rpms/rkhunter/devel 01-rkhunter,1.2,1.3 rkhunter.spec,1.13,1.14

Kevin Fenzi (kevin) fedora-extras-commits at redhat.com
Thu Mar 27 04:03:18 UTC 2008


Author: kevin

Update of /cvs/extras/rpms/rkhunter/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11670

Modified Files:
	01-rkhunter rkhunter.spec 
Log Message:
Move things to more standard locations for selinux - bug #438184
Add exception for pulseaudio file - bug #438622



Index: 01-rkhunter
===================================================================
RCS file: /cvs/extras/rpms/rkhunter/devel/01-rkhunter,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- 01-rkhunter	29 Feb 2008 03:33:37 -0000	1.2
+++ 01-rkhunter	27 Mar 2008 04:02:39 -0000	1.3
@@ -4,7 +4,7 @@
 XITVAL=0
 
 # Get a secure tempfile
-TMPFILE1=`/bin/mktemp -p /var/rkhunter/tmp rkhcronlog.XXXXXXXXXX` || exit 1
+TMPFILE1=`/bin/mktemp -p /var/run/rkhunter rkhcronlog.XXXXXXXXXX` || exit 1
 
 if [ ! -e /var/lock/subsys/rkhunter ]; then
 
@@ -20,23 +20,14 @@
 
   # If a diagnostic mode scan was requested, setup the parameters
   if [ "$DIAG_SCAN" == "yes" ]; then
-    RKHUNTER_FLAGS="
-    --checkall
-    --run-application-check
-    --skip-keypress
-    --nocolors
-    --quiet
-    --append-log $TMPFILE1
-  "
+    RKHUNTER_FLAGS="--checkall --skip-keypress --nocolors --quiet --appendlog --display-logfile"
   else
-    RKHUNTER_FLAGS="
-    --cronjob
-  "
+    RKHUNTER_FLAGS="--cronjob --report-warnings-only"
   fi
 
   # Set a few critical parameters
   RKHUNTER=/usr/bin/rkhunter
-  LOGFILE=/var/log/rkhunter.log
+  LOGFILE=/var/log/rkhunter/rkhunter.log
 
   # Run RootKit Hunter if available
   if [ -x $RKHUNTER ]; then


Index: rkhunter.spec
===================================================================
RCS file: /cvs/extras/rpms/rkhunter/devel/rkhunter.spec,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- rkhunter.spec	29 Feb 2008 03:33:37 -0000	1.13
+++ rkhunter.spec	27 Mar 2008 04:02:39 -0000	1.14
@@ -1,6 +1,6 @@
 Name:           rkhunter
 Version:        1.3.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        A host-based tool to scan for rootkits, backdoors and local exploits
 
 Group:          Applications/System
@@ -28,8 +28,8 @@
 
 %{__perl} -pi.0001 -e '
 	s|^#(MAIL-ON-WARNING=).+$|$1root\@localhost|;
-	s|^#(TMPDIR=).+$|$1%{_var}/%{name}/tmp|;
-	s|^#(DBDIR=).+$|$1%{_var}/%{name}/db|;
+	s|^#(TMPDIR=).+$|$1%{_var}/run/%{name}|;
+	s|^#(DBDIR=).+$|$1%{_var}/lib/%{name}/db|;
 	s|^#(SCRIPTDIR=).+$|$1%{_datadir}/%{name}/scripts|;
 	s|^#(PKGMGR=).+$|$1RPM|;
 %if 0%{?el4}%{?el5}
@@ -40,6 +40,7 @@
 	s|^#(ALLOWHIDDENDIR=).+$|$1/dev/.udev|;
 	s|^#(ALLOWHIDDENFILE=).+$|$1/usr/share/man/man1/..1.gz|;
 	s|^(APPEND_LOG=).+$|$11|;
+	s|^(LOGFILE=).+$|$1/var/log/rkhunter/rkhunter.log|;
 	s|^(ALLOW_SSH_ROOT_USER=).+$|$1yes|;
 	s|^(DISABLE_TESTS=).+$|$1"additional_rkts suspscan hidden_procs deleted_files packet_cap_apps"|;
     ' files/%{name}.conf
@@ -55,12 +56,13 @@
 # in f8/f9
 %if 0%{?fc8}%{?fc9}
 echo "SYSLOG_CONFIG_FILE=/etc/rsyslog.conf" >> files/%name.conf
+echo "ALLOWDEVFILE=/dev/shm/pulse-shm-*" >> files/%name.conf
 %else
 echo "SYSLOG_CONFIG_FILE=/etc/syslog.conf" >> files/%name.conf
 %endif
 
 %{__cat} <<'EOF' >%{name}.logrotate
-%{_localstatedir}/log/%{name}.log {
+%{_localstatedir}/log/%{name}/%{name}.log {
     weekly
     notifempty
     create 640 root root
@@ -78,20 +80,22 @@
 %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts
 %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}
 %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_mandir}/man8
-%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/%{name}/{db,tmp}
-%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/%{name}/db/i18n
+%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db
+%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/run/%{name}
+%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/log/%{name}
+%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n
 
 %{__install} -m755 -p files/%{name}             ${RPM_BUILD_ROOT}%{_bindir}/
 
-%{__install} -m644 -p files/backdoorports.dat   ${RPM_BUILD_ROOT}%{_var}/%{name}/db/
-%{__install} -m644 -p files/defaulthashes.dat   ${RPM_BUILD_ROOT}%{_var}/%{name}/db/
-%{__install} -m644 -p files/md5blacklist.dat    ${RPM_BUILD_ROOT}%{_var}/%{name}/db/
-%{__install} -m644 -p files/mirrors.dat         ${RPM_BUILD_ROOT}%{_var}/%{name}/db/
-%{__install} -m644 -p files/os.dat              ${RPM_BUILD_ROOT}%{_var}/%{name}/db/
-%{__install} -m644 -p files/programs_bad.dat    ${RPM_BUILD_ROOT}%{_var}/%{name}/db/
-%{__install} -m644 -p files/programs_good.dat   ${RPM_BUILD_ROOT}%{_var}/%{name}/db/
-%{__install} -m644 -p files/i18n/cn             ${RPM_BUILD_ROOT}%{_var}/%{name}/db/i18n/
-%{__install} -m644 -p files/i18n/en             ${RPM_BUILD_ROOT}%{_var}/%{name}/db/i18n/
+%{__install} -m644 -p files/backdoorports.dat   ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
+%{__install} -m644 -p files/defaulthashes.dat   ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
+%{__install} -m644 -p files/md5blacklist.dat    ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
+%{__install} -m644 -p files/mirrors.dat         ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
+%{__install} -m644 -p files/os.dat              ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
+%{__install} -m644 -p files/programs_bad.dat    ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
+%{__install} -m644 -p files/programs_good.dat   ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
+%{__install} -m644 -p files/i18n/cn             ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/
+%{__install} -m644 -p files/i18n/en             ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/
 
 %{__install} -m644 -p files/CHANGELOG           ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
 %{__install} -m644 -p files/LICENSE             ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
@@ -121,16 +125,21 @@
 %{_datadir}/%{name}/scripts
 %{_sysconfdir}/cron.daily/01-%{name}
 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
-%dir %{_var}/%{name}
-%{_var}/%{name}/db
-%{_var}/%{name}/db/i18n
-%dir %{_var}/%{name}/tmp
+%dir %{_var}/lib/%{name}
+%{_var}/lib/%{name}/db
+%{_var}/lib/%{name}/db/i18n
+%dir %{_var}/run/%{name}
+%dir %{_var}/log/%{name}
 %config(noreplace) %{_sysconfdir}/%{name}.conf
 %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
 %dir %{_docdir}/%{name}-%{version}
 %{_mandir}/man8/*
 
 %changelog
+* Wed Mar 26 2008 Kevin Fenzi <kevin at tummy.com> - 1.3.2-2
+- Move things to more standard locations for selinux - bug #438184
+- Add exception for pulseaudio file - bug #438622
+
 * Thu Feb 28 2008 Kevin Fenzi <kevin at tummy.com> - 1.3.2-1
 - Update to 1.3.2
 - Fix cron script




More information about the fedora-extras-commits mailing list