From 4fe1629b29501f10770c3209625d9ec26e0f175e Mon Sep 17 00:00:00 2001 From: Eric Hameleers Date: Mon, 18 Nov 2013 22:40:45 +0000 Subject: Initial revision --- lynis/build/lynis.SlackBuild | 214 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 214 insertions(+) create mode 100755 lynis/build/lynis.SlackBuild (limited to 'lynis') diff --git a/lynis/build/lynis.SlackBuild b/lynis/build/lynis.SlackBuild new file mode 100755 index 00000000..f777a057 --- /dev/null +++ b/lynis/build/lynis.SlackBuild @@ -0,0 +1,214 @@ +#!/bin/sh +# $Id$ +# Copyright 2013 Eric Hameleers, Eindhoven, NL +# All rights reserved. +# +# Permission to use, copy, modify, and distribute this software for +# any purpose with or without fee is hereby granted, provided that +# the above copyright notice and this permission notice appear in all +# copies. +# +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR +# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# ----------------------------------------------------------------------------- +# +# Slackware SlackBuild script +# =========================== +# By: Eric Hameleers +# For: lynis +# Descr: Security and system auditing tool for Linux +# URL: http://www.rootkit.nl/ +# Build needs: +# Needs: +# Changelog: +# 1.3.4-1: 18/Nov/2013 by Eric Hameleers +# * Initial build. +# +# Run 'sh lynis.SlackBuild' to build a Slackware package. +# The package (.tgz) and .txt file as well as build logs are created in /tmp . +# Install it using 'installpkg'. +# +# ----------------------------------------------------------------------------- + +PRGNAM=lynis +VERSION=${VERSION:-1.3.4} +BUILD=${BUILD:-1} +ARCH=noarch +NUMJOBS=${NUMJOBS:" -j4 "} +TAG=${TAG:-alien} + +DOCS="CHANGELOG FAQ INSTALL LICENSE README" + +# Where do we look for sources? +SRCDIR=$(cd $(dirname $0); pwd) + +# Place to build (TMP) package (PKG) and output (OUTPUT) the program: +TMP=${TMP:-/tmp/build} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +LYNIS_URL="http://www.rootkit.nl/download/lynis.html" +LYNIS_INCL="/usr/share/lynis/include" +LYNIS_PLUGINS="/usr/share/lynis/plugins" +LYNIS_DB="/usr/share/lynis/db" + +SOURCE[0]="$SRCDIR/${PRGNAM}-${VERSION}.tar.gz" +SRCURL[0]="http://cisofy.com/files/${PRGNAM}-${VERSION}.tar.gz" + +## +## --- with a little luck, you won't have to edit below this point --- ## +## + +# Exit the script on errors: +set -e +trap 'echo "$0 FAILED at line ${LINENO}" | tee $OUTPUT/error-${PRGNAM}.log' ERR +# Catch unitialized variables: +set -u +P1=${1:-1} + +# Save old umask and set to 0022: +_UMASK_=$(umask) +umask 0022 + +# Create working directories: +mkdir -p $OUTPUT # place for the package to be saved +mkdir -p $TMP/tmp-$PRGNAM # location to build the source +mkdir -p $PKG # place for the package to be built +rm -rf $PKG/* # always erase old package's contents +rm -rf $TMP/tmp-$PRGNAM/* # remove the remnants of previous build +rm -rf $OUTPUT/{configure,make,install,error,makepkg,patch}-$PRGNAM.log + # remove old log files + +# Source file availability: +for (( i = 0; i < ${#SOURCE[*]}; i++ )) ; do + if ! [ -f ${SOURCE[$i]} ]; then + echo "Source '$(basename ${SOURCE[$i]})' not available yet..." + # Check if the $SRCDIR is writable at all - if not, download to $OUTPUT + [ -w "$SRCDIR" ] || SOURCE[$i]="$OUTPUT/$(basename ${SOURCE[$i]})" + if [ -f ${SOURCE[$i]} ]; then echo "Ah, found it!"; continue; fi + if ! [ "x${SRCURL[$i]}" == "x" ]; then + echo "Will download file to $(dirname $SOURCE[$i])" + wget -nv -T 20 -O "${SOURCE[$i]}" "${SRCURL[$i]}" || true + if [ $? -ne 0 -o ! -s "${SOURCE[$i]}" ]; then + echo "Fail to download '$(basename ${SOURCE[$i]})'. Aborting the build." + mv -f "${SOURCE[$i]}" "${SOURCE[$i]}".FAIL + exit 1 + fi + else + echo "File '$(basename ${SOURCE[$i]})' not available. Aborting the build." + exit 1 + fi + fi +done + +if [ "$P1" == "--download" ]; then + echo "Download complete." + exit 0 +fi + +# --- PACKAGE BUILDING --- + +echo "++" +echo "|| $PRGNAM-$VERSION" +echo "++" + +cd $TMP/tmp-$PRGNAM +echo "Retrieving sha1sum for the source archive:" +REMOTE_SHA1SUM=$(lynx -dump ${LYNIS_URL} |grep '(SHA1)' |grep -w ${VERSION} |tr -d ' '|cut -d: -f2) +LOCAL_SHA1SUM=$(sha1sum ${SOURCE[0]} | cut -f1 -d' ') +if [ "$REMOTE_SHA1SUM" != "$LOCAL_SHA1SUM" ]; then + echo "" + echo "The sha1sum of the source tarball ($LOCAL_SHA1SUM) does not match the sha1sum as recorded on the home page ($REMOTE_SHA1SUM)." + echo "** Continue at your own risk **" + echo "" + sleep 10 +else + echo "Archive sha1sum is valid." +fi + +echo "Extracting the source archive(s) for $PRGNAM..." +tar -xf ${SOURCE[0]} +cd ${PRGNAM}-${VERSION} +chown -R root:root . +chmod -R u+w,go+r-w,a+X-s . + +# Install profile +install -d ${PKG}/etc/lynis +install default.prf ${PKG}/etc/lynis +# Install binary +install -d ${PKG}/usr/bin +install lynis ${PKG}/usr/bin +# Install man page +install -d ${PKG}/usr/man/man8 +install lynis.8 ${PKG}/usr/man/man8 +# Install functions/includes +install -d ${PKG}/${LYNIS_INCL} +install include/* ${PKG}/${LYNIS_INCL} +# Install plugins +install -d ${PKG}/${LYNIS_PLUGINS} +install plugins/* ${PKG}/${LYNIS_PLUGINS} +# Install database files +install -d ${PKG}/${LYNIS_DB} +install db/* ${PKG}/${LYNIS_DB} + +# Do not clobber the default profile: +mv ${PKG}/etc/lynis/default.prf{,.new} + +# Add this to the doinst.sh: +mkdir -p $PKG/install +cat <> $PKG/install/doinst.sh +# Handle the incoming configuration files: +config() { + for infile in \$1; do + NEW="\$infile" + OLD="\`dirname \$NEW\`/\`basename \$NEW .new\`" + # If there's no config file by that name, mv it over: + if [ ! -r \$OLD ]; then + mv \$NEW \$OLD + elif [ "\`cat \$OLD | md5sum\`" = "\`cat \$NEW | md5sum\`" ]; then + # toss the redundant copy + rm \$NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... + done +} + +config etc/lynis/default.prf.new + +EOINS + +# Add documentation: +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a $DOCS $PKG/usr/doc/$PRGNAM-$VERSION || true +cat $SRCDIR/$(basename $0) > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild +chown -R root:root $PKG/usr/doc/$PRGNAM-$VERSION +find $PKG/usr/doc -type f -exec chmod 644 {} \; + +# Compress the man page: +find $PKG/usr/man -type f -name "*.?" -exec gzip -9f {} \; + +# Add a package description: +mkdir -p $PKG/install +cat $SRCDIR/slack-desc > $PKG/install/slack-desc + +# Build the package: +cd $PKG +makepkg --linkadd y --chown n $OUTPUT/${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.${PKGTYPE:-tgz} 2>&1 | tee $OUTPUT/makepkg-${PRGNAM}.log +cd $OUTPUT +md5sum ${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.${PKGTYPE:-tgz} > ${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.${PKGTYPE:-tgz}.md5 +cd - +cat $PKG/install/slack-desc | grep "^${PRGNAM}" > $OUTPUT/${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.txt + +# Restore the original umask: +umask ${_UMASK_} + -- cgit v1.2.3-65-gdbad