diff options
author | Armin Kuster <akuster808@gmail.com> | 2014-08-17 19:11:14 -0700 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2014-08-27 21:11:12 -0700 |
commit | f0f670c2fe8cd876eaf2143d7e18ec3eb7d2a641 (patch) | |
tree | 19c694b2d1850daf4991049bd2a1a64bc62cbd92 | |
parent | e6b6816192993b022738d204091348577c8fb45e (diff) | |
download | meta-security-f0f670c2fe8cd876eaf2143d7e18ec3eb7d2a641.tar.gz |
samhain: New ISD package
These are the base files needed by both
client and server recipes.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | recipes-security/samhain/files/samhain-client.default | 3 | ||||
-rw-r--r-- | recipes-security/samhain/files/samhain-client.init | 122 | ||||
-rw-r--r-- | recipes-security/samhain/files/samhain-server-volatiles | 1 | ||||
-rw-r--r-- | recipes-security/samhain/files/samhain-server.default | 3 | ||||
-rw-r--r-- | recipes-security/samhain/files/samhain-server.init | 116 | ||||
-rw-r--r-- | recipes-security/samhain/samhain.inc | 82 |
6 files changed, 327 insertions, 0 deletions
diff --git a/recipes-security/samhain/files/samhain-client.default b/recipes-security/samhain/files/samhain-client.default new file mode 100644 index 0000000..9899577 --- /dev/null +++ b/recipes-security/samhain/files/samhain-client.default | |||
@@ -0,0 +1,3 @@ | |||
1 | # Set this to "yes" to start the server, after you configure it, of | ||
2 | # course. | ||
3 | SAMHAIN_CLIENT_START="no" \ No newline at end of file | ||
diff --git a/recipes-security/samhain/files/samhain-client.init b/recipes-security/samhain/files/samhain-client.init new file mode 100644 index 0000000..730e1c4 --- /dev/null +++ b/recipes-security/samhain/files/samhain-client.init | |||
@@ -0,0 +1,122 @@ | |||
1 | #!/bin/bash | ||
2 | # chkconfig: 2345 99 10 | ||
3 | # description: File Integrity Checking Daemon | ||
4 | # | ||
5 | # processname: samhain | ||
6 | # config : /etc/samhainrc | ||
7 | # logfile : /var/log/samhain_log | ||
8 | # database: /var/lib/samhain/samhain_file | ||
9 | # | ||
10 | |||
11 | NAME=samhain | ||
12 | DAEMON=/usr/sbin/samhain | ||
13 | RETVAL=0 | ||
14 | PIDFILE=/var/run/samhain.pid | ||
15 | |||
16 | . /etc/default/rcS | ||
17 | |||
18 | . /etc/default/samhain-client | ||
19 | |||
20 | if [ "x$SAMHAIN_CLIENT_START" != "xyes" ]; then | ||
21 | echo "${0}: client disabled in /etc/default/samhain-client" | ||
22 | exit 0 | ||
23 | fi | ||
24 | |||
25 | if [ -x $DAEMON ]; then | ||
26 | : | ||
27 | else | ||
28 | echo "${0}: executable ${DAEMON} not found" | ||
29 | exit 1 | ||
30 | fi | ||
31 | |||
32 | if [ ! -e /var/lib/samhain/samhain_file ]; then | ||
33 | echo "${0}: /var/lib/samhain/samhain_file does not exist. You must" | ||
34 | echo " run 'samhain -t init' before samhian-client can start." | ||
35 | exit 1 | ||
36 | fi | ||
37 | |||
38 | samhain_done() | ||
39 | { | ||
40 | if [ $RETVAL -eq 0 ]; then | ||
41 | echo "." | ||
42 | else | ||
43 | echo " failed." | ||
44 | fi | ||
45 | } | ||
46 | |||
47 | log_stat_msg () { | ||
48 | case "$1" in | ||
49 | 0) | ||
50 | echo "Service $NAME: Running"; | ||
51 | ;; | ||
52 | 1) | ||
53 | echo "Service $NAME: Stopped and /var/run pid file exists"; | ||
54 | ;; | ||
55 | 3) | ||
56 | echo "Service $NAME: Stopped"; | ||
57 | ;; | ||
58 | *) | ||
59 | echo "Service $NAME: Status unknown"; | ||
60 | ;; | ||
61 | esac | ||
62 | } | ||
63 | |||
64 | case "$1" in | ||
65 | start) | ||
66 | # | ||
67 | # Remove a stale PID file, if found | ||
68 | # | ||
69 | if test -f ${PIDFILE}; then | ||
70 | /bin/rm -f ${PIDFILE} | ||
71 | fi | ||
72 | # | ||
73 | echo -n "Starting ${NAME}" | ||
74 | /sbin/start-stop-daemon --start --quiet --exec $DAEMON | ||
75 | RETVAL=$? | ||
76 | samhain_done | ||
77 | ;; | ||
78 | |||
79 | stop) | ||
80 | echo -n "Stopping $NAME" | ||
81 | ( /sbin/start-stop-daemon --stop --quiet --exec $DAEMON ) | ||
82 | RETVAL=$? | ||
83 | |||
84 | # | ||
85 | # Remove a stale PID file, if found | ||
86 | # | ||
87 | if test -f ${PIDFILE}; then | ||
88 | /bin/rm -f ${PIDFILE} | ||
89 | fi | ||
90 | if test -S /var/run/${NAME}.sock; then | ||
91 | /bin/rm -f /var/run/${NAME}.sock | ||
92 | fi | ||
93 | samhain_done | ||
94 | ;; | ||
95 | |||
96 | restart) | ||
97 | $0 stop | ||
98 | sleep 3 | ||
99 | $0 start | ||
100 | RETVAL=$? | ||
101 | ;; | ||
102 | |||
103 | reload|force-reload) | ||
104 | echo -n "Reloading $NAME configuration files" | ||
105 | /sbin/start-stop-daemon --stop --signal 1 --quiet --exec $DAEMON | ||
106 | RETVAL=$? | ||
107 | samhain_done | ||
108 | ;; | ||
109 | |||
110 | status) | ||
111 | $DAEMON status | ||
112 | RETVAL=$? | ||
113 | log_stat_msg ${RETVAL} | ||
114 | ;; | ||
115 | |||
116 | *) | ||
117 | echo "$0 usage: {start|stop|status|restart|reload}" | ||
118 | exit 1 | ||
119 | ;; | ||
120 | esac | ||
121 | |||
122 | exit $RETVAL | ||
diff --git a/recipes-security/samhain/files/samhain-server-volatiles b/recipes-security/samhain/files/samhain-server-volatiles new file mode 100644 index 0000000..6b80709 --- /dev/null +++ b/recipes-security/samhain/files/samhain-server-volatiles | |||
@@ -0,0 +1 @@ | |||
d daemon daemon 0775 /var/log/yule none | |||
diff --git a/recipes-security/samhain/files/samhain-server.default b/recipes-security/samhain/files/samhain-server.default new file mode 100644 index 0000000..bc3d67c --- /dev/null +++ b/recipes-security/samhain/files/samhain-server.default | |||
@@ -0,0 +1,3 @@ | |||
1 | # Set this to "yes" to start the server, after you configure it, of | ||
2 | # course. | ||
3 | SAMHAIN_SERVER_START="no" \ No newline at end of file | ||
diff --git a/recipes-security/samhain/files/samhain-server.init b/recipes-security/samhain/files/samhain-server.init new file mode 100644 index 0000000..89bd0aa --- /dev/null +++ b/recipes-security/samhain/files/samhain-server.init | |||
@@ -0,0 +1,116 @@ | |||
1 | #!/bin/bash | ||
2 | # chkconfig: 2345 98 11 | ||
3 | # description: File Integrity Checking Daemon | ||
4 | # | ||
5 | # processname: yule | ||
6 | # config : /etc/yulerc | ||
7 | # logfile : /var/log/yule/yule_log | ||
8 | # database: /var/lib/yule/yule_file | ||
9 | # | ||
10 | |||
11 | NAME=yule | ||
12 | DAEMON=/usr/sbin/yule | ||
13 | RETVAL=0 | ||
14 | PIDFILE=/var/run/yule.pid | ||
15 | |||
16 | . /etc/default/rcS | ||
17 | |||
18 | . /etc/default/samhain-server | ||
19 | |||
20 | if [ "x$SAMHAIN_SERVER_START" != "xyes" ]; then | ||
21 | echo "${0}: server disabled in /etc/default/samhain-server" | ||
22 | exit 0 | ||
23 | fi | ||
24 | |||
25 | if [ -x $DAEMON ]; then | ||
26 | : | ||
27 | else | ||
28 | echo "${0}: executable ${DAEMON} not found" | ||
29 | exit 1 | ||
30 | fi | ||
31 | |||
32 | samhain_done() | ||
33 | { | ||
34 | if [ $RETVAL -eq 0 ]; then | ||
35 | echo "." | ||
36 | else | ||
37 | echo " failed." | ||
38 | fi | ||
39 | } | ||
40 | |||
41 | log_stat_msg () { | ||
42 | case "$1" in | ||
43 | 0) | ||
44 | echo "Service $NAME: Running"; | ||
45 | ;; | ||
46 | 1) | ||
47 | echo "Service $NAME: Stopped and /var/run pid file exists"; | ||
48 | ;; | ||
49 | 3) | ||
50 | echo "Service $NAME: Stopped"; | ||
51 | ;; | ||
52 | *) | ||
53 | echo "Service $NAME: Status unknown"; | ||
54 | ;; | ||
55 | esac | ||
56 | } | ||
57 | |||
58 | case "$1" in | ||
59 | start) | ||
60 | # | ||
61 | # Remove a stale PID file, if found | ||
62 | # | ||
63 | if test -f ${PIDFILE}; then | ||
64 | /bin/rm -f ${PIDFILE} | ||
65 | fi | ||
66 | # | ||
67 | echo -n "Starting ${NAME}" | ||
68 | /sbin/start-stop-daemon --start --quiet --exec $DAEMON | ||
69 | RETVAL=$? | ||
70 | samhain_done | ||
71 | ;; | ||
72 | |||
73 | stop) | ||
74 | echo -n "Stopping $NAME" | ||
75 | ( /sbin/start-stop-daemon --stop --quiet --exec $DAEMON ) | ||
76 | RETVAL=$? | ||
77 | |||
78 | # | ||
79 | # Remove a stale PID file, if found | ||
80 | # | ||
81 | if test -f ${PIDFILE}; then | ||
82 | /bin/rm -f ${PIDFILE} | ||
83 | fi | ||
84 | if test -S /var/run/${NAME}.sock; then | ||
85 | /bin/rm -f /var/run/${NAME}.sock | ||
86 | fi | ||
87 | samhain_done | ||
88 | ;; | ||
89 | |||
90 | restart) | ||
91 | $0 stop | ||
92 | sleep 3 | ||
93 | $0 start | ||
94 | RETVAL=$? | ||
95 | ;; | ||
96 | |||
97 | reload|force-reload) | ||
98 | echo -n "Reloading $NAME configuration files" | ||
99 | /sbin/start-stop-daemon --stop --signal 1 --quiet --exec $DAEMON | ||
100 | RETVAL=$? | ||
101 | samhain_done | ||
102 | ;; | ||
103 | |||
104 | status) | ||
105 | $DAEMON status | ||
106 | RETVAL=$? | ||
107 | log_stat_msg ${RETVAL} | ||
108 | ;; | ||
109 | |||
110 | *) | ||
111 | echo "$0 usage: {start|stop|status|restart|reload}" | ||
112 | exit 1 | ||
113 | ;; | ||
114 | esac | ||
115 | |||
116 | exit $RETVAL | ||
diff --git a/recipes-security/samhain/samhain.inc b/recipes-security/samhain/samhain.inc new file mode 100644 index 0000000..d6f9f82 --- /dev/null +++ b/recipes-security/samhain/samhain.inc | |||
@@ -0,0 +1,82 @@ | |||
1 | DESCRIPTION = "Provides file integrity checking and log file monitoring/analysis" | ||
2 | HOMEPAGE = "http://www.la-samhna.de/samhain/" | ||
3 | LICENSE = "GPLv2" | ||
4 | LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b" | ||
5 | |||
6 | |||
7 | SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \ | ||
8 | file://${INITSCRIPT_NAME}.init \ | ||
9 | file://${INITSCRIPT_NAME}.default \ | ||
10 | " | ||
11 | |||
12 | SRC_URI[md5sum] = "f7fff913d016241eec6829bd5f740513" | ||
13 | SRC_URI[sha256sum] = "844e8e22c0e259b4c12cd0ccacdb3d5569a2a1746b0aa1aa285febb266cbcf31" | ||
14 | |||
15 | S = "${WORKDIR}/samhain-${PV}" | ||
16 | |||
17 | inherit autotools-brokensep update-rc.d pkgconfig | ||
18 | |||
19 | SAMHAIN_PORT ??= "49777" | ||
20 | SAMHAIN_SERVER ??= "NULL" | ||
21 | |||
22 | INITSCRIPT_NAME = "samhain-${SAMHAIN_MODE}" | ||
23 | INITSCRIPT_PARAMS ?= "defaults" | ||
24 | |||
25 | |||
26 | PACKAGECONFIG ??= "" | ||
27 | |||
28 | # We have to unpack the tar ball twice to get to the source. | ||
29 | # Also as soon as OE gets the tar ball it unpacks and | ||
30 | # proceeds to apply the patches. But what you still have after | ||
31 | # the first unpack is another tar ball. So we do a do_unpack_extra() | ||
32 | # and tell OE to do the second unpack before do_patch(), otherwise | ||
33 | # do_patch() will fail when trying to apply the patches. | ||
34 | do_unpack_extra () { | ||
35 | cd ${WORKDIR} | ||
36 | tar -xzvf samhain-${PV}.tar.gz | ||
37 | } | ||
38 | addtask unpack_extra after do_unpack before do_patch | ||
39 | |||
40 | # If we use oe_runconf in do_configure() it will by default | ||
41 | # use the prefix --oldincludedir=/usr/include which is not | ||
42 | # recognized by Samhain's configure script and would invariably | ||
43 | # throw back the error "unrecognized option: --oldincludedir=/usr/include" | ||
44 | do_configure () { | ||
45 | cd ${S} | ||
46 | ./configure \ | ||
47 | --build=${BUILD_SYS} \ | ||
48 | --host=${HOST_SYS} \ | ||
49 | --target=${TARGET_SYS} \ | ||
50 | --prefix=${prefix} \ | ||
51 | --exec_prefix=${exec_prefix} \ | ||
52 | --bindir=${bindir} \ | ||
53 | --sbindir=${sbindir} \ | ||
54 | --libexecdir=${libexecdir} \ | ||
55 | --datadir=${datadir} \ | ||
56 | --sysconfdir=${sysconfdir} \ | ||
57 | --sharedstatedir=${sharedstatedir} \ | ||
58 | --localstatedir=${localstatedir} \ | ||
59 | --libdir=${libdir} \ | ||
60 | --includedir=${includedir} \ | ||
61 | --infodir=${infodir} \ | ||
62 | --mandir=${mandir} \ | ||
63 | ${EXTRA_OECONF} | ||
64 | } | ||
65 | |||
66 | # Install the init script, it's default file, and the extraneous | ||
67 | # documentation. | ||
68 | do_install_append () { | ||
69 | cd ${S} | ||
70 | oe_runmake install DESTDIR='${D}' INSTALL=install-boot | ||
71 | install -d ${D}${sysconfdir}/init.d | ||
72 | install -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.init \ | ||
73 | ${D}${sysconfdir}/init.d/${INITSCRIPT_NAME} | ||
74 | |||
75 | install -d ${D}${sysconfdir}/default | ||
76 | install -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.default \ | ||
77 | ${D}${sysconfdir}/default/${INITSCRIPT_NAME} | ||
78 | |||
79 | install -d ${D}${docdir}/${PN} | ||
80 | cp -r docs/* ${D}${docdir}/${PN} | ||
81 | cp -r scripts ${D}${docdir}/${PN} | ||
82 | } | ||