Bug 220765 - security/rkhunter: Update to 1.4.4
Summary: security/rkhunter: Update to 1.4.4
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Danilo G. Baio
Keywords: easy
Depends on:
Reported: 2017-07-16 14:50 UTC by Lukasz Wasikowski
Modified: 2017-07-18 23:32 UTC (History)
2 users (show)

See Also:
koobs: maintainer-feedback+

svn diff updating rkhunter to 1.4.4 (1.50 KB, patch)
2017-07-16 14:50 UTC, Lukasz Wasikowski
lukasz: maintainer-approval+
Details | Diff
svn diff updating rkhunter to 1.4.4 (1.50 KB, patch)
2017-07-16 15:01 UTC, Lukasz Wasikowski
lukasz: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Lukasz Wasikowski 2017-07-16 14:50:46 UTC
Created attachment 184397 [details]
svn diff updating rkhunter to 1.4.4

Update rkhunter to the latest version.


* 1.4.4 (29/06/2017)

 - Added the GLOBSTAR configuration file option. This will set the
   shells globstar option to allow recursive checks of directories.
   By default this option is disabled.
 - Added a Japanese translation file.
 - Added support for the 'BSDng' package manager option. This can
   be used by those *BSD systems which have the 'pkg' command
   available (currently later FreeBSD systems).
 - The BSD package manager will now try the 'pkg_info' command '-W'
   option if the '-F' option fails.
 - Added the LOCKDIR configuration option. It is now possible to
   specify the directory rkhunter will use to store the lock file
   (if USE_LOCKING has been set). The default is unset, and this
   will cause rkhunter to look for a directory to use. Details are
   in the configuration file.
 - Added the ALLOWIPCPROC configuration file option. This can be
   used to whitelist suspicious processes using shared memory
   segments (found during the 'ipc_shared_mem' check).

 - The DISABLE_UNHIDE option has been removed from the configuration
   file. It is no longer required as disabling the 'hidden_procs' or
   'hidden_ports' tests has the same effect.
 - The installer now installs directories and executable files with
   mode 700, other files are set as mode 600. The man page is left
   at mode 644. The documentation directory is mode 755, and the
   files within it are mode 644. The 'rkhunter' program itself will
   set the mode of copied files to 600 (for example log files, and
   the passwd/group files).
 - By default the 'apps' test is now disabled in the configuration
 - The default hash function for the file properties test, given by
   the HASH_CMD option in the configuration file, has now changed
   to SHA256. It was previously SHA1, or MD5 if SHA1 was not found.
 - Previously the lock file (if locking was used) was just an empty
   file. It now contains the PID of the running process.
 - The 'system_configs' test name has now been changed into a test
   group consisting of the two tests 'system_configs_ssh' and
   'system_configs_syslog'. Each test may now be enabled or disabled
 - The 'other_malware' test name has been removed, and replaced by
   the 'login_backdoors', 'sniffer_logs', 'tripwire', 'susp_dirs'
   and 'ipc_shared_mem' test names. These are now all part of the
   'malware' test group.

 - Ensure that 'lsof' errors are not displayed.
 - Ensure that 'ipcs' errors and the locale are handled correctly.
 - Correct broken pipe errors in some commands.
 - For Solaris users set the 'awk' command very early on so that
   option processing works correctly.
 - The ALLOWPROCDELFILE option was not handling multiple pathnames
   or wildcards correctly. It was also not handling the option
   pathnames correctly.
 - The SCANROOTKITMODE configuration option was never actually read
   as a configuration option.
 - The '--config-check'/'-C' option could produce incorrect error
   messages in certain circumstances.
 - Setting the ALLOW_SSH_PROT_V1 option to '2' could cause warning
   messages when SSH protocol 1 was allowed.
 - Allow Linux 'grep' to work correctly with binary (i18n) files.
 - Multiple UID0_ACCOUNTS and PWDLESS_ACCOUNTS options were not being
   handled correctly.
 - Uppercase test names were not being handled correctly.
 - Changed the 'logger' command tag from 'Rootkit Hunter' to 'rkhunter'
   to avoid problems with spaces.
 - Ensure that 'fdescfs' filesystems are correctly detected.
 - To try and avoid colour escape sequences being logged, both of
   the variables CLICOLOR and CLICOLOR_FORCE are unset for *BSD and
   SunOS systems.
 - The 'startup_malware' and 'possible_rkt_strings' checks will now
   check systemd startup scripts if they are located in the 
   '/etc/systemd/system' directory.
 - The 'sockstat' command output on BSD systems can become corrupted
   if a username is very long. This is now detected, and processed
 - The 'shared_libs' test now recognises comments in the preload file.
 - The ALLOWPROMISCIF configuration option was not handling multiple
   occurrences correctly. This has now been corrected.
 - Tighten up the input verification check on the mirror file to
   ensure that only URL's are used as a mirror. (CVE-2017-7480)
 - The BSD package manager seemed to be needlessly stripping out
   parts of package names on NetBSD systems. It no longer does this.
 - In certain cases it was possible for certain tests to not display
   any output. This has now been corrected.
 - The installer did not always add the 'rkhunter.d' directory, if
   it existed, to the main configuration file for monitoring.
Comment 1 Lukasz Wasikowski 2017-07-16 14:53:38 UTC
portlint: OK (looks fine.)
testport: OK (poudriere: 10.3 and 11.0 on amd64 tested)
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2017-07-16 14:56:36 UTC
Thank you Lukasz

Minor nit:

- Remove or reset PORTREVISION when updating PORTVERSION
Comment 3 Lukasz Wasikowski 2017-07-16 14:58:55 UTC
(In reply to Kubilay Kocak from comment #2)

My bad, thank you for noticing that.
Comment 4 Lukasz Wasikowski 2017-07-16 15:01:40 UTC
Created attachment 184399 [details]
svn diff updating rkhunter to 1.4.4

Comment 5 commit-hook freebsd_committer 2017-07-16 22:39:54 UTC
A commit references this bug:

Author: dbaio
Date: Sun Jul 16 22:39:04 UTC 2017
New revision: 446048
URL: https://svnweb.freebsd.org/changeset/ports/446048

  security/rkhunter: Update to 1.4.4

  While here, improve LICENSE

  Changes:	http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/CHANGELOG

  PR:		220765
  Submitted by:	Lukasz Wasikowski <lukasz@wasikowski.net> (maintainer)
  Approved by:	garga (mentor, implicit)

Comment 6 Danilo G. Baio freebsd_committer 2017-07-16 22:40:38 UTC
Committed with minor changes (License), thanks.
Comment 7 commit-hook freebsd_committer 2017-07-18 23:32:19 UTC
A commit references this bug:

Author: dbaio
Date: Tue Jul 18 23:31:42 UTC 2017
New revision: 50520
URL: https://svnweb.freebsd.org/changeset/doc/50520

  Add Lukasz Wasikowski to contributors for security/rkhunter

  He is also maintainer of these ports:

  PR:		220765
  Approved by:	garga (mentor)
  Differential Revision:	https://reviews.freebsd.org/D11613