Date: Mon, 10 Mar 2008 21:41:23 GMT From: Lukasz Wasikowski <lukasz@wasikowski.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/121579: Update port: security/rkhunter version update to 1.3.2 Message-ID: <200803102141.m2ALfNre000133@www.freebsd.org> Resent-Message-ID: <200803102150.m2ALo1wG050922@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 121579 >Category: ports >Synopsis: Update port: security/rkhunter version update to 1.3.2 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Mar 10 21:50:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Lukasz Wasikowski >Release: FreeBSD 7.0-RELEASE >Organization: >Environment: FreeBSD bijou.wasikowski.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Mon Feb 25 16:09:17 CET 2008 root@bijou.wasikowski.net:/usr/obj/usr/src/sys/bijou i386 >Description: rkhunter version update to 1.3.2 which fixes some *BSD false positives, and default config change to fix the remaining false positives on FreeBSD. >How-To-Repeat: >Fix: diff -ruN rkhunter.old/Makefile rkhunter/Makefile --- rkhunter.old/Makefile 2007-10-23 14:25:40.000000000 +0200 +++ rkhunter/Makefile 2008-03-10 21:52:33.000000000 +0100 @@ -6,7 +6,7 @@ # PORTNAME= rkhunter -PORTVERSION= 1.3.0 +PORTVERSION= 1.3.2 CATEGORIES= security MASTER_SITES= SF diff -ruN rkhunter.old/distinfo rkhunter/distinfo --- rkhunter.old/distinfo 2007-10-23 14:25:40.000000000 +0200 +++ rkhunter/distinfo 2008-03-10 21:53:01.000000000 +0100 @@ -1,3 +1,3 @@ -MD5 (rkhunter-1.3.0.tar.gz) = 89a4628c6378fdf3331d5a43b975d967 -SHA256 (rkhunter-1.3.0.tar.gz) = a46610fc761e61f4f85750693f6e17aafa3a47e24e8cef76401f67d25e94d186 -SIZE (rkhunter-1.3.0.tar.gz) = 252011 +MD5 (rkhunter-1.3.2.tar.gz) = a00ff64d7076d6ff47ef0c9f0b6202f2 +SHA256 (rkhunter-1.3.2.tar.gz) = 2a325acedc094bc5ae9d5a3326af760bb376d5a1122c433d22477968eec1eebd +SIZE (rkhunter-1.3.2.tar.gz) = 269563 diff -ruN rkhunter.old/files/patch-rkhunter.conf rkhunter/files/patch-rkhunter.conf --- rkhunter.old/files/patch-rkhunter.conf 2007-10-23 14:25:40.000000000 +0200 +++ rkhunter/files/patch-rkhunter.conf 2008-03-10 22:30:09.000000000 +0100 @@ -1,5 +1,5 @@ ---- files/rkhunter.conf.orig Wed Oct 17 11:21:03 2007 -+++ files/rkhunter.conf Wed Oct 17 11:21:19 2007 +--- files/rkhunter.conf.orig 2008-02-21 23:15:14.000000000 +0100 ++++ files/rkhunter.conf 2008-03-10 22:29:30.000000000 +0100 @@ -76,6 +76,7 @@ # sure that the directory permissions are tight. # @@ -8,3 +8,52 @@ # # Specify the database directory to use. +@@ -154,7 +155,8 @@ + # file, then a value here of 'yes' or 'unset' will not cause a warning. + # This option has a default value of 'no'. + # +-ALLOW_SSH_ROOT_USER=no ++#ALLOW_SSH_ROOT_USER=no ++ALLOW_SSH_ROOT_USER=unset + + # + # Set this option to '1' to allow the use of the SSH-1 protocol, but note +@@ -165,7 +167,8 @@ + # configuration file, then a value of '2' may be set here in order to + # suppress a warning message. This option has a default value of '0'. + # +-ALLOW_SSH_PROT_V1=0 ++#ALLOW_SSH_PROT_V1=0 ++ALLOW_SSH_PROT_V1=2 + + # + # This setting tells rkhunter the directory containing the SSH configuration +@@ -278,12 +281,20 @@ + #SCRIPTWHITELIST=/sbin/ifup + #SCRIPTWHITELIST=/sbin/ifdown + #SCRIPTWHITELIST=/usr/bin/groups ++SCRIPTWHITELIST=/usr/bin/whatis ++SCRIPTWHITELIST=/usr/sbin/adduser ++SCRIPTWHITELIST=/usr/local/bin/GET ++SCRIPTWHITELIST=/usr/local/sbin/pkgdb + + # + # Allow the specified commands to have the immutable attribute set. + # One command per line (use multiple IMMUTWHITELIST lines). + # + #IMMUTWHITELIST=/sbin/ifup ++IMMUTWHITELIST=/usr/bin/login ++IMMUTWHITELIST=/usr/bin/passwd ++IMMUTWHITELIST=/usr/bin/su ++IMMUTWHITELIST=/sbin/init + + # + # Allow the specified hidden directories. +@@ -434,6 +445,7 @@ + # Note: For *BSD systems you may need to enable this for the 'toor' account. + # + #UID0_ACCOUNTS="toor rooty" ++UID0_ACCOUNTS="root toor" + + # + # Allow the following accounts to have no password. This option is a Patch attached with submission follows: diff -ruN rkhunter.old/Makefile rkhunter/Makefile --- rkhunter.old/Makefile 2007-10-23 14:25:40.000000000 +0200 +++ rkhunter/Makefile 2008-03-10 21:52:33.000000000 +0100 @@ -6,7 +6,7 @@ # PORTNAME= rkhunter -PORTVERSION= 1.3.0 +PORTVERSION= 1.3.2 CATEGORIES= security MASTER_SITES= SF diff -ruN rkhunter.old/distinfo rkhunter/distinfo --- rkhunter.old/distinfo 2007-10-23 14:25:40.000000000 +0200 +++ rkhunter/distinfo 2008-03-10 21:53:01.000000000 +0100 @@ -1,3 +1,3 @@ -MD5 (rkhunter-1.3.0.tar.gz) = 89a4628c6378fdf3331d5a43b975d967 -SHA256 (rkhunter-1.3.0.tar.gz) = a46610fc761e61f4f85750693f6e17aafa3a47e24e8cef76401f67d25e94d186 -SIZE (rkhunter-1.3.0.tar.gz) = 252011 +MD5 (rkhunter-1.3.2.tar.gz) = a00ff64d7076d6ff47ef0c9f0b6202f2 +SHA256 (rkhunter-1.3.2.tar.gz) = 2a325acedc094bc5ae9d5a3326af760bb376d5a1122c433d22477968eec1eebd +SIZE (rkhunter-1.3.2.tar.gz) = 269563 diff -ruN rkhunter.old/files/patch-rkhunter.conf rkhunter/files/patch-rkhunter.conf --- rkhunter.old/files/patch-rkhunter.conf 2007-10-23 14:25:40.000000000 +0200 +++ rkhunter/files/patch-rkhunter.conf 2008-03-10 22:30:09.000000000 +0100 @@ -1,5 +1,5 @@ ---- files/rkhunter.conf.orig Wed Oct 17 11:21:03 2007 -+++ files/rkhunter.conf Wed Oct 17 11:21:19 2007 +--- files/rkhunter.conf.orig 2008-02-21 23:15:14.000000000 +0100 ++++ files/rkhunter.conf 2008-03-10 22:29:30.000000000 +0100 @@ -76,6 +76,7 @@ # sure that the directory permissions are tight. # @@ -8,3 +8,52 @@ # # Specify the database directory to use. +@@ -154,7 +155,8 @@ + # file, then a value here of 'yes' or 'unset' will not cause a warning. + # This option has a default value of 'no'. + # +-ALLOW_SSH_ROOT_USER=no ++#ALLOW_SSH_ROOT_USER=no ++ALLOW_SSH_ROOT_USER=unset + + # + # Set this option to '1' to allow the use of the SSH-1 protocol, but note +@@ -165,7 +167,8 @@ + # configuration file, then a value of '2' may be set here in order to + # suppress a warning message. This option has a default value of '0'. + # +-ALLOW_SSH_PROT_V1=0 ++#ALLOW_SSH_PROT_V1=0 ++ALLOW_SSH_PROT_V1=2 + + # + # This setting tells rkhunter the directory containing the SSH configuration +@@ -278,12 +281,20 @@ + #SCRIPTWHITELIST=/sbin/ifup + #SCRIPTWHITELIST=/sbin/ifdown + #SCRIPTWHITELIST=/usr/bin/groups ++SCRIPTWHITELIST=/usr/bin/whatis ++SCRIPTWHITELIST=/usr/sbin/adduser ++SCRIPTWHITELIST=/usr/local/bin/GET ++SCRIPTWHITELIST=/usr/local/sbin/pkgdb + + # + # Allow the specified commands to have the immutable attribute set. + # One command per line (use multiple IMMUTWHITELIST lines). + # + #IMMUTWHITELIST=/sbin/ifup ++IMMUTWHITELIST=/usr/bin/login ++IMMUTWHITELIST=/usr/bin/passwd ++IMMUTWHITELIST=/usr/bin/su ++IMMUTWHITELIST=/sbin/init + + # + # Allow the specified hidden directories. +@@ -434,6 +445,7 @@ + # Note: For *BSD systems you may need to enable this for the 'toor' account. + # + #UID0_ACCOUNTS="toor rooty" ++UID0_ACCOUNTS="root toor" + + # + # Allow the following accounts to have no password. This option is a >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803102141.m2ALfNre000133>