security-tool/security-tool.spec

Summary: openEuler Security Tool
Name   : security-tool
Version: 2.0
Release: 1.81
Source0: https://gitee.com/openeuler/security-tool/repository/archive/v2.0.tar.gz
License: Mulan PSL v2
URL: https://gitee.com/openeuler/security-tool
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: bash setup pam util-linux sudo crontabs cronie 
Requires: shadow initscripts ca-certificates openssh rsyslog dbus-daemon
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
BuildRequires: xauth

Patch0: Use-secure-MACs-and-KexAlgorithms.patch
Patch1: do-not-create-allow-file-while-the-command-does-not-.patch
Patch2: remove-sha1-in-sshd-config.patch
Patch3: fix-function-allow-rpm-q.patch
Patch4: add-secure-hostKey-algorithms.patch

%description
openEuler Security Tool

%global debug_package %{nil}

%prep
%autosetup -n security-tool -p1

%build

%check

%install
rm -rf $RPM_BUILD_ROOT
install -d -m0700 $RPM_BUILD_ROOT%{_sysconfdir}/openEuler_security
install -m0600 security $RPM_BUILD_ROOT%{_sysconfdir}/openEuler_security/security
install -m0400 security.conf $RPM_BUILD_ROOT%{_sysconfdir}/openEuler_security/security.conf
install -m0600 usr-security.conf $RPM_BUILD_ROOT%{_sysconfdir}/openEuler_security/usr-security.conf
install -d -m0755 $RPM_BUILD_ROOT/%{_unitdir}
install -m0644 openEuler-security.service $RPM_BUILD_ROOT/%{_unitdir}/openEuler-security.service
install -d -m0755 $RPM_BUILD_ROOT/%{_sbindir}
install -m0500 security-tool.sh $RPM_BUILD_ROOT/%{_sbindir}/security-tool.sh
install -m0644 security-tool-%{version}/csh.precmd $RPM_BUILD_ROOT%{_sysconfdir}/csh.precmd
install -d -m0755 $RPM_BUILD_ROOT/%{_sysconfdir}/profile.d
install -d -m0755 $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d
install -m0644 security-tool-%{version}/password-auth-crond $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/password-auth-crond
install -m0644 security-tool-%{version}/su-local $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/su-local

%clean
rm -rf $RPM_BUILD_ROOT

%pre

%post
sed -i 's/password-auth$/password-auth-crond/g' /etc/pam.d/crond

if [ $1 -ge 2 ]
then
    sed -i 's/readonly HISTSIZE$//g' /etc/profile
    sed -i 's/readonly TMOUT$//g' /etc/profile
fi

if [ -h /etc/pam.d/su ]
then
    rm -f /etc/pam.d/su
else
    mv -f /etc/pam.d/su /etc/pam.d/su-bak
fi
ln -s /etc/pam.d/su-local /etc/pam.d/su

%systemd_post openEuler-security.service
systemctl enable openEuler-security.service

%preun
%systemd_preun openEuler-security.service
if [ $1 -eq 0 ]
then
    sed -i 's/password-auth-crond$/password-auth/g' /etc/pam.d/crond
fi

%postun
%systemd_postun_with_restart openEuler-security.service

if [ $1 -eq 0 ]
then

    if [ -f /etc/pam.d/su-bak ]
    then
        mv -f /etc/pam.d/su-bak /etc/pam.d/su
    fi

    if [ -f /etc/pam.d/password-auth-ac ]
    then
        rm -f /etc/pam.d/password-auth
        ln -s /etc/pam.d/password-auth-ac /etc/pam.d/password-auth
    elif [ -f /etc/pam.d/password-auth-bak ]
    then
        mv -f /etc/pam.d/password-auth-bak /etc/pam.d/password-auth
    fi

    if [ -f /etc/pam.d/system-auth-ac ]
    then
        rm -f /etc/pam.d/system-auth
        ln -s /etc/pam.d/system-auth-ac /etc/pam.d/system-auth
    elif [ -f /etc/pam.d/system-auth-bak ]
    then
        mv -f /etc/pam.d/system-auth-bak /etc/pam.d/system-auth
    fi
fi

%files
%defattr(-,root,root)
%attr(0700,root,root) %dir %{_sysconfdir}/openEuler_security
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/openEuler_security/security
%attr(0400,root,root) %config %{_sysconfdir}/openEuler_security/security.conf
%attr(0600,root,root) %config %{_sysconfdir}/openEuler_security/usr-security.conf
%attr(0644,root,root) %{_sysconfdir}/csh.precmd
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/password-auth-crond
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/su-local
%attr(0644,root,root) %{_unitdir}/openEuler-security.service
%attr(0500,root,root) %{_sbindir}/security-tool.sh

%changelog
* Mon Aug 15 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2.0-1.81
- add secure hostKey algorithms

* Thu Jun 30 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2.0-1.80
- disabling the dependency on binutils

* Mon Jun 27 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2.0-1.79
- fix function allow rpm-q

* Wed Apr 27 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2.0-1.78
- update release

* Mon Feb 7 2022 renmingshuai <renmingshuai@huawei.com> - 2.0-1.52
- remove sha1 in sshd_config

* Thu Mar 18 2021 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.51
- do not create allow file while the command does not exist

* Fri Oct 9 2020 gaoyusong <gaoyusong1@huawei.com> - 2.0-1.50
- Use secure MACs and KexAlgorithms

* Thu Sep 17 2020 gaoyusong <gaoyusong1@huawei.com> - 2.0-1.49
- Upgrade to v2.0

* Fri Jul 3 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.48
- rm zzz_openEuler_history.sh

* Fri May 29 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.47
- Move -- befora path

* Fri May 29 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.46
- Do not set umask to 077 any more

* Thu May 7 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.45
- Update LICENSE of files

* Wed Apr 29 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.44
- Update LICENSE to Mulan PSL v2.0

* Fri Feb 21 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.43
- Allow wheel group to use sudo by default

* Wed Jan 22 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.42
- Fix problems of script caused by "*" and multiple spaces

* Wed Jan 22 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.41
- Fix the problem of dbus-daemon-launch-helper's group 

* Sun Jan 12 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.40
- Delete password-auth-local and system-auth-local

* Sun Dec 29 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.39
- Add copyright for su-local

* Thu Dec 19 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.38
- Delete unused infomation

* Mon Nov 11 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.37
- Modify License

* Mon Sep 25 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.36
- Add requires

* Mon Sep 16 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.35
- Package init for openEuler
Package init 2019-12-25 17:13:05 +08:00			`Summary: openEuler Security Tool`
			`Name : security-tool`
			`Version: 2.0`
add secure hostKey algorithms 2022-08-15 09:11:53 +08:00			`Release: 1.81`
Change SPEC file, Add Source0 and Upstream information 2020-09-17 17:16:28 +08:00			`Source0: https://gitee.com/openeuler/security-tool/repository/archive/v2.0.tar.gz`
update LICENSE to Mulan PSL v2.0 2020-04-29 15:12:59 +08:00			`License: Mulan PSL v2`
Change SPEC file, Add Source0 and Upstream information 2020-09-17 17:16:28 +08:00			`URL: https://gitee.com/openeuler/security-tool`
Package init 2019-12-25 17:13:05 +08:00			`BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)`
disabling the dependency on binutils (cherry picked from commit 3c08d69677826d7a150ffc645fd76f074ad2635d) 2022-06-30 08:02:30 +00:00			`Requires: bash setup pam util-linux sudo crontabs cronie`
fix the problem of dbus-daemon-launch-helper's group 2020-01-22 14:34:49 +08:00			`Requires: shadow initscripts ca-certificates openssh rsyslog dbus-daemon`
Package init 2019-12-25 17:13:05 +08:00			`Requires(post): systemd-units`
			`Requires(preun): systemd-units`
			`Requires(postun): systemd-units`
			`BuildRequires: xauth`

do not create allow file while the command does not exist 2021-03-04 09:37:49 +08:00			`Patch0: Use-secure-MACs-and-KexAlgorithms.patch`
			`Patch1: do-not-create-allow-file-while-the-command-does-not-.patch`
remove sha1 in sshd_config 2022-02-07 19:35:51 +08:00			`Patch2: remove-sha1-in-sshd-config.patch`
fix funtion allow rpm -q (cherry picked from commit 0c1aa1929a7c20b407259dec3942655351598741) 2022-06-27 20:04:42 +08:00			`Patch3: fix-function-allow-rpm-q.patch`
add secure hostKey algorithms 2022-08-15 09:11:53 +08:00			`Patch4: add-secure-hostKey-algorithms.patch`
Use secure MACs and KexAlgorithms 2020-10-09 18:26:13 +08:00
Package init 2019-12-25 17:13:05 +08:00			`%description`
			`openEuler Security Tool`

			`%global debug_package %{nil}`

			`%prep`
Change SPEC file, Add Source0 and Upstream information 2020-09-17 17:16:28 +08:00			`%autosetup -n security-tool -p1`
Package init 2019-12-25 17:13:05 +08:00
			`%build`

			`%check`

			`%install`
			`rm -rf $RPM_BUILD_ROOT`
			`install -d -m0700 $RPM_BUILD_ROOT%{_sysconfdir}/openEuler_security`
Change SPEC file, Add Source0 and Upstream information 2020-09-17 17:16:28 +08:00			`install -m0600 security $RPM_BUILD_ROOT%{_sysconfdir}/openEuler_security/security`
			`install -m0400 security.conf $RPM_BUILD_ROOT%{_sysconfdir}/openEuler_security/security.conf`
			`install -m0600 usr-security.conf $RPM_BUILD_ROOT%{_sysconfdir}/openEuler_security/usr-security.conf`
Package init 2019-12-25 17:13:05 +08:00			`install -d -m0755 $RPM_BUILD_ROOT/%{_unitdir}`
Change SPEC file, Add Source0 and Upstream information 2020-09-17 17:16:28 +08:00			`install -m0644 openEuler-security.service $RPM_BUILD_ROOT/%{_unitdir}/openEuler-security.service`
Package init 2019-12-25 17:13:05 +08:00			`install -d -m0755 $RPM_BUILD_ROOT/%{_sbindir}`
Change SPEC file, Add Source0 and Upstream information 2020-09-17 17:16:28 +08:00			`install -m0500 security-tool.sh $RPM_BUILD_ROOT/%{_sbindir}/security-tool.sh`
			`install -m0644 security-tool-%{version}/csh.precmd $RPM_BUILD_ROOT%{_sysconfdir}/csh.precmd`
Package init 2019-12-25 17:13:05 +08:00			`install -d -m0755 $RPM_BUILD_ROOT/%{_sysconfdir}/profile.d`
			`install -d -m0755 $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d`
Change SPEC file, Add Source0 and Upstream information 2020-09-17 17:16:28 +08:00			`install -m0644 security-tool-%{version}/password-auth-crond $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/password-auth-crond`
			`install -m0644 security-tool-%{version}/su-local $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/su-local`
Package init 2019-12-25 17:13:05 +08:00
			`%clean`
			`rm -rf $RPM_BUILD_ROOT`

			`%pre`

			`%post`
			`sed -i 's/password-auth$/password-auth-crond/g' /etc/pam.d/crond`

			`if [ $1 -ge 2 ]`
			`then`
			`sed -i 's/readonly HISTSIZE$//g' /etc/profile`
			`sed -i 's/readonly TMOUT$//g' /etc/profile`
			`fi`

			`if [ -h /etc/pam.d/su ]`
			`then`
			`rm -f /etc/pam.d/su`
			`else`
			`mv -f /etc/pam.d/su /etc/pam.d/su-bak`
			`fi`
			`ln -s /etc/pam.d/su-local /etc/pam.d/su`

			`%systemd_post openEuler-security.service`
			`systemctl enable openEuler-security.service`

			`%preun`
			`%systemd_preun openEuler-security.service`
			`if [ $1 -eq 0 ]`
			`then`
			`sed -i 's/password-auth-crond$/password-auth/g' /etc/pam.d/crond`
			`fi`

			`%postun`
			`%systemd_postun_with_restart openEuler-security.service`

			`if [ $1 -eq 0 ]`
			`then`

			`if [ -f /etc/pam.d/su-bak ]`
			`then`
			`mv -f /etc/pam.d/su-bak /etc/pam.d/su`
			`fi`

			`if [ -f /etc/pam.d/password-auth-ac ]`
			`then`
			`rm -f /etc/pam.d/password-auth`
			`ln -s /etc/pam.d/password-auth-ac /etc/pam.d/password-auth`
			`elif [ -f /etc/pam.d/password-auth-bak ]`
			`then`
			`mv -f /etc/pam.d/password-auth-bak /etc/pam.d/password-auth`
			`fi`

			`if [ -f /etc/pam.d/system-auth-ac ]`
			`then`
			`rm -f /etc/pam.d/system-auth`
			`ln -s /etc/pam.d/system-auth-ac /etc/pam.d/system-auth`
			`elif [ -f /etc/pam.d/system-auth-bak ]`
			`then`
			`mv -f /etc/pam.d/system-auth-bak /etc/pam.d/system-auth`
			`fi`
			`fi`

			`%files`
			`%defattr(-,root,root)`
			`%attr(0700,root,root) %dir %{_sysconfdir}/openEuler_security`
			`%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/openEuler_security/security`
			`%attr(0400,root,root) %config %{_sysconfdir}/openEuler_security/security.conf`
			`%attr(0600,root,root) %config %{_sysconfdir}/openEuler_security/usr-security.conf`
			`%attr(0644,root,root) %{_sysconfdir}/csh.precmd`
			`%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/password-auth-crond`
			`%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/su-local`
			`%attr(0644,root,root) %{_unitdir}/openEuler-security.service`
			`%attr(0500,root,root) %{_sbindir}/security-tool.sh`

			`%changelog`
add secure hostKey algorithms 2022-08-15 09:11:53 +08:00			`* Mon Aug 15 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2.0-1.81`
			`- add secure hostKey algorithms`

disabling the dependency on binutils (cherry picked from commit 3c08d69677826d7a150ffc645fd76f074ad2635d) 2022-06-30 08:02:30 +00:00			`* Thu Jun 30 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2.0-1.80`
			`- disabling the dependency on binutils`

fix funtion allow rpm -q (cherry picked from commit 0c1aa1929a7c20b407259dec3942655351598741) 2022-06-27 20:04:42 +08:00			`* Mon Jun 27 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2.0-1.79`
			`- fix function allow rpm-q`

update release (cherry picked from commit dcfb880a8b1b6c2c74d9f68e64442738995e6a5e) 2022-04-27 19:16:50 +08:00			`* Wed Apr 27 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2.0-1.78`
			`- update release`

remove sha1 in sshd_config 2022-02-07 19:35:51 +08:00			`* Mon Feb 7 2022 renmingshuai <renmingshuai@huawei.com> - 2.0-1.52`
			`- remove sha1 in sshd_config`

do not create allow file while the command does not exist 2021-03-04 09:37:49 +08:00			`* Thu Mar 18 2021 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.51`
			`- do not create allow file while the command does not exist`

Use secure MACs and KexAlgorithms 2020-10-09 18:26:13 +08:00			`* Fri Oct 9 2020 gaoyusong <gaoyusong1@huawei.com> - 2.0-1.50`
			`- Use secure MACs and KexAlgorithms`

Change SPEC file, Add Source0 and Upstream information 2020-09-17 17:16:28 +08:00			`* Thu Sep 17 2020 gaoyusong <gaoyusong1@huawei.com> - 2.0-1.49`
			`- Upgrade to v2.0`

rm zzz_openEuler_history.sh 2020-07-03 16:01:17 +08:00			`* Fri Jul 3 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.48`
			`- rm zzz_openEuler_history.sh`

move -- before path 2020-06-01 16:55:46 +08:00			`* Fri May 29 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.47`
			`- Move -- befora path`

Do not set umask to 077 any more 2020-05-29 10:58:14 +08:00			`* Fri May 29 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.46`
			`- Do not set umask to 077 any more`

update LICENSE of files 2020-05-07 10:15:44 +08:00			`* Thu May 7 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.45`
			`- Update LICENSE of files`

update LICENSE to Mulan PSL v2.0 2020-04-29 15:12:59 +08:00			`* Wed Apr 29 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.44`
update LICENSE of files 2020-05-07 10:15:44 +08:00			`- Update LICENSE to Mulan PSL v2.0`
update LICENSE to Mulan PSL v2.0 2020-04-29 15:12:59 +08:00
allow users to use sudo command by default 2020-02-21 17:37:10 +08:00			`* Fri Feb 21 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.43`
			`- Allow wheel group to use sudo by default`

			`* Wed Jan 22 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.42`
fix problems of script caused by * and multiple spaces 2020-02-19 14:48:54 +08:00			`- Fix problems of script caused by "*" and multiple spaces`

fix the problem of dbus-daemon-launch-helper's group 2020-01-22 14:34:49 +08:00			`* Wed Jan 22 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.41`
			`- Fix the problem of dbus-daemon-launch-helper's group`

correct date 2020-01-13 09:11:23 +08:00			`* Sun Jan 12 2020 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.40`
delete password-auth-local and system-auth-local 2020-01-12 16:54:57 +08:00			`- Delete password-auth-local and system-auth-local`

add copyright for su-local 2019-12-29 10:59:34 +08:00			`* Sun Dec 29 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.39`
			`- Add copyright for su-local`

Package init 2019-12-25 17:13:05 +08:00			`* Thu Dec 19 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.38`
			`- Delete unused infomation`

			`* Mon Nov 11 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.37`
			`- Modify License`

			`* Mon Sep 25 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.36`
			`- Add requires`

			`* Mon Sep 16 2019 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.35`
			`- Package init for openEuler`