Hello community, here is the log from the commit of package lynis for openSUSE:Factory checked in at 2013-12-13 11:58:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lynis (Old) and /work/SRC/openSUSE:Factory/.lynis.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lynis" Changes: -------- --- /work/SRC/openSUSE:Factory/lynis/lynis.changes 2013-06-24 09:34:47.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.lynis.new/lynis.changes 2013-12-13 11:58:39.000000000 +0100 @@ -1,0 +2,38 @@ +Wed Dec 11 20:14:06 UTC 2013 - [email protected] + +- updated to version 1.3.7 +- Changelog: + * FileExists() and SearchItem() functions were added. The yum-security + check and iptables binary check were improved, and the report was + extended to show which tests have been executed or skipped +- updated patch + * lynis_1.3.7_include-test-filesystem.diff + +------------------------------------------------------------------- +Tue Dec 10 18:46:14 UTC 2013 - [email protected] + +- updated to version 1.3.6 +- Removed patches (obsolete): + * lynis_1.3.5_include_binaries.diff + +- Updated patches + * lynis_1.3.6_include_osdetection.diff + * lynis_1.3.6_include-test-kernel.diff + +------------------------------------------------------------------- +Sun Nov 24 14:29:06 UTC 2013 - [email protected] + +- updated to version 1.3.5 + +- Updated patches: + o lynis_1.3.1_lynis.diff + o lynis_1.3.1_include_binaries.diff + o lynis_1.3.1_include-osdetection.diff + o lynis_1.3.1_include-test-kernel.diff + +- Removed patches (obsolete) + o lynis_1.3.1_include-test-databases.diff + o lynis_1.3.1_include-test-storage.diff + o lynis_1.3.1_include-test-homedirs.diff + +------------------------------------------------------------------- Old: ---- lynis-1.3.0.tar.bz2 lynis_1.3.0_include-osdetection.diff lynis_1.3.0_include-test-databases.diff lynis_1.3.0_include-test-filesystem.diff lynis_1.3.0_include-test-homedirs.diff lynis_1.3.0_include-test-kernel.diff lynis_1.3.0_include-test-storage.diff lynis_1.3.0_include_binaries.diff lynis_1.3.0_include_consts.diff lynis_1.3.0_lynis.diff New: ---- lynis-1.3.7.tar.gz lynis_1.3.1_include_consts.diff lynis_1.3.5_lynis.diff lynis_1.3.6_include-osdetection.diff lynis_1.3.6_include-test-kernel.diff lynis_1.3.7_include-test-filesystem.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lynis.spec ++++++ --- /var/tmp/diff_new_pack.KjDiEx/_old 2013-12-13 11:58:41.000000000 +0100 +++ /var/tmp/diff_new_pack.KjDiEx/_new 2013-12-13 11:58:41.000000000 +0100 @@ -2,7 +2,7 @@ # spec file for package lynis # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. -# Copyright (c) 2009-2011 Sascha Manns <[email protected]> +# Copyright (c) 2009-2013 Sascha Manns <[email protected]> # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,19 +17,22 @@ # +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + %define _includedir /usr/share/lynis/include %define _pluginsdir /usr/share/lynis/plugins %define _dbdir /usr/share/lynis/db %define _bindir /usr/bin Name: lynis -Version: 1.3.0 +Version: 1.3.7 Release: 1 Summary: Security and System auditing tool License: GPL-3.0 Group: System/Monitoring Url: http://www.rootkit.nl/projects/lynis.html -Source0: %{name}-%{version}.tar.bz2 +Source0: http://cisofy.com/files/%{name}-%{version}.tar.gz Source1: default.prf Source2: tests_binary_rpath Source3: tests_file_permissionsDB @@ -43,18 +46,12 @@ Source11: dbus-whitelist.db.openSUSE_12.2_x86_64 Source12: fileperms.db.openSUSE_12.2_x86_64 # PATCH-OPENSUSE-FIX -- [email protected] - modifying for openSUSE -Patch0: %{name}_%{version}_lynis.diff -# PATCH-OPENSUSE-FIX -- [email protected] - modifying for openSUSE -Patch2: %{name}_%{version}_include_consts.diff -# PATCH-OPENSUSE-FIX -- [email protected] - modifying for openSUSE -Patch3: %{name}_%{version}_include_binaries.diff +Patch0: %{name}_1.3.5_lynis.diff # PATCH-OPENSUSE-FIX -- [email protected] - modifying for openSUSE -Patch4: %{name}_%{version}_include-test-databases.diff -Patch5: %{name}_%{version}_include-osdetection.diff -Patch6: %{name}_%{version}_include-test-filesystem.diff -Patch7: %{name}_%{version}_include-test-kernel.diff -Patch8: %{name}_%{version}_include-test-storage.diff -Patch9: %{name}_%{version}_include-test-homedirs.diff +Patch2: %{name}_1.3.1_include_consts.diff +Patch5: %{name}_1.3.6_include-osdetection.diff +Patch6: %{name}_1.3.7_include-test-filesystem.diff +Patch7: %{name}_1.3.6_include-test-kernel.diff BuildRequires: gcc-c++ BuildRequires: libxml2-devel PreReq: %fillup_prereq @@ -82,15 +79,10 @@ %prep %setup -q %patch0 -#%patch1 %patch2 -%patch3 -%patch4 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 +%patch5 +%patch6 +%patch7 %build @@ -130,8 +122,9 @@ #ln -s $(basename %{SOURCE11}) %{_dbdir}/dbus-whitelist.db #ln -s $(basename %{SOURCE12}) %{_dbdir}/fileperms.db -%clean -%__rm -rf %{buildroot} +# pacify rpmlint +#rm %{buildroot}%{_includedir}/tests_filesystems.orig +chmod +x %{buildroot}%{_pluginsdir}/custom_plugin.template %files %defattr(-,root,root) ++++++ lynis_1.3.0_include_consts.diff -> lynis_1.3.1_include_consts.diff ++++++ ++++++ lynis_1.3.0_lynis.diff -> lynis_1.3.5_lynis.diff ++++++ --- /work/SRC/openSUSE:Factory/lynis/lynis_1.3.0_lynis.diff 2012-02-29 14:08:29.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.lynis.new/lynis_1.3.5_lynis.diff 2013-12-13 11:58:39.000000000 +0100 @@ -2,30 +2,15 @@ =================================================================== --- lynis.orig +++ lynis -@@ -464,6 +464,14 @@ REPORT_version="${REPORT_version_major}. - # - ################################################################################# - # +@@ -512,7 +512,10 @@ + webservers ssh snmp databases ldap php squid logging \ + insecure_services banners scheduling accounting \ + time crypto virtualization mac_frameworks file_integrity hardening_tools \ +- malware file_permissions homedirs kernel_hardening hardening" ++ malware file_permissions file_permissionsDB homedirs kernel_hardening hardening \ ++ system_dbus users_wo_password binary_rpath tmp_symlinks file_permissions_ww \ ++ system_proc network_allowed_ports" + -+# -+################################################################################# -+# -+ # init totl number of files -+ FILE_NUM_TOTAL=$(find / -xdev \( -type f -o -type d -o -type s -o -type b -type p -o -type c \) | wc -l | cut -d' ' -f1) -+ -+ - # Test sections - if [ "${TESTS_CATEGORY_TO_PERFORM}" = "" ]; then - #YYY insert plugin support -@@ -474,7 +482,9 @@ REPORT_version="${REPORT_version_major}. - webservers ssh snmp databases ldap php squid logging \ - insecure_services banners scheduling accounting \ - time crypto virtualization mac_frameworks file_integrity hardening_tools \ -- malware file_permissions homedirs kernel_hardening hardening" -+ malware file_permissions file_permissionsDB homedirs kernel_hardening hardening \ -+ system_dbus users_wo_password binary_rpath tmp_symlinks file_permissions_ww \ -+ system_proc network_allowed_ports" else INCLUDE_TESTS="${TESTS_CATEGORY_TO_PERFORM}" - fi - + logtext "Info: only performing tests from categories: ${TESTS_CATEGORY_TO_PERFORM}" ++++++ lynis_1.3.0_include-osdetection.diff -> lynis_1.3.6_include-osdetection.diff ++++++ --- /work/SRC/openSUSE:Factory/lynis/lynis_1.3.0_include-osdetection.diff 2013-01-14 09:43:11.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.lynis.new/lynis_1.3.6_include-osdetection.diff 2013-12-13 11:58:40.000000000 +0100 @@ -1,12 +1,13 @@ -diff -ENbru lynis-1.3.0/include/osdetection lynis-1.3.0_suse/include/osdetection ---- lynis-1.3.0/include/osdetection 2011-12-25 15:56:38.000000000 +0100 -+++ lynis-1.3.0_suse/include/osdetection 2013-01-10 13:22:29.836598135 +0100 -@@ -157,7 +157,7 @@ - if [ -e "/etc/yellowdog-release" ]; then OS_FULLNAME=`cat /etc/yellowdog-release`; fi +Index: include/osdetection +=================================================================== +--- include/osdetection.orig ++++ include/osdetection +@@ -242,7 +242,7 @@ + OS_NAME="${LINUX_VERSION}" + fi + # If Linux version (full name) is unknown, use uname value +- if [ "${OS_FULLNAME}" = "" ]; then OS_FULLNAME=`uname -s -r`; fi ++ #if [ "${OS_FULLNAME}" = "" ]; then OS_FULLNAME=`uname -s -r`; fi + SYSCTL_READKEY="sysctl -n" - # If Linux version is unknown, use uname value -- if [ "${OS_FULLNAME}" = "" ]; then OS_FULLNAME=`uname -s -r`; fi -+ #if [ "${OS_FULLNAME}" = "" ]; then OS_FULLNAME=`uname -s -r`; fi - SYSCTL_READKEY="sysctl -n" - - ;; + ;; ++++++ lynis_1.3.0_include-test-kernel.diff -> lynis_1.3.6_include-test-kernel.diff ++++++ --- /work/SRC/openSUSE:Factory/lynis/lynis_1.3.0_include-test-kernel.diff 2013-01-14 09:43:11.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.lynis.new/lynis_1.3.6_include-test-kernel.diff 2013-12-13 11:58:40.000000000 +0100 @@ -1,12 +1,13 @@ -diff -ENbru lynis-1.3.0/include/tests_kernel lynis-1.3.0_suse/include/tests_kernel ---- lynis-1.3.0/include/tests_kernel 2011-12-25 15:56:11.000000000 +0100 -+++ lynis-1.3.0_suse/include/tests_kernel 2013-01-10 11:54:16.288498525 +0100 -@@ -280,7 +280,7 @@ - - # Sysctl option - logtext "Test: Checking sysctl value of fs.suid_dumpable" -- FIND=`sysctl fs.suid_dumpable | awk '{ if ($1=="fs.suid_dumplable") { print $3 } }'` -+ FIND=`/sbin/sysctl fs.suid_dumpable | awk '{ if ($1=="fs.suid_dumplable") { print $3 } }'` - logtext "Result: value ${FIND} found" - if [ "${FIND}" = "1" ]; then - logtext "Result: setuid programs can perform core dumps" +Index: include/tests_kernel +=================================================================== +--- include/tests_kernel.orig ++++ include/tests_kernel +@@ -324,7 +324,7 @@ + + # Sysctl option + logtext "Test: Checking sysctl value of fs.suid_dumpable" +- FIND=`sysctl fs.suid_dumpable | awk '{ if ($1=="fs.suid_dumpable") { print $3 } }'` ++ FIND=`/sbin/sysctl fs.suid_dumpable | awk '{ if ($1=="fs.suid_dumpable") { print $3 } }'` + logtext "Result: value ${FIND} found" + if [ "${FIND}" = "2" ]; then + logtext "Result: programs can dump core dump, but only readable by root (value 2, for debugging with file protection)" ++++++ lynis_1.3.0_include-test-filesystem.diff -> lynis_1.3.7_include-test-filesystem.diff ++++++ --- /work/SRC/openSUSE:Factory/lynis/lynis_1.3.0_include-test-filesystem.diff 2013-01-14 09:43:11.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.lynis.new/lynis_1.3.7_include-test-filesystem.diff 2013-12-13 11:58:40.000000000 +0100 @@ -1,11 +1,13 @@ ---- lynis-1.3.0/include/tests_filesystems 2011-12-25 15:55:27.000000000 +0100 -+++ lynis-1.3.0_suse/include/tests_filesystems 2013-01-10 11:56:13.279292980 +0100 -@@ -314,7 +314,7 @@ - if [ ! "${FIND1}" = "" ]; then - logtext "Result: found ${FIND1}" - logtext "Test: Checking default options on ${FIND1}" -- FIND2=`tune2fs -l ${FIND1} | grep "^Default mount options" | grep "acl"` -+ FIND2=`/sbin/tune2fs -l ${FIND1} | grep "^Default mount options" | grep "acl"` - if [ ! "${FIND2}" = "" ]; then - logtext "Result: found ACL option in default mount options" - FOUND=1 +Index: include/tests_filesystems +=================================================================== +--- include/tests_filesystems.orig ++++ include/tests_filesystems +@@ -342,7 +342,7 @@ + if [ ! "${FIND1}" = "" ]; then + logtext "Result: found ${FIND1}" + logtext "Test: Checking default options on ${FIND1}" +- FIND2=`tune2fs -l ${FIND1} | grep "^Default mount options" | grep "acl"` ++ FIND2=`/sbin/tune2fs -l ${FIND1} | grep "^Default mount options" | grep "acl"` + if [ ! "${FIND2}" = "" ]; then + logtext "Result: found ACL option in default mount options" + FOUND=1 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
