pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/lynis



Module Name:    pkgsrc
Committed By:   sborrill
Date:           Mon Jan 15 12:38:37 UTC 2018

Added Files:
        pkgsrc/security/lynis: DESCR Makefile PLIST distinfo
        pkgsrc/security/lynis/patches: patch-include_functions patch-lynis

Log Message:
lynis: add 2.5.9

Lynis is an open source security auditing tool. Used by system
administrators, security professionals, and auditors, to evaluate the
security defenses of their Linux and Unix-based systems. It runs on the host
itself, so it performs more extensive security scans than vulnerability
scanners.


To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/security/lynis/DESCR \
    pkgsrc/security/lynis/Makefile pkgsrc/security/lynis/PLIST \
    pkgsrc/security/lynis/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/security/lynis/patches/patch-include_functions \
    pkgsrc/security/lynis/patches/patch-lynis

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Added files:

Index: pkgsrc/security/lynis/DESCR
diff -u /dev/null pkgsrc/security/lynis/DESCR:1.1
--- /dev/null   Mon Jan 15 12:38:37 2018
+++ pkgsrc/security/lynis/DESCR Mon Jan 15 12:38:37 2018
@@ -0,0 +1,5 @@
+Lynis is an open source security auditing tool. Used by system
+administrators, security professionals, and auditors, to evaluate
+the security defenses of their Linux and Unix-based systems. It
+runs on the host itself, so it performs more extensive security
+scans than vulnerability scanners.
Index: pkgsrc/security/lynis/Makefile
diff -u /dev/null pkgsrc/security/lynis/Makefile:1.1
--- /dev/null   Mon Jan 15 12:38:37 2018
+++ pkgsrc/security/lynis/Makefile      Mon Jan 15 12:38:37 2018
@@ -0,0 +1,70 @@
+# $NetBSD: Makefile,v 1.1 2018/01/15 12:38:37 sborrill Exp $
+#
+
+DISTNAME=      lynis-2.5.9
+CATEGORIES=    security
+MASTER_SITES=  https://cisofy.com/files/
+
+MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
+HOMEPAGE=      https://cisofy.com/solutions/
+COMMENT=       Perform security health scans for Linux, macOS, and Unix
+LICENSE=       gnu-gpl-v3
+
+NO_BUILD=      yes
+USE_TOOLS+=    pax
+
+SUBST_CLASSES+=                libdir
+SUBST_STAGE.libdir=    pre-install
+SUBST_MESSAGE.libdir=  Fixing lib path
+SUBST_FILES.libdir=    lynis
+SUBST_SED.libdir=      -e "s,@PREFIX@,${PREFIX},"
+
+SUBST_CLASSES+=                vardir
+SUBST_STAGE.vardir=    pre-install
+SUBST_MESSAGE.vardir=  Fixing var path
+SUBST_FILES.vardir=    lynis
+SUBST_SED.vardir=      -e "s,@VARBASE@,${VARBASE},"
+
+SUBST_CLASSES+=                confdir
+SUBST_STAGE.confdir=   pre-install
+SUBST_MESSAGE.confdir= Fixing conf path
+SUBST_FILES.confdir=   include/functions
+SUBST_SED.confdir=     -e "s,@CONFDIR@,${PKG_SYSCONFDIR},"
+
+WRKSRC=                ${WRKDIR}/lynis
+INSTALLATION_DIRS+=    bin ${PKGMANDIR}/man8
+INSTALLATION_DIRS+=    share/examples/lynis
+INSTALLATION_DIRS+=    lib/lynis/db lib/lynis/extras
+INSTALLATION_DIRS+=    lib/lynis/include lib/lynis/plugins
+
+EGDIR=         ${PREFIX}/share/examples/${PKGBASE}
+
+BUILD_DEFS+=   PKG_SYSCONFBASE
+BUILD_DEFS+=   VARBASE
+AUTO_MKDIRS=                   yes
+
+PKG_SYSCONFSUBDIR=     lynis
+CONF_FILES+=   share/examples/lynis/default.prf \
+               ${PKG_SYSCONFDIR}/default.prf
+CONF_FILES+=   share/examples/lynis/developer.prf \
+               ${PKG_SYSCONFDIR}/developer.prf
+
+do-install:
+       ${INSTALL_SCRIPT} ${WRKSRC}/lynis                       \
+               ${DESTDIR}${PREFIX}/bin/lynis
+       ${INSTALL_MAN} ${WRKSRC}/lynis.8                        \
+               ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8/lynis.8
+       ${INSTALL_DATA} ${WRKSRC}/default.prf                   \
+               ${DESTDIR}${EGDIR}/default.prf
+       ${INSTALL_DATA} ${WRKSRC}/developer.prf                 \
+               ${DESTDIR}${EGDIR}/developer.prf
+       cd ${WRKSRC}/db &&                                      \
+               ${PAX} -wr * ${DESTDIR}${PREFIX}/lib/lynis/db
+       cd ${WRKSRC}/extras &&                                  \
+               ${PAX} -wr * ${DESTDIR}${PREFIX}/lib/lynis/extras
+       cd ${WRKSRC}/include &&                                 \
+               ${PAX} -wr * ${DESTDIR}${PREFIX}/lib/lynis/include
+       cd ${WRKSRC}/plugins &&                                 \
+               ${PAX} -wr * ${DESTDIR}${PREFIX}/lib/lynis/plugins
+
+.include "../../mk/bsd.pkg.mk"
Index: pkgsrc/security/lynis/PLIST
diff -u /dev/null pkgsrc/security/lynis/PLIST:1.1
--- /dev/null   Mon Jan 15 12:38:37 2018
+++ pkgsrc/security/lynis/PLIST Mon Jan 15 12:38:37 2018
@@ -0,0 +1,100 @@
+@comment $NetBSD: PLIST,v 1.1 2018/01/15 12:38:37 sborrill Exp $
+bin/lynis
+lib/lynis/db/fileperms.db
+lib/lynis/db/hints.db
+lib/lynis/db/integrity.db
+lib/lynis/db/languages/br
+lib/lynis/db/languages/cn
+lib/lynis/db/languages/de
+lib/lynis/db/languages/en
+lib/lynis/db/languages/en-GB
+lib/lynis/db/languages/en-US
+lib/lynis/db/languages/es
+lib/lynis/db/languages/fi
+lib/lynis/db/languages/fr
+lib/lynis/db/languages/he
+lib/lynis/db/languages/hu
+lib/lynis/db/languages/it
+lib/lynis/db/languages/ja
+lib/lynis/db/languages/nb-NO
+lib/lynis/db/languages/nl
+lib/lynis/db/languages/nl-BE
+lib/lynis/db/languages/nl-NL
+lib/lynis/db/languages/pl
+lib/lynis/db/languages/pt
+lib/lynis/db/languages/ru
+lib/lynis/db/languages/se
+lib/lynis/db/languages/tr
+lib/lynis/db/malware-susp.db
+lib/lynis/db/malware.db
+lib/lynis/db/sbl.db
+lib/lynis/db/tests.db
+lib/lynis/extras/README
+lib/lynis/extras/bash_completion.d/lynis
+lib/lynis/extras/build-lynis.sh
+lib/lynis/extras/check-lynis.sh
+lib/lynis/extras/files.dat
+lib/lynis/extras/lynis.spec
+lib/lynis/extras/openbsd/+CONTENTS
+lib/lynis/extras/systemd/lynis.service
+lib/lynis/extras/systemd/lynis.timer
+lib/lynis/extras/travis-ci/before_script.sh
+lib/lynis/include/binaries
+lib/lynis/include/consts
+lib/lynis/include/data_upload
+lib/lynis/include/functions
+lib/lynis/include/helper_audit_dockerfile
+lib/lynis/include/helper_configure
+lib/lynis/include/helper_show
+lib/lynis/include/helper_system_remote_scan
+lib/lynis/include/helper_update
+lib/lynis/include/osdetection
+lib/lynis/include/parameters
+lib/lynis/include/profiles
+lib/lynis/include/report
+lib/lynis/include/tests_accounting
+lib/lynis/include/tests_authentication
+lib/lynis/include/tests_banners
+lib/lynis/include/tests_boot_services
+lib/lynis/include/tests_containers
+lib/lynis/include/tests_crypto
+lib/lynis/include/tests_custom.template
+lib/lynis/include/tests_databases
+lib/lynis/include/tests_file_integrity
+lib/lynis/include/tests_file_permissions
+lib/lynis/include/tests_filesystems
+lib/lynis/include/tests_firewalls
+lib/lynis/include/tests_hardening
+lib/lynis/include/tests_homedirs
+lib/lynis/include/tests_insecure_services
+lib/lynis/include/tests_kernel
+lib/lynis/include/tests_kernel_hardening
+lib/lynis/include/tests_ldap
+lib/lynis/include/tests_logging
+lib/lynis/include/tests_mac_frameworks
+lib/lynis/include/tests_mail_messaging
+lib/lynis/include/tests_malware
+lib/lynis/include/tests_memory_processes
+lib/lynis/include/tests_nameservices
+lib/lynis/include/tests_networking
+lib/lynis/include/tests_php
+lib/lynis/include/tests_ports_packages
+lib/lynis/include/tests_printers_spools
+lib/lynis/include/tests_scheduling
+lib/lynis/include/tests_shells
+lib/lynis/include/tests_snmp
+lib/lynis/include/tests_squid
+lib/lynis/include/tests_ssh
+lib/lynis/include/tests_storage
+lib/lynis/include/tests_storage_nfs
+lib/lynis/include/tests_system_integrity
+lib/lynis/include/tests_time
+lib/lynis/include/tests_tooling
+lib/lynis/include/tests_virtualization
+lib/lynis/include/tests_webservers
+lib/lynis/include/tool_tips
+lib/lynis/plugins/README
+lib/lynis/plugins/custom_plugin.template
+man/man8/lynis.8
+share/examples/lynis/default.prf
+share/examples/lynis/developer.prf
Index: pkgsrc/security/lynis/distinfo
diff -u /dev/null pkgsrc/security/lynis/distinfo:1.1
--- /dev/null   Mon Jan 15 12:38:37 2018
+++ pkgsrc/security/lynis/distinfo      Mon Jan 15 12:38:37 2018
@@ -0,0 +1,8 @@
+$NetBSD: distinfo,v 1.1 2018/01/15 12:38:37 sborrill Exp $
+
+SHA1 (lynis-2.5.9.tar.gz) = 71733fa3de9894ca140333070de2843018b02d80
+RMD160 (lynis-2.5.9.tar.gz) = 1915a0f6cd7ad598c73d575259f801845dff3a1c
+SHA512 (lynis-2.5.9.tar.gz) = 655942b6546183396a416df6b7a365918aab1a19b55e2b1d34da4a5fe7fe865aee59aae6de2467b8e5393cae9bb80f97c48a85f1e3606951d88ea21cb624c45a
+Size (lynis-2.5.9.tar.gz) = 269067 bytes
+SHA1 (patch-include_functions) = 2d4f9c50ceb320c5d257ab79eda6581a2d634ca0
+SHA1 (patch-lynis) = f35b682d9c30afdd6bc4e35ca684a4bd7209f63d

Index: pkgsrc/security/lynis/patches/patch-include_functions
diff -u /dev/null pkgsrc/security/lynis/patches/patch-include_functions:1.1
--- /dev/null   Mon Jan 15 12:38:37 2018
+++ pkgsrc/security/lynis/patches/patch-include_functions       Mon Jan 15 12:38:37 2018
@@ -0,0 +1,33 @@
+$NetBSD: patch-include_functions,v 1.1 2018/01/15 12:38:37 sborrill Exp $
+
+Set location of default profiles.
+Remove bash comparisons.
+
+--- /usr/obj/pkgsrc/security/lynis/work.builder7/lynis/include/functions.orig  2018-01-12 00:00:00.000000000 +0000
++++ /usr/obj/pkgsrc/security/lynis/work.builder7/lynis/include/functions       2018-01-15 11:38:48.000000000 +0000
+@@ -426,7 +426,7 @@
+             DEFAULT_PROFILE=""
+             PROFILEDIR=""
+             tPROFILE_NAMES="default.prf custom.prf"
+-            tPROFILE_TARGETS="/usr/local/etc/lynis /etc/lynis /usr/local/lynis ."
++            tPROFILE_TARGETS="@CONFDIR@ ."
+             for PNAME in ${tPROFILE_NAMES}; do
+                 for PLOC in ${tPROFILE_TARGETS}; do
+                     # Only use one default.prf
+@@ -3010,14 +3010,14 @@
+ 
+             LogText "${FUNCNAME}: check if ${1} is equal to ${2}"
+ 
+-            if [ "$1" == "$2" ]; then
++            if [ "$1" = "$2" ]; then
+                 LogText "${FUNCNAME}: ${1} is equal to ${2}"
+                 RETVAL=0
+             fi
+ 
+             if ! [ -z ${3+x} ]; then
+                 LogText "${FUNCNAME}: ${1} is equal to ${3}"
+-                if [ "$2" == "$3" ]; then
++                if [ "$2" = "$3" ]; then
+                     LogText "${FUNCNAME}: ${OPTION} is equal to ${3}"
+                     RETVAL=1
+                 fi
Index: pkgsrc/security/lynis/patches/patch-lynis
diff -u /dev/null pkgsrc/security/lynis/patches/patch-lynis:1.1
--- /dev/null   Mon Jan 15 12:38:37 2018
+++ pkgsrc/security/lynis/patches/patch-lynis   Mon Jan 15 12:38:37 2018
@@ -0,0 +1,92 @@
+$NetBSD: patch-lynis,v 1.1 2018/01/15 12:38:37 sborrill Exp $
+
+Remove hardwired paths to allow installation in a separate dir to the
+main script.
+
+--- lynis.orig 2018-01-12 00:00:00.000000000 +0000
++++ lynis      2018-01-15 11:32:35.000000000 +0000
+@@ -72,15 +72,7 @@
+ 
+     # Test from which directories we can use all functions and tests
+ 
+-        INCLUDEDIR=""  # Set default include directory to none
+-        tINCLUDE_TARGETS="/usr/local/include/lynis /usr/local/lynis/include /usr/share/lynis/include ./include"  # Default paths to check (CWD as last option, in case we run from standalone)
+-        for I in ${tINCLUDE_TARGETS}; do
+-            if [ "${I}" = "./include" ]; then
+-                if [ -d ${WORKDIR}/include ]; then INCLUDEDIR="${WORKDIR}/include"; fi
+-            elif [ -d ${I} -a -z "${INCLUDEDIR}" ]; then
+-                INCLUDEDIR=${I}
+-            fi
+-        done
++        INCLUDEDIR="@PREFIX@/lib/lynis/include"
+ 
+     # Drop out if our include directory can't be found
+         if [ -z "${INCLUDEDIR}" ]; then
+@@ -92,14 +84,7 @@
+ 
+     # Test for database directory
+ 
+-        DBDIR=""; tDB_TARGETS="/usr/local/share/lynis/db /usr/local/lynis/db /usr/share/lynis/db ./db"
+-        for I in ${tDB_TARGETS}; do
+-            if [ "${I}" = "./db" ]; then
+-                if [ -d ${WORKDIR}/db ]; then DBDIR="${WORKDIR}/db"; fi
+-            elif [ -d ${I} -a -z "${DBDIR}" ]; then
+-                DBDIR="${I}"
+-            fi
+-        done
++        DBDIR="@PREFIX@/lib/lynis/db"
+ 
+     # Import translations. First import English to prefill all texts
+     if [ ! -f ${DBDIR}/languages/en ]; then
+@@ -303,7 +288,7 @@
+     DiscoverProfiles
+ 
+     # Initialize and check profile file, auditor name, log file and report file
+-    if [ -z "${LOGDIR}" ];            then LOGDIR="/var/log"; fi
++    if [ -z "${LOGDIR}" ];            then LOGDIR="@VARBASE@/log"; fi
+     if [ -z "${AUDITORNAME}" ];       then AUDITORNAME="[Not Specified]"; fi
+     if [ -z "${LOGFILE}" ];           then LOGFILE="${LOGDIR}/lynis.log"; fi
+     if [ -z "${REPORTFILE}" ];        then REPORTFILE="${LOGDIR}/lynis-report.dat"; fi
+@@ -321,14 +306,14 @@
+ 
+     if [ ${PRIVILEGED} -eq 0 ]; then
+         PIDFILE="${MYHOMEDIR}/lynis.pid"
+-    elif [ -d /var/run ]; then
+-        PIDFILE="/var/run/lynis.pid"
++    elif [ -d @VARBASE@/run ]; then
++        PIDFILE="@VARBASE@/run/lynis.pid"
+     else
+         PIDFILE="./lynis.pid"
+     fi
+ 
+     # Check if there is already a PID file in any of the locations (incorrect termination of previous instance)
+-    if [ -f "${MYHOMEDIR}/lynis.pid" -o -f "./lynis.pid" -o -f "/var/run/lynis.pid" ]; then
++    if [ -f "${MYHOMEDIR}/lynis.pid" -o -f "./lynis.pid" -o -f "@VARBASE@/run/lynis.pid" ]; then
+         printf "%s" "
+ 
+ ${WARNING}Warning${NORMAL}: ${WHITE}PID file exists, probably another Lynis process is running.${NORMAL}
+@@ -354,7 +339,7 @@
+         # Deleting any stale PID files that might exist. Note: Display function does not work yet at this point
+         if [ -f "${MYHOMEDIR}/lynis.pid" ]; then rm -f "${MYHOMEDIR}/lynis.pid"; fi
+         if [ -f "./lynis.pid" ]; then rm -f "./lynis.pid"; fi
+-        if [ -f "/var/run/lynis.pid" ]; then rm -f "/var/run/lynis.pid"; fi
++        if [ -f "@VARBASE@/run/lynis.pid" ]; then rm -f "@VARBASE@/run/lynis.pid"; fi
+     fi
+ 
+     # Ensure symlink attack is not possible, by confirming there is no symlink of the file already
+@@ -577,14 +562,7 @@
+ #
+     # Plugin directory test
+     if [ -z "${PLUGINDIR}" ]; then
+-        #LogText "Result: Searching for plugindir"
+-        tPLUGIN_TARGETS="/usr/local/lynis/plugins /usr/local/share/lynis/plugins /usr/share/lynis/plugins /etc/lynis/plugins ./plugins"
+-        for DIR in ${tPLUGIN_TARGETS}; do
+-            if [ -d ${DIR} -a -z "${PLUGINDIR}" ]; then
+-                PLUGINDIR=${DIR}
+-                Debug "Result: found plugindir ${PLUGINDIR}"
+-            fi
+-        done
++      PLUGINDIR="@PREFIX@/lib/lynis/plugins"
+     else
+         Debug "Plugin was already set before to ${PLUGINDIR} (most likely via program argument or profile)"
+     fi



Home | Main Index | Thread Index | Old Index