%define _default_patch_fuzz 2 Name: rkhunter Version: 1.4.2 Release: 13 Summary: A host-based tool to scan for rootkits, backdoors and local exploits Packager: Scott R. Shinn Vendor: Atomic Rocket Turtle, http://www.atomicrocketturtle.com Group: Applications/System License: GPLv2+ URL: http://rkhunter.sourceforge.net/ Source0: http://downloads.sourceforge.net/rkhunter/%{name}-%{version}.tar.gz #Source1: http://downloads.sourceforge.net/rkhunter/rkhunter-1.3.0.sha1 Source2: 01-rkhunter Source3: rkhunter.sysconfig Patch0: rkhunter-1.4.2-atomic-config.patch BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: coreutils, binutils, findutils, grep, mktemp Requires: e2fsprogs, procps, lsof, prelink, iproute, net-tools, wget Requires: perl, perl(strict), perl(IO::Socket), mailx, logrotate Requires: unhide skdet %description Rootkit Hunter (RKH) is an easy-to-use tool which checks computers running UNIX (clones) for the presence of rootkits and other unwanted tools. %prep %setup -q %patch0 -p1 %{__perl} -pi.0001 -e ' %if 0%{?el3}%{?el4}%{?el5}%{?el6} s|^#(OS_VERSION_FILE=).+$|$1/etc/redhat-release|; %else s|^#(OS_VERSION_FILE=).+$|$1/etc/fedora-release|; %endif ' files/%{name}.conf # Generic paths %{__cat} << EOF >> files/%name.conf # Allow these ASL processes to use deleted files ALLOWPROCDELFILE=/var/asl/bin/asl ALLOWPROCDELFILE=/var/ossec/bin/ossec-syscheckd EOF %{__cat} <<'EOF' >%{name}.logrotate %{_localstatedir}/log/rkhunter/%{name}.log { weekly notifempty create 640 root root } EOF %build # Nothing to be built %install %{__rm} -rf $RPM_BUILD_ROOT %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_bindir} %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_sysconfdir}/{cron.daily,sysconfig,logrotate.d} %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version} %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_mandir}/man8 %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/run/%{name} %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/log/%{name} %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n %{__install} -m755 -p files/%{name} ${RPM_BUILD_ROOT}%{_bindir}/ %{__install} -m644 -p files/backdoorports.dat ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/ %{__install} -m644 -p files/mirrors.dat ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/ %{__install} -m644 -p files/programs_bad.dat ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/ %{__install} -m644 -p files/i18n/cn ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/ %{__install} -m644 -p files/i18n/en ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/ %{__install} -m644 -p files/CHANGELOG ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/ %{__install} -m644 -p files/LICENSE ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/ %{__install} -m644 -p files/README ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/ %{__install} -m755 -p files/check_modules.pl ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/ %{__install} -m644 -p files/*.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/ # Don't ship these unless we want to Require the perl modules #%{__install} -m750 -p files/filehashmd5.pl ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/ #%{__install} -m750 -p files/filehashsha1.pl ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/ %{__install} -m755 -p %{SOURCE2} ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/%{name} %{__install} -m644 -p %{name}.logrotate ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name} %{__install} -m640 -p files/%{name}.conf ${RPM_BUILD_ROOT}%{_sysconfdir}/ %{__install} -m640 -p %{SOURCE3} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name} %clean %{__rm} -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) %doc %{_docdir}/%{name}-%{version}/* %{_bindir}/%{name} %dir %{_datadir}/%{name} %{_datadir}/%{name}/scripts %{_sysconfdir}/cron.daily/%{name} %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %dir %{_var}/lib/%{name} %{_var}/lib/%{name}/db %{_var}/lib/%{name}/db/i18n %dir %{_var}/run/%{name} %dir %{_var}/log/%{name} %config(noreplace) %{_sysconfdir}/%{name}.conf %config(noreplace) %{_sysconfdir}/sysconfig/%{name} %dir %{_docdir}/%{name}-%{version} %{_mandir}/man8/* %changelog * Wed Jul 13 2016 Support - 1.4.2-13 - Add management for rkhunter from ASL * Thu Mar 10 2016 Support - 1.4.2-11 - Add directory create event to 01-rkhunter on /var/run/rkhunter. Something in cpanel is deleting this directory. * Mon May 12 2014 Support - 1.4.2-10 - Update to base atomic config * Mon Mar 10 2014 Support - 1.4.2-9 - Update to 1.4.2 * Mon Aug 20 2012 Support - 1.4.0-8 - Add additional udev devices to exclude * Thu Jun 21 2012 Support - 1.4.0-7 - Add additional udev devices to exclude - Add hmac crypto devices to exclude * Mon Jun 4 2012 Support - 1.4.0-5 - Update base config to exclude .udev dirs * Fri May 4 2012 Support - 1.4.0-4 - Update to 1.4.0 * Thu Sep 22 2011 Support - 1.3.8-3 - Bugfix #XXX, fix for el6 redhat-release path * Sat Nov 20 2010 Support - 1.3.8-2 - Add ALLOWHIDDENFILE=/dev/.udev.tdb to default config * Wed Nov 17 2010 Support - 1.3.8-1 - Update to 1.3.8 * Wed Apr 7 2010 Support - 1.3.6-3 - Disable application tests * Wed Dec 2 2009 Scott R. Shinn - 1.3.6-2 - Upgrade to 1.3.6 - Re-merge with Fedora * Wed Sep 16 2009 Scott R. Shinn - 1.3.4-10 - Removed enforced syslog path check, rkhunter is smart enough to detect this now * Mon Sep 14 2009 Scott R. Shinn - 1.3.4-9 - Added new exclusions for SSH HMAC files - Added exclusions for ASL and OSSEC deleted file events * Fri Jan 2 2009 Scott R. Shinn - 1.3.4-1 - Update tp 1.3.4 * Thu Jun 27 2008 Scott R. Shinn - 1.3.2-9 - Added requires on skdet * Thu Jun 26 2008 Scott R. Shinn - 1.3.2-8 - Forced LANG setting in rkhunter cron script - spec updates to support Fedora 10 * Mon Apr 7 2008 Scott R. Shinn - 1.3.2-7 - Disabled colors in 01-rkhunter rule update event * Thu Mar 20 2008 Eric Grejda - 1.3.2-6 - Edited the 01-rkhunter crontab script to turn off 'display in color' mode when an automated scan is run. Keeps certain mail clients from panicking when they recieve an e-mail with ANSI escape codes in it. * Tue Mar 18 2008 Scott R. Shinn - 1.3.2-5 - re-enabled all checks - added unhide dependency * Tue Mar 18 2008 Scott R. Shinn - 1.3.2-4 - updates for centos/fedora configuration logic - bugfix on regex's to exclude udev and man excludes * Mon Mar 10 2008 Scott R. Shinn - 1.3.2-3 - bugfix on cronjob * Wed Mar 5 2008 Scott R. Shinn - 1.3.2-2 - update to 1.3.2 - Tweaks for centos/rhel integration * Sun Feb 03 2008 Kevin Fenzi - 1.3.0-1 - Revive package, clean up spec - Update to 1.3.0 * Sat Mar 18 2006 Greg Houlette - 1.2.8-3 - Made an RPM transparent change to move the sha1 canary check file out of CVS and into the external lookaside cache (whose filename changes with every new package release anyway...) * Fri Mar 17 2006 Greg Houlette - 1.2.8-2 - Fixed architectural dependency during package creation eliminating use of _libdir configure macro (x86_64 /usr/lib64 mis-targeting) * Tue Mar 7 2006 Greg Houlette - 1.2.8-1 - New package version release - reworked the .spec file to support optional dist tag - Updated the application check default patchfile (chunk failure) - Changed to SHA1 for optional message digest (canary check) - Added a couple of suggested skip entries to rkhunter.conf * Mon Jun 11 2005 Greg Houlette - 1.2.7-1 - Added signature auto-updating to CRON scan (new script) - Removed BOOTSCAN pending rewrite to full SysV Init scan in background - Added the --append-log command line option - Added Date Stamping to output - Fixed bug in /etc/group missing report - New package version release * Sun Jan 2 2005 Greg Houlette - 0:1.1.9-1 - New package version release - Added the --run-application-check command line option to listing in command help - Replaced 'Here' Doc editing of rkhunter.conf file with in-place Perl edit - tweaked rpmbuild -bb Autoclean * Fri Oct 15 2004 Greg Houlette - 0:1.1.8-0.fdr.1 (revisited) - Removed redundant buildrequires /bin/sh, coreutils and perl - Revise postun scriptlet - Added /usr/share/doc/rkhunter-1.1.8/ to files list * Mon Oct 11 2004 Greg Houlette - 0:1.1.8-0.fdr.1 - Changed Release Tag to 0.fdr.1 (testing) for QA - Removed wget from dependencies - Hid (temporarily) the --skip-application-check command line option from being listed in help - Fixed the spec files list, again! * Fri Oct 8 2004 Greg Houlette - 0:1.1.8-0.fdr.0.2.beta2 - Unified and disabled the md5 canary check in prep (check is now optional) removing the sha1 cross-check - Fixed the spec files list, adding the /var/rkhunter directory and the /usr/bin/rkhunter executable - Fixed missing dependencies (rkh uses runtime checks) - Disabled "auto-clean" for rpmbuild -bb - Changed Application version scan default to disabled awaiting backport fix in upstream sources - Fixed shared_man_search.patch, configuration files verify and added postun(install) cleanup * Fri Oct 1 2004 Greg Houlette - 0:1.1.8-0.fdr.0.1.beta1 - More cosmetic patchwork - Changed Release Tag to beta1 (pre-release) for QA submit * Tue Sep 28 2004 Greg Houlette - 0:1.1.8-0.fdr.1 - Removed hidden_search.patch (1.1.7) after it was merged into upstream source by Michael Boelen - Removed .spec file from md5 and sha1 file checks (it must be modifiable by Fedora QA release build) - Added BOOTSCAN description file to documentation - Restructured dynamic file creation ('Here' Docs) moving them to the "prep" stage so that *_ALL_* files are available prior to the "build" stage (for inspection purposes) - Added a /etc/sysconfig/rkhunter parameters file * Sun Aug 29 2004 Greg Houlette - 0:1.1.7-0.fdr.1 - Cosmetic patchwork * Sat Aug 21 2004 Greg Houlette - 0:1.1.6-0.fdr.1 - Moderate reworking of .spec file for packaging standards - Added md5 and sha1 file checks to prep procedure for source .rpm - Included an optional rc.local replacement for scan on boot (with full logging) * Tue Aug 10 2004 Michael Boelen - 1.1.5 - Added update script - Extended description * Sun Aug 08 2004 Greg Houlette - 1.1.5 - Changed the install procedure eliminating the specification of destination filenames (only needed if you are renaming during install) - Changed the permissions for documentation files (root only overkill) - Added the installation of the rkhunter Man Page - Added the installation of the programs_{bad, good}.dat database files - Added the installation of the LICENSE documentation file - Added the chmod for root only to the /var/rkhunter/db directory * Sun May 23 2004 Craig Orsinger (cjo) - version 1.1.0-1.cjo - changed installation in accordance with new rootkit installation procedure - changed installation root to conform to LSB. Use standard macros. - added recursive remove of old build root as prep for install phase * Wed Apr 28 2004 Doncho N. Gunchev - 1.0.9-0.mr700 - dropped Requires: perl - rkhunter works without it - dropped the bash alignpatch (check the source or contact me) - various file mode fixes (.../tmp/, *.db) - optimized the %%files section - any new files in the current dirs will be fine - just %%{__install} them. * Mon Apr 26 2004 Michael Boelen - 1.0.8-0 - Fixed missing md5blacklist.dat * Mon Apr 19 2004 Doncho N. Gunchev - 1.0.6-1.mr700 - added missing /usr/local/rkhunter/db/md5blacklist.dat - patched to align results in --cronjob, I think rpm based distros have symlink /bin/sh -> /bin/bash - added --with/--without alignpatch for conditional builds (in case previous patch breaks something) * Sat Apr 03 2004 Michael Boelen / Joe Klemmer - 1.0.6-0 - Update to 1.0.6 * Mon Mar 29 2004 Doncho N. Gunchev - 1.0.0-0 - initial .spec file