Attachment #183461 for bug #219825





PORTNAME=	rkhunter
PORTVERSION=	1.4.2
PORTREVISION=	4
CATEGORIES=	security
MASTER_SITES=	SF


OPTIONS_DEFINE=	LSOF NMAP DOCS
OPTIONS_DEFAULT=LSOF

RUN_DEPENDS+=	p5-Digest-SHA1>=0:security/p5-Digest-SHA1
		${LOCALBASE}/bin/wget:ftp/wget

USES=		perl5 shebangfix
SHEBANG_FILES=	files/check_modules.pl files/filehashsha.pl \
		files/stat.pl
NO_ARCH=	yes
NO_BUILD=	yes
SUB_FILES=	415.${PORTNAME}





--- files/rkhunter.conf.orig	2014-01-25 22:29:51.000000000 +0100
+++ files/rkhunter.conf	2014-08-11 23:18:14.887973000 +0200
@@ -154,7 +154,7 @@
 # subsequently commented out or removed, then the program will assume a
 # default directory beneath the installation directory.
 #
-#TMPDIR=/var/lib/rkhunter/tmp
+TMPDIR=RKHPREFIX/var/lib/rkhunter/tmp
 
 #
 # This option specifies the database directory to use.
@@ -163,7 +163,7 @@
 # subsequently commented out or removed, then the program will assume a
 # default directory beneath the installation directory.
 #
-#DBDIR=/var/lib/rkhunter/db
+DBDIR=RKHPREFIX/var/lib/rkhunter/db
 
 #
 # This option specifies the script directory to use.
@@ -171,7 +171,7 @@
 # The installer program will set the default directory. If this default is
 # subsequently commented out or removed, then the program will not run.
 #
-#SCRIPTDIR=/usr/local/lib/rkhunter/scripts
+SCRIPTDIR=RKHPREFIX/lib/rkhunter/scripts
 
 #
 # This option can be used to modify the command directory list used by rkhunter
@@ -303,7 +303,7 @@
 #
 # The default value is 'no'.
 #
-#ALLOW_SSH_ROOT_USER=no
+ALLOW_SSH_ROOT_USER=unset
 
 #
 # Set this option to '1' to allow the use of the SSH-1 protocol, but note
@@ -317,7 +317,7 @@
 #
 # The default value is '0'.
 #
-#ALLOW_SSH_PROT_V1=0
+ALLOW_SSH_PROT_V1=2
 
 #
 # This setting tells rkhunter the directory containing the SSH configuration
@@ -575,6 +575,8 @@
 # The default value is the null string.
 #
 #SCRIPTWHITELIST=/usr/bin/groups
+SCRIPTWHITELIST=/usr/bin/whatis
+SCRIPTWHITELIST=/usr/sbin/adduser
 
 #
 # Allow the specified file to have the immutable attribute set.
@@ -584,6 +586,10 @@
 # The default value is the null string.
 #
 #IMMUTWHITELIST=/sbin/ifdown
+IMMUTWHITELIST=/usr/bin/login
+IMMUTWHITELIST=/usr/bin/passwd
+IMMUTWHITELIST=/usr/bin/su
+IMMUTWHITELIST=/sbin/init
 
 #
 # If this option is set to '1', then the immutable-bit test is reversed. That
@@ -787,6 +793,7 @@
 # The default value is the null string.
 #
 #UID0_ACCOUNTS=toor rooty
+UID0_ACCOUNTS=toor
 
 #
 # This option allows the specified accounts to have no password. NIS/YP entries
@@ -1222,3 +1229,6 @@
 #
 #EMPTY_LOGFILES=""
 #MISSING_LOGFILES=""
+
+INSTALLDIR=RKHPREFIX
+USER_FILEPROP_FILES_DIRS=RKHPREFIX/etc/rkhunter.conf




--- files/rkhunter.orig	2014-03-12 20:54:55 UTC
+++ files/rkhunter
@@ -7275,6 +7275,9 @@ download_file() {
 		rm -f "${OUTPUT_FILE}" >/dev/null 2>&1
 
 		case "${RKHWEBCMD_BASE}" in
+		fetch)
+			CMD="${RKHWEBCMD} ${RKHWEBCMD_OPTS} -q -o \"${OUTPUT_FILE}\" ${MIRROR}${URL} 2>/dev/null"
+			;;
 		wget)
 			CMD="${RKHWEBCMD} ${RKHWEBCMD_OPTS} -q -O \"${OUTPUT_FILE}\" ${MIRROR}${URL} 2>/dev/null"
 			;;
@@ -18557,7 +18560,7 @@ REQCMDS="awk cat chmod chown cp cut date egrep grep he
 # List of commands used to download files from the web. This list is 
 # used by the '--update' and '--versioncheck' options. Preferred commands
 # are listed first. This can be overridden by the config file.
-WEBCMDLIST="wget curl elinks links lynx bget GET"
+WEBCMDLIST="fetch wget curl elinks links lynx bget GET"
 
 RKHWEBCMD=""
 RKHWEBCMD_OPTS=""




--- files/rkhunter.conf.orig	2014-01-25 21:29:51 UTC
+++ files/rkhunter.conf
@@ -154,7 +154,7 @@
 # subsequently commented out or removed, then the program will assume a
 # default directory beneath the installation directory.
 #
-#TMPDIR=/var/lib/rkhunter/tmp
+TMPDIR=RKHPREFIX/var/lib/rkhunter/tmp
 
 #
 # This option specifies the database directory to use.
@@ -163,7 +163,7 @@
 # subsequently commented out or removed, then the program will assume a
 # default directory beneath the installation directory.
 #
-#DBDIR=/var/lib/rkhunter/db
+DBDIR=RKHPREFIX/var/lib/rkhunter/db
 
 #
 # This option specifies the script directory to use.
@@ -171,7 +171,7 @@
 # The installer program will set the default directory. If this default is
 # subsequently commented out or removed, then the program will not run.
 #
-#SCRIPTDIR=/usr/local/lib/rkhunter/scripts
+SCRIPTDIR=RKHPREFIX/lib/rkhunter/scripts
 
 #
 # This option can be used to modify the command directory list used by rkhunter
@@ -303,7 +303,7 @@ AUTO_X_DETECT=1
 #
 # The default value is 'no'.
 #
-#ALLOW_SSH_ROOT_USER=no
+ALLOW_SSH_ROOT_USER=unset
 
 #
 # Set this option to '1' to allow the use of the SSH-1 protocol, but note
@@ -317,7 +317,7 @@ AUTO_X_DETECT=1
 #
 # The default value is '0'.
 #
-#ALLOW_SSH_PROT_V1=0
+ALLOW_SSH_PROT_V1=2
 
 #
 # This setting tells rkhunter the directory containing the SSH configuration
@@ -575,6 +575,8 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs delet
 # The default value is the null string.
 #
 #SCRIPTWHITELIST=/usr/bin/groups
+SCRIPTWHITELIST=/usr/bin/whatis
+SCRIPTWHITELIST=/usr/sbin/adduser
 
 #
 # Allow the specified file to have the immutable attribute set.
@@ -584,6 +586,10 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs delet
 # The default value is the null string.
 #
 #IMMUTWHITELIST=/sbin/ifdown
+IMMUTWHITELIST=/usr/bin/login
+IMMUTWHITELIST=/usr/bin/passwd
+IMMUTWHITELIST=/usr/bin/su
+IMMUTWHITELIST=/sbin/init
 
 #
 # If this option is set to '1', then the immutable-bit test is reversed. That
@@ -787,6 +793,7 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs delet
 # The default value is the null string.
 #
 #UID0_ACCOUNTS=toor rooty
+UID0_ACCOUNTS=toor
 
 #
 # This option allows the specified accounts to have no password. NIS/YP entries
@@ -1222,3 +1229,6 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs delet
 #
 #EMPTY_LOGFILES=""
 #MISSING_LOGFILES=""
+
+INSTALLDIR=RKHPREFIX
+USER_FILEPROP_FILES_DIRS=RKHPREFIX/etc/rkhunter.conf




--- installer.sh.orig	2014-02-24 02:37:15 UTC
+++ installer.sh
@@ -392,7 +392,7 @@ selectTemplate() { # Take input from the "--install pa
 	RKHINST_ETC_DIR="${SYSCONFIGDIR}"
 	RKHINST_BIN_DIR="${BINDIR}"
 	RKHINST_SCRIPT_DIR="${LIBDIR}/${APPNAME}/scripts"

 
 	if [ "${RKHINST_LAYOUT}" = "oldschool" ]; then
 		RKHINST_DB_DIR="${VARDIR}/${APPNAME}/db"
@@ -406,12 +406,12 @@ selectTemplate() { # Take input from the "--install pa
 	elif [ "${RKHINST_LAYOUT}" = "TXZ" ]; then
 		RKHINST_DB_DIR="${VARDIR}/lib/${APPNAME}/db"
 		RKHINST_TMP_DIR="${VARDIR}/lib/${APPNAME}/tmp"

 	fi
 
 	RKHINST_LANG_DIR="${RKHINST_DB_DIR}/i18n"
@@ -1099,22 +1099,6 @@ doRemove()  {
 			fi
 		fi
 	done
 
-
-
-	# Application
-	for FILE in ${RKHINST_BIN_FILES}; do
-		if [ -f "${RKHINST_BIN_DIR}/${FILE}" ]; then

-		fi
-	done
-
 
 	# Configuration file
 	for FILE in ${RKHINST_ETC_FILE}; do
 		if [ -f "${RKHINST_ETC_DIR}/${FILE}" ]; then

Lines 30-37 Link Here

(-)security/rkhunter/pkg-plist (-2 / +2 lines)
30	var/lib/rkhunter/db/signatures/RKH_turtle.ldb	30	var/lib/rkhunter/db/signatures/RKH_turtle.ldb
31	var/lib/rkhunter/db/signatures/RKH_xsyslog.ldb	31	var/lib/rkhunter/db/signatures/RKH_xsyslog.ldb
32	var/lib/rkhunter/db/suspscan.dat	32	var/lib/rkhunter/db/suspscan.dat
33	@unexec rm -f %D/var/lib/rkhunter/db/rkhunter_prop_list.dat 2> /dev/null \|\| true	33	@postunexec rm -f %D/var/lib/rkhunter/db/rkhunter_prop_list.dat 2> /dev/null \|\| true
34	@unexec rm -f %D/var/lib/rkhunter/db/rkhunter.dat* 2> /dev/null \|\| true	34	@postunexec rm -f %D/var/lib/rkhunter/db/rkhunter.dat* 2> /dev/null \|\| true
35	var/lib/rkhunter/tmp/group	35	var/lib/rkhunter/tmp/group
36	var/lib/rkhunter/tmp/passwd	36	var/lib/rkhunter/tmp/passwd
37	@dir(,,0750) lib/rkhunter/scripts	37	@dir(,,0750) lib/rkhunter/scripts

Return to bug 219825

Lines 3-9 Link Here

(-)security/rkhunter/Makefile (-3 / +3 lines)
3		3
4	PORTNAME= rkhunter	4	PORTNAME= rkhunter
5	PORTVERSION= 1.4.2	5	PORTVERSION= 1.4.2
6	PORTREVISION= 3	6	PORTREVISION= 4
7	CATEGORIES= security	7	CATEGORIES= security
8	MASTER_SITES= SF	8	MASTER_SITES= SF
9		9
Lines 15-26 Link Here
15	OPTIONS_DEFINE= LSOF NMAP DOCS	15	OPTIONS_DEFINE= LSOF NMAP DOCS
16	OPTIONS_DEFAULT=LSOF	16	OPTIONS_DEFAULT=LSOF
17		17
18	RUN_DEPENDS+= p5-Digest-SHA1>=0:security/p5-Digest-SHA1 \	18	RUN_DEPENDS+= p5-Digest-SHA1>=0:security/p5-Digest-SHA1
19	${LOCALBASE}/bin/wget:ftp/wget
20		19
21	USES= perl5 shebangfix	20	USES= perl5 shebangfix
22	SHEBANG_FILES= files/check_modules.pl files/filehashsha.pl \	21	SHEBANG_FILES= files/check_modules.pl files/filehashsha.pl \
23	files/stat.pl	22	files/stat.pl
		23	NO_ARCH= yes
24	NO_BUILD= yes	24	NO_BUILD= yes
25	SUB_FILES= 415.${PORTNAME}	25	SUB_FILES= 415.${PORTNAME}
26		26

Lines 1-82 Link Here

(-)security/rkhunter/files/patch-files__rkhunter.conf (-82 lines)
1	--- files/rkhunter.conf.orig 2014-01-25 22:29:51.000000000 +0100
2	+++ files/rkhunter.conf 2014-08-11 23:18:14.887973000 +0200
3	@@ -154,7 +154,7 @@
4	# subsequently commented out or removed, then the program will assume a
5	# default directory beneath the installation directory.
6	#
7	-#TMPDIR=/var/lib/rkhunter/tmp
8	+TMPDIR=RKHPREFIX/var/lib/rkhunter/tmp
9
10	#
11	# This option specifies the database directory to use.
12	@@ -163,7 +163,7 @@
13	# subsequently commented out or removed, then the program will assume a
14	# default directory beneath the installation directory.
15	#
16	-#DBDIR=/var/lib/rkhunter/db
17	+DBDIR=RKHPREFIX/var/lib/rkhunter/db
18
19	#
20	# This option specifies the script directory to use.
21	@@ -171,7 +171,7 @@
22	# The installer program will set the default directory. If this default is
23	# subsequently commented out or removed, then the program will not run.
24	#
25	-#SCRIPTDIR=/usr/local/lib/rkhunter/scripts
26	+SCRIPTDIR=RKHPREFIX/lib/rkhunter/scripts
27
28	#
29	# This option can be used to modify the command directory list used by rkhunter
30	@@ -303,7 +303,7 @@
31	#
32	# The default value is 'no'.
33	#
34	-#ALLOW_SSH_ROOT_USER=no
35	+ALLOW_SSH_ROOT_USER=unset
36
37	#
38	# Set this option to '1' to allow the use of the SSH-1 protocol, but note
39	@@ -317,7 +317,7 @@
40	#
41	# The default value is '0'.
42	#
43	-#ALLOW_SSH_PROT_V1=0
44	+ALLOW_SSH_PROT_V1=2
45
46	#
47	# This setting tells rkhunter the directory containing the SSH configuration
48	@@ -575,6 +575,8 @@
49	# The default value is the null string.
50	#
51	#SCRIPTWHITELIST=/usr/bin/groups
52	+SCRIPTWHITELIST=/usr/bin/whatis
53	+SCRIPTWHITELIST=/usr/sbin/adduser
54
55	#
56	# Allow the specified file to have the immutable attribute set.
57	@@ -584,6 +586,10 @@
58	# The default value is the null string.
59	#
60	#IMMUTWHITELIST=/sbin/ifdown
61	+IMMUTWHITELIST=/usr/bin/login
62	+IMMUTWHITELIST=/usr/bin/passwd
63	+IMMUTWHITELIST=/usr/bin/su
64	+IMMUTWHITELIST=/sbin/init
65
66	#
67	# If this option is set to '1', then the immutable-bit test is reversed. That
68	@@ -787,6 +793,7 @@
69	# The default value is the null string.
70	#
71	#UID0_ACCOUNTS=toor rooty
72	+UID0_ACCOUNTS=toor
73
74	#
75	# This option allows the specified accounts to have no password. NIS/YP entries
76	@@ -1222,3 +1229,6 @@
77	#
78	#EMPTY_LOGFILES=""
79	#MISSING_LOGFILES=""
80	+
81	+INSTALLDIR=RKHPREFIX
82	+USER_FILEPROP_FILES_DIRS=RKHPREFIX/etc/rkhunter.conf

Line 0 Link Here

(-)security/rkhunter/files/patch-files_rkhunter (+21 lines)
	1	--- files/rkhunter.orig 2014-03-12 20:54:55 UTC
	2	+++ files/rkhunter
	3	@@ -7275,6 +7275,9 @@ download_file() {
	4	rm -f "${OUTPUT_FILE}" >/dev/null 2>&1
	5
	6	case "${RKHWEBCMD_BASE}" in
	7	+ fetch)
	8	+ CMD="${RKHWEBCMD} ${RKHWEBCMD_OPTS} -q -o \"${OUTPUT_FILE}\" ${MIRROR}${URL} 2>/dev/null"
	9	+ ;;
	10	wget)
	11	CMD="${RKHWEBCMD} ${RKHWEBCMD_OPTS} -q -O \"${OUTPUT_FILE}\" ${MIRROR}${URL} 2>/dev/null"
	12	;;
	13	@@ -18557,7 +18560,7 @@ REQCMDS="awk cat chmod chown cp cut date egrep grep he
	14	# List of commands used to download files from the web. This list is
	15	# used by the '--update' and '--versioncheck' options. Preferred commands
	16	# are listed first. This can be overridden by the config file.
	17	-WEBCMDLIST="wget curl elinks links lynx bget GET"
	18	+WEBCMDLIST="fetch wget curl elinks links lynx bget GET"
	19
	20	RKHWEBCMD=""
	21	RKHWEBCMD_OPTS=""

Line 0 Link Here

(-)security/rkhunter/files/patch-files_rkhunter.conf (+82 lines)
		1	--- files/rkhunter.conf.orig 2014-01-25 21:29:51 UTC
		2	+++ files/rkhunter.conf
		3	@@ -154,7 +154,7 @@
		4	# subsequently commented out or removed, then the program will assume a
		5	# default directory beneath the installation directory.
		6	#
		7	-#TMPDIR=/var/lib/rkhunter/tmp
		8	+TMPDIR=RKHPREFIX/var/lib/rkhunter/tmp
		9
		10	#
		11	# This option specifies the database directory to use.
		12	@@ -163,7 +163,7 @@
		13	# subsequently commented out or removed, then the program will assume a
		14	# default directory beneath the installation directory.
		15	#
		16	-#DBDIR=/var/lib/rkhunter/db
		17	+DBDIR=RKHPREFIX/var/lib/rkhunter/db
		18
		19	#
		20	# This option specifies the script directory to use.
		21	@@ -171,7 +171,7 @@
		22	# The installer program will set the default directory. If this default is
		23	# subsequently commented out or removed, then the program will not run.
		24	#
		25	-#SCRIPTDIR=/usr/local/lib/rkhunter/scripts
		26	+SCRIPTDIR=RKHPREFIX/lib/rkhunter/scripts
		27
		28	#
		29	# This option can be used to modify the command directory list used by rkhunter
		30	@@ -303,7 +303,7 @@ AUTO_X_DETECT=1
		31	#
		32	# The default value is 'no'.
		33	#
		34	-#ALLOW_SSH_ROOT_USER=no
		35	+ALLOW_SSH_ROOT_USER=unset
		36
		37	#
		38	# Set this option to '1' to allow the use of the SSH-1 protocol, but note
		39	@@ -317,7 +317,7 @@ AUTO_X_DETECT=1
		40	#
		41	# The default value is '0'.
		42	#
		43	-#ALLOW_SSH_PROT_V1=0
		44	+ALLOW_SSH_PROT_V1=2
		45
		46	#
		47	# This setting tells rkhunter the directory containing the SSH configuration
		48	@@ -575,6 +575,8 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs delet
		49	# The default value is the null string.
		50	#
		51	#SCRIPTWHITELIST=/usr/bin/groups
		52	+SCRIPTWHITELIST=/usr/bin/whatis
		53	+SCRIPTWHITELIST=/usr/sbin/adduser
		54
		55	#
		56	# Allow the specified file to have the immutable attribute set.
		57	@@ -584,6 +586,10 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs delet
		58	# The default value is the null string.
		59	#
		60	#IMMUTWHITELIST=/sbin/ifdown
		61	+IMMUTWHITELIST=/usr/bin/login
		62	+IMMUTWHITELIST=/usr/bin/passwd
		63	+IMMUTWHITELIST=/usr/bin/su
		64	+IMMUTWHITELIST=/sbin/init
65
66	#
67	# If this option is set to '1', then the immutable-bit test is reversed. That
68	@@ -787,6 +793,7 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs delet
69	# The default value is the null string.
70	#
71	#UID0_ACCOUNTS=toor rooty
72	+UID0_ACCOUNTS=toor
73
74	#
75	# This option allows the specified accounts to have no password. NIS/YP entries
76	@@ -1222,3 +1229,6 @@ DISABLE_TESTS=suspscan hidden_ports hidden_procs delet
77	#
78	#EMPTY_LOGFILES=""
79	#MISSING_LOGFILES=""
80	+
81	+INSTALLDIR=RKHPREFIX
82	+USER_FILEPROP_FILES_DIRS=RKHPREFIX/etc/rkhunter.conf

Lines 1-6 Link Here

(-)security/rkhunter/files/patch-installer.sh (-8 / +8 lines)
1	--- ./installer.sh.orig 2012-04-27 00:10:12.000000000 +0200	1	--- installer.sh.orig 2014-02-24 02:37:15 UTC
2	+++ ./installer.sh 2012-07-03 23:56:30.000000000 +0200	2	+++ installer.sh
3	@@ -392,7 +392,7 @@	3	@@ -392,7 +392,7 @@ selectTemplate() { # Take input from the "--install pa
4	RKHINST_ETC_DIR="${SYSCONFIGDIR}"	4	RKHINST_ETC_DIR="${SYSCONFIGDIR}"
5	RKHINST_BIN_DIR="${BINDIR}"	5	RKHINST_BIN_DIR="${BINDIR}"
6	RKHINST_SCRIPT_DIR="${LIBDIR}/${APPNAME}/scripts"	6	RKHINST_SCRIPT_DIR="${LIBDIR}/${APPNAME}/scripts"
Lines 9-15 Link Here
9		9
10	if [ "${RKHINST_LAYOUT}" = "oldschool" ]; then	10	if [ "${RKHINST_LAYOUT}" = "oldschool" ]; then
11	RKHINST_DB_DIR="${VARDIR}/${APPNAME}/db"	11	RKHINST_DB_DIR="${VARDIR}/${APPNAME}/db"
12	@@ -406,12 +406,12 @@	12	@@ -406,12 +406,12 @@ selectTemplate() { # Take input from the "--install pa
13	elif [ "${RKHINST_LAYOUT}" = "TXZ" ]; then	13	elif [ "${RKHINST_LAYOUT}" = "TXZ" ]; then
14	RKHINST_DB_DIR="${VARDIR}/lib/${APPNAME}/db"	14	RKHINST_DB_DIR="${VARDIR}/lib/${APPNAME}/db"
15	RKHINST_TMP_DIR="${VARDIR}/lib/${APPNAME}/tmp"	15	RKHINST_TMP_DIR="${VARDIR}/lib/${APPNAME}/tmp"
Lines 24-34 Link Here
24	fi	24	fi
25		25
26	RKHINST_LANG_DIR="${RKHINST_DB_DIR}/i18n"	26	RKHINST_LANG_DIR="${RKHINST_DB_DIR}/i18n"
27	@@ -1076,22 +1076,6 @@	27	@@ -1099,22 +1099,6 @@ doRemove() {
		28	fi
28	fi	29	fi
29	done	30	done
30
31	-	31	-
		32	-
32	- # Application	33	- # Application
33	- for FILE in ${RKHINST_BIN_FILES}; do	34	- for FILE in ${RKHINST_BIN_FILES}; do
34	- if [ -f "${RKHINST_BIN_DIR}/${FILE}" ]; then	35	- if [ -f "${RKHINST_BIN_DIR}/${FILE}" ]; then
Lines 43-49 Link Here
43	- fi	44	- fi
44	- done	45	- done
45	-	46	-
46	-	47
47	# Configuration file	48	# Configuration file
48	for FILE in ${RKHINST_ETC_FILE}; do	49	for FILE in ${RKHINST_ETC_FILE}; do
49	if [ -f "${RKHINST_ETC_DIR}/${FILE}" ]; then