summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/Bastille/DESCR19
-rw-r--r--security/Bastille/Makefile63
-rw-r--r--security/Bastille/PLIST108
-rw-r--r--security/Bastille/distinfo8
-rw-r--r--security/Bastille/files/NetBSD.bastille.in34
-rw-r--r--security/Bastille/files/NetBSD.system.in256
-rw-r--r--security/Bastille/patches/patch-aa30
-rw-r--r--security/Bastille/patches/patch-ab32
-rw-r--r--security/Bastille/patches/patch-ac13
9 files changed, 563 insertions, 0 deletions
diff --git a/security/Bastille/DESCR b/security/Bastille/DESCR
new file mode 100644
index 00000000000..add37f1a31a
--- /dev/null
+++ b/security/Bastille/DESCR
@@ -0,0 +1,19 @@
+Bastille is a system hardening / lockdown program which enhances the
+security of a Unix host. It configures daemons, system settings and
+firewalls to be more secure. It can shut off unneeded services like rcp
+and rlogin, and helps create "chroot jails" that help limit the
+vulnerability of common Internet services like Web services and DNS.
+
+This tool currently hardens Red Hat (Fedora Core, Enterprise and
+Legacy/Classic), SuSE, Debian, Gentoo, Mandrake Linux, HP-UX, Mac OS X
+and Turbo Linux.
+
+If run in the preferred interactive mode, it can teach you a good deal
+about security while personalizing your system security state.
+
+Bastille can also assess and report on the state of a system, which may
+serve as an aid to security administrators, auditors and system
+administrators who wish to investigate the state of their system's
+hardening without making changes to such. This assessment functionality
+has only been tested on Red Hat Linux (Fedora, Legacy, Enterprise) and
+SUSE systems.
diff --git a/security/Bastille/Makefile b/security/Bastille/Makefile
new file mode 100644
index 00000000000..9bd648f79ce
--- /dev/null
+++ b/security/Bastille/Makefile
@@ -0,0 +1,63 @@
+# $NetBSD: Makefile,v 1.1.1.1 2007/06/06 22:37:59 rillig Exp $
+#
+
+DISTNAME= Bastille-3.0.9
+CATEGORIES= security
+MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=bastille-linux/}
+EXTRACT_SUFX= .tar.bz2
+
+MAINTAINER= rillig@NetBSD.org
+HOMEPAGE= http://bastille-linux.sourceforge.net/
+COMMENT= System hardening tool focusing on educating the user
+
+WRKSRC= ${WRKDIR}/Bastille
+CONFIGURE_ENV+= GCONF_SCHEMA_FILE_DIR=${PREFIX:Q}/share/gconf/schemas/
+MAKE_ENV+= GCONF_SCHEMA_FILE_DIR=${PREFIX:Q}/share/gconf/schemas/
+USE_PKGLOCALEDIR= yes
+USE_LANGUAGES= # none
+USE_TOOLS+= bash:run perl:run
+NO_BUILD= yes
+
+BUILD_DEPENDS+= checkperms>=1.4:../../sysutils/checkperms
+DEPENDS+= p5-Tk-[0-9]*:../../x11/p5-Tk
+
+SUBST_CLASSES+= b
+SUBST_STAGE.b= pre-configure
+SUBST_FILES.b= Install.sh
+SUBST_SED.b= -e 's,umask 077,umask 022,'
+SUBST_SED.b+= -e 's,\$$RPM_BUILD_ROOT/usr/,${PREFIX}/,g'
+SUBST_SED.b+= -e 's,\$$RPM_BUILD_ROOT/var/,${VARBASE}/,g'
+
+SUBST_CLASSES+= b2
+SUBST_STAGE.b2= pre-configure
+SUBST_FILES.b2= bin/bastille Bastille/API.pm
+SUBST_SED.b2= -e 's,@PKG_SYSCONFDIR@,${PKG_SYSCONFDIR},g'
+SUBST_SED.b2+= -e 's,@PREFIX@,${PREFIX},g'
+SUBST_SED.b2+= -e 's,@VARBASE@,${VARBASE},g'
+
+SUBST_CLASSES+= b3
+SUBST_STAGE.b3= pre-configure
+SUBST_FILES.b3= ${REPLACE_PERL}
+SUBST_SED.b3= -e 's,^use lib.*,use lib "${PREFIX}/lib";,'
+
+REPLACE_PERL+= AutomatedBastille BastilleBackEnd BastilleChooser
+REPLACE_PERL+= InteractiveBastille RevertBastille *.pm
+REPLACE_BASH+= bin/bastille
+
+BUILD_DEFS+= VARBASE
+
+OSMAP_FILES= NetBSD.system.in NetBSD.bastille.in
+OSMAP_SUBSTVARS= PKG_SYSCONFDIR PREFIX VARBASE
+
+post-extract:
+ cd ${WRKSRC} && find . -print | checkperms -ffc
+ cd ${FILESDIR} && cp ${OSMAP_FILES} ${WRKSRC}/OSMap/.
+
+post-configure:
+ set -e; cd ${WRKSRC}/OSMap; for i in ${OSMAP_FILES:.in=}; do sed ${OSMAP_SUBSTVARS:@v@-e 's,\@${v}\@,${${v}},g' @} < "$$i.in" > "$$i"; done
+
+do-install:
+ cd ${WRKSRC} && sh ./Install.sh
+
+.include "../../devel/GConf2/schemas.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/Bastille/PLIST b/security/Bastille/PLIST
new file mode 100644
index 00000000000..d971d52aed2
--- /dev/null
+++ b/security/Bastille/PLIST
@@ -0,0 +1,108 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2007/06/06 22:37:59 rillig Exp $
+lib/Bastille/API.pm
+lib/Bastille/AccountSecurity.pm
+lib/Bastille/Apache.pm
+lib/Bastille/BootSecurity.pm
+lib/Bastille/ConfigureMiscPAM.pm
+lib/Bastille/DNS.pm
+lib/Bastille/DisableUserTools.pm
+lib/Bastille/FTP.pm
+lib/Bastille/FilePermissions.pm
+lib/Bastille/Firewall.pm
+lib/Bastille/HP_API.pm
+lib/Bastille/HP_UX.pm
+lib/Bastille/IOLoader.pm
+lib/Bastille/IPFilter.pm
+lib/Bastille/LogAPI.pm
+lib/Bastille/Logging.pm
+lib/Bastille/MiscellaneousDaemons.pm
+lib/Bastille/OSX_API.pm
+lib/Bastille/PSAD.pm
+lib/Bastille/PatchDownload.pm
+lib/Bastille/Patches.pm
+lib/Bastille/Printing.pm
+lib/Bastille/RemoteAccess.pm
+lib/Bastille/SecureInetd.pm
+lib/Bastille/Sendmail.pm
+lib/Bastille/TMPDIR.pm
+lib/Bastille/TestAPI.pm
+lib/Bastille/test_AccountSecurity.pm
+lib/Bastille/test_Apache.pm
+lib/Bastille/test_BootSecurity.pm
+lib/Bastille/test_DNS.pm
+lib/Bastille/test_DisableUserTools.pm
+lib/Bastille/test_FTP.pm
+lib/Bastille/test_FilePermissions.pm
+lib/Bastille/test_HP_UX.pm
+lib/Bastille/test_Logging.pm
+lib/Bastille/test_MiscellaneousDaemons.pm
+lib/Bastille/test_Printing.pm
+lib/Bastille/test_SecureInetd.pm
+lib/Bastille/test_Sendmail.pm
+lib/perl5/site_perl/Bastille_Curses.pm
+lib/perl5/site_perl/Bastille_Tk.pm
+lib/perl5/site_perl/Curses/Widgets.pm
+sbin/AutomatedBastille
+sbin/BastilleBackEnd
+sbin/InteractiveBastille
+sbin/RevertBastille
+sbin/UndoBastille
+sbin/bastille
+share/Bastille/Credits
+share/Bastille/FKL/configs/fkl_config_redhat.cfg
+share/Bastille/Modules.txt
+share/Bastille/OSMap/HP-UX.bastille
+share/Bastille/OSMap/HP-UX.service
+share/Bastille/OSMap/HP-UX.system
+share/Bastille/OSMap/LINUX.bastille
+share/Bastille/OSMap/LINUX.system
+share/Bastille/OSMap/NetBSD.bastille
+share/Bastille/OSMap/NetBSD.system
+share/Bastille/OSMap/OSX.bastille
+share/Bastille/OSMap/OSX.system
+share/Bastille/Questions/AccountSecurity.txt
+share/Bastille/Questions/Apache.txt
+share/Bastille/Questions/BootSecurity.txt
+share/Bastille/Questions/ConfigureMiscPAM.txt
+share/Bastille/Questions/DNS.txt
+share/Bastille/Questions/DisableUserTools.txt
+share/Bastille/Questions/FTP.txt
+share/Bastille/Questions/FilePermissions.txt
+share/Bastille/Questions/Firewall.txt
+share/Bastille/Questions/HP_UX.txt
+share/Bastille/Questions/IPFilter.txt
+share/Bastille/Questions/Logging.txt
+share/Bastille/Questions/MiscellaneousDaemons.txt
+share/Bastille/Questions/PSAD.txt
+share/Bastille/Questions/Patches.txt
+share/Bastille/Questions/Printing.txt
+share/Bastille/Questions/SecureInetd.txt
+share/Bastille/Questions/Sendmail.txt
+share/Bastille/Questions/TMPDIR.txt
+share/Bastille/Weights.txt
+share/Bastille/bastille-firewall
+share/Bastille/bastille-firewall-early.sh
+share/Bastille/bastille-firewall-pre-audit.sh
+share/Bastille/bastille-firewall-reset
+share/Bastille/bastille-firewall-schedule
+share/Bastille/bastille-firewall.cfg
+share/Bastille/bastille-ipchains
+share/Bastille/bastille-netfilter
+share/Bastille/bastille-tmpdir-defense.sh
+share/Bastille/bastille-tmpdir.csh
+share/Bastille/bastille-tmpdir.sh
+share/Bastille/bastille.jpg
+share/Bastille/complete.xbm
+share/Bastille/hosts.allow
+share/Bastille/ifup-local
+share/Bastille/incomplete.xbm
+share/Bastille/wz_tooltip.js
+@exec ${MKDIR} %D/var/lock/subsys/bastille
+@dirrm var/lock/subsys/bastille
+@dirrm share/Bastille/Questions
+@dirrm share/Bastille/OSMap
+@dirrm share/Bastille/FKL/configs
+@dirrm share/Bastille/FKL
+@dirrm share/Bastille
+@dirrm lib/perl5/site_perl/Curses
+@dirrm lib/Bastille
diff --git a/security/Bastille/distinfo b/security/Bastille/distinfo
new file mode 100644
index 00000000000..03e1120dac2
--- /dev/null
+++ b/security/Bastille/distinfo
@@ -0,0 +1,8 @@
+$NetBSD: distinfo,v 1.1.1.1 2007/06/06 22:37:59 rillig Exp $
+
+SHA1 (Bastille-3.0.9.tar.bz2) = 389f13d9c6c7b14b91b30bda7285238c74758e0d
+RMD160 (Bastille-3.0.9.tar.bz2) = 853bec2e007d3084cb4df9d509a316523c4dc467
+Size (Bastille-3.0.9.tar.bz2) = 319045 bytes
+SHA1 (patch-aa) = 4f7ab0f1e90b102ec612dfabffb46a91a2368752
+SHA1 (patch-ab) = cd3c4d995b3e5a05c33304ff11f52fa3c34ff463
+SHA1 (patch-ac) = f7fd8063e390e69de83b85366ecb657d97b80434
diff --git a/security/Bastille/files/NetBSD.bastille.in b/security/Bastille/files/NetBSD.bastille.in
new file mode 100644
index 00000000000..0e42dc576d7
--- /dev/null
+++ b/security/Bastille/files/NetBSD.bastille.in
@@ -0,0 +1,34 @@
+bdir,QuestionsDir,'@PREFIX@/share/Bastille/Questions'
+bdir,backup,'@VARBASE@/log/Bastillerevert/backup'
+bdir,config,'@PKG_SYSCONFDIR@/Bastille'
+bdir,home,'/root/Bastille'
+bdir,log,'@VARBASE@/log/Bastille'
+bdir,oldconfig,'@VARBASE@/log/Bastilleoldconfig'
+bdir,revert,'@VARBASE@/log/Bastillerevert'
+bdir,share,'@PREFIX@/share/Bastille'
+
+
+bfile,BastilleBackEnd,'@PREFIX@/sbin/BastilleBackEnd'
+bfile,Questions,'@PREFIX@/share/Bastille/Questions.txt'
+bfile,QuestionsWeights,'@PREFIX@/share/Bastille/Weights.txt'
+bfile,QuestionsModules,'@PREFIX@/share/Bastille/Modules.txt'
+bfile,TODO,'@VARBASE@/log/Bastille/TODO'
+bfile,TOREVERT,'@VARBASE@/log/Bastillerevert/TOREVERT.txt'
+bfile,action-log,'@VARBASE@/log/Bastille/action-log'
+bfile,complete.xbm,'@PREFIX@/share/Bastille/complete.xbm'
+bfile,config,'@PKG_SYSCONFDIR@/Bastille/config'
+bfile,created-dirs,'@VARBASE@/log/Bastillerevert/revert-created-dirs'
+bfile,created-files,'@VARBASE@/log/Bastillerevert/revert-created-files'
+bfile,created-symlinks,'@VARBASE@/log/Bastillerevert/revert-created-symlinks'
+bfile,credits,'@PREFIX@/share/Bastille/Credits'
+bfile,debug-log,'@VARBASE@/log/Bastille/debug-log'
+bfile,error-log,'@VARBASE@/log/Bastille/error-log'
+bfile,executed-commands,'@VARBASE@/log/Bastillerevert/revert-executed-commands'
+bfile,incomplete.xbm,'@PREFIX@/share/Bastille/incomplete.xbm'
+bfile,last.config,'@VARBASE@/log/Bastille/last.config'
+bfile,lockfile,'@VARBASE@/lock/subsys/bastille-lock'
+bfile,nodisclaimer,'@PREFIX@/share/Bastille/.nodisclaimer'
+bfile,removed-symlinks,'@VARBASE@/log/Bastillerevert/revert-removed-symlinks'
+bfile,revert-actions,'@VARBASE@/log/Bastillerevert/revert-actions'
+bfile,revert-directory-perms.sh,'@VARBASE@/log/Bastillerevert/revert-directory-perms.sh'
+bfile,sum.csv,'@VARBASE@/log/Bastillerevert/sum.csv'
diff --git a/security/Bastille/files/NetBSD.system.in b/security/Bastille/files/NetBSD.system.in
new file mode 100644
index 00000000000..e8613d162bd
--- /dev/null
+++ b/security/Bastille/files/NetBSD.system.in
@@ -0,0 +1,256 @@
+bin,XFree86,'/usr/X11R6/bin/XFree86'
+bin,Xwrapper,'/usr/X11R6/bin/Xwrapper'
+
+bin,accton,'/usr/sbin/accton'
+bin,accton,'/sbin/accton',RH6.2,MN9.2,MN10.0,MN10.1,MN2006.0
+bin,dpkg,'/usr/bin/dpkg',DB
+bin,apt-get,'/usr/sbin/apt-get',DB
+bin,at,'/usr/bin/at'
+bin,bash,'/bin/bash'
+bin,cardctl,'/sbin/cardctl'
+bin,chattr,'/usr/bin/chattr'
+bin,chgrp,'/bin/chgrp'
+bin,chkconfig,'/sbin/chkconfig'
+bin,chmod,'/bin/chmod'
+bin,chown,'/bin/chown'
+bin,cksum,'/usr/bin/cksum'
+bin,cp,'/bin/cp'
+bin,crontab,'/usr/bin/crontab'
+bin,cupsd,'/usr/sbin/cupsd'
+bin,diff,'/usr/bin/diff'
+bin,dos,'/usr/bin/dos'
+bin,dump,'/sbin/dump'
+bin,echo,'/bin/echo'
+bin,grep,'/bin/grep'
+bin,grep,'/usr/bin/grep',SE
+bin,groupadd,'/usr/sbin/groupadd'
+bin,inndstart,'/usr/bin/inndstart'
+bin,killall,'/usr/bin/killall'
+bin,lilo,'/sbin/lilo'
+bin,ln,'/bin/ln'
+bin,logger,'/usr/bin/logger'
+bin,lpd,'/usr/sbin/lpd'
+bin,lpd,'/usr/lib/cups/daemon/cups-lpd',MN9.2,MN10.0,MN10.1,MN2006.0
+bin,lppasswd,'/usr/bin/lppasswd'
+bin,lpq,'/usr/bin/lpq'
+bin,lpr,'/usr/bin/lpr'
+bin,lprm,'/usr/bin/lprm'
+bin,lpstat,'/usr/bin/lpstat'
+bin,md5sum,'/usr/bin/md5sum'
+bin,mknod,'/bin/mknod'
+bin,more,'/usr/bin/more'
+bin,mount,'/bin/mount'
+bin,mv,'/bin/mv'
+bin,named-xfer,'/usr/sbin/named-xfer'
+bin,ping,'/bin/ping'
+bin,ping6,'/usr/sbin/ping6',RH7.0,RH7.1,RH7.2,RH7.3,RH8.0,RH9,RHEL2
+bin,ping6,'/bin/ping6',DB,RHEL3,RHFC1,RHFC2,RHFC3,RHFC4,RHFC5,SE9.1,SE9.2,SE9.3,SE10.0,SESLES9
+bin,ping6,'/usr/bin/ping6',MN9.2,MN10.0,MN10.1,MN2006.0
+bin,ps,'/bin/ps'
+bin,rcp,'/usr/bin/rcp'
+bin,rdist,'/usr/bin/rdist'
+bin,restore,'/sbin/restore'
+bin,rexec,'/usr/bin/rexec'
+bin,rexecd,'/usr/sbin/in.rexecd'
+bin,rlogin,'/usr/bin/rlogin'
+bin,rlogind,'/usr/sbin/in.rlogind'
+bin,rm,'/bin/rm'
+bin,rmdir,'/bin/rmdir'
+bin,rpm,'/bin/rpm'
+bin,rsh,'/usr/bin/rsh'
+bin,rcp,'/usr/bin/rcp'
+bin,rshd,'/usr/sbin/in.rshd'
+bin,sendmail,'/usr/sbin/sendmail'
+bin,smbmnt,'/usr/bin/smbmnt'
+bin,startinnfeed,'/usr/bin/startinnfeed'
+bin,sulogin,'/sbin/sulogin'
+bin,touch,'/usr/bin/touch'
+bin,traceroute,'/usr/sbin/traceroute'
+
+bin,traceroute6,'/bin/traceroute6'
+bin,traceroute6,'/usr/sbin/traceroute6',RH7.0,RH7.1,RH7.2,RH7.3,RH8.0,RH9,RHEL2,MN9.2,MN10.0,MN10.1,MN2006.0
+bin,traceroute6,'/usr/bin/traceroute6',DB
+
+bin,umount,'/bin/umount'
+bin,useradd,'/usr/sbin/useradd'
+bin,usernetctl,'/usr/sbin/usernetctl'
+
+
+dir,floppy,'/mnt/floppy'
+dir,floppy,'/floppy',DB
+
+dir,home,'/home'
+
+dir,initd,'/etc/rc.d/init.d'
+dir,initd,'/etc/init.d',DB,SE,SLES
+
+dir,log,'/var/log'
+dir,pamd,'/etc/pam.d'
+
+dir,rcd,'/etc/rc.d'
+dir,rcd,'/etc',DB
+
+dir,sbin,'/sbin'
+dir,xinetd.d,'/etc/xinetd.d'
+
+
+file,accton,'/usr/sbin/accton'
+file,accton,'/sbin/accton',RH6.2
+
+file,banners_makefile,'/usr/share/doc/tcp_wrappers-7.5/Banners.Makefile'
+file,banners_makefile,'/usr/share/doc/tcp_wrappers-7.6/Banners.Makefile',RH7.2,RHEL2,RHEL3
+file,banners_makefile,'/usr/share/doc/packages/tcp_wrappers-7.6/Banners.Makefile',TB7.0
+
+file,chkconfig_apmd,'/etc/rc.d/rc3.d/S26apmd'
+file,chkconfig_apmd,'/etc/rc3.d/S26apmd',DB
+file,chkconfig_apmd,'/etc/rc.config',SE
+file,initd_apmd,'/etc/init.d/apmd'
+
+file,initd_acpid,'/etc/init.d/acpid'
+
+file,chkconfig_audit,'/etc/rc3.d/S20audit'
+file,initd_audit,'/etc/init.d/audit'
+
+file,chkconfig_dhcpd,'/etc/rc.d/rc3.d/S65dhcpd'
+file,chkconfig_dhcpd,'/etc/rc3.d/S65dhcpd',DB
+file,chkconfig_dhcpd,'/etc/rc.config',SE
+file,initd_dhcpd,'/etc/init.d/dhcpd'
+
+file,chkconfig_gated,'/etc/rc.d/rc3.d/S32gated'
+file,chkconfig_gated,'/etc/rc3.d/S32gated',DB
+file,initd_gated,'/etc/init.d/gated'
+
+file,chkconfig_gpm,'/etc/rc.d/rc3.d/S85gpm'
+file,chkconfig_gpm,'/etc/rc3.d/S20gpm',DB
+file,chkconfig_gpm,'/etc/rc.config',SE
+file,initd_gpm,'/etc/init.d/gpm'
+
+file,chkconfig_httpd,'/etc/rc.d/rc3.d/S85httpd'
+file,chkconfig_httpd,'/etc/rc3.d/S91httpd',DB
+file,initd_httpd,'/etc/init.d/httpd'
+file,initd_httpd2,'/etc/init.d/httpd2'
+
+file,chkconfig_innd,'/etc/rc.d/rc3.d/S95innd'
+file,chkconfig_innd,'/etc/rc3.d/S95innd',DB
+file,initd_innd,'/etc/init.d/innd'
+
+file,chkconfig_kudzu,'/etc/init.d/kudzu'
+file,initd_kudzu,'/etc/init.d/kudzu'
+
+file,chkconfig_named,'/etc/rc.d/rc3.d/S55named'
+file,chkconfig_named,'/etc/rc3.d/S15named',DB
+file,initd_named,'/etc/init.d/named'
+
+file,chkconfig_nfs,'/etc/rc.d/rc3.d/S60nfs'
+file,chkconfig_nfs,'/etc/rc3.d/S60nfs',DB
+file,chkconfig_nfs,'/etc/rc.config',SE
+file,initd_nfs,'/etc/init.d/nfs'
+
+file,chkconfig_pcmcia,'/etc/rc.d/rc3.d/S45pcmcia'
+file,chkconfig_pcmcia,'/etc/rc3.d/S45pcmcia',DB
+file,chkconfig_pcmcia,'/etc/rc.config',SE
+file,initd_pcmcia,'/etc/init.d/pcmcia'
+
+file,initd_mDNSResponder,'/etc/init.d/mDNSResponder'
+file,initd_avahi-daemon,'/etc/init.d/avahi-daemon'
+file,initd_avahi-dnsconfd,'/etc/init.d/avahi-dnsconfd'
+
+file,initd_bluetooth,'/etc/init.d/bluetooth'
+
+file,initd_hpoj,'/etc/init.d/hpoj'
+
+file,initd_isdn,'/etc/init.d/isdn'
+
+file,chkconfig_routed,'/etc/rc.d/rc3.d/S55gated'
+file,chkconfig_routed,'/etc/rc3.d/S55gated',DB
+file,initd_routed,'/etc/init.d/routed'
+
+file,chkconfig_snmpd,'/etc/rc.d/rc3.d/S50snmpd'
+file,chkconfig_snmpd,'/etc/rc3.d/S50snmpd',DB
+file,initd_snmpd,'/etc/init.d/snmpd'
+
+file,chkconfig_vsftpd,'/etc/rc.d/rc3.d/S60vsftpd'
+file,initd_vsftpd,'/etc/init.d/vsftpd'
+
+file,chkconfig_ypbind,'/etc/rc.d/rc3.d/S17ypbind'
+file,chkconfig_ypbind,'/etc/rc3.d/S17ypbind',DB
+file,chkconfig_ypbind,'/etc/rc.config',SE
+file,initd_ypbind,'/etc/init.d/ypbind'
+
+file,cron.allow,'/etc/cron.allow'
+file,cron.allow,'/var/spool/cron/allow',SE
+file,csh.login,'/etc/csh.login'
+file,cupsd,'/usr/sbin/cupsd'
+file,ftpaccess,'/etc/ftpaccess'
+file,gcc,'/usr/bin/gcc'
+file,g++,'/usr/bin/g++'
+file,gdm.conf,/etc/X11/gdm/gdm.conf
+file,group,'/etc/group'
+file,passwd,'/etc/passwd'
+file,shadow,'/etc/shadow'
+
+file,grub.conf,'/etc/grub.conf'
+file,grub.conf,'/boot/grub/grub.conf',RH9,RHEL,RHFC
+file,grub.conf,'/boot/grub/menu.lst',SE,MN
+file,hosts.allow,'/etc/hosts.allow'
+file,hosts.deny,'/etc/hosts.deny'
+
+file,httpd,'/usr/sbin/httpd'
+file,httpd,'/usr/sbin/apache',DB
+
+file,httpd2,'/usr/sbin/httpd2'
+
+file,httpd.conf,'/etc/httpd/conf/httpd.conf'
+file,httpd.conf,'/etc/apache/httpd.conf',DB
+file,httpd.conf,'/etc/httpd/httpd.conf',SE7.2 SE7.3 SE8.0
+file,httpd.conf,'/etc/apache2/httpd.conf',SE9.0,SE9.1,SE9.2,SE9.3,SLES
+file,httpd.conf,'/etc/httpd/conf/httpd2.conf',MN10.1
+# SuSE breaks httpd.conf into many files after 8.
+file,listen.conf,'/etc/apache2/listen.conf',SE9.0,SE9.1,SE9.2,SE9.3,SLES
+file,suse-default-server.conf,'/etc/apache2/default-server.conf',SE9.0,SE9.1,SE9.2,SE9.3,SLES
+
+file,httpd_access.conf,'/etc/httpd/conf/httpd.conf'
+file,httpd_access.conf,'/etc/apache/access.conf',DB2
+file,httpd_access.conf,'/etc/apache/httpd.conf',DB3
+file,httpd_access.conf,'/etc/httpd/conf/access.conf',RH6.0,RH6.1
+file,httpd_access.conf,'/etc/httpd/httpd.conf',SE7.2 SE7.3 SE8.0
+file,httpd_access.conf,'/etc/apache2/httpd.conf',SE9.0,SE9.1,SE9.2,SE9.3,SLES
+file,httpd_access.conf,'/etc/httpd/conf/commonhttpd.conf',MN10.1
+
+file,inetd.conf,'/etc/inetd.conf'
+file,inittab,'/etc/inittab'
+file,issue,'/etc/issue'
+
+file,kdmrc,'/usr/share/config/kdmrc'
+file,kdmrc,'/etc/kde/kdm/kdmrc',MN10.1
+
+file,lilo.conf,'/etc/lilo.conf'
+file,limits.conf,'/etc/security/limits.conf'
+file,lpd,'/usr/sbin/lpd'
+file,lpr,'/usr/bin/lpr'
+file,motd,'/etc/motd'
+file,mtab,'/etc/mtab'
+file,named,'/usr/sbin/named'
+file,pam_access.conf,'/etc/security/access.conf'
+file,pamd_passwd,'/etc/pam.d/passwd'
+file,profile,'/etc/profile'
+file,rc.config,'/etc/rc.config'
+file,rc.local,'/etc/rc.local'
+file,rootprofile,'/root/.bash_profile'
+file,rsh,'/usr/bin/rsh'
+file,rcp,'/usr/bin/rcp'
+file,securetty,'/etc/securetty'
+file,sendmail.cf,'/etc/sendmail.cf'
+file,sysctl.conf,'/etc/sysctl.conf'
+file,syslog.conf,'/etc/syslog.conf'
+file,sysconfig_audit,'/etc/sysconfig/audit'
+file,sysconfig_named,'/etc/sysconfig/named'
+file,sysconfig_sendmail,'/etc/sysconfig/sendmail'
+file,tcpd,'/usr/sbin/tcpd'
+file,xinetd.conf,'/etc/xinetd.conf'
+
+file,ypserv,'/etc/rc.d/init.d/ypserv'
+file,ypserv,'/etc/init.d/ypserv',DB
+file,ypserv,'/etc/rc.config',SE
+
+file,zprofile,'/etc/zprofile'
diff --git a/security/Bastille/patches/patch-aa b/security/Bastille/patches/patch-aa
new file mode 100644
index 00000000000..4dbcfe7b063
--- /dev/null
+++ b/security/Bastille/patches/patch-aa
@@ -0,0 +1,30 @@
+$NetBSD: patch-aa,v 1.1.1.1 2007/06/06 22:37:59 rillig Exp $
+
+--- bin/bastille.orig 2005-04-19 23:12:09.000000000 +0200
++++ bin/bastille 2006-12-03 09:00:32.000000000 +0100
+@@ -66,21 +66,10 @@ EOF
+ }
+
+ systemFileLocations() {
+-
+- OS=`uname -s`
+- if [ ${OS}x = "HP-UXx" ]; then # find right comparison directories for config files
+- config_repository="/etc/opt/sec_mgmt/bastille"
+- last_config="/var/opt/sec_mgmt/bastille/last.config"
+- scripts_location="/opt/sec_mgmt/bastille/bin"
+- else #Linux locations
+- config_repository="/etc/Bastille"
+- last_config="/var/log/Bastille/last.config"
+- scripts_location="/usr/sbin"
+- data_location="/usr/share/Bastille"
+- fi
+-
+-
+-
++ config_repository="@PKG_SYSCONFDIR@/etc"
++ last_config="@VARBASE@/log/Bastille/last.config"
++ scripts_location="@PREFIX@/sbin"
++ data_location="@PREFIX@/share/Bastille"
+ }
+
+
diff --git a/security/Bastille/patches/patch-ab b/security/Bastille/patches/patch-ab
new file mode 100644
index 00000000000..1ed5acf249e
--- /dev/null
+++ b/security/Bastille/patches/patch-ab
@@ -0,0 +1,32 @@
+$NetBSD: patch-ab,v 1.1.1.1 2007/06/06 22:37:59 rillig Exp $
+
+--- Bastille/API.pm.orig 2006-04-03 15:16:05.000000000 +0200
++++ Bastille/API.pm 2006-12-03 12:08:08.000000000 +0100
+@@ -490,6 +490,8 @@ sub GetDistro() {
+ }
+ elsif ( $release =~ /(^HP-UX)\s*B\.(\d+\.\d+)/ ) {
+ $distro="$1$2";
++ } elsif ( $release =~ /^(\w+)\s+(\d+)/) {
++ $distro="$1$2";
+ }
+ else {
+ print STDERR "$err Could not determine operating system version!\n";
+@@ -576,6 +578,10 @@ sub getSupportedOSHash () {
+ "HP-UX11.31"
+ ],
+
++ "NetBSD" => [
++ "NetBSD1", "NetBSD2", "NetBSD3", "NetBSD4",
++ ],
++
+ "OSX" => [
+ 'OSX10.2','OSX10.3','OSX10.4'
+ ]
+@@ -768,6 +774,7 @@ sub getFileAndServiceInfo($$) {
+ my %oSInfoPath = (
+ "LINUX" => "/usr/share/Bastille/OSMap/",
+ "HP-UX" => "/etc/opt/sec_mgmt/bastille/OSMap/",
++ "NetBSD" => "@PREFIX@/share/Bastille/OSMap/",
+ "OSX" => "/usr/share/Bastille/OSMap/"
+ );
+
diff --git a/security/Bastille/patches/patch-ac b/security/Bastille/patches/patch-ac
new file mode 100644
index 00000000000..0fc78d4215e
--- /dev/null
+++ b/security/Bastille/patches/patch-ac
@@ -0,0 +1,13 @@
+$NetBSD: patch-ac,v 1.1.1.1 2007/06/06 22:37:59 rillig Exp $
+
+--- Install.sh.orig 2005-04-18 23:26:39.000000000 +0200
++++ Install.sh 2006-12-03 12:09:56.000000000 +0100
+@@ -99,6 +99,8 @@ cp OSMap/LINUX.system $RPM_BUILD_ROOT/us
+ cp OSMap/HP-UX.bastille $RPM_BUILD_ROOT/usr/share/Bastille/OSMap
+ cp OSMap/HP-UX.system $RPM_BUILD_ROOT/usr/share/Bastille/OSMap
+ cp OSMap/HP-UX.service $RPM_BUILD_ROOT/usr/share/Bastille/OSMap
++cp OSMap/NetBSD.bastille $RPM_BUILD_ROOT/usr/share/Bastille/OSMap
++cp OSMap/NetBSD.system $RPM_BUILD_ROOT/usr/share/Bastille/OSMap
+ cp OSMap/OSX.bastille $RPM_BUILD_ROOT/usr/share/Bastille/OSMap
+ cp OSMap/OSX.system $RPM_BUILD_ROOT/usr/share/Bastille/OSMap
+