Hello community, here is the log from the commit of package lynis for openSUSE:Factory checked in at 2013-01-14 09:43:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lynis (Old) and /work/SRC/openSUSE:Factory/.lynis.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lynis", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/lynis/lynis.changes 2012-02-29 14:08:29.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.lynis.new/lynis.changes 2013-01-14 09:43:11.000000000 +0100 @@ -1,0 +2,13 @@ +Thu Jan 10 16:53:32 UTC 2013 - [email protected] + +- fixed test_homedirs + +------------------------------------------------------------------- +Thu Jan 10 16:46:02 UTC 2013 - [email protected] + +- some bugfixing for pathnames, didn't work with sudo +- improved default.prf by adding more sysctl vars +- fixed test_storage +- generated fileperm.db and dbus-whitelist for 12.2 + +------------------------------------------------------------------- Old: ---- dbus-whitelist.db lynis_1.3.0_db-fileperms.diff New: ---- dbus-whitelist.db.openSUSE_12.2_x86_64 fileperms.db.openSUSE_12.2_x86_64 lynis_1.3.0_include-osdetection.diff lynis_1.3.0_include-test-filesystem.diff lynis_1.3.0_include-test-homedirs.diff lynis_1.3.0_include-test-kernel.diff lynis_1.3.0_include-test-storage.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lynis.spec ++++++ --- /var/tmp/diff_new_pack.9cMQRX/_old 2013-01-14 09:43:12.000000000 +0100 +++ /var/tmp/diff_new_pack.9cMQRX/_new 2013-01-14 09:43:12.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package lynis # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2009-2011 Sascha Manns <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -25,10 +25,10 @@ Name: lynis Version: 1.3.0 Release: 1 -License: GPL-3.0 Summary: Security and System auditing tool -Url: http://www.rootkit.nl/projects/lynis.html +License: GPL-3.0 Group: System/Monitoring +Url: http://www.rootkit.nl/projects/lynis.html Source0: %{name}-%{version}.tar.bz2 Source1: default.prf Source2: tests_binary_rpath @@ -40,17 +40,21 @@ Source8: tests_tmp_symlinks Source9: tests_users_wo_password Source10: prepare_for_suse.sh -Source11: dbus-whitelist.db +Source11: dbus-whitelist.db.openSUSE_12.2_x86_64 +Source12: fileperms.db.openSUSE_12.2_x86_64 # PATCH-OPENSUSE-FIX -- [email protected] - modifying for openSUSE Patch0: %{name}_%{version}_lynis.diff # PATCH-OPENSUSE-FIX -- [email protected] - modifying for openSUSE -Patch1: %{name}_%{version}_db-fileperms.diff -# PATCH-OPENSUSE-FIX -- [email protected] - modifying for openSUSE Patch2: %{name}_%{version}_include_consts.diff # PATCH-OPENSUSE-FIX -- [email protected] - modifying for openSUSE Patch3: %{name}_%{version}_include_binaries.diff # PATCH-OPENSUSE-FIX -- [email protected] - modifying for openSUSE Patch4: %{name}_%{version}_include-test-databases.diff +Patch5: %{name}_%{version}_include-osdetection.diff +Patch6: %{name}_%{version}_include-test-filesystem.diff +Patch7: %{name}_%{version}_include-test-kernel.diff +Patch8: %{name}_%{version}_include-test-storage.diff +Patch9: %{name}_%{version}_include-test-homedirs.diff BuildRequires: gcc-c++ BuildRequires: libxml2-devel PreReq: %fillup_prereq @@ -78,10 +82,15 @@ %prep %setup -q %patch0 -%patch1 +#%patch1 %patch2 %patch3 %patch4 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 %build @@ -115,7 +124,11 @@ # install database files %__install -d %{buildroot}%{_dbdir} %__install -pm 644 db/* %{buildroot}%{_dbdir} -%__install -pm 644 %{SOURCE11} %{buildroot}%{_dbdir} +%__install -pm 644 %{SOURCE11} %{buildroot}%{_dbdir}/dbus-whitelist.db +%__install -pm 644 %{SOURCE12} %{buildroot}%{_dbdir}/fileperms.db +#rm %{buildroot}%{_dbdir}/fileperms.db +#ln -s $(basename %{SOURCE11}) %{_dbdir}/dbus-whitelist.db +#ln -s $(basename %{SOURCE12}) %{_dbdir}/fileperms.db %clean %__rm -rf %{buildroot} ++++++ dbus-whitelist.db.openSUSE_12.2_x86_64 ++++++ avahi-dbus.conf bluetooth.conf com.redhat.NewPrinterNotification.conf com.redhat.PrinterDriversInstaller.conf ConsoleKit.conf cups.conf dnsmasq.conf gdm.conf hal.conf nm-avahi-autoipd.conf nm-dhcp-client.conf nm-dispatcher.conf nm-openconnect-service.conf nm-openvpn-service.conf nm-pptp-service.conf nm-vpnc-service.conf org.blueman.Mechanism.conf org.freedesktop.Accounts.conf org.freedesktop.colord-sane.conf org.freedesktop.ColorManager.conf org.freedesktop.hostname1.conf org.freedesktop.locale1.conf org.freedesktop.login1.conf org.freedesktop.ModemManager.conf org.freedesktop.NetworkManager.conf org.freedesktop.PackageKit.conf org.freedesktop.PolicyKit1.conf org.freedesktop.PolicyKit.conf org.freedesktop.RealtimeKit1.conf org.freedesktop.systemd1.conf org.freedesktop.timedate1.conf org.freedesktop.UDisks2.conf org.freedesktop.UDisks.conf org.freedesktop.UPower.conf org.gnome.GConf.Defaults.conf org.gnome.SettingsDaemon.DateTimeMechanism.conf org.kde.auth.conf org.kde.fontinst.conf org.kde.kcontrol.k3bsetup.conf org.kde.kcontrol.kcmclock.conf org.kde.kcontrol.kcmkdm.conf org.kde.kcontrol.kcmremotewidgets.conf org.kde.ksysguard.processlisthelper.conf org.kde.polkitkde1.helper.conf org.kde.powerdevil.backlighthelper.conf org.opensuse.CupsPkHelper.Mechanism.conf pulseaudio-system.conf skype.conf wpa_supplicant.conf fi.epitest.hostap.WPASupplicant.service fi.w1.wpa_supplicant1.service org.blueman.Mechanism.service org.freedesktop.Accounts.service org.freedesktop.Avahi.service org.freedesktop.colord-sane.service org.freedesktop.ColorManager.service org.freedesktop.ConsoleKit.service org.freedesktop.Hal.service org.freedesktop.hostname1.service org.freedesktop.locale1.service org.freedesktop.login1.service org.freedesktop.ModemManager.service org.freedesktop.nm_dispatcher.service org.freedesktop.PackageKit.service org.freedesktop.PolicyKit1.service org.freedesktop.PolicyKit.service org.freedesktop.RealtimeKit1.service org.freedesktop.systemd1.service org.freedesktop.timedate1.service org.freedesktop.UDisks2.service org.freedesktop.UDisks.service org.freedesktop.UPower.service org.gnome.GConf.Defaults.service org.gnome.SettingsDaemon.DateTimeMechanism.service org.kde.fontinst.service org.kde.kcontrol.k3bsetup.service org.kde.kcontrol.kcmclock.service org.kde.kcontrol.kcmkdm.service org.kde.kcontrol.kcmremotewidgets.service org.kde.ksysguard.processlisthelper.service org.kde.polkitkde1.helper.service org.kde.powerdevil.backlighthelper.service org.opensuse.CupsPkHelper.Mechanism.service ++++++ fileperms.db.openSUSE_12.2_x86_64 ++++++ file:/var/run/uscreens/:1777:root:root:Linux: file:/etc/crontab:644:root:root:Linux: file:/etc/exports:644:root:root:Linux: file:/etc/fstab:644:root:root:Linux: file:/etc/ftpaccess:644:root:root:Linux: file:/etc/ftpusers:644:root:root:Linux: file:/etc/rmtab:644:root:root:Linux: file:/var/lib/nfs/rmtab:644:root:root:Linux: file:/etc/syslog.conf:644:root:root:Linux: file:/bin/su:4755:root:root:Linux: file:/usr/bin/at:4755:root:trusted:Linux: file:/usr/bin/crontab:4755:root:trusted:Linux: file:/usr/bin/gpasswd:4755:root:shadow:Linux: file:/usr/bin/newgrp:4755:root:root:Linux: file:/usr/bin/passwd:4755:root:shadow:Linux: file:/usr/bin/chfn:4755:root:shadow:Linux: file:/usr/bin/chage:4755:root:shadow:Linux: file:/usr/bin/chsh:4755:root:shadow:Linux: file:/usr/bin/expiry:4755:root:shadow:Linux: file:/usr/bin/sudo:4755:root:root:Linux: file:/usr/sbin/su-wrapper:4755:root:root:Linux: file:/usr/bin/opiepasswd:4755:root:root:Linux: file:/usr/bin/ncpmount:4750:root:trusted:Linux: file:/usr/bin/ncpumount:4750:root:trusted:Linux: file:/sbin/mount.nfs:4755:root:root:Linux: file:/bin/mount:4755:root:root:Linux: file:/bin/umount:4755:root:root:Linux: file:/bin/eject:4755:root:audio:Linux: file:/usr/bin/fusermount:4755:root:trusted:Linux: file:/usr/lib/majordomo/wrapper:4755:root:daemon:Linux: file:/usr/lib/pt_chown:4755:root:root:Linux: file:/usr/lib64/pt_chown:4755:root:root:Linux: file:/sbin/unix_chkpwd:4755:root:shadow:Linux: file:/sbin/unix2_chkpwd:4755:root:shadow:Linux: file:/usr/sbin/popauth:4755:pop:trusted:Linux: file:/usr/sbin/pam_auth:4755:root:shadow:Linux: file:/usr/lib/gnome-pty-helper:2755:root:utmp:Linux: file:/usr/bin/v4l-conf:4755:root:video:Linux: file:/usr/lib/ia32el/suid_ia32x_loader:4755:root:root:Linux: file:/usr/bin/ntping:4750:root:trusted:Linux: file:/usr/bin/wall:2755:root:tty:Linux: file:/usr/bin/write:2755:root:tty:Linux: file:/usr/bin/makeweb:2755:root:www:Linux: file:/usr/bin/yaps:2755:root:uucp:Linux: file:/usr/bin/nwsfind:4750:root:trusted:Linux: file:/usr/bin/ncplogin:4750:root:trusted:Linux: file:/usr/bin/ncpmap:4750:root:trusted:Linux: file:/usr/lib/lpdfilter/bin/runlpr:4755:root:root:Linux: file:/sbin/pccardctl:4755:root:trusted:Linux: file:/usr/sbin/mgnokiidev:4755:root:uucp:Linux: file:/usr/lib/pcp/pmpost:4755:root:root:Linux: file:/usr/lib/mailman/cgi-bin/admin:2755:root:mailman:Linux: file:/usr/lib/mailman/cgi-bin/admindb:2755:root:mailman:Linux: file:/usr/lib/mailman/cgi-bin/edithtml:2755:root:mailman:Linux: file:/usr/lib/mailman/cgi-bin/listinfo:2755:root:mailman:Linux: file:/usr/lib/mailman/cgi-bin/options:2755:root:mailman:Linux: file:/usr/lib/mailman/cgi-bin/private:2755:root:mailman:Linux: file:/usr/lib/mailman/cgi-bin/roster:2755:root:mailman:Linux: file:/usr/lib/mailman/cgi-bin/subscribe:2755:root:mailman:Linux: file:/usr/lib/mailman/cgi-bin/confirm:2755:root:mailman:Linux: file:/usr/lib/mailman/cgi-bin/create:2755:root:mailman:Linux: file:/usr/lib/mailman/cgi-bin/editarch:2755:root:mailman:Linux: file:/usr/lib/mailman/cgi-bin/rmlist:2755:root:mailman:Linux: file:/usr/lib/mailman/mail/mailman:2755:root:mailman:Linux: file:/usr/lib/libgnomesu/gnomesu-pam-backend:4755:root:root:Linux: file:/usr/sbin/change-passwd:4755:root:root:Linux: file:/usr/bin/get_printing_ticket:4750:root:lp:Linux: file:/bin/ping:4755:root:root:Linux: file:/bin/ping6:4755:root:root:Linux: file:/usr/sbin/mtr:4750:root:dialout:Linux: file:/usr/bin/rcp:4755:root:root:Linux: file:/usr/bin/rlogin:4755:root:root:Linux: file:/usr/bin/rsh:4755:root:root:Linux: file:/usr/bin/cl_status:2555:root:haclient:Linux: file:/usr/sbin/exim:4755:root:root:Linux: file:/usr/sbin/pppoe-wrapper:4750:root:dialout:Linux: file:/sbin/isdnctrl:4750:root:dialout:Linux: file:/usr/bin/vboxbeep:4755:root:trusted:Linux: file:/usr/lib/mc/cons.saver:4755:root:root:Linux: file:/usr/bin/jfbterm:6755:root:tty:Linux: file:/opt/kde3/bin/artswrapper:4755:root:root:Linux: file:/opt/kde3/bin/kcheckpass:4755:root:shadow:Linux: file:/usr/lib/kde4/libexec/kcheckpass:4755:root:shadow:Linux: file:/usr/lib64/kde4/libexec/kcheckpass:4755:root:shadow:Linux: file:/opt/kde3/bin/kdesud:2755:root:nogroup:Linux: file:/usr/lib/kde4/libexec/kdesud:2755:root:nogroup:Linux: file:/usr/lib64/kde4/libexec/kdesud:2755:root:nogroup:Linux: file:/opt/kde3/bin/kpac_dhcp_helper:4755:root:root:Linux: file:/opt/kde3/bin/start_kdeinit:4755:root:root:Linux: file:/usr/lib/kde4/libexec/start_kdeinit:4755:root:root:Linux: file:/usr/lib64/kde4/libexec/start_kdeinit:4755:root:root:Linux: file:/usr/bin/fileshareset:4755:root:root:Linux: file:/usr/sbin/amcheck:4750:root:amanda:Linux: file:/usr/lib/amanda/calcsize:4750:root:amanda:Linux: file:/usr/lib/amanda/rundump:4750:root:amanda:Linux: file:/usr/lib/amanda/planner:4750:root:amanda:Linux: file:/usr/lib/amanda/runtar:4750:root:amanda:Linux: file:/usr/lib/amanda/dumper:4750:root:amanda:Linux: file:/usr/lib/amanda/killpgrp:4750:root:amanda:Linux: file:/usr/lib/gnats/gen-index:4555:gnats:root:Linux: file:/usr/lib/gnats/pr-edit:4555:gnats:root:Linux: file:/usr/lib/gnats/queue-pr:4555:gnats:root:Linux: file:/usr/lib/news/bin/rnews:4550:news:uucp:Linux: file:/usr/lib/news/bin/inews:2555:news:news:Linux: file:/usr/lib/news/bin/innbind:4554:root:news:Linux: file:/usr/lib/mgetty+sendfax/faxq-helper:4755:fax:root:Linux: file:/var/spool/fax/outgoing/:0755:fax:root:Linux: file:/var/spool/fax/outgoing/locks:0755:fax:root:Linux: file:/var/spool/uucppublic/:1777:root:root:Linux: file:/usr/bin/uucp:6555:uucp:uucp:Linux: file:/usr/bin/uuname:6555:uucp:uucp:Linux: file:/usr/bin/uustat:6555:uucp:uucp:Linux: file:/usr/bin/uux:6555:uucp:uucp:Linux: file:/usr/lib/uucp/uucico:6555:uucp:uucp:Linux: file:/usr/lib/uucp/uuxqt:6555:uucp:uucp:Linux: file:/usr/lib/PolicyKit/polkit-set-default-helper:4755:polkituser:root:Linux: file:/usr/lib/PolicyKit/polkit-read-auth-helper:2755:root:polkituser:Linux: file:/usr/lib/PolicyKit/polkit-revoke-helper:2755:root:polkituser:Linux: file:/usr/lib/PolicyKit/polkit-explicit-grant-helper:2755:root:polkituser:Linux: file:/usr/lib/PolicyKit/polkit-grant-helper:2755:root:polkituser:Linux: file:/usr/lib/PolicyKit/polkit-grant-helper-pam:4750:root:polkituser:Linux: file:/usr/lib/polkit-1/polkit-agent-helper-1:4755:root:root:Linux: file:/usr/bin/pkexec:4755:root:root:Linux: file:/lib/dbus-1/dbus-daemon-launch-helper:4750:root:messagebus:Linux: file:/lib64/dbus-1/dbus-daemon-launch-helper:4750:root:messagebus:Linux: file:/usr/bin/newrole:4755:root:root:Linux: file:/usr/lib/virtualbox/VirtualBox:4750:root:vboxusers:Linux: file:/usr/lib/virtualbox/VirtualBox3:4750:root:vboxusers:Linux: file:/usr/lib/virtualbox/VBoxBFE:4750:root:vboxusers:Linux: file:/usr/lib/virtualbox/VBoxHeadless:4750:root:vboxusers:Linux: file:/usr/lib/virtualbox/VBoxSDL:4750:root:vboxusers:Linux: file:/usr/lib/virtualbox/VBoxNetAdpCtl:4750:root:vboxusers:Linux: file:/usr/lib/virtualbox/VBoxNetDHCP:4750:root:vboxusers:Linux: file:/usr/bin/vmware-user-suid-wrapper:4755:root:root:Linux: file:/usr/sbin/lockdev:2755:root:lock:Linux: file:/usr/sbin/hawk_chkpwd:4750:root:haclient:Linux: file:/usr/sbin/hawk_invoke:4750:root:haclient:Linux: file:/usr/lib/chrome_sandbox:4755:root:root:Linux: file:/sbin/mount.ecryptfs_private:4755:root:root:Linux: file:/usr/bin/su:4755:root:root:Linux: file:/usr/sbin/mount.nfs:4755:root:root:Linux: file:/usr/bin/mount.nfs:4755:root:root:Linux: file:/usr/bin/mount:4755:root:root:Linux: file:/usr/bin/umount:4755:root:root:Linux: file:/usr/bin/eject:4755:root:audio:Linux: file:/usr/sbin/unix_chkpwd:4755:root:shadow:Linux: file:/usr/bin/unix_chkpwd:4755:root:shadow:Linux: file:/usr/sbin/unix2_chkpwd:4755:root:shadow:Linux: file:/usr/bin/unix2_chkpwd:4755:root:shadow:Linux: file:/usr/sbin/isdnctrl:4750:root:dialout:Linux: file:/usr/bin/isdnctrl:4750:root:dialout:Linux: file:/usr/sbin/pccardctl:4755:root:trusted:Linux: file:/usr/bin/pccardctl:4755:root:trusted:Linux: file:/usr/bin/ping:4755:root:root:Linux: file:/usr/bin/ping6:4755:root:root:Linux: file:/var/log/messages:0644:root.root:Linux: ++++++ lynis_1.3.0_include-osdetection.diff ++++++ diff -ENbru lynis-1.3.0/include/osdetection lynis-1.3.0_suse/include/osdetection --- lynis-1.3.0/include/osdetection 2011-12-25 15:56:38.000000000 +0100 +++ lynis-1.3.0_suse/include/osdetection 2013-01-10 13:22:29.836598135 +0100 @@ -157,7 +157,7 @@ if [ -e "/etc/yellowdog-release" ]; then OS_FULLNAME=`cat /etc/yellowdog-release`; fi # If Linux version is unknown, use uname value - if [ "${OS_FULLNAME}" = "" ]; then OS_FULLNAME=`uname -s -r`; fi + #if [ "${OS_FULLNAME}" = "" ]; then OS_FULLNAME=`uname -s -r`; fi SYSCTL_READKEY="sysctl -n" ;; ++++++ lynis_1.3.0_include-test-databases.diff ++++++ --- /var/tmp/diff_new_pack.9cMQRX/_old 2013-01-14 09:43:13.000000000 +0100 +++ /var/tmp/diff_new_pack.9cMQRX/_new 2013-01-14 09:43:13.000000000 +0100 @@ -7,7 +7,7 @@ Register --test-no DBS-1840 --weight L --network NO --description "Checking active Oracle processes" if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${PSBINARY} ax | grep "ora_pmon|ora_smon|tnslsnr" | grep -v "grep"` -+ FIND=`${PSBINARY} ax | egrep "ora_pmon|ora_smon|tnslsnr" | grep -v "grep"` ++ FIND=`${PSBINARY} ax | grep -E "ora_pmon|ora_smon|tnslsnr" | grep -v "grep"` if [ "${FIND}" = "" ]; then Display --indent 2 --text "- Oracle processes status..." --result "NOT FOUND" --color WHITE logtext "Result: Oracle process(es) not active" ++++++ lynis_1.3.0_include-test-filesystem.diff ++++++ --- lynis-1.3.0/include/tests_filesystems 2011-12-25 15:55:27.000000000 +0100 +++ lynis-1.3.0_suse/include/tests_filesystems 2013-01-10 11:56:13.279292980 +0100 @@ -314,7 +314,7 @@ if [ ! "${FIND1}" = "" ]; then logtext "Result: found ${FIND1}" logtext "Test: Checking default options on ${FIND1}" - FIND2=`tune2fs -l ${FIND1} | grep "^Default mount options" | grep "acl"` + FIND2=`/sbin/tune2fs -l ${FIND1} | grep "^Default mount options" | grep "acl"` if [ ! "${FIND2}" = "" ]; then logtext "Result: found ACL option in default mount options" FOUND=1 ++++++ lynis_1.3.0_include-test-homedirs.diff ++++++ --- lynis-1.3.0/include/tests_homedirs 2011-12-25 15:55:58.000000000 +0100 +++ lynis-1.3.0_suse/include/tests_homedirs 2013-01-10 17:50:44.652450705 +0100 @@ -54,7 +54,7 @@ Register --test-no HOME-9310 --weight L --network NO --description "Checking for suspicious shell history files" if [ ${SKIPTEST} -eq 0 ]; then if [ ! "${HOMEDIRS}" = "" ]; then - if [ ${OS} = "Solaris" ]; then + if [ "${OS}" = "Solaris" ]; then # Solaris doesn't support -maxdepth FIND=`find ${HOMEDIRS} -name ".*history" -not -type f -print` else ++++++ lynis_1.3.0_include-test-kernel.diff ++++++ diff -ENbru lynis-1.3.0/include/tests_kernel lynis-1.3.0_suse/include/tests_kernel --- lynis-1.3.0/include/tests_kernel 2011-12-25 15:56:11.000000000 +0100 +++ lynis-1.3.0_suse/include/tests_kernel 2013-01-10 11:54:16.288498525 +0100 @@ -280,7 +280,7 @@ # Sysctl option logtext "Test: Checking sysctl value of fs.suid_dumpable" - FIND=`sysctl fs.suid_dumpable | awk '{ if ($1=="fs.suid_dumplable") { print $3 } }'` + FIND=`/sbin/sysctl fs.suid_dumpable | awk '{ if ($1=="fs.suid_dumplable") { print $3 } }'` logtext "Result: value ${FIND} found" if [ "${FIND}" = "1" ]; then logtext "Result: setuid programs can perform core dumps" ++++++ lynis_1.3.0_include-test-storage.diff ++++++ --- lynis-1.3.0/include/tests_storage 2011-12-25 14:54:21.000000000 +0100 +++ lynis-1.3.0_suse/include/tests_storage 2013-01-10 12:04:19.129284146 +0100 @@ -25,7 +25,7 @@ FOUND=0 logtext "Test: Checking USB storage driver in directory /etc/modprobe.d and configuration file /etc/modprobe.conf" if [ -d /etc/modprobe.d ]; then - FIND=`grep "install usb-storage /bin/true" /etc/modprobe.d | grep "usb-storage" | grep -v "#"` + FIND=`grep "install usb-storage /bin/true" /etc/modprobe.d/* | grep "usb-storage" | grep -v "#"` if [ ! "${FIND}" = "" ]; then FOUND=1 logtext "Result: found usb-storage driver in disabled state" @@ -61,8 +61,8 @@ FOUND=0 logtext "Test: Checking firewire storage driver in directory /etc/modprobe.d and configuration file /etc/modprobe.conf" if [ -d /etc/modprobe.d ]; then - FIND1=`egrep "blacklist (ohci1394|firewire-ohci)" /etc/modprobe.d | grep "ohci" | grep -v "#"` - FIND2=`egrep "install (ohci1394|firewire-ohci) /bin/true" /etc/modprobe.d | grep "ohci" | grep -v "#"` + FIND1=`egrep "blacklist (ohci1394|firewire-ohci)" /etc/modprobe.d/* | grep "ohci" | grep -v "#"` + FIND2=`egrep "install (ohci1394|firewire-ohci) /bin/true" /etc/modprobe.d/* | grep "ohci" | grep -v "#"` if [ ! "${FIND1}" = "" -o ! "${FIND2}" = "" ]; then FOUND=1 logtext "Result: found firewire ohci driver in disabled state" ++++++ prepare_for_suse.sh ++++++ --- /var/tmp/diff_new_pack.9cMQRX/_old 2013-01-14 09:43:13.000000000 +0100 +++ /var/tmp/diff_new_pack.9cMQRX/_new 2013-01-14 09:43:13.000000000 +0100 @@ -1,33 +1,48 @@ -#!/bin/bash +#!/bin/bash umask 0077 +OSVERS=$(grep VERSION /etc/SuSE-release | sed "s/VERSION = //") +OS=$(head -n 1 /etc/SuSE-release | sed "s/[()]//g" | sed "s/ /_/g" +openSUSE_12.2_x86_64) + function fileperms() { - PERMS=$(grep -E "^PERMISSION_SECURITY=" -/etc/sysconfig/security | awk -F'=' '{print $2}' | sed s/\"//g) + PERMS=$(grep -E "^PERMISSION_SECURITY=" /etc/sysconfig/security | awk -F'=' '{print $2}' | sed s/\"//g) echo $PERMS for p in $PERMS do echo $p - cat "/etc/permissions."$p | grep -E "^/\w.*" | awk -F' -' '{print "file:"$1":"$3":"$2":Linux:"}' >> $TMPDIR/fileperms.lst + grep -E "^/\w.*" "/etc/permissions."$p | awk -F' ' '{print "file:"$1":"$3":"$2":Linux:"}' >> $TMPDIR/fileperms.lst done if ! [ -f db/fileperms.db.orig ]; then cp -v db/fileperms.db db/fileperms.db.orig fi - cp $TMPDIR/fileperms.lst db/fileperms.db + rm -f db/fileperms.db + cp $TMPDIR/fileperms.lst db/fileperms.db.$OS + ln -s fileperms.db.$OS db/fileperms.db } +function dbussystem() +{ + for i in $(ls -1 /usr/share/dbus-*/system-services/*.service /etc/dbus-*/system.d/*.conf 2>/dev/null) + do + basename $i >> $TMPDIR/dbus-whitelist.db.$OS + done + rm -f db/dbus-whitelist.db + cp -v $TMPDIR/dbus-whitelist.db.$OS db/ + ln -s dbus-whitelist.db.$OS db/dbus-whitelist.db +} TMPDIR=$(mktemp -d /tmp/lynis.XXXXXX) echo "prepare lynis config for your suse systems" echo "1. lookup file permission level" fileperms +echo "2. lookup dbus system serices in /etc/dbus-1/system.d/" +dbussystem - -#rm -rf $TMPDIR +rm -rf $TMPDIR -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
