[yocto] [meta-cgl][PATCH] samhain: add new recipe

akuster808 akuster808 at gmail.com
Sat Dec 13 10:15:07 PST 2014


The current version in Meta-security is 3.1.3. Please check and send any 
changes to this list with [meta-security] in the subject.


- Armin

On 12/10/2014 12:33 AM, Li xin wrote:
> Samhain is an open source file integrity and intrusion detection
> system for Unix that uses cryptographic checksums of files to
> detect modifications, and allows you to trace: what changes have
> occured in your system, when these changes have occured, and who
> was logged into the system at the respective time.
>
> Signed-off-by: Li Xin <lixin.fnst at cn.fujitsu.com>
> ---
>   .../samhain/0001-Makefile.in-error-fix.patch       | 31 ++++++++++++
>   .../samhain/samhain/config-site.samhain-3.1.3      |  2 +
>   .../recipes-cgl/samhain/samhain_3.1.3.bb           | 58 ++++++++++++++++++++++
>   3 files changed, 91 insertions(+)
>   create mode 100644 meta-cgl-common/recipes-cgl/samhain/samhain/0001-Makefile.in-error-fix.patch
>   create mode 100644 meta-cgl-common/recipes-cgl/samhain/samhain/config-site.samhain-3.1.3
>   create mode 100644 meta-cgl-common/recipes-cgl/samhain/samhain_3.1.3.bb
>
> diff --git a/meta-cgl-common/recipes-cgl/samhain/samhain/0001-Makefile.in-error-fix.patch b/meta-cgl-common/recipes-cgl/samhain/samhain/0001-Makefile.in-error-fix.patch
> new file mode 100644
> index 0000000..cd646f6
> --- /dev/null
> +++ b/meta-cgl-common/recipes-cgl/samhain/samhain/0001-Makefile.in-error-fix.patch
> @@ -0,0 +1,31 @@
> +From a9ce38c56bf7072f292d685a48b912e6e59260a6 Mon Sep 17 00:00:00 2001
> +From: Li xin <lixin.fnst at cn.fujitsu.com>
> +Date: Wed, 10 Dec 2014 14:45:28 +0900
> +Subject: [PATCH] Makefile.in: error fix
> +
> +error:File '/usr/sbin/samhain' from samhain was already stripped,
> +this will prevent future debugging!
> +
> +Upstream-Status: pending
> +
> +Signed-off-by: Li Xin <lixin.fnst at cn.fujitsu.com>
> +---
> + Makefile.in | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/Makefile.in b/Makefile.in
> +index b1904d9..000de49 100644
> +--- a/Makefile.in
> ++++ b/Makefile.in
> +@@ -54,7 +54,7 @@ selectconfig = @selectconfig@
> + top_builddir = .
> +
> + INSTALL = @INSTALL@
> +-INSTALL_PROGRAM = @INSTALL@ -s -m 700
> ++INSTALL_PROGRAM = @INSTALL@ -m 700
> + INSTALL_SHELL = @INSTALL@ -m 700
> + INSTALL_DATA = @INSTALL@ -m 600
> + INSTALL_MAN = @INSTALL@ -m 644
> +--
> +1.8.4.2
> +
> diff --git a/meta-cgl-common/recipes-cgl/samhain/samhain/config-site.samhain-3.1.3 b/meta-cgl-common/recipes-cgl/samhain/samhain/config-site.samhain-3.1.3
> new file mode 100644
> index 0000000..2ce3769
> --- /dev/null
> +++ b/meta-cgl-common/recipes-cgl/samhain/samhain/config-site.samhain-3.1.3
> @@ -0,0 +1,2 @@
> +ssp_cv_lib=no
> +sh_cv_va_copy=yes
> diff --git a/meta-cgl-common/recipes-cgl/samhain/samhain_3.1.3.bb b/meta-cgl-common/recipes-cgl/samhain/samhain_3.1.3.bb
> new file mode 100644
> index 0000000..22c8577
> --- /dev/null
> +++ b/meta-cgl-common/recipes-cgl/samhain/samhain_3.1.3.bb
> @@ -0,0 +1,58 @@
> +SUMMARY = "File Integrity and Intrusion Detection System"
> +DESCRIPTION = "Samhain is an open source file integrity and intrusion detection \
> +system for Unix that uses cryptographic checksums of files to \
> +detect modifications, and allows you to trace: what changes have \
> +occured in your system, when these changes have occured, and who \
> +was logged into the system at the respective time."
> +
> +HOMEPAGE = "http://la-samhna.de/samhain/"
> +SECTION = "Filesystem"
> +
> +SRC_URI = "http://la-samhna.de/samhain/samhain-current.tar.gz;extract=samhain-3.1.3.tar.gz \
> +   file://0001-Makefile.in-error-fix.patch"
> +SRC_URI[md5sum] = "64572a4dbfdc8065d6e9f7ca0eab0a34"
> +SRC_URI[sha256sum] = "c234afaf9ba3c6b7d240858b74423f935185de66e996405b3016ec4a288a7e1e"
> +LICENSE = "GPLv2"
> +LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b"
> +
> +DEPENDS = "libpthread-stubs acl zlib attr"
> +inherit autotools-brokensep pkgconfig
> +
> +do_unpack2() {
> +    cd ${WORKDIR}
> +    tar zxvf ${PN}-${PV}.tar.gz
> +}
> +
> +S = "${WORKDIR}/${BP}"
> +
> +addtask unpack2 after do_unpack before do_patch
> +do_configure() {
> +    export CONFIG_SITE=./config-site.${BP}
> +    ./configure \
> +        --host=${HOST_SYS} \
> +        --build=${BUILD_SYS} \
> +        --prefix=${prefix} \
> +        --sbindir=${sbindir} \
> +        --mandir=${mandir} \
> +        --sysconfdir=${sysconfdir} \
> +        --localstatedir=${localstatedir} \
> +        --with-config-file=/etc/samhain/samhainrc \
> +        --with-state-dir=/var/samhain \
> +        --with-html-file=/var/samhain/samhain.html \
> +        --with-data-file=/var/samhain/samhain.data \
> +        --with-pid-file=/var/samhain/samhain.pid \
> +        --with-log-file=/var/samhain/samhain.log \
> +        --enable-login-watch \
> +        --disable-khide \
> +        --enable-suidcheck \
> +        --with-trusted=0
> +}
> +
> +do_install() {
> +    install -d -m 755 ${D}/var/samhain
> +    install -d  ${D}/${mandir}
> +    oe_runmake DESTDIR=${D} install-program install-man install-data
> +    chmod -R a+r ${D}/${mandir}
> +    install -d ${D}/etc/samhain
> +    install -c -m 644  samhainrc.linux ${D}/etc/samhain/samhainrc
> +}
>



More information about the yocto mailing list