Name: rkhunter Version: 1.3.0 Release: 1%{?dist} Summary: A host-based tool to scan for rootkits, backdoors and local exploits Group: Applications/System License: GPLv2+ URL: http://rkhunter.sourceforge.net/ Source0: http://downloads.sourceforge.net/rkhunter/rkhunter-1.3.0.tar.gz Source1: http://downloads.sourceforge.net/rkhunter/rkhunter-1.3.0.sha1 Source2: 01-rkhunter Source3: rkhunter.sysconfig BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: coreutils, binutils, modutils, findutils, grep, mktemp Requires: e2fsprogs, procps, lsof, prelink, iproute, net-tools, wget Requires: perl, perl(strict), perl(IO::Socket), mailx, logrotate %description Rootkit Hunter (RKH) is an easy-to-use tool which checks computers running UNIX (clones) for the presence of rootkits and other unwanted tools. %prep %setup -q %{__perl} -pi.0001 -e ' s|^#(MAIL-ON-WARNING=).+$|$1root\@localhost|; s|^#(TMPDIR=).+$|$1%{_var}/%{name}/tmp|; s|^#(DBDIR=).+$|$1%{_var}/%{name}/db|; s|^#(SCRIPTDIR=).+$|$1%{_datadir}/%{name}/scripts|; s|^#(PKGMGR=).+$|$1RPM|; s|^#(OS_VERSION_FILE=).+$|$1/etc/fedora-release|; s|^#(ALLOWHIDDENDIR=).+$|$1/dev/.udev|; s|^#(ALLOWHIDDENDIR=).+$|$1/usr/share/man/man1/..1.gz|; s|^(APPEND_LOG=).+$|$11|; s|^(ALLOW_SSH_ROOT_USER=).+$|$1yes|; s|^(DISABLE_TESTS=).+$|$1"additional_rkts suspscan hidden_procs deleted_files packet_cap_apps"|; ' files/%{name}.conf # Add Fedora specific configs echo "INSTALLDIR=%{_prefix}" >> files/%{name}.conf echo "SCRIPTWHITELIST=/usr/bin/whatis" >> files/%name.conf echo "SCRIPTWHITELIST=/usr/bin/ldd" >> files/%name.conf echo "SCRIPTWHITELIST=/usr/bin/groups" >> files/%name.conf echo "SCRIPTWHITELIST=/usr/bin/GET" >> files/%name.conf echo "SCRIPTWHITELIST=/sbin/ifup" >> files/%name.conf echo "SCRIPTWHITELIST=/sbin/ifdown" >> files/%name.conf # in f8/f9 echo "SYSLOG_CONFIG_FILE=/etc/rsyslog.conf" >> files/%name.conf %{__perl} -pi.orig -e ' s|\@TMPDIR\@|%{_var}/%{name}/tmp|g; s|\@STDIR\@|%{_localstatedir}|g; s|\@CFGDIR\@|%{_sysconfdir}|g; s|\@SCDIR\@|%{_sysconfdir}/sysconfig|g; s|\@ITDIR\@|%{_initrddir}|g; s|\@RKEXE\@|%{_bindir}/%{name}|g; s|\@RKHSH\@|%{_bindir}/%{name}-scan.sh|g; s|\@LGDIR\@|%{_localstatedir}/log|g; ' 01-%{name} %{__cat} <<'EOF' >%{name}.logrotate %{_localstatedir}/log/%{name}.log { weekly notifempty create 640 root root } EOF %build # Nothing to be built %install %{__rm} -rf $RPM_BUILD_ROOT %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_bindir} %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_sysconfdir}/{cron.daily,sysconfig,logrotate.d} %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version} %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_mandir}/man8 %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/%{name}/{db,tmp} %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/%{name}/db/i18n %{__install} -m755 -p files/%{name} ${RPM_BUILD_ROOT}%{_bindir}/ %{__install} -m644 -p files/backdoorports.dat ${RPM_BUILD_ROOT}%{_var}/%{name}/db/ %{__install} -m644 -p files/defaulthashes.dat ${RPM_BUILD_ROOT}%{_var}/%{name}/db/ %{__install} -m644 -p files/md5blacklist.dat ${RPM_BUILD_ROOT}%{_var}/%{name}/db/ %{__install} -m644 -p files/mirrors.dat ${RPM_BUILD_ROOT}%{_var}/%{name}/db/ %{__install} -m644 -p files/os.dat ${RPM_BUILD_ROOT}%{_var}/%{name}/db/ %{__install} -m644 -p files/programs_bad.dat ${RPM_BUILD_ROOT}%{_var}/%{name}/db/ %{__install} -m644 -p files/programs_good.dat ${RPM_BUILD_ROOT}%{_var}/%{name}/db/ %{__install} -m644 -p files/i18n/cn ${RPM_BUILD_ROOT}%{_var}/%{name}/db/i18n/ %{__install} -m644 -p files/i18n/en ${RPM_BUILD_ROOT}%{_var}/%{name}/db/i18n/ %{__install} -m644 -p files/CHANGELOG ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/ %{__install} -m644 -p files/LICENSE ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/ %{__install} -m644 -p files/README ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/ %{__install} -m644 -p files/WISHLIST ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/ %{__install} -m755 -p files/check_modules.pl ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/ %{__install} -m755 -p files/check_port.pl ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/ %{__install} -m755 -p files/check_update.sh ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/ %{__install} -m644 -p files/*.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/ # Don't ship these unless we want to Require the perl modules #%{__install} -m750 -p files/filehashmd5.pl ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/ #%{__install} -m750 -p files/filehashsha1.pl ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/ %{__install} -m755 -p files/showfiles.pl ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/ %{__install} -m755 -p %{SOURCE2} ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/ %{__install} -m644 -p %{name}.logrotate ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name} %{__install} -m640 -p files/%{name}.conf ${RPM_BUILD_ROOT}%{_sysconfdir}/ %{__install} -m640 -p %{SOURCE3} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name} %clean %{__rm} -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) %doc %{_docdir}/%{name}-%{version}/* %{_bindir}/%{name} %dir %{_datadir}/%{name} %{_datadir}/%{name}/scripts %{_sysconfdir}/cron.daily/01-%{name} %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %dir %{_var}/%{name} %{_var}/%{name}/db %{_var}/%{name}/db/i18n %dir %{_var}/%{name}/tmp %config(noreplace) %{_sysconfdir}/%{name}.conf %config(noreplace) %{_sysconfdir}/sysconfig/%{name} %dir %{_docdir}/%{name}-%{version} %{_mandir}/man8/* %changelog * Sun Feb 03 2008 Kevin Fenzi - 1.3.0-1 - Revive package, clean up spec - Update to 1.3.0 * Sat Mar 18 2006 Greg Houlette - 1.2.8-3 - Made an RPM transparent change to move the sha1 canary check file out of CVS and into the external lookaside cache (whose filename changes with every new package release anyway...) * Fri Mar 17 2006 Greg Houlette - 1.2.8-2 - Fixed architectural dependency during package creation eliminating use of _libdir configure macro (x86_64 /usr/lib64 mis-targeting) * Tue Mar 7 2006 Greg Houlette - 1.2.8-1 - New package version release - reworked the .spec file to support optional dist tag - Updated the application check default patchfile (chunk failure) - Changed to SHA1 for optional message digest (canary check) - Added a couple of suggested skip entries to rkhunter.conf * Mon Jun 11 2005 Greg Houlette - 1.2.7-1 - Added signature auto-updating to CRON scan (new script) - Removed BOOTSCAN pending rewrite to full SysV Init scan in background - Added the --append-log command line option - Added Date Stamping to output - Fixed bug in /etc/group missing report - New package version release * Sun Jan 2 2005 Greg Houlette - 0:1.1.9-1 - New package version release - Added the --run-application-check command line option to listing in command help - Replaced 'Here' Doc editing of rkhunter.conf file with in-place Perl edit - tweaked rpmbuild -bb Autoclean * Fri Oct 15 2004 Greg Houlette - 0:1.1.8-0.fdr.1 (revisited) - Removed redundant buildrequires /bin/sh, coreutils and perl - Revise postun scriptlet - Added /usr/share/doc/rkhunter-1.1.8/ to files list * Mon Oct 11 2004 Greg Houlette - 0:1.1.8-0.fdr.1 - Changed Release Tag to 0.fdr.1 (testing) for QA - Removed wget from dependencies - Hid (temporarily) the --skip-application-check command line option from being listed in help - Fixed the spec files list, again! * Fri Oct 8 2004 Greg Houlette - 0:1.1.8-0.fdr.0.2.beta2 - Unified and disabled the md5 canary check in prep (check is now optional) removing the sha1 cross-check - Fixed the spec files list, adding the /var/rkhunter directory and the /usr/bin/rkhunter executable - Fixed missing dependencies (rkh uses runtime checks) - Disabled "auto-clean" for rpmbuild -bb - Changed Application version scan default to disabled awaiting backport fix in upstream sources - Fixed shared_man_search.patch, configuration files verify and added postun(install) cleanup * Fri Oct 1 2004 Greg Houlette - 0:1.1.8-0.fdr.0.1.beta1 - More cosmetic patchwork - Changed Release Tag to beta1 (pre-release) for QA submit * Tue Sep 28 2004 Greg Houlette - 0:1.1.8-0.fdr.1 - Removed hidden_search.patch (1.1.7) after it was merged into upstream source by Michael Boelen - Removed .spec file from md5 and sha1 file checks (it must be modifiable by Fedora QA release build) - Added BOOTSCAN description file to documentation - Restructured dynamic file creation ('Here' Docs) moving them to the "prep" stage so that *_ALL_* files are available prior to the "build" stage (for inspection purposes) - Added a /etc/sysconfig/rkhunter parameters file * Sun Aug 29 2004 Greg Houlette - 0:1.1.7-0.fdr.1 - Cosmetic patchwork * Sat Aug 21 2004 Greg Houlette - 0:1.1.6-0.fdr.1 - Moderate reworking of .spec file for packaging standards - Added md5 and sha1 file checks to prep procedure for source .rpm - Included an optional rc.local replacement for scan on boot (with full logging) * Tue Aug 10 2004 Michael Boelen - 1.1.5 - Added update script - Extended description * Sun Aug 08 2004 Greg Houlette - 1.1.5 - Changed the install procedure eliminating the specification of destination filenames (only needed if you are renaming during install) - Changed the permissions for documentation files (root only overkill) - Added the installation of the rkhunter Man Page - Added the installation of the programs_{bad, good}.dat database files - Added the installation of the LICENSE documentation file - Added the chmod for root only to the /var/rkhunter/db directory * Sun May 23 2004 Craig Orsinger (cjo) - version 1.1.0-1.cjo - changed installation in accordance with new rootkit installation procedure - changed installation root to conform to LSB. Use standard macros. - added recursive remove of old build root as prep for install phase * Wed Apr 28 2004 Doncho N. Gunchev - 1.0.9-0.mr700 - dropped Requires: perl - rkhunter works without it - dropped the bash alignpatch (check the source or contact me) - various file mode fixes (.../tmp/, *.db) - optimized the %%files section - any new files in the current dirs will be fine - just %%{__install} them. * Mon Apr 26 2004 Michael Boelen - 1.0.8-0 - Fixed missing md5blacklist.dat * Mon Apr 19 2004 Doncho N. Gunchev - 1.0.6-1.mr700 - added missing /usr/local/rkhunter/db/md5blacklist.dat - patched to align results in --cronjob, I think rpm based distros have symlink /bin/sh -> /bin/bash - added --with/--without alignpatch for conditional builds (in case previous patch breaks something) * Sat Apr 03 2004 Michael Boelen / Joe Klemmer - 1.0.6-0 - Update to 1.0.6 * Mon Mar 29 2004 Doncho N. Gunchev - 1.0.0-0 - initial .spec file