diff options
Diffstat (limited to 'external/meta-security/recipes-security/samhain/files')
19 files changed, 0 insertions, 1043 deletions
diff --git a/external/meta-security/recipes-security/samhain/files/run-ptest b/external/meta-security/recipes-security/samhain/files/run-ptest deleted file mode 100755 index 2a4a7653..00000000 --- a/external/meta-security/recipes-security/samhain/files/run-ptest +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -current_dir=$(dirname $(readlink -f $0)) -$current_dir/cutest diff --git a/external/meta-security/recipes-security/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch b/external/meta-security/recipes-security/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch deleted file mode 100644 index 088a938e..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch +++ /dev/null @@ -1,28 +0,0 @@ -From ae79606a6745dbbd429d1d4671dfe3045d735057 Mon Sep 17 00:00:00 2001 -From: Jackie Huang <jackie.huang@windriver.com> -Date: Thu, 14 Sep 2017 13:26:55 +0800 -Subject: [PATCH] Add LDFLAGS variable for compiling samhain_setpwd - -Upstream-Status: Pending - -Signed-off-by: Jackie Huang <jackie.huang@windriver.com> ---- - Makefile.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile.in b/Makefile.in -index 01de987..49356cf 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -1128,7 +1128,7 @@ sh_tiger_i.o: $(srcsrc)/$(TIGER_SRC) Makefile config_xor.h - samhain_setpwd: encode config_xor.h $(srcsrc)/samhain_setpwd.c - @echo '$(COMPILE) -o samhain_setpwd $(srcsrc)/samhain_setpwd.c'; \ - ./encode $(XOR_CODE) $(srcsrc)/samhain_setpwd.c; \ -- $(COMPILE) -o samhain_setpwd x_samhain_setpwd.c; \ -+ $(COMPILE) $(LDFLAGS) -o samhain_setpwd x_samhain_setpwd.c; \ - rm x_samhain_setpwd.c - - samhain_stealth: encode config_xor.h $(srcsrc)/samhain_stealth.c --- -2.11.0 - diff --git a/external/meta-security/recipes-security/samhain/files/samhain-avoid-searching-host-for-postgresql.patch b/external/meta-security/recipes-security/samhain/files/samhain-avoid-searching-host-for-postgresql.patch deleted file mode 100644 index 6bf67e09..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-avoid-searching-host-for-postgresql.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 3e2ca7e06b16ceff6d12beb5113312f6525df595 Mon Sep 17 00:00:00 2001 -From: Jackie Huang <jackie.huang@windriver.com> -Date: Thu, 14 Sep 2017 11:02:12 +0800 -Subject: [PATCH] configure.ac: avoid searching host for postgresql - -Upstream-Status: Inappropriate [cross compile specific] - -Signed-off-by: Jackie Huang <jackie.huang@windriver.com> ---- - configure.ac | 101 +++-------------------------------------------------------- - 1 file changed, 5 insertions(+), 96 deletions(-) - -diff --git a/configure.ac b/configure.ac -index a224c68..f658d53 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1278,90 +1278,11 @@ AC_ARG_WITH(database, - AC_DEFINE(WITH_POSTGRES) - AC_DEFINE(WITH_DATABASE) - # -- PGCONF="no" -- MY_PATH="${PATH}:/usr/local/bin:/usr/local/pgsql/bin" -- OLD_IFS="$IFS" -- IFS=":" -- for ff in ${MY_PATH} -- do -- if test -f "$ff/pg_config" -- then -- PGCONF="$ff/pg_config" -- fi -- done -- IFS="${OLD_IFS}" -- # -- # -- if test "x${PGCONF}" = "xno" -- then -- AC_MSG_CHECKING(for PostgreSQL in /usr/local/pgsql /usr/pgsql /usr/local /usr PGSQL_HOME) -- pgsql_directory="/usr/local/pgsql /usr/pgsql /usr/local /usr ${PGSQL_HOME}" -- for i in $pgsql_directory; do -- if test -r $i/include/pgsql/libpq-fe.h; then -- PGSQL_INC_DIR=$i/include -- PGSQL_DIR=$i -- # use AC_CHECK_HEADERS to check for pgsql/libpq-fe.h -- fi -- done -- if test -z "$PGSQL_DIR"; then -- for i in $pgsql_directory; do -- if test -r $i/include/postgresql/libpq-fe.h; then -- PGSQL_INC_DIR=$i/include -- PGSQL_DIR=$i -- fi -- done -- fi -- if test -z "$PGSQL_DIR"; then -- for i in $pgsql_directory; do -- if test -r $i/include/libpq-fe.h; then -- PGSQL_INC_DIR=$i/include -- PGSQL_DIR=$i -- fi -- done -- fi -- -- if test -z "$PGSQL_DIR"; then -- tmp="" -- for i in $pgsql_directory; do -- tmp="$tmp $i/include $i/include/pgsql $i/include/postgresql" -- done -- FAIL_MESSAGE("PostgreSQL header file (libpq-fe.h)", $tmp) -- fi -- -- for i in lib lib/pgsql lib/postgresql; do -- str="$PGSQL_DIR/$i/libpq.*" -- for j in `echo $str`; do -- if test -r $j; then -- PGSQL_LIB_DIR="$PGSQL_DIR/$i" -- break 2 -- fi -- done -- done -- -- if test -z "$PGSQL_LIB_DIR"; then -- for ff in $pgsql_directory; do -- for i in lib lib/pgsql lib/postgresql; do -- str="$ff/$i/libpq.*" -- for j in `echo $str`; do -- if test -r $j; then -- PGSQL_LIB_DIR="$ff/$i" -- break 3 -- fi -- done -- done -- done -- fi -- -- if test -z "$PGSQL_LIB_DIR"; then -- tmp="" -- for i in $pgsql_directory; do -- tmp="$i/lib $i/lib/pgsql $i/lib/postgresql" -- done -- FAIL_MESSAGE("postgresql library libpq", $tmp) -- fi -- -- AC_MSG_RESULT(yes) -- -+ if test -z "${PGSQL_LIB_DIR}" ; then -+ FAIL_MESSAGE("PGSQL_LIB_DIR is not set!") -+ elif test -z "${PGSQL_INC_DIR}" ; then -+ FAIL_MESSAGE("PGSQL_INC_DIR is not set!") -+ else - LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lm" - if test x"$enable_static" = xyes; then - LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lcrypt -lm" -@@ -1370,18 +1291,6 @@ AC_ARG_WITH(database, - fi - # CFLAGS="$CFLAGS -I${PGSQL_INC_DIR}" - CPPFLAGS="$CPPFLAGS -I${PGSQL_INC_DIR}" -- AC_CHECK_HEADERS(pgsql/libpq-fe.h) -- AC_CHECK_HEADERS(postgresql/libpq-fe.h) -- else -- pg_lib_dir=`${PGCONF} --libdir` -- if test x"$enable_static" = xyes; then -- LIBS="$LIBS -L${pg_lib_dir} -lpq -lcrypt -lm" -- else -- LIBS="$LIBS -L${pg_lib_dir} -lpq -lm" -- fi -- pg_inc_dir=`${PGCONF} --includedir` -- # CFLAGS="$CFLAGS -I${pg_inc_dir}" -- CPPFLAGS="$CPPFLAGS -I${pg_inc_dir}" - fi - elif test "x${withval}" = "xodbc"; then - AC_MSG_CHECKING(for odbc in /usr /usr/local ODBC_HOME) --- -2.11.0 - diff --git a/external/meta-security/recipes-security/samhain/files/samhain-client.default b/external/meta-security/recipes-security/samhain/files/samhain-client.default deleted file mode 100644 index 9899577a..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-client.default +++ /dev/null @@ -1,3 +0,0 @@ -# Set this to "yes" to start the server, after you configure it, of -# course. -SAMHAIN_CLIENT_START="no"
\ No newline at end of file diff --git a/external/meta-security/recipes-security/samhain/files/samhain-client.init b/external/meta-security/recipes-security/samhain/files/samhain-client.init deleted file mode 100644 index d5fabede..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-client.init +++ /dev/null @@ -1,122 +0,0 @@ -#!/bin/bash -# chkconfig: 2345 99 10 -# description: File Integrity Checking Daemon -# -# processname: samhain -# config : /etc/samhainrc -# logfile : /var/log/samhain_log -# database: /var/lib/samhain/samhain_file -# - -NAME=samhain -DAEMON=/usr/sbin/samhain -RETVAL=0 -PIDFILE=/var/run/samhain.pid - -. /etc/default/rcS - -. /etc/default/samhain-client - -if [ "x$SAMHAIN_CLIENT_START" != "xyes" ]; then - echo "${0}: client disabled in /etc/default/samhain-client" - exit 0 -fi - -if [ -x $DAEMON ]; then - : -else - echo "${0}: executable ${DAEMON} not found" - exit 1 -fi - -if [ ! -e /var/lib/samhain/samhain_file ]; then - echo "${0}: /var/lib/samhain/samhain_file does not exist. You must" - echo " run 'samhain -t init' before samhian-client can start." - exit 1 -fi - -samhain_done() -{ - if [ $RETVAL -eq 0 ]; then - echo "." - else - echo " failed." - fi -} - -log_stat_msg () { -case "$1" in - 0) - echo "Service $NAME: Running"; - ;; - 1) - echo "Service $NAME: Stopped and /var/run pid file exists"; - ;; - 3) - echo "Service $NAME: Stopped"; - ;; - *) - echo "Service $NAME: Status unknown"; - ;; -esac -} - -case "$1" in - start) - # - # Remove a stale PID file, if found - # - if test -f ${PIDFILE}; then - /bin/rm -f ${PIDFILE} - fi - # - echo -n "Starting ${NAME}" - start-stop-daemon --start --quiet --exec $DAEMON - RETVAL=$? - samhain_done - ;; - - stop) - echo -n "Stopping $NAME" - start-stop-daemon --stop --quiet --exec $DAEMON - RETVAL=$? - - # - # Remove a stale PID file, if found - # - if test -f ${PIDFILE}; then - /bin/rm -f ${PIDFILE} - fi - if test -S /var/run/${NAME}.sock; then - /bin/rm -f /var/run/${NAME}.sock - fi - samhain_done - ;; - - restart) - $0 stop - sleep 3 - $0 start - RETVAL=$? - ;; - - reload|force-reload) - echo -n "Reloading $NAME configuration files" - start-stop-daemon --stop --signal 1 --quiet --exec $DAEMON - RETVAL=$? - samhain_done - ;; - - status) - $DAEMON status - RETVAL=$? - log_stat_msg ${RETVAL} - ;; - - *) - echo "$0 usage: {start|stop|status|restart|reload}" - exit 1 - ;; -esac - -exit $RETVAL diff --git a/external/meta-security/recipes-security/samhain/files/samhain-configure-add-option-for-ps.patch b/external/meta-security/recipes-security/samhain/files/samhain-configure-add-option-for-ps.patch deleted file mode 100644 index 8de0735f..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-configure-add-option-for-ps.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 02a143f0068cbc6cea71359169210fbb3606d4bb Mon Sep 17 00:00:00 2001 -From: Jackie Huang <jackie.huang@windriver.com> -Date: Mon, 18 Jan 2016 00:24:57 -0500 -Subject: [PATCH] configure: add option for ps - -The configure searches hardcoded host paths for PSPATH -and run ps commands to decide PSARG which will fail -on host without ps: -| configure: error: Cannot find ps in any of /usr/ucb /bin /usr/bin - -So add an option so we can specify the ps at configure -to avoid host contamination. - -Upstream-Status: Inappropriate [cross compile specific] - -Signed-off-by: Jackie Huang <jackie.huang@windriver.com> ---- - aclocal.m4 | 2 +- - configure.ac | 60 ++++++++++-------------------------------------------------- - 2 files changed, 11 insertions(+), 51 deletions(-) - -diff --git a/aclocal.m4 b/aclocal.m4 -index a2e59a6..cd20a2f 100644 ---- a/aclocal.m4 -+++ b/aclocal.m4 -@@ -409,7 +409,7 @@ x_includes=NONE - x_libraries=NONE - DESTDIR= - SH_ENABLE_OPTS="selinux posix-acl asm ssp db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc ipv6 shellexpand suid" --SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file" -+SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file ps-path" - - # Installation directory options. - # These are left unexpanded so users can "make install exec_prefix=/foo" -diff --git a/configure.ac b/configure.ac -index 5910b1f..8c3e087 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -730,56 +730,16 @@ then - fi - AC_CHECK_HEADERS(gmp.h) - --AC_MSG_CHECKING([for ps]) --PS= --for ff in /usr/ucb /bin /usr/bin; do -- if test -x "$ff/ps"; then -- PS="$ff/ps" -- AC_MSG_RESULT([$PS]) -- break -- fi --done --if test x$PS = x --then -- AC_MSG_RESULT([no]) -- AC_MSG_ERROR([Cannot find ps in any of /usr/ucb /bin /usr/bin]) --fi --AC_DEFINE_UNQUOTED([PSPATH], _("$PS"), [Path to ps]) -- --AC_MSG_CHECKING([how to use ps]) --$PS ax >/dev/null 2>&1 --if test $? -eq 0; then -- case "$host_os" in -- *openbsd*) -- one=`$PS akx | wc -l` -- ;; -- *) -- one=`$PS ax | wc -l` -- ;; -- esac --else -- one=0 --fi --$PS -e >/dev/null 2>&1 --if test $? -eq 0; then -- two=`$PS -e | wc -l` --else -- two=0 --fi --if test $one -ge $two --then -- case "$host_os" in -- *openbsd*) -- PSARG="akx" -- ;; -- *) -- PSARG="ax" -- ;; -- esac --else -- PSARG="-e" --fi --AC_DEFINE_UNQUOTED([PSARG], _("$PSARG"), [Argument for ps]) -+AC_ARG_WITH(ps-path, -+ [ --with-ps-path=PATH set path to ps command ], -+ [ -+ if test "x${withval}" != xno; then -+ pspath="${withval}" -+ AC_DEFINE_UNQUOTED([PSPATH], _("${pspath}"), [Path to ps]) -+ AC_DEFINE_UNQUOTED([PSARG], _("ax"), [Argument for ps]) -+ fi -+ ]) -+ - AC_MSG_RESULT([$PS $PSARG]) - - dnl ***************************************** --- -1.9.1 - diff --git a/external/meta-security/recipes-security/samhain/files/samhain-cross-compile.patch b/external/meta-security/recipes-security/samhain/files/samhain-cross-compile.patch deleted file mode 100644 index 7f80a5c6..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-cross-compile.patch +++ /dev/null @@ -1,51 +0,0 @@ -From f63908427b2adb1792c59edbe38618e14ef5bc7b Mon Sep 17 00:00:00 2001 -From: Jackie Huang <jackie.huang@windriver.com> -Date: Fri, 15 Jan 2016 00:48:58 -0500 -Subject: [PATCH] Enable obfuscating binaries natively. - -Enable obfuscating binaries natively. - -The samhain build process involves an obfuscation step that attempts to -defeat decompilation or other binary analysis techniques which might reveal -secret information that should be known only to the system administrator. -The obfuscation step builds several applications which run on the build host -and then generate target code, which is then built into target binaries. - -This patch creates a basic infrastructure that supports building the -obfuscation binaries natively then cross-compiling the target code by adding -a special configure option. In the absence of this option the old behaviour -is preserved. - -Upstream-Status: Inappropriate [cross compile specific] - -Signed-off-by: Aws Ismail <aws.ismail@windriver.com> -Signed-off-by: Jackie Huang <jackie.huang@windriver.com> ---- - Makefile.in | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/Makefile.in b/Makefile.in -index 684e92b..fb090e2 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -54,7 +54,7 @@ selectconfig = @selectconfig@ - top_builddir = . - - INSTALL = @INSTALL@ --INSTALL_PROGRAM = @INSTALL@ -s -m 700 -+INSTALL_PROGRAM = @INSTALL@ -m 700 - INSTALL_SHELL = @INSTALL@ -m 700 - INSTALL_DATA = @INSTALL@ -m 600 - INSTALL_MAN = @INSTALL@ -m 644 -@@ -525,8 +525,6 @@ install-program: $(PROGRAMS) sstrip - echo " $(INSTALL_PROGRAM) $$p $$target"; \ - $(INSTALL_PROGRAM) $$p $$target; \ - chmod 0700 $$target; \ -- echo " ./sstrip $$target"; \ -- ./sstrip $$target; \ - else \ - echo " $(INSTALL_SHELL) $$p $$target"; \ - $(INSTALL_SHELL) $$p $$target; \ --- -1.9.1 - diff --git a/external/meta-security/recipes-security/samhain/files/samhain-mips64-aarch64-dnmalloc-hash-fix.patch b/external/meta-security/recipes-security/samhain/files/samhain-mips64-aarch64-dnmalloc-hash-fix.patch deleted file mode 100644 index 06086606..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-mips64-aarch64-dnmalloc-hash-fix.patch +++ /dev/null @@ -1,44 +0,0 @@ -commit 0f6bdc219e598de08a3f37887efa5dfa50e2b996 -Author: Aws Ismail <aws.ismail@windriver.com> -Date: Fri Jun 22 15:47:08 2012 -0400 - -Hash fix for MIPS64 and AARCH64 - -Samhain uses the addresses of local variables in generating hash -values. The hashing function is designed only for 32-bit values. -For MIPS64 when a 64-bit address is passed in the resulting hash -exceeds the limits of the underlying mechanism and samhain -ultimately fails. The solution is to simply take the lower -32-bits of the address and use that in generating hash values. - -Signed-off-by: Greg Moffatt <greg.moffatt@windriver.com> - -Upstream-Status: Pending - -Signed-off-by: Aws Ismail <aws.ismail@windriver.com> -Signed-off-by: Jackie Huang <jackie.huang@windriver.com> - -diff --git a/src/dnmalloc.c b/src/dnmalloc.c -index da9a5c5..fc91400 100644 ---- a/src/dnmalloc.c -+++ b/src/dnmalloc.c -@@ -2703,11 +2703,19 @@ static void freecilst_add(chunkinfoptr p) { - } - - /* Calculate the hash table entry for a chunk */ -+#if defined(CONFIG_ARCH_MIPS64) || defined(CONFIG_ARCH_AARCH64) -+#ifdef STARTHEAP_IS_ZERO -+#define hash(p) ((((unsigned long) p) & 0x7fffffff) >> 7) -+#else -+#define hash(p) ((((unsigned long) p - (unsigned long) startheap) & 0x7fffffff) >> 7) -+#endif -+#else - #ifdef STARTHEAP_IS_ZERO - #define hash(p) (((unsigned long) p) >> 7) - #else - #define hash(p) (((unsigned long) p - (unsigned long) startheap) >> 7) - #endif -+#endif /* CONFIG_ARCH_MIPS64 */ - - static void - hashtable_add (chunkinfoptr ci) diff --git a/external/meta-security/recipes-security/samhain/files/samhain-not-run-ptest-on-host.patch b/external/meta-security/recipes-security/samhain/files/samhain-not-run-ptest-on-host.patch deleted file mode 100644 index 52843131..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-not-run-ptest-on-host.patch +++ /dev/null @@ -1,24 +0,0 @@ -not run test on host, since we are doing cross-compile - -Upstream-status: Inappropriate [cross compile specific] - -Signed-off-by: Roy Li <rongqing.li@windriver.com> ---- - Makefile.in | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/Makefile.in b/Makefile.in -index e1b32a8..74bfdc9 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -1234,7 +1234,6 @@ intcutest: internal.h $(OBJECTS) $(CUTEST_OBJECTS) sh_tiger_i.o $(srcsrc)/CuTest - rm x_samhain.c; \ - $(LINK) sh_tiger_i.o $(CUTEST_OBJECTS) CuTestMain.o CuTest.o $(OBJECTS) $(LIBS_TRY); \ - test -f ./intcutest && mv ./intcutest ./cutest; \ -- ./cutest - - runcutest: - gdb ./cutest --- -1.7.10.4 - diff --git a/external/meta-security/recipes-security/samhain/files/samhain-pid-path.patch b/external/meta-security/recipes-security/samhain/files/samhain-pid-path.patch deleted file mode 100644 index 592bd165..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-pid-path.patch +++ /dev/null @@ -1,27 +0,0 @@ -commit a932b03b65edeb02ccad2fce06bfa68a8f2fbb04 -Author: Aws Ismail <aws.ismail@windriver.com> -Date: Thu Jan 10 16:29:05 2013 -0500 - - Set the PID Lock path for samhain.pid - - The explicit path for samhain.pid inorder - for samhain to work properly after it initial - database build. - - Upstream-Status: Inappropriate [configuration] - - Signed-off-by: Aws Ismail <aws.ismail@windriver.com> - -diff --git a/samhainrc.linux b/samhainrc.linux -index 10a8176..a7b06e6 100644 ---- a/samhainrc.linux -+++ b/samhainrc.linux -@@ -639,7 +639,7 @@ SetFileCheckTime = 86400 - - ## Path to the PID file - # --# SetLockfilePath = (default: compiled-in) -+SetLockfilePath = /run/samhain.pid - - - ## The digest/checksum/hash algorithm diff --git a/external/meta-security/recipes-security/samhain/files/samhain-samhainrc-fix-files-dirs-path.patch b/external/meta-security/recipes-security/samhain/files/samhain-samhainrc-fix-files-dirs-path.patch deleted file mode 100644 index dad6b150..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-samhainrc-fix-files-dirs-path.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 00fb527e45da42550156197647e01de9a6b1ad52 Mon Sep 17 00:00:00 2001 -From: Wenzong Fan <wenzong.fan@windriver.com> -Date: Mon, 3 Mar 2014 01:50:01 -0500 -Subject: [PATCH] fix real path for some files/dirs - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> ---- - samhainrc.linux | 15 +++++++-------- - 1 file changed, 7 insertions(+), 8 deletions(-) - -diff --git a/samhainrc.linux b/samhainrc.linux -index e9727b4..7775d83 100644 ---- a/samhainrc.linux -+++ b/samhainrc.linux -@@ -93,7 +93,6 @@ dir = 99/etc - ## - file = /etc/mtab - file = /etc/fstab --file = /etc/adjtime - file = /etc/motd - file = /etc/lvm/lvm.conf - -@@ -153,11 +152,11 @@ dir = 99/var - - [IgnoreAll] - dir = -1/var/cache --dir = -1/var/lock --dir = -1/var/mail --dir = -1/var/run -+dir = -1/run/lock -+dir = -1/var/spool/mail -+dir = -1/run - dir = -1/var/spool --dir = -1/var/tmp -+dir = -1/var/volatile/tmp - - - [Attributes] -@@ -167,7 +166,7 @@ dir = -1/var/tmp - file = /var/lib/rpm/__db.00? - - file = /var/lib/logrotate.status --file = /var/lib/random-seed -+file = /var/lib/urandom/random-seed - - - [GrowingLogFiles] -@@ -176,7 +175,7 @@ file = /var/lib/random-seed - ## are ignored. Logfile rotation will cause a report because of shrinking - ## size and different inode. - ## --dir = 99/var/log -+dir = 99/var/volatile/log - - [Attributes] - # --- -1.7.9.5 - diff --git a/external/meta-security/recipes-security/samhain/files/samhain-samhainrc.patch b/external/meta-security/recipes-security/samhain/files/samhain-samhainrc.patch deleted file mode 100644 index 145700a0..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-samhainrc.patch +++ /dev/null @@ -1,158 +0,0 @@ -commit 4c6658441eb3ffc4e51ed70f78cbdab046957580 -Author: Aws Ismail <aws.ismail@windriver.com> -Date: Fri Jun 22 16:38:20 2012 -0400 - -Make samhainrc OE-friendly. - -Patch the samhainrc that will be installed -as part of the 'make install' step to more -accurately reflect what will be found, and -what will be of concern, on a OE install. - -Upstream-Status: Inappropriate [configuration] - -Signed-off-by: Aws Ismail <aws.ismail@windriver.com> - -diff --git a/samhainrc.linux b/samhainrc.linux -index 9bc5ca4..10a8176 100644 ---- a/samhainrc.linux -+++ b/samhainrc.linux -@@ -74,7 +74,6 @@ dir = 0/ - [Attributes] - file = /tmp - file = /dev --file = /media - file = /proc - file = /sys - -@@ -93,19 +92,10 @@ dir = 99/etc - ## check permission and ownership - ## - file = /etc/mtab -+file = /etc/fstab - file = /etc/adjtime - file = /etc/motd --file = /etc/lvm/.cache -- --# On Ubuntu, these are in /var/lib rather than /etc --file = /etc/cups/certs --file = /etc/cups/certs/0 -- --# managed by fstab-sync on Fedora Core --file = /etc/fstab -- --# modified when booting --file = /etc/sysconfig/hwconf -+file = /etc/lvm/lvm.conf - - # There are files in /etc that might change, thus changing the directory - # timestamps. Put it here as 'file', and in the ReadOnly section as 'dir'. -@@ -147,10 +137,6 @@ dir = 99/dev - ## - dir = -1/dev/pts - --# dir = -1/dev/.udevdb -- --file = /dev/ppp -- - # - # --------- /usr ----------- - # -@@ -167,50 +153,21 @@ dir = 99/var - - [IgnoreAll] - dir = -1/var/cache --dir = -1/var/backups --dir = -1/var/games --dir = -1/var/gdm - dir = -1/var/lock - dir = -1/var/mail - dir = -1/var/run - dir = -1/var/spool - dir = -1/var/tmp --dir = -1/var/lib/texmf --dir = -1/var/lib/scrollkeeper - - - [Attributes] - --dir = /var/lib/nfs --dir = /var/lib/pcmcia -- - # /var/lib/rpm changes if packets are installed; - # /var/lib/rpm/__db.00[123] even more frequently - file = /var/lib/rpm/__db.00? - --file = /var/lib/acpi-support/vbestate --file = /var/lib/alsa/asound.state --file = /var/lib/apt/lists/lock --file = /var/lib/apt/lists/partial --file = /var/lib/cups/certs --file = /var/lib/cups/certs/0 --file = /var/lib/dpkg/lock --file = /var/lib/gdm --file = /var/lib/gdm/.cookie --file = /var/lib/gdm/.gdmfifo --file = /var/lib/gdm/:0.Xauth --file = /var/lib/gdm/:0.Xservers --file = /var/lib/logrotate/status --file = /var/lib/mysql --file = /var/lib/mysql/ib_logfile0 --file = /var/lib/mysql/ibdata1 --file = /var/lib/slocate --file = /var/lib/slocate/slocate.db --file = /var/lib/slocate/slocate.db.tmp --file = /var/lib/urandom --file = /var/lib/urandom/random-seed -+file = /var/lib/logrotate.status - file = /var/lib/random-seed --file = /var/lib/xkb - - - [GrowingLogFiles] -@@ -325,7 +282,7 @@ IgnoreMissing = /var/lib/slocate/slocate.db.tmp - - ## Console - ## --# PrintSeverity=info -+PrintSeverity=warn - - ## Logfile - ## -@@ -333,7 +290,7 @@ IgnoreMissing = /var/lib/slocate/slocate.db.tmp - - ## Syslog - ## --# SyslogSeverity=none -+SyslogSeverity=info - - ## Remote server (yule) - ## -@@ -556,7 +513,8 @@ ChecksumTest=check - ## and I/O limit (kilobytes per second; 0 == off) - ## to reduce load on host. - # --# SetNiceLevel = 0 -+# By default we configure samhain to be nice with everything else on the system -+SetNiceLevel = 10 - # SetIOLimit = 0 - - ## The version string to embed in file signature databases -@@ -565,13 +523,14 @@ ChecksumTest=check - - ## Interval between time stamp messages - # --# SetLoopTime = 60 --SetLoopTime = 600 -+# Log a timestamp every hour -+SetLoopTime = 3600 - - ## Interval between file checks - # - # SetFileCheckTime = 600 --SetFileCheckTime = 7200 -+# One file system check per day -+SetFileCheckTime = 86400 - - ## Alternative: crontab-like schedule - # diff --git a/external/meta-security/recipes-security/samhain/files/samhain-server-volatiles b/external/meta-security/recipes-security/samhain/files/samhain-server-volatiles deleted file mode 100644 index 6b807093..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-server-volatiles +++ /dev/null @@ -1 +0,0 @@ -d daemon daemon 0775 /var/log/yule none diff --git a/external/meta-security/recipes-security/samhain/files/samhain-server.default b/external/meta-security/recipes-security/samhain/files/samhain-server.default deleted file mode 100644 index bc3d67cd..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-server.default +++ /dev/null @@ -1,3 +0,0 @@ -# Set this to "yes" to start the server, after you configure it, of -# course. -SAMHAIN_SERVER_START="no"
\ No newline at end of file diff --git a/external/meta-security/recipes-security/samhain/files/samhain-server.init b/external/meta-security/recipes-security/samhain/files/samhain-server.init deleted file mode 100644 index c456e51c..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-server.init +++ /dev/null @@ -1,116 +0,0 @@ -#!/bin/bash -# chkconfig: 2345 98 11 -# description: File Integrity Checking Daemon -# -# processname: yule -# config : /etc/yulerc -# logfile : /var/log/yule/yule_log -# database: /var/lib/yule/yule_file -# - -NAME=yule -DAEMON=/usr/sbin/yule -RETVAL=0 -PIDFILE=/var/run/yule.pid - -. /etc/default/rcS - -. /etc/default/samhain-server - -if [ "x$SAMHAIN_SERVER_START" != "xyes" ]; then - echo "${0}: server disabled in /etc/default/samhain-server" - exit 0 -fi - -if [ -x $DAEMON ]; then - : -else - echo "${0}: executable ${DAEMON} not found" - exit 1 -fi - -samhain_done() -{ - if [ $RETVAL -eq 0 ]; then - echo "." - else - echo " failed." - fi -} - -log_stat_msg () { -case "$1" in - 0) - echo "Service $NAME: Running"; - ;; - 1) - echo "Service $NAME: Stopped and /var/run pid file exists"; - ;; - 3) - echo "Service $NAME: Stopped"; - ;; - *) - echo "Service $NAME: Status unknown"; - ;; -esac -} - -case "$1" in - start) - # - # Remove a stale PID file, if found - # - if test -f ${PIDFILE}; then - /bin/rm -f ${PIDFILE} - fi - # - echo -n "Starting ${NAME}" - start-stop-daemon --start --quiet --exec $DAEMON - RETVAL=$? - samhain_done - ;; - - stop) - echo -n "Stopping $NAME" - start-stop-daemon --stop --quiet --exec $DAEMON - RETVAL=$? - - # - # Remove a stale PID file, if found - # - if test -f ${PIDFILE}; then - /bin/rm -f ${PIDFILE} - fi - if test -S /var/run/${NAME}.sock; then - /bin/rm -f /var/run/${NAME}.sock - fi - samhain_done - ;; - - restart) - $0 stop - sleep 3 - $0 start - RETVAL=$? - ;; - - reload|force-reload) - echo -n "Reloading $NAME configuration files" - start-stop-daemon --stop --signal 1 --quiet --exec $DAEMON - RETVAL=$? - samhain_done - ;; - - status) - $DAEMON status - RETVAL=$? - log_stat_msg ${RETVAL} - ;; - - *) - echo "$0 usage: {start|stop|status|restart|reload}" - exit 1 - ;; -esac - -exit $RETVAL diff --git a/external/meta-security/recipes-security/samhain/files/samhain-sha256-big-endian.patch b/external/meta-security/recipes-security/samhain/files/samhain-sha256-big-endian.patch deleted file mode 100644 index 3065c730..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-sha256-big-endian.patch +++ /dev/null @@ -1,22 +0,0 @@ -samhain: fix sha256 for big-endian machines - -After computing the digest, big-endian machines would -memset() the digest to the first byte of state instead -of using memcpy() to transfer it. - -Upstream-Status: Pending - -Signed-off-by: Joe Slater <jslater@windriver.com> - - ---- a/src/sh_checksum.c -+++ b/src/sh_checksum.c -@@ -468,7 +468,7 @@ void SHA256_Final(sha2_byte digest[], SH - } - } - #else -- memset(d, context->state, SHA256_DIGEST_LENGTH); -+ memcpy(d, context->state, SHA256_DIGEST_LENGTH); - /* bcopy(context->state, d, SHA256_DIGEST_LENGTH); */ - #endif - } diff --git a/external/meta-security/recipes-security/samhain/files/samhain-standalone.default b/external/meta-security/recipes-security/samhain/files/samhain-standalone.default deleted file mode 100644 index 507a59f2..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-standalone.default +++ /dev/null @@ -1,3 +0,0 @@ -# Set this to "yes" to start the server, after you configure it, of -# course. -SAMHAIN_STANDALONE_START="no" diff --git a/external/meta-security/recipes-security/samhain/files/samhain-standalone.init b/external/meta-security/recipes-security/samhain/files/samhain-standalone.init deleted file mode 100644 index 2f23bffd..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain-standalone.init +++ /dev/null @@ -1,123 +0,0 @@ -#!/bin/sh -# chkconfig: 2345 99 10 -# description: File Integrity Checking Daemon -# -# processname: samhain -# config : /etc/samhainrc -# logfile : /var/log/samhain_log -# database: /var/lib/samhain/samhain_file -# - -NAME=samhain -DAEMON=/usr/sbin/samhain -RETVAL=0 -VERBOSE=yes -PIDFILE=/var/run/samhain.pid - -. /etc/default/samhain-standalone - -if [ "x$SAMHAIN_STANDALONE_START" != "xyes" ]; then - echo "${0}: samhain disabled in /etc/default/samhain-standalone" - exit 0 -fi - -if [ -x $DAEMON ]; then - : -else - echo "${0}: executable ${DAEMON} not found" - exit 1 -fi - -if [ ! -e /var/lib/samhain/samhain_file ]; then - echo "${0}: /var/lib/samhain/samhain_file does not exist. You must" - echo " run 'samhain -t init' before samhian can start." - exit 1 -fi - -samhain_done() -{ - if [ $RETVAL -eq 0 ]; then - echo "." - else - echo " failed." - fi -} - -log_stat_msg () { -case "$1" in - 0) - echo "Service $NAME: Running"; - ;; - 1) - echo "Service $NAME: Stopped and /var/run pid file exists"; - ;; - 3) - echo "Service $NAME: Stopped"; - ;; - *) - echo "Service $NAME: Status unknown"; - ;; -esac -} - -case "$1" in - start) - # - # Remove a stale PID file, if found - # - if test -f ${PIDFILE}; then - /bin/rm -f ${PIDFILE} - fi - - echo -n "Starting ${NAME}" - start-stop-daemon --start --quiet --exec $DAEMON - RETVAL=$? - samhain_done - exit $RETVAL - ;; - stop) - echo -n "Stopping $NAME" - start-stop-daemon --stop --quiet --exec $DAEMON - RETVAL=$? - samhain_done - # - # Remove a stale PID file, if found - # - if test -f ${PIDFILE}; then - /bin/rm -f ${PIDFILE} - fi - if test -S /var/run/${NAME}.sock; then - /bin/rm -f /var/run/${NAME}.sock - fi - ;; - - restart) - $0 stop - sleep 3 - $0 start - RETVAL=$? - ;; - - reload|force-reload) - echo -n "Reloading $NAME configuration files" - start-stop-daemon --stop --signal 1 --quiet --exec $DAEMON - RETVAL=$? - samhain_done - ;; - - status) - if pidof -o %PPID $DAEMON > /dev/null; then - echo "Samhain running" - RETVAL=0 - else - echo "Samhain not running" - RETVAL=1 - fi - ;; - *) - echo "$0 usage: {start|stop|status|restart|reload}" - exit 1 - ;; -esac - -exit $RETVAL diff --git a/external/meta-security/recipes-security/samhain/files/samhain.service b/external/meta-security/recipes-security/samhain/files/samhain.service deleted file mode 100644 index e4f216ab..00000000 --- a/external/meta-security/recipes-security/samhain/files/samhain.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Samhain @MODE_NAME@ Daemon -After=syslog.target network.target - -[Service] -Type=forking -RemainAfterExit=yes -ExecStart=@LIBDIR@/@SAMHAIN_HELPER@ start -ExecStop=@LIBDIR@/@SAMHAIN_HELPER@ stop - -[Install] -WantedBy=multi-user.target |