File seccheck.spec of Package seccheck
#
# spec file for package seccheck (Version 2.0)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: seccheck
License: GPL v2 or later
Group: Productivity/Security
Provides: suse-security-check
Requires: cron bash
PreReq: %fillup_prereq
AutoReqProv: on
BuildArch: noarch
Version: 2.0
Release: 656
Summary: Security-Check Scripts
Source: %{name}-%{version}.tar.gz
Source1: sysconfig.seccheck
Source2: cron_entries
Patch: %{name}-%{version}.diff
Patch1: %{name}-%{version}-misc.patch
Patch2: %{name}-%{version}-nisfix.patch
Patch3: %{name}-%{version}-grep.patch
Patch4: %{name}-%{version}-sort.patch
Patch5: %{name}-%{version}-newpromisccheck.patch
Patch6: %{name}-%{version}-filesystems_added.patch
#Patch7: %{name}-%{version}_john-path.diff
Patch8: %{name}-%{version}_withoutmedia-bug47024.diff
Patch9: %{name}-%{version}_update-datafiles-regexfix-bug51004.diff
Patch10: %{name}-%{version}_fix-ls-output-local.diff
Patch11: %{name}-%{version}_find_mount_arg.diff
Patch12: %{name}-%{version}_find_with_dev.diff
Patch13: %{name}-%{version}_dont_run_xarg_on_empty_input.diff
Patch14: %{name}-%{version}-john.patch
Patch15: %{name}-%{version}-website.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
Regularly executable scripts (via cron) for checking the security of
your system.
%prep
%setup
%patch
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6
#%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14
%patch15
%install
install -d -m 700 $RPM_BUILD_ROOT/var/lib/secchk
install -d -m 700 $RPM_BUILD_ROOT/var/lib/secchk/data
install -d -m 750 $RPM_BUILD_ROOT/usr/lib/secchk
install -d -m 755 $RPM_BUILD_ROOT/usr/doc/packages/secchk
install -d -m 755 $RPM_BUILD_ROOT/etc/cron.d
install -m 600 crontab.security $RPM_BUILD_ROOT/etc/cron.d/seccheck
install -m 740 *.sh $RPM_BUILD_ROOT/usr/lib/secchk/
install -m 740 checkneverlogin $RPM_BUILD_ROOT/usr/lib/secchk/
install -d $RPM_BUILD_ROOT/var/adm/fillup-templates
install -m 644 $RPM_SOURCE_DIR/sysconfig.seccheck $RPM_BUILD_ROOT/var/adm/fillup-templates/
#install -d -m 755 $RPM_BUILD_ROOT/etc/cron.daily
#install -d -m 755 $RPM_BUILD_ROOT/etc/cron.weekly
#install -d -m 755 $RPM_BUILD_ROOT/etc/cron.monthly
#for freq in daily weekly monthly; do
# sed "s/FREQUENCY/$freq/" <$RPM_SOURCE_DIR/cron_entries >$RPM_BUILD_ROOT/etc/cron.$freq/seccheck
# chown 0.0 $RPM_BUILD_ROOT/etc/cron.$freq/seccheck
# chmod 700 $RPM_BUILD_ROOT/etc/cron.$freq/seccheck
#done
%files
%defattr(-,root,root)
%doc TODO CHANGES README LICENCE
/usr/lib/secchk
%config /etc/cron.d/seccheck
#%config /etc/cron.daily/seccheck
#%config /etc/cron.weekly/seccheck
#%config /etc/cron.monthly/seccheck
%dir /var/lib/secchk
%dir /var/lib/secchk/data
/var/adm/fillup-templates/sysconfig.seccheck
%clean
rm -rf $RPM_BUILD_ROOT
%post
%{fillup_only}
%changelog
* Sun Feb 11 2007 ro@suse.de
- fix build as non-root
* Wed Oct 11 2006 lrupp@suse.de
- point the user to the right place for security informations
* Wed Sep 13 2006 lrupp@suse.de
- find location of john automatically
* Mon Jul 24 2006 thomas@suse.de
- fixed bug #188579 (seccheck-2.0_dont_run_xarg_on_empty_input.diff)
* Mon Mar 06 2006 thomas@suse.de
- This update fixes the parameters for the 'find' command.
(bug #154639)
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Wed Jan 11 2006 thomas@suse.de
- removed seccheck-2.0_john-path.diff (bug #142053)
* Mon Aug 08 2005 thomas@suse.de
- fixed ls' time output regarding differnt locale settings
bug #51004
* Wed Jul 27 2005 thomas@suse.de
- changed path to john to reflect new john packaging
- fixed some regex' (bug #51004)
- try to keep data files uptodate (bug #51004)
- avoid looking into /media directory (bug #47024)
* Mon Sep 06 2004 thomas@suse.de
- added patch to support more filesystems (Bug #44719)
* Tue Sep 30 2003 thomas@suse.de
- added new promisc mode check
* Tue Sep 02 2003 kukuk@suse.de
- Add sysconfig metadata [Bug #28935]
* Sun Aug 03 2003 poeml@suse.de
- sort was using obsolete syntax +1, replaced by -k2 [#28429]
* Fri Jun 06 2003 okir@suse.de
- grep -C was using obsolete syntax [#27258]
* Sat Feb 22 2003 mmj@suse.de
- Add sysconfig metadata [#22684]
* Wed Feb 05 2003 okir@suse.de
- do not complain about +joedoe NIS accounts (previously,
we just ignored + and -) (#23146)
* Mon Nov 18 2002 okir@suse.de
- removed residual rc.config references
- START_SECCHECK now really works
- cleaned up the general blurb included in the mail messages
- daily sec check would incorrectly flag random home directories
and dot files as owned by another user/group (#20720)
- use long-iso format in ls output (#21863)
- corrected spelling of sysconfig variable
(SECCH*C*K_USER -> SECCHK_USER) (#15866, 16623)
- avoid different seccheck scripts from stepping on each others'
toes when using a local copy of /etc/passwd (#16810)
- Stop warning about + and - lines in /etc/{shadow,passwd} (#21496)
- Allow user/group names of up to 32 characters (#21496 too)
* Mon Nov 11 2002 kukuk@suse.de
- Use sysconfig/seccheck, not rc.config
* Thu Aug 01 2002 ro@suse.de
- move to sysconfig, use prereq
* Fri Jul 13 2001 garloff@suse.de
- Added START_SECCHK variable to control whether the script will
be run by cron. (see discussion @ bugzilla #5413).
START_SECCHK defaults to "yes".
- Update to seccheck-2.0:
* fixed an egrep bug - which was reported looooong time ago :-(
* workarounds for Redhat ... they should update the mktempa and
provide pidof ... duh ... (thanks to weutzing@exozet.com)
- Update to seccheck-1.9:
* finally fixed the output of the weekly changes to prevent
unnecessary lines
* Added small fix to prevent "undisclosed receipent" msg in
mailers
* Tue May 08 2001 garloff@suse.de
- Update to seccheck-1.8:
* rewrote the mail header message for the change reports
* added LICENCE (GPLv2) - required by SuSE policy
- Update to seccheck-1.7:
* fixed a check for /etc/shadow password field contents
* Tue Apr 24 2001 garloff@suse.de
- Move it back to cron.d/seccheck. Otherwise users who use their
machine only occasionally would see a significant performance
hit.
* Wed Feb 21 2001 garloff@suse.de
- Start seccheck via cron.daily,weekly,monthly instead of
cron.d/seccheck. The latter does not work, if the computer is not
running at the specified time. (Bugzilla #5413, Ivory@SerNet.de)
* Tue Jan 09 2001 garloff@suse.de
- Add SECCHK_USER to /etc/rc.config (fillup-template), bug #5349
- Remove double sourcing of /etc/rc.config from security-control.sh
script.
* Tue Dec 19 2000 garloff@suse.de
- Oops: Used %%{_tmpdir} instead of %%{_tmppath} in BuildRoot:
* Tue Dec 19 2000 garloff@suse.de
- seccheck-1.6:
* Fix some DoS possibilities
* Exlcude for NFS/cdrom was missing at one place in weekly
* closed a hole against possibility of a backdoor trying
to hide from lsof output
* Fri Sep 29 2000 garloff@suse.de
- seccheck-1.4: lsof fix and other minor fixes.
* Tue Jul 25 2000 garloff@suse.de
- egrep check for \\+ sign was missing the quoting \\ (#3461)
* Sun Jul 09 2000 garloff@suse.de
- Report version number properly (was erroneously set to 1.2)
* Fri Jun 30 2000 garloff@suse.de
- Update to version 1.3:
* checkneverlogin
* reiserfs support (suid/writable)
* better output routines
* some checks added
- Use BuildRoot.
* Wed Feb 16 2000 garloff@suse.de
- Version 0.9. Use install in spec-file instead of crufty
cp/mkdir, chown, chmod sequences.
* Tue Oct 19 1999 bs@suse.de
- changed from /etc/cron.daily to /etc/cron.d with hardcoded starting times.
* Fri Oct 01 1999 bs@suse.de
- new version 0.8
* Mon Sep 13 1999 bs@suse.de
- ran old prepare_spec on spec file to switch to new prepare_spec.
* Tue Apr 13 1999 bs@suse.de
- set version properly
* Tue Mar 30 1999 ro@suse.de
- new package
