Name: rkhunter Summary: A host-based tool to scan for rootkits, backdoors and local exploits Version: 1.4.6 Release: 3%{?_dist_release} Group: admin-tools,security Vendor: Project Vine Distribution: Vine Linux License: GPLv2+ URL: http://rkhunter.sourceforge.net/ Source0: http://downloads.sourceforge.net/rkhunter/rkhunter-%{version}.tar.gz Source2: 01-rkhunter Source3: rkhunter.sysconfig Patch0: rkhunter-1.4.6-vineconfig.patch # libkeyutils is an actual legit library now, so this old check is a false positive. Patch1: rkhunter-1.4.6-drop-libkeyutils-check.patch # have ssh checks use the sshd.d directoy config files too. Patch2: rkhunter-1.4.6-ssh.d.patch # Fix grep/egrep changes Patch3: rkhunter-1.4.6-grep.patch BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root Requires: coreutils, binutils, findutils, grep Requires: e2fsprogs, procps, lsof, iproute, wget Requires: perl, perl(strict), perl(IO::Socket), mailx, logrotate Requires: kmod %description Rootkit Hunter (RKH) is an easy-to-use tool which checks computers running UNIX (clones) for the presence of rootkits and other unwanted tools. %prep %autosetup -p1 %{__cat} <<'EOF' >%{name}.logrotate %{_localstatedir}/log/%{name}/%{name}.log { weekly notifempty create 640 root root } EOF %build # Nothing to be built %install %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_bindir} %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_sysconfdir}/{cron.daily,sysconfig,logrotate.d} %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_pkgdocdir} %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_mandir}/man8 %{__mkdir} -m700 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name} %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/log/%{name} %{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n %{__install} -m755 -p files/%{name} ${RPM_BUILD_ROOT}%{_bindir}/ %{__install} -m644 -p files/backdoorports.dat ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/ %{__install} -m644 -p files/mirrors.dat ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/ %{__install} -m644 -p files/programs_bad.dat ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/ %{__install} -m644 -p files/i18n/cn ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/ %{__install} -m644 -p files/i18n/en ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/ %{__install} -m644 -p files/CHANGELOG ${RPM_BUILD_ROOT}%{_pkgdocdir} %{__install} -m644 -p files/LICENSE ${RPM_BUILD_ROOT}%{_pkgdocdir} %{__install} -m644 -p files/README ${RPM_BUILD_ROOT}%{_pkgdocdir} %{__install} -m755 -p files/check_modules.pl ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/ %{__install} -m644 -p files/*.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/ # Don't ship these unless we want to Require the perl modules #%{__install} -m750 -p files/filehashmd5.pl ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/ #%{__install} -m750 -p files/filehashsha1.pl ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/ %{__install} -m755 -p %{SOURCE2} ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/%{name} %{__install} -m644 -p %{name}.logrotate ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name} %{__install} -m640 -p files/%{name}.conf ${RPM_BUILD_ROOT}%{_sysconfdir}/ %{__install} -m640 -p %{SOURCE3} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name} %clean %{__rm} -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) %doc %{_pkgdocdir}/* %{_bindir}/%{name} %dir %{_datadir}/%{name} %{_datadir}/%{name}/scripts %{_sysconfdir}/cron.daily/%{name} %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %dir %{_var}/lib/%{name} %{_var}/lib/%{name}/db %ghost %{_var}/lib/%{name}/db/mirrors.dat %ghost %{_var}/lib/%{name}/db/programs_bad.dat %{_var}/lib/%{name}/db/i18n %dir %{_var}/log/%{name} %config(noreplace) %{_sysconfdir}/%{name}.conf %config(noreplace) %{_sysconfdir}/sysconfig/%{name} %{_mandir}/man8/* %changelog * Wed Jun 19 2024 Tomohiro "Tomo-p" KATO 1.4.6-3 - imported Patch3 from rawhide to support grep >= 3.8. * Wed Mar 17 2021 Tomohiro "Tomo-p" KATO 1.4.6-2 - imported Patch1 and 2 from rawhide. * Mon May 27 2019 Tomohiro "Tomo-p" KATO 1.4.6-1 - updated to 1.4.6. - updated Patch0. * Wed Nov 12 2014 Daisuke SUZUKI 1.4.2-1 - update to 1.4.2 * Thu Feb 28 2013 Daisuke SUZUKI 1.4.0-1 - initial build for Vine Linux * Thu Feb 14 2013 Fedora Release Engineering - 1.4.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Sat Oct 06 2012 Kevin Fenzi 1.4.0-5 - Add /dev/md/autorebuild.pid to whitelist. Fixes bug #857315 * Sat Aug 18 2012 Kevin Fenzi 1.4.0-4 - Add /var/log/pki-ca/system to whitelist for FreeIPA. Fixes bug #849251 * Wed Aug 15 2012 Kevin Fenzi 1.4.0-3 - Fix /bin/ad false positive. Fixes bug #831989 * Sat Jul 21 2012 Fedora Release Engineering - 1.4.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Tue May 08 2012 Kevin Fenzi - 1.4.0-1 - Update to 1.4.0 * Sun Apr 15 2012 Kevin Fenzi - 1.3.8-15 - Add workaround for /lib/java false positive. Fixes bug #806972 * Wed Feb 8 2012 Kay Sievers - 1.3.8-14 - modutils are for Linux 2.4 and no longer provided; depend on kmod * Fri Jan 27 2012 Kevin Fenzi 1.3.8-13 - Drop net-tools, no longer needed. Fixes bug #784803 - Add /dev/shm/spice.* to whitelist. Fixes bug #784882 * Fri Jan 06 2012 Kevin Fenzi 1.3.8-12 - Add /etc/.java to whitelist. Fixes bug #770972 * Fri Nov 25 2011 Kevin Fenzi - 1.3.8-11 - Add /usr/share/man/man5/.k5identity.5.gz to whitelisted hidden files. * Wed Oct 12 2011 Jim Pirzyk - 1.3.8-10 - Update %files section so that some .dat files are marked %ghost * Fri Aug 05 2011 Kevin Fenzi - 1.3.8-9 - Add patch to fix ALLOWPROCDELFILE config option. fixes bug #727524 * Fri Jul 08 2011 Kevin Fenzi - 1.3.8-8 - Fix typo * Fri Jul 08 2011 Kevin Fenzi - 1.3.8-7 - Add patch to fix out of the box warning on rkhunter script. - Fixes bug #719270 - Add etckeeper and tomboy files. Fixes bug #719265 and #719259 * Tue Jun 21 2011 Kevin Fenzi - 1.3.8-6 - Change ssh check back to 2 - bug #596775 - Drop hard Requires on prelink. It will be used if present - bug #714067 * Thu Apr 21 2011 Kevin Fenzi - 1.3.8-5 - Add /dev/.mount to ALLOW_HIDDENDIR - bug #697599 * Wed Apr 13 2011 Kevin Fenzi - 1.3.8-4 - Don't send warning emails anymore. They cause selinux issues and are not very helpful. - Fixes bug #660544 * Wed Feb 09 2011 Fedora Release Engineering - 1.3.8-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Tue Dec 07 2010 Kevin Fenzi - 1.3.8-2 - Adjust config some - bug #596775 * Fri Nov 26 2010 Kevin Fenzi - 1.3.8-1 - Update to 1.3.8 * Wed Nov 24 2010 Kevin Fenzi - 1.3.6-9 - Drop /var/run as it's not used anymore - bug #656684 * Wed Oct 06 2010 Kevin Fenzi - 1.3.6-8 - Add patch to make rkhunter use unhide if installed - bug #636396 * Sat Jun 05 2010 Kevin Fenzi - 1.3.6-7 - Add ipsec.hmac exclude - bug #560594 * Fri May 28 2010 Kevin Fenzi - 1.3.6-6 - Add exclude for md-device-map - bug #596731 - Supress ssh version check - bug #596775 * Sat Mar 06 2010 Kevin Fenzi - 1.3.6-5 - Change config to not specify XINETD_PATH - bug #560562 * Sat Jan 23 2010 Kevin Fenzi - 1.3.6-4 - Change email to just root instead of root@localhost - bug #553179 - Add .k5login.5.gz to files whitelist - bug #553134 * Tue Jan 05 2010 Kevin Fenzi - 1.3.6-3 - Add some more ssh hmac files to whitelist - bug #552621 - Re-add /dev/.mdadm.map to whitelisted files - bug #539405 * Tue Dec 01 2009 Kevin Fenzi - 1.3.6-2 - Disable apps check by default - bug #543065 * Sun Nov 29 2009 Kevin Fenzi - 1.3.6-1 - Update to 1.3.6 * Thu Nov 26 2009 Kevin Fenzi - 1.3.4-9 - Add exception for /dev/.mdadm file - bug #539405 * Sun Jul 26 2009 Fedora Release Engineering - 1.3.4-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Fri Jul 03 2009 Kevin Fenzi - 1.3.4-7 - Add exception for software raid udev file - bug #509253 * Sat Jun 06 2009 Kevin Fenzi - 1.3.4-6 - Add /usr/bin/.fipscheck.hmac to ok files - bug #494096 * Sun Mar 08 2009 Kevin Fenzi - 1.3.4-5 - Fix typo in patch file * Wed Mar 04 2009 Kevin Fenzi - 1.3.4-4 - Rework spec file - Add check for the new hmac ssh files * Thu Feb 26 2009 Kevin Fenzi - 1.3.4-3 - Update cron job to include hostname (thanks Manuel Wolfshant) * Wed Feb 25 2009 Fedora Release Engineering - 1.3.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Fri Jan 02 2009 Kevin Fenzi - 1.3.4-1 - Update to 1.3.4 - Use libdir as tmp dir - bug #456340 * Sat Dec 13 2008 Kevin Fenzi - 1.3.2-6 - Fix cron job sending as attachment - bug #472679 - Fix cron job trying to send with colors - bug #475916 * Wed Sep 03 2008 Kevin Fenzi - 1.3.2-5 - Patch debug tmp file issue - bug #460628 * Mon Jun 16 2008 Kevin Fenzi - 1.3.2-4 - Fix cron script to only mail on warn/error - bug #450703 - Fix conditional to account for fc10 rsyslog * Mon Apr 28 2008 Kevin Fenzi - 1.3.2-3 - Change cron to run after prelink - bug #438622 * Wed Mar 26 2008 Kevin Fenzi - 1.3.2-2 - Move things to more standard locations for selinux - bug #438184 - Add exception for pulseaudio file - bug #438622 * Thu Feb 28 2008 Kevin Fenzi - 1.3.2-1 - Update to 1.3.2 - Fix cron script * Thu Feb 28 2008 Kevin Fenzi - 1.3.0-2 - Use /etc/redhat-release for EPEL and /etc/fedora release for Fedora. - Add conditionals to support EPEL - Fix man page warning. * Sun Feb 03 2008 Kevin Fenzi - 1.3.0-1 - Revive package, clean up spec - Update to 1.3.0 * Sat Mar 18 2006 Greg Houlette - 1.2.8-3 - Made an RPM transparent change to move the sha1 canary check file out of CVS and into the external lookaside cache (whose filename changes with every new package release anyway...) * Fri Mar 17 2006 Greg Houlette - 1.2.8-2 - Fixed architectural dependency during package creation eliminating use of _libdir configure macro (x86_64 /usr/lib64 mis-targeting) * Tue Mar 7 2006 Greg Houlette - 1.2.8-1 - New package version release - reworked the .spec file to support optional dist tag - Updated the application check default patchfile (chunk failure) - Changed to SHA1 for optional message digest (canary check) - Added a couple of suggested skip entries to rkhunter.conf * Sat Jun 11 2005 Greg Houlette - 1.2.7-1 - Added signature auto-updating to CRON scan (new script) - Removed BOOTSCAN pending rewrite to full SysV Init scan in background - Added the --append-log command line option - Added Date Stamping to output - Fixed bug in /etc/group missing report - New package version release * Sun Jan 2 2005 Greg Houlette - 0:1.1.9-1 - New package version release - Added the --run-application-check command line option to listing in command help - Replaced 'Here' Doc editing of rkhunter.conf file with in-place Perl edit - tweaked rpmbuild -bb Autoclean * Fri Oct 15 2004 Greg Houlette - 0:1.1.8-0.fdr.1 (revisited) - Removed redundant buildrequires /bin/sh, coreutils and perl - Revise postun scriptlet - Added /usr/share/doc/rkhunter-1.1.8/ to files list * Mon Oct 11 2004 Greg Houlette - 0:1.1.8-0.fdr.1 - Changed Release Tag to 0.fdr.1 (testing) for QA - Removed wget from dependencies - Hid (temporarily) the --skip-application-check command line option from being listed in help - Fixed the spec files list, again! * Fri Oct 8 2004 Greg Houlette - 0:1.1.8-0.fdr.0.2.beta2 - Unified and disabled the md5 canary check in prep (check is now optional) removing the sha1 cross-check - Fixed the spec files list, adding the /var/rkhunter directory and the /usr/bin/rkhunter executable - Fixed missing dependencies (rkh uses runtime checks) - Disabled "auto-clean" for rpmbuild -bb - Changed Application version scan default to disabled awaiting backport fix in upstream sources - Fixed shared_man_search.patch, configuration files verify and added postun(install) cleanup * Fri Oct 1 2004 Greg Houlette - 0:1.1.8-0.fdr.0.1.beta1 - More cosmetic patchwork - Changed Release Tag to beta1 (pre-release) for QA submit * Tue Sep 28 2004 Greg Houlette - 0:1.1.8-0.fdr.1 - Removed hidden_search.patch (1.1.7) after it was merged into upstream source by Michael Boelen - Removed .spec file from md5 and sha1 file checks (it must be modifiable by Fedora QA release build) - Added BOOTSCAN description file to documentation - Restructured dynamic file creation ('Here' Docs) moving them to the "prep" stage so that *_ALL_* files are available prior to the "build" stage (for inspection purposes) - Added a /etc/sysconfig/rkhunter parameters file * Sun Aug 29 2004 Greg Houlette - 0:1.1.7-0.fdr.1 - Cosmetic patchwork * Sat Aug 21 2004 Greg Houlette - 0:1.1.6-0.fdr.1 - Moderate reworking of .spec file for packaging standards - Added md5 and sha1 file checks to prep procedure for source .rpm - Included an optional rc.local replacement for scan on boot (with full logging) * Tue Aug 10 2004 Michael Boelen - 1.1.5 - Added update script - Extended description * Sun Aug 08 2004 Greg Houlette - 1.1.5 - Changed the install procedure eliminating the specification of destination filenames (only needed if you are renaming during install) - Changed the permissions for documentation files (root only overkill) - Added the installation of the rkhunter Man Page - Added the installation of the programs_{bad, good}.dat database files - Added the installation of the LICENSE documentation file - Added the chmod for root only to the /var/rkhunter/db directory * Sun May 23 2004 Craig Orsinger (cjo) - version 1.1.0-1.cjo - changed installation in accordance with new rootkit installation procedure - changed installation root to conform to LSB. Use standard macros. - added recursive remove of old build root as prep for install phase * Wed Apr 28 2004 Doncho N. Gunchev - 1.0.9-0.mr700 - dropped Requires: perl - rkhunter works without it - dropped the bash alignpatch (check the source or contact me) - various file mode fixes (.../tmp/, *.db) - optimized the %%files section - any new files in the current dirs will be fine - just %%{__install} them. * Mon Apr 26 2004 Michael Boelen - 1.0.8-0 - Fixed missing md5blacklist.dat * Mon Apr 19 2004 Doncho N. Gunchev - 1.0.6-1.mr700 - added missing /usr/local/rkhunter/db/md5blacklist.dat - patched to align results in --cronjob, I think rpm based distros have symlink /bin/sh -> /bin/bash - added --with/--without alignpatch for conditional builds (in case previous patch breaks something) * Sat Apr 03 2004 Michael Boelen / Joe Klemmer - 1.0.6-0 - Update to 1.0.6 * Mon Mar 29 2004 Doncho N. Gunchev - 1.0.0-0 - initial .spec file