[Bug 165311] Review Request: Tiger, security auditing on UNIX systems
bugzilla at redhat.com
bugzilla at redhat.com
Sat Apr 22 14:55:02 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: Tiger, security auditing on UNIX systems
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165311
bugzilla at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC|fedora-extras- |
|list at redhat.com |
CC| |fedora-package-
| |review at redhat.com
------- Additional Comments From fedora at soeterbroek.com 2006-04-22 10:54 EST -------
Not an offial review, but some comments:
1) Some suspicious errors during %install phase:
Copying miscellaneous dirs...
tar: ./check.d/README.doc: Cannot open: Permission denied
tar: Error exit delayed from previous errors
tar: ./html/integrit.html.doc: Cannot open: Permission denied
tar: ./html/ndd.html.doc: Cannot open: Permission denied
tar: ./html/ssh.html.doc: Cannot open: Permission denied
tar: ./html/aide.html.doc: Cannot open: Permission denied
tar: ./html/rootkit.html.doc: Cannot open: Permission denied
tar: Error exit delayed from previous errors
tar: ./systems/Linux/2/check_xinetd.scripts: Cannot open: Permission denied
tar: Error exit delayed from previous errors
Copying miscellaneous files...
Copying scripts...
sed: can't read ./systems/Linux/2/check_xinetd.scripts: Permission denied
Copying platform scripts...
cp: cannot open `./systems/Linux/2/check_xinetd.scripts' for reading:
Permission denied
2) In /usr/lib/tiger/systems/Linux/2/
some files have an equivalent ending in .orig or .old
which are probably backups left during development. I suggest
not to package these files:
[joost at alexandria SPECS]$ rpm -qil tiger | grep orig
/usr/lib/tiger/systems/Linux/2/check_listeningprocs.orig
/usr/lib/tiger/systems/Linux/2/gen_passwd_sets.orig
[joost at alexandria SPECS]$ rpm -qil tiger | grep old
/usr/lib/tiger/systems/Linux/0/gen_cron.old
/usr/lib/tiger/systems/Linux/2/services.old
3) In /usr/lib/tiger/systems/Linux/2/
most files have an equivalent ending in .scripts
which are clearly leftovers from an earlier stage of
development and left abandoned in 2003.
The equivalent files without the .scripts
extension all have inline comments dated 2005.
I suggest not to package these .scripts files also, unless
there is a reason for these that I don't understand.
4) rpmlint errors and warnings:
[joost at alexandria SPECS]$ rpmlint
/home/joost/Development/rpm/RPMS/i386/tiger-3.2.1-2.i386.rpm
W: tiger conffile-without-noreplace-flag /etc/cron.d/tiger
W: tiger conffile-without-noreplace-flag /etc/tiger/cronrc
W: tiger conffile-without-noreplace-flag /etc/tiger/tiger.ignore
W: tiger conffile-without-noreplace-flag /etc/tiger/tigerrc
E: tiger zero-length /usr/lib/tiger/systems/default/suid_list
E: tiger non-readable /etc/tiger/tigerrc 0640
E: tiger non-readable /etc/tiger/tiger.ignore 0600
E: tiger non-standard-dir-perm /var/log/tiger 0700
W: tiger file-not-utf8 /usr/share/man/man8/tiger.8.gz
E: tiger non-readable /etc/tiger/cronrc 0640
W: tiger symlink-should-be-relative /usr/lib/tiger/tigexp /usr/sbin/tigexp
E: tiger non-standard-dir-perm /etc/tiger 0700
E: tiger zero-length /usr/lib/tiger/systems/default/rel_file_exp_list
E: tiger zero-length /usr/lib/tiger/systems/Linux/2/rel_file_exp_list
E: tiger non-standard-dir-perm /var/run/tiger/work 0700
E: tiger zero-length /usr/lib/tiger/systems/Linux/2/check_xinetd.scripts
E: tiger script-without-shellbang
/usr/lib/tiger/systems/Linux/2/check_xinetd.scripts
W: tiger devel-file-in-non-devel-package /usr/lib/tiger/version.h
W: tiger log-files-without-logrotate /var/log/tiger
Hope this is helpfull..
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-package-review
mailing list