FreeBSD Bugzilla – Attachment 111361 Details for
Bug 152607
[patch] security/rkhunter: update to 1.3.8
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
rkhunter-1.3.8.patch
rkhunter-1.3.8.patch (text/plain), 12.13 KB, created by
Sofian Brabez
on 2010-11-27 01:00:33 UTC
(
hide
)
Description:
rkhunter-1.3.8.patch
Filename:
MIME Type:
Creator:
Sofian Brabez
Created:
2010-11-27 01:00:33 UTC
Size:
12.13 KB
patch
obsolete
>diff -ruN --exclude=CVS /usr/ports/security/rkhunter/Makefile /tmp/rkhunter/Makefile >--- /usr/ports/security/rkhunter/Makefile 2010-01-25 09:34:48.000000000 +0100 >+++ /tmp/rkhunter/Makefile 2010-11-25 02:01:44.000000000 +0100 >@@ -6,7 +6,7 @@ > # > > PORTNAME= rkhunter >-PORTVERSION= 1.3.6 >+PORTVERSION= 1.3.8 > CATEGORIES= security > MASTER_SITES= SF > >@@ -21,12 +21,11 @@ > > USE_PERL5= yes > NO_BUILD= yes >-SUB_FILES= 415.rkhunter >+SUB_FILES= 415.${PORTNAME} > >-MAN8= rkhunter.8 >+MAN8= ${PORTNAME}.8 > MANCOMPRESSED= no > >-DOCSDIR= ${PREFIX}/share/doc/${PORTNAME}-${PORTVERSION} > PORTDOCS= ACKNOWLEDGMENTS CHANGELOG FAQ LICENSE README > > .include <bsd.port.pre.mk> >@@ -45,10 +44,10 @@ > > do-install: > cd ${WRKSRC} && ./installer.sh --layout custom ${PREFIX} --install >- ${INSTALL_MAN} ${WRKSRC}/files/rkhunter.8 \ >+ ${INSTALL_MAN} ${WRKSRC}/files/${PORTNAME}.8 \ > ${MAN8PREFIX}/man/man8 > @${MKDIR} ${PREFIX}/etc/periodic/security >- ${INSTALL_SCRIPT} ${WRKDIR}/415.rkhunter ${PREFIX}/etc/periodic/security >+ ${INSTALL_SCRIPT} ${WRKDIR}/415.${PORTNAME} ${PREFIX}/etc/periodic/security > .if !defined(NOPORTDOCS) > @${MKDIR} ${DOCSDIR} > ${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/files/|} ${DOCSDIR} >diff -ruN --exclude=CVS /usr/ports/security/rkhunter/distinfo /tmp/rkhunter/distinfo >--- /usr/ports/security/rkhunter/distinfo 2010-01-25 09:34:48.000000000 +0100 >+++ /tmp/rkhunter/distinfo 2010-11-25 00:12:05.000000000 +0100 >@@ -1,3 +1,2 @@ >-MD5 (rkhunter-1.3.6.tar.gz) = 41bd92b1ea0803401c4a45215c8293a2 >-SHA256 (rkhunter-1.3.6.tar.gz) = e3f5e21307e4876da4bc4a1521a86f1cda93ad22d4c77366876d7c170dcefc10 >-SIZE (rkhunter-1.3.6.tar.gz) = 217691 >+SHA256 (rkhunter-1.3.8.tar.gz) = fb1fb8bac53bab476142b5556140c59d589bc0f45d3dc058f400f2edada77a33 >+SIZE (rkhunter-1.3.8.tar.gz) = 241551 >diff -ruN --exclude=CVS /usr/ports/security/rkhunter/files/415.rkhunter.in /tmp/rkhunter/files/415.rkhunter.in >--- /usr/ports/security/rkhunter/files/415.rkhunter.in 2008-01-07 19:50:36.000000000 +0100 >+++ /tmp/rkhunter/files/415.rkhunter.in 2010-11-25 03:19:26.000000000 +0100 >@@ -5,7 +5,9 @@ > # This is a maintenance shell script for the rkhunter security tool. > # You can enable this script in /etc/periodic.conf file by putting these lines into it: > # daily_rkhunter_update_enable="YES" >+# daily_rkhunter_update_flags="--update --nocolors" > # daily_rkhunter_check_enable="YES" >+# daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress" > # > # Written by: Gabor Kovesdan <gabor@FreeBSD.org> > >@@ -14,12 +16,15 @@ > source_periodic_confs > fi > >+: ${daily_rkhunter_update_flags="--update --nocolors"} >+: ${daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"} >+ > case "$daily_rkhunter_update_enable" in > [Yy][Ee][Ss]) > > echo "" > echo "Updating the rkhunter database..." >- %%PREFIX%%/bin/rkhunter --update --nocolors >+ %%PREFIX%%/bin/rkhunter ${daily_rkhunter_update_flags} > ;; > esac > >@@ -28,6 +33,6 @@ > > echo "" > echo "Running rkhunter..." >- %%PREFIX%%/bin/rkhunter --checkall --nocolors --skip-keypress >+ %%PREFIX%%/bin/rkhunter ${daily_rkhunter_check_flags} > ;; > esac >diff -ruN --exclude=CVS /usr/ports/security/rkhunter/files/patch-files__rkhunter.conf /tmp/rkhunter/files/patch-files__rkhunter.conf >--- /usr/ports/security/rkhunter/files/patch-files__rkhunter.conf 1970-01-01 01:00:00.000000000 +0100 >+++ /tmp/rkhunter/files/patch-files__rkhunter.conf 2010-11-27 02:40:12.000000000 +0100 >@@ -0,0 +1,62 @@ >+--- ./files/rkhunter.conf.orig 2010-11-13 21:25:22.000000000 +0100 >++++ ./files/rkhunter.conf 2010-11-27 02:39:40.000000000 +0100 >+@@ -93,7 +93,7 @@ >+ # important files will be written to this directory, so be >+ # sure that the directory permissions are tight. >+ # >+-#TMPDIR=/var/lib/rkhunter/tmp >++TMPDIR=/root >+ >+ # >+ # Specify the database directory to use. >+@@ -213,7 +213,8 @@ >+ # file, then a value here of 'unset' can be used to avoid warning messages. >+ # This option has a default value of 'no'. >+ # >+-ALLOW_SSH_ROOT_USER=no >++#ALLOW_SSH_ROOT_USER=no >++ALLOW_SSH_ROOT_USER=unset >+ >+ # >+ # Set this option to '1' to allow the use of the SSH-1 protocol, but note >+@@ -224,7 +225,8 @@ >+ # configuration file, then a value of '2' may be set here in order to >+ # suppress a warning message. This option has a default value of '0'. >+ # >+-ALLOW_SSH_PROT_V1=0 >++#ALLOW_SSH_PROT_V1=0 >++ALLOW_SSH_PROT_V1=2 >+ >+ # >+ # This setting tells rkhunter the directory containing the SSH configuration >+@@ -466,6 +468,10 @@ >+ # >+ #SCRIPTWHITELIST="/sbin/ifup /sbin/ifdown" >+ #SCRIPTWHITELIST="/usr/bin/groups" >++SCRIPTWHITELIST=/usr/bin/whatis >++SCRIPTWHITELIST=/usr/sbin/adduser >++SCRIPTWHITELIST=/usr/local/bin/GET >++SCRIPTWHITELIST=/usr/local/sbin/pkgdb >+ >+ # >+ # Allow the specified commands to have the immutable attribute set. >+@@ -475,6 +481,10 @@ >+ # characters. >+ # >+ #IMMUTWHITELIST="/sbin/ifup /sbin/ifdown" >++IMMUTWHITELIST=/usr/bin/login >++IMMUTWHITELIST=/usr/bin/passwd >++IMMUTWHITELIST=/usr/bin/su >++IMMUTWHITELIST=/sbin/init >+ >+ # >+ # If this option is set to 1, then the immutable-bit test is >+@@ -665,7 +675,7 @@ >+ # NOTE: For *BSD systems you will probably need to use this option >+ # for the 'toor' account. >+ # >+-#UID0_ACCOUNTS="toor rooty" >++UID0_ACCOUNTS="toor" >+ >+ # >+ # Allow the following accounts to have no password. NIS/YP entries do >diff -ruN --exclude=CVS /usr/ports/security/rkhunter/files/patch-installer.sh /tmp/rkhunter/files/patch-installer.sh >--- /usr/ports/security/rkhunter/files/patch-installer.sh 2010-01-25 09:34:48.000000000 +0100 >+++ /tmp/rkhunter/files/patch-installer.sh 2010-11-27 02:40:12.000000000 +0100 >@@ -1,26 +1,38 @@ >---- installer.sh.orig 2010-01-23 12:14:34.000000000 +0000 >-+++ installer.sh 2010-01-23 12:14:51.000000000 +0000 >-@@ -657,22 +657,7 @@ >+--- ./installer.sh.orig 2010-11-16 22:34:48.000000000 +0100 >++++ ./installer.sh 2010-11-27 02:40:03.000000000 +0100 >+@@ -366,10 +366,10 @@ >+ else >+ RKHINST_DB_DIR="${VARDIR}/lib/${APPNAME}/db" >+ RKHINST_TMP_DIR="${VARDIR}/lib/${APPNAME}/tmp" >+- RKHINST_DOC_DIR="${SHAREDIR}/doc/${APPNAME}-${APPVERSION}" >++ RKHINST_DOC_DIR="${SHAREDIR}/doc/${APPNAME}" >+ fi >+ >+- RKHINST_MAN_DIR="${SHAREDIR}/man/man8" >++ RKHINST_MAN_DIR="${PREFIX}/man/man8" >+ RKHINST_LANG_DIR="${RKHINST_DB_DIR}/i18n" >+ >+ RKHINST_ETC_FILE="${APPNAME}.conf" >+@@ -765,22 +765,6 @@ > esac > done > > - > - # Application documents > - for FILE in ${RKHINST_DOC_FILES}; do >-- cp -f ./files/"${FILE}" "${RKHINST_DOC_DIR}" >+- cp -f ./files/"${FILE}" "${RKHINST_DOC_DIR}" >/dev/null 2>&1 > - ERRCODE=$? > - > - if [ $ERRCODE -eq 0 ]; then > - echo " Installing ${FILE}: OK" > - chmod "${RKHINST_MODE_RWR}" "${RKHINST_DOC_DIR}/${FILE}" > - else >-- echo " Installing ${FILE}: FAILED: Code $ERRCODE: exiting." >+- echo " Installing ${FILE}: FAILED: Code $ERRCODE" > - exit 1 > - fi > - done > - > - >-+ > # Language support files > ERRCODE=0 > >diff -ruN --exclude=CVS /usr/ports/security/rkhunter/files/patch-rkhunter /tmp/rkhunter/files/patch-rkhunter >--- /usr/ports/security/rkhunter/files/patch-rkhunter 2009-03-16 23:01:34.000000000 +0100 >+++ /tmp/rkhunter/files/patch-rkhunter 1970-01-01 01:00:00.000000000 +0100 >@@ -1,13 +0,0 @@ >---- files/rkhunter.orig 2009-02-17 14:24:32.000000000 -0500 >-+++ files/rkhunter 2009-02-17 14:25:25.000000000 -0500 >-@@ -8448,8 +8448,8 @@ >- SOCKSTAT_CMD=`find_cmd sockstat` >- >- if [ -n "${SOCKSTAT_CMD}" -a -n "${NETSTAT_CMD}" -a -n "${SORT_CMD}" -a -n "${UNIQ_CMD}" ]; then >-- SOCKSTAT_OUTPUT=`${SOCKSTAT_CMD} -n | grep '\*[:.]\*' | cut -c1-55 | grep '\*[:.]' | cut -c39-47 | grep -v '\*' | tr -d ' ' | ${SORT_CMD} | ${UNIQ_CMD}` >-- NETSTAT_OUTPUT=`${NETSTAT_CMD} -an | egrep -v 'TIME_WAIT|ESTABLISHED|SYN_SENT|CLOSE_WAIT|LAST_ACK|SYN_RECV|CLOSING' | cut -c1-44 | grep '\*\.' | cut -c24-32 | grep -v '\*' | tr -d ' ' | tr -d '\t' | ${SORT_CMD} | ${UNIQ_CMD}` >-+ SOCKSTAT_OUTPUT=`${SOCKSTAT_CMD} | grep '\*[:.]\*' | cut -c1-55 | grep '\*[:.]' | cut -c39-47 | grep -v '\*' | tr -d ' ' | ${SORT_CMD} | ${UNIQ_CMD}` >-+ NETSTAT_OUTPUT=`${NETSTAT_CMD} -an | egrep -v 'TIME_WAIT|ESTABLISHED|SYN_SENT|CLOSE_WAIT|LAST_ACK|SYN_RECV|CLOSING' | cut -c1-44 | grep '\*\.' | cut -c23-31 | grep -v '\*' | tr -d ' ' | tr -d '\t' | tr -d '.' | ${SORT_CMD} | ${UNIQ_CMD}` >- >- if [ "${SOCKSTAT_OUTPUT}" = "${NETSTAT_OUTPUT}" ]; then >- display --to SCREEN+LOG --type PLAIN --result OK --color GREEN --log-indent 2 --screen-indent 4 ROOTKIT_OS_BSD_SOCKNET >diff -ruN --exclude=CVS /usr/ports/security/rkhunter/files/patch-rkhunter.conf /tmp/rkhunter/files/patch-rkhunter.conf >--- /usr/ports/security/rkhunter/files/patch-rkhunter.conf 2008-04-29 13:51:34.000000000 +0200 >+++ /tmp/rkhunter/files/patch-rkhunter.conf 1970-01-01 01:00:00.000000000 +0100 >@@ -1,59 +0,0 @@ >---- files/rkhunter.conf.orig 2008-03-14 10:19:30.000000000 +0100 >-+++ files/rkhunter.conf 2008-03-14 10:21:43.000000000 +0100 >-@@ -76,6 +76,7 @@ >- # sure that the directory permissions are tight. >- # >- #TMPDIR=/var/lib/rkhunter/tmp >-+TMPDIR=/root >- >- # >- # Specify the database directory to use. >-@@ -154,7 +155,8 @@ >- # file, then a value here of 'yes' or 'unset' will not cause a warning. >- # This option has a default value of 'no'. >- # >--ALLOW_SSH_ROOT_USER=no >-+#ALLOW_SSH_ROOT_USER=no >-+ALLOW_SSH_ROOT_USER=unset >- >- # >- # Set this option to '1' to allow the use of the SSH-1 protocol, but note >-@@ -165,7 +167,8 @@ >- # configuration file, then a value of '2' may be set here in order to >- # suppress a warning message. This option has a default value of '0'. >- # >--ALLOW_SSH_PROT_V1=0 >-+#ALLOW_SSH_PROT_V1=0 >-+ALLOW_SSH_PROT_V1=2 >- >- # >- # This setting tells rkhunter the directory containing the SSH configuration >-@@ -278,12 +281,20 @@ >- #SCRIPTWHITELIST=/sbin/ifup >- #SCRIPTWHITELIST=/sbin/ifdown >- #SCRIPTWHITELIST=/usr/bin/groups >-+SCRIPTWHITELIST=/usr/bin/whatis >-+SCRIPTWHITELIST=/usr/sbin/adduser >-+SCRIPTWHITELIST=/usr/local/bin/GET >-+SCRIPTWHITELIST=/usr/local/sbin/pkgdb >- >- # >- # Allow the specified commands to have the immutable attribute set. >- # One command per line (use multiple IMMUTWHITELIST lines). >- # >- #IMMUTWHITELIST=/sbin/ifup >-+IMMUTWHITELIST=/usr/bin/login >-+IMMUTWHITELIST=/usr/bin/passwd >-+IMMUTWHITELIST=/usr/bin/su >-+IMMUTWHITELIST=/sbin/init >- >- # >- # Allow the specified hidden directories. >-@@ -434,6 +445,7 @@ >- # Note: For *BSD systems you may need to enable this for the 'toor' account. >- # >- #UID0_ACCOUNTS="toor rooty" >-+UID0_ACCOUNTS="toor" >- >- # >- # Allow the following accounts to have no password. This option is a >diff -ruN --exclude=CVS /usr/ports/security/rkhunter/pkg-message /tmp/rkhunter/pkg-message >--- /usr/ports/security/rkhunter/pkg-message 2006-09-10 17:40:17.000000000 +0200 >+++ /tmp/rkhunter/pkg-message 2010-11-25 03:23:29.000000000 +0100 >@@ -5,10 +5,12 @@ > This can be done automatically by putting this line to /etc/periodic.conf: > > daily_rkhunter_update_enable="YES" >+daily_rkhunter_update_flags="--update --nocolors" > > Also, you can run rkhunter as a part of the daily security check by > putting this line to /etc/periodic.conf: > > daily_rkhunter_check_enable="YES" >+daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress" > > ****************************************************************************** >diff -ruN --exclude=CVS /usr/ports/security/rkhunter/pkg-plist /tmp/rkhunter/pkg-plist >--- /usr/ports/security/rkhunter/pkg-plist 2010-01-25 09:34:48.000000000 +0100 >+++ /tmp/rkhunter/pkg-plist 2010-11-27 02:50:54.000000000 +0100 >@@ -1,10 +1,9 @@ >+@comment $FreeBSD$ > bin/rkhunter > etc/periodic/security/415.rkhunter > etc/rkhunter.conf > lib/rkhunter/scripts/check_modules.pl >-lib/rkhunter/scripts/filehashmd5.pl > lib/rkhunter/scripts/filehashsha.pl >-lib/rkhunter/scripts/filehashsha1.pl > lib/rkhunter/scripts/readlink.sh > lib/rkhunter/scripts/stat.pl > var/lib/rkhunter/db/backdoorports.dat >@@ -16,16 +15,17 @@ > var/lib/rkhunter/db/mirrors.dat > var/lib/rkhunter/db/programs_bad.dat > var/lib/rkhunter/db/suspscan.dat >+@unexec rm -f %D/var/lib/rkhunter/db/rkhunter_prop_list.dat 2> /dev/null || true > var/lib/rkhunter/tmp/group > var/lib/rkhunter/tmp/passwd >-@dirrm var/lib/rkhunter/tmp >-@dirrm var/lib/rkhunter/db/i18n > @dirrmtry etc/periodic/security > @dirrmtry etc/periodic >+@dirrmtry share/doc/rkhunter >+@dirrm var/lib/rkhunter/tmp >+@dirrm var/lib/rkhunter/db/i18n > @dirrm var/lib/rkhunter/db > @dirrm var/lib/rkhunter > @dirrm var/lib > @dirrm var >-@dirrm share/doc/rkhunter-1.3.6 > @dirrm lib/rkhunter/scripts > @dirrm lib/rkhunter
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=111361">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 152607
: 111361