mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-24 10:02:29 +01:00
system/tiger: Added (Report system security vulnerabilities)
Signed-off-by: Erik Hanson <erik@slackbuilds.org>
This commit is contained in:
parent
ad91753311
commit
b663f5c1fe
9 changed files with 271 additions and 0 deletions
20
system/tiger/README
Normal file
20
system/tiger/README
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
TIGER, or the 'tiger' scripts, is a set of Bourne shell scripts,
|
||||||
|
C programs and data files which are used to perform a security audit
|
||||||
|
of UNIX systems. It is designed to hopefully be easy to use, easy to
|
||||||
|
understand and easy to enhance.
|
||||||
|
|
||||||
|
'tiger' incorporates checks primarily oriented towards Linux integrity
|
||||||
|
including: md5sums checks installed files, (and it can call AIDE or
|
||||||
|
Intergrit aswell), analysis of local listening processes, and then some.
|
||||||
|
|
||||||
|
Tiger uses 'chkrootkit' for rootkit scanning if it's present.
|
||||||
|
|
||||||
|
This SlackBuild will also verify the package's PGP signature
|
||||||
|
if the following conditions are met:
|
||||||
|
|
||||||
|
- You have GnuPG installed
|
||||||
|
- You have the appropriate public PGP key (0xDC814B09)
|
||||||
|
in your trustedkeys.gpg keyring
|
||||||
|
(available at http://savannah.nongnu.org/people/viewgpg.php?user_id=7475)
|
||||||
|
- You have downloaded the sig file from
|
||||||
|
http://download.savannah.gnu.org/releases/tiger/tiger-${VERSION}.tar.gz.sig
|
6
system/tiger/config/tiger.cron
Normal file
6
system/tiger/config/tiger.cron
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
#
|
||||||
|
# Regular cron jobs for the tiger package
|
||||||
|
#
|
||||||
|
# modified to work with Slackware and Dillon's Cron by pyllyukko
|
||||||
|
#
|
||||||
|
0 * * * * /bin/test -x /usr/sbin/tigercron && { DEFAULT=/etc/default/tiger ; [ -r "$DEFAULT" ] && . "$DEFAULT" || NICETIGER=10 ; /bin/nice -n$NICETIGER /usr/sbin/tigercron -q ; }
|
6
system/tiger/config/tiger.default
Normal file
6
system/tiger/config/tiger.default
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
#
|
||||||
|
# Default settings for /etc/cron.d/tiger
|
||||||
|
#
|
||||||
|
|
||||||
|
# Nice level to use for Tiger when running through cron
|
||||||
|
NICETIGER=10
|
31
system/tiger/config/tiger.ignore
Normal file
31
system/tiger/config/tiger.ignore
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
Login ID nobody is disabled, but still has a valid shell \(/bin/sh\)
|
||||||
|
Login ID mail's home directory \(/var/mail\) has group `mail' write access.
|
||||||
|
Login ID \w+'s parent directory \(/home\) has group `staff' write access.
|
||||||
|
Log file /var/log/wtmp permission should be 644
|
||||||
|
Log file /var/log/btmp does not exist
|
||||||
|
Log file /var/run/utmp permission should be 644
|
||||||
|
Log file /var/log/loginlog does not exist
|
||||||
|
Log file /var/log/messages permission should be 640
|
||||||
|
The owner of /var/log/wtmp should be root (owned by utmp).
|
||||||
|
/var/log/wtmp should not have group write.
|
||||||
|
The owner of /var/run/utmp should be root (owned by utmp).
|
||||||
|
/var/run/utmp should not have group write.
|
||||||
|
/var/log/XFree86.0.log should not have world read.
|
||||||
|
/etc/fstab should not have group read.
|
||||||
|
/etc/fstab should not have world read.
|
||||||
|
/etc/inetd.conf should not have group read.
|
||||||
|
/etc/inetd.conf should not have world read.
|
||||||
|
/etc/pam.d/sudo should not have world read.
|
||||||
|
The directory /dev/ataraid resides in a device directory.
|
||||||
|
The directory /dev/cciss resides in a device directory.
|
||||||
|
The directory /dev/fd resides in a device directory.
|
||||||
|
The directory /dev/input resides in a device directory.
|
||||||
|
The directory /dev/pts resides in a device directory.
|
||||||
|
The directory /dev/rd resides in a device directory.
|
||||||
|
The directory /dev/usb resides in a device directory.
|
||||||
|
The directory /dev/ida resides in a device directory.
|
||||||
|
/dev/null has world permissions
|
||||||
|
/dev/ptmx has world permissions
|
||||||
|
/dev/gpmctl has world permissions
|
||||||
|
/dev/gpmdata has world permissions
|
||||||
|
File ".fetchmail-UIDL-cache" in the mail spool, owned by "fetchmail".
|
18
system/tiger/doinst.sh
Normal file
18
system/tiger/doinst.sh
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
config() {
|
||||||
|
NEW="$1"
|
||||||
|
OLD="$(dirname $NEW)/$(basename $NEW .new)"
|
||||||
|
# If there's no config file by that name, mv it over:
|
||||||
|
if [ ! -r $OLD ]; then
|
||||||
|
mv $NEW $OLD
|
||||||
|
elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
|
||||||
|
# toss the redundant copy
|
||||||
|
rm $NEW
|
||||||
|
fi
|
||||||
|
# Otherwise, we leave the .new copy for the admin to consider...
|
||||||
|
}
|
||||||
|
|
||||||
|
config etc/tiger/cronrc.new
|
||||||
|
config etc/tiger/tigerrc.new
|
||||||
|
config etc/tiger/tiger.ignore.new
|
||||||
|
config etc/cron.d/tiger.new
|
||||||
|
config etc/default/tiger.new
|
18
system/tiger/patches/tiger-3.2.3-build-fix.diff
Normal file
18
system/tiger/patches/tiger-3.2.3-build-fix.diff
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
diff -ur tiger-3.2.3/util/genmsgidx tiger-3.2.3.new/util/genmsgidx
|
||||||
|
--- tiger-3.2.3/util/genmsgidx 2008-11-27 23:34:21.000000000 +0100
|
||||||
|
+++ tiger-3.2.3.new/util/genmsgidx 2010-09-01 12:43:22.000000000 +0200
|
||||||
|
@@ -96,10 +96,10 @@
|
||||||
|
haveallof variables BASEDIR || exit 1
|
||||||
|
|
||||||
|
# Clear idx file and detect error
|
||||||
|
-> $BASEDIR/doc/explain.idx && {
|
||||||
|
- echo "Error: Cannot write over the index file $BASEDIR/doc/explain.idx. Aborting"
|
||||||
|
- exit 1
|
||||||
|
-}
|
||||||
|
+#> $BASEDIR/doc/explain.idx && {
|
||||||
|
+# echo "Error: Cannot write over the index file $BASEDIR/doc/explain.idx. Aborting"
|
||||||
|
+# exit 1
|
||||||
|
+#}
|
||||||
|
|
||||||
|
$LS $BASEDIR/doc/*.txt |
|
||||||
|
while read infile
|
19
system/tiger/slack-desc
Normal file
19
system/tiger/slack-desc
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
# HOW TO EDIT THIS FILE:
|
||||||
|
# The "handy ruler" below makes it easier to edit a package description. Line
|
||||||
|
# up the first '|' above the ':' following the base package name, and the '|'
|
||||||
|
# on the right side marks the last column you can put a character in. You must
|
||||||
|
# make exactly 11 lines for the formatting to be correct. It's also
|
||||||
|
# customary to leave one space after the ':'.
|
||||||
|
|
||||||
|
|-----handy-ruler------------------------------------------------------|
|
||||||
|
tiger: tiger (Report system security vulnerabilities)
|
||||||
|
tiger:
|
||||||
|
tiger: TIGER, or the 'tiger' scripts, is a set of Bourne shell scripts,
|
||||||
|
tiger: C programs and data files which are used to perform a security
|
||||||
|
tiger: audit of UNIX systems. TIGER has one primary goal: report ways
|
||||||
|
tiger: 'root' can be compromised.
|
||||||
|
tiger:
|
||||||
|
tiger: Originally developed by the A&M campus of the Texas University.
|
||||||
|
tiger: Currently it is maintained by: Javier Fernandez-Sanguino
|
||||||
|
tiger:
|
||||||
|
tiger:
|
143
system/tiger/tiger.SlackBuild
Normal file
143
system/tiger/tiger.SlackBuild
Normal file
|
@ -0,0 +1,143 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Slackware build script for Tiger
|
||||||
|
|
||||||
|
# Written by Menno Duursma <druiloor@zonnet.nl>
|
||||||
|
# currently maintained by pyllyukko <pyllyukko AT maimed dot org>
|
||||||
|
|
||||||
|
# This program is free software. It comes without any warranty.
|
||||||
|
# Granted WTFPL, Version 2, as published by Sam Hocevar. See
|
||||||
|
# http://sam.zoy.org/wtfpl/COPYING for more details.
|
||||||
|
|
||||||
|
PRGNAM=tiger
|
||||||
|
VERSION=${VERSION:-3.2.3}
|
||||||
|
BUILD=${BUILD:-1}
|
||||||
|
TAG=${TAG:-_SBo}
|
||||||
|
|
||||||
|
if [ -z "$ARCH" ]; then
|
||||||
|
case "$( uname -m )" in
|
||||||
|
i?86) ARCH=i486 ;;
|
||||||
|
arm*) ARCH=arm ;;
|
||||||
|
*) ARCH=$( uname -m ) ;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
|
||||||
|
CWD=$(pwd)
|
||||||
|
TMP=${TMP:-/tmp/SBo}
|
||||||
|
PKG=$TMP/package-$PRGNAM
|
||||||
|
OUTPUT=${OUTPUT:-/tmp}
|
||||||
|
|
||||||
|
if [ "$ARCH" = "i486" ]; then
|
||||||
|
SLKCFLAGS="-O2 -march=i486 -mtune=i686"
|
||||||
|
LIBDIRSUFFIX=""
|
||||||
|
elif [ "$ARCH" = "i686" ]; then
|
||||||
|
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
|
||||||
|
LIBDIRSUFFIX=""
|
||||||
|
elif [ "$ARCH" = "x86_64" ]; then
|
||||||
|
SLKCFLAGS="-O2 -fPIC"
|
||||||
|
LIBDIRSUFFIX="64"
|
||||||
|
else
|
||||||
|
SLKCFLAGS="-O2"
|
||||||
|
LIBDIRSUFFIX=""
|
||||||
|
fi
|
||||||
|
|
||||||
|
set -e # Exit on most errors
|
||||||
|
|
||||||
|
rm -rf $PKG
|
||||||
|
mkdir -p $TMP $PKG $OUTPUT
|
||||||
|
cd $TMP
|
||||||
|
rm -rf $PRGNAM-$VERSION
|
||||||
|
|
||||||
|
# The package can be verified with Javier Fernández-Sanguino's PGP key (0xDC814B09)
|
||||||
|
# If we have GnuPG installed, we try to verify the signature.
|
||||||
|
if [ -x "/usr/bin/gpg" -a -x "/usr/bin/gpgv" ]
|
||||||
|
then
|
||||||
|
set +e
|
||||||
|
# This will check if we have the correct key in our keyring.
|
||||||
|
# For the trustedkeys.gpg, see "man 1 gpgv".
|
||||||
|
/usr/bin/gpg --keyring trustedkeys.gpg --no-default-keyring --list-keys 0xDC814B09 &>/dev/null
|
||||||
|
GPG_RET=${?}
|
||||||
|
# 2 means we don't have his key, 0 means we do.
|
||||||
|
set -e
|
||||||
|
# If we have the key and the signature file, we verify the package with GPG
|
||||||
|
if [ ${GPG_RET} -eq 0 -a \
|
||||||
|
-f "${CWD}/${PRGNAM}-${VERSION}.tar.gz.sig" ]
|
||||||
|
then
|
||||||
|
/usr/bin/gpgv "${CWD}/${PRGNAM}-${VERSION}.tar.gz.sig"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
|
||||||
|
cd $PRGNAM-$VERSION
|
||||||
|
chown -R root:root .
|
||||||
|
find . \
|
||||||
|
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
|
||||||
|
-exec chmod 755 {} \; -o \
|
||||||
|
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
|
||||||
|
-exec chmod 644 {} \;
|
||||||
|
|
||||||
|
# The build errs on this
|
||||||
|
# see http://cvs.savannah.gnu.org/viewvc/tiger/tiger/util/genmsgidx?r1=1.6&r2=1.7
|
||||||
|
patch --verbose -p1 < $CWD/patches/tiger-3.2.3-build-fix.diff
|
||||||
|
|
||||||
|
CFLAGS="$SLKCFLAGS" \
|
||||||
|
CXXFLAGS="$SLKCFLAGS"
|
||||||
|
export CFLAGS CXXFLAGS
|
||||||
|
./configure \
|
||||||
|
--prefix=/usr \
|
||||||
|
--libdir=/usr/lib${LIBDIRSUFFIX} \
|
||||||
|
--mandir=/usr/man \
|
||||||
|
--with-tigerhome=/usr/libexec/tiger \
|
||||||
|
--with-tigerbin=/usr/sbin \
|
||||||
|
--with-tigerconfig=/etc/tiger \
|
||||||
|
--with-tigerwork=/var/lib/tiger/work \
|
||||||
|
--with-tigerlog=/var/log/tiger
|
||||||
|
|
||||||
|
make
|
||||||
|
make -j1 install DESTDIR=$PKG
|
||||||
|
|
||||||
|
find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
|
||||||
|
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
|
||||||
|
|
||||||
|
install -D -m 0644 $CWD/config/tiger.cron $PKG/etc/cron.d/tiger.new
|
||||||
|
install -D -m 0640 $CWD/config/tiger.ignore $PKG/etc/tiger/tiger.ignore.new
|
||||||
|
install -D -m 0640 $CWD/config/tiger.default $PKG/etc/default/tiger.new
|
||||||
|
|
||||||
|
# From the .spec: 3.- This should be done by the Makefile, grumble...
|
||||||
|
install -D -m 0644 version.h $PKG/usr/lib/tiger/version.h
|
||||||
|
|
||||||
|
# Remove unnecesary stuff
|
||||||
|
( cd $PKG
|
||||||
|
for system in AIX HPUX IRIX NeXT SunOS UNICOS UNICOSMK Tru64 MacOSX ; do
|
||||||
|
rm -rf ./usr/libexec/tiger/systems/$system
|
||||||
|
done
|
||||||
|
find . -type d -name CVS | xargs -iX rm -rf "X"
|
||||||
|
)
|
||||||
|
|
||||||
|
( cd $PKG/etc/tiger
|
||||||
|
mv -v cronrc cronrc.new
|
||||||
|
mv -v tigerrc tigerrc.new
|
||||||
|
)
|
||||||
|
|
||||||
|
find $PKG/usr/man -type f -exec gzip -9 {} \;
|
||||||
|
for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
|
||||||
|
|
||||||
|
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
|
||||||
|
cp -a [A-Z][A-Z]* site-* tigerrc* \
|
||||||
|
$PKG/usr/doc/$PRGNAM-$VERSION
|
||||||
|
cp -a other/cert-usc20.txt contrib/fix_tiger_GROUPS.sh audit \
|
||||||
|
$PKG/usr/doc/$PRGNAM-$VERSION
|
||||||
|
|
||||||
|
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION/html
|
||||||
|
cp $PKG/usr/libexec/tiger/html/*.html $PKG/usr/doc/$PRGNAM-$VERSION/html
|
||||||
|
|
||||||
|
# Delete the redundant stuff
|
||||||
|
rm -rf $PKG/usr/libexec/tiger/html
|
||||||
|
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
|
||||||
|
|
||||||
|
mkdir -p $PKG/install
|
||||||
|
cat $CWD/slack-desc > $PKG/install/slack-desc
|
||||||
|
cat $CWD/doinst.sh > $PKG/install/doinst.sh
|
||||||
|
|
||||||
|
cd $PKG
|
||||||
|
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
|
10
system/tiger/tiger.info
Normal file
10
system/tiger/tiger.info
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
PRGNAM="tiger"
|
||||||
|
VERSION="3.2.3"
|
||||||
|
HOMEPAGE="http://www.nongnu.org/tiger"
|
||||||
|
DOWNLOAD="http://download.savannah.nongnu.org/releases/tiger/tiger-3.2.3.tar.gz http://download.savannah.gnu.org/releases/tiger/tiger-3.2.3.tar.gz.sig"
|
||||||
|
MD5SUM="f41076f645da9de937819bf6d516e546 fee7fd065e57a3a763d3a99f7ebf7b02"
|
||||||
|
DOWNLOAD_x86_64=""
|
||||||
|
MD5SUM_x86_64=""
|
||||||
|
MAINTAINER="pyllyukko"
|
||||||
|
EMAIL="pyllyukko AT maimed dot org"
|
||||||
|
APPROVED="Erik Hanson"
|
Loading…
Reference in a new issue