diff options
Diffstat (limited to 'recipes-security/samhain')
17 files changed, 763 insertions, 83 deletions
diff --git a/recipes-security/samhain/files/run-ptest b/recipes-security/samhain/files/run-ptest new file mode 100755 index 0000000..2a4a765 --- /dev/null +++ b/recipes-security/samhain/files/run-ptest | |||
@@ -0,0 +1,3 @@ | |||
1 | #!/bin/sh | ||
2 | current_dir=$(dirname $(readlink -f $0)) | ||
3 | $current_dir/cutest | ||
diff --git a/recipes-security/samhain/files/samhain-configure-add-option-for-ps.patch b/recipes-security/samhain/files/samhain-configure-add-option-for-ps.patch new file mode 100644 index 0000000..8de0735 --- /dev/null +++ b/recipes-security/samhain/files/samhain-configure-add-option-for-ps.patch | |||
@@ -0,0 +1,108 @@ | |||
1 | From 02a143f0068cbc6cea71359169210fbb3606d4bb Mon Sep 17 00:00:00 2001 | ||
2 | From: Jackie Huang <jackie.huang@windriver.com> | ||
3 | Date: Mon, 18 Jan 2016 00:24:57 -0500 | ||
4 | Subject: [PATCH] configure: add option for ps | ||
5 | |||
6 | The configure searches hardcoded host paths for PSPATH | ||
7 | and run ps commands to decide PSARG which will fail | ||
8 | on host without ps: | ||
9 | | configure: error: Cannot find ps in any of /usr/ucb /bin /usr/bin | ||
10 | |||
11 | So add an option so we can specify the ps at configure | ||
12 | to avoid host contamination. | ||
13 | |||
14 | Upstream-Status: Inappropriate [cross compile specific] | ||
15 | |||
16 | Signed-off-by: Jackie Huang <jackie.huang@windriver.com> | ||
17 | --- | ||
18 | aclocal.m4 | 2 +- | ||
19 | configure.ac | 60 ++++++++++-------------------------------------------------- | ||
20 | 2 files changed, 11 insertions(+), 51 deletions(-) | ||
21 | |||
22 | diff --git a/aclocal.m4 b/aclocal.m4 | ||
23 | index a2e59a6..cd20a2f 100644 | ||
24 | --- a/aclocal.m4 | ||
25 | +++ b/aclocal.m4 | ||
26 | @@ -409,7 +409,7 @@ x_includes=NONE | ||
27 | x_libraries=NONE | ||
28 | DESTDIR= | ||
29 | SH_ENABLE_OPTS="selinux posix-acl asm ssp db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc ipv6 shellexpand suid" | ||
30 | -SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file" | ||
31 | +SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file ps-path" | ||
32 | |||
33 | # Installation directory options. | ||
34 | # These are left unexpanded so users can "make install exec_prefix=/foo" | ||
35 | diff --git a/configure.ac b/configure.ac | ||
36 | index 5910b1f..8c3e087 100644 | ||
37 | --- a/configure.ac | ||
38 | +++ b/configure.ac | ||
39 | @@ -730,56 +730,16 @@ then | ||
40 | fi | ||
41 | AC_CHECK_HEADERS(gmp.h) | ||
42 | |||
43 | -AC_MSG_CHECKING([for ps]) | ||
44 | -PS= | ||
45 | -for ff in /usr/ucb /bin /usr/bin; do | ||
46 | - if test -x "$ff/ps"; then | ||
47 | - PS="$ff/ps" | ||
48 | - AC_MSG_RESULT([$PS]) | ||
49 | - break | ||
50 | - fi | ||
51 | -done | ||
52 | -if test x$PS = x | ||
53 | -then | ||
54 | - AC_MSG_RESULT([no]) | ||
55 | - AC_MSG_ERROR([Cannot find ps in any of /usr/ucb /bin /usr/bin]) | ||
56 | -fi | ||
57 | -AC_DEFINE_UNQUOTED([PSPATH], _("$PS"), [Path to ps]) | ||
58 | - | ||
59 | -AC_MSG_CHECKING([how to use ps]) | ||
60 | -$PS ax >/dev/null 2>&1 | ||
61 | -if test $? -eq 0; then | ||
62 | - case "$host_os" in | ||
63 | - *openbsd*) | ||
64 | - one=`$PS akx | wc -l` | ||
65 | - ;; | ||
66 | - *) | ||
67 | - one=`$PS ax | wc -l` | ||
68 | - ;; | ||
69 | - esac | ||
70 | -else | ||
71 | - one=0 | ||
72 | -fi | ||
73 | -$PS -e >/dev/null 2>&1 | ||
74 | -if test $? -eq 0; then | ||
75 | - two=`$PS -e | wc -l` | ||
76 | -else | ||
77 | - two=0 | ||
78 | -fi | ||
79 | -if test $one -ge $two | ||
80 | -then | ||
81 | - case "$host_os" in | ||
82 | - *openbsd*) | ||
83 | - PSARG="akx" | ||
84 | - ;; | ||
85 | - *) | ||
86 | - PSARG="ax" | ||
87 | - ;; | ||
88 | - esac | ||
89 | -else | ||
90 | - PSARG="-e" | ||
91 | -fi | ||
92 | -AC_DEFINE_UNQUOTED([PSARG], _("$PSARG"), [Argument for ps]) | ||
93 | +AC_ARG_WITH(ps-path, | ||
94 | + [ --with-ps-path=PATH set path to ps command ], | ||
95 | + [ | ||
96 | + if test "x${withval}" != xno; then | ||
97 | + pspath="${withval}" | ||
98 | + AC_DEFINE_UNQUOTED([PSPATH], _("${pspath}"), [Path to ps]) | ||
99 | + AC_DEFINE_UNQUOTED([PSARG], _("ax"), [Argument for ps]) | ||
100 | + fi | ||
101 | + ]) | ||
102 | + | ||
103 | AC_MSG_RESULT([$PS $PSARG]) | ||
104 | |||
105 | dnl ***************************************** | ||
106 | -- | ||
107 | 1.9.1 | ||
108 | |||
diff --git a/recipes-security/samhain/files/samhain-cross-compile.patch b/recipes-security/samhain/files/samhain-cross-compile.patch new file mode 100644 index 0000000..7f80a5c --- /dev/null +++ b/recipes-security/samhain/files/samhain-cross-compile.patch | |||
@@ -0,0 +1,51 @@ | |||
1 | From f63908427b2adb1792c59edbe38618e14ef5bc7b Mon Sep 17 00:00:00 2001 | ||
2 | From: Jackie Huang <jackie.huang@windriver.com> | ||
3 | Date: Fri, 15 Jan 2016 00:48:58 -0500 | ||
4 | Subject: [PATCH] Enable obfuscating binaries natively. | ||
5 | |||
6 | Enable obfuscating binaries natively. | ||
7 | |||
8 | The samhain build process involves an obfuscation step that attempts to | ||
9 | defeat decompilation or other binary analysis techniques which might reveal | ||
10 | secret information that should be known only to the system administrator. | ||
11 | The obfuscation step builds several applications which run on the build host | ||
12 | and then generate target code, which is then built into target binaries. | ||
13 | |||
14 | This patch creates a basic infrastructure that supports building the | ||
15 | obfuscation binaries natively then cross-compiling the target code by adding | ||
16 | a special configure option. In the absence of this option the old behaviour | ||
17 | is preserved. | ||
18 | |||
19 | Upstream-Status: Inappropriate [cross compile specific] | ||
20 | |||
21 | Signed-off-by: Aws Ismail <aws.ismail@windriver.com> | ||
22 | Signed-off-by: Jackie Huang <jackie.huang@windriver.com> | ||
23 | --- | ||
24 | Makefile.in | 4 +--- | ||
25 | 1 file changed, 1 insertion(+), 3 deletions(-) | ||
26 | |||
27 | diff --git a/Makefile.in b/Makefile.in | ||
28 | index 684e92b..fb090e2 100644 | ||
29 | --- a/Makefile.in | ||
30 | +++ b/Makefile.in | ||
31 | @@ -54,7 +54,7 @@ selectconfig = @selectconfig@ | ||
32 | top_builddir = . | ||
33 | |||
34 | INSTALL = @INSTALL@ | ||
35 | -INSTALL_PROGRAM = @INSTALL@ -s -m 700 | ||
36 | +INSTALL_PROGRAM = @INSTALL@ -m 700 | ||
37 | INSTALL_SHELL = @INSTALL@ -m 700 | ||
38 | INSTALL_DATA = @INSTALL@ -m 600 | ||
39 | INSTALL_MAN = @INSTALL@ -m 644 | ||
40 | @@ -525,8 +525,6 @@ install-program: $(PROGRAMS) sstrip | ||
41 | echo " $(INSTALL_PROGRAM) $$p $$target"; \ | ||
42 | $(INSTALL_PROGRAM) $$p $$target; \ | ||
43 | chmod 0700 $$target; \ | ||
44 | - echo " ./sstrip $$target"; \ | ||
45 | - ./sstrip $$target; \ | ||
46 | else \ | ||
47 | echo " $(INSTALL_SHELL) $$p $$target"; \ | ||
48 | $(INSTALL_SHELL) $$p $$target; \ | ||
49 | -- | ||
50 | 1.9.1 | ||
51 | |||
diff --git a/recipes-security/samhain/files/samhain-mips64-aarch64-dnmalloc-hash-fix.patch b/recipes-security/samhain/files/samhain-mips64-aarch64-dnmalloc-hash-fix.patch new file mode 100644 index 0000000..0608660 --- /dev/null +++ b/recipes-security/samhain/files/samhain-mips64-aarch64-dnmalloc-hash-fix.patch | |||
@@ -0,0 +1,44 @@ | |||
1 | commit 0f6bdc219e598de08a3f37887efa5dfa50e2b996 | ||
2 | Author: Aws Ismail <aws.ismail@windriver.com> | ||
3 | Date: Fri Jun 22 15:47:08 2012 -0400 | ||
4 | |||
5 | Hash fix for MIPS64 and AARCH64 | ||
6 | |||
7 | Samhain uses the addresses of local variables in generating hash | ||
8 | values. The hashing function is designed only for 32-bit values. | ||
9 | For MIPS64 when a 64-bit address is passed in the resulting hash | ||
10 | exceeds the limits of the underlying mechanism and samhain | ||
11 | ultimately fails. The solution is to simply take the lower | ||
12 | 32-bits of the address and use that in generating hash values. | ||
13 | |||
14 | Signed-off-by: Greg Moffatt <greg.moffatt@windriver.com> | ||
15 | |||
16 | Upstream-Status: Pending | ||
17 | |||
18 | Signed-off-by: Aws Ismail <aws.ismail@windriver.com> | ||
19 | Signed-off-by: Jackie Huang <jackie.huang@windriver.com> | ||
20 | |||
21 | diff --git a/src/dnmalloc.c b/src/dnmalloc.c | ||
22 | index da9a5c5..fc91400 100644 | ||
23 | --- a/src/dnmalloc.c | ||
24 | +++ b/src/dnmalloc.c | ||
25 | @@ -2703,11 +2703,19 @@ static void freecilst_add(chunkinfoptr p) { | ||
26 | } | ||
27 | |||
28 | /* Calculate the hash table entry for a chunk */ | ||
29 | +#if defined(CONFIG_ARCH_MIPS64) || defined(CONFIG_ARCH_AARCH64) | ||
30 | +#ifdef STARTHEAP_IS_ZERO | ||
31 | +#define hash(p) ((((unsigned long) p) & 0x7fffffff) >> 7) | ||
32 | +#else | ||
33 | +#define hash(p) ((((unsigned long) p - (unsigned long) startheap) & 0x7fffffff) >> 7) | ||
34 | +#endif | ||
35 | +#else | ||
36 | #ifdef STARTHEAP_IS_ZERO | ||
37 | #define hash(p) (((unsigned long) p) >> 7) | ||
38 | #else | ||
39 | #define hash(p) (((unsigned long) p - (unsigned long) startheap) >> 7) | ||
40 | #endif | ||
41 | +#endif /* CONFIG_ARCH_MIPS64 */ | ||
42 | |||
43 | static void | ||
44 | hashtable_add (chunkinfoptr ci) | ||
diff --git a/recipes-security/samhain/files/samhain-not-run-ptest-on-host.patch b/recipes-security/samhain/files/samhain-not-run-ptest-on-host.patch new file mode 100644 index 0000000..5284313 --- /dev/null +++ b/recipes-security/samhain/files/samhain-not-run-ptest-on-host.patch | |||
@@ -0,0 +1,24 @@ | |||
1 | not run test on host, since we are doing cross-compile | ||
2 | |||
3 | Upstream-status: Inappropriate [cross compile specific] | ||
4 | |||
5 | Signed-off-by: Roy Li <rongqing.li@windriver.com> | ||
6 | --- | ||
7 | Makefile.in | 1 - | ||
8 | 1 file changed, 1 deletion(-) | ||
9 | |||
10 | diff --git a/Makefile.in b/Makefile.in | ||
11 | index e1b32a8..74bfdc9 100644 | ||
12 | --- a/Makefile.in | ||
13 | +++ b/Makefile.in | ||
14 | @@ -1234,7 +1234,6 @@ intcutest: internal.h $(OBJECTS) $(CUTEST_OBJECTS) sh_tiger_i.o $(srcsrc)/CuTest | ||
15 | rm x_samhain.c; \ | ||
16 | $(LINK) sh_tiger_i.o $(CUTEST_OBJECTS) CuTestMain.o CuTest.o $(OBJECTS) $(LIBS_TRY); \ | ||
17 | test -f ./intcutest && mv ./intcutest ./cutest; \ | ||
18 | - ./cutest | ||
19 | |||
20 | runcutest: | ||
21 | gdb ./cutest | ||
22 | -- | ||
23 | 1.7.10.4 | ||
24 | |||
diff --git a/recipes-security/samhain/files/samhain-pid-path.patch b/recipes-security/samhain/files/samhain-pid-path.patch new file mode 100644 index 0000000..592bd16 --- /dev/null +++ b/recipes-security/samhain/files/samhain-pid-path.patch | |||
@@ -0,0 +1,27 @@ | |||
1 | commit a932b03b65edeb02ccad2fce06bfa68a8f2fbb04 | ||
2 | Author: Aws Ismail <aws.ismail@windriver.com> | ||
3 | Date: Thu Jan 10 16:29:05 2013 -0500 | ||
4 | |||
5 | Set the PID Lock path for samhain.pid | ||
6 | |||
7 | The explicit path for samhain.pid inorder | ||
8 | for samhain to work properly after it initial | ||
9 | database build. | ||
10 | |||
11 | Upstream-Status: Inappropriate [configuration] | ||
12 | |||
13 | Signed-off-by: Aws Ismail <aws.ismail@windriver.com> | ||
14 | |||
15 | diff --git a/samhainrc.linux b/samhainrc.linux | ||
16 | index 10a8176..a7b06e6 100644 | ||
17 | --- a/samhainrc.linux | ||
18 | +++ b/samhainrc.linux | ||
19 | @@ -639,7 +639,7 @@ SetFileCheckTime = 86400 | ||
20 | |||
21 | ## Path to the PID file | ||
22 | # | ||
23 | -# SetLockfilePath = (default: compiled-in) | ||
24 | +SetLockfilePath = /run/samhain.pid | ||
25 | |||
26 | |||
27 | ## The digest/checksum/hash algorithm | ||
diff --git a/recipes-security/samhain/files/samhain-samhainrc-fix-files-dirs-path.patch b/recipes-security/samhain/files/samhain-samhainrc-fix-files-dirs-path.patch new file mode 100644 index 0000000..dad6b15 --- /dev/null +++ b/recipes-security/samhain/files/samhain-samhainrc-fix-files-dirs-path.patch | |||
@@ -0,0 +1,61 @@ | |||
1 | From 00fb527e45da42550156197647e01de9a6b1ad52 Mon Sep 17 00:00:00 2001 | ||
2 | From: Wenzong Fan <wenzong.fan@windriver.com> | ||
3 | Date: Mon, 3 Mar 2014 01:50:01 -0500 | ||
4 | Subject: [PATCH] fix real path for some files/dirs | ||
5 | |||
6 | Upstream-Status: Inappropriate [configuration] | ||
7 | |||
8 | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> | ||
9 | --- | ||
10 | samhainrc.linux | 15 +++++++-------- | ||
11 | 1 file changed, 7 insertions(+), 8 deletions(-) | ||
12 | |||
13 | diff --git a/samhainrc.linux b/samhainrc.linux | ||
14 | index e9727b4..7775d83 100644 | ||
15 | --- a/samhainrc.linux | ||
16 | +++ b/samhainrc.linux | ||
17 | @@ -93,7 +93,6 @@ dir = 99/etc | ||
18 | ## | ||
19 | file = /etc/mtab | ||
20 | file = /etc/fstab | ||
21 | -file = /etc/adjtime | ||
22 | file = /etc/motd | ||
23 | file = /etc/lvm/lvm.conf | ||
24 | |||
25 | @@ -153,11 +152,11 @@ dir = 99/var | ||
26 | |||
27 | [IgnoreAll] | ||
28 | dir = -1/var/cache | ||
29 | -dir = -1/var/lock | ||
30 | -dir = -1/var/mail | ||
31 | -dir = -1/var/run | ||
32 | +dir = -1/run/lock | ||
33 | +dir = -1/var/spool/mail | ||
34 | +dir = -1/run | ||
35 | dir = -1/var/spool | ||
36 | -dir = -1/var/tmp | ||
37 | +dir = -1/var/volatile/tmp | ||
38 | |||
39 | |||
40 | [Attributes] | ||
41 | @@ -167,7 +166,7 @@ dir = -1/var/tmp | ||
42 | file = /var/lib/rpm/__db.00? | ||
43 | |||
44 | file = /var/lib/logrotate.status | ||
45 | -file = /var/lib/random-seed | ||
46 | +file = /var/lib/urandom/random-seed | ||
47 | |||
48 | |||
49 | [GrowingLogFiles] | ||
50 | @@ -176,7 +175,7 @@ file = /var/lib/random-seed | ||
51 | ## are ignored. Logfile rotation will cause a report because of shrinking | ||
52 | ## size and different inode. | ||
53 | ## | ||
54 | -dir = 99/var/log | ||
55 | +dir = 99/var/volatile/log | ||
56 | |||
57 | [Attributes] | ||
58 | # | ||
59 | -- | ||
60 | 1.7.9.5 | ||
61 | |||
diff --git a/recipes-security/samhain/files/samhain-samhainrc.patch b/recipes-security/samhain/files/samhain-samhainrc.patch new file mode 100644 index 0000000..145700a --- /dev/null +++ b/recipes-security/samhain/files/samhain-samhainrc.patch | |||
@@ -0,0 +1,158 @@ | |||
1 | commit 4c6658441eb3ffc4e51ed70f78cbdab046957580 | ||
2 | Author: Aws Ismail <aws.ismail@windriver.com> | ||
3 | Date: Fri Jun 22 16:38:20 2012 -0400 | ||
4 | |||
5 | Make samhainrc OE-friendly. | ||
6 | |||
7 | Patch the samhainrc that will be installed | ||
8 | as part of the 'make install' step to more | ||
9 | accurately reflect what will be found, and | ||
10 | what will be of concern, on a OE install. | ||
11 | |||
12 | Upstream-Status: Inappropriate [configuration] | ||
13 | |||
14 | Signed-off-by: Aws Ismail <aws.ismail@windriver.com> | ||
15 | |||
16 | diff --git a/samhainrc.linux b/samhainrc.linux | ||
17 | index 9bc5ca4..10a8176 100644 | ||
18 | --- a/samhainrc.linux | ||
19 | +++ b/samhainrc.linux | ||
20 | @@ -74,7 +74,6 @@ dir = 0/ | ||
21 | [Attributes] | ||
22 | file = /tmp | ||
23 | file = /dev | ||
24 | -file = /media | ||
25 | file = /proc | ||
26 | file = /sys | ||
27 | |||
28 | @@ -93,19 +92,10 @@ dir = 99/etc | ||
29 | ## check permission and ownership | ||
30 | ## | ||
31 | file = /etc/mtab | ||
32 | +file = /etc/fstab | ||
33 | file = /etc/adjtime | ||
34 | file = /etc/motd | ||
35 | -file = /etc/lvm/.cache | ||
36 | - | ||
37 | -# On Ubuntu, these are in /var/lib rather than /etc | ||
38 | -file = /etc/cups/certs | ||
39 | -file = /etc/cups/certs/0 | ||
40 | - | ||
41 | -# managed by fstab-sync on Fedora Core | ||
42 | -file = /etc/fstab | ||
43 | - | ||
44 | -# modified when booting | ||
45 | -file = /etc/sysconfig/hwconf | ||
46 | +file = /etc/lvm/lvm.conf | ||
47 | |||
48 | # There are files in /etc that might change, thus changing the directory | ||
49 | # timestamps. Put it here as 'file', and in the ReadOnly section as 'dir'. | ||
50 | @@ -147,10 +137,6 @@ dir = 99/dev | ||
51 | ## | ||
52 | dir = -1/dev/pts | ||
53 | |||
54 | -# dir = -1/dev/.udevdb | ||
55 | - | ||
56 | -file = /dev/ppp | ||
57 | - | ||
58 | # | ||
59 | # --------- /usr ----------- | ||
60 | # | ||
61 | @@ -167,50 +153,21 @@ dir = 99/var | ||
62 | |||
63 | [IgnoreAll] | ||
64 | dir = -1/var/cache | ||
65 | -dir = -1/var/backups | ||
66 | -dir = -1/var/games | ||
67 | -dir = -1/var/gdm | ||
68 | dir = -1/var/lock | ||
69 | dir = -1/var/mail | ||
70 | dir = -1/var/run | ||
71 | dir = -1/var/spool | ||
72 | dir = -1/var/tmp | ||
73 | -dir = -1/var/lib/texmf | ||
74 | -dir = -1/var/lib/scrollkeeper | ||
75 | |||
76 | |||
77 | [Attributes] | ||
78 | |||
79 | -dir = /var/lib/nfs | ||
80 | -dir = /var/lib/pcmcia | ||
81 | - | ||
82 | # /var/lib/rpm changes if packets are installed; | ||
83 | # /var/lib/rpm/__db.00[123] even more frequently | ||
84 | file = /var/lib/rpm/__db.00? | ||
85 | |||
86 | -file = /var/lib/acpi-support/vbestate | ||
87 | -file = /var/lib/alsa/asound.state | ||
88 | -file = /var/lib/apt/lists/lock | ||
89 | -file = /var/lib/apt/lists/partial | ||
90 | -file = /var/lib/cups/certs | ||
91 | -file = /var/lib/cups/certs/0 | ||
92 | -file = /var/lib/dpkg/lock | ||
93 | -file = /var/lib/gdm | ||
94 | -file = /var/lib/gdm/.cookie | ||
95 | -file = /var/lib/gdm/.gdmfifo | ||
96 | -file = /var/lib/gdm/:0.Xauth | ||
97 | -file = /var/lib/gdm/:0.Xservers | ||
98 | -file = /var/lib/logrotate/status | ||
99 | -file = /var/lib/mysql | ||
100 | -file = /var/lib/mysql/ib_logfile0 | ||
101 | -file = /var/lib/mysql/ibdata1 | ||
102 | -file = /var/lib/slocate | ||
103 | -file = /var/lib/slocate/slocate.db | ||
104 | -file = /var/lib/slocate/slocate.db.tmp | ||
105 | -file = /var/lib/urandom | ||
106 | -file = /var/lib/urandom/random-seed | ||
107 | +file = /var/lib/logrotate.status | ||
108 | file = /var/lib/random-seed | ||
109 | -file = /var/lib/xkb | ||
110 | |||
111 | |||
112 | [GrowingLogFiles] | ||
113 | @@ -325,7 +282,7 @@ IgnoreMissing = /var/lib/slocate/slocate.db.tmp | ||
114 | |||
115 | ## Console | ||
116 | ## | ||
117 | -# PrintSeverity=info | ||
118 | +PrintSeverity=warn | ||
119 | |||
120 | ## Logfile | ||
121 | ## | ||
122 | @@ -333,7 +290,7 @@ IgnoreMissing = /var/lib/slocate/slocate.db.tmp | ||
123 | |||
124 | ## Syslog | ||
125 | ## | ||
126 | -# SyslogSeverity=none | ||
127 | +SyslogSeverity=info | ||
128 | |||
129 | ## Remote server (yule) | ||
130 | ## | ||
131 | @@ -556,7 +513,8 @@ ChecksumTest=check | ||
132 | ## and I/O limit (kilobytes per second; 0 == off) | ||
133 | ## to reduce load on host. | ||
134 | # | ||
135 | -# SetNiceLevel = 0 | ||
136 | +# By default we configure samhain to be nice with everything else on the system | ||
137 | +SetNiceLevel = 10 | ||
138 | # SetIOLimit = 0 | ||
139 | |||
140 | ## The version string to embed in file signature databases | ||
141 | @@ -565,13 +523,14 @@ ChecksumTest=check | ||
142 | |||
143 | ## Interval between time stamp messages | ||
144 | # | ||
145 | -# SetLoopTime = 60 | ||
146 | -SetLoopTime = 600 | ||
147 | +# Log a timestamp every hour | ||
148 | +SetLoopTime = 3600 | ||
149 | |||
150 | ## Interval between file checks | ||
151 | # | ||
152 | # SetFileCheckTime = 600 | ||
153 | -SetFileCheckTime = 7200 | ||
154 | +# One file system check per day | ||
155 | +SetFileCheckTime = 86400 | ||
156 | |||
157 | ## Alternative: crontab-like schedule | ||
158 | # | ||
diff --git a/recipes-security/samhain/files/samhain-sha256-big-endian.patch b/recipes-security/samhain/files/samhain-sha256-big-endian.patch new file mode 100644 index 0000000..3065c73 --- /dev/null +++ b/recipes-security/samhain/files/samhain-sha256-big-endian.patch | |||
@@ -0,0 +1,22 @@ | |||
1 | samhain: fix sha256 for big-endian machines | ||
2 | |||
3 | After computing the digest, big-endian machines would | ||
4 | memset() the digest to the first byte of state instead | ||
5 | of using memcpy() to transfer it. | ||
6 | |||
7 | Upstream-Status: Pending | ||
8 | |||
9 | Signed-off-by: Joe Slater <jslater@windriver.com> | ||
10 | |||
11 | |||
12 | --- a/src/sh_checksum.c | ||
13 | +++ b/src/sh_checksum.c | ||
14 | @@ -468,7 +468,7 @@ void SHA256_Final(sha2_byte digest[], SH | ||
15 | } | ||
16 | } | ||
17 | #else | ||
18 | - memset(d, context->state, SHA256_DIGEST_LENGTH); | ||
19 | + memcpy(d, context->state, SHA256_DIGEST_LENGTH); | ||
20 | /* bcopy(context->state, d, SHA256_DIGEST_LENGTH); */ | ||
21 | #endif | ||
22 | } | ||
diff --git a/recipes-security/samhain/files/samhain-standalone.default b/recipes-security/samhain/files/samhain-standalone.default new file mode 100644 index 0000000..507a59f --- /dev/null +++ b/recipes-security/samhain/files/samhain-standalone.default | |||
@@ -0,0 +1,3 @@ | |||
1 | # Set this to "yes" to start the server, after you configure it, of | ||
2 | # course. | ||
3 | SAMHAIN_STANDALONE_START="no" | ||
diff --git a/recipes-security/samhain/files/samhain-standalone.init b/recipes-security/samhain/files/samhain-standalone.init new file mode 100644 index 0000000..ac28efd --- /dev/null +++ b/recipes-security/samhain/files/samhain-standalone.init | |||
@@ -0,0 +1,123 @@ | |||
1 | #!/bin/sh | ||
2 | # chkconfig: 2345 99 10 | ||
3 | # description: File Integrity Checking Daemon | ||
4 | # | ||
5 | # processname: samhain | ||
6 | # config : /etc/samhainrc | ||
7 | # logfile : /var/log/samhain_log | ||
8 | # database: /var/lib/samhain/samhain_file | ||
9 | # | ||
10 | |||
11 | NAME=samhain | ||
12 | DAEMON=/usr/sbin/samhain | ||
13 | RETVAL=0 | ||
14 | VERBOSE=yes | ||
15 | PIDFILE=/var/run/samhain.pid | ||
16 | |||
17 | . /etc/default/samhain-standalone | ||
18 | |||
19 | if [ "x$SAMHAIN_STANDALONE_START" != "xyes" ]; then | ||
20 | echo "${0}: samhain disabled in /etc/default/samhain-standalone" | ||
21 | exit 0 | ||
22 | fi | ||
23 | |||
24 | if [ -x $DAEMON ]; then | ||
25 | : | ||
26 | else | ||
27 | echo "${0}: executable ${DAEMON} not found" | ||
28 | exit 1 | ||
29 | fi | ||
30 | |||
31 | if [ ! -e /var/lib/samhain/samhain_file ]; then | ||
32 | echo "${0}: /var/lib/samhain/samhain_file does not exist. You must" | ||
33 | echo " run 'samhain -t init' before samhian can start." | ||
34 | exit 1 | ||
35 | fi | ||
36 | |||
37 | samhain_done() | ||
38 | { | ||
39 | if [ $RETVAL -eq 0 ]; then | ||
40 | echo "." | ||
41 | else | ||
42 | echo " failed." | ||
43 | fi | ||
44 | } | ||
45 | |||
46 | log_stat_msg () { | ||
47 | case "$1" in | ||
48 | 0) | ||
49 | echo "Service $NAME: Running"; | ||
50 | ;; | ||
51 | 1) | ||
52 | echo "Service $NAME: Stopped and /var/run pid file exists"; | ||
53 | ;; | ||
54 | 3) | ||
55 | echo "Service $NAME: Stopped"; | ||
56 | ;; | ||
57 | *) | ||
58 | echo "Service $NAME: Status unknown"; | ||
59 | ;; | ||
60 | esac | ||
61 | } | ||
62 | |||
63 | case "$1" in | ||
64 | start) | ||
65 | # | ||
66 | # Remove a stale PID file, if found | ||
67 | # | ||
68 | if test -f ${PIDFILE}; then | ||
69 | /bin/rm -f ${PIDFILE} | ||
70 | fi | ||
71 | |||
72 | echo -n "Starting ${NAME}" | ||
73 | ( /sbin/start-stop-daemon --start --quiet --exec $DAEMON ) | ||
74 | RETVAL=$? | ||
75 | samhain_done | ||
76 | exit $RETVAL | ||
77 | ;; | ||
78 | stop) | ||
79 | echo -n "Stopping $NAME" | ||
80 | ( /sbin/start-stop-daemon --stop --quiet --exec $DAEMON ) | ||
81 | RETVAL=$? | ||
82 | samhain_done | ||
83 | # | ||
84 | # Remove a stale PID file, if found | ||
85 | # | ||
86 | if test -f ${PIDFILE}; then | ||
87 | /bin/rm -f ${PIDFILE} | ||
88 | fi | ||
89 | if test -S /var/run/${NAME}.sock; then | ||
90 | /bin/rm -f /var/run/${NAME}.sock | ||
91 | fi | ||
92 | ;; | ||
93 | |||
94 | restart) | ||
95 | $0 stop | ||
96 | sleep 3 | ||
97 | $0 start | ||
98 | RETVAL=$? | ||
99 | ;; | ||
100 | |||
101 | reload|force-reload) | ||
102 | echo -n "Reloading $NAME configuration files" | ||
103 | ( /sbin/start-stop-daemon --stop --signal 1 --quiet --exec $DAEMON ) | ||
104 | RETVAL=$? | ||
105 | samhain_done | ||
106 | ;; | ||
107 | |||
108 | status) | ||
109 | if pidof -o %PPID $DAEMON > /dev/null; then | ||
110 | echo "Samhain running" | ||
111 | RETVAL=0 | ||
112 | else | ||
113 | echo "Samhain not running" | ||
114 | RETVAL=1 | ||
115 | fi | ||
116 | ;; | ||
117 | *) | ||
118 | echo "$0 usage: {start|stop|status|restart|reload}" | ||
119 | exit 1 | ||
120 | ;; | ||
121 | esac | ||
122 | |||
123 | exit $RETVAL | ||
diff --git a/recipes-security/samhain/files/samhain.service b/recipes-security/samhain/files/samhain.service new file mode 100644 index 0000000..e6dc3b9 --- /dev/null +++ b/recipes-security/samhain/files/samhain.service | |||
@@ -0,0 +1,12 @@ | |||
1 | [Unit] | ||
2 | Description=Samhain @MODE_NAME@ Daemon | ||
3 | After=syslog.target network.target | ||
4 | |||
5 | [Service] | ||
6 | Type=oneshot | ||
7 | RemainAfterExit=yes | ||
8 | ExecStart=@LIBDIR@/@SAMHAIN_HELPER@ start | ||
9 | ExecStop=@LIBDIR@/@SAMHAIN_HELPER@ stop | ||
10 | |||
11 | [Install] | ||
12 | WantedBy=multi-user.target | ||
diff --git a/recipes-security/samhain/samhain-client_4.2.1.bb b/recipes-security/samhain/samhain-client_4.2.2.bb index 4b04326..812408e 100644 --- a/recipes-security/samhain/samhain-client_4.2.1.bb +++ b/recipes-security/samhain/samhain-client_4.2.2.bb | |||
@@ -1,15 +1,11 @@ | |||
1 | SAMHAIN_MODE="client" | ||
2 | INITSCRIPT_PARAMS = "defaults 15 85" | 1 | INITSCRIPT_PARAMS = "defaults 15 85" |
3 | 2 | ||
4 | require samhain.inc | 3 | require samhain.inc |
5 | 4 | ||
6 | #Let the default Logserver be 127.0.0.1 | 5 | # Let the default Logserver be 127.0.0.1 |
7 | EXTRA_OECONF += " \ | 6 | EXTRA_OECONF += " \ |
8 | --with-logserver=${SAMHAIN_SERVER} \ | 7 | --with-logserver=${SAMHAIN_SERVER} \ |
9 | --with-port=${SAMHAIN_PORT} \ | 8 | --with-port=${SAMHAIN_PORT} \ |
10 | --with-config-file=/etc/samhainrc \ | ||
11 | --with-data-file=/var/samhain/samhain.data \ | ||
12 | --with-pid-file=/var/samhain/samhain.pid \ | ||
13 | " | 9 | " |
14 | 10 | ||
15 | RDEPENDS_${PN} = "acl zlib attr bash" | 11 | RDEPENDS_${PN} = "acl zlib attr bash" |
diff --git a/recipes-security/samhain/samhain-server_4.2.1.bb b/recipes-security/samhain/samhain-server_4.2.1.bb deleted file mode 100644 index 7ef84db..0000000 --- a/recipes-security/samhain/samhain-server_4.2.1.bb +++ /dev/null | |||
@@ -1,54 +0,0 @@ | |||
1 | SAMHAIN_MODE="server" | ||
2 | INITSCRIPT_PARAMS = "defaults 14 86" | ||
3 | |||
4 | require samhain.inc | ||
5 | |||
6 | DEPENDS = "gmp samhain-server-native" | ||
7 | |||
8 | EXTRA_OECONF += "--enable-network=${SAMHAIN_MODE} " | ||
9 | |||
10 | # supports mysql|postgresql|oracle|odbc but postgresql is the only one available | ||
11 | |||
12 | PACKAGECONFIG ??= "postgresql" | ||
13 | PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)}" | ||
14 | PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" | ||
15 | PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)}" | ||
16 | |||
17 | PACKAGECONFIG[postgres] = "--with-database=postgresql --enable-xml-log, "", postgresql" | ||
18 | PACKAGECONFIG[suidcheck] = "--enable-suidcheck","" , " | ||
19 | PACKAGECONFIG[logwatch] = "--enable-login-watch,"" , " | ||
20 | PACKAGECONFIG[mounts] = "--enable-mounts-check","" , " | ||
21 | PACKAGECONFIG[userfiles] = "--enable-userfiles","" , " | ||
22 | PACKAGECONFIG[ipv6] = "--enable-ipv6,"--disable-ipv6"," | ||
23 | PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux" | ||
24 | PACKAGECONFIG[acl] = " --enable-posix-acl , --disable-posix-acl, acl" | ||
25 | |||
26 | SRC_URI += "file://samhain-server-volatiles" | ||
27 | |||
28 | TARGET_CC_ARCH += "${LDFLAGS}" | ||
29 | |||
30 | EXTRA_OECONF += " \ | ||
31 | --with-config-file=REQ_FROM_SERVER/etc/samhainrc \ | ||
32 | --with-data-file=REQ_FROM_SERVER/var/lib/samhain/samhain_file \ | ||
33 | " | ||
34 | |||
35 | do_install_append() { | ||
36 | cd ${S} | ||
37 | install -d ${D}${sysconfdir}/default/volatiles | ||
38 | install -m 0644 ${WORKDIR}/samhain-server-volatiles \ | ||
39 | ${D}${sysconfdir}/default/volatiles/samhain-server | ||
40 | |||
41 | install -m 700 samhain-install.sh init/samhain.startLinux \ | ||
42 | init/samhain.startLSB ${D}/var/lib/samhain | ||
43 | } | ||
44 | |||
45 | PACKAGES = "${PN} ${PN}-doc ${PN}-dbg" | ||
46 | |||
47 | FILES_${PN} += "${sbindir}/*" | ||
48 | |||
49 | FILES_${PN}-dbg += " \ | ||
50 | ${sbindir}/.debug/* \ | ||
51 | " | ||
52 | |||
53 | RDEPENDS_${PN} += "gmp bash perl" | ||
54 | BBCLASSEXTEND = "native" | ||
diff --git a/recipes-security/samhain/samhain-server_4.2.2.bb b/recipes-security/samhain/samhain-server_4.2.2.bb new file mode 100644 index 0000000..67f1ec5 --- /dev/null +++ b/recipes-security/samhain/samhain-server_4.2.2.bb | |||
@@ -0,0 +1,21 @@ | |||
1 | INITSCRIPT_PARAMS = "defaults 14 86" | ||
2 | |||
3 | require samhain.inc | ||
4 | |||
5 | DEPENDS = "gmp" | ||
6 | |||
7 | SRC_URI += "file://samhain-server-volatiles" | ||
8 | |||
9 | TARGET_CC_ARCH += "${LDFLAGS}" | ||
10 | |||
11 | do_install_append() { | ||
12 | install -d ${D}${sysconfdir}/default/volatiles | ||
13 | install -m 0644 ${WORKDIR}/samhain-server-volatiles \ | ||
14 | ${D}${sysconfdir}/default/volatiles/samhain-server | ||
15 | |||
16 | install -m 700 samhain-install.sh init/samhain.startLinux \ | ||
17 | init/samhain.startLSB ${D}/var/lib/samhain | ||
18 | } | ||
19 | |||
20 | RDEPENDS_${PN} += "gmp bash perl" | ||
21 | BBCLASSEXTEND = "native" | ||
diff --git a/recipes-security/samhain/samhain-standalone_4.2.2.bb b/recipes-security/samhain/samhain-standalone_4.2.2.bb new file mode 100644 index 0000000..4fed9e9 --- /dev/null +++ b/recipes-security/samhain/samhain-standalone_4.2.2.bb | |||
@@ -0,0 +1,31 @@ | |||
1 | require samhain.inc | ||
2 | |||
3 | SRC_URI += "file://samhain-not-run-ptest-on-host.patch \ | ||
4 | file://run-ptest \ | ||
5 | " | ||
6 | |||
7 | PROVIDES += "samhain" | ||
8 | |||
9 | SYSTEMD_SERVICE_${PN} = "samhain.service" | ||
10 | |||
11 | inherit ptest | ||
12 | |||
13 | do_compile() { | ||
14 | if [ "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'yes', 'no', d)}" = "yes" ]; then | ||
15 | oe_runmake cutest | ||
16 | rm -f ${S}*.o config_xor.h internal.h | ||
17 | fi | ||
18 | oe_runmake "$@" | ||
19 | } | ||
20 | |||
21 | do_install_append() { | ||
22 | ln -sf ${INITSCRIPT_NAME} ${D}${sysconfdir}/init.d/samhain | ||
23 | } | ||
24 | |||
25 | do_install_ptest() { | ||
26 | mkdir -p ${D}${PTEST_PATH} | ||
27 | install ${S}/cutest ${D}${PTEST_PATH} | ||
28 | } | ||
29 | |||
30 | RPROVIDES_${PN} += "samhain" | ||
31 | RCONFLICTS_${PN} = "samhain-client samhain-server" | ||
diff --git a/recipes-security/samhain/samhain.inc b/recipes-security/samhain/samhain.inc index 007264d..83b2db2 100644 --- a/recipes-security/samhain/samhain.inc +++ b/recipes-security/samhain/samhain.inc | |||
@@ -5,25 +5,60 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b" | |||
5 | 5 | ||
6 | 6 | ||
7 | SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \ | 7 | SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \ |
8 | file://${INITSCRIPT_NAME}.init \ | 8 | file://samhain-cross-compile.patch \ |
9 | file://${INITSCRIPT_NAME}.default \ | 9 | file://samhain-mips64-aarch64-dnmalloc-hash-fix.patch \ |
10 | " | 10 | file://samhain-samhainrc.patch \ |
11 | 11 | file://samhain-samhainrc-fix-files-dirs-path.patch \ | |
12 | SRC_URI[md5sum] = "6de1060d6e79c4893d8d89d5cbd3c1b0" | 12 | file://samhain-pid-path.patch \ |
13 | SRC_URI[sha256sum] = "93beabb19ac68fb5336a3d8f6b5414de05a460ff6982c41a4e3fb2082e769791" | 13 | file://samhain-sha256-big-endian.patch \ |
14 | file://samhain-configure-add-option-for-ps.patch \ | ||
15 | file://${INITSCRIPT_NAME}.init \ | ||
16 | file://${INITSCRIPT_NAME}.default \ | ||
17 | file://samhain.service \ | ||
18 | " | ||
19 | |||
20 | SRC_URI[md5sum] = "f499d5d06bfd1d787073a45bf28dd60f" | ||
21 | SRC_URI[sha256sum] = "0f3e64afb3f00064c9b136d34a72d580cd41248c5941eba0452f364a109003c7" | ||
14 | 22 | ||
15 | S = "${WORKDIR}/samhain-${PV}" | 23 | S = "${WORKDIR}/samhain-${PV}" |
16 | 24 | ||
17 | inherit autotools-brokensep update-rc.d pkgconfig | 25 | inherit autotools-brokensep update-rc.d pkgconfig systemd |
18 | 26 | ||
19 | SAMHAIN_PORT ??= "49777" | 27 | SAMHAIN_PORT ??= "49777" |
20 | SAMHAIN_SERVER ??= "NULL" | 28 | SAMHAIN_SERVER ??= "NULL" |
21 | 29 | ||
22 | INITSCRIPT_NAME = "samhain-${SAMHAIN_MODE}" | 30 | INITSCRIPT_NAME = "${BPN}" |
23 | INITSCRIPT_PARAMS ?= "defaults" | 31 | INITSCRIPT_PARAMS ?= "defaults" |
24 | 32 | ||
25 | 33 | SYSTEMD_PACKAGES = "${PN}" | |
26 | PACKAGECONFIG ??= "" | 34 | SYSTEMD_SERVICE_${PN} = "${INITSCRIPT_NAME}.service" |
35 | SYSTEMD_AUTO_ENABLE = "disable" | ||
36 | |||
37 | # mode mapping: | ||
38 | # BPN MODE_NAME SAMHAIN_MODE | ||
39 | # samhain-standalone standalone no | ||
40 | # samhain-client client client | ||
41 | # samhain-server server server | ||
42 | MODE_NAME = "${@d.getVar('BPN').split('-')[1]}" | ||
43 | SAMHAIN_MODE = "${@oe.utils.ifelse(d.getVar('MODE_NAME') == 'standalone', 'no', '${MODE_NAME}')}" | ||
44 | |||
45 | # supports mysql|postgresql|oracle|odbc but postgresql is the only one available | ||
46 | |||
47 | PACKAGECONFIG ??= "postgresql ps" | ||
48 | PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)}" | ||
49 | PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)}" | ||
50 | PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)}" | ||
51 | |||
52 | PACKAGECONFIG[postgres] = "--with-database=postgresql --enable-xml-log, "", postgresql" | ||
53 | PACKAGECONFIG[suidcheck] = "--enable-suidcheck","" , " | ||
54 | PACKAGECONFIG[logwatch] = "--enable-login-watch,"" , " | ||
55 | PACKAGECONFIG[mounts] = "--enable-mounts-check","" , " | ||
56 | PACKAGECONFIG[userfiles] = "--enable-userfiles","" , " | ||
57 | PACKAGECONFIG[ipv6] = "--enable-ipv6,"--disable-ipv6"," | ||
58 | PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux" | ||
59 | PACKAGECONFIG[acl] = " --enable-posix-acl , --disable-posix-acl, acl" | ||
60 | PACKAGECONFIG[audit] = "ac_cv_header_auparse_h=yes,ac_cv_header_auparse_h=no,audit" | ||
61 | PACKAGECONFIG[ps] = "--with-ps-path=${base_bindir}/ps,,,procps" | ||
27 | 62 | ||
28 | do_unpack_samhain() { | 63 | do_unpack_samhain() { |
29 | cd ${WORKDIR} | 64 | cd ${WORKDIR} |
@@ -72,6 +107,9 @@ do_configure () { | |||
72 | --includedir=${includedir} \ | 107 | --includedir=${includedir} \ |
73 | --infodir=${infodir} \ | 108 | --infodir=${infodir} \ |
74 | --mandir=${mandir} \ | 109 | --mandir=${mandir} \ |
110 | --enable-network=${SAMHAIN_MODE} \ | ||
111 | --with-pid-file=${localstatedir}/run/samhain.pid \ | ||
112 | --with-data-file=${localstatedir}/lib/samhain/samhain_file \ | ||
75 | ${EXTRA_OECONF} | 113 | ${EXTRA_OECONF} |
76 | } | 114 | } |
77 | 115 | ||
@@ -82,24 +120,36 @@ do_compile_prepend_libc-musl () { | |||
82 | # Install the init script, it's default file, and the extraneous | 120 | # Install the init script, it's default file, and the extraneous |
83 | # documentation. | 121 | # documentation. |
84 | do_install_append () { | 122 | do_install_append () { |
85 | cd ${S} | ||
86 | oe_runmake install DESTDIR='${D}' INSTALL=install-boot | 123 | oe_runmake install DESTDIR='${D}' INSTALL=install-boot |
87 | install -d ${D}${sysconfdir}/init.d | 124 | |
88 | install -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.init \ | 125 | install -D -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.init \ |
89 | ${D}${sysconfdir}/init.d/${INITSCRIPT_NAME} | 126 | ${D}${sysconfdir}/init.d/${INITSCRIPT_NAME} |
90 | 127 | ||
91 | install -d ${D}${sysconfdir}/default | 128 | install -D -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.default \ |
92 | install -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.default \ | ||
93 | ${D}${sysconfdir}/default/${INITSCRIPT_NAME} | 129 | ${D}${sysconfdir}/default/${INITSCRIPT_NAME} |
94 | 130 | ||
95 | install -d ${D}${docdir}/${PN} | 131 | if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then |
96 | cp -r docs/* ${D}${docdir}/${PN} | 132 | if [ "${SAMHAIN_MODE}" = "no" ]; then |
97 | cp -r scripts ${D}${docdir}/${PN} | 133 | install -D -m 0644 ${WORKDIR}/samhain.service ${D}/${systemd_system_unitdir}/samhain.service |
98 | install -d -m 755 ${D}/var/samhain | 134 | else |
135 | install -D -m 0644 ${WORKDIR}/samhain.service ${D}/${systemd_system_unitdir}/${BPN}.service | ||
136 | fi | ||
137 | install -D -m 0755 ${WORKDIR}/${BPN}.init ${D}/${libexecdir}/${BPN} | ||
138 | sed -i -e 's,@LIBDIR@,${libexecdir},' \ | ||
139 | -e 's,@SAMHAIN_HELPER@,${BPN},' \ | ||
140 | -e 's,@MODE_NAME@,${MODE_NAME},' \ | ||
141 | ${D}${systemd_system_unitdir}/samhain*.service | ||
142 | fi | ||
143 | |||
144 | install -d ${D}${docdir}/${BPN} | ||
145 | cp -r docs/* ${D}${docdir}/${BPN} | ||
146 | cp -r scripts ${D}${docdir}/${BPN} | ||
147 | install -d -m 755 ${D}${localstatedir}/samhain | ||
148 | |||
149 | # Prevent QA warnings about installed ${localstatedir}/run | ||
150 | if [ -d ${D}${localstatedir}/run ]; then | ||
151 | rmdir ${D}${localstatedir}/run | ||
152 | fi | ||
99 | } | 153 | } |
100 | 154 | ||
101 | FILES_${PN} += "\ | 155 | FILES_${PN} += "${systemd_system_unitdir}" |
102 | /run \ | ||
103 | " | ||
104 | |||
105 | INSANE_SKIP_${PN} = "already-stripped" | ||