Name: rkhunter
Version: 1.3.8
Release: 2%{?dist}
Summary: A host-based tool to scan for rootkits, backdoors and local exploits
Group: Applications/System
License: GPLv2+
URL: http://rkhunter.sourceforge.net/
Source0: http://downloads.sourceforge.net/rkhunter/rkhunter-%{version}.tar.gz
Source2: 01-rkhunter
Source3: rkhunter.sysconfig
Patch0: rkhunter-1.3.8-fedoraconfig.patch
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: coreutils, binutils, modutils, findutils, grep, mktemp
Requires: e2fsprogs, procps, lsof, prelink, iproute, net-tools, wget
Requires: perl, perl(strict), perl(IO::Socket), mailx, logrotate
%description
Rootkit Hunter (RKH) is an easy-to-use tool which checks
computers running UNIX (clones) for the presence of rootkits
and other unwanted tools.
%prep
%setup -q
%patch0 -p1
%{__cat} <<'EOF' >%{name}.logrotate
%{_localstatedir}/log/%{name}/%{name}.log {
weekly
notifempty
create 640 root root
}
EOF
%build
# Nothing to be built
%install
%{__rm} -rf $RPM_BUILD_ROOT
%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_bindir}
%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_sysconfdir}/{cron.daily,sysconfig,logrotate.d}
%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts
%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}
%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_mandir}/man8
%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db
%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/log/%{name}
%{__mkdir} -m755 -p ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n
%{__install} -m755 -p files/%{name} ${RPM_BUILD_ROOT}%{_bindir}/
%{__install} -m644 -p files/backdoorports.dat ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
%{__install} -m644 -p files/mirrors.dat ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
%{__install} -m644 -p files/programs_bad.dat ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/
%{__install} -m644 -p files/i18n/cn ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/
%{__install} -m644 -p files/i18n/en ${RPM_BUILD_ROOT}%{_var}/lib/%{name}/db/i18n/
%{__install} -m644 -p files/CHANGELOG ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
%{__install} -m644 -p files/LICENSE ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
%{__install} -m644 -p files/README ${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}/
%{__install} -m755 -p files/check_modules.pl ${RPM_BUILD_ROOT}%{_datadir}/%{name}/scripts/
%{__install} -m644 -p files/*.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
# Don't ship these unless we want to Require the perl modules
#%{__install} -m750 -p files/filehashmd5.pl ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/
#%{__install} -m750 -p files/filehashsha1.pl ${RPM_BUILD_ROOT}%{_prefix}/lib/%{name}/scripts/
%{__install} -m755 -p %{SOURCE2} ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/%{name}
%{__install} -m644 -p %{name}.logrotate ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name}
%{__install} -m640 -p files/%{name}.conf ${RPM_BUILD_ROOT}%{_sysconfdir}/
%{__install} -m640 -p %{SOURCE3} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name}
%clean
%{__rm} -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%doc %{_docdir}/%{name}-%{version}/*
%{_bindir}/%{name}
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/scripts
%{_sysconfdir}/cron.daily/%{name}
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%dir %{_var}/lib/%{name}
%{_var}/lib/%{name}/db
%{_var}/lib/%{name}/db/i18n
%dir %{_var}/log/%{name}
%config(noreplace) %{_sysconfdir}/%{name}.conf
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
%dir %{_docdir}/%{name}-%{version}
%{_mandir}/man8/*
%changelog
* Tue Dec 07 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.8-2
- Adjust config some - bug #596775
* Fri Nov 26 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.8-1
- Update to 1.3.8
* Wed Nov 24 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.6-9
- Drop /var/run as it's not used anymore - bug #656684
* Wed Oct 06 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.6-8
- Add patch to make rkhunter use unhide if installed - bug #636396
* Sat Jun 05 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.6-7
- Add ipsec.hmac exclude - bug #560594
* Fri May 28 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.6-6
- Add exclude for md-device-map - bug #596731
- Supress ssh version check - bug #596775
* Sat Mar 06 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.6-5
- Change config to not specify XINETD_PATH - bug #560562
* Sat Jan 23 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.6-4
- Change email to just root instead of root@localhost - bug #553179
- Add .k5login.5.gz to files whitelist - bug #553134
* Tue Jan 05 2010 Kevin Fenzi <kevin@tummy.com> - 1.3.6-3
- Add some more ssh hmac files to whitelist - bug #552621
- Re-add /dev/.mdadm.map to whitelisted files - bug #539405
* Tue Dec 01 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.6-2
- Disable apps check by default - bug #543065
* Sun Nov 29 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.6-1
- Update to 1.3.6
* Thu Nov 26 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-9
- Add exception for /dev/.mdadm file - bug #539405
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Fri Jul 03 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-7
- Add exception for software raid udev file - bug #509253
* Sat Jun 06 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-6
- Add /usr/bin/.fipscheck.hmac to ok files - bug #494096
* Sun Mar 08 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-5
- Fix typo in patch file
* Wed Mar 04 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-4
- Rework spec file
- Add check for the new hmac ssh files
* Thu Feb 26 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-3
- Update cron job to include hostname (thanks Manuel Wolfshant)
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Fri Jan 02 2009 Kevin Fenzi <kevin@tummy.com> - 1.3.4-1
- Update to 1.3.4
- Use libdir as tmp dir - bug #456340
* Sat Dec 13 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-6
- Fix cron job sending as attachment - bug #472679
- Fix cron job trying to send with colors - bug #475916
* Wed Sep 03 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-5
- Patch debug tmp file issue - bug #460628
* Mon Jun 16 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-4
- Fix cron script to only mail on warn/error - bug #450703
- Fix conditional to account for fc10 rsyslog
* Mon Apr 28 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-3
- Change cron to run after prelink - bug #438622
* Wed Mar 26 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-2
- Move things to more standard locations for selinux - bug #438184
- Add exception for pulseaudio file - bug #438622
* Thu Feb 28 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.2-1
- Update to 1.3.2
- Fix cron script
* Thu Feb 28 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.0-2
- Use /etc/redhat-release for EPEL and /etc/fedora release for Fedora.
- Add conditionals to support EPEL
- Fix man page warning.
* Sun Feb 03 2008 Kevin Fenzi <kevin@tummy.com> - 1.3.0-1
- Revive package, clean up spec
- Update to 1.3.0
* Sat Mar 18 2006 Greg Houlette <tamaster@pobox.com> - 1.2.8-3
- Made an RPM transparent change to move the sha1 canary check
file out of CVS and into the external lookaside cache (whose
filename changes with every new package release anyway...)
* Fri Mar 17 2006 Greg Houlette <tamaster@pobox.com> - 1.2.8-2
- Fixed architectural dependency during package creation eliminating
use of _libdir configure macro (x86_64 /usr/lib64 mis-targeting)
* Tue Mar 7 2006 Greg Houlette <tamaster@pobox.com> - 1.2.8-1
- New package version release
- reworked the .spec file to support optional dist tag
- Updated the application check default patchfile (chunk failure)
- Changed to SHA1 for optional message digest (canary check)
- Added a couple of suggested skip entries to rkhunter.conf
* Mon Jun 11 2005 Greg Houlette <tamaster@pobox.com> - 1.2.7-1
- Added signature auto-updating to CRON scan (new script)
- Removed BOOTSCAN pending rewrite to full SysV Init scan in background
- Added the --append-log command line option
- Added Date Stamping to output
- Fixed bug in /etc/group missing report
- New package version release
* Sun Jan 2 2005 Greg Houlette <tamaster@tekarmory.com> - 0:1.1.9-1
- New package version release
- Added the --run-application-check command line option
to listing in command help
- Replaced 'Here' Doc editing of rkhunter.conf file
with in-place Perl edit
- tweaked rpmbuild -bb Autoclean
* Fri Oct 15 2004 Greg Houlette - 0:1.1.8-0.fdr.1 (revisited)
- Removed redundant buildrequires /bin/sh, coreutils and perl
- Revise postun scriptlet
- Added /usr/share/doc/rkhunter-1.1.8/ to files list
* Mon Oct 11 2004 Greg Houlette - 0:1.1.8-0.fdr.1
- Changed Release Tag to 0.fdr.1 (testing) for QA
- Removed wget from dependencies
- Hid (temporarily) the --skip-application-check command
line option from being listed in help
- Fixed the spec files list, again!
* Fri Oct 8 2004 Greg Houlette - 0:1.1.8-0.fdr.0.2.beta2
- Unified and disabled the md5 canary check in prep
(check is now optional) removing the sha1 cross-check
- Fixed the spec files list, adding the /var/rkhunter
directory and the /usr/bin/rkhunter executable
- Fixed missing dependencies (rkh uses runtime checks)
- Disabled "auto-clean" for rpmbuild -bb
- Changed Application version scan default to
disabled awaiting backport fix in upstream sources
- Fixed shared_man_search.patch, configuration files
verify and added postun(install) cleanup
* Fri Oct 1 2004 Greg Houlette - 0:1.1.8-0.fdr.0.1.beta1
- More cosmetic patchwork
- Changed Release Tag to beta1 (pre-release) for QA submit
* Tue Sep 28 2004 Greg Houlette - 0:1.1.8-0.fdr.1
- Removed hidden_search.patch (1.1.7) after it was
merged into upstream source by Michael Boelen
- Removed .spec file from md5 and sha1 file checks
(it must be modifiable by Fedora QA release build)
- Added BOOTSCAN description file to documentation
- Restructured dynamic file creation ('Here' Docs)
moving them to the "prep" stage so that *_ALL_*
files are available prior to the "build" stage
(for inspection purposes)
- Added a /etc/sysconfig/rkhunter parameters file
* Sun Aug 29 2004 Greg Houlette - 0:1.1.7-0.fdr.1
- Cosmetic patchwork
* Sat Aug 21 2004 Greg Houlette - 0:1.1.6-0.fdr.1
- Moderate reworking of .spec file for packaging standards
- Added md5 and sha1 file checks to prep procedure for source .rpm
- Included an optional rc.local replacement for scan on boot (with full logging)
* Tue Aug 10 2004 Michael Boelen - 1.1.5
- Added update script
- Extended description
* Sun Aug 08 2004 Greg Houlette - 1.1.5
- Changed the install procedure eliminating the specification of
destination filenames (only needed if you are renaming during install)
- Changed the permissions for documentation files (root only overkill)
- Added the installation of the rkhunter Man Page
- Added the installation of the programs_{bad, good}.dat database files
- Added the installation of the LICENSE documentation file
- Added the chmod for root only to the /var/rkhunter/db directory
* Sun May 23 2004 Craig Orsinger (cjo) <cjorsinger@earthlink.net>
- version 1.1.0-1.cjo
- changed installation in accordance with new rootkit installation
procedure
- changed installation root to conform to LSB. Use standard macros.
- added recursive remove of old build root as prep for install phase
* Wed Apr 28 2004 Doncho N. Gunchev - 1.0.9-0.mr700
- dropped Requires: perl - rkhunter works without it
- dropped the bash alignpatch (check the source or contact me)
- various file mode fixes (.../tmp/, *.db)
- optimized the %%files section - any new files in the
current dirs will be fine - just %%{__install} them.
* Mon Apr 26 2004 Michael Boelen - 1.0.8-0
- Fixed missing md5blacklist.dat
* Mon Apr 19 2004 Doncho N. Gunchev - 1.0.6-1.mr700
- added missing /usr/local/rkhunter/db/md5blacklist.dat
- patched to align results in --cronjob, I think rpm based
distros have symlink /bin/sh -> /bin/bash
- added --with/--without alignpatch for conditional builds
(in case previous patch breaks something)
* Sat Apr 03 2004 Michael Boelen / Joe Klemmer - 1.0.6-0
- Update to 1.0.6
* Mon Mar 29 2004 Doncho N. Gunchev - 1.0.0-0
- initial .spec file
distrib
>
Fedora
>
13
>
i386
>
media
>
updates-src
>
by-pkgid
>
ae7c266ab27f1037a7f63107bcff2fad
>
files
>
4
