summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app-forensics/samhain/ChangeLog12
-rw-r--r--app-forensics/samhain/files/digest-samhain-2.1.33
-rw-r--r--app-forensics/samhain/files/digest-samhain-2.2.03
-rw-r--r--app-forensics/samhain/samhain-2.1.3.ebuild209
-rw-r--r--app-forensics/samhain/samhain-2.2.0.ebuild209
5 files changed, 434 insertions, 2 deletions
diff --git a/app-forensics/samhain/ChangeLog b/app-forensics/samhain/ChangeLog
index 9252712386bf..6396097271d4 100644
--- a/app-forensics/samhain/ChangeLog
+++ b/app-forensics/samhain/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for app-forensics/samhain
-# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-forensics/samhain/ChangeLog,v 1.2 2005/12/26 00:42:11 chtekk Exp $
+# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/samhain/ChangeLog,v 1.3 2006/05/24 13:10:34 chtekk Exp $
+
+*samhain-2.2.0 (24 May 2006)
+*samhain-2.1.3 (24 May 2006)
+
+ 24 May 2006; Luca Longinotti <chtekk@gentoo.org> -samhain-2.1.1a.ebuild,
+ +samhain-2.1.3.ebuild, +samhain-2.2.0.ebuild:
+ Fix bug #125035 by adding both 2.1.3 and 2.2.0 to the tree, remove 2.1.1a.
+ Fix bug #130988, the libdir is now created if not emerged in stealth mode.
26 Dec 2005; Luca Longinotti <chtekk@gentoo.org> samhain-2.1.1a.ebuild:
Fix bug #116739.
diff --git a/app-forensics/samhain/files/digest-samhain-2.1.3 b/app-forensics/samhain/files/digest-samhain-2.1.3
new file mode 100644
index 000000000000..861d02ea8c71
--- /dev/null
+++ b/app-forensics/samhain/files/digest-samhain-2.1.3
@@ -0,0 +1,3 @@
+MD5 bc85d4ce0d92cea47eab3e355bb0341f samhain_signed-2.1.3.tar.gz 1326778
+RMD160 26d3b2519d33a814d122e214a1b35a2f82534112 samhain_signed-2.1.3.tar.gz 1326778
+SHA256 351efd78f0f07a9d3eb128c7f1bb8959e32c0a783632890ab850365e9dfd1a5f samhain_signed-2.1.3.tar.gz 1326778
diff --git a/app-forensics/samhain/files/digest-samhain-2.2.0 b/app-forensics/samhain/files/digest-samhain-2.2.0
new file mode 100644
index 000000000000..a8b877eed76f
--- /dev/null
+++ b/app-forensics/samhain/files/digest-samhain-2.2.0
@@ -0,0 +1,3 @@
+MD5 a645a9d669f654e0273dd48c26f1daf3 samhain_signed-2.2.0.tar.gz 1520179
+RMD160 c61e9b1bd71ff3e2a8592badef788a4aba26f22b samhain_signed-2.2.0.tar.gz 1520179
+SHA256 6b02ccae95a46c831569026d43da517440213f6d407cd1bd19a287114167554a samhain_signed-2.2.0.tar.gz 1520179
diff --git a/app-forensics/samhain/samhain-2.1.3.ebuild b/app-forensics/samhain/samhain-2.1.3.ebuild
new file mode 100644
index 000000000000..df40dd1590b3
--- /dev/null
+++ b/app-forensics/samhain/samhain-2.1.3.ebuild
@@ -0,0 +1,209 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/samhain/samhain-2.1.3.ebuild,v 1.1 2006/05/24 13:10:34 chtekk Exp $
+
+KEYWORDS="~x86"
+DESCRIPTION="Advanced file integrity and intrusion detection tool."
+HOMEPAGE="http://la-samhna.de/samhain/"
+SRC_URI="http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="crypt debug login-watch mounts-check mysql netclient netserver postgres prelude static suidcheck userfiles xml"
+
+RESTRICT="nostrip"
+
+DEPEND="crypt? ( >=app-crypt/gnupg-1.2 )
+ mysql? ( >=dev-db/mysql-3.23.26 )
+ postgres? ( >=dev-db/postgresql-7.2 )
+ prelude? ( >=dev-libs/libprelude-0.8.10 )
+ >=sys-apps/sed-4
+ app-arch/tar
+ app-arch/gzip"
+
+# Samhain stealth mode options
+#
+# If you would like to enable stealth mode, please set and uncomment the
+# following options or pass them as enviroment variables when emerging
+# the package (like INSTALL_NAME="asd" emerge samhain).
+# If you set the variables here, don't forget to redigest the ebuild by
+# issuing 'ebuild samhain-2.1.1a.ebuild digest', also remember that with
+# your next emerge sync, the changes to the ebuild will be lost!
+#
+# Read the Samhain manual for additional information.
+#
+# STEALTH should be set to either 'full' or 'micro' (mandatory)
+#STEALTH=""
+#
+# XOR_VALUE should be a whole number from 128 to 255 (mandatory)
+#XOR_VALUE=""
+#
+# INSTALL_NAME can be set to change the name of the Samhain binaries
+# to the name you specify (optional)
+#INSTALL_NAME=""
+
+if [[ "${STEALTH}" == "full" ]] ; then
+ RDEPEND="media-gfx/imagemagick"
+fi
+
+pkg_setup() {
+ if use static ; then
+ if use postgres || use prelude ; then
+ ewarn "At the moment it isn't possible to build a static Samhain with"
+ ewarn "Prelude and/or PostgreSQL support on Gentoo, the compilation"
+ ewarn "fails during the linking process."
+ echo
+ ewarn "This will be looked at and fixed in the future, in the meantime,"
+ ewarn "patches to fix this are always welcome and appreciated! ;)"
+ ewarn "(Open a bug on bugs.gentoo.org for them or send them to"
+ ewarn "the maintainer directly, thanks!)"
+ die "Please turn the 'postgres' and/or 'prelude' USE flags off when building with 'static'"
+ fi
+ fi
+
+ if use mysql && use postgres ; then
+ ewarn "You cannot compile both database backends into Samhain at once,"
+ ewarn "you need to choose between MySQL or PostgreSQL and disable the"
+ ewarn "one you don't want to use."
+ die "Please choose between 'mysql' or 'postgres' USE flags"
+ fi
+}
+
+src_unpack() {
+ unpack ${A}
+ tar -xzf "samhain-${PV}.tar.gz"
+}
+
+src_compile() {
+ local myconf
+
+ if use crypt ; then
+ myconf="${myconf} --with-gpg=/usr/bin/gpg --with-checksum=no"
+
+ if [[ -n "${KEY_FPR}" ]] ; then
+ einfo "Setting built-in key fingerprint to ${KEY_FPR}"
+ FPR=`echo ${KEY_FPR} | sed "s/ //g"`
+ myconf="${myconf} --with-fp=${FPR}"
+ fi
+ fi
+
+ if [[ -n "${STEALTH}" ]] ; then
+ [[ -z "${XOR_VALUE}" ]] && die "Variable XOR_VALUE must be set for stealth mode"
+ echo
+ einfo "Enabling stealth mode '${STEALTH}', setting XOR_VALUE to ${XOR_VALUE}"
+
+ if [[ "${STEALTH}" == "full" ]] ; then
+ myconf="${myconf} --enable-stealth=${XOR_VALUE}"
+ sed -e "s:STEGIN=@stegin_prg@:STEGIN=:g" -i samhain-install.sh.in
+ elif [[ "${STEALTH}" == "micro" ]] ; then
+ myconf="${myconf} --enable-micro-stealth=${XOR_VALUE}"
+ else
+ die "STEALTH must be set to either 'full' or 'micro'"
+ fi
+
+ if [[ -n "${INSTALL_NAME}" ]] ; then
+ echo
+ einfo "Setting alternative samhain name to ${INSTALL_NAME}"
+ echo
+ myconf="${myconf} --enable-install-name=${INSTALL_NAME}"
+ fi
+ fi
+
+ use mysql && myconf="${myconf} --with-database=mysql --enable-xml-log"
+ use postgres && myconf="${myconf} --with-database=postgresql --enable-xml-log"
+ use prelude && myconf="${myconf} --with-prelude --with-libprelude-prefix=/usr"
+ use xml && myconf="${myconf} --enable-xml-log"
+ use static && myconf="${myconf} --enable-static"
+ use debug && myconf="${myconf} --enable-debug"
+
+ use netclient && myconf="${myconf} --enable-network=client"
+ use netserver && myconf="${myconf} --enable-network=server"
+
+ use login-watch && myconf="${myconf} --enable-login-watch"
+ use mounts-check && myconf="${myconf} --enable-mounts-check"
+ use suidcheck && myconf="${myconf} --enable-suidcheck"
+ use userfiles && myconf="${myconf} --enable-userfiles"
+
+ myconf="${myconf} --localstatedir=/var"
+
+ econf ${myconf} || die "configure failed"
+ make || die "compile failed"
+}
+
+src_install() {
+ make DESTDIR="${D}" install || die "make install failed"
+
+ rm -Rf "${D}/var/log"
+ rm -Rf "${D}/var/run"
+ rm -Rf "${D}/var/state"
+
+ if [[ -n "${STEALTH}" ]] ; then
+ rm -Rf "${D}/usr/share"
+ else
+ dodoc COPYING LICENSE docs/BUGS docs/MANUAL* docs/README* docs/TODO docs/*.txt
+ dohtml docs/*.html
+ docinto scripts
+ dodoc scripts/*
+ insinto /etc
+ insopts -m0600
+ newins samhainrc.linux samhainrc
+ exeinto /etc/init.d
+ newexe init/samhain.startGentoo samhain
+ keepdir "/var/lib/samhain"
+ fi
+
+ if use netserver ; then
+ keepdir "/var/lib/yule"
+ chown daemon:daemon "${D}/var/lib/yule"
+ keepdir "/var/log/yule"
+ chown daemon:daemon "${D}/var/log/yule"
+ fi
+}
+
+pkg_postinst() {
+ if [[ -n "${STEALTH}" ]] ; then
+ echo
+ einfo "Manual pages, documentation, and init script were NOT installed in order to"
+ einfo "obscure Samhain's presence. You should also remove samhain's installation"
+ einfo "traces from /var/cache/edb/world and /var/db/pkg."
+ fi
+
+ if [[ "${STEALTH}" == "full" ]] ; then
+ echo
+ einfo "In stealth mode, the configuration file must be steganographically hidden"
+ einfo "in a postscript image file. The sample config has been created this way by"
+ einfo "the installation process. Use the samhain_stealth utility to modify or"
+ einfo "create your own configuration file."
+ fi
+
+ if [[ -z "${KEY_FPR}" ]] ; then
+ echo
+ ewarn "GnuPG support has been enabled, but fingerprint verification will be"
+ ewarn "ignored. To enable fingerprint verification (strongly recommended),"
+ ewarn "you must re-emerge this package with the KEY_FPR variable set to"
+ ewarn "your default signing key fingerprint."
+ ewarn "Please read the Samhain manual for more details."
+ echo
+ einfo "Enabling GnuPG support in Samhain requires that you sign your configuration"
+ einfo "and and database files. Please run the following commands as root:"
+ einfo
+ einfo " gpg -a --clearsign --not-dash-escaped /etc/samhainrc"
+ einfo " mv /etc/samhainrc.asc /etc/samhainrc"
+ einfo " chmod 600 /etc/samhainrc"
+ einfo
+ einfo "Run the same commands on /var/lib/samhain/samhain_file after initialization."
+ fi
+
+ echo
+ einfo "Be sure to check your settings in /etc/samhainrc. When ready, run:"
+ einfo " samhain -t init"
+ einfo "to initialize Samhain."
+
+ echo
+ einfo "Samhain stealth-mode options are also available. Please view the comments"
+ einfo "in the Samhain ebuild for further configuration instructions."
+
+ echo
+ ewarn "Please be sure to read the Samhain manual to understand and correctly"
+ ewarn "configure the Samhain utility."
+ ewarn "HTML version available for viewing at http://la-samhna.de/samhain/manual/ ."
+}
diff --git a/app-forensics/samhain/samhain-2.2.0.ebuild b/app-forensics/samhain/samhain-2.2.0.ebuild
new file mode 100644
index 000000000000..a0911a6cccd6
--- /dev/null
+++ b/app-forensics/samhain/samhain-2.2.0.ebuild
@@ -0,0 +1,209 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/samhain/samhain-2.2.0.ebuild,v 1.1 2006/05/24 13:10:34 chtekk Exp $
+
+KEYWORDS="~x86"
+DESCRIPTION="Advanced file integrity and intrusion detection tool."
+HOMEPAGE="http://la-samhna.de/samhain/"
+SRC_URI="http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="crypt debug login-watch mounts-check mysql netclient netserver postgres prelude static suidcheck userfiles xml"
+
+RESTRICT="nostrip"
+
+DEPEND="crypt? ( >=app-crypt/gnupg-1.2 )
+ mysql? ( >=dev-db/mysql-3.23.26 )
+ postgres? ( >=dev-db/postgresql-7.2 )
+ prelude? ( >=dev-libs/libprelude-0.8.10 )
+ >=sys-apps/sed-4
+ app-arch/tar
+ app-arch/gzip"
+
+# Samhain stealth mode options
+#
+# If you would like to enable stealth mode, please set and uncomment the
+# following options or pass them as enviroment variables when emerging
+# the package (like INSTALL_NAME="asd" emerge samhain).
+# If you set the variables here, don't forget to redigest the ebuild by
+# issuing 'ebuild samhain-2.1.1a.ebuild digest', also remember that with
+# your next emerge sync, the changes to the ebuild will be lost!
+#
+# Read the Samhain manual for additional information.
+#
+# STEALTH should be set to either 'full' or 'micro' (mandatory)
+#STEALTH=""
+#
+# XOR_VALUE should be a whole number from 128 to 255 (mandatory)
+#XOR_VALUE=""
+#
+# INSTALL_NAME can be set to change the name of the Samhain binaries
+# to the name you specify (optional)
+#INSTALL_NAME=""
+
+if [[ "${STEALTH}" == "full" ]] ; then
+ RDEPEND="media-gfx/imagemagick"
+fi
+
+pkg_setup() {
+ if use static ; then
+ if use postgres || use prelude ; then
+ ewarn "At the moment it isn't possible to build a static Samhain with"
+ ewarn "Prelude and/or PostgreSQL support on Gentoo, the compilation"
+ ewarn "fails during the linking process."
+ echo
+ ewarn "This will be looked at and fixed in the future, in the meantime,"
+ ewarn "patches to fix this are always welcome and appreciated! ;)"
+ ewarn "(Open a bug on bugs.gentoo.org for them or send them to"
+ ewarn "the maintainer directly, thanks!)"
+ die "Please turn the 'postgres' and/or 'prelude' USE flags off when building with 'static'"
+ fi
+ fi
+
+ if use mysql && use postgres ; then
+ ewarn "You cannot compile both database backends into Samhain at once,"
+ ewarn "you need to choose between MySQL or PostgreSQL and disable the"
+ ewarn "one you don't want to use."
+ die "Please choose between 'mysql' or 'postgres' USE flags"
+ fi
+}
+
+src_unpack() {
+ unpack ${A}
+ tar -xzf "samhain-${PV}.tar.gz"
+}
+
+src_compile() {
+ local myconf
+
+ if use crypt ; then
+ myconf="${myconf} --with-gpg=/usr/bin/gpg --with-checksum=no"
+
+ if [[ -n "${KEY_FPR}" ]] ; then
+ einfo "Setting built-in key fingerprint to ${KEY_FPR}"
+ FPR=`echo ${KEY_FPR} | sed "s/ //g"`
+ myconf="${myconf} --with-fp=${FPR}"
+ fi
+ fi
+
+ if [[ -n "${STEALTH}" ]] ; then
+ [[ -z "${XOR_VALUE}" ]] && die "Variable XOR_VALUE must be set for stealth mode"
+ echo
+ einfo "Enabling stealth mode '${STEALTH}', setting XOR_VALUE to ${XOR_VALUE}"
+
+ if [[ "${STEALTH}" == "full" ]] ; then
+ myconf="${myconf} --enable-stealth=${XOR_VALUE}"
+ sed -e "s:STEGIN=@stegin_prg@:STEGIN=:g" -i samhain-install.sh.in
+ elif [[ "${STEALTH}" == "micro" ]] ; then
+ myconf="${myconf} --enable-micro-stealth=${XOR_VALUE}"
+ else
+ die "STEALTH must be set to either 'full' or 'micro'"
+ fi
+
+ if [[ -n "${INSTALL_NAME}" ]] ; then
+ echo
+ einfo "Setting alternative samhain name to ${INSTALL_NAME}"
+ echo
+ myconf="${myconf} --enable-install-name=${INSTALL_NAME}"
+ fi
+ fi
+
+ use mysql && myconf="${myconf} --with-database=mysql --enable-xml-log"
+ use postgres && myconf="${myconf} --with-database=postgresql --enable-xml-log"
+ use prelude && myconf="${myconf} --with-prelude --with-libprelude-prefix=/usr"
+ use xml && myconf="${myconf} --enable-xml-log"
+ use static && myconf="${myconf} --enable-static"
+ use debug && myconf="${myconf} --enable-debug"
+
+ use netclient && myconf="${myconf} --enable-network=client"
+ use netserver && myconf="${myconf} --enable-network=server"
+
+ use login-watch && myconf="${myconf} --enable-login-watch"
+ use mounts-check && myconf="${myconf} --enable-mounts-check"
+ use suidcheck && myconf="${myconf} --enable-suidcheck"
+ use userfiles && myconf="${myconf} --enable-userfiles"
+
+ myconf="${myconf} --localstatedir=/var"
+
+ econf ${myconf} || die "configure failed"
+ make || die "compile failed"
+}
+
+src_install() {
+ make DESTDIR="${D}" install || die "make install failed"
+
+ rm -Rf "${D}/var/log"
+ rm -Rf "${D}/var/run"
+ rm -Rf "${D}/var/state"
+
+ if [[ -n "${STEALTH}" ]] ; then
+ rm -Rf "${D}/usr/share"
+ else
+ dodoc COPYING LICENSE docs/BUGS docs/MANUAL* docs/README* docs/TODO docs/*.txt
+ dohtml docs/*.html
+ docinto scripts
+ dodoc scripts/*
+ insinto /etc
+ insopts -m0600
+ newins samhainrc.linux samhainrc
+ exeinto /etc/init.d
+ newexe init/samhain.startGentoo samhain
+ keepdir "/var/lib/samhain"
+ fi
+
+ if use netserver ; then
+ keepdir "/var/lib/yule"
+ chown daemon:daemon "${D}/var/lib/yule"
+ keepdir "/var/log/yule"
+ chown daemon:daemon "${D}/var/log/yule"
+ fi
+}
+
+pkg_postinst() {
+ if [[ -n "${STEALTH}" ]] ; then
+ echo
+ einfo "Manual pages, documentation, and init script were NOT installed in order to"
+ einfo "obscure Samhain's presence. You should also remove samhain's installation"
+ einfo "traces from /var/cache/edb/world and /var/db/pkg."
+ fi
+
+ if [[ "${STEALTH}" == "full" ]] ; then
+ echo
+ einfo "In stealth mode, the configuration file must be steganographically hidden"
+ einfo "in a postscript image file. The sample config has been created this way by"
+ einfo "the installation process. Use the samhain_stealth utility to modify or"
+ einfo "create your own configuration file."
+ fi
+
+ if [[ -z "${KEY_FPR}" ]] ; then
+ echo
+ ewarn "GnuPG support has been enabled, but fingerprint verification will be"
+ ewarn "ignored. To enable fingerprint verification (strongly recommended),"
+ ewarn "you must re-emerge this package with the KEY_FPR variable set to"
+ ewarn "your default signing key fingerprint."
+ ewarn "Please read the Samhain manual for more details."
+ echo
+ einfo "Enabling GnuPG support in Samhain requires that you sign your configuration"
+ einfo "and and database files. Please run the following commands as root:"
+ einfo
+ einfo " gpg -a --clearsign --not-dash-escaped /etc/samhainrc"
+ einfo " mv /etc/samhainrc.asc /etc/samhainrc"
+ einfo " chmod 600 /etc/samhainrc"
+ einfo
+ einfo "Run the same commands on /var/lib/samhain/samhain_file after initialization."
+ fi
+
+ echo
+ einfo "Be sure to check your settings in /etc/samhainrc. When ready, run:"
+ einfo " samhain -t init"
+ einfo "to initialize Samhain."
+
+ echo
+ einfo "Samhain stealth-mode options are also available. Please view the comments"
+ einfo "in the Samhain ebuild for further configuration instructions."
+
+ echo
+ ewarn "Please be sure to read the Samhain manual to understand and correctly"
+ ewarn "configure the Samhain utility."
+ ewarn "HTML version available for viewing at http://la-samhna.de/samhain/manual/ ."
+}