Commit 1831d457 authored by Julien Valroff's avatar Julien Valroff

Imported Upstream version 1.4.0

parent 0236244e
......@@ -18,6 +18,67 @@
--
* 1.4.0 (01/05/2012)
New:
- Added the '--list propfiles' command-line option. This will dump out
the list of filenames that will be searched for when building the file
properties database. By default the list is not shown if just '--list'
is used.
- Added Jynx rootkit check.
- Added Turtle/Turtle2 rootkit check.
- Added KBeast rootkit check.
- The installer now supports the Slackware TXZ package layout option.
Changes:
- Avoid checking exclamation points in ALLOWDEVFILE checks (this was
caught on 01/05/2012 causing a reissue of the 1.4.0 release).
- Allow the ALLOWDEVFILE, ALLOWHIDDENFILE and ALLOWHIDDENDIR options to
use '%' as the space character. (Note: This is a temporary fix).
- The ALLOWPROCDELFILE option can now use wildcards in the file names.
- The '--list perl' command-line option now shows whether the perl
command itself is installed or not.
- The 'shared_libs' test now allows whitelisting of the preloading
environment variables.
- The '-r/--rootdir' command-line options, and the ROOTDIR
configuration option are now deprecated. If they are used then an
error message will be displayed. The options will have no effect,
but rkhunter will continue. The options will be completely removed
at the next release.
- The 'hidden_ports' test will now show if a found port is TCP or UDP.
- It is now possible to whitelist ports in the 'hidden_ports' test
using the PORT_WHITELIST configuration option.
Bugfixes:
- Allow the ALLOWPROCDELFILE option to work again.
- Correct the check of the ProFTPD version number.
- Fix the FreeBSD 'sockstat' command check to ensure that the correct
fields are used.
- Fix for newer version of the 'file' command when reporting scripts.
- Fix the ALLOWHIDDENFILE option to allow hidden symbolic links.
- The 'filesystem' check now handles files and directories with spaces
in their names correctly.
- The 'startup_files' test was displaying file names with spaces in
them incorrectly. Also the test was not checking files which were
in hidden directories.
- Ensure that the ALLOWDEVFILE, ALLOWHIDDENFILE and ALLOWHIDDENDIR
options re-evaluate their whitelisting lists to ensure that any
wildcard entries are the most recent. (A time window previously
existed which meant that the list was processed, but new files
could be created before the test was run. As such they were reported
as false-positive warnings, when they should have been whitelisted.)
- Allow the EXISTWHITELIST option to work with symbolic links.
- The test of whether prelinking is being used or not was sometimes
causing the file properties hash test to be skipped, without the
real reason being stated. Now the hash test will proceed but the
user will still get a warning (because it detects that prelinking was
used and is not now, or vice-versa).
- Rkhunter will now check to see if the 'head' and 'tail' commands
understand the '-n' option. If they do, then it will be used. If they
do not, then the older 'head -1' and 'tail -1' commands will be used.
--
* 1.3.8 (17/11/2010)
New:
......
......@@ -2,7 +2,7 @@
THE ROOTKIT HUNTER PROJECT
==========================
Copyright (c) 2003-2010, Michael Boelen
Copyright (c) 2003-2012, Michael Boelen
See the LICENSE file for conditions of use and distribution.
It is recommended that all users of RootKit Hunter (RKH) join the
......@@ -49,7 +49,7 @@ Please note that RKH has some requirements:
frontkey.
http://www.xs4all.nl/~dvgevers/
- Unhide and unhide-tcp (C versions)
Finds hidden processes.
Finds hidden ports and processes.
http://unhide.sourceforge.net
- Unhide (Ruby version)
Finds hidden processes.
......
Version:2010110901
Version:2012012901
#
# We start with the definitions of the message types and results. There
# are very few of these, so including these and all the parts of each
......@@ -58,8 +58,6 @@ CONFIG_LANGUAGE:Using language '$1'
CONFIG_DBDIR:Using '$1' as the database directory
CONFIG_SCRIPTDIR:Using '$1' as the support script directory
CONFIG_BINDIR:Using '$1' as the command directories
CONFIG_ROOTDIR:Using '$1' as the root directory
CONFIG_ROOTDIR_DFLT:Using '/' as the root directory by default
CONFIG_TMPDIR:Using '$1' as the temporary directory
CONFIG_NO_MAIL_ON_WARN:No mail-on-warning address configured
CONFIG_MOW_DISABLED:Disabling use of mail-on-warning at users request
......@@ -279,6 +277,7 @@ FILE_PROP_CHANGED2:File: $1
FILE_PROP_NO_PKGMGR_FILE:File '$1' hash value skipped: file does not belong to a package
FILE_PROP_NO_SYSHASH:No hash value found for file '$1'
FILE_PROP_NO_SYSHASH_BL:The file is a broken link: $1
FILE_PROP_BROKEN_LINK_WL_TGT:Found a broken link, but the targets existence is whitelisted: '$1'
FILE_PROP_NO_SYSHASH_CMD:Hash command output: $1
FILE_PROP_NO_SYSHASH_DEPENDENCY:Try running the command 'prelink $1' to resolve dependency errors.
FILE_PROP_IGNORE_PRELINK_DEP_ERR:Ignoring prelink dependency error for file '$1'
......@@ -521,7 +520,7 @@ FILESYSTEM_DEV_FILE_FOUND:Suspicious file types found in ${1}:
FILESYSTEM_HIDDEN_DIR_WL:Found hidden directory '$1': it is whitelisted.
FILESYSTEM_HIDDEN_FILE_WL:Found hidden file '$1': it is whitelisted.
FILESYSTEM_HIDDEN_CHECK:Checking for hidden files and directories
FILESYSTEM_HIDDEN_DIR_FOUND:Hidden directory found: $1
FILESYSTEM_HIDDEN_DIR_FOUND:Hidden directory found: '$1'
FILESYSTEM_HIDDEN_FILE_FOUND:Hidden file found: $1
CHECK_APPS:Checking application versions...
......@@ -553,12 +552,16 @@ NETWORK_PORTS_ENABLE_TRUSTED:Trusted pathnames are enabled for port whitelisting
NETWORK_PORTS_BACKDOOR_CHK:Checking for $1 port $2
NETWORK_PORTS_PATH_WHITELIST:Network $1 port $2 is being used by $3: the pathname is whitelisted.
NETWORK_PORTS_TRUSTED_WHITELIST:Network $1 port $2 is being used by $3: the pathname is trusted.
NETWORK_PORTS_PORT_WHITELIST:Network $1 port $2 is being used: the port is whitelisted.
NETWORK_PORTS_PORT_WHITELIST:Network $1 port $2 found: the port is whitelisted.
NETWORK_PORTS_BKDOOR_FOUND:Network $1 port $2 is being used${3}. Possible rootkit: $4
NETWORK_PORTS_BKDOOR_FOUND:Use the 'lsof -i' or 'netstat -an' command to check this.
NETWORK_HIDDEN_PORTS:Checking for hidden ports
NETWORK_HIDDEN_PORTS_FOUND:Hidden ports found:
NETWORK_HIDDEN_PORTS_PID:Port number: $1
NETWORK_HIDDEN_PORTS_CHK:Port number: $1:$2
NETWORK_HIDDEN_PORTS_CHK_NAME:Port number: $1:$2 is being used by $3
NETWORK_HIDDEN_PORTS_PATH_WHITELIST:Hidden $1 port $2 is being used by $3: the pathname is whitelisted.
NETWORK_HIDDEN_PORTS_TRUSTED_WHITELIST:Hidden $1 port $2 is being used by $3: the pathname is trusted.
NETWORK_HIDDEN_PORTS_PORT_WHITELIST:Hidden $1 port $2 found: the port is whitelisted.
NETWORK_INTERFACE_START:Performing checks on the network interfaces
NETWORK_PROMISC_WLIST:Network interfaces allowed to be in promiscuous mode: $1
NETWORK_PROMISC_CHECK:Checking for promiscuous interfaces
......
Version:20101116
Version:2010111601
httpd: 1.3a1 1.3b1 1.3b3 1.3b4 1.3b5 1.3b6 1.3b7 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.6 1.3.9 1.3.10 1.3.11 1.3.12 1.3.14 1.3.17 1.3.19 1.3.20 1.3.21 1.3.22 1.3.23 1.3.24 1.3.25 1.3.26 1.3.27 1.3.28 1.3.29 1.3.30 1.3.31 1.3.32 1.3.33 1.3.34 1.3.35 1.3.36 1.3.37 1.3.39 1.3.40 2.0a1 2.0a2 2.0a3 2.0a4 2.0a5 2.0a6 2.0a7 2.0a8 2.0a9 2.0.11 2.0.12 2.0.13 2.0.14 2.0.15 2.0.16 2.0.17 2.0.18 2.0.19 2.0.20 2.0.21 2.0.22 2.0.23 2.0.24 2.0.25 2.0.26 2.0.27 2.0.28 2.0.29 2.0.30 2.0.31 2.0.32 2.0.33 2.0.34 2.0.35 2.0.36 2.0.37 2.0.38 2.0.39 2.0.40 2.0.41 2.0.42 2.0.43 2.0.44 2.0.45 2.0.46 2.0.47 2.0.48 2.0.49 2.0.50 2.0.51 2.0.52 2.0.53 2.0.54 2.0.55 2.0.56 2.0.57 2.0.58 2.0.59 2.0.61 2.0.62 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.2.6 2.2.8 2.2.9 2.2.10 2.2.11 2.2.12 2.2.13 2.2.14 2.2.15 2.2.16
sshd: 2.1.1p4 2.2.0p1 2.3.0p1 2.5.1p1 2.5.1p2 2.5.2p1 2.5.2p2 2.9.9p1 2.9.9p2 2.9p1 2.9p2 3.0.1p1 3.0.2p1 3.0p1 3.1p1 3.2.2p1 3.2.3p1 3.3p1 3.4p1 3.5p1 3.6.1p1 3.6.1p2 3.6p1 3.7.1p1 3.7.1p2 3.7p1 3.8.1p1 3.8p1 3.9p1 4.0p1 4.1p1 4.2p1 4.3p1 4.3p2 4.4p1 4.5p1 4.6p1 4.7p1 4.9p1 5.0p1 5.1p1 5.2p1 5.5p1
exim: 4.20 4.21 4.22 4.23 4.24 4.30 4.31 4.32 4.33 4.34 4.40 4.41 4.42 4.43 4.44 4.50 4.51 4.52 4.53 4.54 4.60 4.61 4.62 4.63 4.64 4.65 4.66 4.67 4.68 4.69 4.70 4.71
......
This diff is collapsed.
.\" rkhunter - RootKit Hunter
.TH rkhunter 8 "August, 2010"
.TH rkhunter 8 "November 2011"
.SH NAME
rkhunter \- RootKit Hunter
.SH SYNOPSIS
\fBrkhunter\fP {--check | --unlock | --update | --versioncheck |
--propupd [{filename | directory | package name},...] |
--list [tests | {lang | languages} | rootkits | perl] |
--list [tests | {lang | languages} | rootkits | perl |
propfiles] |
--config\-check | --version | --help} [options]
.SH DESCRIPTION
......@@ -110,17 +111,19 @@ new version is available.
.IP
.IP "\fB\-\-list [tests | {lang | languages} | rootkits | perl]\fP"
.IP "\fB\-\-list [tests | {lang | languages} | rootkits | perl | propfiles]\fP"
This command option will list some of the supported capabilities of the
program, and then exit. The \fItests\fP option lists the currently available
test names (see the README file for more details about test names). The
\fIlanguages\fP option lists the currently available languages, and the
\fIrootkits\fP option lists the rootkits that \fBrkhunter\fP will search for.
The \fIperl\fP option lists the installation status of perl modules that may
be used by some of the tests. Note that it is not \fIrequired\fP to install
these modules. However, if rkhunter is forced to use perl to execute a test
then the module must be present. If no specific option is given, then all the
lists are displayed.
\fIrootkits\fP option lists the rootkits that are searched for by
\fBrkhunter\fP. The \fIperl\fP option lists the installation status of the perl
command and perl modules that may be used by some of the tests. Note that it is
not \fIrequired\fP to install these modules. However, if \fBrkhunter\fP is
forced to use perl to execute a test then the module must be present. The
\fIpropfiles\fP option will list the file names that are used to generate the
file properties database. If no specific option is given, then all the lists,
except for the file properties database, are displayed.
.IP
......@@ -321,12 +324,6 @@ This option causes only warning messages to be displayed. This can be
useful when \fBrkhunter\fP is run via cron. Other options may be used to
force other items of information to be displayed.
.IP "\fB\-r, \-\-rootdir <directory>\fP"
If a suspect system is locally or remotely mounted, it is possible to tell
\fBrkhunter\fP to inspect it by using this option. However, it must be used
with care, as several of the other options specifying configuration
directories may need to be set as well. There is no default.
.IP "\fB\-\-sk, \-\-skip\-keypress\fP"
When the \fB\-\-check\fP command option is used, after certain sections of
tests, the user will be prompted to press the \fIreturn\fP key in order to
......@@ -395,7 +392,8 @@ THREE=three,three. Simple globbing (/dev/shm/file-*) works.
.IP \fBhashes\fP
.IP \fBhidden_ports\fP
.IP \fBhidden_procs\fP
.IP \fBimmutable known_rkts\fP
.IP \fBimmutable\fP
.IP \fBknown_rkts\fP
.IP \fBloaded_modules\fP
.IP \fBlocal_host\fP
.IP \fBmalware\fP
......@@ -421,12 +419,16 @@ THREE=three,three. Simple globbing (/dev/shm/file-*) works.
.IP \fBstrings\fP
.IP \fBsuspscan\fP
.IP \fBsystem_commands\fP
.IP \fBsystem_configs trojans\fP
.IP \fBsystem_configs\fP
.IP \fBtrojans\fP
.SH FILES
(For a default installation)
.br
/etc/rkhunter.conf
.br
/var/log/rkhunter.log
.SH SEE ALSO
See the CHANGELOG file for recent changes.
......
......@@ -26,6 +26,12 @@
# wildcard characters (globbing) are allowed in the list, then the
# text describing the option will say so.
#
# Space-separated lists may be enclosed by quotes, but these must only
# appear at the start and end of the list, not in the middle.
#
# For example: XXX="abc def gh" (correct)
# XXX="abc" "def" "gh" (incorrect)
#
#
......@@ -105,11 +111,6 @@ MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"
#
#SCRIPTDIR=/usr/local/lib/rkhunter/scripts
#
# Specify the root directory to use.
#
#ROOTDIR=""
#
# This option can be used to modify the command directory list used
# by rkhunter to locate commands (that is, its PATH). By default
......@@ -375,7 +376,8 @@ DISABLE_TESTS="suspscan hidden_ports hidden_procs deleted_files packet_cap_apps"
#
# This option is a space-separated list of commands, directories and file
# pathnames. This option can be specified more than once.
# pathnames which will be included in the file properties checks.
# This option can be specified more than once.
#
# Whenever this option is changed, 'rkhunter --propupd' must be run.
#
......@@ -529,11 +531,12 @@ IMMUTABLE_SET=0
# ALLOWPROCDELFILE="/usr/libexec/gconfd-2:/tmp/abc:/var/tmp/xyz"
#
# This is a space-separated list of process names. The option
# may be specified more than once.
# may be specified more than once. The option may use wildcard
# characters, but only in the file names.
#
#ALLOWPROCDELFILE="/sbin/cardmgr /usr/sbin/gpm:/etc/X11/abc"
#ALLOWPROCDELFILE="/usr/libexec/gconfd-2"
#ALLOWPROCDELFILE="/usr/sbin/mysqld"
#ALLOWPROCDELFILE="/usr/sbin/mysqld:/tmp/ib*"
#
# Allow the specified processes to listen on any network interface.
......@@ -823,7 +826,8 @@ SUSPSCAN_THRESH=200
#
# The following option can be used to whitelist shared library files that would
# normally be flagged with a warning during the preloaded shared library check.
# These library pathnames usually exist in the '/etc/ld.so.preload' file.
# These library pathnames usually exist in the '/etc/ld.so.preload' file or in
# the LD_PRELOAD environment variable.
#
# NOTE: It is recommended that if you whitelist any files, then you include
# those files in the file properties check. See the USER_FILEPROP_FILES_DIRS
......@@ -944,7 +948,7 @@ SHOW_LOCK_MSGS=1
#
# If the option SCANROOTKITMODE is set to "THOROUGH" the scanrootkit() function
# will search (on a per rootkit basis) for filenames in all of the directories (as defined
# by the result of running 'find "${RKHROOTDIR}/" -xdev'). While still not optimal, as it
# by the result of running 'find / -xdev'). While still not optimal, as it
# still searches for only file names as opposed to file contents, this is one step away
# from the rigidity of searching in known (evidence) or default (installation) locations.
#
......
......@@ -6,7 +6,7 @@
#%%dump
%define name rkhunter
%define ver 1.3.8
%define ver 1.4.0
%define rel 1
%define epoch 0
......@@ -119,6 +119,9 @@ fi
%changelog
* Tue May 01 2012 unSpawn - 1.4.0
- Spec sync, see CHANGELOG.
* Tue Nov 16 2010 unSpawn - 1.3.7
- Spec sync.
......
......@@ -11,8 +11,8 @@
################################################################################
INSTALLER_NAME="Rootkit Hunter installer"
INSTALLER_VERSION="1.2.15"
INSTALLER_COPYRIGHT="Copyright 2003-2010, Michael Boelen"
INSTALLER_VERSION="1.2.16"
INSTALLER_COPYRIGHT="Copyright 2003-2012, Michael Boelen"
INSTALLER_LICENSE="
Under active development by the Rootkit Hunter project team. For reporting
......@@ -24,7 +24,7 @@ of the GNU General Public License. See LICENSE for details.
"
APPNAME="rkhunter"
APPVERSION="1.3.8"
APPVERSION="1.4.0"
RKHINST_OWNER="0:0"
RKHINST_MODE_EX="0750"
RKHINST_MODE_RW="0640"
......@@ -39,6 +39,7 @@ STRIPROOT=""
RPM_USING_ROOT=0
TGZ_USING_ROOT=0
TXZ_USING_ROOT=0
DEB_USING_ROOT=0
umask 027
......@@ -84,6 +85,7 @@ showHelp() { # Show help / version
echo " - RPM: for building RPM's. Requires \$RPM_BUILD_ROOT."
echo " - DEB: for building DEB's. Requires \$DEB_BUILD_ROOT."
echo " - TGZ: for building Slackware TGZ's. Requires \$TGZ_BUILD_ROOT."
echo " - TXZ: for building Slackware TXZ's. Requires \$TXZ_BUILD_ROOT."
echo ' --striproot : Strip path from custom layout (for package maintainers).'
echo " --install : Install according to chosen layout."
echo " --overwrite : Overwrite the existing configuration file."
......@@ -126,7 +128,7 @@ showVersion() { echo "${INSTALLER_NAME} ${INSTALLER_VERSION} ${INSTALLER_LICENSE
selectTemplate() { # Take input from the "--install parameter"
case "$1" in
/usr|/usr/local|default|custom_*|RPM|DEB|TGZ)
/usr|/usr/local|default|custom_*|RPM|DEB|TGZ|TXZ)
case "$1" in
default)
PREFIX="/usr/local"
......@@ -198,13 +200,26 @@ selectTemplate() { # Take input from the "--install parameter"
exit 1
fi
;;
TXZ)
if [ -n "${TXZ_BUILD_ROOT}" ]; then
if [ "${TXZ_BUILD_ROOT}" = "/" ]; then
TXZ_USING_ROOT=1
PREFIX="/usr"
else
PREFIX="${TXZ_BUILD_ROOT}/usr"
fi
else
echo "TXZ installation chosen but \$TXZ_BUILD_ROOT variable not found. Exiting."
exit 1
fi
;;
*)
PREFIX="$1"
;;
esac
case "$1" in
RPM|DEB|TGZ)
RPM|DEB|TGZ|TXZ)
;;
*)
if [ "${RKHINST_ACTION}" = "install" ]; then
......@@ -242,6 +257,13 @@ selectTemplate() { # Take input from the "--install parameter"
SYSCONFIGDIR="${TGZ_BUILD_ROOT}/etc"
fi
;;
TXZ)
if [ $TXZ_USING_ROOT -eq 1 ]; then
SYSCONFIGDIR="/etc"
else
SYSCONFIGDIR="${TXZ_BUILD_ROOT}/etc"
fi
;;
*)
SYSCONFIGDIR="/etc"
;;
......@@ -320,6 +342,23 @@ selectTemplate() { # Take input from the "--install parameter"
VARDIR="${TGZ_BUILD_ROOT}/var"
fi
SHAREDIR="${PREFIX}/share"
;;
TXZ)
if [ "${UNAMEM}" = "x86_64" -o "${UNAMEM}" = "ppc64" ]; then
LIBDIR="${PREFIX}/lib64"
else
LIBDIR="${PREFIX}/lib"
fi
BINDIR="${PREFIX}/bin"
if [ $TXZ_USING_ROOT -eq 1 ]; then
VARDIR="/var"
else
VARDIR="${TXZ_BUILD_ROOT}/var"
fi
SHAREDIR="${PREFIX}/share"
;;
*)
......@@ -353,6 +392,7 @@ selectTemplate() { # Take input from the "--install parameter"
RKHINST_ETC_DIR="${SYSCONFIGDIR}"
RKHINST_BIN_DIR="${BINDIR}"
RKHINST_SCRIPT_DIR="${LIBDIR}/${APPNAME}/scripts"
RKHINST_MAN_DIR="${SHAREDIR}/man/man8"
if [ "${RKHINST_LAYOUT}" = "oldschool" ]; then
RKHINST_DB_DIR="${VARDIR}/${APPNAME}/db"
......@@ -363,13 +403,17 @@ selectTemplate() { # Take input from the "--install parameter"
RKHINST_TMP_DIR="${VARDIR}/lib/${APPNAME}/tmp"
RKHINST_DOC_DIR="${SHAREDIR}/doc/${APPNAME}"
RKHINST_SCRIPT_DIR="${SHAREDIR}/${APPNAME}/scripts"
elif [ "${RKHINST_LAYOUT}" = "TXZ" ]; then
RKHINST_DB_DIR="${VARDIR}/lib/${APPNAME}/db"
RKHINST_TMP_DIR="${VARDIR}/lib/${APPNAME}/tmp"
RKHINST_DOC_DIR="${PREFIX}/doc/${APPNAME}-${APPVERSION}"
RKHINST_MAN_DIR="${PREFIX}/man/man8"
else
RKHINST_DB_DIR="${VARDIR}/lib/${APPNAME}/db"
RKHINST_TMP_DIR="${VARDIR}/lib/${APPNAME}/tmp"
RKHINST_DOC_DIR="${SHAREDIR}/doc/${APPNAME}-${APPVERSION}"
fi
RKHINST_MAN_DIR="${SHAREDIR}/man/man8"
RKHINST_LANG_DIR="${RKHINST_DB_DIR}/i18n"
RKHINST_ETC_FILE="${APPNAME}.conf"
......@@ -493,7 +537,7 @@ useCVS() {
fi
case "${RKHINST_LAYOUT}" in
RPM|DEB|TGZ)
RPM|DEB|TGZ|TXZ)
;;
*)
for ITEM in `find ./files`; do
......@@ -533,7 +577,7 @@ doInstall() {
fi
case "${RKHINST_LAYOUT}" in
RPM|DEB|TGZ)
RPM|DEB|TGZ|TXZ)
;;
*)
for ITEM in `find ./files`; do
......@@ -581,7 +625,7 @@ doInstall() {
fi
case "${RKHINST_LAYOUT}" in
RPM|DEB|TGZ)
RPM|DEB|TGZ|TXZ)
;;
*)
# Check PREFIX
......@@ -802,7 +846,7 @@ doInstall() {
# Application
for FILE in ${RKHINST_BIN_FILES}; do
case "${RKHINST_LAYOUT}" in
RPM|DEB|TGZ)
RPM|DEB|TGZ|TXZ)
cp -f ./files/"${FILE}" "${RKHINST_BIN_DIR}/${FILE}" >/dev/null 2>&1
ERRCODE=$?
......@@ -876,7 +920,7 @@ doInstall() {
fi
case "${RKHINST_LAYOUT}" in
RPM|DEB|TGZ)
RPM|DEB|TGZ|TXZ)
;;
*)
echo " >>>"
......@@ -912,6 +956,12 @@ doInstall() {
echo "SCRIPTDIR=${RKHINST_SCRIPT_DIR}" | sed "s|${TGZ_BUILD_ROOT}||g" >>"${RKHINST_ETC_DIR}/${FILE}"
echo "TMPDIR=${RKHINST_TMP_DIR}" | sed "s|${TGZ_BUILD_ROOT}||g" >>"${RKHINST_ETC_DIR}/${FILE}"
echo "USER_FILEPROP_FILES_DIRS=${RKHINST_ETC_DIR}/${FILE}" | sed "s|${TGZ_BUILD_ROOT}||g" >>"${RKHINST_ETC_DIR}/${FILE}"
elif [ -n "${TXZ_BUILD_ROOT}" -a $TXZ_USING_ROOT -eq 0 ]; then
echo "INSTALLDIR=${PREFIX}" | sed "s|${TXZ_BUILD_ROOT}||g" >>"${RKHINST_ETC_DIR}/${FILE}"
echo "DBDIR=${RKHINST_DB_DIR}" | sed "s|${TXZ_BUILD_ROOT}||g" >>"${RKHINST_ETC_DIR}/${FILE}"
echo "SCRIPTDIR=${RKHINST_SCRIPT_DIR}" | sed "s|${TXZ_BUILD_ROOT}||g" >>"${RKHINST_ETC_DIR}/${FILE}"
echo "TMPDIR=${RKHINST_TMP_DIR}" | sed "s|${TXZ_BUILD_ROOT}||g" >>"${RKHINST_ETC_DIR}/${FILE}"
echo "USER_FILEPROP_FILES_DIRS=${RKHINST_ETC_DIR}/${FILE}" | sed "s|${TXZ_BUILD_ROOT}||g" >>"${RKHINST_ETC_DIR}/${FILE}"
elif [ -n "${DEB_BUILD_ROOT}" ]; then
# Debian builds are handled with a patch during the build process.
:
......@@ -952,7 +1002,7 @@ doInstall() {
# to avoid warnings when rkhunter is first run.
case "${RKHINST_LAYOUT}" in
RPM|DEB|TGZ) # This is done by a %post section in the spec file / postinst file.
RPM|DEB|TGZ|TXZ) # This is done by a %post section in the spec file / postinst file.
;;
*)
cp -p /etc/passwd ${RKHINST_TMP_DIR} >/dev/null 2>&1
......@@ -1174,7 +1224,7 @@ while [ $# -ge 1 ]; do
exit 1
fi
;;
default|oldschool|/usr|/usr/local|RPM|DEB|TGZ)
default|oldschool|/usr|/usr/local|RPM|DEB|TGZ|TXZ)
RKHINST_LAYOUT="$1"
;;
*)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment