diff options
| author | Philippe Audeoud <jadawin@FreeBSD.org> | 2010-12-02 08:42:37 +0000 |
|---|---|---|
| committer | Philippe Audeoud <jadawin@FreeBSD.org> | 2010-12-02 08:42:37 +0000 |
| commit | d94173d3703671d7ab18d0a3b656a0ce75a49b97 (patch) | |
| tree | 2d3a32a5c65264a9fc536538e8512953720d4fcb /security/rkhunter | |
| parent | e2b8c39eb58668c160fd0fe6f9e5a318b2999a8a (diff) | |
| download | ports-d94173d3703671d7ab18d0a3b656a0ce75a49b97.tar.gz ports-d94173d3703671d7ab18d0a3b656a0ce75a49b97.zip | |
Notes
Diffstat (limited to 'security/rkhunter')
| -rw-r--r-- | security/rkhunter/Makefile | 11 | ||||
| -rw-r--r-- | security/rkhunter/distinfo | 5 | ||||
| -rw-r--r-- | security/rkhunter/files/415.rkhunter.in | 9 | ||||
| -rw-r--r-- | security/rkhunter/files/patch-files__rkhunter.conf (renamed from security/rkhunter/files/patch-rkhunter.conf) | 39 | ||||
| -rw-r--r-- | security/rkhunter/files/patch-installer.sh | 24 | ||||
| -rw-r--r-- | security/rkhunter/files/patch-rkhunter | 13 | ||||
| -rw-r--r-- | security/rkhunter/pkg-message | 2 | ||||
| -rw-r--r-- | security/rkhunter/pkg-plist | 10 |
8 files changed, 60 insertions, 53 deletions
diff --git a/security/rkhunter/Makefile b/security/rkhunter/Makefile index 2482d44cdd33..6c91b25e4af4 100644 --- a/security/rkhunter/Makefile +++ b/security/rkhunter/Makefile @@ -6,7 +6,7 @@ # PORTNAME= rkhunter -PORTVERSION= 1.3.6 +PORTVERSION= 1.3.8 CATEGORIES= security MASTER_SITES= SF @@ -21,12 +21,11 @@ RUN_DEPENDS+= ${SITE_PERL}/${PERL_ARCH}/Digest/SHA1.pm:${PORTSDIR}/security/p5-D USE_PERL5= yes NO_BUILD= yes -SUB_FILES= 415.rkhunter +SUB_FILES= 415.${PORTNAME} -MAN8= rkhunter.8 +MAN8= ${PORTNAME}.8 MANCOMPRESSED= no -DOCSDIR= ${PREFIX}/share/doc/${PORTNAME}-${PORTVERSION} PORTDOCS= ACKNOWLEDGMENTS CHANGELOG FAQ LICENSE README .include <bsd.port.pre.mk> @@ -45,10 +44,10 @@ post-patch: do-install: cd ${WRKSRC} && ./installer.sh --layout custom ${PREFIX} --install - ${INSTALL_MAN} ${WRKSRC}/files/rkhunter.8 \ + ${INSTALL_MAN} ${WRKSRC}/files/${PORTNAME}.8 \ ${MAN8PREFIX}/man/man8 @${MKDIR} ${PREFIX}/etc/periodic/security - ${INSTALL_SCRIPT} ${WRKDIR}/415.rkhunter ${PREFIX}/etc/periodic/security + ${INSTALL_SCRIPT} ${WRKDIR}/415.${PORTNAME} ${PREFIX}/etc/periodic/security .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} ${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/files/|} ${DOCSDIR} diff --git a/security/rkhunter/distinfo b/security/rkhunter/distinfo index b3057ff75206..959d46000d82 100644 --- a/security/rkhunter/distinfo +++ b/security/rkhunter/distinfo @@ -1,3 +1,2 @@ -MD5 (rkhunter-1.3.6.tar.gz) = 41bd92b1ea0803401c4a45215c8293a2 -SHA256 (rkhunter-1.3.6.tar.gz) = e3f5e21307e4876da4bc4a1521a86f1cda93ad22d4c77366876d7c170dcefc10 -SIZE (rkhunter-1.3.6.tar.gz) = 217691 +SHA256 (rkhunter-1.3.8.tar.gz) = fb1fb8bac53bab476142b5556140c59d589bc0f45d3dc058f400f2edada77a33 +SIZE (rkhunter-1.3.8.tar.gz) = 241551 diff --git a/security/rkhunter/files/415.rkhunter.in b/security/rkhunter/files/415.rkhunter.in index fa1b27598118..c67dd0d734b7 100644 --- a/security/rkhunter/files/415.rkhunter.in +++ b/security/rkhunter/files/415.rkhunter.in @@ -5,7 +5,9 @@ # This is a maintenance shell script for the rkhunter security tool. # You can enable this script in /etc/periodic.conf file by putting these lines into it: # daily_rkhunter_update_enable="YES" +# daily_rkhunter_update_flags="--update --nocolors" # daily_rkhunter_check_enable="YES" +# daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress" # # Written by: Gabor Kovesdan <gabor@FreeBSD.org> @@ -14,12 +16,15 @@ if [ -r /etc/defaults/periodic.conf ]; then source_periodic_confs fi +: ${daily_rkhunter_update_flags="--update --nocolors"} +: ${daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"} + case "$daily_rkhunter_update_enable" in [Yy][Ee][Ss]) echo "" echo "Updating the rkhunter database..." - %%PREFIX%%/bin/rkhunter --update --nocolors + %%PREFIX%%/bin/rkhunter ${daily_rkhunter_update_flags} ;; esac @@ -28,6 +33,6 @@ case "$daily_rkhunter_check_enable" in echo "" echo "Running rkhunter..." - %%PREFIX%%/bin/rkhunter --checkall --nocolors --skip-keypress + %%PREFIX%%/bin/rkhunter ${daily_rkhunter_check_flags} ;; esac diff --git a/security/rkhunter/files/patch-rkhunter.conf b/security/rkhunter/files/patch-files__rkhunter.conf index 387371b28c94..45143a7a3dee 100644 --- a/security/rkhunter/files/patch-rkhunter.conf +++ b/security/rkhunter/files/patch-files__rkhunter.conf @@ -1,15 +1,16 @@ ---- files/rkhunter.conf.orig 2008-03-14 10:19:30.000000000 +0100 -+++ files/rkhunter.conf 2008-03-14 10:21:43.000000000 +0100 -@@ -76,6 +76,7 @@ +--- ./files/rkhunter.conf.orig 2010-11-13 21:25:22.000000000 +0100 ++++ ./files/rkhunter.conf 2010-11-27 02:39:40.000000000 +0100 +@@ -93,7 +93,7 @@ + # important files will be written to this directory, so be # sure that the directory permissions are tight. # - #TMPDIR=/var/lib/rkhunter/tmp +-#TMPDIR=/var/lib/rkhunter/tmp +TMPDIR=/root # # Specify the database directory to use. -@@ -154,7 +155,8 @@ - # file, then a value here of 'yes' or 'unset' will not cause a warning. +@@ -213,7 +213,8 @@ + # file, then a value here of 'unset' can be used to avoid warning messages. # This option has a default value of 'no'. # -ALLOW_SSH_ROOT_USER=no @@ -18,7 +19,7 @@ # # Set this option to '1' to allow the use of the SSH-1 protocol, but note -@@ -165,7 +167,8 @@ +@@ -224,7 +225,8 @@ # configuration file, then a value of '2' may be set here in order to # suppress a warning message. This option has a default value of '0'. # @@ -28,10 +29,10 @@ # # This setting tells rkhunter the directory containing the SSH configuration -@@ -278,12 +281,20 @@ - #SCRIPTWHITELIST=/sbin/ifup - #SCRIPTWHITELIST=/sbin/ifdown - #SCRIPTWHITELIST=/usr/bin/groups +@@ -466,6 +468,10 @@ + # + #SCRIPTWHITELIST="/sbin/ifup /sbin/ifdown" + #SCRIPTWHITELIST="/usr/bin/groups" +SCRIPTWHITELIST=/usr/bin/whatis +SCRIPTWHITELIST=/usr/sbin/adduser +SCRIPTWHITELIST=/usr/local/bin/GET @@ -39,21 +40,23 @@ # # Allow the specified commands to have the immutable attribute set. - # One command per line (use multiple IMMUTWHITELIST lines). +@@ -475,6 +481,10 @@ + # characters. # - #IMMUTWHITELIST=/sbin/ifup + #IMMUTWHITELIST="/sbin/ifup /sbin/ifdown" +IMMUTWHITELIST=/usr/bin/login +IMMUTWHITELIST=/usr/bin/passwd +IMMUTWHITELIST=/usr/bin/su +IMMUTWHITELIST=/sbin/init # - # Allow the specified hidden directories. -@@ -434,6 +445,7 @@ - # Note: For *BSD systems you may need to enable this for the 'toor' account. + # If this option is set to 1, then the immutable-bit test is +@@ -665,7 +675,7 @@ + # NOTE: For *BSD systems you will probably need to use this option + # for the 'toor' account. # - #UID0_ACCOUNTS="toor rooty" +-#UID0_ACCOUNTS="toor rooty" +UID0_ACCOUNTS="toor" # - # Allow the following accounts to have no password. This option is a + # Allow the following accounts to have no password. NIS/YP entries do diff --git a/security/rkhunter/files/patch-installer.sh b/security/rkhunter/files/patch-installer.sh index 981af3ce1c1b..0181eeb07717 100644 --- a/security/rkhunter/files/patch-installer.sh +++ b/security/rkhunter/files/patch-installer.sh @@ -1,26 +1,38 @@ ---- installer.sh.orig 2010-01-23 12:14:34.000000000 +0000 -+++ installer.sh 2010-01-23 12:14:51.000000000 +0000 -@@ -657,22 +657,7 @@ +--- ./installer.sh.orig 2010-11-16 22:34:48.000000000 +0100 ++++ ./installer.sh 2010-11-27 02:40:03.000000000 +0100 +@@ -366,10 +366,10 @@ + else + RKHINST_DB_DIR="${VARDIR}/lib/${APPNAME}/db" + RKHINST_TMP_DIR="${VARDIR}/lib/${APPNAME}/tmp" +- RKHINST_DOC_DIR="${SHAREDIR}/doc/${APPNAME}-${APPVERSION}" ++ RKHINST_DOC_DIR="${SHAREDIR}/doc/${APPNAME}" + fi + +- RKHINST_MAN_DIR="${SHAREDIR}/man/man8" ++ RKHINST_MAN_DIR="${PREFIX}/man/man8" + RKHINST_LANG_DIR="${RKHINST_DB_DIR}/i18n" + + RKHINST_ETC_FILE="${APPNAME}.conf" +@@ -765,22 +765,6 @@ esac done - - # Application documents - for FILE in ${RKHINST_DOC_FILES}; do -- cp -f ./files/"${FILE}" "${RKHINST_DOC_DIR}" +- cp -f ./files/"${FILE}" "${RKHINST_DOC_DIR}" >/dev/null 2>&1 - ERRCODE=$? - - if [ $ERRCODE -eq 0 ]; then - echo " Installing ${FILE}: OK" - chmod "${RKHINST_MODE_RWR}" "${RKHINST_DOC_DIR}/${FILE}" - else -- echo " Installing ${FILE}: FAILED: Code $ERRCODE: exiting." +- echo " Installing ${FILE}: FAILED: Code $ERRCODE" - exit 1 - fi - done - - -+ # Language support files ERRCODE=0 diff --git a/security/rkhunter/files/patch-rkhunter b/security/rkhunter/files/patch-rkhunter deleted file mode 100644 index 133f7b5671bb..000000000000 --- a/security/rkhunter/files/patch-rkhunter +++ /dev/null @@ -1,13 +0,0 @@ ---- files/rkhunter.orig 2009-02-17 14:24:32.000000000 -0500 -+++ files/rkhunter 2009-02-17 14:25:25.000000000 -0500 -@@ -8448,8 +8448,8 @@ - SOCKSTAT_CMD=`find_cmd sockstat` - - if [ -n "${SOCKSTAT_CMD}" -a -n "${NETSTAT_CMD}" -a -n "${SORT_CMD}" -a -n "${UNIQ_CMD}" ]; then -- SOCKSTAT_OUTPUT=`${SOCKSTAT_CMD} -n | grep '\*[:.]\*' | cut -c1-55 | grep '\*[:.]' | cut -c39-47 | grep -v '\*' | tr -d ' ' | ${SORT_CMD} | ${UNIQ_CMD}` -- NETSTAT_OUTPUT=`${NETSTAT_CMD} -an | egrep -v 'TIME_WAIT|ESTABLISHED|SYN_SENT|CLOSE_WAIT|LAST_ACK|SYN_RECV|CLOSING' | cut -c1-44 | grep '\*\.' | cut -c24-32 | grep -v '\*' | tr -d ' ' | tr -d '\t' | ${SORT_CMD} | ${UNIQ_CMD}` -+ SOCKSTAT_OUTPUT=`${SOCKSTAT_CMD} | grep '\*[:.]\*' | cut -c1-55 | grep '\*[:.]' | cut -c39-47 | grep -v '\*' | tr -d ' ' | ${SORT_CMD} | ${UNIQ_CMD}` -+ NETSTAT_OUTPUT=`${NETSTAT_CMD} -an | egrep -v 'TIME_WAIT|ESTABLISHED|SYN_SENT|CLOSE_WAIT|LAST_ACK|SYN_RECV|CLOSING' | cut -c1-44 | grep '\*\.' | cut -c23-31 | grep -v '\*' | tr -d ' ' | tr -d '\t' | tr -d '.' | ${SORT_CMD} | ${UNIQ_CMD}` - - if [ "${SOCKSTAT_OUTPUT}" = "${NETSTAT_OUTPUT}" ]; then - display --to SCREEN+LOG --type PLAIN --result OK --color GREEN --log-indent 2 --screen-indent 4 ROOTKIT_OS_BSD_SOCKNET diff --git a/security/rkhunter/pkg-message b/security/rkhunter/pkg-message index fcb59d58bb6f..ebeab31f133c 100644 --- a/security/rkhunter/pkg-message +++ b/security/rkhunter/pkg-message @@ -5,10 +5,12 @@ You should keep your rkhunter database up-to-date. This can be done automatically by putting this line to /etc/periodic.conf: daily_rkhunter_update_enable="YES" +daily_rkhunter_update_flags="--update --nocolors" Also, you can run rkhunter as a part of the daily security check by putting this line to /etc/periodic.conf: daily_rkhunter_check_enable="YES" +daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress" ****************************************************************************** diff --git a/security/rkhunter/pkg-plist b/security/rkhunter/pkg-plist index 763fe61173af..dca4f2b4bbfa 100644 --- a/security/rkhunter/pkg-plist +++ b/security/rkhunter/pkg-plist @@ -1,10 +1,9 @@ +@comment $FreeBSD$ bin/rkhunter etc/periodic/security/415.rkhunter etc/rkhunter.conf lib/rkhunter/scripts/check_modules.pl -lib/rkhunter/scripts/filehashmd5.pl lib/rkhunter/scripts/filehashsha.pl -lib/rkhunter/scripts/filehashsha1.pl lib/rkhunter/scripts/readlink.sh lib/rkhunter/scripts/stat.pl var/lib/rkhunter/db/backdoorports.dat @@ -16,16 +15,17 @@ var/lib/rkhunter/db/i18n/zh.utf8 var/lib/rkhunter/db/mirrors.dat var/lib/rkhunter/db/programs_bad.dat var/lib/rkhunter/db/suspscan.dat +@unexec rm -f %D/var/lib/rkhunter/db/rkhunter_prop_list.dat 2> /dev/null || true var/lib/rkhunter/tmp/group var/lib/rkhunter/tmp/passwd -@dirrm var/lib/rkhunter/tmp -@dirrm var/lib/rkhunter/db/i18n @dirrmtry etc/periodic/security @dirrmtry etc/periodic +@dirrmtry share/doc/rkhunter +@dirrm var/lib/rkhunter/tmp +@dirrm var/lib/rkhunter/db/i18n @dirrm var/lib/rkhunter/db @dirrm var/lib/rkhunter @dirrm var/lib @dirrm var -@dirrm share/doc/rkhunter-1.3.6 @dirrm lib/rkhunter/scripts @dirrm lib/rkhunter |