[1] | 1 | #
|
---|
| 2 | # Accepted parameters for 'rpmbuild':
|
---|
| 3 | #
|
---|
| 4 | # --with tests - make tests before building
|
---|
| 5 |
|
---|
| 6 | Summary: File integrity and host-based IDS
|
---|
| 7 | Name: @install_name@
|
---|
| 8 | Version: @VERSION@
|
---|
| 9 | Release: 1
|
---|
| 10 | License: GPL
|
---|
| 11 | Group: System Environment/Base
|
---|
| 12 | Source: samhain-%{version}.tar.gz
|
---|
| 13 | BuildRoot: %{_tmppath}/samhain-%{version}-root
|
---|
| 14 | Packager: Andre Oliveira da Costa <brblueser@uol.com.br>
|
---|
| 15 | Provides: %{name}
|
---|
[532] | 16 | %if 0%{?suse_version}
|
---|
| 17 | Requires(pre): shadow
|
---|
| 18 | %else
|
---|
[415] | 19 | Requires(pre): shadow-utils
|
---|
[532] | 20 | %endif
|
---|
[1] | 21 |
|
---|
[170] | 22 | # dummy (fix configure warning)
|
---|
| 23 | # datarootdir = @datarootdir@
|
---|
| 24 |
|
---|
[1] | 25 | # no quotes here - aparently will be expanded literally
|
---|
| 26 |
|
---|
[415] | 27 | %define password %(echo $PASSWORD)
|
---|
| 28 |
|
---|
[1] | 29 | %define withpwd_prg x@clmytclient@
|
---|
| 30 | %define withstg_prg x@stegin_prg@
|
---|
| 31 |
|
---|
| 32 | # disable automatic stripping of binaries upon installation
|
---|
| 33 | %define __spec_install_post %{nil}
|
---|
| 34 | # required because DeadRat wants to package some debug info otherwise
|
---|
| 35 | # (this debug info would be created by debug_install_post called
|
---|
| 36 | # from spec_install_post)
|
---|
| 37 | %define debug_package %{nil}
|
---|
| 38 | # Use internal dependency generator rather than external helpers?
|
---|
| 39 | %define _use_internal_dependency_generator 0
|
---|
| 40 |
|
---|
| 41 | %description
|
---|
| 42 | @install_name@ is an open source file integrity and host-based intrusion
|
---|
| 43 | detection system for Linux and Unix. It can run as a daemon process, and
|
---|
| 44 | and thus can remember file changes -- contrary to a tool that runs from
|
---|
| 45 | cron, if a file is modified you will get only one report, while
|
---|
| 46 | subsequent checks of that file will ignore the modification as it is
|
---|
| 47 | already reported (unless the file is modified again).
|
---|
| 48 |
|
---|
| 49 | @install_name@ can optionally be used as client/server system to provide
|
---|
| 50 | centralized monitoring for multiple host. Logging to a (MySQL or
|
---|
| 51 | PostgreSQL) database is supported.
|
---|
| 52 |
|
---|
| 53 | NOTE: for security reasons, if you distribute binary executables to
|
---|
| 54 | third parties you should point out the use of the --add-key option to
|
---|
| 55 | modify the key material within the executable.
|
---|
| 56 | This spec file is intended to facilitate installation on YOUR system.
|
---|
| 57 | If you use this spec file to build a SRPM for distribution to third parties,
|
---|
| 58 | make sure to remove the --enable-base configure option below.
|
---|
| 59 |
|
---|
| 60 | %prep
|
---|
| 61 | %setup -q -n samhain-%{version}
|
---|
| 62 |
|
---|
| 63 | %build
|
---|
| 64 | %if %{?_with_tests:1}%{!?_with_tests:0}
|
---|
| 65 | # test installation (test #7 is only included if --with gpg has been
|
---|
| 66 | # specified)
|
---|
| 67 | for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done
|
---|
| 68 | %endif
|
---|
| 69 | #
|
---|
| 70 | # configure with the user-supplied arguments to './configure'
|
---|
| 71 | #
|
---|
| 72 | ./configure @mydefargs@
|
---|
| 73 | make
|
---|
[415] | 74 | %if "%{withpwd_prg}" == "xDSH_WITH_CLIENT"
|
---|
[547] | 75 | %if "%{password}" != ""
|
---|
[415] | 76 | ./samhain_setpwd samhain new %{password}
|
---|
| 77 | mv samhain samhain.old
|
---|
| 78 | mv samhain.new samhain
|
---|
| 79 | %endif
|
---|
| 80 | %endif
|
---|
[1] | 81 |
|
---|
[415] | 82 |
|
---|
[1] | 83 | %install
|
---|
| 84 | rm -rf ${RPM_BUILD_ROOT}
|
---|
| 85 | # sstrip shouldn't be used since binaries will be stripped later
|
---|
| 86 | ## cat << EOF > sstrip
|
---|
| 87 | ## #!/bin/sh
|
---|
| 88 | ## echo "*** SSTRIP DISABLED ***"
|
---|
| 89 | ## EOF
|
---|
| 90 | make DESTDIR=${RPM_BUILD_ROOT} install
|
---|
| 91 | # copy script files to /var/lib/samhain so that we can use them right
|
---|
| 92 | # after the package is installed
|
---|
| 93 | #
|
---|
[548] | 94 | install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB init/samhain.startSystemd ${RPM_BUILD_ROOT}@mydataroot@
|
---|
[1] | 95 | #
|
---|
| 96 | # file list (helpful advice from Lars Kellogg-Stedman)
|
---|
| 97 | #
|
---|
| 98 | echo "@sbindir@/@install_name@" > sh_file_list
|
---|
| 99 | find %{buildroot}/lib/modules \! -type d -print | \
|
---|
| 100 | sed 's,%{buildroot},,' >> sh_file_list
|
---|
| 101 |
|
---|
| 102 | %clean
|
---|
| 103 | rm -rf ${RPM_BUILD_ROOT}
|
---|
| 104 |
|
---|
[415] | 105 | %pre
|
---|
| 106 | if test "x@install_name@" = "xyule"
|
---|
| 107 | then
|
---|
| 108 | getent group samhain >/dev/null || groupadd -r samhain
|
---|
| 109 | getent passwd yule >/dev/null || \
|
---|
| 110 | useradd -r -g samhain -d @mydataroot@ -s /sbin/nologin \
|
---|
| 111 | -c "samhain server daemon" yule
|
---|
| 112 |
|
---|
| 113 | fi
|
---|
| 114 | exit 0
|
---|
| 115 |
|
---|
[1] | 116 | %post
|
---|
| 117 | if [ "$1" -ge 1 ]; then
|
---|
| 118 | # Activate boot-time start up
|
---|
| 119 | cd @mydataroot@
|
---|
[390] | 120 | /bin/sh ./samhain-install.sh --verbose install-boot
|
---|
[1] | 121 | rm -f ./samhain.startLSB
|
---|
| 122 | rm -f ./samhain.startLinux
|
---|
[548] | 123 | rm -f ./samhain.startSystemd
|
---|
[1] | 124 | if [ -f @sbindir@/@install_name@_stealth ]; then
|
---|
| 125 | rm -f samhain-install.sh
|
---|
| 126 | fi
|
---|
| 127 | shkeep=yes
|
---|
| 128 | if test x"$shkeep" = xno; then
|
---|
| 129 | rm -f ./samhain-install.sh
|
---|
| 130 | rm -f @sbindir@/@install_name@_stealth
|
---|
| 131 | fi
|
---|
| 132 | fi
|
---|
| 133 | if [ "$1" = 1 ]; then
|
---|
| 134 | if test -f /usr/lib/lsb/install_initd; then
|
---|
| 135 | /usr/lib/lsb/install_initd /etc/init.d/@install_name@
|
---|
| 136 | fi
|
---|
| 137 | fi
|
---|
| 138 |
|
---|
| 139 | %if "%{name}" != "yule"
|
---|
| 140 | cat << EOF
|
---|
| 141 |
|
---|
| 142 | Samhain is installed but is NOT running yet, and the database of
|
---|
| 143 | file signatures is NOT initialized yet. Read the documentation,
|
---|
| 144 | review configuration files, and then (i) initialize it
|
---|
| 145 | (@sbindir@/samhain -t init)
|
---|
| 146 | and (ii) start it manually
|
---|
| 147 | (@sbindir@/samhain start).
|
---|
| 148 |
|
---|
| 149 | It is configured to start automatically on the next boot for runlevels
|
---|
| 150 | [2-5].
|
---|
| 151 |
|
---|
| 152 | EOF
|
---|
| 153 | %endif
|
---|
| 154 | %if "%{name}" == "yule"
|
---|
| 155 | cat << EOF
|
---|
| 156 |
|
---|
| 157 | Yule is installed but is NOT running yet, read the documentation,
|
---|
| 158 | review configuration files, and then start it
|
---|
| 159 | (@sbindir@/yule)
|
---|
| 160 |
|
---|
| 161 | It is configured to start automatically on the next boot for runlevels
|
---|
| 162 | [2-5].
|
---|
| 163 |
|
---|
| 164 | EOF
|
---|
| 165 | %endif
|
---|
| 166 |
|
---|
| 167 | %preun
|
---|
| 168 | # stop running instance of samhain, if any
|
---|
| 169 | if [ -f @mylockdir@/%{name}.pid ]; then
|
---|
| 170 | @sbindir@/@install_name@ stop
|
---|
| 171 | fi
|
---|
| 172 | if [ "$1" = 0 ]; then
|
---|
| 173 | # remove boot-time scripts and links
|
---|
| 174 | cd @mydataroot@
|
---|
| 175 | if [ -f ./samhain-install.sh ]; then
|
---|
[390] | 176 | /bin/sh ./samhain-install.sh --verbose uninstall-boot
|
---|
[1] | 177 | else
|
---|
| 178 | if test -f /usr/lib/lsb/remove_initd; then
|
---|
| 179 | /usr/lib/lsb/remove_initd /etc/init.d/@install_name@
|
---|
| 180 | fi
|
---|
| 181 | rm -f /etc/init.d/@install_name@
|
---|
| 182 | fi
|
---|
| 183 | fi
|
---|
| 184 |
|
---|
| 185 |
|
---|
| 186 |
|
---|
| 187 | %files -f sh_file_list
|
---|
| 188 | %defattr(-,root,root)
|
---|
[547] | 189 | %if "@mylockdir@" != "/run" || "@mylockdir@" != "/var/run"
|
---|
| 190 | %dir @mylockdir@
|
---|
| 191 | %endif
|
---|
| 192 | %if "@mylogdir@" != "/var/log"
|
---|
| 193 | %dir @mylogdir@
|
---|
| 194 | %endif
|
---|
[495] | 195 | %doc docs/BUGS COPYING docs/Changelog
|
---|
[481] | 196 | %doc LICENSE docs/FAQ.html docs/HOWTO* docs/MANUAL-2_4.* docs/README*
|
---|
[1] | 197 | @mydataroot@
|
---|
| 198 | %if "%{withstg_prg}" == "xsamhain_stealth"
|
---|
| 199 | @sbindir@/@install_name@_stealth
|
---|
| 200 | %endif
|
---|
| 201 | %if "%{withpwd_prg}" == "xDSH_WITH_CLIENT"
|
---|
| 202 | @sbindir@/@install_name@_setpwd
|
---|
| 203 | %endif
|
---|
| 204 | %if "%{withpwd_prg}" == "xDSH_WITH_SERVER"
|
---|
| 205 | @sbindir@/@install_name@ctl
|
---|
[532] | 206 | @sbindir@/@install_name@admin.pl
|
---|
[1] | 207 | %exclude @sbindir@/@install_name@_setpwd
|
---|
| 208 | %endif
|
---|
| 209 | %attr(644,root,root) @mandir@/man5/@install_name@*
|
---|
| 210 | %attr(644,root,root) @mandir@/man8/@install_name@*
|
---|
[412] | 211 | %attr(644,root,root) /etc/logrotate.d/@install_name@
|
---|
[415] | 212 | %if "%{name}" == "yule"
|
---|
| 213 | %attr(750,root,samhain) @mydataroot@
|
---|
| 214 | %attr(750,yule,samhain) @mylogdir@
|
---|
| 215 | %endif
|
---|
[1] | 216 | %config(noreplace) @myrpmconffile@
|
---|
| 217 |
|
---|
| 218 | %changelog
|
---|
[547] | 219 | * Wed May 01 2019 Rainer Wichmann
|
---|
| 220 | - remove obsolete part fpr sh_lkm
|
---|
| 221 | - add fixes by Franky Van L. (password, directory ownership)
|
---|
| 222 |
|
---|
[532] | 223 | * Mon Dec 18 2017 Rainer Wichmann
|
---|
| 224 | - patch for SLES12 by Pirmin
|
---|
| 225 | - fix missing yuleadmin.pl file
|
---|
| 226 |
|
---|
[415] | 227 | * Tue Oct 23 2012 Rainer Wichmann
|
---|
| 228 | - fixes for yule installation
|
---|
| 229 |
|
---|
[34] | 230 | * Tue May 16 2006 Rainer Wichmann
|
---|
| 231 | - fix manual version, noticed by Imre Gergely
|
---|
| 232 |
|
---|
[1] | 233 | * Tue Apr 05 2005 Rainer Wichmann
|
---|
| 234 | - disable automatic stripping, use sstrip
|
---|
| 235 |
|
---|
| 236 | * Thu Mar 17 2005 Rainer Wichmann
|
---|
| 237 | - fixes for enable-khide
|
---|
| 238 |
|
---|
| 239 | * Wed Oct 20 2004 Rainer Wichmann
|
---|
| 240 | - more fixes for client/server detection
|
---|
| 241 | - fix for samhain_stealth
|
---|
| 242 |
|
---|
| 243 | * Sun Aug 15 2004 Rainer Wichmann
|
---|
| 244 | - fix detection of client/server
|
---|
| 245 |
|
---|
| 246 | * Sat Jun 19 2004 Rainer Wichmann
|
---|
| 247 | - replace ./test.sh $i with make test$i
|
---|
| 248 | - add logic for rpm-light (remove some more files after install)
|
---|
| 249 | - make postun posix compliant (avoid empty argument list for rm -f)
|
---|
| 250 |
|
---|
| 251 | * Wed Dec 31 2003 Stijn Jonker <sjcjonker@sjc.nl>
|
---|
| 252 | - Fixed correctly build of yule-*-rpm
|
---|
| 253 | - Fixed excluding of yule_setpwd, and including of yulectl on yule build
|
---|
| 254 | - Fixed including of samhain_setpwd in samhain client build
|
---|
| 255 | - Above changes required for correct build in newer rpms,
|
---|
| 256 | with defaults for abort on unpacked files due to
|
---|
| 257 | %_unpackaged_files_terminate_build 1 setting
|
---|
| 258 | - Fixed installation text for yule, not to display samhain text
|
---|
| 259 | - Added /sbin/chkconfig install_name on to enable the rc scripts
|
---|
| 260 |
|
---|
| 261 | * Thu Dec 11 2003 Christian Vanguers <cva at molis dot be>
|
---|
| 262 | - Fixed typo in samhain.spec
|
---|
| 263 | - Compiled on RedHat Enterprise Linux ES 3
|
---|
| 264 |
|
---|
| 265 | * Thu Mar 26 2003 Rainer Wichmann
|
---|
| 266 | - strip REQ_FROM_SERVER in config file path (%config(noreplace) ...)
|
---|
| 267 |
|
---|
| 268 | * Sun Jan 12 2003 Rainer Wichmann <support at la-samhna dot de>
|
---|
| 269 | - replace %configure with ./configure
|
---|
| 270 |
|
---|
| 271 | * Tue Dec 24 2002 Rainer Wichmann <support at la-samhna dot de>
|
---|
| 272 | - backported applicable changes to samhain.spec.in
|
---|
| 273 | - warn user that database must be initialized
|
---|
| 274 | - fix version of MANUAL in '%files'
|
---|
| 275 | - test for chkconfig, use only if found
|
---|
| 276 |
|
---|
| 277 | * Sun Dec 22 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.7.0
|
---|
| 278 | - fixed typo with _usr macro on ./configure
|
---|
| 279 | - stops running samhain before uninstall
|
---|
| 280 | - implemented conditionals to allow proper uninstalls/upgrades
|
---|
| 281 | - 'BuildPreReq: gpg' is considered only if '--with gpg' is provided
|
---|
| 282 | - run 'chkconfig' to activate samhain after installation
|
---|
| 283 | - warn user that samhain must be manually started after
|
---|
| 284 | install/upgrade
|
---|
| 285 |
|
---|
| 286 | * Fri Dec 20 2002 Rainer Wichmann <support at la-samhna dot de>
|
---|
| 287 | - backported to samhain.spec.in (take over user's choices from configure)
|
---|
| 288 | - also save samhain.startLSB and samhain.startSuSE for install-boot
|
---|
| 289 |
|
---|
| 290 | * Thu Dec 19 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
|
---|
| 291 | - optional parameters '--with gpg' and '--with tests'
|
---|
| 292 | - use of pre-defined macros whenever possible
|
---|
| 293 |
|
---|
| 294 | * Wed Dec 18 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
|
---|
| 295 | - Fixed installation process, avoiding hardcoded paths on the binaries
|
---|
| 296 | (thks to samhain's author Rainer Wichmann)
|
---|
| 297 |
|
---|
| 298 | * Mon Dec 16 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
|
---|
| 299 | - First attempt to build from sources
|
---|
| 300 |
|
---|