT_FILE_WHITELIST=/bin/ad
++# FreeIPA Certificate Authority
++RTKT_FILE_WHITELIST=/var/log/pki-ca/system
++# FreeIPA Certificate Authority
++RTKT_FILE_WHITELIST=/var/log/pki/pki-tomcat/ca/system
+
+ #
+ # The following option can be used to whitelist shared library files that would
+@@ -1274,3 +1369,5 @@
+ # The default value is '0'.
+ #
+ #GLOBSTAR=0
++
++INSTALLDIR="/usr"
diff --git a/rkhunter.spec b/rkhunter.spec
index a1a2ce8..9b3d533 100644
--- a/rkhunter.spec
+++ b/rkhunter.spec
@@ -2,8 +2,8 @@
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
Name: rkhunter
-Version: 1.4.2
-Release: 13%{?dist}
+Version: 1.4.4
+Release: 1%{?dist}
Summary: A host-based tool to scan for rootkits, backdoors and local exploits
Group: Applications/System
@@ -12,17 +12,8 @@ URL: http://rkhunter.sourceforge.net/
Source0: http://downloads.sourceforge.net/rkhunter/rkhunter-%{version}.tar.gz
Source2: 01-rkhunter
Source3: rkhunter.sysconfig
-Patch0: rkhunter-1.4.2-fedoraconfig.patch
-#
-# Fix issue with ipcs command and locales
-#
-Patch1: rkhunter-1.4.2-ipcs-locale.patch
-#
-# Fix grep -a issue
-#
-Patch2: rkhunter-1.4.2-grepopt.patch
+Patch0: rkhunter-1.4.4-fedoraconfig.patch
BuildArch: noarch
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: perl-generators
Requires: coreutils, binutils, kmod, findutils, grep
@@ -37,11 +28,7 @@ and other unwanted tools.
%prep
-%setup -q
-
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
+%autosetup -p1
%{__cat} <<'EOF' >%{name}.logrotate
%{_localstatedir}/log/%{name}/%{name}.log {
@@ -111,6 +98,10 @@ EOF
%{_mandir}/man8/*
%changelog
+* Thu Jun 29 2017 Kevin Fenzi <kevin@scrye.com> - 1.4.4-1
+- Update to 1.4.4. Fixes bug #1466318
+- Fix for logger and spaces. Fixes bug #1284403
+
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.2-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
diff --git a/sources b/sources
index 873ec5b..458900a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-85ad366b7f3999eb2a9371e39a1a4df7 rkhunter-1.4.2.tar.gz
+SHA512 (rkhunter-1.4.4.tar.gz) = \
87e9c617220765678cc4519eee27d1d56185c3a7fb1d6338c8fb984ac4f5176c31bb54b69e1de615d66a0cf1e72b672e66b368e37851a459def69463cbb8661e
--
cgit v1.1
https://src.fedoraproject.org/cgit/rkhunter.git/commit/?h=f26&id=6a0737b2c494a7bf39fb62864f490d2308b51aee
_______________________________________________
scm-commits mailing list -- scm-commits@lists.fedoraproject.org
To unsubscribe send an email to scm-commits-leave@lists.fedoraproject.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic