lynis: add 2.5.9

Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and Unix-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.
author: sborrill <sborrill@pkgsrc.org> 2018-01-15 12:38:37 +0000
committer: sborrill <sborrill@pkgsrc.org> 2018-01-15 12:38:37 +0000
commit: 1ff0d56a19a8f083f7f54d777293b59d9d0143b3 (patch)
tree: 74db7ed2906e623f5f84c57c10152f1c53dee876 /security/lynis
parent: 16eed132d2b5cba46f37bcba2071bc920325aa18 (diff)
download: pkgsrc-1ff0d56a19a8f083f7f54d777293b59d9d0143b3.tar.gz
6 files changed, 308 insertions, 0 deletions
diff --git a/security/lynis/DESCR b/security/lynis/DESCR
new file mode 100644
index 00000000000..f716162f402
--- /dev/null
+++ b/security/lynis/DESCR
@@ -0,0 +1,5 @@
+Lynis is an open source security auditing tool. Used by system
+administrators, security professionals, and auditors, to evaluate
+the security defenses of their Linux and Unix-based systems. It
+runs on the host itself, so it performs more extensive security
+scans than vulnerability scanners.
diff --git a/security/lynis/Makefile b/security/lynis/Makefile
new file mode 100644
index 00000000000..7cf88ace4c3
--- /dev/null
+++ b/security/lynis/Makefile
@@ -0,0 +1,70 @@
+# $NetBSD: Makefile,v 1.1 2018/01/15 12:38:37 sborrill Exp $
+#
+
+DISTNAME=	lynis-2.5.9
+CATEGORIES=	security
+MASTER_SITES=	https://cisofy.com/files/
+
+MAINTAINER=	pkgsrc-users@NetBSD.org
+HOMEPAGE=	https://cisofy.com/solutions/
+COMMENT=	Perform security health scans for Linux, macOS, and Unix
+LICENSE=	gnu-gpl-v3
+
+NO_BUILD=	yes
+USE_TOOLS+=	pax
+
+SUBST_CLASSES+=		libdir
+SUBST_STAGE.libdir=	pre-install
+SUBST_MESSAGE.libdir=	Fixing lib path
+SUBST_FILES.libdir=	lynis
+SUBST_SED.libdir=	-e "s,@PREFIX@,${PREFIX},"
+
+SUBST_CLASSES+=		vardir
+SUBST_STAGE.vardir=	pre-install
+SUBST_MESSAGE.vardir=	Fixing var path
+SUBST_FILES.vardir=	lynis
+SUBST_SED.vardir=	-e "s,@VARBASE@,${VARBASE},"
+
+SUBST_CLASSES+=		confdir
+SUBST_STAGE.confdir=	pre-install
+SUBST_MESSAGE.confdir=	Fixing conf path
+SUBST_FILES.confdir=	include/functions
+SUBST_SED.confdir=	-e "s,@CONFDIR@,${PKG_SYSCONFDIR},"
+
+WRKSRC=		${WRKDIR}/lynis
+INSTALLATION_DIRS+=	bin ${PKGMANDIR}/man8
+INSTALLATION_DIRS+=	share/examples/lynis
+INSTALLATION_DIRS+=	lib/lynis/db lib/lynis/extras
+INSTALLATION_DIRS+=	lib/lynis/include lib/lynis/plugins
+
+EGDIR=		${PREFIX}/share/examples/${PKGBASE}
+
+BUILD_DEFS+=	PKG_SYSCONFBASE
+BUILD_DEFS+=	VARBASE
+AUTO_MKDIRS=			yes
+
+PKG_SYSCONFSUBDIR=	lynis
+CONF_FILES+=	share/examples/lynis/default.prf \
+		${PKG_SYSCONFDIR}/default.prf
+CONF_FILES+=	share/examples/lynis/developer.prf \
+		${PKG_SYSCONFDIR}/developer.prf
+
+do-install:
+	${INSTALL_SCRIPT} ${WRKSRC}/lynis			\
+		${DESTDIR}${PREFIX}/bin/lynis
+	${INSTALL_MAN} ${WRKSRC}/lynis.8			\
+		${DESTDIR}${PREFIX}/${PKGMANDIR}/man8/lynis.8
+	${INSTALL_DATA} ${WRKSRC}/default.prf			\
+		${DESTDIR}${EGDIR}/default.prf
+	${INSTALL_DATA} ${WRKSRC}/developer.prf			\
+		${DESTDIR}${EGDIR}/developer.prf
+	cd ${WRKSRC}/db && 					\
+		${PAX} -wr * ${DESTDIR}${PREFIX}/lib/lynis/db
+	cd ${WRKSRC}/extras && 					\
+		${PAX} -wr * ${DESTDIR}${PREFIX}/lib/lynis/extras
+	cd ${WRKSRC}/include && 				\
+		${PAX} -wr * ${DESTDIR}${PREFIX}/lib/lynis/include
+	cd ${WRKSRC}/plugins && 				\
+		${PAX} -wr * ${DESTDIR}${PREFIX}/lib/lynis/plugins
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/lynis/PLIST b/security/lynis/PLIST
new file mode 100644
index 00000000000..be55c7414fa
--- /dev/null
+++ b/security/lynis/PLIST
@@ -0,0 +1,100 @@
+@comment $NetBSD: PLIST,v 1.1 2018/01/15 12:38:37 sborrill Exp $
+bin/lynis
+lib/lynis/db/fileperms.db
+lib/lynis/db/hints.db
+lib/lynis/db/integrity.db
+lib/lynis/db/languages/br
+lib/lynis/db/languages/cn
+lib/lynis/db/languages/de
+lib/lynis/db/languages/en
+lib/lynis/db/languages/en-GB
+lib/lynis/db/languages/en-US
+lib/lynis/db/languages/es
+lib/lynis/db/languages/fi
+lib/lynis/db/languages/fr
+lib/lynis/db/languages/he
+lib/lynis/db/languages/hu
+lib/lynis/db/languages/it
+lib/lynis/db/languages/ja
+lib/lynis/db/languages/nb-NO
+lib/lynis/db/languages/nl
+lib/lynis/db/languages/nl-BE
+lib/lynis/db/languages/nl-NL
+lib/lynis/db/languages/pl
+lib/lynis/db/languages/pt
+lib/lynis/db/languages/ru
+lib/lynis/db/languages/se
+lib/lynis/db/languages/tr
+lib/lynis/db/malware-susp.db
+lib/lynis/db/malware.db
+lib/lynis/db/sbl.db
+lib/lynis/db/tests.db
+lib/lynis/extras/README
+lib/lynis/extras/bash_completion.d/lynis
+lib/lynis/extras/build-lynis.sh
+lib/lynis/extras/check-lynis.sh
+lib/lynis/extras/files.dat
+lib/lynis/extras/lynis.spec
+lib/lynis/extras/openbsd/+CONTENTS
+lib/lynis/extras/systemd/lynis.service
+lib/lynis/extras/systemd/lynis.timer
+lib/lynis/extras/travis-ci/before_script.sh
+lib/lynis/include/binaries
+lib/lynis/include/consts
+lib/lynis/include/data_upload
+lib/lynis/include/functions
+lib/lynis/include/helper_audit_dockerfile
+lib/lynis/include/helper_configure
+lib/lynis/include/helper_show
+lib/lynis/include/helper_system_remote_scan
+lib/lynis/include/helper_update
+lib/lynis/include/osdetection
+lib/lynis/include/parameters
+lib/lynis/include/profiles
+lib/lynis/include/report
+lib/lynis/include/tests_accounting
+lib/lynis/include/tests_authentication
+lib/lynis/include/tests_banners
+lib/lynis/include/tests_boot_services
+lib/lynis/include/tests_containers
+lib/lynis/include/tests_crypto
+lib/lynis/include/tests_custom.template
+lib/lynis/include/tests_databases
+lib/lynis/include/tests_file_integrity
+lib/lynis/include/tests_file_permissions
+lib/lynis/include/tests_filesystems
+lib/lynis/include/tests_firewalls
+lib/lynis/include/tests_hardening
+lib/lynis/include/tests_homedirs
+lib/lynis/include/tests_insecure_services
+lib/lynis/include/tests_kernel
+lib/lynis/include/tests_kernel_hardening
+lib/lynis/include/tests_ldap
+lib/lynis/include/tests_logging
+lib/lynis/include/tests_mac_frameworks
+lib/lynis/include/tests_mail_messaging
+lib/lynis/include/tests_malware
+lib/lynis/include/tests_memory_processes
+lib/lynis/include/tests_nameservices
+lib/lynis/include/tests_networking
+lib/lynis/include/tests_php
+lib/lynis/include/tests_ports_packages
+lib/lynis/include/tests_printers_spools
+lib/lynis/include/tests_scheduling
+lib/lynis/include/tests_shells
+lib/lynis/include/tests_snmp
+lib/lynis/include/tests_squid
+lib/lynis/include/tests_ssh
+lib/lynis/include/tests_storage
+lib/lynis/include/tests_storage_nfs
+lib/lynis/include/tests_system_integrity
+lib/lynis/include/tests_time
+lib/lynis/include/tests_tooling
+lib/lynis/include/tests_virtualization
+lib/lynis/include/tests_webservers
+lib/lynis/include/tool_tips
+lib/lynis/plugins/README
+lib/lynis/plugins/custom_plugin.template
+man/man8/lynis.8
+share/examples/lynis/default.prf
+share/examples/lynis/developer.prf
diff --git a/security/lynis/distinfo b/security/lynis/distinfo
new file mode 100644
index 00000000000..bfd57bb6264
--- /dev/null
+++ b/security/lynis/distinfo
@@ -0,0 +1,8 @@
+$NetBSD: distinfo,v 1.1 2018/01/15 12:38:37 sborrill Exp $
+
+SHA1 (lynis-2.5.9.tar.gz) = 71733fa3de9894ca140333070de2843018b02d80
+RMD160 (lynis-2.5.9.tar.gz) = 1915a0f6cd7ad598c73d575259f801845dff3a1c
+SHA512 (lynis-2.5.9.tar.gz) = 655942b6546183396a416df6b7a365918aab1a19b55e2b1d34da4a5fe7fe865aee59aae6de2467b8e5393cae9bb80f97c48a85f1e3606951d88ea21cb624c45a
+Size (lynis-2.5.9.tar.gz) = 269067 bytes
+SHA1 (patch-include_functions) = 2d4f9c50ceb320c5d257ab79eda6581a2d634ca0
+SHA1 (patch-lynis) = f35b682d9c30afdd6bc4e35ca684a4bd7209f63d
diff --git a/security/lynis/patches/patch-include_functions b/security/lynis/patches/patch-include_functions
new file mode 100644
index 00000000000..f015cdf1c9e
--- /dev/null
+++ b/security/lynis/patches/patch-include_functions
@@ -0,0 +1,33 @@
+$NetBSD: patch-include_functions,v 1.1 2018/01/15 12:38:37 sborrill Exp $
+
+Set location of default profiles.
+Remove bash comparisons.
+
+--- /usr/obj/pkgsrc/security/lynis/work.builder7/lynis/include/functions.orig	2018-01-12 00:00:00.000000000 +0000
++++ /usr/obj/pkgsrc/security/lynis/work.builder7/lynis/include/functions	2018-01-15 11:38:48.000000000 +0000
+@@ -426,7 +426,7 @@
+             DEFAULT_PROFILE=""
+             PROFILEDIR=""
+             tPROFILE_NAMES="default.prf custom.prf"
+-            tPROFILE_TARGETS="/usr/local/etc/lynis /etc/lynis /usr/local/lynis ."
++            tPROFILE_TARGETS="@CONFDIR@ ."
+             for PNAME in ${tPROFILE_NAMES}; do
+                 for PLOC in ${tPROFILE_TARGETS}; do
+                     # Only use one default.prf
+@@ -3010,14 +3010,14 @@
+ 
+             LogText "${FUNCNAME}: check if ${1} is equal to ${2}"
+ 
+-            if [ "$1" == "$2" ]; then
++            if [ "$1" = "$2" ]; then
+                 LogText "${FUNCNAME}: ${1} is equal to ${2}"
+                 RETVAL=0
+             fi
+ 
+             if ! [ -z ${3+x} ]; then
+                 LogText "${FUNCNAME}: ${1} is equal to ${3}"
+-                if [ "$2" == "$3" ]; then
++                if [ "$2" = "$3" ]; then
+                     LogText "${FUNCNAME}: ${OPTION} is equal to ${3}"
+                     RETVAL=1
+                 fi
diff --git a/security/lynis/patches/patch-lynis b/security/lynis/patches/patch-lynis
new file mode 100644
index 00000000000..53c0df0f57e
--- /dev/null
+++ b/security/lynis/patches/patch-lynis
@@ -0,0 +1,92 @@
+$NetBSD: patch-lynis,v 1.1 2018/01/15 12:38:37 sborrill Exp $
+
+Remove hardwired paths to allow installation in a separate dir to the
+main script.
+
+--- lynis.orig	2018-01-12 00:00:00.000000000 +0000
++++ lynis	2018-01-15 11:32:35.000000000 +0000
+@@ -72,15 +72,7 @@
+ 
+     # Test from which directories we can use all functions and tests
+ 
+-        INCLUDEDIR=""  # Set default include directory to none
+-        tINCLUDE_TARGETS="/usr/local/include/lynis /usr/local/lynis/include /usr/share/lynis/include ./include"  # Default paths to check (CWD as last option, in case we run from standalone)
+-        for I in ${tINCLUDE_TARGETS}; do
+-            if [ "${I}" = "./include" ]; then
+-                if [ -d ${WORKDIR}/include ]; then INCLUDEDIR="${WORKDIR}/include"; fi
+-            elif [ -d ${I} -a -z "${INCLUDEDIR}" ]; then
+-                INCLUDEDIR=${I}
+-            fi
+-        done
++        INCLUDEDIR="@PREFIX@/lib/lynis/include"
+ 
+     # Drop out if our include directory can't be found
+         if [ -z "${INCLUDEDIR}" ]; then
+@@ -92,14 +84,7 @@
+ 
+     # Test for database directory
+ 
+-        DBDIR=""; tDB_TARGETS="/usr/local/share/lynis/db /usr/local/lynis/db /usr/share/lynis/db ./db"
+-        for I in ${tDB_TARGETS}; do
+-            if [ "${I}" = "./db" ]; then
+-                if [ -d ${WORKDIR}/db ]; then DBDIR="${WORKDIR}/db"; fi
+-            elif [ -d ${I} -a -z "${DBDIR}" ]; then
+-                DBDIR="${I}"
+-            fi
+-        done
++        DBDIR="@PREFIX@/lib/lynis/db"
+ 
+     # Import translations. First import English to prefill all texts
+     if [ ! -f ${DBDIR}/languages/en ]; then
+@@ -303,7 +288,7 @@
+     DiscoverProfiles
+ 
+     # Initialize and check profile file, auditor name, log file and report file
+-    if [ -z "${LOGDIR}" ];            then LOGDIR="/var/log"; fi
++    if [ -z "${LOGDIR}" ];            then LOGDIR="@VARBASE@/log"; fi
+     if [ -z "${AUDITORNAME}" ];       then AUDITORNAME="[Not Specified]"; fi
+     if [ -z "${LOGFILE}" ];           then LOGFILE="${LOGDIR}/lynis.log"; fi
+     if [ -z "${REPORTFILE}" ];        then REPORTFILE="${LOGDIR}/lynis-report.dat"; fi
+@@ -321,14 +306,14 @@
+ 
+     if [ ${PRIVILEGED} -eq 0 ]; then
+         PIDFILE="${MYHOMEDIR}/lynis.pid"
+-    elif [ -d /var/run ]; then
+-        PIDFILE="/var/run/lynis.pid"
++    elif [ -d @VARBASE@/run ]; then
++        PIDFILE="@VARBASE@/run/lynis.pid"
+     else
+         PIDFILE="./lynis.pid"
+     fi
+ 
+     # Check if there is already a PID file in any of the locations (incorrect termination of previous instance)
+-    if [ -f "${MYHOMEDIR}/lynis.pid" -o -f "./lynis.pid" -o -f "/var/run/lynis.pid" ]; then
++    if [ -f "${MYHOMEDIR}/lynis.pid" -o -f "./lynis.pid" -o -f "@VARBASE@/run/lynis.pid" ]; then
+         printf "%s" "
+ 
+ ${WARNING}Warning${NORMAL}: ${WHITE}PID file exists, probably another Lynis process is running.${NORMAL}
+@@ -354,7 +339,7 @@
+         # Deleting any stale PID files that might exist. Note: Display function does not work yet at this point
+         if [ -f "${MYHOMEDIR}/lynis.pid" ]; then rm -f "${MYHOMEDIR}/lynis.pid"; fi
+         if [ -f "./lynis.pid" ]; then rm -f "./lynis.pid"; fi
+-        if [ -f "/var/run/lynis.pid" ]; then rm -f "/var/run/lynis.pid"; fi
++        if [ -f "@VARBASE@/run/lynis.pid" ]; then rm -f "@VARBASE@/run/lynis.pid"; fi
+     fi
+ 
+     # Ensure symlink attack is not possible, by confirming there is no symlink of the file already
+@@ -577,14 +562,7 @@
+ #
+     # Plugin directory test
+     if [ -z "${PLUGINDIR}" ]; then
+-        #LogText "Result: Searching for plugindir"
+-        tPLUGIN_TARGETS="/usr/local/lynis/plugins /usr/local/share/lynis/plugins /usr/share/lynis/plugins /etc/lynis/plugins ./plugins"
+-        for DIR in ${tPLUGIN_TARGETS}; do
+-            if [ -d ${DIR} -a -z "${PLUGINDIR}" ]; then
+-                PLUGINDIR=${DIR}
+-                Debug "Result: found plugindir ${PLUGINDIR}"
+-            fi
+-        done
++	PLUGINDIR="@PREFIX@/lib/lynis/plugins"
+     else
+         Debug "Plugin was already set before to ${PLUGINDIR} (most likely via program argument or profile)"
+     fi
author	sborrill <sborrill@pkgsrc.org>	2018-01-15 12:38:37 +0000
committer	sborrill <sborrill@pkgsrc.org>	2018-01-15 12:38:37 +0000
commit	1ff0d56a19a8f083f7f54d777293b59d9d0143b3 (patch)
tree	74db7ed2906e623f5f84c57c10152f1c53dee876 /security/lynis
parent	16eed132d2b5cba46f37bcba2071bc920325aa18 (diff)
download	pkgsrc-1ff0d56a19a8f083f7f54d777293b59d9d0143b3.tar.gz