Hello community, here is the log from the commit of package seccheck for openSUSE:Factory checked in at 2015-02-05 11:00:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/seccheck (Old) and /work/SRC/openSUSE:Factory/.seccheck.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "seccheck" Changes: -------- --- /work/SRC/openSUSE:Factory/seccheck/seccheck.changes 2014-12-19 09:37:31.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.seccheck.new/seccheck.changes 2015-02-05 11:00:10.000000000 +0100 @@ -1,0 +2,5 @@ +Tue Feb 3 15:41:45 UTC 2015 - [email protected] + +- bnc#914656: fixed function guessable_password_email definition + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ seccheck.spec ++++++ --- /var/tmp/diff_new_pack.peNicx/_old 2015-02-05 11:00:11.000000000 +0100 +++ /var/tmp/diff_new_pack.peNicx/_new 2015-02-05 11:00:11.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package seccheck # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++++++ seccheck-3.0-fix-bashisms.patch ++++++ --- /var/tmp/diff_new_pack.peNicx/_old 2015-02-05 11:00:11.000000000 +0100 +++ /var/tmp/diff_new_pack.peNicx/_new 2015-02-05 11:00:11.000000000 +0100 @@ -1,15 +1,17 @@ -diff -Ndur seccheck-3.0/autologout.sh seccheck-3.0-fix-bashisms/autologout.sh ---- seccheck-3.0/autologout.sh 2014-08-25 12:36:55.000000000 +0300 -+++ seccheck-3.0-fix-bashisms/autologout.sh 2014-11-16 01:16:35.375287266 +0200 +Index: seccheck-3.0/autologout.sh +=================================================================== +--- seccheck-3.0.orig/autologout.sh ++++ seccheck-3.0/autologout.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # # Small shellscript by Alexander Bergmann <[email protected]> which checks # for idle user terminals and kills them where applicable. Parameters can be -diff -Ndur seccheck-3.0/helper.inc seccheck-3.0-fix-bashisms/helper.inc ---- seccheck-3.0/helper.inc 2014-08-25 12:36:55.000000000 +0300 -+++ seccheck-3.0-fix-bashisms/helper.inc 2014-11-16 01:22:19.370263995 +0200 +Index: seccheck-3.0/helper.inc +=================================================================== +--- seccheck-3.0.orig/helper.inc ++++ seccheck-3.0/helper.inc @@ -2,22 +2,22 @@ # functions used by all modules # @@ -37,7 +39,7 @@ test -z "$MAILER" && test -x "/usr/sbin/sendmail" && MAILER="/usr/sbin/sendmail" test -z "$MAILER" && test -x "/usr/bin/mailx" && MAILER="/usr/bin/mailx" test -z "$MAILER" && test -x "/usr/lib/sendmail" && MAILER="/usr/lib/sendmail" -@@ -26,7 +26,7 @@ +@@ -26,7 +26,7 @@ function set_mailer () { } # create necessary directories @@ -46,12 +48,12 @@ if [ ! -d "$SEC_VAR" ]; then rm -rf "$SEC_VAR" -@@ -43,14 +43,14 @@ +@@ -43,14 +43,14 @@ function create_secdir () { # param a username # template engine to substitute a variable in a text and prepare it # to be sent per email -function guessable_password_email { -+guessable_password_email { ++guessable_password_email () { ret_tmpl=`sed "s/{guessable_account}/$1/" blurbs/guessable_passwd.txt` echo $ret_tmpl } @@ -63,7 +65,7 @@ for i in "rpm-md5" "sbit" "write" "devices" "write-bin"; do if [ ! -e "$1/$i" ] ; then touch "$1/$i" -@@ -61,7 +61,7 @@ +@@ -61,7 +61,7 @@ function initialize_secfiles () { # daily changes per email # params # OLD1, OUT1 @@ -72,7 +74,7 @@ local old1=$1 local out1=$2 -@@ -84,13 +84,14 @@ +@@ -88,13 +88,14 @@ EOF # use john the ripper to check guessable passwords # if you pass "quick" as argument it will simple try to find easy # guessable passwords. otherwise it will use a dictionary @@ -90,7 +92,7 @@ unshadow /etc/passwd /etc/shadow > $SEC_PASSWD if [ "$1" != "quick" ]; then nice -n 1 john -single "$SEC_PASSWD" 1> /dev/null 2>&1 -@@ -115,7 +116,7 @@ +@@ -119,7 +120,7 @@ function check_guessable_passwords () { # param mount points @@ -99,7 +101,7 @@ mnt_point=$1 local output_file=`mktemp -t new_devices.XXXX` # TEMPDIR is set but not exported.. does it work? # warning: bug #51004 ls output depends on root's locale and may be less -@@ -131,7 +132,7 @@ +@@ -135,7 +136,7 @@ function check_new_devices () { } # check md5sum from files @@ -108,7 +110,7 @@ local output_file=`mktemp -t md5.XXXX` # TEMPDIR is set but not exported.. does it work? nice -n 1 rpm -Va 2> /dev/null | grep '^5' > "$SEC_DATA/rpm-md5.new" diff -uw "$SEC_DATA/rpm-md5" "$SEC_DATA/rpm-md5.new" | \ -@@ -144,7 +145,7 @@ +@@ -148,7 +149,7 @@ function check_md5 () { rm -f "$output_file" } @@ -117,7 +119,7 @@ if [ -x /usr/bin/lsof ]; then printf "\nThe following programs have got bound sockets:\n" /usr/bin/lsof -i -n -P | egrep 'UDP|TCP.*LISTEN' | sed 's/....[0-9]u IP.* / /' | -@@ -155,7 +156,7 @@ +@@ -159,7 +160,7 @@ function display_programs_with_bound_soc } @@ -126,7 +128,7 @@ local output_file=`mktemp -t mounted_with_missing_nosuid.XXXX` # TEMPDIR is set but not exported.. does it work? /bin/mount | /usr/bin/grep -v nosuid | /usr/bin/grep ' nfs ' |sort > $output_file if [ -s "$output_file" ] ; then -@@ -165,7 +166,7 @@ +@@ -169,7 +170,7 @@ function nfs_mounted_with_missing_nosuid rm -f "$output_file" } @@ -135,7 +137,7 @@ local output_file=`mktemp -t loaded_kernel_modules.XXXX` # TEMPDIR is set but not exported.. does it work? test -e /proc/modules && { lsmod 2> /dev/null | grep -v '^Module .* Used by$' | awk '{print$1}' | sort > $output_file -@@ -178,7 +179,7 @@ +@@ -182,7 +183,7 @@ function list_loaded_kernel_modules () { } @@ -144,10 +146,11 @@ local output_file=`mktemp -t globally_exported_fs.XXXX` # TEMPDIR is set but not exported.. does it work? -diff -Ndur seccheck-3.0/security-control.sh seccheck-3.0-fix-bashisms/security-control.sh ---- seccheck-3.0/security-control.sh 2014-08-25 12:36:55.000000000 +0300 -+++ seccheck-3.0-fix-bashisms/security-control.sh 2014-11-16 01:17:02.138285456 +0200 -@@ -9,7 +9,7 @@ +Index: seccheck-3.0/security-control.sh +=================================================================== +--- seccheck-3.0.orig/security-control.sh ++++ seccheck-3.0/security-control.sh +@@ -9,7 +9,7 @@ VERSION="v3.0" MY_DIR=$(dirname $(readlink -f $0)) . $MY_DIR/basic.inc @@ -156,9 +159,10 @@ run_sysconfig_seccheck -diff -Ndur seccheck-3.0/security_daily_helper.inc seccheck-3.0-fix-bashisms/security_daily_helper.inc ---- seccheck-3.0/security_daily_helper.inc 2014-08-25 12:36:55.000000000 +0300 -+++ seccheck-3.0-fix-bashisms/security_daily_helper.inc 2014-11-16 01:24:33.903254894 +0200 +Index: seccheck-3.0/security_daily_helper.inc +=================================================================== +--- seccheck-3.0.orig/security_daily_helper.inc ++++ seccheck-3.0/security_daily_helper.inc @@ -1,5 +1,5 @@ # tests specific for security-daily.sh -function check_mailboxes_owned_by_user_and_unreadable () { @@ -166,7 +170,7 @@ local output_file=`mktemp -t globally_exported_fs.XXXX` # TEMPDIR is set but not exported.. does it work? ls -cl /var/spool/mail | sed 1d | \ awk '$3 != $9 \ -@@ -16,12 +16,12 @@ +@@ -16,12 +16,12 @@ function check_mailboxes_owned_by_user_a # params # $1 the sysctl param # $2 the returned value expected @@ -181,7 +185,7 @@ if [ ! -e "$SEC_DATA/sysctl" ]; then /usr/sbin/sysctl -a > "$SEC_DATA/sysctl" -@@ -33,7 +33,7 @@ +@@ -33,7 +33,7 @@ function check_specifics_sysctl () { check_specifics_sysctl_helper "net.ipv4.conf.all.rp_filter" 1 || printf "\nnet.ipv4.conf.all.rp_filter\n is disabled" } @@ -190,7 +194,7 @@ local output_file=`mktemp -t check_systemd_services.XXXX` # TEMPDIR is set but not exported.. does it work? /usr/bin/systemctl list-unit-files --type=service > "$SEC_DATA/systemd_services.new" diff -uw "$SEC_DATA/systemd_services" "$SEC_DATA/systemd_services.new" |egrep -v '^\+\+\+ |^--- |^$|^@@' | sed 's/^[+-]/& /' > "$output_file" -@@ -45,7 +45,7 @@ +@@ -45,14 +45,14 @@ function check_systemd_services() { rm -f "$output_file" } @@ -198,17 +202,16 @@ +check_sysctl () { local output_file=`mktemp -t check_sysctl.XXXX` # TEMPDIR is set but not exported.. does it work? /usr/sbin/sysctl -a > "$SEC_DATA/sysctl.new" - diff -uw "$SEC_DATA/sysctl" "$SEC_DATA/sysctl.new" |egrep -v '^\+\+\+ |^--- |^$|^@@' | sed 's/^[+-]/& /' > "$output_file" -@@ -57,7 +57,7 @@ - rm -f "$output_file" + cat "$SEC_DATA/sysctl.new" + mv "$SEC_DATA/sysctl.new" "$SEC_DATA/sysctl" } -function check_xinetd_services () { +check_xinetd_services () { local output_file=`mktemp -t check_xinetd_services.XXXX` # TEMPDIR is set but not exported.. does it work? - /sbin/chkconfig --list | awk '/xinetd based services/,/""/' | grep -v off > "$SEC_DATA/xinetd.new" + /sbin/chkconfig --list 2> /dev/null | awk '/xinetd based services/,/""/' | grep -v off > "$SEC_DATA/xinetd.new" diff -uw "$SEC_DATA/xinetd" "$SEC_DATA/xinetd.new" |egrep -v '^\+\+\+ |^--- |^$|^@@' | sed 's/^[+-]/& /' > "$output_file" -@@ -69,13 +69,13 @@ +@@ -64,13 +64,13 @@ function check_xinetd_services () { rm -f "$output_file" } @@ -224,7 +227,7 @@ if test `cat /proc/sys/kernel/kptr_restrict` -ne 1; then printf "/proc/sys/kernel/kptr_restrict should be 1.\n" fi -@@ -87,7 +87,7 @@ +@@ -82,7 +82,7 @@ function check_leak_kernel_internal_addr } # promisc check to catch all cases even from other hosts if @@ -233,7 +236,7 @@ # new promisc check # rewrite of promisc check to catch all cases even from other hosts if # script runs on a central syslog host. Thomas Biege <[email protected]> -@@ -122,7 +122,7 @@ +@@ -117,7 +117,7 @@ function check_promisc () { } # .rhosts check @@ -242,7 +245,7 @@ local output_file=`mktemp -t check_rhosts.XXXX` # TEMPDIR is set but not exported.. does it work? awk -F: '{ print $1 " " $6 }' /etc/passwd | while read uid homedir; do -@@ -146,7 +146,7 @@ +@@ -141,7 +141,7 @@ function check_rhosts () { } # executables should not be in the /etc/aliases file. @@ -251,7 +254,7 @@ if [ -s /etc/aliases ]; then local output_file=`mktemp -t no_exec_in_etcaliases.XXXX` # TEMPDIR is set but not exported.. does it work? grep -v '^#' /etc/aliases | grep '|' > $output_file -@@ -161,7 +161,7 @@ +@@ -156,7 +156,7 @@ function no_exec_in_etcaliases () { } # it doesnt save it to a file like the others.. why? @@ -260,7 +263,7 @@ local output_file=`mktemp -t check_no_plus.XXXX` # TEMPDIR is set but not exported.. does it work? list="/etc/hosts.equiv /etc/shosts.equiv /etc/hosts.lpd" for f in $list ; do -@@ -177,7 +177,7 @@ +@@ -172,7 +172,7 @@ function check_no_plus () { } # Check home directories. Directories should not be owned by someone else @@ -269,7 +272,7 @@ local output_file=`mktemp -t home_directories_owners.XXXX` # TEMPDIR is set but not exported.. does it work? awk -F: '/^[^+-]/ { print $1 " " $6 }' /etc/passwd | \ while read uid homedir; do -@@ -200,7 +200,7 @@ +@@ -195,7 +195,7 @@ function check_home_directories_owners ( } # Files that should not be owned by someone else or writeable. @@ -278,7 +281,7 @@ output_file=`mktemp -t specia_files_owner.XXXX` # TEMPDIR is set but not exported.. does it work? list=".bashrc .bash_profile .bash_login .bash_logout .cshrc .emacs .exrc \ .forward .klogin .login .logout .profile .tcshrc .fvwmrc .inputrc .kshrc \ -@@ -230,7 +230,7 @@ +@@ -225,7 +225,7 @@ function check_special_files_owner () { } # checking root's login scrips for secure path and umask @@ -287,9 +290,10 @@ local output_file=`mktemp -t check_root_login_scripts.0.XXXX` # TEMPDIR is set but not exported.. does it work? local tmp_file1=`mktemp -t check_root_login_scripts.1.XXXX` # TEMPDIR is set but not exported.. does it work? local tmp_file2=`mktemp -t check_root_login_scripts.2.XXXX` # TEMPDIR is set but not exported.. does it work? -diff -Ndur seccheck-3.0/security-daily.sh seccheck-3.0-fix-bashisms/security-daily.sh ---- seccheck-3.0/security-daily.sh 2014-08-25 12:36:55.000000000 +0300 -+++ seccheck-3.0-fix-bashisms/security-daily.sh 2014-11-16 01:17:23.275284026 +0200 +Index: seccheck-3.0/security-daily.sh +=================================================================== +--- seccheck-3.0.orig/security-daily.sh ++++ seccheck-3.0/security-daily.sh @@ -12,9 +12,9 @@ MY_DIR=$(dirname $(readlink -f $0)) . $MY_DIR/basic.inc @@ -303,9 +307,10 @@ set_tmpdir "security-daily.sh" -diff -Ndur seccheck-3.0/security-monthly.sh seccheck-3.0-fix-bashisms/security-monthly.sh ---- seccheck-3.0/security-monthly.sh 2014-08-25 12:36:55.000000000 +0300 -+++ seccheck-3.0-fix-bashisms/security-monthly.sh 2014-11-16 01:19:27.850275598 +0200 +Index: seccheck-3.0/security-monthly.sh +=================================================================== +--- seccheck-3.0.orig/security-monthly.sh ++++ seccheck-3.0/security-monthly.sh @@ -8,7 +8,7 @@ MY_DIR=$(dirname $(readlink -f $0)) . $MY_DIR/basic.inc @@ -315,7 +320,7 @@ run_sysconfig_seccheck -@@ -35,28 +35,36 @@ +@@ -35,28 +35,36 @@ fi # fi #done @@ -359,9 +364,10 @@ cat "$SEC_DATA/devices" exit 0 -diff -Ndur seccheck-3.0/security_weekly_helper.inc seccheck-3.0-fix-bashisms/security_weekly_helper.inc ---- seccheck-3.0/security_weekly_helper.inc 2014-08-25 12:36:55.000000000 +0300 -+++ seccheck-3.0-fix-bashisms/security_weekly_helper.inc 2014-11-16 01:22:55.737261535 +0200 +Index: seccheck-3.0/security_weekly_helper.inc +=================================================================== +--- seccheck-3.0.orig/security_weekly_helper.inc ++++ seccheck-3.0/security_weekly_helper.inc @@ -1,5 +1,5 @@ # param mount points -function check_suid_sgid () { @@ -369,7 +375,7 @@ mnt_point=$1 local output_file=`mktemp -t suid_sgid.XXXX` # TEMPDIR is set but not exported.. does it work? ( nice -n 1 find $mnt_point -mount \( -perm -04000 -o -perm -02000 \) -type f | sort | \ -@@ -14,7 +14,7 @@ +@@ -14,7 +14,7 @@ function check_suid_sgid () { } # param mount points @@ -378,7 +384,7 @@ mnt_point=$1 local output_file=`mktemp -t writable_executable.XXXX` # TEMPDIR is set but not exported.. does it work? ( nice -n 1 find $mnt_point -mount \( -perm -30 -o -perm -3 \) -type f | sort | \ -@@ -30,7 +30,7 @@ +@@ -30,7 +30,7 @@ function check_writable_executable () { } # param mount points @@ -387,7 +393,7 @@ mnt_point=$1 local output_file=`mktemp -t world_writable.XXXX` # TEMPDIR is set but not exported.. does it work? ( nice -n 1 find $mnt_point -mount -perm -2 \( -type f -o -type d \) -not -perm -01000 | sort > "$SEC_DATA/write.new" ) 2> /dev/null -@@ -46,7 +46,7 @@ +@@ -46,7 +46,7 @@ function check_world_writable () { # params # $1 = directory for checkneverlogin @@ -396,9 +402,10 @@ bin_path=$1 # local output_file=`mktemp -t neverlogin.XXXX` # TEMPDIR is set but not exported.. does it work? -diff -Ndur seccheck-3.0/security-weekly.sh seccheck-3.0-fix-bashisms/security-weekly.sh ---- seccheck-3.0/security-weekly.sh 2014-08-25 12:36:55.000000000 +0300 -+++ seccheck-3.0-fix-bashisms/security-weekly.sh 2014-11-16 01:20:03.815273165 +0200 +Index: seccheck-3.0/security-weekly.sh +=================================================================== +--- seccheck-3.0.orig/security-weekly.sh ++++ seccheck-3.0/security-weekly.sh @@ -15,9 +15,9 @@ MY_DIR=$(dirname $(readlink -f $0)) . $MY_DIR/basic.inc @@ -412,9 +419,10 @@ -diff -Ndur seccheck-3.0/user_group_password_helper.inc seccheck-3.0-fix-bashisms/user_group_password_helper.inc ---- seccheck-3.0/user_group_password_helper.inc 2014-08-25 12:36:55.000000000 +0300 -+++ seccheck-3.0-fix-bashisms/user_group_password_helper.inc 2014-11-16 01:23:43.687258291 +0200 +Index: seccheck-3.0/user_group_password_helper.inc +=================================================================== +--- seccheck-3.0.orig/user_group_password_helper.inc ++++ seccheck-3.0/user_group_password_helper.inc @@ -1,6 +1,6 @@ # user,group and password related functions @@ -423,7 +431,7 @@ local output_file=`mktemp -t check_passwd.XXXX` # TEMPDIR is set but not exported.. does it work? # /etc/passwd check -@@ -50,7 +50,8 @@ +@@ -50,7 +50,8 @@ function check_passwd () { awk -F: '{ print $1 " " $3 }' $PW | sort -n -k2 | tee $TMP1 | uniq -d -f 1 | awk '{ print $2 }' > $TMP2 if [ -s "$TMP2" ] ; then @@ -433,7 +441,7 @@ while read uid; do grep -w $uid\$ $TMP1 done < $TMP2 | column -@@ -59,7 +60,7 @@ +@@ -59,7 +60,7 @@ function check_passwd () { rm -f "$output_file" } @@ -442,7 +450,7 @@ local output_file=`mktemp -t check_passwd.XXXX` # TEMPDIR is set but not exported.. does it work? PW="/etc/shadow" awk -F: '{ -@@ -96,7 +97,7 @@ +@@ -96,7 +97,7 @@ function check_shadow () { rm -f "$output_file" } @@ -451,7 +459,7 @@ local output_file=`mktemp -t check_group.XXXX` # TEMPDIR is set but not exported.. does it work? GRP=/etc/group awk -F: '{ -@@ -129,7 +130,7 @@ +@@ -129,7 +130,7 @@ function check_group () { rm -f "$output_file" } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
