pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/lynis
Module Name: pkgsrc
Committed By: sborrill
Date: Mon Jan 15 12:38:37 UTC 2018
Added Files:
pkgsrc/security/lynis: DESCR Makefile PLIST distinfo
pkgsrc/security/lynis/patches: patch-include_functions patch-lynis
Log Message:
lynis: add 2.5.9
Lynis is an open source security auditing tool. Used by system
administrators, security professionals, and auditors, to evaluate the
security defenses of their Linux and Unix-based systems. It runs on the host
itself, so it performs more extensive security scans than vulnerability
scanners.
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/security/lynis/DESCR \
pkgsrc/security/lynis/Makefile pkgsrc/security/lynis/PLIST \
pkgsrc/security/lynis/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/security/lynis/patches/patch-include_functions \
pkgsrc/security/lynis/patches/patch-lynis
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Added files:
Index: pkgsrc/security/lynis/DESCR
diff -u /dev/null pkgsrc/security/lynis/DESCR:1.1
--- /dev/null Mon Jan 15 12:38:37 2018
+++ pkgsrc/security/lynis/DESCR Mon Jan 15 12:38:37 2018
@@ -0,0 +1,5 @@
+Lynis is an open source security auditing tool. Used by system
+administrators, security professionals, and auditors, to evaluate
+the security defenses of their Linux and Unix-based systems. It
+runs on the host itself, so it performs more extensive security
+scans than vulnerability scanners.
Index: pkgsrc/security/lynis/Makefile
diff -u /dev/null pkgsrc/security/lynis/Makefile:1.1
--- /dev/null Mon Jan 15 12:38:37 2018
+++ pkgsrc/security/lynis/Makefile Mon Jan 15 12:38:37 2018
@@ -0,0 +1,70 @@
+# $NetBSD: Makefile,v 1.1 2018/01/15 12:38:37 sborrill Exp $
+#
+
+DISTNAME= lynis-2.5.9
+CATEGORIES= security
+MASTER_SITES= https://cisofy.com/files/
+
+MAINTAINER= pkgsrc-users%NetBSD.org@localhost
+HOMEPAGE= https://cisofy.com/solutions/
+COMMENT= Perform security health scans for Linux, macOS, and Unix
+LICENSE= gnu-gpl-v3
+
+NO_BUILD= yes
+USE_TOOLS+= pax
+
+SUBST_CLASSES+= libdir
+SUBST_STAGE.libdir= pre-install
+SUBST_MESSAGE.libdir= Fixing lib path
+SUBST_FILES.libdir= lynis
+SUBST_SED.libdir= -e "s,@PREFIX@,${PREFIX},"
+
+SUBST_CLASSES+= vardir
+SUBST_STAGE.vardir= pre-install
+SUBST_MESSAGE.vardir= Fixing var path
+SUBST_FILES.vardir= lynis
+SUBST_SED.vardir= -e "s,@VARBASE@,${VARBASE},"
+
+SUBST_CLASSES+= confdir
+SUBST_STAGE.confdir= pre-install
+SUBST_MESSAGE.confdir= Fixing conf path
+SUBST_FILES.confdir= include/functions
+SUBST_SED.confdir= -e "s,@CONFDIR@,${PKG_SYSCONFDIR},"
+
+WRKSRC= ${WRKDIR}/lynis
+INSTALLATION_DIRS+= bin ${PKGMANDIR}/man8
+INSTALLATION_DIRS+= share/examples/lynis
+INSTALLATION_DIRS+= lib/lynis/db lib/lynis/extras
+INSTALLATION_DIRS+= lib/lynis/include lib/lynis/plugins
+
+EGDIR= ${PREFIX}/share/examples/${PKGBASE}
+
+BUILD_DEFS+= PKG_SYSCONFBASE
+BUILD_DEFS+= VARBASE
+AUTO_MKDIRS= yes
+
+PKG_SYSCONFSUBDIR= lynis
+CONF_FILES+= share/examples/lynis/default.prf \
+ ${PKG_SYSCONFDIR}/default.prf
+CONF_FILES+= share/examples/lynis/developer.prf \
+ ${PKG_SYSCONFDIR}/developer.prf
+
+do-install:
+ ${INSTALL_SCRIPT} ${WRKSRC}/lynis \
+ ${DESTDIR}${PREFIX}/bin/lynis
+ ${INSTALL_MAN} ${WRKSRC}/lynis.8 \
+ ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8/lynis.8
+ ${INSTALL_DATA} ${WRKSRC}/default.prf \
+ ${DESTDIR}${EGDIR}/default.prf
+ ${INSTALL_DATA} ${WRKSRC}/developer.prf \
+ ${DESTDIR}${EGDIR}/developer.prf
+ cd ${WRKSRC}/db && \
+ ${PAX} -wr * ${DESTDIR}${PREFIX}/lib/lynis/db
+ cd ${WRKSRC}/extras && \
+ ${PAX} -wr * ${DESTDIR}${PREFIX}/lib/lynis/extras
+ cd ${WRKSRC}/include && \
+ ${PAX} -wr * ${DESTDIR}${PREFIX}/lib/lynis/include
+ cd ${WRKSRC}/plugins && \
+ ${PAX} -wr * ${DESTDIR}${PREFIX}/lib/lynis/plugins
+
+.include "../../mk/bsd.pkg.mk"
Index: pkgsrc/security/lynis/PLIST
diff -u /dev/null pkgsrc/security/lynis/PLIST:1.1
--- /dev/null Mon Jan 15 12:38:37 2018
+++ pkgsrc/security/lynis/PLIST Mon Jan 15 12:38:37 2018
@@ -0,0 +1,100 @@
+@comment $NetBSD: PLIST,v 1.1 2018/01/15 12:38:37 sborrill Exp $
+bin/lynis
+lib/lynis/db/fileperms.db
+lib/lynis/db/hints.db
+lib/lynis/db/integrity.db
+lib/lynis/db/languages/br
+lib/lynis/db/languages/cn
+lib/lynis/db/languages/de
+lib/lynis/db/languages/en
+lib/lynis/db/languages/en-GB
+lib/lynis/db/languages/en-US
+lib/lynis/db/languages/es
+lib/lynis/db/languages/fi
+lib/lynis/db/languages/fr
+lib/lynis/db/languages/he
+lib/lynis/db/languages/hu
+lib/lynis/db/languages/it
+lib/lynis/db/languages/ja
+lib/lynis/db/languages/nb-NO
+lib/lynis/db/languages/nl
+lib/lynis/db/languages/nl-BE
+lib/lynis/db/languages/nl-NL
+lib/lynis/db/languages/pl
+lib/lynis/db/languages/pt
+lib/lynis/db/languages/ru
+lib/lynis/db/languages/se
+lib/lynis/db/languages/tr
+lib/lynis/db/malware-susp.db
+lib/lynis/db/malware.db
+lib/lynis/db/sbl.db
+lib/lynis/db/tests.db
+lib/lynis/extras/README
+lib/lynis/extras/bash_completion.d/lynis
+lib/lynis/extras/build-lynis.sh
+lib/lynis/extras/check-lynis.sh
+lib/lynis/extras/files.dat
+lib/lynis/extras/lynis.spec
+lib/lynis/extras/openbsd/+CONTENTS
+lib/lynis/extras/systemd/lynis.service
+lib/lynis/extras/systemd/lynis.timer
+lib/lynis/extras/travis-ci/before_script.sh
+lib/lynis/include/binaries
+lib/lynis/include/consts
+lib/lynis/include/data_upload
+lib/lynis/include/functions
+lib/lynis/include/helper_audit_dockerfile
+lib/lynis/include/helper_configure
+lib/lynis/include/helper_show
+lib/lynis/include/helper_system_remote_scan
+lib/lynis/include/helper_update
+lib/lynis/include/osdetection
+lib/lynis/include/parameters
+lib/lynis/include/profiles
+lib/lynis/include/report
+lib/lynis/include/tests_accounting
+lib/lynis/include/tests_authentication
+lib/lynis/include/tests_banners
+lib/lynis/include/tests_boot_services
+lib/lynis/include/tests_containers
+lib/lynis/include/tests_crypto
+lib/lynis/include/tests_custom.template
+lib/lynis/include/tests_databases
+lib/lynis/include/tests_file_integrity
+lib/lynis/include/tests_file_permissions
+lib/lynis/include/tests_filesystems
+lib/lynis/include/tests_firewalls
+lib/lynis/include/tests_hardening
+lib/lynis/include/tests_homedirs
+lib/lynis/include/tests_insecure_services
+lib/lynis/include/tests_kernel
+lib/lynis/include/tests_kernel_hardening
+lib/lynis/include/tests_ldap
+lib/lynis/include/tests_logging
+lib/lynis/include/tests_mac_frameworks
+lib/lynis/include/tests_mail_messaging
+lib/lynis/include/tests_malware
+lib/lynis/include/tests_memory_processes
+lib/lynis/include/tests_nameservices
+lib/lynis/include/tests_networking
+lib/lynis/include/tests_php
+lib/lynis/include/tests_ports_packages
+lib/lynis/include/tests_printers_spools
+lib/lynis/include/tests_scheduling
+lib/lynis/include/tests_shells
+lib/lynis/include/tests_snmp
+lib/lynis/include/tests_squid
+lib/lynis/include/tests_ssh
+lib/lynis/include/tests_storage
+lib/lynis/include/tests_storage_nfs
+lib/lynis/include/tests_system_integrity
+lib/lynis/include/tests_time
+lib/lynis/include/tests_tooling
+lib/lynis/include/tests_virtualization
+lib/lynis/include/tests_webservers
+lib/lynis/include/tool_tips
+lib/lynis/plugins/README
+lib/lynis/plugins/custom_plugin.template
+man/man8/lynis.8
+share/examples/lynis/default.prf
+share/examples/lynis/developer.prf
Index: pkgsrc/security/lynis/distinfo
diff -u /dev/null pkgsrc/security/lynis/distinfo:1.1
--- /dev/null Mon Jan 15 12:38:37 2018
+++ pkgsrc/security/lynis/distinfo Mon Jan 15 12:38:37 2018
@@ -0,0 +1,8 @@
+$NetBSD: distinfo,v 1.1 2018/01/15 12:38:37 sborrill Exp $
+
+SHA1 (lynis-2.5.9.tar.gz) = 71733fa3de9894ca140333070de2843018b02d80
+RMD160 (lynis-2.5.9.tar.gz) = 1915a0f6cd7ad598c73d575259f801845dff3a1c
+SHA512 (lynis-2.5.9.tar.gz) = 655942b6546183396a416df6b7a365918aab1a19b55e2b1d34da4a5fe7fe865aee59aae6de2467b8e5393cae9bb80f97c48a85f1e3606951d88ea21cb624c45a
+Size (lynis-2.5.9.tar.gz) = 269067 bytes
+SHA1 (patch-include_functions) = 2d4f9c50ceb320c5d257ab79eda6581a2d634ca0
+SHA1 (patch-lynis) = f35b682d9c30afdd6bc4e35ca684a4bd7209f63d
Index: pkgsrc/security/lynis/patches/patch-include_functions
diff -u /dev/null pkgsrc/security/lynis/patches/patch-include_functions:1.1
--- /dev/null Mon Jan 15 12:38:37 2018
+++ pkgsrc/security/lynis/patches/patch-include_functions Mon Jan 15 12:38:37 2018
@@ -0,0 +1,33 @@
+$NetBSD: patch-include_functions,v 1.1 2018/01/15 12:38:37 sborrill Exp $
+
+Set location of default profiles.
+Remove bash comparisons.
+
+--- /usr/obj/pkgsrc/security/lynis/work.builder7/lynis/include/functions.orig 2018-01-12 00:00:00.000000000 +0000
++++ /usr/obj/pkgsrc/security/lynis/work.builder7/lynis/include/functions 2018-01-15 11:38:48.000000000 +0000
+@@ -426,7 +426,7 @@
+ DEFAULT_PROFILE=""
+ PROFILEDIR=""
+ tPROFILE_NAMES="default.prf custom.prf"
+- tPROFILE_TARGETS="/usr/local/etc/lynis /etc/lynis /usr/local/lynis ."
++ tPROFILE_TARGETS="@CONFDIR@ ."
+ for PNAME in ${tPROFILE_NAMES}; do
+ for PLOC in ${tPROFILE_TARGETS}; do
+ # Only use one default.prf
+@@ -3010,14 +3010,14 @@
+
+ LogText "${FUNCNAME}: check if ${1} is equal to ${2}"
+
+- if [ "$1" == "$2" ]; then
++ if [ "$1" = "$2" ]; then
+ LogText "${FUNCNAME}: ${1} is equal to ${2}"
+ RETVAL=0
+ fi
+
+ if ! [ -z ${3+x} ]; then
+ LogText "${FUNCNAME}: ${1} is equal to ${3}"
+- if [ "$2" == "$3" ]; then
++ if [ "$2" = "$3" ]; then
+ LogText "${FUNCNAME}: ${OPTION} is equal to ${3}"
+ RETVAL=1
+ fi
Index: pkgsrc/security/lynis/patches/patch-lynis
diff -u /dev/null pkgsrc/security/lynis/patches/patch-lynis:1.1
--- /dev/null Mon Jan 15 12:38:37 2018
+++ pkgsrc/security/lynis/patches/patch-lynis Mon Jan 15 12:38:37 2018
@@ -0,0 +1,92 @@
+$NetBSD: patch-lynis,v 1.1 2018/01/15 12:38:37 sborrill Exp $
+
+Remove hardwired paths to allow installation in a separate dir to the
+main script.
+
+--- lynis.orig 2018-01-12 00:00:00.000000000 +0000
++++ lynis 2018-01-15 11:32:35.000000000 +0000
+@@ -72,15 +72,7 @@
+
+ # Test from which directories we can use all functions and tests
+
+- INCLUDEDIR="" # Set default include directory to none
+- tINCLUDE_TARGETS="/usr/local/include/lynis /usr/local/lynis/include /usr/share/lynis/include ./include" # Default paths to check (CWD as last option, in case we run from standalone)
+- for I in ${tINCLUDE_TARGETS}; do
+- if [ "${I}" = "./include" ]; then
+- if [ -d ${WORKDIR}/include ]; then INCLUDEDIR="${WORKDIR}/include"; fi
+- elif [ -d ${I} -a -z "${INCLUDEDIR}" ]; then
+- INCLUDEDIR=${I}
+- fi
+- done
++ INCLUDEDIR="@PREFIX@/lib/lynis/include"
+
+ # Drop out if our include directory can't be found
+ if [ -z "${INCLUDEDIR}" ]; then
+@@ -92,14 +84,7 @@
+
+ # Test for database directory
+
+- DBDIR=""; tDB_TARGETS="/usr/local/share/lynis/db /usr/local/lynis/db /usr/share/lynis/db ./db"
+- for I in ${tDB_TARGETS}; do
+- if [ "${I}" = "./db" ]; then
+- if [ -d ${WORKDIR}/db ]; then DBDIR="${WORKDIR}/db"; fi
+- elif [ -d ${I} -a -z "${DBDIR}" ]; then
+- DBDIR="${I}"
+- fi
+- done
++ DBDIR="@PREFIX@/lib/lynis/db"
+
+ # Import translations. First import English to prefill all texts
+ if [ ! -f ${DBDIR}/languages/en ]; then
+@@ -303,7 +288,7 @@
+ DiscoverProfiles
+
+ # Initialize and check profile file, auditor name, log file and report file
+- if [ -z "${LOGDIR}" ]; then LOGDIR="/var/log"; fi
++ if [ -z "${LOGDIR}" ]; then LOGDIR="@VARBASE@/log"; fi
+ if [ -z "${AUDITORNAME}" ]; then AUDITORNAME="[Not Specified]"; fi
+ if [ -z "${LOGFILE}" ]; then LOGFILE="${LOGDIR}/lynis.log"; fi
+ if [ -z "${REPORTFILE}" ]; then REPORTFILE="${LOGDIR}/lynis-report.dat"; fi
+@@ -321,14 +306,14 @@
+
+ if [ ${PRIVILEGED} -eq 0 ]; then
+ PIDFILE="${MYHOMEDIR}/lynis.pid"
+- elif [ -d /var/run ]; then
+- PIDFILE="/var/run/lynis.pid"
++ elif [ -d @VARBASE@/run ]; then
++ PIDFILE="@VARBASE@/run/lynis.pid"
+ else
+ PIDFILE="./lynis.pid"
+ fi
+
+ # Check if there is already a PID file in any of the locations (incorrect termination of previous instance)
+- if [ -f "${MYHOMEDIR}/lynis.pid" -o -f "./lynis.pid" -o -f "/var/run/lynis.pid" ]; then
++ if [ -f "${MYHOMEDIR}/lynis.pid" -o -f "./lynis.pid" -o -f "@VARBASE@/run/lynis.pid" ]; then
+ printf "%s" "
+
+ ${WARNING}Warning${NORMAL}: ${WHITE}PID file exists, probably another Lynis process is running.${NORMAL}
+@@ -354,7 +339,7 @@
+ # Deleting any stale PID files that might exist. Note: Display function does not work yet at this point
+ if [ -f "${MYHOMEDIR}/lynis.pid" ]; then rm -f "${MYHOMEDIR}/lynis.pid"; fi
+ if [ -f "./lynis.pid" ]; then rm -f "./lynis.pid"; fi
+- if [ -f "/var/run/lynis.pid" ]; then rm -f "/var/run/lynis.pid"; fi
++ if [ -f "@VARBASE@/run/lynis.pid" ]; then rm -f "@VARBASE@/run/lynis.pid"; fi
+ fi
+
+ # Ensure symlink attack is not possible, by confirming there is no symlink of the file already
+@@ -577,14 +562,7 @@
+ #
+ # Plugin directory test
+ if [ -z "${PLUGINDIR}" ]; then
+- #LogText "Result: Searching for plugindir"
+- tPLUGIN_TARGETS="/usr/local/lynis/plugins /usr/local/share/lynis/plugins /usr/share/lynis/plugins /etc/lynis/plugins ./plugins"
+- for DIR in ${tPLUGIN_TARGETS}; do
+- if [ -d ${DIR} -a -z "${PLUGINDIR}" ]; then
+- PLUGINDIR=${DIR}
+- Debug "Result: found plugindir ${PLUGINDIR}"
+- fi
+- done
++ PLUGINDIR="@PREFIX@/lib/lynis/plugins"
+ else
+ Debug "Plugin was already set before to ${PLUGINDIR} (most likely via program argument or profile)"
+ fi
Home |
Main Index |
Thread Index |
Old Index