diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/Bastille/DESCR | 19 | ||||
-rw-r--r-- | security/Bastille/Makefile | 63 | ||||
-rw-r--r-- | security/Bastille/PLIST | 108 | ||||
-rw-r--r-- | security/Bastille/distinfo | 8 | ||||
-rw-r--r-- | security/Bastille/files/NetBSD.bastille.in | 34 | ||||
-rw-r--r-- | security/Bastille/files/NetBSD.system.in | 256 | ||||
-rw-r--r-- | security/Bastille/patches/patch-aa | 30 | ||||
-rw-r--r-- | security/Bastille/patches/patch-ab | 32 | ||||
-rw-r--r-- | security/Bastille/patches/patch-ac | 13 |
9 files changed, 563 insertions, 0 deletions
diff --git a/security/Bastille/DESCR b/security/Bastille/DESCR new file mode 100644 index 00000000000..add37f1a31a --- /dev/null +++ b/security/Bastille/DESCR @@ -0,0 +1,19 @@ +Bastille is a system hardening / lockdown program which enhances the +security of a Unix host. It configures daemons, system settings and +firewalls to be more secure. It can shut off unneeded services like rcp +and rlogin, and helps create "chroot jails" that help limit the +vulnerability of common Internet services like Web services and DNS. + +This tool currently hardens Red Hat (Fedora Core, Enterprise and +Legacy/Classic), SuSE, Debian, Gentoo, Mandrake Linux, HP-UX, Mac OS X +and Turbo Linux. + +If run in the preferred interactive mode, it can teach you a good deal +about security while personalizing your system security state. + +Bastille can also assess and report on the state of a system, which may +serve as an aid to security administrators, auditors and system +administrators who wish to investigate the state of their system's +hardening without making changes to such. This assessment functionality +has only been tested on Red Hat Linux (Fedora, Legacy, Enterprise) and +SUSE systems. diff --git a/security/Bastille/Makefile b/security/Bastille/Makefile new file mode 100644 index 00000000000..9bd648f79ce --- /dev/null +++ b/security/Bastille/Makefile @@ -0,0 +1,63 @@ +# $NetBSD: Makefile,v 1.1.1.1 2007/06/06 22:37:59 rillig Exp $ +# + +DISTNAME= Bastille-3.0.9 +CATEGORIES= security +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=bastille-linux/} +EXTRACT_SUFX= .tar.bz2 + +MAINTAINER= rillig@NetBSD.org +HOMEPAGE= http://bastille-linux.sourceforge.net/ +COMMENT= System hardening tool focusing on educating the user + +WRKSRC= ${WRKDIR}/Bastille +CONFIGURE_ENV+= GCONF_SCHEMA_FILE_DIR=${PREFIX:Q}/share/gconf/schemas/ +MAKE_ENV+= GCONF_SCHEMA_FILE_DIR=${PREFIX:Q}/share/gconf/schemas/ +USE_PKGLOCALEDIR= yes +USE_LANGUAGES= # none +USE_TOOLS+= bash:run perl:run +NO_BUILD= yes + +BUILD_DEPENDS+= checkperms>=1.4:../../sysutils/checkperms +DEPENDS+= p5-Tk-[0-9]*:../../x11/p5-Tk + +SUBST_CLASSES+= b +SUBST_STAGE.b= pre-configure +SUBST_FILES.b= Install.sh +SUBST_SED.b= -e 's,umask 077,umask 022,' +SUBST_SED.b+= -e 's,\$$RPM_BUILD_ROOT/usr/,${PREFIX}/,g' +SUBST_SED.b+= -e 's,\$$RPM_BUILD_ROOT/var/,${VARBASE}/,g' + +SUBST_CLASSES+= b2 +SUBST_STAGE.b2= pre-configure +SUBST_FILES.b2= bin/bastille Bastille/API.pm +SUBST_SED.b2= -e 's,@PKG_SYSCONFDIR@,${PKG_SYSCONFDIR},g' +SUBST_SED.b2+= -e 's,@PREFIX@,${PREFIX},g' +SUBST_SED.b2+= -e 's,@VARBASE@,${VARBASE},g' + +SUBST_CLASSES+= b3 +SUBST_STAGE.b3= pre-configure +SUBST_FILES.b3= ${REPLACE_PERL} +SUBST_SED.b3= -e 's,^use lib.*,use lib "${PREFIX}/lib";,' + +REPLACE_PERL+= AutomatedBastille BastilleBackEnd BastilleChooser +REPLACE_PERL+= InteractiveBastille RevertBastille *.pm +REPLACE_BASH+= bin/bastille + +BUILD_DEFS+= VARBASE + +OSMAP_FILES= NetBSD.system.in NetBSD.bastille.in +OSMAP_SUBSTVARS= PKG_SYSCONFDIR PREFIX VARBASE + +post-extract: + cd ${WRKSRC} && find . -print | checkperms -ffc + cd ${FILESDIR} && cp ${OSMAP_FILES} ${WRKSRC}/OSMap/. + +post-configure: + set -e; cd ${WRKSRC}/OSMap; for i in ${OSMAP_FILES:.in=}; do sed ${OSMAP_SUBSTVARS:@v@-e 's,\@${v}\@,${${v}},g' @} < "$$i.in" > "$$i"; done + +do-install: + cd ${WRKSRC} && sh ./Install.sh + +.include "../../devel/GConf2/schemas.mk" +.include "../../mk/bsd.pkg.mk" diff --git a/security/Bastille/PLIST b/security/Bastille/PLIST new file mode 100644 index 00000000000..d971d52aed2 --- /dev/null +++ b/security/Bastille/PLIST @@ -0,0 +1,108 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2007/06/06 22:37:59 rillig Exp $ +lib/Bastille/API.pm +lib/Bastille/AccountSecurity.pm +lib/Bastille/Apache.pm +lib/Bastille/BootSecurity.pm +lib/Bastille/ConfigureMiscPAM.pm +lib/Bastille/DNS.pm +lib/Bastille/DisableUserTools.pm +lib/Bastille/FTP.pm +lib/Bastille/FilePermissions.pm +lib/Bastille/Firewall.pm +lib/Bastille/HP_API.pm +lib/Bastille/HP_UX.pm +lib/Bastille/IOLoader.pm +lib/Bastille/IPFilter.pm +lib/Bastille/LogAPI.pm +lib/Bastille/Logging.pm +lib/Bastille/MiscellaneousDaemons.pm +lib/Bastille/OSX_API.pm +lib/Bastille/PSAD.pm +lib/Bastille/PatchDownload.pm +lib/Bastille/Patches.pm +lib/Bastille/Printing.pm +lib/Bastille/RemoteAccess.pm +lib/Bastille/SecureInetd.pm +lib/Bastille/Sendmail.pm +lib/Bastille/TMPDIR.pm +lib/Bastille/TestAPI.pm +lib/Bastille/test_AccountSecurity.pm +lib/Bastille/test_Apache.pm +lib/Bastille/test_BootSecurity.pm +lib/Bastille/test_DNS.pm +lib/Bastille/test_DisableUserTools.pm +lib/Bastille/test_FTP.pm +lib/Bastille/test_FilePermissions.pm +lib/Bastille/test_HP_UX.pm +lib/Bastille/test_Logging.pm +lib/Bastille/test_MiscellaneousDaemons.pm +lib/Bastille/test_Printing.pm +lib/Bastille/test_SecureInetd.pm +lib/Bastille/test_Sendmail.pm +lib/perl5/site_perl/Bastille_Curses.pm +lib/perl5/site_perl/Bastille_Tk.pm +lib/perl5/site_perl/Curses/Widgets.pm +sbin/AutomatedBastille +sbin/BastilleBackEnd +sbin/InteractiveBastille +sbin/RevertBastille +sbin/UndoBastille +sbin/bastille +share/Bastille/Credits +share/Bastille/FKL/configs/fkl_config_redhat.cfg +share/Bastille/Modules.txt +share/Bastille/OSMap/HP-UX.bastille +share/Bastille/OSMap/HP-UX.service +share/Bastille/OSMap/HP-UX.system +share/Bastille/OSMap/LINUX.bastille +share/Bastille/OSMap/LINUX.system +share/Bastille/OSMap/NetBSD.bastille +share/Bastille/OSMap/NetBSD.system +share/Bastille/OSMap/OSX.bastille +share/Bastille/OSMap/OSX.system +share/Bastille/Questions/AccountSecurity.txt +share/Bastille/Questions/Apache.txt +share/Bastille/Questions/BootSecurity.txt +share/Bastille/Questions/ConfigureMiscPAM.txt +share/Bastille/Questions/DNS.txt +share/Bastille/Questions/DisableUserTools.txt +share/Bastille/Questions/FTP.txt +share/Bastille/Questions/FilePermissions.txt +share/Bastille/Questions/Firewall.txt +share/Bastille/Questions/HP_UX.txt +share/Bastille/Questions/IPFilter.txt +share/Bastille/Questions/Logging.txt +share/Bastille/Questions/MiscellaneousDaemons.txt +share/Bastille/Questions/PSAD.txt +share/Bastille/Questions/Patches.txt +share/Bastille/Questions/Printing.txt +share/Bastille/Questions/SecureInetd.txt +share/Bastille/Questions/Sendmail.txt +share/Bastille/Questions/TMPDIR.txt +share/Bastille/Weights.txt +share/Bastille/bastille-firewall +share/Bastille/bastille-firewall-early.sh +share/Bastille/bastille-firewall-pre-audit.sh +share/Bastille/bastille-firewall-reset +share/Bastille/bastille-firewall-schedule +share/Bastille/bastille-firewall.cfg +share/Bastille/bastille-ipchains +share/Bastille/bastille-netfilter +share/Bastille/bastille-tmpdir-defense.sh +share/Bastille/bastille-tmpdir.csh +share/Bastille/bastille-tmpdir.sh +share/Bastille/bastille.jpg +share/Bastille/complete.xbm +share/Bastille/hosts.allow +share/Bastille/ifup-local +share/Bastille/incomplete.xbm +share/Bastille/wz_tooltip.js +@exec ${MKDIR} %D/var/lock/subsys/bastille +@dirrm var/lock/subsys/bastille +@dirrm share/Bastille/Questions +@dirrm share/Bastille/OSMap +@dirrm share/Bastille/FKL/configs +@dirrm share/Bastille/FKL +@dirrm share/Bastille +@dirrm lib/perl5/site_perl/Curses +@dirrm lib/Bastille diff --git a/security/Bastille/distinfo b/security/Bastille/distinfo new file mode 100644 index 00000000000..03e1120dac2 --- /dev/null +++ b/security/Bastille/distinfo @@ -0,0 +1,8 @@ +$NetBSD: distinfo,v 1.1.1.1 2007/06/06 22:37:59 rillig Exp $ + +SHA1 (Bastille-3.0.9.tar.bz2) = 389f13d9c6c7b14b91b30bda7285238c74758e0d +RMD160 (Bastille-3.0.9.tar.bz2) = 853bec2e007d3084cb4df9d509a316523c4dc467 +Size (Bastille-3.0.9.tar.bz2) = 319045 bytes +SHA1 (patch-aa) = 4f7ab0f1e90b102ec612dfabffb46a91a2368752 +SHA1 (patch-ab) = cd3c4d995b3e5a05c33304ff11f52fa3c34ff463 +SHA1 (patch-ac) = f7fd8063e390e69de83b85366ecb657d97b80434 diff --git a/security/Bastille/files/NetBSD.bastille.in b/security/Bastille/files/NetBSD.bastille.in new file mode 100644 index 00000000000..0e42dc576d7 --- /dev/null +++ b/security/Bastille/files/NetBSD.bastille.in @@ -0,0 +1,34 @@ +bdir,QuestionsDir,'@PREFIX@/share/Bastille/Questions' +bdir,backup,'@VARBASE@/log/Bastillerevert/backup' +bdir,config,'@PKG_SYSCONFDIR@/Bastille' +bdir,home,'/root/Bastille' +bdir,log,'@VARBASE@/log/Bastille' +bdir,oldconfig,'@VARBASE@/log/Bastilleoldconfig' +bdir,revert,'@VARBASE@/log/Bastillerevert' +bdir,share,'@PREFIX@/share/Bastille' + + +bfile,BastilleBackEnd,'@PREFIX@/sbin/BastilleBackEnd' +bfile,Questions,'@PREFIX@/share/Bastille/Questions.txt' +bfile,QuestionsWeights,'@PREFIX@/share/Bastille/Weights.txt' +bfile,QuestionsModules,'@PREFIX@/share/Bastille/Modules.txt' +bfile,TODO,'@VARBASE@/log/Bastille/TODO' +bfile,TOREVERT,'@VARBASE@/log/Bastillerevert/TOREVERT.txt' +bfile,action-log,'@VARBASE@/log/Bastille/action-log' +bfile,complete.xbm,'@PREFIX@/share/Bastille/complete.xbm' +bfile,config,'@PKG_SYSCONFDIR@/Bastille/config' +bfile,created-dirs,'@VARBASE@/log/Bastillerevert/revert-created-dirs' +bfile,created-files,'@VARBASE@/log/Bastillerevert/revert-created-files' +bfile,created-symlinks,'@VARBASE@/log/Bastillerevert/revert-created-symlinks' +bfile,credits,'@PREFIX@/share/Bastille/Credits' +bfile,debug-log,'@VARBASE@/log/Bastille/debug-log' +bfile,error-log,'@VARBASE@/log/Bastille/error-log' +bfile,executed-commands,'@VARBASE@/log/Bastillerevert/revert-executed-commands' +bfile,incomplete.xbm,'@PREFIX@/share/Bastille/incomplete.xbm' +bfile,last.config,'@VARBASE@/log/Bastille/last.config' +bfile,lockfile,'@VARBASE@/lock/subsys/bastille-lock' +bfile,nodisclaimer,'@PREFIX@/share/Bastille/.nodisclaimer' +bfile,removed-symlinks,'@VARBASE@/log/Bastillerevert/revert-removed-symlinks' +bfile,revert-actions,'@VARBASE@/log/Bastillerevert/revert-actions' +bfile,revert-directory-perms.sh,'@VARBASE@/log/Bastillerevert/revert-directory-perms.sh' +bfile,sum.csv,'@VARBASE@/log/Bastillerevert/sum.csv' diff --git a/security/Bastille/files/NetBSD.system.in b/security/Bastille/files/NetBSD.system.in new file mode 100644 index 00000000000..e8613d162bd --- /dev/null +++ b/security/Bastille/files/NetBSD.system.in @@ -0,0 +1,256 @@ +bin,XFree86,'/usr/X11R6/bin/XFree86' +bin,Xwrapper,'/usr/X11R6/bin/Xwrapper' + +bin,accton,'/usr/sbin/accton' +bin,accton,'/sbin/accton',RH6.2,MN9.2,MN10.0,MN10.1,MN2006.0 +bin,dpkg,'/usr/bin/dpkg',DB +bin,apt-get,'/usr/sbin/apt-get',DB +bin,at,'/usr/bin/at' +bin,bash,'/bin/bash' +bin,cardctl,'/sbin/cardctl' +bin,chattr,'/usr/bin/chattr' +bin,chgrp,'/bin/chgrp' +bin,chkconfig,'/sbin/chkconfig' +bin,chmod,'/bin/chmod' +bin,chown,'/bin/chown' +bin,cksum,'/usr/bin/cksum' +bin,cp,'/bin/cp' +bin,crontab,'/usr/bin/crontab' +bin,cupsd,'/usr/sbin/cupsd' +bin,diff,'/usr/bin/diff' +bin,dos,'/usr/bin/dos' +bin,dump,'/sbin/dump' +bin,echo,'/bin/echo' +bin,grep,'/bin/grep' +bin,grep,'/usr/bin/grep',SE +bin,groupadd,'/usr/sbin/groupadd' +bin,inndstart,'/usr/bin/inndstart' +bin,killall,'/usr/bin/killall' +bin,lilo,'/sbin/lilo' +bin,ln,'/bin/ln' +bin,logger,'/usr/bin/logger' +bin,lpd,'/usr/sbin/lpd' +bin,lpd,'/usr/lib/cups/daemon/cups-lpd',MN9.2,MN10.0,MN10.1,MN2006.0 +bin,lppasswd,'/usr/bin/lppasswd' +bin,lpq,'/usr/bin/lpq' +bin,lpr,'/usr/bin/lpr' +bin,lprm,'/usr/bin/lprm' +bin,lpstat,'/usr/bin/lpstat' +bin,md5sum,'/usr/bin/md5sum' +bin,mknod,'/bin/mknod' +bin,more,'/usr/bin/more' +bin,mount,'/bin/mount' +bin,mv,'/bin/mv' +bin,named-xfer,'/usr/sbin/named-xfer' +bin,ping,'/bin/ping' +bin,ping6,'/usr/sbin/ping6',RH7.0,RH7.1,RH7.2,RH7.3,RH8.0,RH9,RHEL2 +bin,ping6,'/bin/ping6',DB,RHEL3,RHFC1,RHFC2,RHFC3,RHFC4,RHFC5,SE9.1,SE9.2,SE9.3,SE10.0,SESLES9 +bin,ping6,'/usr/bin/ping6',MN9.2,MN10.0,MN10.1,MN2006.0 +bin,ps,'/bin/ps' +bin,rcp,'/usr/bin/rcp' +bin,rdist,'/usr/bin/rdist' +bin,restore,'/sbin/restore' +bin,rexec,'/usr/bin/rexec' +bin,rexecd,'/usr/sbin/in.rexecd' +bin,rlogin,'/usr/bin/rlogin' +bin,rlogind,'/usr/sbin/in.rlogind' +bin,rm,'/bin/rm' +bin,rmdir,'/bin/rmdir' +bin,rpm,'/bin/rpm' +bin,rsh,'/usr/bin/rsh' +bin,rcp,'/usr/bin/rcp' +bin,rshd,'/usr/sbin/in.rshd' +bin,sendmail,'/usr/sbin/sendmail' +bin,smbmnt,'/usr/bin/smbmnt' +bin,startinnfeed,'/usr/bin/startinnfeed' +bin,sulogin,'/sbin/sulogin' +bin,touch,'/usr/bin/touch' +bin,traceroute,'/usr/sbin/traceroute' + +bin,traceroute6,'/bin/traceroute6' +bin,traceroute6,'/usr/sbin/traceroute6',RH7.0,RH7.1,RH7.2,RH7.3,RH8.0,RH9,RHEL2,MN9.2,MN10.0,MN10.1,MN2006.0 +bin,traceroute6,'/usr/bin/traceroute6',DB + +bin,umount,'/bin/umount' +bin,useradd,'/usr/sbin/useradd' +bin,usernetctl,'/usr/sbin/usernetctl' + + +dir,floppy,'/mnt/floppy' +dir,floppy,'/floppy',DB + +dir,home,'/home' + +dir,initd,'/etc/rc.d/init.d' +dir,initd,'/etc/init.d',DB,SE,SLES + +dir,log,'/var/log' +dir,pamd,'/etc/pam.d' + +dir,rcd,'/etc/rc.d' +dir,rcd,'/etc',DB + +dir,sbin,'/sbin' +dir,xinetd.d,'/etc/xinetd.d' + + +file,accton,'/usr/sbin/accton' +file,accton,'/sbin/accton',RH6.2 + +file,banners_makefile,'/usr/share/doc/tcp_wrappers-7.5/Banners.Makefile' +file,banners_makefile,'/usr/share/doc/tcp_wrappers-7.6/Banners.Makefile',RH7.2,RHEL2,RHEL3 +file,banners_makefile,'/usr/share/doc/packages/tcp_wrappers-7.6/Banners.Makefile',TB7.0 + +file,chkconfig_apmd,'/etc/rc.d/rc3.d/S26apmd' +file,chkconfig_apmd,'/etc/rc3.d/S26apmd',DB +file,chkconfig_apmd,'/etc/rc.config',SE +file,initd_apmd,'/etc/init.d/apmd' + +file,initd_acpid,'/etc/init.d/acpid' + +file,chkconfig_audit,'/etc/rc3.d/S20audit' +file,initd_audit,'/etc/init.d/audit' + +file,chkconfig_dhcpd,'/etc/rc.d/rc3.d/S65dhcpd' +file,chkconfig_dhcpd,'/etc/rc3.d/S65dhcpd',DB +file,chkconfig_dhcpd,'/etc/rc.config',SE +file,initd_dhcpd,'/etc/init.d/dhcpd' + +file,chkconfig_gated,'/etc/rc.d/rc3.d/S32gated' +file,chkconfig_gated,'/etc/rc3.d/S32gated',DB +file,initd_gated,'/etc/init.d/gated' + +file,chkconfig_gpm,'/etc/rc.d/rc3.d/S85gpm' +file,chkconfig_gpm,'/etc/rc3.d/S20gpm',DB +file,chkconfig_gpm,'/etc/rc.config',SE +file,initd_gpm,'/etc/init.d/gpm' + +file,chkconfig_httpd,'/etc/rc.d/rc3.d/S85httpd' +file,chkconfig_httpd,'/etc/rc3.d/S91httpd',DB +file,initd_httpd,'/etc/init.d/httpd' +file,initd_httpd2,'/etc/init.d/httpd2' + +file,chkconfig_innd,'/etc/rc.d/rc3.d/S95innd' +file,chkconfig_innd,'/etc/rc3.d/S95innd',DB +file,initd_innd,'/etc/init.d/innd' + +file,chkconfig_kudzu,'/etc/init.d/kudzu' +file,initd_kudzu,'/etc/init.d/kudzu' + +file,chkconfig_named,'/etc/rc.d/rc3.d/S55named' +file,chkconfig_named,'/etc/rc3.d/S15named',DB +file,initd_named,'/etc/init.d/named' + +file,chkconfig_nfs,'/etc/rc.d/rc3.d/S60nfs' +file,chkconfig_nfs,'/etc/rc3.d/S60nfs',DB +file,chkconfig_nfs,'/etc/rc.config',SE +file,initd_nfs,'/etc/init.d/nfs' + +file,chkconfig_pcmcia,'/etc/rc.d/rc3.d/S45pcmcia' +file,chkconfig_pcmcia,'/etc/rc3.d/S45pcmcia',DB +file,chkconfig_pcmcia,'/etc/rc.config',SE +file,initd_pcmcia,'/etc/init.d/pcmcia' + +file,initd_mDNSResponder,'/etc/init.d/mDNSResponder' +file,initd_avahi-daemon,'/etc/init.d/avahi-daemon' +file,initd_avahi-dnsconfd,'/etc/init.d/avahi-dnsconfd' + +file,initd_bluetooth,'/etc/init.d/bluetooth' + +file,initd_hpoj,'/etc/init.d/hpoj' + +file,initd_isdn,'/etc/init.d/isdn' + +file,chkconfig_routed,'/etc/rc.d/rc3.d/S55gated' +file,chkconfig_routed,'/etc/rc3.d/S55gated',DB +file,initd_routed,'/etc/init.d/routed' + +file,chkconfig_snmpd,'/etc/rc.d/rc3.d/S50snmpd' +file,chkconfig_snmpd,'/etc/rc3.d/S50snmpd',DB +file,initd_snmpd,'/etc/init.d/snmpd' + +file,chkconfig_vsftpd,'/etc/rc.d/rc3.d/S60vsftpd' +file,initd_vsftpd,'/etc/init.d/vsftpd' + +file,chkconfig_ypbind,'/etc/rc.d/rc3.d/S17ypbind' +file,chkconfig_ypbind,'/etc/rc3.d/S17ypbind',DB +file,chkconfig_ypbind,'/etc/rc.config',SE +file,initd_ypbind,'/etc/init.d/ypbind' + +file,cron.allow,'/etc/cron.allow' +file,cron.allow,'/var/spool/cron/allow',SE +file,csh.login,'/etc/csh.login' +file,cupsd,'/usr/sbin/cupsd' +file,ftpaccess,'/etc/ftpaccess' +file,gcc,'/usr/bin/gcc' +file,g++,'/usr/bin/g++' +file,gdm.conf,/etc/X11/gdm/gdm.conf +file,group,'/etc/group' +file,passwd,'/etc/passwd' +file,shadow,'/etc/shadow' + +file,grub.conf,'/etc/grub.conf' +file,grub.conf,'/boot/grub/grub.conf',RH9,RHEL,RHFC +file,grub.conf,'/boot/grub/menu.lst',SE,MN +file,hosts.allow,'/etc/hosts.allow' +file,hosts.deny,'/etc/hosts.deny' + +file,httpd,'/usr/sbin/httpd' +file,httpd,'/usr/sbin/apache',DB + +file,httpd2,'/usr/sbin/httpd2' + +file,httpd.conf,'/etc/httpd/conf/httpd.conf' +file,httpd.conf,'/etc/apache/httpd.conf',DB +file,httpd.conf,'/etc/httpd/httpd.conf',SE7.2 SE7.3 SE8.0 +file,httpd.conf,'/etc/apache2/httpd.conf',SE9.0,SE9.1,SE9.2,SE9.3,SLES +file,httpd.conf,'/etc/httpd/conf/httpd2.conf',MN10.1 +# SuSE breaks httpd.conf into many files after 8. +file,listen.conf,'/etc/apache2/listen.conf',SE9.0,SE9.1,SE9.2,SE9.3,SLES +file,suse-default-server.conf,'/etc/apache2/default-server.conf',SE9.0,SE9.1,SE9.2,SE9.3,SLES + +file,httpd_access.conf,'/etc/httpd/conf/httpd.conf' +file,httpd_access.conf,'/etc/apache/access.conf',DB2 +file,httpd_access.conf,'/etc/apache/httpd.conf',DB3 +file,httpd_access.conf,'/etc/httpd/conf/access.conf',RH6.0,RH6.1 +file,httpd_access.conf,'/etc/httpd/httpd.conf',SE7.2 SE7.3 SE8.0 +file,httpd_access.conf,'/etc/apache2/httpd.conf',SE9.0,SE9.1,SE9.2,SE9.3,SLES +file,httpd_access.conf,'/etc/httpd/conf/commonhttpd.conf',MN10.1 + +file,inetd.conf,'/etc/inetd.conf' +file,inittab,'/etc/inittab' +file,issue,'/etc/issue' + +file,kdmrc,'/usr/share/config/kdmrc' +file,kdmrc,'/etc/kde/kdm/kdmrc',MN10.1 + +file,lilo.conf,'/etc/lilo.conf' +file,limits.conf,'/etc/security/limits.conf' +file,lpd,'/usr/sbin/lpd' +file,lpr,'/usr/bin/lpr' +file,motd,'/etc/motd' +file,mtab,'/etc/mtab' +file,named,'/usr/sbin/named' +file,pam_access.conf,'/etc/security/access.conf' +file,pamd_passwd,'/etc/pam.d/passwd' +file,profile,'/etc/profile' +file,rc.config,'/etc/rc.config' +file,rc.local,'/etc/rc.local' +file,rootprofile,'/root/.bash_profile' +file,rsh,'/usr/bin/rsh' +file,rcp,'/usr/bin/rcp' +file,securetty,'/etc/securetty' +file,sendmail.cf,'/etc/sendmail.cf' +file,sysctl.conf,'/etc/sysctl.conf' +file,syslog.conf,'/etc/syslog.conf' +file,sysconfig_audit,'/etc/sysconfig/audit' +file,sysconfig_named,'/etc/sysconfig/named' +file,sysconfig_sendmail,'/etc/sysconfig/sendmail' +file,tcpd,'/usr/sbin/tcpd' +file,xinetd.conf,'/etc/xinetd.conf' + +file,ypserv,'/etc/rc.d/init.d/ypserv' +file,ypserv,'/etc/init.d/ypserv',DB +file,ypserv,'/etc/rc.config',SE + +file,zprofile,'/etc/zprofile' diff --git a/security/Bastille/patches/patch-aa b/security/Bastille/patches/patch-aa new file mode 100644 index 00000000000..4dbcfe7b063 --- /dev/null +++ b/security/Bastille/patches/patch-aa @@ -0,0 +1,30 @@ +$NetBSD: patch-aa,v 1.1.1.1 2007/06/06 22:37:59 rillig Exp $ + +--- bin/bastille.orig 2005-04-19 23:12:09.000000000 +0200 ++++ bin/bastille 2006-12-03 09:00:32.000000000 +0100 +@@ -66,21 +66,10 @@ EOF + } + + systemFileLocations() { +- +- OS=`uname -s` +- if [ ${OS}x = "HP-UXx" ]; then # find right comparison directories for config files +- config_repository="/etc/opt/sec_mgmt/bastille" +- last_config="/var/opt/sec_mgmt/bastille/last.config" +- scripts_location="/opt/sec_mgmt/bastille/bin" +- else #Linux locations +- config_repository="/etc/Bastille" +- last_config="/var/log/Bastille/last.config" +- scripts_location="/usr/sbin" +- data_location="/usr/share/Bastille" +- fi +- +- +- ++ config_repository="@PKG_SYSCONFDIR@/etc" ++ last_config="@VARBASE@/log/Bastille/last.config" ++ scripts_location="@PREFIX@/sbin" ++ data_location="@PREFIX@/share/Bastille" + } + + diff --git a/security/Bastille/patches/patch-ab b/security/Bastille/patches/patch-ab new file mode 100644 index 00000000000..1ed5acf249e --- /dev/null +++ b/security/Bastille/patches/patch-ab @@ -0,0 +1,32 @@ +$NetBSD: patch-ab,v 1.1.1.1 2007/06/06 22:37:59 rillig Exp $ + +--- Bastille/API.pm.orig 2006-04-03 15:16:05.000000000 +0200 ++++ Bastille/API.pm 2006-12-03 12:08:08.000000000 +0100 +@@ -490,6 +490,8 @@ sub GetDistro() { + } + elsif ( $release =~ /(^HP-UX)\s*B\.(\d+\.\d+)/ ) { + $distro="$1$2"; ++ } elsif ( $release =~ /^(\w+)\s+(\d+)/) { ++ $distro="$1$2"; + } + else { + print STDERR "$err Could not determine operating system version!\n"; +@@ -576,6 +578,10 @@ sub getSupportedOSHash () { + "HP-UX11.31" + ], + ++ "NetBSD" => [ ++ "NetBSD1", "NetBSD2", "NetBSD3", "NetBSD4", ++ ], ++ + "OSX" => [ + 'OSX10.2','OSX10.3','OSX10.4' + ] +@@ -768,6 +774,7 @@ sub getFileAndServiceInfo($$) { + my %oSInfoPath = ( + "LINUX" => "/usr/share/Bastille/OSMap/", + "HP-UX" => "/etc/opt/sec_mgmt/bastille/OSMap/", ++ "NetBSD" => "@PREFIX@/share/Bastille/OSMap/", + "OSX" => "/usr/share/Bastille/OSMap/" + ); + diff --git a/security/Bastille/patches/patch-ac b/security/Bastille/patches/patch-ac new file mode 100644 index 00000000000..0fc78d4215e --- /dev/null +++ b/security/Bastille/patches/patch-ac @@ -0,0 +1,13 @@ +$NetBSD: patch-ac,v 1.1.1.1 2007/06/06 22:37:59 rillig Exp $ + +--- Install.sh.orig 2005-04-18 23:26:39.000000000 +0200 ++++ Install.sh 2006-12-03 12:09:56.000000000 +0100 +@@ -99,6 +99,8 @@ cp OSMap/LINUX.system $RPM_BUILD_ROOT/us + cp OSMap/HP-UX.bastille $RPM_BUILD_ROOT/usr/share/Bastille/OSMap + cp OSMap/HP-UX.system $RPM_BUILD_ROOT/usr/share/Bastille/OSMap + cp OSMap/HP-UX.service $RPM_BUILD_ROOT/usr/share/Bastille/OSMap ++cp OSMap/NetBSD.bastille $RPM_BUILD_ROOT/usr/share/Bastille/OSMap ++cp OSMap/NetBSD.system $RPM_BUILD_ROOT/usr/share/Bastille/OSMap + cp OSMap/OSX.bastille $RPM_BUILD_ROOT/usr/share/Bastille/OSMap + cp OSMap/OSX.system $RPM_BUILD_ROOT/usr/share/Bastille/OSMap + |