ports/102968: [patch] security/rkhunter
Gabor Kovesdan
gabor at FreeBSD.org
Thu Sep 7 08:10:13 UTC 2006
>Number: 102968
>Category: ports
>Synopsis: [patch] security/rkhunter
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Thu Sep 07 08:10:11 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Gabor Kovesdan
>Release: FreeBSD 6.1-RELEASE-p3 amd64
>Organization:
n/a
>Environment:
System: FreeBSD server.t-hosting.hu 6.1-RELEASE-p3 FreeBSD 6.1-RELEASE-p3 #0: Sat Aug 19 11:08:15 CEST 2006 root at server.t-hosting.hu:/usr/src/sys/amd64/compile/FREEBSD amd64
>Description:
- Add periodic script to ease the maintenance
- Bump PORTREVISION
- Take maintainership
>How-To-Repeat:
>Fix:
--- rkhunter.diff begins here ---
Index: Makefile
===================================================================
RCS file: /usr/cvs/ports/security/rkhunter/Makefile,v
retrieving revision 1.17
diff -u -r1.17 Makefile
--- Makefile 6 Sep 2006 01:30:47 -0000 1.17
+++ Makefile 7 Sep 2006 07:49:53 -0000
@@ -7,11 +7,11 @@
PORTNAME= rkhunter
PORTVERSION= 1.2.8
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= security
MASTER_SITES= http://downloads.rootkit.nl/
-MAINTAINER= ports at FreeBSD.org
+MAINTAINER= gkovesdan at t-hosting.hu
COMMENT= Rootkit detection tool
OPTIONS= LSOF "Use LSOF" on \
@@ -23,6 +23,7 @@
WRKSRC= ${WRKDIR}/${PORTNAME}
USE_PERL5= yes
NO_BUILD= yes
+SUB_FILES= 415.rkhunter
MAN8= rkhunter.8
MANCOMPRESSED= no
@@ -42,12 +43,14 @@
do-install:
cd ${WRKSRC} && ./installer.sh --installdir ${PREFIX}
${INSTALL_MAN} ${WRKSRC}/files/development/rkhunter.8 ${MAN8PREFIX}/man/man8
+ @${MKDIR} ${PREFIX}/etc/periodic/security
+ ${INSTALL_DATA} ${WRKDIR}/415.rkhunter ${PREFIX}/etc/periodic/security
.if !defined(NOPORTDOCS)
@${MKDIR} ${DOCSDIR}
${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/files/|} ${DOCSDIR}
.endif
post-install:
- @${CAT} ${PKGMESSAGE}
+ @${CAT} ${PKGMESSAGE}
.include <bsd.port.post.mk>
Index: pkg-message
===================================================================
RCS file: /usr/cvs/ports/security/rkhunter/pkg-message,v
retrieving revision 1.1
diff -u -r1.1 pkg-message
--- pkg-message 2 Jan 2006 23:19:50 -0000 1.1
+++ pkg-message 7 Sep 2006 07:44:56 -0000
@@ -1,8 +1,14 @@
-**********************************************
-NOTICE:
+******************************************************************************
- Keep your database up-to-date by running
- "rkhunter --update" frequently.
+You should keep your rkhunter database up-to-date.
+This can be done automatically by putting this line to /etc/periodic.conf:
-**********************************************
+daily_rkhunter_update_enable="YES"
+
+Also, you can run rkhunter as a part of the daily security check by
+putting this line to /etc/periodic.conf:
+
+daily_rkhunter_check_enable="YES"
+
+******************************************************************************
Index: pkg-plist
===================================================================
RCS file: /usr/cvs/ports/security/rkhunter/pkg-plist,v
retrieving revision 1.5
diff -u -r1.5 pkg-plist
--- pkg-plist 29 Apr 2006 00:49:20 -0000 1.5
+++ pkg-plist 6 Sep 2006 12:02:51 -0000
@@ -1,6 +1,7 @@
bin/rkhunter
@unexec if cmp -s %D/etc/rkhunter.conf %D/etc/rkhunter.conf.sample; then rm -f %D/etc/rkhunter.conf; fi
etc/rkhunter.conf.sample
+etc/periodic/security/155.rkhunter
lib/rkhunter/db/backdoorports.dat
lib/rkhunter/db/defaulthashes.dat
lib/rkhunter/db/md5blacklist.dat
Index: files/415.rkhunter.in
===================================================================
RCS file: files/415.rkhunter.in
diff -N files/415.rkhunter.in
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/415.rkhunter.in 7 Sep 2006 07:52:42 -0000
@@ -0,0 +1,33 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# This is a maintenance shell script for the rkhunter security tool.
+# You can enable this script in /etc/periodic.conf file by putting these lines into it:
+# daily_rkhunter_update_enable="YES"
+# daily_rkhunter_check_enable="YES"
+#
+# Written by: Gabor Kovesdan <gabor at FreeBSD.org>
+
+if [ -r /etc/defaults/periodic.conf ]; then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_rkhunter_update_enable" in
+ [Yy][Ee][Ss])
+
+ echo ""
+ echo "Updating the rkhunter database..."
+ %%PREFIX%%/bin/rkhunter --update
+ ;;
+esac
+
+case "$daily_rkhunter_check_enable" in
+ [Yy][Ee][Ss])
+
+ echo ""
+ echo "Running rkhunter..."
+ %%PREFIX%%/bin/rkhunter --checkall --cronjob --skip-keypress
+ ;;
+esac
--- rkhunter.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list