gentoo resync : 14.07.2018

author: V3n3RiX <venerix@redcorelinux.org> 2018-07-14 21:03:06 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2018-07-14 21:03:06 +0100
commit: 8376ef56580626e9c0f796d5b85b53a0a1c7d5f5 (patch)
tree: 7681bbd4e8b05407772df40a4bf04cbbc8afc3fa /app-forensics/rkhunter/files
parent: 30a9caf154332f12ca60756e1b75d2f0e3e1822d (diff)
5 files changed, 438 insertions, 0 deletions
diff --git a/app-forensics/rkhunter/files/rkhunter-1.3.cron b/app-forensics/rkhunter/files/rkhunter-1.3.cron
new file mode 100644
index 000000000000..468667cf9d94
--- /dev/null
+++ b/app-forensics/rkhunter/files/rkhunter-1.3.cron
@@ -0,0 +1,133 @@
+#!/bin/bash
+# original author: Aaron Walker <ka0ttic@gentoo.org>
+
+########################## Begin Configuration ###############################
+
+# Default options - more options may be added depending on the
+# configuration variables you set below
+# --cronjob implies -c, --nocolor, --sk
+RKHUNTER_OPTS="--cronjob --summary"
+
+# Set this to 'yes' to enable ; this script does nothing otherwise
+ENABLE=no
+
+# Automatically update rkhunter's dat files prior to running?
+UPDATE=no
+
+# Set this to 'yes' if you wish the output to be mailed to you
+SEND_EMAIL=no
+
+# NOTE: the following EMAIL_* variables are only relevant if you set the
+# SEND_EMAIL variable to 'yes'
+EMAIL_SUBJECT="${HOSTNAME}: rkhunter output"
+EMAIL_RECIPIENT=root
+EMAIL_CMD="|mail -s \"${EMAIL_SUBJECT}\" ${EMAIL_RECIPIENT}"
+
+# Log rkhunter output?
+LOG=no
+
+# The default log location is /var/log/rkhunter.log. Set this variable if
+# you'd like to use an alternate location.
+#LOGFILE=""
+
+# By default, the log file created by rkhunter is world-readable (0644). If
+# you'd like to modify the permissions afterwards, set this variable.  The 
+# value of this variable, must be a valid chmod argument such as '0600' or 
+# 'u+rw,go-rwx'.  See the chmod(1) manual page for more information.
+#LOGFILE_PERMS="0600"
+
+# By default, rkhunter overwrites the previous log.  Set this variable
+# to 'yes' if you'd like the log output appended to the logfile, instead
+# of overwriting it.
+SAVE_OLD_LOGS=no
+
+# Set to 1 to recieve only warnings & errors
+# Set to 2 to recieve ALL rkhunter output
+# Set to 3 to recieve rkhunter report
+VERBOSITY=3
+
+########################### End Configuration ################################
+
+# exit immediately, unless enabled
+[[ "${ENABLE}" == "yes" ]] || exit 0
+
+# debug mode?  (mainly for my benefit)
+if [[ -n "${1}" ]] && [[ ${1} = "-d" ]] ; then
+        set -o verbose -o xtrace
+fi
+
+[[ -z "${LOGFILE}" ]] && LOGFILE="/var/log/rkhunter.log"
+
+# moved this out of config section since it'll
+# probably never need to be changed
+RKHUNTER_EXEC="/usr/sbin/rkhunter"
+
+# sanity check
+if [[ ! -x "${RKHUNTER_EXEC}" ]] ; then
+        echo "${RKHUNTER_EXEC} does not exist or is not executable!"
+        exit 1
+fi
+
+# we create a few tmp files, so let's at least make
+# them readable/writable by root only
+umask 0077
+
+# all output goes to this temp file
+_tmpout=$(mktemp /tmp/rkhunter.cron.XXXXXX)
+exec > ${_tmpout} 2>&1
+
+# update data files
+if [[ "${UPDATE}" == "yes" ]] ; then
+        # save the output of --update in a tmp file so that it can be mailed
+        # along with the scan output; otherwise the user will get 2 mails
+        ${RKHUNTER_EXEC} --nocolor --update
+fi
+
+# formulate options string according to user configuration
+[[ "${LOG}" == "yes" ]] && \
+    RKHUNTER_OPTS="${RKHUNTER_OPTS} --createlogfile ${LOGFILE}"
+
+case "${VERBOSITY}" in
+        # warnings and errors only
+        1)      RKHUNTER_OPTS="${RKHUNTER_OPTS} --quiet" ;;
+        # default rkhunter output (no extra options)
+#       2)      ;;
+        # default to option 3
+        *)      ;;
+esac
+
+# save old log
+if [[ "${LOG}" == "yes" && "${SAVE_OLD_LOGS}" == "yes" ]] ; then
+        if [[ -e "${LOGFILE}" ]] ; then
+                _tmpfile=$(mktemp ${LOGFILE}.XXXXXX)
+                mv -f ${LOGFILE} ${_tmpfile}
+                echo -e "--\nrkhunter.cron commencing at: $(date)\n--" >> ${_tmpfile}
+        fi
+fi
+
+# finally, run rkhunter
+CMD="${RKHUNTER_EXEC} ${RKHUNTER_OPTS}"
+eval ${CMD}
+RV=$?
+
+# email output?
+if [[ "${SEND_EMAIL}" == "yes" ]] ; then
+        CMD="cat ${_tmpout} ${EMAIL_CMD}"
+        eval ${CMD}
+fi
+
+# remove temp file
+[[ -n "${_tmpout}" ]] && rm -f ${_tmpout}
+
+[[ "${LOG}" != "yes" ]] && exit ${RV}
+
+# from this point on, we can assume logging is enabled
+
+# append new log to old log and restore
+if [[ -n "${_tmpfile}" ]] ; then
+        cat ${LOGFILE} >> ${_tmpfile}
+        mv ${_tmpfile} ${LOGFILE}
+fi
+
+chmod ${LOGFILE_PERMS:-0644} ${LOGFILE}
+exit ${RV}
diff --git a/app-forensics/rkhunter/files/rkhunter-1.4.6-conf.patch b/app-forensics/rkhunter/files/rkhunter-1.4.6-conf.patch
new file mode 100644
index 000000000000..5642436ed412
--- /dev/null
+++ b/app-forensics/rkhunter/files/rkhunter-1.4.6-conf.patch
@@ -0,0 +1,38 @@
+
+--- a/rkhunter.conf
++++ b/rkhunter.conf
+@@ -72,6 +72,7 @@
+ # to use.
+ #
+ 
++INSTALLDIR=/usr
+ 
+ #
+ # If this option is set to '1', it specifies that the mirrors file
+@@ -154,7 +155,7 @@
+ # subsequently commented out or removed, then the program will assume a
+ # default directory beneath the installation directory.
+ #
+-#TMPDIR=/var/lib/rkhunter/tmp
++TMPDIR=/var/lib/rkhunter
+ 
+ #
+ # This option specifies the database directory to use.
+@@ -163,7 +164,7 @@
+ # subsequently commented out or removed, then the program will assume a
+ # default directory beneath the installation directory.
+ #
+-#DBDIR=/var/lib/rkhunter/db
++DBDIR=/var/lib/rkhunter/db
+ 
+ #
+ # This option specifies the script directory to use.
+@@ -171,7 +172,7 @@
+ # The installer program will set the default directory. If this default is
+ # subsequently commented out or removed, then the program will not run.
+ #
+-#SCRIPTDIR=/usr/local/lib/rkhunter/scripts
++SCRIPTDIR=/usr/lib/rkhunter/scripts
+ 
+ #
+ # This option can be used to modify the command directory list used by rkhunter
diff --git a/app-forensics/rkhunter/files/rkhunter-1.4.6-no-insecure-web.patch b/app-forensics/rkhunter/files/rkhunter-1.4.6-no-insecure-web.patch
new file mode 100644
index 000000000000..ed3b68c669bc
--- /dev/null
+++ b/app-forensics/rkhunter/files/rkhunter-1.4.6-no-insecure-web.patch
@@ -0,0 +1,46 @@
+Disable insecure web operations (CVE-2017-7480).
+
+Bug: https://bugs.gentoo.org/623150
+
+--- a/rkhunter
++++ b/rkhunter
+@@ -19462,7 +19462,7 @@
+ 	#
+ 
+ 	echo $ECHOOPT ""
+-	echo $ECHOOPT "Usage: rkhunter {--check | --unlock | --update | --versioncheck |"
++	echo $ECHOOPT "Usage: rkhunter {--check | --unlock |"
+ 	echo $ECHOOPT "                 --propupd [{filename | directory | package name},...] |"
+ 	echo $ECHOOPT "                 --list [{tests | {lang | languages} | rootkits | perl | propfiles}] |"
+ 	echo $ECHOOPT "                 --config-check | --version | --help} [options]"
+@@ -19518,10 +19518,8 @@
+ 	echo $ECHOOPT "                                       (Default level is $SYSLOG_DFLT_PRIO)"
+ 	echo $ECHOOPT "         --tmpdir <directory>          Use the specified temporary directory"
+ 	echo $ECHOOPT "         --unlock                      Unlock (remove) the lock file"
+-	echo $ECHOOPT "         --update                      Check for updates to database files"
+ 	echo $ECHOOPT "   --vl, --verbose-logging             Use verbose logging (on by default)"
+ 	echo $ECHOOPT "     -V, --version                     Display the version number, then exit"
+-	echo $ECHOOPT "         --versioncheck                Check for latest version of program"
+ 	echo $ECHOOPT "     -x, --autox                       Automatically detect if X is in use"
+ 	echo $ECHOOPT "     -X, --no-autox                    Do not automatically detect if X is in use"
+ 	echo $ECHOOPT ""
+@@ -20396,9 +20394,6 @@
+ 	--unlock)
+ 		UNLOCK=1
+ 		;;
+-	--update)
+-		UPDATE=1
+-		;;
+ 	--vl | --verboselogging | --verbose-logging)
+ 		VERBOSE_LOGGING=1
+ 		;;
+@@ -20407,9 +20402,6 @@
+ 		echo "${PROGRAM_blurb}"
+ 		exit 0
+ 		;;
+-	--versioncheck | --version-check)
+-		VERSIONCHECK=1
+-		;;
+ 	-x | --autox)
+ 		AUTO_X_OPT=1
+ 		AUTO_X_DTCT=1
diff --git a/app-forensics/rkhunter/files/rkhunter-1.4.cron b/app-forensics/rkhunter/files/rkhunter-1.4.cron
new file mode 100644
index 000000000000..6c73305d3e8c
--- /dev/null
+++ b/app-forensics/rkhunter/files/rkhunter-1.4.cron
@@ -0,0 +1,134 @@
+#!/bin/bash
+# original author: Aaron Walker <ka0ttic@gentoo.org>
+
+########################## Begin Configuration ###############################
+
+# Default options - more options may be added depending on the
+# configuration variables you set below
+# --cronjob implies -c, --nocolor, --sk
+RKHUNTER_OPTS="--cronjob --summary"
+
+# Set this to 'yes' to enable ; this script does nothing otherwise
+ENABLE=no
+
+# Automatically update rkhunter's dat files prior to running?
+UPDATE=no
+
+# Set this to 'yes' if you wish the output to be mailed to you
+SEND_EMAIL=no
+
+# NOTE: the following EMAIL_* variables are only relevant if you set the
+# SEND_EMAIL variable to 'yes'
+EMAIL_SUBJECT="${HOSTNAME}: rkhunter output"
+EMAIL_RECIPIENT=root
+EMAIL_CMD="|mail -s \"${EMAIL_SUBJECT}\" ${EMAIL_RECIPIENT}"
+
+# Log rkhunter output?
+LOG=no
+
+# The default log location is /var/log/rkhunter.log. Set this variable if
+# you'd like to use an alternate location.
+#LOGFILE=""
+
+# By default, the log file created by rkhunter is world-readable (0644). If
+# you'd like to modify the permissions afterwards, set this variable.  The 
+# value of this variable, must be a valid chmod argument such as '0600' or 
+# 'u+rw,go-rwx'.  See the chmod(1) manual page for more information.
+#LOGFILE_PERMS="0600"
+
+# By default, rkhunter overwrites the previous log.  Set this variable
+# to 'yes' if you'd like the log output appended to the logfile, instead
+# of overwriting it.
+SAVE_OLD_LOGS=no
+
+# Set to 1 to recieve only warnings & errors
+# Set to 2 to recieve ALL rkhunter output
+# Set to 3 to recieve rkhunter report
+VERBOSITY=3
+
+########################### End Configuration ################################
+
+# exit immediately, unless enabled
+[[ "${ENABLE}" == "yes" ]] || exit 0
+
+# debug mode?  (mainly for my benefit)
+if [[ -n "${1}" ]] && [[ ${1} = "-d" ]] ; then
+        set -o verbose -o xtrace
+fi
+
+[[ -z "${LOGFILE}" ]] && LOGFILE="/var/log/rkhunter.log"
+
+# moved this out of config section since it'll
+# probably never need to be changed
+RKHUNTER_EXEC="/usr/sbin/rkhunter"
+
+# sanity check
+if [[ ! -x "${RKHUNTER_EXEC}" ]] ; then
+        echo "${RKHUNTER_EXEC} does not exist or is not executable!"
+        exit 1
+fi
+
+# we create a few tmp files, so let's at least make
+# them readable/writable by root only
+umask 0077
+
+# all output goes to this temp file
+_tmpout=$(mktemp /tmp/rkhunter.cron.XXXXXX)
+exec > ${_tmpout} 2>&1
+
+# update data files
+if [[ "${UPDATE}" == "yes" ]] ; then
+        # save the output of --update in a tmp file so that it can be mailed
+        # along with the scan output; otherwise the user will get 2 mails
+        #${RKHUNTER_EXEC} --nocolor --update
+        echo "In Gentoo, update option is disabled due to CVE-2017-7480."
+fi
+
+# formulate options string according to user configuration
+[[ "${LOG}" == "yes" ]] && \
+    RKHUNTER_OPTS="${RKHUNTER_OPTS} --createlogfile ${LOGFILE}"
+
+case "${VERBOSITY}" in
+        # warnings and errors only
+        1)      RKHUNTER_OPTS="${RKHUNTER_OPTS} --quiet" ;;
+        # default rkhunter output (no extra options)
+#       2)      ;;
+        # default to option 3
+        *)      ;;
+esac
+
+# save old log
+if [[ "${LOG}" == "yes" && "${SAVE_OLD_LOGS}" == "yes" ]] ; then
+        if [[ -e "${LOGFILE}" ]] ; then
+                _tmpfile=$(mktemp ${LOGFILE}.XXXXXX)
+                mv -f ${LOGFILE} ${_tmpfile}
+                echo -e "--\nrkhunter.cron commencing at: $(date)\n--" >> ${_tmpfile}
+        fi
+fi
+
+# finally, run rkhunter
+CMD="${RKHUNTER_EXEC} ${RKHUNTER_OPTS}"
+eval ${CMD}
+RV=$?
+
+# email output?
+if [[ "${SEND_EMAIL}" == "yes" ]] ; then
+        CMD="cat ${_tmpout} ${EMAIL_CMD}"
+        eval ${CMD}
+fi
+
+# remove temp file
+[[ -n "${_tmpout}" ]] && rm -f ${_tmpout}
+
+[[ "${LOG}" != "yes" ]] && exit ${RV}
+
+# from this point on, we can assume logging is enabled
+
+# append new log to old log and restore
+if [[ -n "${_tmpfile}" ]] ; then
+        cat ${LOGFILE} >> ${_tmpfile}
+        mv ${_tmpfile} ${LOGFILE}
+fi
+
+chmod ${LOGFILE_PERMS:-0644} ${LOGFILE}
+exit ${RV}
diff --git a/app-forensics/rkhunter/files/rkhunter.bash-completion b/app-forensics/rkhunter/files/rkhunter.bash-completion
new file mode 100644
index 000000000000..a28f96f510d1
--- /dev/null
+++ b/app-forensics/rkhunter/files/rkhunter.bash-completion
@@ -0,0 +1,87 @@
+# rkhunter completion
+
+_rkhunter() {
+	local cur prev opts
+	COMPREPLY=()
+	cur=${COMP_WORDS[COMP_CWORD]}
+	prev=${COMP_WORDS[COMP_CWORD-1]}
+	opts="-c --checkall --createlogfile --cronjob --display-logfile -h --help\
+		 --nocolors --report-mode --report-warnings-only \
+		 --skip-application-check --skip-keypress --quick --quiet --update \
+		 --version --versioncheck --bindir --configfile --dbdir --rootdir \
+		 --tmpdir --disable-md5-check --disable-passwd-check \
+		 --scan-knownbad-files" 
+
+	if [[ "${cur}" == -* ]] || [[ ${COMP_CWORD} -eq 1 ]]; then
+		COMPREPLY=($(compgen -W "${opts}" -- "${cur}"))
+	fi
+
+	case "${prev}" in
+		--createlogfile)
+			COMPREPLY=($(compgen -o filenames -A file -W "${opts/--createlogfile}" \
+			    -- "${cur}"))
+			;;
+		--display-logfile)
+			COMPREPLY=($(compgen -W "${opts/--display-logfile}" -- "${cur}"))
+			;;
+		--*dir)	
+			COMPREPLY=($(compgen -o dirnames -A directory -- "${cur}"))
+			;;
+		--*file)
+			COMPREPLY=($(compgen -o filenames -A file -- "${cur}"))
+			;;
+		-c|--checkall)
+			COMPREPLY=($(compgen -W "${opts/-c --checkall}" -- "${cur}"))
+			;;
+		--cronjob)
+			COMPREPLY=($(compgen -W "${opts/--cronjob}" -- "${cur}"))
+			;;
+		-h|--help)
+			COMPREPLY=($(compgen -W "${opts/-h --help}" -- "${cur}"))
+			;;
+		--nocolors)
+			COMPREPLY=($(compgen -W "${opts/--nocolors}" -- "${cur}"))
+			;;
+		--report-mode)
+			COMPREPLY=($(compgen -W "${opts/--report-mode}" -- "${cur}"))
+			;;
+		--report-warnings-only)
+			COMPREPLY=($(compgen -W "${opts/--report-warnings-only}" -- \
+				"${cur}"))
+			;;
+		--skip-application-check)
+			COMPREPLY=($(compgen -W "${opts/--skip-application-check}" -- \
+				"${cur}"))
+			;;
+		--skip-keypress)
+			COMPREPLY=($(compgen -W "${opts/--skip-keypress}" -- "${cur}"))
+			;;
+		--quick)
+			COMPREPLY=($(compgen -W "${opts/--quick}" -- "${cur}"))
+			;;
+		--quiet)
+			COMPREPLY=($(compgen -W "${opts/--quiet}" -- "${cur}"))
+			;;
+		--update)
+			COMPREPLY=($(compgen -W "${opts/--update}" -- "${cur}"))
+			;;
+		--version)
+			COMPREPLY=($(compgen -W "${opts/--version}" -- "${cur}"))
+			;;
+		--versioncheck)
+			COMPREPLY=($(compgen -W "${opts/--versioncheck}" -- "${cur}"))
+			;;
+		--disable-md5-check)
+			COMPREPLY=($(compgen -W "${opts/--disable-md5-check}" -- "${cur}"))
+			;;
+		--disable-passwd-check)
+			COMPREPLY=($(compgen -W "${opts/--disable-passwd-check}" -- \
+				"${cur}"))
+			;;
+		--scan-knownbad-files)
+			COMPREPLY=($(compgen -W "${opts/--scan-knownbad-files}" -- \
+				"${cur}"))
+			;;
+	esac
+}
+complete -F _rkhunter rkhunter
author	V3n3RiX <venerix@redcorelinux.org>	2018-07-14 21:03:06 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2018-07-14 21:03:06 +0100
commit	8376ef56580626e9c0f796d5b85b53a0a1c7d5f5 (patch)
tree	7681bbd4e8b05407772df40a4bf04cbbc8afc3fa /app-forensics/rkhunter/files
parent	30a9caf154332f12ca60756e1b75d2f0e3e1822d (diff)