Hello community,
here is the log from the commit of package lynis for openSUSE:Factory checked in at 2013-01-14 09:43:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/lynis (Old)
and /work/SRC/openSUSE:Factory/.lynis.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lynis", Maintainer is ""
Changes:
--------
--- /work/SRC/openSUSE:Factory/lynis/lynis.changes 2012-02-29 14:08:29.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.lynis.new/lynis.changes 2013-01-14 09:43:11.000000000 +0100
@@ -1,0 +2,13 @@
+Thu Jan 10 16:53:32 UTC 2013 - thomas@suse.com
+
+- fixed test_homedirs
+
+-------------------------------------------------------------------
+Thu Jan 10 16:46:02 UTC 2013 - thomas@suse.com
+
+- some bugfixing for pathnames, didn't work with sudo
+- improved default.prf by adding more sysctl vars
+- fixed test_storage
+- generated fileperm.db and dbus-whitelist for 12.2
+
+-------------------------------------------------------------------
Old:
----
dbus-whitelist.db
lynis_1.3.0_db-fileperms.diff
New:
----
dbus-whitelist.db.openSUSE_12.2_x86_64
fileperms.db.openSUSE_12.2_x86_64
lynis_1.3.0_include-osdetection.diff
lynis_1.3.0_include-test-filesystem.diff
lynis_1.3.0_include-test-homedirs.diff
lynis_1.3.0_include-test-kernel.diff
lynis_1.3.0_include-test-storage.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ lynis.spec ++++++
--- /var/tmp/diff_new_pack.9cMQRX/_old 2013-01-14 09:43:12.000000000 +0100
+++ /var/tmp/diff_new_pack.9cMQRX/_new 2013-01-14 09:43:12.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package lynis
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2009-2011 Sascha Manns
#
# All modifications and additions to the file contributed by third parties
@@ -25,10 +25,10 @@
Name: lynis
Version: 1.3.0
Release: 1
-License: GPL-3.0
Summary: Security and System auditing tool
-Url: http://www.rootkit.nl/projects/lynis.html
+License: GPL-3.0
Group: System/Monitoring
+Url: http://www.rootkit.nl/projects/lynis.html
Source0: %{name}-%{version}.tar.bz2
Source1: default.prf
Source2: tests_binary_rpath
@@ -40,17 +40,21 @@
Source8: tests_tmp_symlinks
Source9: tests_users_wo_password
Source10: prepare_for_suse.sh
-Source11: dbus-whitelist.db
+Source11: dbus-whitelist.db.openSUSE_12.2_x86_64
+Source12: fileperms.db.openSUSE_12.2_x86_64
# PATCH-OPENSUSE-FIX -- thomas@novell.com - modifying for openSUSE
Patch0: %{name}_%{version}_lynis.diff
# PATCH-OPENSUSE-FIX -- thomas@novell.com - modifying for openSUSE
-Patch1: %{name}_%{version}_db-fileperms.diff
-# PATCH-OPENSUSE-FIX -- thomas@novell.com - modifying for openSUSE
Patch2: %{name}_%{version}_include_consts.diff
# PATCH-OPENSUSE-FIX -- thomas@novell.com - modifying for openSUSE
Patch3: %{name}_%{version}_include_binaries.diff
# PATCH-OPENSUSE-FIX -- thomas@novell.com - modifying for openSUSE
Patch4: %{name}_%{version}_include-test-databases.diff
+Patch5: %{name}_%{version}_include-osdetection.diff
+Patch6: %{name}_%{version}_include-test-filesystem.diff
+Patch7: %{name}_%{version}_include-test-kernel.diff
+Patch8: %{name}_%{version}_include-test-storage.diff
+Patch9: %{name}_%{version}_include-test-homedirs.diff
BuildRequires: gcc-c++
BuildRequires: libxml2-devel
PreReq: %fillup_prereq
@@ -78,10 +82,15 @@
%prep
%setup -q
%patch0
-%patch1
+#%patch1
%patch2
%patch3
%patch4
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
%build
@@ -115,7 +124,11 @@
# install database files
%__install -d %{buildroot}%{_dbdir}
%__install -pm 644 db/* %{buildroot}%{_dbdir}
-%__install -pm 644 %{SOURCE11} %{buildroot}%{_dbdir}
+%__install -pm 644 %{SOURCE11} %{buildroot}%{_dbdir}/dbus-whitelist.db
+%__install -pm 644 %{SOURCE12} %{buildroot}%{_dbdir}/fileperms.db
+#rm %{buildroot}%{_dbdir}/fileperms.db
+#ln -s $(basename %{SOURCE11}) %{_dbdir}/dbus-whitelist.db
+#ln -s $(basename %{SOURCE12}) %{_dbdir}/fileperms.db
%clean
%__rm -rf %{buildroot}
++++++ dbus-whitelist.db.openSUSE_12.2_x86_64 ++++++
avahi-dbus.conf
bluetooth.conf
com.redhat.NewPrinterNotification.conf
com.redhat.PrinterDriversInstaller.conf
ConsoleKit.conf
cups.conf
dnsmasq.conf
gdm.conf
hal.conf
nm-avahi-autoipd.conf
nm-dhcp-client.conf
nm-dispatcher.conf
nm-openconnect-service.conf
nm-openvpn-service.conf
nm-pptp-service.conf
nm-vpnc-service.conf
org.blueman.Mechanism.conf
org.freedesktop.Accounts.conf
org.freedesktop.colord-sane.conf
org.freedesktop.ColorManager.conf
org.freedesktop.hostname1.conf
org.freedesktop.locale1.conf
org.freedesktop.login1.conf
org.freedesktop.ModemManager.conf
org.freedesktop.NetworkManager.conf
org.freedesktop.PackageKit.conf
org.freedesktop.PolicyKit1.conf
org.freedesktop.PolicyKit.conf
org.freedesktop.RealtimeKit1.conf
org.freedesktop.systemd1.conf
org.freedesktop.timedate1.conf
org.freedesktop.UDisks2.conf
org.freedesktop.UDisks.conf
org.freedesktop.UPower.conf
org.gnome.GConf.Defaults.conf
org.gnome.SettingsDaemon.DateTimeMechanism.conf
org.kde.auth.conf
org.kde.fontinst.conf
org.kde.kcontrol.k3bsetup.conf
org.kde.kcontrol.kcmclock.conf
org.kde.kcontrol.kcmkdm.conf
org.kde.kcontrol.kcmremotewidgets.conf
org.kde.ksysguard.processlisthelper.conf
org.kde.polkitkde1.helper.conf
org.kde.powerdevil.backlighthelper.conf
org.opensuse.CupsPkHelper.Mechanism.conf
pulseaudio-system.conf
skype.conf
wpa_supplicant.conf
fi.epitest.hostap.WPASupplicant.service
fi.w1.wpa_supplicant1.service
org.blueman.Mechanism.service
org.freedesktop.Accounts.service
org.freedesktop.Avahi.service
org.freedesktop.colord-sane.service
org.freedesktop.ColorManager.service
org.freedesktop.ConsoleKit.service
org.freedesktop.Hal.service
org.freedesktop.hostname1.service
org.freedesktop.locale1.service
org.freedesktop.login1.service
org.freedesktop.ModemManager.service
org.freedesktop.nm_dispatcher.service
org.freedesktop.PackageKit.service
org.freedesktop.PolicyKit1.service
org.freedesktop.PolicyKit.service
org.freedesktop.RealtimeKit1.service
org.freedesktop.systemd1.service
org.freedesktop.timedate1.service
org.freedesktop.UDisks2.service
org.freedesktop.UDisks.service
org.freedesktop.UPower.service
org.gnome.GConf.Defaults.service
org.gnome.SettingsDaemon.DateTimeMechanism.service
org.kde.fontinst.service
org.kde.kcontrol.k3bsetup.service
org.kde.kcontrol.kcmclock.service
org.kde.kcontrol.kcmkdm.service
org.kde.kcontrol.kcmremotewidgets.service
org.kde.ksysguard.processlisthelper.service
org.kde.polkitkde1.helper.service
org.kde.powerdevil.backlighthelper.service
org.opensuse.CupsPkHelper.Mechanism.service
++++++ fileperms.db.openSUSE_12.2_x86_64 ++++++
file:/var/run/uscreens/:1777:root:root:Linux:
file:/etc/crontab:644:root:root:Linux:
file:/etc/exports:644:root:root:Linux:
file:/etc/fstab:644:root:root:Linux:
file:/etc/ftpaccess:644:root:root:Linux:
file:/etc/ftpusers:644:root:root:Linux:
file:/etc/rmtab:644:root:root:Linux:
file:/var/lib/nfs/rmtab:644:root:root:Linux:
file:/etc/syslog.conf:644:root:root:Linux:
file:/bin/su:4755:root:root:Linux:
file:/usr/bin/at:4755:root:trusted:Linux:
file:/usr/bin/crontab:4755:root:trusted:Linux:
file:/usr/bin/gpasswd:4755:root:shadow:Linux:
file:/usr/bin/newgrp:4755:root:root:Linux:
file:/usr/bin/passwd:4755:root:shadow:Linux:
file:/usr/bin/chfn:4755:root:shadow:Linux:
file:/usr/bin/chage:4755:root:shadow:Linux:
file:/usr/bin/chsh:4755:root:shadow:Linux:
file:/usr/bin/expiry:4755:root:shadow:Linux:
file:/usr/bin/sudo:4755:root:root:Linux:
file:/usr/sbin/su-wrapper:4755:root:root:Linux:
file:/usr/bin/opiepasswd:4755:root:root:Linux:
file:/usr/bin/ncpmount:4750:root:trusted:Linux:
file:/usr/bin/ncpumount:4750:root:trusted:Linux:
file:/sbin/mount.nfs:4755:root:root:Linux:
file:/bin/mount:4755:root:root:Linux:
file:/bin/umount:4755:root:root:Linux:
file:/bin/eject:4755:root:audio:Linux:
file:/usr/bin/fusermount:4755:root:trusted:Linux:
file:/usr/lib/majordomo/wrapper:4755:root:daemon:Linux:
file:/usr/lib/pt_chown:4755:root:root:Linux:
file:/usr/lib64/pt_chown:4755:root:root:Linux:
file:/sbin/unix_chkpwd:4755:root:shadow:Linux:
file:/sbin/unix2_chkpwd:4755:root:shadow:Linux:
file:/usr/sbin/popauth:4755:pop:trusted:Linux:
file:/usr/sbin/pam_auth:4755:root:shadow:Linux:
file:/usr/lib/gnome-pty-helper:2755:root:utmp:Linux:
file:/usr/bin/v4l-conf:4755:root:video:Linux:
file:/usr/lib/ia32el/suid_ia32x_loader:4755:root:root:Linux:
file:/usr/bin/ntping:4750:root:trusted:Linux:
file:/usr/bin/wall:2755:root:tty:Linux:
file:/usr/bin/write:2755:root:tty:Linux:
file:/usr/bin/makeweb:2755:root:www:Linux:
file:/usr/bin/yaps:2755:root:uucp:Linux:
file:/usr/bin/nwsfind:4750:root:trusted:Linux:
file:/usr/bin/ncplogin:4750:root:trusted:Linux:
file:/usr/bin/ncpmap:4750:root:trusted:Linux:
file:/usr/lib/lpdfilter/bin/runlpr:4755:root:root:Linux:
file:/sbin/pccardctl:4755:root:trusted:Linux:
file:/usr/sbin/mgnokiidev:4755:root:uucp:Linux:
file:/usr/lib/pcp/pmpost:4755:root:root:Linux:
file:/usr/lib/mailman/cgi-bin/admin:2755:root:mailman:Linux:
file:/usr/lib/mailman/cgi-bin/admindb:2755:root:mailman:Linux:
file:/usr/lib/mailman/cgi-bin/edithtml:2755:root:mailman:Linux:
file:/usr/lib/mailman/cgi-bin/listinfo:2755:root:mailman:Linux:
file:/usr/lib/mailman/cgi-bin/options:2755:root:mailman:Linux:
file:/usr/lib/mailman/cgi-bin/private:2755:root:mailman:Linux:
file:/usr/lib/mailman/cgi-bin/roster:2755:root:mailman:Linux:
file:/usr/lib/mailman/cgi-bin/subscribe:2755:root:mailman:Linux:
file:/usr/lib/mailman/cgi-bin/confirm:2755:root:mailman:Linux:
file:/usr/lib/mailman/cgi-bin/create:2755:root:mailman:Linux:
file:/usr/lib/mailman/cgi-bin/editarch:2755:root:mailman:Linux:
file:/usr/lib/mailman/cgi-bin/rmlist:2755:root:mailman:Linux:
file:/usr/lib/mailman/mail/mailman:2755:root:mailman:Linux:
file:/usr/lib/libgnomesu/gnomesu-pam-backend:4755:root:root:Linux:
file:/usr/sbin/change-passwd:4755:root:root:Linux:
file:/usr/bin/get_printing_ticket:4750:root:lp:Linux:
file:/bin/ping:4755:root:root:Linux:
file:/bin/ping6:4755:root:root:Linux:
file:/usr/sbin/mtr:4750:root:dialout:Linux:
file:/usr/bin/rcp:4755:root:root:Linux:
file:/usr/bin/rlogin:4755:root:root:Linux:
file:/usr/bin/rsh:4755:root:root:Linux:
file:/usr/bin/cl_status:2555:root:haclient:Linux:
file:/usr/sbin/exim:4755:root:root:Linux:
file:/usr/sbin/pppoe-wrapper:4750:root:dialout:Linux:
file:/sbin/isdnctrl:4750:root:dialout:Linux:
file:/usr/bin/vboxbeep:4755:root:trusted:Linux:
file:/usr/lib/mc/cons.saver:4755:root:root:Linux:
file:/usr/bin/jfbterm:6755:root:tty:Linux:
file:/opt/kde3/bin/artswrapper:4755:root:root:Linux:
file:/opt/kde3/bin/kcheckpass:4755:root:shadow:Linux:
file:/usr/lib/kde4/libexec/kcheckpass:4755:root:shadow:Linux:
file:/usr/lib64/kde4/libexec/kcheckpass:4755:root:shadow:Linux:
file:/opt/kde3/bin/kdesud:2755:root:nogroup:Linux:
file:/usr/lib/kde4/libexec/kdesud:2755:root:nogroup:Linux:
file:/usr/lib64/kde4/libexec/kdesud:2755:root:nogroup:Linux:
file:/opt/kde3/bin/kpac_dhcp_helper:4755:root:root:Linux:
file:/opt/kde3/bin/start_kdeinit:4755:root:root:Linux:
file:/usr/lib/kde4/libexec/start_kdeinit:4755:root:root:Linux:
file:/usr/lib64/kde4/libexec/start_kdeinit:4755:root:root:Linux:
file:/usr/bin/fileshareset:4755:root:root:Linux:
file:/usr/sbin/amcheck:4750:root:amanda:Linux:
file:/usr/lib/amanda/calcsize:4750:root:amanda:Linux:
file:/usr/lib/amanda/rundump:4750:root:amanda:Linux:
file:/usr/lib/amanda/planner:4750:root:amanda:Linux:
file:/usr/lib/amanda/runtar:4750:root:amanda:Linux:
file:/usr/lib/amanda/dumper:4750:root:amanda:Linux:
file:/usr/lib/amanda/killpgrp:4750:root:amanda:Linux:
file:/usr/lib/gnats/gen-index:4555:gnats:root:Linux:
file:/usr/lib/gnats/pr-edit:4555:gnats:root:Linux:
file:/usr/lib/gnats/queue-pr:4555:gnats:root:Linux:
file:/usr/lib/news/bin/rnews:4550:news:uucp:Linux:
file:/usr/lib/news/bin/inews:2555:news:news:Linux:
file:/usr/lib/news/bin/innbind:4554:root:news:Linux:
file:/usr/lib/mgetty+sendfax/faxq-helper:4755:fax:root:Linux:
file:/var/spool/fax/outgoing/:0755:fax:root:Linux:
file:/var/spool/fax/outgoing/locks:0755:fax:root:Linux:
file:/var/spool/uucppublic/:1777:root:root:Linux:
file:/usr/bin/uucp:6555:uucp:uucp:Linux:
file:/usr/bin/uuname:6555:uucp:uucp:Linux:
file:/usr/bin/uustat:6555:uucp:uucp:Linux:
file:/usr/bin/uux:6555:uucp:uucp:Linux:
file:/usr/lib/uucp/uucico:6555:uucp:uucp:Linux:
file:/usr/lib/uucp/uuxqt:6555:uucp:uucp:Linux:
file:/usr/lib/PolicyKit/polkit-set-default-helper:4755:polkituser:root:Linux:
file:/usr/lib/PolicyKit/polkit-read-auth-helper:2755:root:polkituser:Linux:
file:/usr/lib/PolicyKit/polkit-revoke-helper:2755:root:polkituser:Linux:
file:/usr/lib/PolicyKit/polkit-explicit-grant-helper:2755:root:polkituser:Linux:
file:/usr/lib/PolicyKit/polkit-grant-helper:2755:root:polkituser:Linux:
file:/usr/lib/PolicyKit/polkit-grant-helper-pam:4750:root:polkituser:Linux:
file:/usr/lib/polkit-1/polkit-agent-helper-1:4755:root:root:Linux:
file:/usr/bin/pkexec:4755:root:root:Linux:
file:/lib/dbus-1/dbus-daemon-launch-helper:4750:root:messagebus:Linux:
file:/lib64/dbus-1/dbus-daemon-launch-helper:4750:root:messagebus:Linux:
file:/usr/bin/newrole:4755:root:root:Linux:
file:/usr/lib/virtualbox/VirtualBox:4750:root:vboxusers:Linux:
file:/usr/lib/virtualbox/VirtualBox3:4750:root:vboxusers:Linux:
file:/usr/lib/virtualbox/VBoxBFE:4750:root:vboxusers:Linux:
file:/usr/lib/virtualbox/VBoxHeadless:4750:root:vboxusers:Linux:
file:/usr/lib/virtualbox/VBoxSDL:4750:root:vboxusers:Linux:
file:/usr/lib/virtualbox/VBoxNetAdpCtl:4750:root:vboxusers:Linux:
file:/usr/lib/virtualbox/VBoxNetDHCP:4750:root:vboxusers:Linux:
file:/usr/bin/vmware-user-suid-wrapper:4755:root:root:Linux:
file:/usr/sbin/lockdev:2755:root:lock:Linux:
file:/usr/sbin/hawk_chkpwd:4750:root:haclient:Linux:
file:/usr/sbin/hawk_invoke:4750:root:haclient:Linux:
file:/usr/lib/chrome_sandbox:4755:root:root:Linux:
file:/sbin/mount.ecryptfs_private:4755:root:root:Linux:
file:/usr/bin/su:4755:root:root:Linux:
file:/usr/sbin/mount.nfs:4755:root:root:Linux:
file:/usr/bin/mount.nfs:4755:root:root:Linux:
file:/usr/bin/mount:4755:root:root:Linux:
file:/usr/bin/umount:4755:root:root:Linux:
file:/usr/bin/eject:4755:root:audio:Linux:
file:/usr/sbin/unix_chkpwd:4755:root:shadow:Linux:
file:/usr/bin/unix_chkpwd:4755:root:shadow:Linux:
file:/usr/sbin/unix2_chkpwd:4755:root:shadow:Linux:
file:/usr/bin/unix2_chkpwd:4755:root:shadow:Linux:
file:/usr/sbin/isdnctrl:4750:root:dialout:Linux:
file:/usr/bin/isdnctrl:4750:root:dialout:Linux:
file:/usr/sbin/pccardctl:4755:root:trusted:Linux:
file:/usr/bin/pccardctl:4755:root:trusted:Linux:
file:/usr/bin/ping:4755:root:root:Linux:
file:/usr/bin/ping6:4755:root:root:Linux:
file:/var/log/messages:0644:root.root:Linux:
++++++ lynis_1.3.0_include-osdetection.diff ++++++
diff -ENbru lynis-1.3.0/include/osdetection lynis-1.3.0_suse/include/osdetection
--- lynis-1.3.0/include/osdetection 2011-12-25 15:56:38.000000000 +0100
+++ lynis-1.3.0_suse/include/osdetection 2013-01-10 13:22:29.836598135 +0100
@@ -157,7 +157,7 @@
if [ -e "/etc/yellowdog-release" ]; then OS_FULLNAME=`cat /etc/yellowdog-release`; fi
# If Linux version is unknown, use uname value
- if [ "${OS_FULLNAME}" = "" ]; then OS_FULLNAME=`uname -s -r`; fi
+ #if [ "${OS_FULLNAME}" = "" ]; then OS_FULLNAME=`uname -s -r`; fi
SYSCTL_READKEY="sysctl -n"
;;
++++++ lynis_1.3.0_include-test-databases.diff ++++++
--- /var/tmp/diff_new_pack.9cMQRX/_old 2013-01-14 09:43:13.000000000 +0100
+++ /var/tmp/diff_new_pack.9cMQRX/_new 2013-01-14 09:43:13.000000000 +0100
@@ -7,7 +7,7 @@
Register --test-no DBS-1840 --weight L --network NO --description "Checking active Oracle processes"
if [ ${SKIPTEST} -eq 0 ]; then
- FIND=`${PSBINARY} ax | grep "ora_pmon|ora_smon|tnslsnr" | grep -v "grep"`
-+ FIND=`${PSBINARY} ax | egrep "ora_pmon|ora_smon|tnslsnr" | grep -v "grep"`
++ FIND=`${PSBINARY} ax | grep -E "ora_pmon|ora_smon|tnslsnr" | grep -v "grep"`
if [ "${FIND}" = "" ]; then
Display --indent 2 --text "- Oracle processes status..." --result "NOT FOUND" --color WHITE
logtext "Result: Oracle process(es) not active"
++++++ lynis_1.3.0_include-test-filesystem.diff ++++++
--- lynis-1.3.0/include/tests_filesystems 2011-12-25 15:55:27.000000000 +0100
+++ lynis-1.3.0_suse/include/tests_filesystems 2013-01-10 11:56:13.279292980 +0100
@@ -314,7 +314,7 @@
if [ ! "${FIND1}" = "" ]; then
logtext "Result: found ${FIND1}"
logtext "Test: Checking default options on ${FIND1}"
- FIND2=`tune2fs -l ${FIND1} | grep "^Default mount options" | grep "acl"`
+ FIND2=`/sbin/tune2fs -l ${FIND1} | grep "^Default mount options" | grep "acl"`
if [ ! "${FIND2}" = "" ]; then
logtext "Result: found ACL option in default mount options"
FOUND=1
++++++ lynis_1.3.0_include-test-homedirs.diff ++++++
--- lynis-1.3.0/include/tests_homedirs 2011-12-25 15:55:58.000000000 +0100
+++ lynis-1.3.0_suse/include/tests_homedirs 2013-01-10 17:50:44.652450705 +0100
@@ -54,7 +54,7 @@
Register --test-no HOME-9310 --weight L --network NO --description "Checking for suspicious shell history files"
if [ ${SKIPTEST} -eq 0 ]; then
if [ ! "${HOMEDIRS}" = "" ]; then
- if [ ${OS} = "Solaris" ]; then
+ if [ "${OS}" = "Solaris" ]; then
# Solaris doesn't support -maxdepth
FIND=`find ${HOMEDIRS} -name ".*history" -not -type f -print`
else
++++++ lynis_1.3.0_include-test-kernel.diff ++++++
diff -ENbru lynis-1.3.0/include/tests_kernel lynis-1.3.0_suse/include/tests_kernel
--- lynis-1.3.0/include/tests_kernel 2011-12-25 15:56:11.000000000 +0100
+++ lynis-1.3.0_suse/include/tests_kernel 2013-01-10 11:54:16.288498525 +0100
@@ -280,7 +280,7 @@
# Sysctl option
logtext "Test: Checking sysctl value of fs.suid_dumpable"
- FIND=`sysctl fs.suid_dumpable | awk '{ if ($1=="fs.suid_dumplable") { print $3 } }'`
+ FIND=`/sbin/sysctl fs.suid_dumpable | awk '{ if ($1=="fs.suid_dumplable") { print $3 } }'`
logtext "Result: value ${FIND} found"
if [ "${FIND}" = "1" ]; then
logtext "Result: setuid programs can perform core dumps"
++++++ lynis_1.3.0_include-test-storage.diff ++++++
--- lynis-1.3.0/include/tests_storage 2011-12-25 14:54:21.000000000 +0100
+++ lynis-1.3.0_suse/include/tests_storage 2013-01-10 12:04:19.129284146 +0100
@@ -25,7 +25,7 @@
FOUND=0
logtext "Test: Checking USB storage driver in directory /etc/modprobe.d and configuration file /etc/modprobe.conf"
if [ -d /etc/modprobe.d ]; then
- FIND=`grep "install usb-storage /bin/true" /etc/modprobe.d | grep "usb-storage" | grep -v "#"`
+ FIND=`grep "install usb-storage /bin/true" /etc/modprobe.d/* | grep "usb-storage" | grep -v "#"`
if [ ! "${FIND}" = "" ]; then
FOUND=1
logtext "Result: found usb-storage driver in disabled state"
@@ -61,8 +61,8 @@
FOUND=0
logtext "Test: Checking firewire storage driver in directory /etc/modprobe.d and configuration file /etc/modprobe.conf"
if [ -d /etc/modprobe.d ]; then
- FIND1=`egrep "blacklist (ohci1394|firewire-ohci)" /etc/modprobe.d | grep "ohci" | grep -v "#"`
- FIND2=`egrep "install (ohci1394|firewire-ohci) /bin/true" /etc/modprobe.d | grep "ohci" | grep -v "#"`
+ FIND1=`egrep "blacklist (ohci1394|firewire-ohci)" /etc/modprobe.d/* | grep "ohci" | grep -v "#"`
+ FIND2=`egrep "install (ohci1394|firewire-ohci) /bin/true" /etc/modprobe.d/* | grep "ohci" | grep -v "#"`
if [ ! "${FIND1}" = "" -o ! "${FIND2}" = "" ]; then
FOUND=1
logtext "Result: found firewire ohci driver in disabled state"
++++++ prepare_for_suse.sh ++++++
--- /var/tmp/diff_new_pack.9cMQRX/_old 2013-01-14 09:43:13.000000000 +0100
+++ /var/tmp/diff_new_pack.9cMQRX/_new 2013-01-14 09:43:13.000000000 +0100
@@ -1,33 +1,48 @@
-#!/bin/bash
+#!/bin/bash
umask 0077
+OSVERS=$(grep VERSION /etc/SuSE-release | sed "s/VERSION = //")
+OS=$(head -n 1 /etc/SuSE-release | sed "s/[()]//g" | sed "s/ /_/g"
+openSUSE_12.2_x86_64)
+
function fileperms()
{
- PERMS=$(grep -E "^PERMISSION_SECURITY="
-/etc/sysconfig/security | awk -F'=' '{print $2}' | sed s/\"//g)
+ PERMS=$(grep -E "^PERMISSION_SECURITY=" /etc/sysconfig/security | awk -F'=' '{print $2}' | sed s/\"//g)
echo $PERMS
for p in $PERMS
do
echo $p
- cat "/etc/permissions."$p | grep -E "^/\w.*" | awk -F'
-' '{print "file:"$1":"$3":"$2":Linux:"}' >> $TMPDIR/fileperms.lst
+ grep -E "^/\w.*" "/etc/permissions."$p | awk -F' ' '{print "file:"$1":"$3":"$2":Linux:"}' >> $TMPDIR/fileperms.lst
done
if ! [ -f db/fileperms.db.orig ]; then
cp -v db/fileperms.db db/fileperms.db.orig
fi
- cp $TMPDIR/fileperms.lst db/fileperms.db
+ rm -f db/fileperms.db
+ cp $TMPDIR/fileperms.lst db/fileperms.db.$OS
+ ln -s fileperms.db.$OS db/fileperms.db
}
+function dbussystem()
+{
+ for i in $(ls -1 /usr/share/dbus-*/system-services/*.service /etc/dbus-*/system.d/*.conf 2>/dev/null)
+ do
+ basename $i >> $TMPDIR/dbus-whitelist.db.$OS
+ done
+ rm -f db/dbus-whitelist.db
+ cp -v $TMPDIR/dbus-whitelist.db.$OS db/
+ ln -s dbus-whitelist.db.$OS db/dbus-whitelist.db
+}
TMPDIR=$(mktemp -d /tmp/lynis.XXXXXX)
echo "prepare lynis config for your suse systems"
echo "1. lookup file permission level"
fileperms
+echo "2. lookup dbus system serices in /etc/dbus-1/system.d/"
+dbussystem
-
-#rm -rf $TMPDIR
+rm -rf $TMPDIR
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org