Revisions of maldetect
Danilo Godec (danci1973)
committed
(revision 200)
Changing and testing spec formats ...
M maldetect.spec
Diff for working copy: .
Index: maldetect.spec
===================================================================
--- maldetect.spec (revision 199)
+++ maldetect.spec (working copy)
@@ -74,7 +74,7 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%if 0%{?suse_version} < 1500
-Requires(pre): %{insserv_prereq} %{fillup_prereq}
+Requires(pre): %insserv_prereq %fillup_prereq
%endif
%if 0%{?fedora} || 0%{?rhel_version} || 0%{?centos_version}
@@ -126,8 +126,10 @@
%patch5 -p1
%patch6 -p1
%patch7 -p1
-%patch8 -p1
-%patch9 -p1
+# Not needed anymore
+#%patch8 -p1
+# Not needed anymore
+#%patch9 -p1
%build
Danilo Godec (danci1973)
committed
(revision 197)
Added support for remote clamd
A clamd.remote.conf.example
A maldetect-remote_clamd.patch
M maldetect.conf
M maldetect.spec
Diff for working copy: .
Index: maldetect.conf
===================================================================
--- maldetect.conf (revision 196)
+++ maldetect.conf (working copy)
@@ -299,3 +299,20 @@
# [ string length in characters, default = 150000 ]
string_length_scan="0" # [ 0 = disabled, 1 = enabled ]
string_length="150000" # [ max string length ]
+
+# If you're running a dedicated clamd server, you can instruct clamdscan to use
+# it instead of the local daemon (which doesn't even need to run). To use
+# this you need to create a 'clamd.remote.conf' with:
+#
+# TCPSocket3310
+# TCPAddr clamd.example.com
+#
+# To instruct maldetect to use that config, enter the path to that file:
+remote_clamd="/etc/clamd.d/clamd.remote.conf"
+
+# If remote clamd doesn't respond properly, how many times should we retry
+# the same file
+max_retry="5"
+
+# How many seconds to sleep between retrys
+retry_sleep="3"
Index: maldetect.spec
===================================================================
--- maldetect.spec (revision 196)
+++ maldetect.spec (working copy)
@@ -7,6 +7,8 @@
Group: Applications/File
License: GPL-2.0
URL: http://www.rfxn.com/projects/linux-malware-detect/
+
+%define strongswan_docdir %{_docdir}/%{name}
# The author does not provide a way of download a specifc version.
# The md5sum of the tarball in this SRPM will differ becasue the signatures
@@ -31,7 +33,7 @@
Source9: maldet.cron.daily
Source10: restart_maldet.sh
Source11: maldet.init-centos6
-
+Source12: clamd.remote.conf.example
# change the paths where it looks for stuff and remove autoupdate from the
# cron job
@@ -65,6 +67,9 @@
# Fix monitor_check() function to work with filenames containing spaces
Patch8: maldetect-spaces_in_filenames.patch
+
+# Add options for remote using a remote clamd - including some retry loging and scanlist cleanup function
+Patch9: maldetect-remote_clamd.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -122,6 +127,7 @@
%patch6 -p1
%patch7 -p1
%patch8 -p1
+%patch9 -p1
%build
@@ -160,6 +166,9 @@
install -m755 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/maldetect.conf
+mkdir -p $RPM_BUILD_ROOT%{_docdir}/maldetect
+install -m644 %{SOURCE12} %{buildroot}%{_docdir}/maldetect
+
%if 0%{?suse_version}
install -m755 %{SOURCE1} %{buildroot}%{_sysconfdir}/init.d/maldet
%else
@@ -189,6 +198,7 @@
install -D -m 0644 %{SOURCE8} %{buildroot}%{_fillupdir}/sysconfig.maldetect
%endif
+
%post
%if 0%{?suse_version}
%fillup_and_insserv
@@ -205,6 +215,7 @@
%files
%defattr(-,root,root,-)
%doc CHANGELOG COPYING.GPL README
+%doc %{_docdir}/maldetect/*
%dir %{_sysconfdir}/maldetect
%dir %{_var}/log/maldetect
%{_bindir}/maldet
Index: clamd.remote.conf.example
===================================================================
--- clamd.remote.conf.example (revision 0)
+++ clamd.remote.conf.example (revision 0)
@@ -0,0 +1,2 @@
+TCPSocket3310
+TCPAddr clamd.example.com
Index: maldetect-remote_clamd.patch
===================================================================
--- maldetect-remote_clamd.patch (revision 0)
+++ maldetect-remote_clamd.patch (revision 0)
@@ -0,0 +1,116 @@
+diff -Nur maldetect-1.6.4-orig/files/internals/functions maldetect-1.6.4/files/internals/functions
+--- maldetect-1.6.4-orig/files/internals/functions 2021-07-16 11:30:48.830058706 +0200
++++ maldetect-1.6.4/files/internals/functions 2021-07-16 11:39:46.573436633 +0200
+@@ -883,7 +883,11 @@
+
+ isclamd=`pgrep -x clamd 2> /dev/null`
+ isclamd_root=`pgrep -x -u root clamd 2> /dev/null`
+- if [ "$isclamd" ] && [ "$isclamd_root" ]; then
++ if [ "$remote_clamd" ]; then
++ clamd=1
++ clambin="clamdscan"
++ clamopts="--fdpass -c /etc/clamd.d/clamd.remote.conf"
++ elif [ "$isclamd" ] && [ "$isclamd_root" ]; then
+ clamd=1
+ clambin="clamdscan"
+ clamopts="$clamdscan_extraopts"
+@@ -910,7 +914,20 @@
+ fi
+ if [ "$clamd" ] && [ "$scan_clamscan" == "1" ]; then
+ ## test clamdscan for errors as not all 'running' instances of clamd are indicative of working setup
+- clamd_test=`$clamscan --fdpass --quiet --no-summary /etc/passwd 2> /dev/null || echo $?`
++ if [ "$remote_clamd" ]; then
++ try=0
++ while [ $try -le $max_retry ]; do
++ clamd_test=`$clamscan $clamopts --fdpass --quiet --no-summary /etc/passwd 2> /dev/null || echo $?`
++ if [ "$clamd_test" = "2" ]; then
++ ((try++))
++ sleep $retry_sleep
++ else
++ break
++ fi
++ done
++ else
++ clamd_test=`$clamscan --fdpass --quiet --no-summary /etc/passwd 2> /dev/null || echo $?`
++ fi
+ if [ ! -z "$clamd_test" ]; then
+ clamd=0
+ clambin="clamscan"
+@@ -1141,8 +1158,26 @@
+ echo "$(date +"%b %d %H:%M:%S") $(hostname -s) clamscan start" >> $clamscan_log
+ clamscan_results="$tmpdir/.clamscan.$$"
+ echo "$(date +"%b %d %H:%M:%S") $(hostname -s) executed: $nice_command $clamscan $clamopts --infected --no-summary -f $find_results" >> $clamscan_log
+- $nice_command $clamscan $clamopts --infected --no-summary -f $find_results > $clamscan_results 2>> $clamscan_log
+- clamscan_return=$?
++
++ if [ "$remote_clamd" ]; then
++ try=0
++ while [ $try -le $max_retry ]; do
++ $nice_command $clamscan $clamopts --infected --no-summary -f $find_results > $clamscan_results 2>> $clamscan_log
++ clamscan_return=$?
++ if [ "$clamscan_return" == "2" ]; then
++ ((try++))
++ echo "$(date +"%b %d %H:%M:%S") $(hostname -s) remote clamd error - retrying in $retry_sleep seconds ($try)"
++ sleep $retry_sleep
++ else
++ break
++ fi
++ done
++ else
++ $nice_command $clamscan $clamopts --infected --no-summary -f $find_results > $clamscan_results 2>> $clamscan_log
++ clamscan_return=$?
++ fi
++
++
+ if [ "$clamscan_return" == "2" ]; then
+ if [ "$quarantine_on_error" == "0" ] || [ -z "$quarantine_on_error" ]; then
+ quarantine_hits=0
+@@ -1560,14 +1595,46 @@
+ exit
+ }
+
++cleanup_scanlist() {
++ # Checks for files that are already gone (temporary files, cache
++ # files, ...) and removes them from $monitor_scanlist, so we don't
++ # get errors and too many retries
++ TMP_FILE=$(mktemp -p /var/lib/maldetect/tmp)
++ lbreakifs set
++ for FILE in $(cat $monitor_scanlist); do
++ if [ -f "$FILE" ]; then
++ echo "$FILE" >> $TMP_FILE
++ fi
++ done
++ lbreakifs unset
++ mv $TMP_FILE $monitor_scanlist
++}
++
+ monitor_check() {
+ monitor_scanlist="$tmpdir/.monitor.scan.${RANDOM}${RANDOM}"
+ touch $monitor_scanlist ; chmod 600 $monitor_scanlist
+- $tlog $inotify_log inotify | grep -E " CREATE| MODIFY| MOVED_FROM| MOVED_TO" | awk -F" CREATE| MODIFY| MOVED_FROM| MOVED_TO" '{print $1}' | sort -u | grep -vf $ignore_paths> $monitor_scanlist
++ $tlog $inotify_log inotify | grep -E " CREATE| MODIFY| MOVED_TO" | awk -F" CREATE| MODIFY| MOVED_TO" '{print $1}' | sort -u | grep -vf $ignore_paths> $monitor_scanlist
+ if [ "$scan_clamscan" == "1" ]; then
+ clamscan_results="$tmpdir/.clamscan.result.${RANDOM}${RANDOM}"
+ touch $clamscan_results ; chmod 600 $clamscan_results
+- $nice_command $clamscan $clamopts --infected --no-summary -f $monitor_scanlist > $clamscan_results 2>> $clamscan_log || clamscan_return=$?
++ if [ "$remote_clamd" ]; then
++ try=0
++ while [ $try -le $max_retry ]; do
++ cleanup_scanlist $monitor_scanlist
++ $nice_command $clamscan $clamopts --infected --no-summary -f $monitor_scanlist > $clamscan_results 2>> $clamscan_log
++ clamscan_return=$?
++ if [ "$clamscan_return" == "2" ]; then
++ ((try++))
++ echo "$(date +"%b %d %H:%M:%S") $(hostname -s) remote clamd error - retrying in $retry_sleep seconds ($try)" >> $clamscan_log
++ sleep $retry_sleep
++ else
++ break
++ fi
++ done
++ else
++ $nice_command $clamscan $clamopts --infected --no-summary -f $monitor_scanlist > $clamscan_results 2>> $clamscan_log || clamscan_return=$?
++ fi
++
+ if [ "$inotify_verbose" == "1" ]; then
+ for file in `cat $monitor_scanlist | tr ' ' '%'`; do
+ file=`echo $file | tr '%' ' '`
Danilo Godec (danci1973)
committed
(revision 196)
Fix for monitor_check() function to work with filenames containing spaces
A maldetect-spaces_in_filenames.patch
M maldetect.spec
Diff for working copy: .
Index: maldetect.spec
===================================================================
--- maldetect.spec (revision 195)
+++ maldetect.spec (working copy)
@@ -63,6 +63,9 @@
# Fix missing $tmpwd= in internals/functions
Patch7: maldetect-fix_sig_update.patch
+# Fix monitor_check() function to work with filenames containing spaces
+Patch8: maldetect-spaces_in_filenames.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%if 0%{?suse_version}
@@ -118,6 +121,7 @@
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
%build
Index: maldetect-spaces_in_filenames.patch
===================================================================
--- maldetect-spaces_in_filenames.patch (revision 0)
+++ maldetect-spaces_in_filenames.patch (revision 0)
@@ -0,0 +1,12 @@
+diff -Nur maldetect-1.6.4-orig/files/internals/functions maldetect-1.6.4-new/files/internals/functions
+--- maldetect-1.6.4-orig/files/internals/functions 2021-05-20 10:14:44.024639626 +0200
++++ maldetect-1.6.4-new/files/internals/functions 2021-05-20 10:17:11.907812314 +0200
+@@ -1563,7 +1563,7 @@
+ monitor_check() {
+ monitor_scanlist="$tmpdir/.monitor.scan.${RANDOM}${RANDOM}"
+ touch $monitor_scanlist ; chmod 600 $monitor_scanlist
+- $tlog $inotify_log inotify | grep -E "CREATE|MODIFY|MOVED_TO" | grep -E -v '/.. ' | awk '{print$1}' | sort | uniq | grep -vf $ignore_paths> $monitor_scanlist
++ $tlog $inotify_log inotify | grep -E " CREATE| MODIFY| MOVED_FROM| MOVED_TO" | awk -F" CREATE| MODIFY| MOVED_FROM| MOVED_TO" '{print $1}' | sort -u | grep -vf $ignore_paths> $monitor_scanlist
+ if [ "$scan_clamscan" == "1" ]; then
+ clamscan_results="$tmpdir/.clamscan.result.${RANDOM}${RANDOM}"
+ touch $clamscan_results ; chmod 600 $clamscan_results
Danilo Godec (danci1973)
committed
(revision 195)
Danilo Godec (danci1973)
committed
(revision 194)
Danilo Godec (danci1973)
committed
(revision 193)
Danilo Godec (danci1973)
committed
(revision 192)
Danilo Godec (danci1973)
committed
(revision 191)
Danilo Godec (danci1973)
committed
(revision 189)
Danilo Godec (danci1973)
committed
(revision 188)
Fixed cron file, so it redirects everything from maldet_restart.sh to null
Danilo Godec (danci1973)
committed
(revision 185)
Fixed patches to work with 1.6.3... M maldetect-no-autoupdate.patch M maldetect-paths.patch
Danilo Godec (danci1973)
committed
(revision 184)
Danilo Godec (danci1973)
committed
(revision 183)
Danilo Godec (danci1973)
committed
(revision 182)
Danilo Godec (danci1973)
committed
(revision 181)
Displaying revisions 21 - 40 of 220
