[yocto] [meta-security][PATCH 1/3] samhain: New ISD package
Armin Kuster
akuster808 at gmail.com
Sun Aug 17 19:42:17 PDT 2014
These are the base files needed by both
client and server recipes.
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
.../samhain/files/samhain-client.default | 3 +
recipes-security/samhain/files/samhain-client.init | 122 +++++++++++++++++++++
.../samhain/files/samhain-server-volatiles | 1 +
.../samhain/files/samhain-server.default | 3 +
recipes-security/samhain/files/samhain-server.init | 116 ++++++++++++++++++++
recipes-security/samhain/samhain.inc | 82 ++++++++++++++
6 files changed, 327 insertions(+)
create mode 100644 recipes-security/samhain/files/samhain-client.default
create mode 100644 recipes-security/samhain/files/samhain-client.init
create mode 100644 recipes-security/samhain/files/samhain-server-volatiles
create mode 100644 recipes-security/samhain/files/samhain-server.default
create mode 100644 recipes-security/samhain/files/samhain-server.init
create mode 100644 recipes-security/samhain/samhain.inc
diff --git a/recipes-security/samhain/files/samhain-client.default b/recipes-security/samhain/files/samhain-client.default
new file mode 100644
index 0000000..9899577
--- /dev/null
+++ b/recipes-security/samhain/files/samhain-client.default
@@ -0,0 +1,3 @@
+# Set this to "yes" to start the server, after you configure it, of
+# course.
+SAMHAIN_CLIENT_START="no"
\ No newline at end of file
diff --git a/recipes-security/samhain/files/samhain-client.init b/recipes-security/samhain/files/samhain-client.init
new file mode 100644
index 0000000..730e1c4
--- /dev/null
+++ b/recipes-security/samhain/files/samhain-client.init
@@ -0,0 +1,122 @@
+#!/bin/bash
+# chkconfig: 2345 99 10
+# description: File Integrity Checking Daemon
+#
+# processname: samhain
+# config : /etc/samhainrc
+# logfile : /var/log/samhain_log
+# database: /var/lib/samhain/samhain_file
+#
+
+NAME=samhain
+DAEMON=/usr/sbin/samhain
+RETVAL=0
+PIDFILE=/var/run/samhain.pid
+
+. /etc/default/rcS
+
+. /etc/default/samhain-client
+
+if [ "x$SAMHAIN_CLIENT_START" != "xyes" ]; then
+ echo "${0}: client disabled in /etc/default/samhain-client"
+ exit 0
+fi
+
+if [ -x $DAEMON ]; then
+ :
+else
+ echo "${0}: executable ${DAEMON} not found"
+ exit 1
+fi
+
+if [ ! -e /var/lib/samhain/samhain_file ]; then
+ echo "${0}: /var/lib/samhain/samhain_file does not exist. You must"
+ echo " run 'samhain -t init' before samhian-client can start."
+ exit 1
+fi
+
+samhain_done()
+{
+ if [ $RETVAL -eq 0 ]; then
+ echo "."
+ else
+ echo " failed."
+ fi
+}
+
+log_stat_msg () {
+case "$1" in
+ 0)
+ echo "Service $NAME: Running";
+ ;;
+ 1)
+ echo "Service $NAME: Stopped and /var/run pid file exists";
+ ;;
+ 3)
+ echo "Service $NAME: Stopped";
+ ;;
+ *)
+ echo "Service $NAME: Status unknown";
+ ;;
+esac
+}
+
+case "$1" in
+ start)
+ #
+ # Remove a stale PID file, if found
+ #
+ if test -f ${PIDFILE}; then
+ /bin/rm -f ${PIDFILE}
+ fi
+ #
+ echo -n "Starting ${NAME}"
+ /sbin/start-stop-daemon --start --quiet --exec $DAEMON
+ RETVAL=$?
+ samhain_done
+ ;;
+
+ stop)
+ echo -n "Stopping $NAME"
+ ( /sbin/start-stop-daemon --stop --quiet --exec $DAEMON )
+ RETVAL=$?
+
+ #
+ # Remove a stale PID file, if found
+ #
+ if test -f ${PIDFILE}; then
+ /bin/rm -f ${PIDFILE}
+ fi
+ if test -S /var/run/${NAME}.sock; then
+ /bin/rm -f /var/run/${NAME}.sock
+ fi
+ samhain_done
+ ;;
+
+ restart)
+ $0 stop
+ sleep 3
+ $0 start
+ RETVAL=$?
+ ;;
+
+ reload|force-reload)
+ echo -n "Reloading $NAME configuration files"
+ /sbin/start-stop-daemon --stop --signal 1 --quiet --exec $DAEMON
+ RETVAL=$?
+ samhain_done
+ ;;
+
+ status)
+ $DAEMON status
+ RETVAL=$?
+ log_stat_msg ${RETVAL}
+ ;;
+
+ *)
+ echo "$0 usage: {start|stop|status|restart|reload}"
+ exit 1
+ ;;
+esac
+
+exit $RETVAL
diff --git a/recipes-security/samhain/files/samhain-server-volatiles b/recipes-security/samhain/files/samhain-server-volatiles
new file mode 100644
index 0000000..6b80709
--- /dev/null
+++ b/recipes-security/samhain/files/samhain-server-volatiles
@@ -0,0 +1 @@
+d daemon daemon 0775 /var/log/yule none
diff --git a/recipes-security/samhain/files/samhain-server.default b/recipes-security/samhain/files/samhain-server.default
new file mode 100644
index 0000000..bc3d67c
--- /dev/null
+++ b/recipes-security/samhain/files/samhain-server.default
@@ -0,0 +1,3 @@
+# Set this to "yes" to start the server, after you configure it, of
+# course.
+SAMHAIN_SERVER_START="no"
\ No newline at end of file
diff --git a/recipes-security/samhain/files/samhain-server.init b/recipes-security/samhain/files/samhain-server.init
new file mode 100644
index 0000000..89bd0aa
--- /dev/null
+++ b/recipes-security/samhain/files/samhain-server.init
@@ -0,0 +1,116 @@
+#!/bin/bash
+# chkconfig: 2345 98 11
+# description: File Integrity Checking Daemon
+#
+# processname: yule
+# config : /etc/yulerc
+# logfile : /var/log/yule/yule_log
+# database: /var/lib/yule/yule_file
+#
+
+NAME=yule
+DAEMON=/usr/sbin/yule
+RETVAL=0
+PIDFILE=/var/run/yule.pid
+
+. /etc/default/rcS
+
+. /etc/default/samhain-server
+
+if [ "x$SAMHAIN_SERVER_START" != "xyes" ]; then
+ echo "${0}: server disabled in /etc/default/samhain-server"
+ exit 0
+fi
+
+if [ -x $DAEMON ]; then
+ :
+else
+ echo "${0}: executable ${DAEMON} not found"
+ exit 1
+fi
+
+samhain_done()
+{
+ if [ $RETVAL -eq 0 ]; then
+ echo "."
+ else
+ echo " failed."
+ fi
+}
+
+log_stat_msg () {
+case "$1" in
+ 0)
+ echo "Service $NAME: Running";
+ ;;
+ 1)
+ echo "Service $NAME: Stopped and /var/run pid file exists";
+ ;;
+ 3)
+ echo "Service $NAME: Stopped";
+ ;;
+ *)
+ echo "Service $NAME: Status unknown";
+ ;;
+esac
+}
+
+case "$1" in
+ start)
+ #
+ # Remove a stale PID file, if found
+ #
+ if test -f ${PIDFILE}; then
+ /bin/rm -f ${PIDFILE}
+ fi
+ #
+ echo -n "Starting ${NAME}"
+ /sbin/start-stop-daemon --start --quiet --exec $DAEMON
+ RETVAL=$?
+ samhain_done
+ ;;
+
+ stop)
+ echo -n "Stopping $NAME"
+ ( /sbin/start-stop-daemon --stop --quiet --exec $DAEMON )
+ RETVAL=$?
+
+ #
+ # Remove a stale PID file, if found
+ #
+ if test -f ${PIDFILE}; then
+ /bin/rm -f ${PIDFILE}
+ fi
+ if test -S /var/run/${NAME}.sock; then
+ /bin/rm -f /var/run/${NAME}.sock
+ fi
+ samhain_done
+ ;;
+
+ restart)
+ $0 stop
+ sleep 3
+ $0 start
+ RETVAL=$?
+ ;;
+
+ reload|force-reload)
+ echo -n "Reloading $NAME configuration files"
+ /sbin/start-stop-daemon --stop --signal 1 --quiet --exec $DAEMON
+ RETVAL=$?
+ samhain_done
+ ;;
+
+ status)
+ $DAEMON status
+ RETVAL=$?
+ log_stat_msg ${RETVAL}
+ ;;
+
+ *)
+ echo "$0 usage: {start|stop|status|restart|reload}"
+ exit 1
+ ;;
+esac
+
+exit $RETVAL
diff --git a/recipes-security/samhain/samhain.inc b/recipes-security/samhain/samhain.inc
new file mode 100644
index 0000000..d6f9f82
--- /dev/null
+++ b/recipes-security/samhain/samhain.inc
@@ -0,0 +1,82 @@
+DESCRIPTION = "Provides file integrity checking and log file monitoring/analysis"
+HOMEPAGE = "http://www.la-samhna.de/samhain/"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b"
+
+
+SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
+ file://${INITSCRIPT_NAME}.init \
+ file://${INITSCRIPT_NAME}.default \
+ "
+
+SRC_URI[md5sum] = "f7fff913d016241eec6829bd5f740513"
+SRC_URI[sha256sum] = "844e8e22c0e259b4c12cd0ccacdb3d5569a2a1746b0aa1aa285febb266cbcf31"
+
+S = "${WORKDIR}/samhain-${PV}"
+
+inherit autotools-brokensep update-rc.d pkgconfig
+
+SAMHAIN_PORT ??= "49777"
+SAMHAIN_SERVER ??= "NULL"
+
+INITSCRIPT_NAME = "samhain-${SAMHAIN_MODE}"
+INITSCRIPT_PARAMS ?= "defaults"
+
+
+PACKAGECONFIG ??= ""
+
+# We have to unpack the tar ball twice to get to the source.
+# Also as soon as OE gets the tar ball it unpacks and
+# proceeds to apply the patches. But what you still have after
+# the first unpack is another tar ball. So we do a do_unpack_extra()
+# and tell OE to do the second unpack before do_patch(), otherwise
+# do_patch() will fail when trying to apply the patches.
+do_unpack_extra () {
+ cd ${WORKDIR}
+ tar -xzvf samhain-${PV}.tar.gz
+}
+addtask unpack_extra after do_unpack before do_patch
+
+# If we use oe_runconf in do_configure() it will by default
+# use the prefix --oldincludedir=/usr/include which is not
+# recognized by Samhain's configure script and would invariably
+# throw back the error "unrecognized option: --oldincludedir=/usr/include"
+do_configure () {
+ cd ${S}
+ ./configure \
+ --build=${BUILD_SYS} \
+ --host=${HOST_SYS} \
+ --target=${TARGET_SYS} \
+ --prefix=${prefix} \
+ --exec_prefix=${exec_prefix} \
+ --bindir=${bindir} \
+ --sbindir=${sbindir} \
+ --libexecdir=${libexecdir} \
+ --datadir=${datadir} \
+ --sysconfdir=${sysconfdir} \
+ --sharedstatedir=${sharedstatedir} \
+ --localstatedir=${localstatedir} \
+ --libdir=${libdir} \
+ --includedir=${includedir} \
+ --infodir=${infodir} \
+ --mandir=${mandir} \
+ ${EXTRA_OECONF}
+}
+
+# Install the init script, it's default file, and the extraneous
+# documentation.
+do_install_append () {
+ cd ${S}
+ oe_runmake install DESTDIR='${D}' INSTALL=install-boot
+ install -d ${D}${sysconfdir}/init.d
+ install -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.init \
+ ${D}${sysconfdir}/init.d/${INITSCRIPT_NAME}
+
+ install -d ${D}${sysconfdir}/default
+ install -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.default \
+ ${D}${sysconfdir}/default/${INITSCRIPT_NAME}
+
+ install -d ${D}${docdir}/${PN}
+ cp -r docs/* ${D}${docdir}/${PN}
+ cp -r scripts ${D}${docdir}/${PN}
+}
--
1.9.1
More information about the yocto
mailing list