--- lsat-0.9.7.1.orig/debian/changelog +++ lsat-0.9.7.1/debian/changelog @@ -0,0 +1,25 @@ +lsat (0.9.7.1-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Use "find -perm /x" instead of "find -perm +x". Closes: #808930 + + -- Andreas Metzler Fri, 25 Dec 2015 14:38:30 +0100 + +lsat (0.9.7.1-2) unstable; urgency=low + + * Updated debian/control (Standard-Version). + * Fixed (Thanks Tomasz Nowak): + - Segmentation fault when setting output file. (Closes: #532582) + - Hardcoded number of accounts too low. (Closes: #532575) + - AWK invocation in checknet for SunOS doesn't work. (Closes: #532615) + - Checkpasswd module closes random file. (Closes: #533170) + + -- Juan Angulo Moreno Mon, 29 Jun 2009 09:41:13 -0430 + +lsat (0.9.7.1-1) unstable; urgency=low + + * Initial release. (Closes: #477410) + + -- Juan Angulo Moreno Tue, 22 Apr 2008 22:25:52 -0430 + + --- lsat-0.9.7.1.orig/debian/compat +++ lsat-0.9.7.1/debian/compat @@ -0,0 +1 @@ +5 --- lsat-0.9.7.1.orig/debian/control +++ lsat-0.9.7.1/debian/control @@ -0,0 +1,18 @@ +Source: lsat +Section: utils +Priority: extra +Maintainer: Juan Angulo Moreno +HomePage: http://usat.sourceforge.net +Build-Depends: debhelper (>= 5), dpatch +Standards-Version: 3.8.2 + +Package: lsat +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Suggests: nmap, lsof, iproute +Description: Security auditor tool + The Linux Security Auditing Tool (LSAT) is a post install + security auditor for Linux/Unix. It checks many system configurations + and local network settings on the system for common security/config + errors and for packages that are not needed. + --- lsat-0.9.7.1.orig/debian/copyright +++ lsat-0.9.7.1/debian/copyright @@ -0,0 +1,32 @@ +This package was debianized by Juan Angulo Moreno on +Tue, 22 Apr 2008 22:02:18 -0430. + +It was downloaded from http://usat.sourceforge.net/ + +Upstream Author: Triode + + +Copyright: Copyright (C) 2002-2007 Triode + Copyright (C) 2002 Robert Minvielle + +License: GPLv2 + + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +On Debian systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL-2'. + +The Debian packaging is (C) 2008, Juan Angulo Moreno and +is licensed under the GPL, see above. --- lsat-0.9.7.1.orig/debian/dirs +++ lsat-0.9.7.1/debian/dirs @@ -0,0 +1 @@ +usr/bin --- lsat-0.9.7.1.orig/debian/docs +++ lsat-0.9.7.1/debian/docs @@ -0,0 +1,7 @@ +modules.html +README +README.exclude +README.modules +sample_exclude.txt + + --- lsat-0.9.7.1.orig/debian/patches/001_segmentation_fault_output.dpatch +++ lsat-0.9.7.1/debian/patches/001_segmentation_fault_output.dpatch @@ -0,0 +1,83 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 001_segmentation_fault_output.dpatch by TomaszN +## +## DP: Segmentation fault when setting output file + +@DPATCH@ +diff -urNad lsat-0.9.7.1~/lsatmain.c lsat-0.9.7.1/lsatmain.c +--- lsat-0.9.7.1~/lsatmain.c 2008-05-04 08:47:28.000000000 -0430 ++++ lsat-0.9.7.1/lsatmain.c 2009-06-29 10:53:28.000000000 -0430 +@@ -73,7 +73,7 @@ + char *token; + char tempstring[26]; + char line[256]; +- char thelist[33][12] = { {"pkgs"}, {"rpm"}, {"inetd"}, {"inittab"}, {"logging"}, {"set"}, {"write"}, {"dotfiles"}, {"passwd"}, {"files"}, {"umask"}, {"ftpusers"}, {"rc"}, {"kbd"}, {"limits"}, {"ssh"}, {"open"}, {"issue"}, {"www"}, {"md5"}, {"modules"}, {"securetty"}, {"perms"}, {"net"}, {"forward"}, {"promisc"}, {"listening"}, {"cfg"}, {"bpass"}, {"ipv4"}, {"startx"}, {"ftp"}, {"disk"} }; ++ static char *thelist[] = { "pkgs", "rpm", "inetd", "inittab", "logging", "set", "write", "dotfiles", "passwd", "files", "umask", "ftpusers", "rc", "kbd", "limits", "ssh", "open", "issue", "www", "md5", "modules", "securetty", "perms", "net", "forward", "promisc", "listening", "cfg", "bpass", "ipv4", "startx", "ftp", "disk" }; + + if ((fileptr = fopen(xlisting, "r"))==NULL) + { +@@ -101,7 +101,7 @@ + /* see if they match. If they do, the user does */ + /* not want to run that module, so we put it in */ + /* another array of ints to look through later. */ +- for (i=0;i<33;i++) ++ for (i=0;i +## +## DP: awk invocation in checknet for sunos doesn't work + +@DPATCH@ +diff -urNad lsat-0.9.7.1~/checknet.c lsat-0.9.7.1/checknet.c +--- lsat-0.9.7.1~/checknet.c 2008-05-04 08:47:28.000000000 -0430 ++++ lsat-0.9.7.1/checknet.c 2009-06-29 10:56:09.000000000 -0430 +@@ -149,7 +149,7 @@ + /* we are on Solaris, begin getting funky */ + { + tempfile = "/tmp/lsat1.lsat"; +- shellcode = "netstat -a -f inet |grep LISTEN |awk -F\" \" 'length($1) > 0 {print $1}' 2>/dev/null >> /tmp/lsat1.lsat"; ++ shellcode = "netstat -a -f inet -n |grep LISTEN | sort -n 2>/dev/null >> /tmp/lsat1.lsat"; + header = "These ports were found to be listening on the system.\nClose all ports or services you do not need."; + if ((dostuff(tempfile, filename, shellcode, header, html)) < 0) + { --- lsat-0.9.7.1.orig/debian/patches/003_checkftpusers.dpatch +++ lsat-0.9.7.1/debian/patches/003_checkftpusers.dpatch @@ -0,0 +1,65 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 003_checkftpusers.dpatch by TomaszN +## +## DP: Hardcoded number of accounts too low + +@DPATCH@ +diff -urNad lsat-0.9.7.1~/checkftpusers.c lsat-0.9.7.1/checkftpusers.c +--- lsat-0.9.7.1~/checkftpusers.c 2008-05-04 08:47:28.000000000 -0430 ++++ lsat-0.9.7.1/checkftpusers.c 2009-06-29 11:05:46.000000000 -0430 +@@ -14,6 +14,8 @@ + #include + #include + ++#define MAX_FTP_USERS 4000 ++ + int checkftpusers(filename, verbose, html) + const char *const filename; + int verbose; +@@ -26,8 +28,8 @@ + /* the passwd list... we ass|u|me that a username */ + /* will be < 120 chars. :O => line[120] */ + char line[120]; /* array for a line */ +- char temparray[100][120]; /*temparray. */ +- char tempstring[100][120]; /* string to hold ftpusername */ ++ char temparray[MAX_FTP_USERS][120]; /*temparray. */ ++ char tempstring[MAX_FTP_USERS][120]; /* string to hold ftpusername */ + int i=0; /* counter variable */ + int j=0; /* counter variable */ + int k=0; /* counter variable */ +@@ -46,7 +48,7 @@ + const char * header =NULL; + + /* init temparray */ +- for (i=0; i<100; i++) ++ for (i=0; i100) ++ if (i>MAX_FTP_USERS) + { + perror("Error in module checkftpusers: Too much data.\n"); + return(-1); +@@ -235,7 +237,7 @@ + } /* end if (ftpptr != NULL) */ + /* inc the linec ounter */ + linecount++; +- if (linecount>100) ++ if (linecount>MAX_FTP_USERS) + { + perror("Error in checkftpusers: Too much data."); + return(-1); +@@ -245,7 +247,7 @@ + + /* ok, now compare an entry in the userlist */ + /* we have against the entries in ftpusers */ +- i = 100; ++ i = MAX_FTP_USERS; + for (j = 0; j < i; j++) + { + for (k=0; k < linecount; k++) --- lsat-0.9.7.1.orig/debian/patches/004_checkpasswd.dpatch +++ lsat-0.9.7.1/debian/patches/004_checkpasswd.dpatch @@ -0,0 +1,25 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 004_checkpasswd.dpatch by TomaszN +## +## DP: checkpasswd module closes random file + +@DPATCH@ +diff -urNad lsat-0.9.7.1~/checkpasswd.c lsat-0.9.7.1/checkpasswd.c +--- lsat-0.9.7.1~/checkpasswd.c 2008-05-04 08:47:28.000000000 -0430 ++++ lsat-0.9.7.1/checkpasswd.c 2009-06-29 11:13:38.000000000 -0430 +@@ -38,7 +38,6 @@ + char temparray[2][128]; /*temparray. */ + int j=0; /* counter variable */ + int field; /* field counter */ +- int fileval; /* return val */ + const char * tmp_file = "/tmp/lsat2.lsat"; /* temp file for storage */ + + const char * tempfile =NULL; +@@ -153,7 +152,6 @@ + remove(tempfile); + /* close the tmpfile */ + fclose(fileptr); +- close(fileval); + /* note dostuff below will rm tmpfile */ + + header = "Please consider removing these system accounts.\nCheck to see if you need them for your system applications before removing.\nAlso, consult the securitylinks.txt file for more information.\n"; --- lsat-0.9.7.1.orig/debian/patches/005_find-perm_+.diff +++ lsat-0.9.7.1/debian/patches/005_find-perm_+.diff @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 005_find-perm_+.diff by Andreas Metzler +## +## DP: Use find -perm /x instead of -perm +x, the latter stooped working +## DP: in find 4.5.11. + +@DPATCH@ +diff -NuradBbp a/checkset.c b/checkset.c +--- a/checkset.c 2008-05-04 15:17:28.000000000 +0200 ++++ b/checkset.c 2015-12-25 14:46:35.725578813 +0100 +@@ -44,7 +44,7 @@ int html; + + } + +- shellcode="find / -mount -perm +4000 2>/dev/null | tee >/tmp/lsat1.lsat"; ++ shellcode="find / -mount -perm /4000 2>/dev/null | tee >/tmp/lsat1.lsat"; + header ="This is a list of SUID files on the system:\n"; + if ((dostuff(tempfile, filename, shellcode, header, html)) < 0) + { --- lsat-0.9.7.1.orig/debian/patches/00list +++ lsat-0.9.7.1/debian/patches/00list @@ -0,0 +1,5 @@ +001_segmentation_fault_output.dpatch +002_checknet_sunos.dpatch +003_checkftpusers.dpatch +004_checkpasswd.dpatch +005_find-perm_+.diff --- lsat-0.9.7.1.orig/debian/rules +++ lsat-0.9.7.1/debian/rules @@ -0,0 +1,72 @@ +#!/usr/bin/make -f +#export DH_VERBOSE=1 + +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + + +config.status: configure + dh_testdir +ifneq "$(wildcard /usr/share/misc/config.sub)" "" + cp -f /usr/share/misc/config.sub config.sub +endif +ifneq "$(wildcard /usr/share/misc/config.guess)" "" + cp -f /usr/share/misc/config.guess config.guess +endif + ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)" + + +build: build-stamp + +build-stamp: patch config.status + dh_testdir + $(MAKE) + $(MAKE) manpage + touch $@ + +patch: patch-stamp +patch-stamp: + dpatch apply-all -v + +unpatch: + dpatch deapply-all + rm -rf patch-stamp debian/patched + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp + + -[ ! -f Makefile ] || $(MAKE) clean + rm -f config.sub config.guess config.log config.status config.cache lsat.1 Makefile + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + dh_install lsat usr/bin + +binary-indep: build install + +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs changelog/changelog.html + dh_installdocs + dh_installexamples + dh_installman lsat.1 + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary patch unpatch install --- lsat-0.9.7.1.orig/debian/watch +++ lsat-0.9.7.1/debian/watch @@ -0,0 +1,5 @@ +version=3 +http://usat.sourceforge.net/code/lsat-(.*)\.tgz + + +