%define subrel 3 Summary: Rootkit scans for rootkits, backdoors and local exploits Name: rkhunter Version: 1.3.8 Release: %mkrel 1 License: GPLv2+ Group: System/Configuration/Other URL: http://rkhunter.sourceforge.net/ Source0: http://downloads.sourceforge.net/rkhunter/%{name}-%{version}.tar.gz Source1: http://downloads.sourceforge.net/rkhunter/%{name}-%{version}.tar.gz.asc Source2: rkhunter.cron Source3: rkhunter.logrotate Source4: README.urpmi Patch0: rkhunter.conf.patch BuildArch: noarch Requires: webfetch Requires: e2fsprogs Requires: binutils #Requires: ccp Suggests: unhide %description Rootkit scanner is scanning tool to ensure you you're clean of known nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like: - MD5/SHA1 hash compare - Look for default files used by rootkits - Wrong file permissions for binaries - Look for suspected strings in LKM and KLD modules - Look for hidden files - Optional scan within plaintext and binary files %prep %setup -q chmod -R a+r . %patch0 -b .old %install rm -rf %{buildroot} mkdir -p %{buildroot}%{_sysconfdir} %{buildroot}%{_sbindir} \ %{buildroot}%{_var}/lib/rkhunter/{db/i18n,scripts,tmp} \ %{buildroot}%{_mandir}/man8 install files/rkhunter %{buildroot}%{_sbindir}/ install -m 644 files/%{name}.conf %{buildroot}%{_sysconfdir} install -m 644 files/*.dat %{buildroot}%{_var}/lib/rkhunter/db install -m 644 files/i18n/* %{buildroot}%{_var}/lib/rkhunter/db/i18n install -m 754 files/*.{pl,sh} %{buildroot}%{_var}/lib/rkhunter/scripts install -m 644 files/rkhunter.8 %{buildroot}%{_mandir}/man8 %{__mkdir_p} %{buildroot}%{_sysconfdir}/cron.daily %{__install} -m 0755 %{_sourcedir}/rkhunter.cron \ %{buildroot}%{_sysconfdir}/cron.daily/rkhunter %{__mkdir_p} %{buildroot}%{_sysconfdir}/logrotate.d %{__install} -m 0644 %{_sourcedir}/rkhunter.logrotate \ %{buildroot}%{_sysconfdir}/logrotate.d/rkhunter %{__mkdir_p} %{buildroot}%{_defaultdocdir}/%{name} %{__install} -m 0644 %{_sourcedir}/README.urpmi \ %{buildroot}%{_defaultdocdir}/%{name}/README.urpmi %post if [ $1 = 1 ]; then # create rkhunter.dat %{_sbindir}/rkhunter --propupd # gather user / group info %{_sbindir}/rkhunter --enable group_changes,passwd_changes # Suppress warning on fresh install because of missing copies of passwd # and groups file above /bin/true fi #unfortunately, multiple ALLOW* and SCRIPT* keys forbids use of ccp #until it supports the feature... ##fix previous broken < 1.2.8 installs. #ccp --delete --ifexists --set NoOrphans \ # --ignoreopt TMPDIR --ignoreopt DBDIR \ # --oldfile %{_sysconfdir}/rkhunter.conf \ # --newfile %{_sysconfdir}/rkhunter.conf.rpmnew %files %doc files/CHANGELOG files/README %config(noreplace) %{_sysconfdir}/rkhunter.conf %{_sysconfdir}/cron.daily/rkhunter %{_sysconfdir}/logrotate.d/rkhunter %{_sbindir}/* %{_var}/lib/rkhunter %{_mandir}/man8/* %changelog * Thu Mar 01 2012 remmy <remmy> 1.3.8-1.3.mga1 + Revision: 216548 - Only run rkhunter --propupd on initial install, not upgrades - Include README.urpmi file - Add /etc/.java to list with allowed hidden directories - Make rkhunter available in mga 1 - Add rkhunter to Mageia 1 * Tue Sep 13 2011 stormi <stormi> 1.3.8-2.mga2 + Revision: 142965 - remove buildroot definition, %%clean and %%defattr + remmy <remmy> - Clean .spec file - Patch default config to not trigger on false positives - %%post no longer results in a error message when no copy of the passwd or groups file exists yet * Tue Jun 14 2011 kharec <kharec> 1.3.8-1.mga2 + Revision: 105956 - imported package rkhunter