commit lynis for openSUSE:Factory

Hello community, here is the log from the commit of package lynis for openSUSE:Factory checked in at Fri Aug 19 12:48:36 CEST 2011. -------- New Changes file: --- /dev/null 2010-08-26 16:28:41.000000000 +0200 +++ /mounts/work_src_done/STABLE/lynis/lynis.changes 2011-04-07 17:59:04.000000000 +0200 @@ -0,0 +1,134 @@ +------------------------------------------------------------------- +Thu Apr 7 15:57:31 UTC 2011 - thomas@novell.com + +- added patch for apache2 and oracle detection + +------------------------------------------------------------------- +Fri Apr 1 22:00:13 UTC 2011 - saigkill@opensuse.org + +- removed rpmlintrc and fixed non-executable-script + +------------------------------------------------------------------- +Sun Dec 26 19:55:21 UTC 2010 - saigkill@opensuse.org + +- prettyfied spec file +- NOTE: Please submit submitrequests to home:saigkill. This Package links to this Repository. + +------------------------------------------------------------------- +Fri Sep 3 05:41:52 UTC 2010 - thomas@novell.com + +- fixed %files section to include /etc/lynis + +------------------------------------------------------------------- +Fri Sep 3 05:12:43 UTC 2010 - thomas@novell.com + +- fixed %files section to reflect new default.prf location + +------------------------------------------------------------------- +Fri Sep 3 05:09:47 UTC 2010 - thomas@novell.com + +- added permdir /root/.gnupg to default.prf + +------------------------------------------------------------------- +Fri Sep 3 05:04:03 UTC 2010 - thomas@novell.com + +- copy default.prf to /etc/lynis/ instead of /etc/, otherwise + lynis will not find it and hang + +------------------------------------------------------------------- +Thu Sep 2 11:32:50 UTC 2010 - thomas@novell.com + +- added %{_datadir}/%{name}/prepare_for_suse.sh + +------------------------------------------------------------------- +Thu Sep 2 10:56:55 UTC 2010 - thomas@novell.com + +- adjusted patch and spec file to make it build + +------------------------------------------------------------------- +Wed Sep 1 12:30:43 UTC 2010 - thomas@novell.com + +- put code from Matthias Weckbecker sec_check into lynis +- adjusted lynis for opensuse +- details: + + tests_tmp_symlinks + + tests_network_allowed_ports + + tests_system_proc + + tests_file_permissions_ww + + tests_binary_rpath + + tests_users_wo_password + + tests_file_permissionsDB + + tests_system_dbus + +------------------------------------------------------------------- +Wed Dec 16 05:19:37 UTC 2009 - saigkill@opensuse.org + +- updated to version 1.2.9 +- added default.prf + +------------------------------------------------------------------- +Wed Dec 9 16:21:53 UTC 2009 - saigkill@opensuse.org + +- update to 1.2.8 + +------------------------------------------------------------------- +Mon Nov 2 18:16:38 UTC 2009 - saigkill@opensuse.org + +- update to 1.2.7 +- This release adds AIX Support and several new tests related to SSH, logging, databases and SMTP. Many minor issues are solved or improved. + +----------------------------------------------------------------- +Mon Apr 6 09:04:05 CEST 2009 - saigkill@opensuse.org + +- update to 1.2.6 +- This release has several new tests and test improvements, like a sudoers + file permissions check, a core dumps configuration check for Linux, PHP + tests, and an /etc/issue banner test. + +----------------------------------------------------------------- +Sat Mar 28 10:27:12 CET 2009 - saigkill@opensuse.org + +- update to 1.2.5 +- This release adds 40+ new tests for services like Dovecot, + BIND, PowerDNS, SSH, Exim, and nginx + +----------------------------------------------------------------- +Tue Mar 17 2009 20:32 CET - mrdocs@opensuse.org + +- added 1.2.4 release +- This release adds more than 30 new tests, +including NTP, auditd, PAM, NFS and ClamAV. + +------------------------------------------------------------------ +Mon Mar 02 22:32 CET 2009 - mrdocs@opensuse.org + +- 1.2.3 release see CHANGELOG for changes + +------------------------------------------------------------------- +Thu Feb 26 14:16:35 CET 2009 - pgajdos@suse.cz + +- removed patches: + - passwd-args.patch + - suppress-dpkg-error.patch +- source repacked gz -> bz2 + +------------------------------------------------------------------- +Sun Feb 17 2009 - mrdocs@opensuse.org + +- 1.2.2 release - see CHANGELOG for changes + +------------------------------------------------------------------ +Mon Feb 16 03:15:44 CET 2009 - saigkill@opensuse.org + +- updated to Version 1.2.2 + +------------------------------------------------------------------ +Wed Jan 07 12:00:00 CET 2009 - saigkill@opensuse.org + +- fixed Rpmlint Errors +- branched for Contrib + +------------------------------------------------------------------ +Wed Nov 10 12:00:00 CET 2008 - saigkill@opensuse.org + +- initial version using the buildservice calling whatdependson for head-i586 New: ---- default.prf lynis-1.2.9.tar.gz lynis-1.2.9_suse.diff lynis-1.2.9_suse_detection.diff lynis.changes lynis.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lynis.spec ++++++ # # spec file for package lynis # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2009-2010 Sascha Manns # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define _includedir /usr/share/lynis/include %define _pluginsdir /usr/share/lynis/plugins %define _dbdir /usr/share/lynis/db %define _bindir /usr/bin Name: lynis Version: 1.2.9 Release: 1 License: GPL v2 or later Summary: Security and System auditing tool Url: http://www.rootkit.nl/projects/lynis.html Group: System/Monitoring Source: %{name}-%{version}.tar.gz Source1: default.prf # PATCH-OPENSUSE-FIX -- thomas@novell.com - modifying for openSUSE Patch0: %{name}-%{version}_suse.diff Patch1: %{name}-%{version}_suse_detection.diff BuildRequires: gcc-c++ BuildRequires: libxml2-devel PreReq: %fillup_prereq Requires: bash Requires: cron Requires: findutils Requires: logrotate Requires: netcfg Requires: wget BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %description Lynis is a security and system auditing tool. It scans a system on the most interesting parts useful for audits, like: - Security enhancements - Logging and auditing options - Banner identification - Software availability Lynis is released as a GPL licensed project and free for everyone to use. See http://www.rootkit.nl for a full description and documentation. %prep %setup -q %patch0 -p1 %patch1 -p1 %build %install # Install Profile (default.prf) %__install -d %{buildroot}%{_sysconfdir}/%{name} %__install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/default.prf # install binary %__install -d %{buildroot}%{_bindir} %__install -d %{buildroot}%{_datadir}/%{name} %__install %{name} %{buildroot}%{_bindir} %__install prepare_for_suse.sh %{buildroot}%{_datadir}/%{name} # install man-page %__install -d %{buildroot}%{_mandir}/man8 %__install -pm 644 %{name}.8 %{buildroot}%{_mandir}/man8 # install functions/includes %__install -d %{buildroot}%{_includedir} %__install include/* %{buildroot}%{_includedir} # install plugins %__install -d %{buildroot}%{_pluginsdir} %__install -pm 644 plugins/* %{buildroot}%{_pluginsdir} # install database files %__install -d %{buildroot}%{_dbdir} %__install -pm 644 db/* %{buildroot}%{_dbdir} # Hack for non-executable-script %{__chmod} +x %{buildroot}%{_datadir}/%{name}/plugins/plugin_* %clean %__rm -rf %{buildroot} %files %defattr(-,root,root) %{_bindir}/%{name} %config %{_sysconfdir}/%{name}/default.prf %{_dbdir}/* %{_includedir}/* %{_pluginsdir}/* %dir %{_sysconfdir}/%{name} %dir %{_datadir}/%{name} %dir %{_datadir}/%{name}/db %dir %{_datadir}/%{name}/include %dir %{_datadir}/%{name}/plugins %doc CHANGELOG FAQ LICENSE README %doc %{_mandir}/man8/%{name}.8.* %{_datadir}/%{name}/prepare_for_suse.sh %changelog ++++++ default.prf ++++++ ################################################################################# # # Lynis scan profile # # This is the default profile and is used as a baseline when testing systems and # applications. Since there are generally no "best" options, Lynis will assume # some default values. # # All empty lines or with the # prefix will be skipped # # This is the default profile and contains default values. You are encouraged to # copy this file and use it's base for custom audit profiles. # ################################################################################# [configuration] # Profile name, will be used as title/description config:profile_name:Default Audit Template: # Number of seconds to pause between every test (0 is no pause) config:pause_between_tests:0: ################################################################################# # Testing options # --------------- ################################################################################# # ** Scan type (how deep test has to be, light, normal or full) ** # config:test_scan_mode:light|normal|full: config:test_scan_mode:full # ** Skip one or more specific tests ** # (always ignores scan mode and will make sure the test is skipped) # config:test_skip_always:AAAA-1234 BBBB-5678 CCCC-9012: # ** Define the role(s) of a machine ** # Values: desktop|server (default: server) #config:machine_role:server: config:machine_role:desktop ################################################################################# # # Plugins # --------------- # Define which plugins are enabled # ################################################################################# plugin_enable=security_malware plugin_enable=security_rootkit ################################################################################# # # Sysctl options # --------------- # sysctl:<sysctl key>:<expected value>: # The 'expected value' is used to compare with the active value. If they # differ, the program will mark it with a warning. # ################################################################################# [processes] sysctl:kern.randompid:1: [kernel] sysctl:kern.sugid_coredump:0: [network] sysctl:net.inet.tcp.blackhole:2: sysctl:net.inet.udp.blackhole:1: [security] sysctl:kern.securelevel:3: ################################################################################# # # Apache options # columns: (1)apache : (2)option : (3)value # ################################################################################# apache:ServerTokens:Prod: ################################################################################# # # OpenLDAP options # columns: (1)openldap : (2)file : (3)option : (4)expected value(s) # ################################################################################# openldap:slapd.conf:permissions:640-600: openldap:slapd.conf:owner:ldap-root: ################################################################################# # # SSL certificates # ################################################################################# # Locations where to search for SSL certificates ssl:certificates:/etc/ssl /var/www: ################################################################################# # # File/directories permissions (currently not used yet) # ################################################################################# # Scan for exact file name match #[scanfiles] #scanfile:/etc/rc.conf:FreeBSD configuration: # Scan for exact directory name match [scandirs] scandir:/etc:/etc directory: ################################################################################# # # permfile # --------------- # permfile:file name:file permissions:owner:group:action: # Action = NOTICE or WARN # Examples: # permfile:/etc/test1.dat:600:root:wheel:NOTICE: # permfile:/etc/test1.dat:640:root:-:WARN: # ################################################################################# #permfile:/etc/inetd.conf:rw-------:root:-:WARN: #permfile:/etc/fstab:rw-r--r--:root:-:WARN: #permfile:/etc/lilo.conf:rw-------:root:-:WARN: ################################################################################# # # permdir # --------------- # permdir:directory name:file permissions:owner:group:action when permissions are different: # ################################################################################# permdir:/root/.ssh:rwx------:root:-:WARN: permdir:/root/.gnupg:rwx------:root:-:WARN: # Scan for a program/binary in BINPATHs scanbinary:Rootkit Hunter:rkhunter: ################################################################################# # # Audit customizing # ----------------- # # Most options can contain 'yes' or 'no'. # ################################################################################# # Skip the FreeBSD portaudit test #config:freebsd_skip_portaudit:yes: # Skip security repository check for Debian based systems #config:debian_skip_security_repository:yes: # Allow promiscuous interfaces # <option>:<promiscuous interface name>:<description>: #if_promisc:pflog0:pf log daemon interface: # Skip Lynis upgrade availability test (default: no) #config:skip_upgrade_test:yes: # Do not log tests with another guest operating system (default: yes) #config:log_tests_incorrect_os:no: # Amount of connections in WAIT state before reporting it as a warning #config:connections_max_wait_state:50: # Define if available NTP daemon is configured as a server or client on the network # values: server or client (default: client) #config:ntpd_role:client: ++++++ lynis-1.2.9_suse.diff ++++++ ++++ 1130 lines (skipped) ++++++ lynis-1.2.9_suse_detection.diff ++++++ diff -EruN lynis-1.2.9/include/binaries lynis-1.2.9_suse/include/binaries --- lynis-1.2.9/include/binaries 2009-12-05 19:59:26.000000000 +0100 +++ lynis-1.2.9_suse/include/binaries 2011-04-07 17:54:48.791462972 +0200 @@ -76,7 +76,7 @@ J=${I}"/aa-status"; if [ -f ${J} ]; then APPARMORFOUND=1; AASTATUSBINARY=${J}; logtext "Found ${J}"; fi J=${I}"/afick.pl"; if [ -f ${J} ]; then AFICKFOUND=0; AFICKBINARY=${J}; logtext "Found ${J}"; fi J=${I}"/aide"; if [ -f ${J} ]; then AIDEFOUND=1; AIDEBINARY=${J}; logtext "Found ${J}"; fi - J=${I}"/apache2"; if [ -f ${J} ]; then HTTPDFOUND=1; HTTPDBINARY=${J}; logtext "Found ${J}"; fi + J=${I}"/httpd2-prefork"; if [ -f ${J} ]; then HTTPDFOUND=1; HTTPDBINARY=${J}; logtext "Found ${J}"; fi J=${I}"/auditd"; if [ -f ${J} ]; then AUDITDFOUND=1; AUDITDBINARY=${J}; logtext "Found ${J}"; fi J=${I}"/awk"; if [ -f ${J} ]; then AWKFOUND=0; AWKBINARY=${J}; logtext "Found ${J}"; fi J=${I}"/chkconfig"; if [ -f ${J} ]; then CHKCONFIGFOUND=1; CHKCONFIGBINARY=${J}; logtext "Found ${J}"; fi diff -EruN lynis-1.2.9/include/tests_databases lynis-1.2.9_suse/include/tests_databases --- lynis-1.2.9/include/tests_databases 2009-09-26 14:23:57.000000000 +0200 +++ lynis-1.2.9_suse/include/tests_databases 2011-04-07 17:48:07.763816919 +0200 @@ -117,7 +117,7 @@ # reco: recovery (optional) Register --test-no DBS-1840 --weight L --network NO --description "Checking active Oracle processes" if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${PSBINARY} ax | grep "ora_pmon|ora_smon|tnslsnr" | grep -v "grep"` + FIND=`${PSBINARY} ax | egrep "ora_pmon|ora_smon|tnslsnr" | grep -v "grep"` if [ "${FIND}" = "" ]; then Display --indent 2 --text "- Oracle processes status..." --result "NOT FOUND" --color WHITE logtext "Result: Oracle process(es) not active" Bin�rdateien lynis-1.2.9/include/.tests_webservers.swp and lynis-1.2.9_suse/include/.tests_webservers.swp sind verschieden. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org