Hello community,
here is the log from the commit of package lynis for openSUSE:Factory
checked in at Fri Aug 19 12:48:36 CEST 2011.
--------
New Changes file:
--- /dev/null 2010-08-26 16:28:41.000000000 +0200
+++ /mounts/work_src_done/STABLE/lynis/lynis.changes 2011-04-07 17:59:04.000000000 +0200
@@ -0,0 +1,134 @@
+-------------------------------------------------------------------
+Thu Apr 7 15:57:31 UTC 2011 - thomas@novell.com
+
+- added patch for apache2 and oracle detection
+
+-------------------------------------------------------------------
+Fri Apr 1 22:00:13 UTC 2011 - saigkill@opensuse.org
+
+- removed rpmlintrc and fixed non-executable-script
+
+-------------------------------------------------------------------
+Sun Dec 26 19:55:21 UTC 2010 - saigkill@opensuse.org
+
+- prettyfied spec file
+- NOTE: Please submit submitrequests to home:saigkill. This Package links to this Repository.
+
+-------------------------------------------------------------------
+Fri Sep 3 05:41:52 UTC 2010 - thomas@novell.com
+
+- fixed %files section to include /etc/lynis
+
+-------------------------------------------------------------------
+Fri Sep 3 05:12:43 UTC 2010 - thomas@novell.com
+
+- fixed %files section to reflect new default.prf location
+
+-------------------------------------------------------------------
+Fri Sep 3 05:09:47 UTC 2010 - thomas@novell.com
+
+- added permdir /root/.gnupg to default.prf
+
+-------------------------------------------------------------------
+Fri Sep 3 05:04:03 UTC 2010 - thomas@novell.com
+
+- copy default.prf to /etc/lynis/ instead of /etc/, otherwise
+ lynis will not find it and hang
+
+-------------------------------------------------------------------
+Thu Sep 2 11:32:50 UTC 2010 - thomas@novell.com
+
+- added %{_datadir}/%{name}/prepare_for_suse.sh
+
+-------------------------------------------------------------------
+Thu Sep 2 10:56:55 UTC 2010 - thomas@novell.com
+
+- adjusted patch and spec file to make it build
+
+-------------------------------------------------------------------
+Wed Sep 1 12:30:43 UTC 2010 - thomas@novell.com
+
+- put code from Matthias Weckbecker sec_check into lynis
+- adjusted lynis for opensuse
+- details:
+ + tests_tmp_symlinks
+ + tests_network_allowed_ports
+ + tests_system_proc
+ + tests_file_permissions_ww
+ + tests_binary_rpath
+ + tests_users_wo_password
+ + tests_file_permissionsDB
+ + tests_system_dbus
+
+-------------------------------------------------------------------
+Wed Dec 16 05:19:37 UTC 2009 - saigkill@opensuse.org
+
+- updated to version 1.2.9
+- added default.prf
+
+-------------------------------------------------------------------
+Wed Dec 9 16:21:53 UTC 2009 - saigkill@opensuse.org
+
+- update to 1.2.8
+
+-------------------------------------------------------------------
+Mon Nov 2 18:16:38 UTC 2009 - saigkill@opensuse.org
+
+- update to 1.2.7
+- This release adds AIX Support and several new tests related to SSH, logging, databases and SMTP. Many minor issues are solved or improved.
+
+-----------------------------------------------------------------
+Mon Apr 6 09:04:05 CEST 2009 - saigkill@opensuse.org
+
+- update to 1.2.6
+- This release has several new tests and test improvements, like a sudoers
+ file permissions check, a core dumps configuration check for Linux, PHP
+ tests, and an /etc/issue banner test.
+
+-----------------------------------------------------------------
+Sat Mar 28 10:27:12 CET 2009 - saigkill@opensuse.org
+
+- update to 1.2.5
+- This release adds 40+ new tests for services like Dovecot,
+ BIND, PowerDNS, SSH, Exim, and nginx
+
+-----------------------------------------------------------------
+Tue Mar 17 2009 20:32 CET - mrdocs@opensuse.org
+
+- added 1.2.4 release
+- This release adds more than 30 new tests,
+including NTP, auditd, PAM, NFS and ClamAV.
+
+------------------------------------------------------------------
+Mon Mar 02 22:32 CET 2009 - mrdocs@opensuse.org
+
+- 1.2.3 release see CHANGELOG for changes
+
+-------------------------------------------------------------------
+Thu Feb 26 14:16:35 CET 2009 - pgajdos@suse.cz
+
+- removed patches:
+ - passwd-args.patch
+ - suppress-dpkg-error.patch
+- source repacked gz -> bz2
+
+-------------------------------------------------------------------
+Sun Feb 17 2009 - mrdocs@opensuse.org
+
+- 1.2.2 release - see CHANGELOG for changes
+
+------------------------------------------------------------------
+Mon Feb 16 03:15:44 CET 2009 - saigkill@opensuse.org
+
+- updated to Version 1.2.2
+
+------------------------------------------------------------------
+Wed Jan 07 12:00:00 CET 2009 - saigkill@opensuse.org
+
+- fixed Rpmlint Errors
+- branched for Contrib
+
+------------------------------------------------------------------
+Wed Nov 10 12:00:00 CET 2008 - saigkill@opensuse.org
+
+- initial version using the buildservice
calling whatdependson for head-i586
New:
----
default.prf
lynis-1.2.9.tar.gz
lynis-1.2.9_suse.diff
lynis-1.2.9_suse_detection.diff
lynis.changes
lynis.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ lynis.spec ++++++
#
# spec file for package lynis
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2009-2010 Sascha Manns
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define _includedir /usr/share/lynis/include
%define _pluginsdir /usr/share/lynis/plugins
%define _dbdir /usr/share/lynis/db
%define _bindir /usr/bin
Name: lynis
Version: 1.2.9
Release: 1
License: GPL v2 or later
Summary: Security and System auditing tool
Url: http://www.rootkit.nl/projects/lynis.html
Group: System/Monitoring
Source: %{name}-%{version}.tar.gz
Source1: default.prf
# PATCH-OPENSUSE-FIX -- thomas@novell.com - modifying for openSUSE
Patch0: %{name}-%{version}_suse.diff
Patch1: %{name}-%{version}_suse_detection.diff
BuildRequires: gcc-c++
BuildRequires: libxml2-devel
PreReq: %fillup_prereq
Requires: bash
Requires: cron
Requires: findutils
Requires: logrotate
Requires: netcfg
Requires: wget
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%description
Lynis is a security and system auditing tool. It scans a system on the
most interesting parts useful for audits, like:
- Security enhancements
- Logging and auditing options
- Banner identification
- Software availability
Lynis is released as a GPL licensed project and free for everyone to use.
See http://www.rootkit.nl for a full description and documentation.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%build
%install
# Install Profile (default.prf)
%__install -d %{buildroot}%{_sysconfdir}/%{name}
%__install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/default.prf
# install binary
%__install -d %{buildroot}%{_bindir}
%__install -d %{buildroot}%{_datadir}/%{name}
%__install %{name} %{buildroot}%{_bindir}
%__install prepare_for_suse.sh %{buildroot}%{_datadir}/%{name}
# install man-page
%__install -d %{buildroot}%{_mandir}/man8
%__install -pm 644 %{name}.8 %{buildroot}%{_mandir}/man8
# install functions/includes
%__install -d %{buildroot}%{_includedir}
%__install include/* %{buildroot}%{_includedir}
# install plugins
%__install -d %{buildroot}%{_pluginsdir}
%__install -pm 644 plugins/* %{buildroot}%{_pluginsdir}
# install database files
%__install -d %{buildroot}%{_dbdir}
%__install -pm 644 db/* %{buildroot}%{_dbdir}
# Hack for non-executable-script
%{__chmod} +x %{buildroot}%{_datadir}/%{name}/plugins/plugin_*
%clean
%__rm -rf %{buildroot}
%files
%defattr(-,root,root)
%{_bindir}/%{name}
%config %{_sysconfdir}/%{name}/default.prf
%{_dbdir}/*
%{_includedir}/*
%{_pluginsdir}/*
%dir %{_sysconfdir}/%{name}
%dir %{_datadir}/%{name}
%dir %{_datadir}/%{name}/db
%dir %{_datadir}/%{name}/include
%dir %{_datadir}/%{name}/plugins
%doc CHANGELOG FAQ LICENSE README
%doc %{_mandir}/man8/%{name}.8.*
%{_datadir}/%{name}/prepare_for_suse.sh
%changelog
++++++ default.prf ++++++
#################################################################################
#
# Lynis scan profile
#
# This is the default profile and is used as a baseline when testing systems and
# applications. Since there are generally no "best" options, Lynis will assume
# some default values.
#
# All empty lines or with the # prefix will be skipped
#
# This is the default profile and contains default values. You are encouraged to
# copy this file and use it's base for custom audit profiles.
#
#################################################################################
[configuration]
# Profile name, will be used as title/description
config:profile_name:Default Audit Template:
# Number of seconds to pause between every test (0 is no pause)
config:pause_between_tests:0:
#################################################################################
# Testing options
# ---------------
#################################################################################
# ** Scan type (how deep test has to be, light, normal or full) **
# config:test_scan_mode:light|normal|full:
config:test_scan_mode:full
# ** Skip one or more specific tests **
# (always ignores scan mode and will make sure the test is skipped)
# config:test_skip_always:AAAA-1234 BBBB-5678 CCCC-9012:
# ** Define the role(s) of a machine **
# Values: desktop|server (default: server)
#config:machine_role:server:
config:machine_role:desktop
#################################################################################
#
# Plugins
# ---------------
# Define which plugins are enabled
#
#################################################################################
plugin_enable=security_malware
plugin_enable=security_rootkit
#################################################################################
#
# Sysctl options
# ---------------
# sysctl:<sysctl key>:<expected value>:
# The 'expected value' is used to compare with the active value. If they
# differ, the program will mark it with a warning.
#
#################################################################################
[processes]
sysctl:kern.randompid:1:
[kernel]
sysctl:kern.sugid_coredump:0:
[network]
sysctl:net.inet.tcp.blackhole:2:
sysctl:net.inet.udp.blackhole:1:
[security]
sysctl:kern.securelevel:3:
#################################################################################
#
# Apache options
# columns: (1)apache : (2)option : (3)value
#
#################################################################################
apache:ServerTokens:Prod:
#################################################################################
#
# OpenLDAP options
# columns: (1)openldap : (2)file : (3)option : (4)expected value(s)
#
#################################################################################
openldap:slapd.conf:permissions:640-600:
openldap:slapd.conf:owner:ldap-root:
#################################################################################
#
# SSL certificates
#
#################################################################################
# Locations where to search for SSL certificates
ssl:certificates:/etc/ssl /var/www:
#################################################################################
#
# File/directories permissions (currently not used yet)
#
#################################################################################
# Scan for exact file name match
#[scanfiles]
#scanfile:/etc/rc.conf:FreeBSD configuration:
# Scan for exact directory name match
[scandirs]
scandir:/etc:/etc directory:
#################################################################################
#
# permfile
# ---------------
# permfile:file name:file permissions:owner:group:action:
# Action = NOTICE or WARN
# Examples:
# permfile:/etc/test1.dat:600:root:wheel:NOTICE:
# permfile:/etc/test1.dat:640:root:-:WARN:
#
#################################################################################
#permfile:/etc/inetd.conf:rw-------:root:-:WARN:
#permfile:/etc/fstab:rw-r--r--:root:-:WARN:
#permfile:/etc/lilo.conf:rw-------:root:-:WARN:
#################################################################################
#
# permdir
# ---------------
# permdir:directory name:file permissions:owner:group:action when permissions are different:
#
#################################################################################
permdir:/root/.ssh:rwx------:root:-:WARN:
permdir:/root/.gnupg:rwx------:root:-:WARN:
# Scan for a program/binary in BINPATHs
scanbinary:Rootkit Hunter:rkhunter:
#################################################################################
#
# Audit customizing
# -----------------
#
# Most options can contain 'yes' or 'no'.
#
#################################################################################
# Skip the FreeBSD portaudit test
#config:freebsd_skip_portaudit:yes:
# Skip security repository check for Debian based systems
#config:debian_skip_security_repository:yes:
# Allow promiscuous interfaces
# <option>:<promiscuous interface name>:<description>:
#if_promisc:pflog0:pf log daemon interface:
# Skip Lynis upgrade availability test (default: no)
#config:skip_upgrade_test:yes:
# Do not log tests with another guest operating system (default: yes)
#config:log_tests_incorrect_os:no:
# Amount of connections in WAIT state before reporting it as a warning
#config:connections_max_wait_state:50:
# Define if available NTP daemon is configured as a server or client on the network
# values: server or client (default: client)
#config:ntpd_role:client:
++++++ lynis-1.2.9_suse.diff ++++++
++++ 1130 lines (skipped)
++++++ lynis-1.2.9_suse_detection.diff ++++++
diff -EruN lynis-1.2.9/include/binaries lynis-1.2.9_suse/include/binaries
--- lynis-1.2.9/include/binaries 2009-12-05 19:59:26.000000000 +0100
+++ lynis-1.2.9_suse/include/binaries 2011-04-07 17:54:48.791462972 +0200
@@ -76,7 +76,7 @@
J=${I}"/aa-status"; if [ -f ${J} ]; then APPARMORFOUND=1; AASTATUSBINARY=${J}; logtext "Found ${J}"; fi
J=${I}"/afick.pl"; if [ -f ${J} ]; then AFICKFOUND=0; AFICKBINARY=${J}; logtext "Found ${J}"; fi
J=${I}"/aide"; if [ -f ${J} ]; then AIDEFOUND=1; AIDEBINARY=${J}; logtext "Found ${J}"; fi
- J=${I}"/apache2"; if [ -f ${J} ]; then HTTPDFOUND=1; HTTPDBINARY=${J}; logtext "Found ${J}"; fi
+ J=${I}"/httpd2-prefork"; if [ -f ${J} ]; then HTTPDFOUND=1; HTTPDBINARY=${J}; logtext "Found ${J}"; fi
J=${I}"/auditd"; if [ -f ${J} ]; then AUDITDFOUND=1; AUDITDBINARY=${J}; logtext "Found ${J}"; fi
J=${I}"/awk"; if [ -f ${J} ]; then AWKFOUND=0; AWKBINARY=${J}; logtext "Found ${J}"; fi
J=${I}"/chkconfig"; if [ -f ${J} ]; then CHKCONFIGFOUND=1; CHKCONFIGBINARY=${J}; logtext "Found ${J}"; fi
diff -EruN lynis-1.2.9/include/tests_databases lynis-1.2.9_suse/include/tests_databases
--- lynis-1.2.9/include/tests_databases 2009-09-26 14:23:57.000000000 +0200
+++ lynis-1.2.9_suse/include/tests_databases 2011-04-07 17:48:07.763816919 +0200
@@ -117,7 +117,7 @@
# reco: recovery (optional)
Register --test-no DBS-1840 --weight L --network NO --description "Checking active Oracle processes"
if [ ${SKIPTEST} -eq 0 ]; then
- FIND=`${PSBINARY} ax | grep "ora_pmon|ora_smon|tnslsnr" | grep -v "grep"`
+ FIND=`${PSBINARY} ax | egrep "ora_pmon|ora_smon|tnslsnr" | grep -v "grep"`
if [ "${FIND}" = "" ]; then
Display --indent 2 --text "- Oracle processes status..." --result "NOT FOUND" --color WHITE
logtext "Result: Oracle process(es) not active"
Bin�rdateien lynis-1.2.9/include/.tests_webservers.swp and lynis-1.2.9_suse/include/.tests_webservers.swp sind verschieden.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org