system/tiger: Added (Report system security vulnerabilities)

Signed-off-by: Erik Hanson <erik@slackbuilds.org>
2024-11-21 19:42:24 +01:00 · 2011-10-15 07:35:41 -05:00 · 2011-10-15 07:35:41 -05:00 · b663f5c1fe
commit b663f5c1fe
parent ad91753311
9 changed files with 271 additions and 0 deletions
--- a/system/tiger/README
+++ b/system/tiger/README
@ -0,0 +1,20 @@
 TIGER, or the 'tiger' scripts, is a set of Bourne shell scripts,
 C programs and data files which are used to perform a security audit
 of UNIX systems.  It is designed to hopefully be easy to use, easy to
 understand and easy to enhance.
 'tiger' incorporates checks primarily oriented towards Linux integrity
 including: md5sums checks installed files, (and it can call AIDE or
 Intergrit aswell), analysis of local listening processes, and then some.
 Tiger uses 'chkrootkit' for rootkit scanning if it's present.
 This SlackBuild will also verify the package's PGP signature
 if the following conditions are met:
    - You have GnuPG installed
    - You have the appropriate public PGP key (0xDC814B09)
      in your trustedkeys.gpg keyring
      (available at http://savannah.nongnu.org/people/viewgpg.php?user_id=7475)
    - You have downloaded the sig file from
      http://download.savannah.gnu.org/releases/tiger/tiger-${VERSION}.tar.gz.sig
--- a/system/tiger/config/tiger.cron
+++ b/system/tiger/config/tiger.cron
@ -0,0 +1,6 @@
 #
 # Regular cron jobs for the tiger package
 #
 # modified to work with Slackware and Dillon's Cron by pyllyukko
 #
 0 * * * * /bin/test -x /usr/sbin/tigercron && { DEFAULT=/etc/default/tiger ; [ -r "$DEFAULT" ] && . "$DEFAULT" || NICETIGER=10 ; /bin/nice -n$NICETIGER /usr/sbin/tigercron -q ; }
--- a/system/tiger/config/tiger.default
+++ b/system/tiger/config/tiger.default
@ -0,0 +1,6 @@
 #
 # Default settings for /etc/cron.d/tiger
 #
 # Nice level to use for Tiger when running through cron
 NICETIGER=10
--- a/system/tiger/config/tiger.ignore
+++ b/system/tiger/config/tiger.ignore
@ -0,0 +1,31 @@
 Login ID nobody is disabled, but still has a valid shell \(/bin/sh\)
 Login ID mail's home directory \(/var/mail\) has group `mail' write access.
 Login ID \w+'s parent directory \(/home\) has group `staff' write access.
 Log file /var/log/wtmp permission should be 644 
 Log file /var/log/btmp does not exist 
 Log file /var/run/utmp permission should be 644 
 Log file /var/log/loginlog does not exist 
 Log file /var/log/messages permission should be 640 
 The owner of /var/log/wtmp should be root (owned by utmp).
 /var/log/wtmp should not have group write.
 The owner of /var/run/utmp should be root (owned by utmp).
 /var/run/utmp should not have group write.
 /var/log/XFree86.0.log should not have world read.
 /etc/fstab should not have group read.
 /etc/fstab should not have world read.
 /etc/inetd.conf should not have group read.
 /etc/inetd.conf should not have world read.
 /etc/pam.d/sudo should not have world read.
 The directory /dev/ataraid resides in a device directory.
 The directory /dev/cciss resides in a device directory.
 The directory /dev/fd resides in a device directory.
 The directory /dev/input resides in a device directory.
 The directory /dev/pts resides in a device directory.
 The directory /dev/rd resides in a device directory.
 The directory /dev/usb resides in a device directory.
 The directory /dev/ida resides in a device directory.
 /dev/null has world permissions
 /dev/ptmx has world permissions
 /dev/gpmctl has world permissions
 /dev/gpmdata has world permissions
 File ".fetchmail-UIDL-cache" in the mail spool, owned by "fetchmail".
--- a/system/tiger/doinst.sh
+++ b/system/tiger/doinst.sh
@ -0,0 +1,18 @@
 config() {
  NEW="$1"
  OLD="$(dirname $NEW)/$(basename $NEW .new)"
  # If there's no config file by that name, mv it over:
  if [ ! -r $OLD ]; then
    mv $NEW $OLD
  elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
    # toss the redundant copy
    rm $NEW
  fi
  # Otherwise, we leave the .new copy for the admin to consider...
 }
 config etc/tiger/cronrc.new
 config etc/tiger/tigerrc.new
 config etc/tiger/tiger.ignore.new
 config etc/cron.d/tiger.new
 config etc/default/tiger.new
--- a/system/tiger/patches/tiger-3.2.3-build-fix.diff
+++ b/system/tiger/patches/tiger-3.2.3-build-fix.diff
@ -0,0 +1,18 @@
 diff -ur tiger-3.2.3/util/genmsgidx tiger-3.2.3.new/util/genmsgidx
 --- tiger-3.2.3/util/genmsgidx	2008-11-27 23:34:21.000000000 +0100
 +++ tiger-3.2.3.new/util/genmsgidx	2010-09-01 12:43:22.000000000 +0200
@@ -96,10 +96,10 @@
 haveallof variables BASEDIR || exit 1
 # Clear idx file and detect error
 -> $BASEDIR/doc/explain.idx && {
 -    echo "Error: Cannot write over the index file $BASEDIR/doc/explain.idx. Aborting"
 -    exit 1
 -}
 +#> $BASEDIR/doc/explain.idx && {
 +#    echo "Error: Cannot write over the index file $BASEDIR/doc/explain.idx. Aborting"
 +#    exit 1
 +#}
 $LS $BASEDIR/doc/*.txt |
 while read infile 
--- a/system/tiger/slack-desc
+++ b/system/tiger/slack-desc
@ -0,0 +1,19 @@
 # HOW TO EDIT THIS FILE:
 # The "handy ruler" below makes it easier to edit a package description.  Line
 # up the first '|' above the ':' following the base package name, and the '|'
 # on the right side marks the last column you can put a character in.  You must
 # make exactly 11 lines for the formatting to be correct.  It's also
 # customary to leave one space after the ':'.
      |-----handy-ruler------------------------------------------------------|
 tiger: tiger (Report system security vulnerabilities)
 tiger:
 tiger: TIGER, or the 'tiger' scripts, is a set of Bourne shell scripts,
 tiger: C programs and data files which are used to perform a security
 tiger: audit of UNIX systems. TIGER has one primary goal: report ways
 tiger: 'root' can be compromised.
 tiger:
 tiger: Originally developed by the A&M campus of the Texas University.
 tiger: Currently it is maintained by: Javier Fernandez-Sanguino
 tiger:
 tiger:
--- a/system/tiger/tiger.SlackBuild
+++ b/system/tiger/tiger.SlackBuild
@ -0,0 +1,143 @@
 #!/bin/sh
 # Slackware build script for Tiger
 # Written by Menno Duursma <druiloor@zonnet.nl>
 # currently maintained by pyllyukko <pyllyukko AT maimed dot org>
 # This program is free software. It comes without any warranty.
 # Granted WTFPL, Version 2, as published by Sam Hocevar. See
 # http://sam.zoy.org/wtfpl/COPYING for more details.
 PRGNAM=tiger
 VERSION=${VERSION:-3.2.3}
 BUILD=${BUILD:-1}
 TAG=${TAG:-_SBo}
 if [ -z "$ARCH" ]; then
  case "$( uname -m )" in
    i?86) ARCH=i486 ;;
    arm*) ARCH=arm ;;
       *) ARCH=$( uname -m ) ;;
  esac
 fi
 CWD=$(pwd)
 TMP=${TMP:-/tmp/SBo}
 PKG=$TMP/package-$PRGNAM
 OUTPUT=${OUTPUT:-/tmp}
 if [ "$ARCH" = "i486" ]; then
  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
  LIBDIRSUFFIX=""
 elif [ "$ARCH" = "i686" ]; then
  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
  LIBDIRSUFFIX=""
 elif [ "$ARCH" = "x86_64" ]; then
  SLKCFLAGS="-O2 -fPIC"
  LIBDIRSUFFIX="64"
 else
  SLKCFLAGS="-O2"
  LIBDIRSUFFIX=""
 fi
 set -e # Exit on most errors
 rm -rf $PKG
 mkdir -p $TMP $PKG $OUTPUT
 cd $TMP
 rm -rf $PRGNAM-$VERSION
 # The package can be verified with Javier Fernández-Sanguino's PGP key (0xDC814B09)
 # If we have GnuPG installed, we try to verify the signature.
 if [ -x "/usr/bin/gpg" -a -x "/usr/bin/gpgv" ]
 then
  set +e
  # This will check if we have the correct key in our keyring.
  # For the trustedkeys.gpg, see "man 1 gpgv".
  /usr/bin/gpg --keyring trustedkeys.gpg --no-default-keyring --list-keys 0xDC814B09 &>/dev/null
  GPG_RET=${?}
  # 2 means we don't have his key, 0 means we do.
  set -e
  # If we have the key and the signature file, we verify the package with GPG
  if [ ${GPG_RET} -eq 0 -a \
       -f "${CWD}/${PRGNAM}-${VERSION}.tar.gz.sig" ]
  then
    /usr/bin/gpgv "${CWD}/${PRGNAM}-${VERSION}.tar.gz.sig"
  fi
 fi
 tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
 cd $PRGNAM-$VERSION
 chown -R root:root .
 find . \
 \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
 -exec chmod 755 {} \; -o \
 \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
 -exec chmod 644 {} \;
 # The build errs on this
 # see http://cvs.savannah.gnu.org/viewvc/tiger/tiger/util/genmsgidx?r1=1.6&r2=1.7
 patch --verbose -p1 < $CWD/patches/tiger-3.2.3-build-fix.diff
 CFLAGS="$SLKCFLAGS" \
 CXXFLAGS="$SLKCFLAGS"
 export CFLAGS CXXFLAGS
 ./configure \
  --prefix=/usr \
  --libdir=/usr/lib${LIBDIRSUFFIX} \
  --mandir=/usr/man \
  --with-tigerhome=/usr/libexec/tiger \
  --with-tigerbin=/usr/sbin \
  --with-tigerconfig=/etc/tiger \
  --with-tigerwork=/var/lib/tiger/work \
  --with-tigerlog=/var/log/tiger
 make
 make -j1 install DESTDIR=$PKG
 find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
  | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
 install -D -m 0644 $CWD/config/tiger.cron $PKG/etc/cron.d/tiger.new
 install -D -m 0640 $CWD/config/tiger.ignore $PKG/etc/tiger/tiger.ignore.new
 install -D -m 0640 $CWD/config/tiger.default $PKG/etc/default/tiger.new
 # From the .spec: 3.- This should be done by the Makefile, grumble...
 install -D -m 0644 version.h $PKG/usr/lib/tiger/version.h
 # Remove unnecesary stuff
 ( cd $PKG
  for system in AIX HPUX IRIX NeXT SunOS UNICOS UNICOSMK Tru64 MacOSX ; do
    rm -rf ./usr/libexec/tiger/systems/$system
  done
  find . -type d -name CVS | xargs -iX rm -rf "X"
 )
 ( cd $PKG/etc/tiger
  mv -v cronrc cronrc.new
  mv -v tigerrc tigerrc.new
 )
 find $PKG/usr/man -type f -exec gzip -9 {} \;
 for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
 mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
 cp -a [A-Z][A-Z]* site-* tigerrc* \
  $PKG/usr/doc/$PRGNAM-$VERSION
 cp -a other/cert-usc20.txt contrib/fix_tiger_GROUPS.sh audit \
  $PKG/usr/doc/$PRGNAM-$VERSION
 mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION/html
 cp $PKG/usr/libexec/tiger/html/*.html $PKG/usr/doc/$PRGNAM-$VERSION/html
 # Delete the redundant stuff
 rm -rf $PKG/usr/libexec/tiger/html
 cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
 mkdir -p $PKG/install
 cat $CWD/slack-desc > $PKG/install/slack-desc
 cat $CWD/doinst.sh >  $PKG/install/doinst.sh
 cd $PKG
 /sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
--- a/system/tiger/tiger.info
+++ b/system/tiger/tiger.info
@ -0,0 +1,10 @@
 PRGNAM="tiger"
 VERSION="3.2.3"
 HOMEPAGE="http://www.nongnu.org/tiger"
 DOWNLOAD="http://download.savannah.nongnu.org/releases/tiger/tiger-3.2.3.tar.gz http://download.savannah.gnu.org/releases/tiger/tiger-3.2.3.tar.gz.sig"
 MD5SUM="f41076f645da9de937819bf6d516e546 fee7fd065e57a3a763d3a99f7ebf7b02"
 DOWNLOAD_x86_64=""
 MD5SUM_x86_64=""
 MAINTAINER="pyllyukko"
 EMAIL="pyllyukko AT maimed dot org"
 APPROVED="Erik Hanson"