author: Philippe Audeoud <jadawin@FreeBSD.org> 2010-12-02 08:42:37 +0000
committer: Philippe Audeoud <jadawin@FreeBSD.org> 2010-12-02 08:42:37 +0000
commit: d94173d3703671d7ab18d0a3b656a0ce75a49b97 (patch)
tree: 2d3a32a5c65264a9fc536538e8512953720d4fcb /security/rkhunter/files
parent: e2b8c39eb58668c160fd0fe6f9e5a318b2999a8a (diff)
4 files changed, 46 insertions, 39 deletions
diff --git a/security/rkhunter/files/415.rkhunter.in b/security/rkhunter/files/415.rkhunter.in
index fa1b27598118..c67dd0d734b7 100644
--- a/security/rkhunter/files/415.rkhunter.in
+++ b/security/rkhunter/files/415.rkhunter.in
@@ -5,7 +5,9 @@
 # This is a maintenance shell script for the rkhunter security tool.
 # You can enable this script in /etc/periodic.conf file by putting these lines into it:
 #	daily_rkhunter_update_enable="YES"
+#	daily_rkhunter_update_flags="--update --nocolors"
 #	daily_rkhunter_check_enable="YES"
+#	daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"
 #
 # Written by: Gabor Kovesdan <gabor@FreeBSD.org>
 
@@ -14,12 +16,15 @@ if [ -r /etc/defaults/periodic.conf ]; then
    source_periodic_confs
 fi
 
+: ${daily_rkhunter_update_flags="--update --nocolors"}
+: ${daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"}
+
 case "$daily_rkhunter_update_enable" in
   [Yy][Ee][Ss])
 
 	echo ""
 	echo "Updating the rkhunter database..."
-	%%PREFIX%%/bin/rkhunter --update --nocolors
+	%%PREFIX%%/bin/rkhunter ${daily_rkhunter_update_flags}
 	;;
 esac
 
@@ -28,6 +33,6 @@ case "$daily_rkhunter_check_enable" in
 
 	echo ""
 	echo "Running rkhunter..."
-	%%PREFIX%%/bin/rkhunter --checkall --nocolors --skip-keypress
+	%%PREFIX%%/bin/rkhunter ${daily_rkhunter_check_flags}
 	;;
 esac
diff --git a/security/rkhunter/files/patch-rkhunter.conf b/security/rkhunter/files/patch-files__rkhunter.conf
index 387371b28c94..45143a7a3dee 100644
--- a/security/rkhunter/files/patch-rkhunter.conf
+++ b/security/rkhunter/files/patch-files__rkhunter.conf
@@ -1,15 +1,16 @@
---- files/rkhunter.conf.orig	2008-03-14 10:19:30.000000000 +0100
-+++ files/rkhunter.conf	2008-03-14 10:21:43.000000000 +0100
-@@ -76,6 +76,7 @@
+--- ./files/rkhunter.conf.orig	2010-11-13 21:25:22.000000000 +0100
++++ ./files/rkhunter.conf	2010-11-27 02:39:40.000000000 +0100
+@@ -93,7 +93,7 @@
+ # important files will be written to this directory, so be
  # sure that the directory permissions are tight.
  #
- #TMPDIR=/var/lib/rkhunter/tmp
+-#TMPDIR=/var/lib/rkhunter/tmp
 +TMPDIR=/root
  
  #
  # Specify the database directory to use.
-@@ -154,7 +155,8 @@
- # file, then a value here of 'yes' or 'unset' will not cause a warning.
+@@ -213,7 +213,8 @@
+ # file, then a value here of 'unset' can be used to avoid warning messages.
  # This option has a default value of 'no'.
  #
 -ALLOW_SSH_ROOT_USER=no
@@ -18,7 +19,7 @@
  
  #
  # Set this option to '1' to allow the use of the SSH-1 protocol, but note
-@@ -165,7 +167,8 @@
+@@ -224,7 +225,8 @@
  # configuration file, then a value of '2' may be set here in order to
  # suppress a warning message. This option has a default value of '0'.
  #
@@ -28,10 +29,10 @@
  
  #
  # This setting tells rkhunter the directory containing the SSH configuration
-@@ -278,12 +281,20 @@
- #SCRIPTWHITELIST=/sbin/ifup
- #SCRIPTWHITELIST=/sbin/ifdown
- #SCRIPTWHITELIST=/usr/bin/groups
+@@ -466,6 +468,10 @@
+ #
+ #SCRIPTWHITELIST="/sbin/ifup /sbin/ifdown"
+ #SCRIPTWHITELIST="/usr/bin/groups"
 +SCRIPTWHITELIST=/usr/bin/whatis
 +SCRIPTWHITELIST=/usr/sbin/adduser
 +SCRIPTWHITELIST=/usr/local/bin/GET
@@ -39,21 +40,23 @@
  
  #
  # Allow the specified commands to have the immutable attribute set.
- # One command per line (use multiple IMMUTWHITELIST lines).
+@@ -475,6 +481,10 @@
+ # characters.
  #
- #IMMUTWHITELIST=/sbin/ifup
+ #IMMUTWHITELIST="/sbin/ifup /sbin/ifdown"
 +IMMUTWHITELIST=/usr/bin/login
 +IMMUTWHITELIST=/usr/bin/passwd
 +IMMUTWHITELIST=/usr/bin/su
 +IMMUTWHITELIST=/sbin/init
  
  #
- # Allow the specified hidden directories.
-@@ -434,6 +445,7 @@
- # Note: For *BSD systems you may need to enable this for the 'toor' account.
+ # If this option is set to 1, then the immutable-bit test is
+@@ -665,7 +675,7 @@
+ # NOTE: For *BSD systems you will probably need to use this option
+ # for the 'toor' account.
  #
- #UID0_ACCOUNTS="toor rooty"
+-#UID0_ACCOUNTS="toor rooty"
 +UID0_ACCOUNTS="toor"
  
  #
- # Allow the following accounts to have no password. This option is a
+ # Allow the following accounts to have no password. NIS/YP entries do
diff --git a/security/rkhunter/files/patch-installer.sh b/security/rkhunter/files/patch-installer.sh
index 981af3ce1c1b..0181eeb07717 100644
--- a/security/rkhunter/files/patch-installer.sh
+++ b/security/rkhunter/files/patch-installer.sh
@@ -1,26 +1,38 @@
---- installer.sh.orig	2010-01-23 12:14:34.000000000 +0000
-+++ installer.sh	2010-01-23 12:14:51.000000000 +0000
-@@ -657,22 +657,7 @@
+--- ./installer.sh.orig	2010-11-16 22:34:48.000000000 +0100
++++ ./installer.sh	2010-11-27 02:40:03.000000000 +0100
+@@ -366,10 +366,10 @@
+ 	else
+ 		RKHINST_DB_DIR="${VARDIR}/lib/${APPNAME}/db"
+ 		RKHINST_TMP_DIR="${VARDIR}/lib/${APPNAME}/tmp"
+-		RKHINST_DOC_DIR="${SHAREDIR}/doc/${APPNAME}-${APPVERSION}"
++		RKHINST_DOC_DIR="${SHAREDIR}/doc/${APPNAME}"
+ 	fi
+ 
+-	RKHINST_MAN_DIR="${SHAREDIR}/man/man8"
++	RKHINST_MAN_DIR="${PREFIX}/man/man8"
+ 	RKHINST_LANG_DIR="${RKHINST_DB_DIR}/i18n"
+ 
+ 	RKHINST_ETC_FILE="${APPNAME}.conf"
+@@ -765,22 +765,6 @@
  		esac
  	done
  
 -
 -	# Application documents
 -	for FILE in ${RKHINST_DOC_FILES}; do
--		cp -f ./files/"${FILE}" "${RKHINST_DOC_DIR}"
+-		cp -f ./files/"${FILE}" "${RKHINST_DOC_DIR}" >/dev/null 2>&1
 -		ERRCODE=$?
 -
 -		if [ $ERRCODE -eq 0 ]; then
 -			echo " Installing ${FILE}: OK"
 -			chmod "${RKHINST_MODE_RWR}" "${RKHINST_DOC_DIR}/${FILE}"
 -		else
--			echo " Installing ${FILE}: FAILED: Code $ERRCODE: exiting."
+-			echo " Installing ${FILE}: FAILED: Code $ERRCODE"
 -			exit 1
 -		fi
 -	done
 -
 -
-+	
  	# Language support files
  	ERRCODE=0
  
diff --git a/security/rkhunter/files/patch-rkhunter b/security/rkhunter/files/patch-rkhunter
deleted file mode 100644
index 133f7b5671bb..000000000000
--- a/security/rkhunter/files/patch-rkhunter
+++ /dev/null
@@ -1,13 +0,0 @@
---- files/rkhunter.orig	2009-02-17 14:24:32.000000000 -0500
-+++ files/rkhunter	2009-02-17 14:25:25.000000000 -0500
-@@ -8448,8 +8448,8 @@
- 	SOCKSTAT_CMD=`find_cmd sockstat`
- 
- 	if [ -n "${SOCKSTAT_CMD}" -a -n "${NETSTAT_CMD}" -a -n "${SORT_CMD}" -a -n "${UNIQ_CMD}" ]; then
--		SOCKSTAT_OUTPUT=`${SOCKSTAT_CMD} -n | grep '\*[:.]\*' | cut -c1-55 | grep '\*[:.]' | cut -c39-47 | grep -v '\*' | tr -d ' ' | ${SORT_CMD} | ${UNIQ_CMD}`
--		NETSTAT_OUTPUT=`${NETSTAT_CMD} -an | egrep -v 'TIME_WAIT|ESTABLISHED|SYN_SENT|CLOSE_WAIT|LAST_ACK|SYN_RECV|CLOSING' | cut -c1-44 | grep '\*\.' | cut -c24-32 | grep -v '\*' | tr -d ' ' | tr -d '\t' | ${SORT_CMD} | ${UNIQ_CMD}`
-+		SOCKSTAT_OUTPUT=`${SOCKSTAT_CMD} | grep '\*[:.]\*' | cut -c1-55 | grep '\*[:.]' | cut -c39-47 | grep -v '\*' | tr -d ' ' | ${SORT_CMD} | ${UNIQ_CMD}`
-+		NETSTAT_OUTPUT=`${NETSTAT_CMD} -an | egrep -v 'TIME_WAIT|ESTABLISHED|SYN_SENT|CLOSE_WAIT|LAST_ACK|SYN_RECV|CLOSING' | cut -c1-44 | grep '\*\.' | cut -c23-31 | grep -v '\*' | tr -d ' ' | tr -d '\t' | tr -d '.' | ${SORT_CMD} | ${UNIQ_CMD}`
- 
- 		if [ "${SOCKSTAT_OUTPUT}" = "${NETSTAT_OUTPUT}" ]; then
- 			display --to SCREEN+LOG --type PLAIN --result OK --color GREEN --log-indent 2 --screen-indent 4 ROOTKIT_OS_BSD_SOCKNET
author	Philippe Audeoud <jadawin@FreeBSD.org>	2010-12-02 08:42:37 +0000
committer	Philippe Audeoud <jadawin@FreeBSD.org>	2010-12-02 08:42:37 +0000
commit	d94173d3703671d7ab18d0a3b656a0ce75a49b97 (patch)
tree	2d3a32a5c65264a9fc536538e8512953720d4fcb /security/rkhunter/files
parent	e2b8c39eb58668c160fd0fe6f9e5a318b2999a8a (diff)