rpms/rkhunter/F-12 rkhunter.spec, 1.28, 1.29 rkhunter-1.3.6-fedoraconfig.patch, 1.1, 1.2
Kevin Fenzi
kevin at fedoraproject.org
Tue Jan 5 18:41:06 UTC 2010
- Previous message (by thread): rpms/moblin-panel-media/devel .cvsignore, 1.7, 1.8 moblin-panel-media.spec, 1.6, 1.7 sources, 1.7, 1.8
- Next message (by thread): rpms/xerces-j2/devel xerces-j2-MANIFEST.MF, 1.1, 1.2 XJavac.java, 1.1, 1.2 .cvsignore, 1.9, 1.10 sources, 1.7, 1.8 xerces-j2.spec, 1.53, 1.54 xerces-j2-build.patch, 1.8, 1.9 xerces-j2-libgcj.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kevin
Update of /cvs/extras/rpms/rkhunter/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23322
Modified Files:
rkhunter.spec rkhunter-1.3.6-fedoraconfig.patch
Log Message:
Add some more ssh hmac files to whitelist - bug #552621
Re-add /dev/.mdadm.map to whitelisted files - bug #539405
Index: rkhunter.spec
===================================================================
RCS file: /cvs/extras/rpms/rkhunter/F-12/rkhunter.spec,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -p -r1.28 -r1.29
--- rkhunter.spec 6 Dec 2009 18:36:44 -0000 1.28
+++ rkhunter.spec 5 Jan 2010 18:41:06 -0000 1.29
@@ -1,6 +1,6 @@
Name: rkhunter
Version: 1.3.6
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: A host-based tool to scan for rootkits, backdoors and local exploits
Group: Applications/System
@@ -95,6 +95,10 @@ EOF
%{_mandir}/man8/*
%changelog
+* Tue Jan 05 2010 Kevin Fenzi <kevin at tummy.com> - 1.3.6-3
+- Add some more ssh hmac files to whitelist - bug #552621
+- Re-add /dev/.mdadm.map to whitelisted files - bug #539405
+
* Tue Dec 01 2009 Kevin Fenzi <kevin at tummy.com> - 1.3.6-2
- Disable apps check by default - bug #543065
rkhunter-1.3.6-fedoraconfig.patch:
rkhunter.conf | 86 +++++++++++++++++++++++++++++++---------------------------
1 file changed, 47 insertions(+), 39 deletions(-)
Index: rkhunter-1.3.6-fedoraconfig.patch
===================================================================
RCS file: /cvs/extras/rpms/rkhunter/F-12/rkhunter-1.3.6-fedoraconfig.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- rkhunter-1.3.6-fedoraconfig.patch 6 Dec 2009 18:36:44 -0000 1.1
+++ rkhunter-1.3.6-fedoraconfig.patch 5 Jan 2010 18:41:06 -0000 1.2
@@ -1,6 +1,6 @@
diff -Nur rkhunter-1.3.6.orig/files/rkhunter.conf rkhunter-1.3.6/files/rkhunter.conf
--- rkhunter-1.3.6.orig/files/rkhunter.conf 2009-11-28 15:13:19.000000000 -0700
-+++ rkhunter-1.3.6/files/rkhunter.conf 2009-12-01 17:43:15.000000000 -0700
++++ rkhunter-1.3.6/files/rkhunter.conf 2010-01-05 11:24:39.000000000 -0700
@@ -71,7 +71,7 @@
# NOTE: This option should be present in the configuration file.
#
@@ -99,7 +99,7 @@ diff -Nur rkhunter-1.3.6.orig/files/rkhu
#
# Allow the specified commands to have the immutable attribute set.
-@@ -406,37 +409,35 @@
+@@ -406,37 +409,40 @@
# Allow the specified hidden directories.
# One directory per line (use multiple ALLOWHIDDENDIR lines).
#
@@ -148,6 +148,10 @@ diff -Nur rkhunter-1.3.6.orig/files/rkhu
+ALLOWHIDDENFILE=/lib/.libssl.so.6.hmac
+ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac
+ALLOWHIDDENFILE=/usr/bin/.ssh.hmac
++ALLOWHIDDENFILE=/usr/bin/.ssh-keygen.hmac
++ALLOWHIDDENFILE=/usr/bin/.ssh-keyscan.hmac
++ALLOWHIDDENFILE=/usr/bin/.ssh-add.hmac
++ALLOWHIDDENFILE=/usr/bin/.ssh-agent.hmac
+ALLOWHIDDENFILE=/usr/lib*/.libfipscheck.so.1.1.0.hmac
+ALLOWHIDDENFILE=/usr/lib*/.libfipscheck.so.1.hmac
+ALLOWHIDDENFILE=/usr/lib*/.libgcrypt.so.11.hmac
@@ -156,10 +160,11 @@ diff -Nur rkhunter-1.3.6.orig/files/rkhu
+ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha384hmac.hmac
+ALLOWHIDDENFILE=/usr/lib*/hmaccalc/sha512hmac.hmac
+ALLOWHIDDENFILE=/usr/sbin/.sshd.hmac
++ALLOWHIDDENFILE=/dev/.mdadm.map
#
# Allow the specified processes to use deleted files.
-@@ -495,7 +496,7 @@
+@@ -495,7 +501,7 @@
# ALLOWDEVFILE lines).
#
#ALLOWDEVFILE=/dev/abc
@@ -168,7 +173,7 @@ diff -Nur rkhunter-1.3.6.orig/files/rkhu
#ALLOWDEVFILE=/dev/shm/sem.ADBE_ReadPrefs_*
#ALLOWDEVFILE=/dev/shm/sem.ADBE_REL_*
#ALLOWDEVFILE=/dev/shm/sem.ADBE_WritePrefs_*
-@@ -536,7 +537,7 @@
+@@ -536,7 +542,7 @@
# This setting tells rkhunter where the xinetd configuration
# file is located.
#
@@ -177,7 +182,7 @@ diff -Nur rkhunter-1.3.6.orig/files/rkhu
#
# Allow the following enabled xinetd services. Whilst it would be
-@@ -822,3 +823,5 @@
+@@ -822,3 +828,5 @@
# Enabling this feature implies you have the knowledge to interprete results properly.
#
#SCANROOTKITMODE=THOROUGH
- Previous message (by thread): rpms/moblin-panel-media/devel .cvsignore, 1.7, 1.8 moblin-panel-media.spec, 1.6, 1.7 sources, 1.7, 1.8
- Next message (by thread): rpms/xerces-j2/devel xerces-j2-MANIFEST.MF, 1.1, 1.2 XJavac.java, 1.1, 1.2 .cvsignore, 1.9, 1.10 sources, 1.7, 1.8 xerces-j2.spec, 1.53, 1.54 xerces-j2-build.patch, 1.8, 1.9 xerces-j2-libgcj.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list