From b663f5c1fefcd902bdeaf686af376b68a889349c Mon Sep 17 00:00:00 2001 From: pyllyukko Date: Sat, 15 Oct 2011 07:35:41 -0500 Subject: [PATCH] system/tiger: Added (Report system security vulnerabilities) Signed-off-by: Erik Hanson --- system/tiger/README | 20 +++ system/tiger/config/tiger.cron | 6 + system/tiger/config/tiger.default | 6 + system/tiger/config/tiger.ignore | 31 ++++ system/tiger/doinst.sh | 18 +++ .../tiger/patches/tiger-3.2.3-build-fix.diff | 18 +++ system/tiger/slack-desc | 19 +++ system/tiger/tiger.SlackBuild | 143 ++++++++++++++++++ system/tiger/tiger.info | 10 ++ 9 files changed, 271 insertions(+) create mode 100644 system/tiger/README create mode 100644 system/tiger/config/tiger.cron create mode 100644 system/tiger/config/tiger.default create mode 100644 system/tiger/config/tiger.ignore create mode 100644 system/tiger/doinst.sh create mode 100644 system/tiger/patches/tiger-3.2.3-build-fix.diff create mode 100644 system/tiger/slack-desc create mode 100644 system/tiger/tiger.SlackBuild create mode 100644 system/tiger/tiger.info diff --git a/system/tiger/README b/system/tiger/README new file mode 100644 index 0000000000..85bd0c4df4 --- /dev/null +++ b/system/tiger/README @@ -0,0 +1,20 @@ +TIGER, or the 'tiger' scripts, is a set of Bourne shell scripts, +C programs and data files which are used to perform a security audit +of UNIX systems. It is designed to hopefully be easy to use, easy to +understand and easy to enhance. + +'tiger' incorporates checks primarily oriented towards Linux integrity +including: md5sums checks installed files, (and it can call AIDE or +Intergrit aswell), analysis of local listening processes, and then some. + +Tiger uses 'chkrootkit' for rootkit scanning if it's present. + +This SlackBuild will also verify the package's PGP signature +if the following conditions are met: + + - You have GnuPG installed + - You have the appropriate public PGP key (0xDC814B09) + in your trustedkeys.gpg keyring + (available at http://savannah.nongnu.org/people/viewgpg.php?user_id=7475) + - You have downloaded the sig file from + http://download.savannah.gnu.org/releases/tiger/tiger-${VERSION}.tar.gz.sig diff --git a/system/tiger/config/tiger.cron b/system/tiger/config/tiger.cron new file mode 100644 index 0000000000..33c55e6f71 --- /dev/null +++ b/system/tiger/config/tiger.cron @@ -0,0 +1,6 @@ +# +# Regular cron jobs for the tiger package +# +# modified to work with Slackware and Dillon's Cron by pyllyukko +# +0 * * * * /bin/test -x /usr/sbin/tigercron && { DEFAULT=/etc/default/tiger ; [ -r "$DEFAULT" ] && . "$DEFAULT" || NICETIGER=10 ; /bin/nice -n$NICETIGER /usr/sbin/tigercron -q ; } diff --git a/system/tiger/config/tiger.default b/system/tiger/config/tiger.default new file mode 100644 index 0000000000..58ec0e09e3 --- /dev/null +++ b/system/tiger/config/tiger.default @@ -0,0 +1,6 @@ +# +# Default settings for /etc/cron.d/tiger +# + +# Nice level to use for Tiger when running through cron +NICETIGER=10 diff --git a/system/tiger/config/tiger.ignore b/system/tiger/config/tiger.ignore new file mode 100644 index 0000000000..1f7906789e --- /dev/null +++ b/system/tiger/config/tiger.ignore @@ -0,0 +1,31 @@ +Login ID nobody is disabled, but still has a valid shell \(/bin/sh\) +Login ID mail's home directory \(/var/mail\) has group `mail' write access. +Login ID \w+'s parent directory \(/home\) has group `staff' write access. +Log file /var/log/wtmp permission should be 644 +Log file /var/log/btmp does not exist +Log file /var/run/utmp permission should be 644 +Log file /var/log/loginlog does not exist +Log file /var/log/messages permission should be 640 +The owner of /var/log/wtmp should be root (owned by utmp). +/var/log/wtmp should not have group write. +The owner of /var/run/utmp should be root (owned by utmp). +/var/run/utmp should not have group write. +/var/log/XFree86.0.log should not have world read. +/etc/fstab should not have group read. +/etc/fstab should not have world read. +/etc/inetd.conf should not have group read. +/etc/inetd.conf should not have world read. +/etc/pam.d/sudo should not have world read. +The directory /dev/ataraid resides in a device directory. +The directory /dev/cciss resides in a device directory. +The directory /dev/fd resides in a device directory. +The directory /dev/input resides in a device directory. +The directory /dev/pts resides in a device directory. +The directory /dev/rd resides in a device directory. +The directory /dev/usb resides in a device directory. +The directory /dev/ida resides in a device directory. +/dev/null has world permissions +/dev/ptmx has world permissions +/dev/gpmctl has world permissions +/dev/gpmdata has world permissions +File ".fetchmail-UIDL-cache" in the mail spool, owned by "fetchmail". diff --git a/system/tiger/doinst.sh b/system/tiger/doinst.sh new file mode 100644 index 0000000000..f98853d683 --- /dev/null +++ b/system/tiger/doinst.sh @@ -0,0 +1,18 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +config etc/tiger/cronrc.new +config etc/tiger/tigerrc.new +config etc/tiger/tiger.ignore.new +config etc/cron.d/tiger.new +config etc/default/tiger.new diff --git a/system/tiger/patches/tiger-3.2.3-build-fix.diff b/system/tiger/patches/tiger-3.2.3-build-fix.diff new file mode 100644 index 0000000000..28b6985360 --- /dev/null +++ b/system/tiger/patches/tiger-3.2.3-build-fix.diff @@ -0,0 +1,18 @@ +diff -ur tiger-3.2.3/util/genmsgidx tiger-3.2.3.new/util/genmsgidx +--- tiger-3.2.3/util/genmsgidx 2008-11-27 23:34:21.000000000 +0100 ++++ tiger-3.2.3.new/util/genmsgidx 2010-09-01 12:43:22.000000000 +0200 +@@ -96,10 +96,10 @@ + haveallof variables BASEDIR || exit 1 + + # Clear idx file and detect error +-> $BASEDIR/doc/explain.idx && { +- echo "Error: Cannot write over the index file $BASEDIR/doc/explain.idx. Aborting" +- exit 1 +-} ++#> $BASEDIR/doc/explain.idx && { ++# echo "Error: Cannot write over the index file $BASEDIR/doc/explain.idx. Aborting" ++# exit 1 ++#} + + $LS $BASEDIR/doc/*.txt | + while read infile diff --git a/system/tiger/slack-desc b/system/tiger/slack-desc new file mode 100644 index 0000000000..e1c51f7e84 --- /dev/null +++ b/system/tiger/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +tiger: tiger (Report system security vulnerabilities) +tiger: +tiger: TIGER, or the 'tiger' scripts, is a set of Bourne shell scripts, +tiger: C programs and data files which are used to perform a security +tiger: audit of UNIX systems. TIGER has one primary goal: report ways +tiger: 'root' can be compromised. +tiger: +tiger: Originally developed by the A&M campus of the Texas University. +tiger: Currently it is maintained by: Javier Fernandez-Sanguino +tiger: +tiger: diff --git a/system/tiger/tiger.SlackBuild b/system/tiger/tiger.SlackBuild new file mode 100644 index 0000000000..a5db73dcbe --- /dev/null +++ b/system/tiger/tiger.SlackBuild @@ -0,0 +1,143 @@ +#!/bin/sh + +# Slackware build script for Tiger + +# Written by Menno Duursma +# currently maintained by pyllyukko + +# This program is free software. It comes without any warranty. +# Granted WTFPL, Version 2, as published by Sam Hocevar. See +# http://sam.zoy.org/wtfpl/COPYING for more details. + +PRGNAM=tiger +VERSION=${VERSION:-3.2.3} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e # Exit on most errors + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION + +# The package can be verified with Javier Fernández-Sanguino's PGP key (0xDC814B09) +# If we have GnuPG installed, we try to verify the signature. +if [ -x "/usr/bin/gpg" -a -x "/usr/bin/gpgv" ] +then + set +e + # This will check if we have the correct key in our keyring. + # For the trustedkeys.gpg, see "man 1 gpgv". + /usr/bin/gpg --keyring trustedkeys.gpg --no-default-keyring --list-keys 0xDC814B09 &>/dev/null + GPG_RET=${?} + # 2 means we don't have his key, 0 means we do. + set -e + # If we have the key and the signature file, we verify the package with GPG + if [ ${GPG_RET} -eq 0 -a \ + -f "${CWD}/${PRGNAM}-${VERSION}.tar.gz.sig" ] + then + /usr/bin/gpgv "${CWD}/${PRGNAM}-${VERSION}.tar.gz.sig" + fi +fi + +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +# The build errs on this +# see http://cvs.savannah.gnu.org/viewvc/tiger/tiger/util/genmsgidx?r1=1.6&r2=1.7 +patch --verbose -p1 < $CWD/patches/tiger-3.2.3-build-fix.diff + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" +export CFLAGS CXXFLAGS +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --mandir=/usr/man \ + --with-tigerhome=/usr/libexec/tiger \ + --with-tigerbin=/usr/sbin \ + --with-tigerconfig=/etc/tiger \ + --with-tigerwork=/var/lib/tiger/work \ + --with-tigerlog=/var/log/tiger + +make +make -j1 install DESTDIR=$PKG + +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +install -D -m 0644 $CWD/config/tiger.cron $PKG/etc/cron.d/tiger.new +install -D -m 0640 $CWD/config/tiger.ignore $PKG/etc/tiger/tiger.ignore.new +install -D -m 0640 $CWD/config/tiger.default $PKG/etc/default/tiger.new + +# From the .spec: 3.- This should be done by the Makefile, grumble... +install -D -m 0644 version.h $PKG/usr/lib/tiger/version.h + +# Remove unnecesary stuff +( cd $PKG + for system in AIX HPUX IRIX NeXT SunOS UNICOS UNICOSMK Tru64 MacOSX ; do + rm -rf ./usr/libexec/tiger/systems/$system + done + find . -type d -name CVS | xargs -iX rm -rf "X" +) + +( cd $PKG/etc/tiger + mv -v cronrc cronrc.new + mv -v tigerrc tigerrc.new +) + +find $PKG/usr/man -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a [A-Z][A-Z]* site-* tigerrc* \ + $PKG/usr/doc/$PRGNAM-$VERSION +cp -a other/cert-usc20.txt contrib/fix_tiger_GROUPS.sh audit \ + $PKG/usr/doc/$PRGNAM-$VERSION + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION/html +cp $PKG/usr/libexec/tiger/html/*.html $PKG/usr/doc/$PRGNAM-$VERSION/html + +# Delete the redundant stuff +rm -rf $PKG/usr/libexec/tiger/html +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/system/tiger/tiger.info b/system/tiger/tiger.info new file mode 100644 index 0000000000..1606734ff7 --- /dev/null +++ b/system/tiger/tiger.info @@ -0,0 +1,10 @@ +PRGNAM="tiger" +VERSION="3.2.3" +HOMEPAGE="http://www.nongnu.org/tiger" +DOWNLOAD="http://download.savannah.nongnu.org/releases/tiger/tiger-3.2.3.tar.gz http://download.savannah.gnu.org/releases/tiger/tiger-3.2.3.tar.gz.sig" +MD5SUM="f41076f645da9de937819bf6d516e546 fee7fd065e57a3a763d3a99f7ebf7b02" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +MAINTAINER="pyllyukko" +EMAIL="pyllyukko AT maimed dot org" +APPROVED="Erik Hanson"