| 1 | # | 
|---|
| 2 | # Accepted parameters for 'rpmbuild': | 
|---|
| 3 | # | 
|---|
| 4 | # --with tests          - make tests before building | 
|---|
| 5 |  | 
|---|
| 6 | Summary: File integrity and host-based IDS | 
|---|
| 7 | Name: @install_name@ | 
|---|
| 8 | Version: @VERSION@ | 
|---|
| 9 | Release: 1 | 
|---|
| 10 | License: GPL | 
|---|
| 11 | Group: System Environment/Base | 
|---|
| 12 | Source: samhain-%{version}.tar.gz | 
|---|
| 13 | BuildRoot: %{_tmppath}/samhain-%{version}-root | 
|---|
| 14 | Packager: Andre Oliveira da Costa <brblueser@uol.com.br> | 
|---|
| 15 | Provides: %{name} | 
|---|
| 16 | %if 0%{?suse_version} | 
|---|
| 17 | Requires(pre): shadow | 
|---|
| 18 | %else | 
|---|
| 19 | Requires(pre): shadow-utils | 
|---|
| 20 | %endif | 
|---|
| 21 |  | 
|---|
| 22 | # dummy (fix configure warning) | 
|---|
| 23 | # datarootdir = @datarootdir@ | 
|---|
| 24 |  | 
|---|
| 25 | # no quotes here - aparently will be expanded literally | 
|---|
| 26 |  | 
|---|
| 27 | %define password %(echo $PASSWORD) | 
|---|
| 28 |  | 
|---|
| 29 | %define withpwd_prg x@clmytclient@ | 
|---|
| 30 | %define withstg_prg x@stegin_prg@ | 
|---|
| 31 |  | 
|---|
| 32 | # disable automatic stripping of binaries upon installation | 
|---|
| 33 | %define __spec_install_post %{nil} | 
|---|
| 34 | # required because DeadRat wants to package some debug info otherwise | 
|---|
| 35 | # (this debug info would be created by debug_install_post called | 
|---|
| 36 | # from spec_install_post) | 
|---|
| 37 | %define debug_package %{nil} | 
|---|
| 38 | # Use internal dependency generator rather than external helpers? | 
|---|
| 39 | %define _use_internal_dependency_generator     0 | 
|---|
| 40 |  | 
|---|
| 41 | %description | 
|---|
| 42 | @install_name@ is an open source file integrity and host-based intrusion | 
|---|
| 43 | detection system for Linux and Unix. It can run as a daemon process, and | 
|---|
| 44 | and thus can remember file changes -- contrary to a tool that runs from | 
|---|
| 45 | cron, if a file is modified you will get only one report, while | 
|---|
| 46 | subsequent checks of that file will ignore the modification as it is | 
|---|
| 47 | already reported (unless the file is modified again). | 
|---|
| 48 |  | 
|---|
| 49 | @install_name@ can optionally be used as client/server system to provide | 
|---|
| 50 | centralized monitoring for multiple host. Logging to a (MySQL or | 
|---|
| 51 | PostgreSQL) database is supported. | 
|---|
| 52 |  | 
|---|
| 53 | NOTE: for security reasons, if you distribute binary executables to | 
|---|
| 54 | third parties you should point out the use of the --add-key option to | 
|---|
| 55 | modify the key material within the executable. | 
|---|
| 56 | This spec file is intended to facilitate installation on YOUR system. | 
|---|
| 57 | If you use this spec file to build a SRPM for distribution to third parties, | 
|---|
| 58 | make sure to remove the --enable-base configure option below. | 
|---|
| 59 |  | 
|---|
| 60 | %prep | 
|---|
| 61 | %setup -q -n samhain-%{version} | 
|---|
| 62 |  | 
|---|
| 63 | %build | 
|---|
| 64 | %if %{?_with_tests:1}%{!?_with_tests:0} | 
|---|
| 65 | # test installation (test #7 is only included if --with gpg has been | 
|---|
| 66 | # specified) | 
|---|
| 67 | for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done | 
|---|
| 68 | %endif | 
|---|
| 69 | # | 
|---|
| 70 | # configure with the user-supplied arguments to './configure' | 
|---|
| 71 | # | 
|---|
| 72 | ./configure @mydefargs@ | 
|---|
| 73 | make | 
|---|
| 74 | %if "%{withpwd_prg}" == "xDSH_WITH_CLIENT" | 
|---|
| 75 | %if "%{password}" != "" | 
|---|
| 76 | ./samhain_setpwd samhain new %{password} | 
|---|
| 77 | mv samhain samhain.old | 
|---|
| 78 | mv samhain.new samhain | 
|---|
| 79 | %endif | 
|---|
| 80 | %endif | 
|---|
| 81 |  | 
|---|
| 82 |  | 
|---|
| 83 | %install | 
|---|
| 84 | rm -rf ${RPM_BUILD_ROOT} | 
|---|
| 85 | # sstrip shouldn't be used since binaries will be stripped later | 
|---|
| 86 | ## cat << EOF > sstrip | 
|---|
| 87 | ## #!/bin/sh | 
|---|
| 88 | ## echo "*** SSTRIP DISABLED ***" | 
|---|
| 89 | ## EOF | 
|---|
| 90 | make DESTDIR=${RPM_BUILD_ROOT} install | 
|---|
| 91 | # copy script files to /var/lib/samhain so that we can use them right | 
|---|
| 92 | # after the package is installed | 
|---|
| 93 | # | 
|---|
| 94 | install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB init/samhain.startSystemd ${RPM_BUILD_ROOT}@mydataroot@ | 
|---|
| 95 | # | 
|---|
| 96 | # file list (helpful advice from Lars Kellogg-Stedman) | 
|---|
| 97 | # | 
|---|
| 98 | echo "@sbindir@/@install_name@" > sh_file_list | 
|---|
| 99 | find %{buildroot}/lib/modules \! -type d -print | \ | 
|---|
| 100 | sed 's,%{buildroot},,' >> sh_file_list | 
|---|
| 101 |  | 
|---|
| 102 | %clean | 
|---|
| 103 | rm -rf ${RPM_BUILD_ROOT} | 
|---|
| 104 |  | 
|---|
| 105 | %pre | 
|---|
| 106 | if test "x@install_name@" = "xyule" | 
|---|
| 107 | then | 
|---|
| 108 | getent group samhain >/dev/null || groupadd -r samhain | 
|---|
| 109 | getent passwd yule >/dev/null || \ | 
|---|
| 110 | useradd -r -g samhain -d  @mydataroot@ -s /sbin/nologin \ | 
|---|
| 111 | -c "samhain server daemon" yule | 
|---|
| 112 |  | 
|---|
| 113 | fi | 
|---|
| 114 | exit 0 | 
|---|
| 115 |  | 
|---|
| 116 | %post | 
|---|
| 117 | if [ "$1" -ge 1 ]; then | 
|---|
| 118 | # Activate boot-time start up | 
|---|
| 119 | cd @mydataroot@ | 
|---|
| 120 | /bin/sh ./samhain-install.sh --verbose install-boot | 
|---|
| 121 | rm -f ./samhain.startLSB | 
|---|
| 122 | rm -f ./samhain.startLinux | 
|---|
| 123 | rm -f ./samhain.startSystemd | 
|---|
| 124 | if [ -f @sbindir@/@install_name@_stealth ]; then | 
|---|
| 125 | rm -f samhain-install.sh | 
|---|
| 126 | fi | 
|---|
| 127 | shkeep=yes | 
|---|
| 128 | if test x"$shkeep" = xno; then | 
|---|
| 129 | rm -f ./samhain-install.sh | 
|---|
| 130 | rm -f @sbindir@/@install_name@_stealth | 
|---|
| 131 | fi | 
|---|
| 132 | fi | 
|---|
| 133 | if [ "$1" = 1 ]; then | 
|---|
| 134 | if test -f /usr/lib/lsb/install_initd; then | 
|---|
| 135 | /usr/lib/lsb/install_initd /etc/init.d/@install_name@ | 
|---|
| 136 | fi | 
|---|
| 137 | fi | 
|---|
| 138 |  | 
|---|
| 139 | %if "%{name}" != "yule" | 
|---|
| 140 | cat << EOF | 
|---|
| 141 |  | 
|---|
| 142 | Samhain is installed but is NOT running yet, and the database of | 
|---|
| 143 | file signatures is NOT initialized yet. Read the documentation, | 
|---|
| 144 | review configuration files, and then (i) initialize it | 
|---|
| 145 | (@sbindir@/samhain -t init) | 
|---|
| 146 | and (ii) start it manually | 
|---|
| 147 | (@sbindir@/samhain start). | 
|---|
| 148 |  | 
|---|
| 149 | It is configured to start automatically on the next boot for runlevels | 
|---|
| 150 | [2-5]. | 
|---|
| 151 |  | 
|---|
| 152 | EOF | 
|---|
| 153 | %endif | 
|---|
| 154 | %if "%{name}" == "yule" | 
|---|
| 155 | cat << EOF | 
|---|
| 156 |  | 
|---|
| 157 | Yule is installed but is NOT running yet, read the documentation, | 
|---|
| 158 | review configuration files, and then start it | 
|---|
| 159 | (@sbindir@/yule) | 
|---|
| 160 |  | 
|---|
| 161 | It is configured to start automatically on the next boot for runlevels | 
|---|
| 162 | [2-5]. | 
|---|
| 163 |  | 
|---|
| 164 | EOF | 
|---|
| 165 | %endif | 
|---|
| 166 |  | 
|---|
| 167 | %preun | 
|---|
| 168 | # stop running instance of samhain, if any | 
|---|
| 169 | if [ -f @mylockdir@/%{name}.pid ]; then | 
|---|
| 170 | @sbindir@/@install_name@ stop | 
|---|
| 171 | fi | 
|---|
| 172 | if [ "$1" = 0 ]; then | 
|---|
| 173 | # remove boot-time scripts and links | 
|---|
| 174 | cd @mydataroot@ | 
|---|
| 175 | if [ -f ./samhain-install.sh ]; then | 
|---|
| 176 | /bin/sh ./samhain-install.sh --verbose uninstall-boot | 
|---|
| 177 | else | 
|---|
| 178 | if test -f /usr/lib/lsb/remove_initd; then | 
|---|
| 179 | /usr/lib/lsb/remove_initd /etc/init.d/@install_name@ | 
|---|
| 180 | fi | 
|---|
| 181 | rm -f /etc/init.d/@install_name@ | 
|---|
| 182 | fi | 
|---|
| 183 | fi | 
|---|
| 184 |  | 
|---|
| 185 |  | 
|---|
| 186 |  | 
|---|
| 187 | %files -f sh_file_list | 
|---|
| 188 | %defattr(-,root,root) | 
|---|
| 189 | %if "@mylockdir@" != "/run" || "@mylockdir@" != "/var/run" | 
|---|
| 190 | %dir @mylockdir@ | 
|---|
| 191 | %endif | 
|---|
| 192 | %if "@mylogdir@" != "/var/log" | 
|---|
| 193 | %dir @mylogdir@ | 
|---|
| 194 | %endif | 
|---|
| 195 | %doc docs/BUGS COPYING docs/Changelog | 
|---|
| 196 | %doc LICENSE docs/FAQ.html docs/HOWTO* docs/MANUAL-2_4.* docs/README* | 
|---|
| 197 | @mydataroot@ | 
|---|
| 198 | %if "%{withstg_prg}" == "xsamhain_stealth" | 
|---|
| 199 | @sbindir@/@install_name@_stealth | 
|---|
| 200 | %endif | 
|---|
| 201 | %if "%{withpwd_prg}" == "xDSH_WITH_CLIENT" | 
|---|
| 202 | @sbindir@/@install_name@_setpwd | 
|---|
| 203 | %endif | 
|---|
| 204 | %if "%{withpwd_prg}" == "xDSH_WITH_SERVER" | 
|---|
| 205 | @sbindir@/@install_name@ctl | 
|---|
| 206 | @sbindir@/@install_name@admin-sig.pl | 
|---|
| 207 | @sbindir@/@install_name@admin-gpg.pl | 
|---|
| 208 | %exclude @sbindir@/@install_name@_setpwd | 
|---|
| 209 | %endif | 
|---|
| 210 | %attr(644,root,root) @mandir@/man5/@install_name@* | 
|---|
| 211 | %attr(644,root,root) @mandir@/man8/@install_name@* | 
|---|
| 212 | %attr(644,root,root) /etc/logrotate.d/@install_name@ | 
|---|
| 213 | %if "%{name}" == "yule" | 
|---|
| 214 | %attr(750,root,samhain) @mydataroot@ | 
|---|
| 215 | %attr(750,yule,samhain) @mylogdir@ | 
|---|
| 216 | %endif | 
|---|
| 217 | %config(noreplace) @myrpmconffile@ | 
|---|
| 218 |  | 
|---|
| 219 | %changelog | 
|---|
| 220 | * Tue Jul 28 2020 Rainer Wichmann | 
|---|
| 221 | - fix bogus date | 
|---|
| 222 | - fix for recent split into samhainadmin-gpg.pl, samhainadmin-sig.pl | 
|---|
| 223 |  | 
|---|
| 224 | * Wed May 01 2019 Rainer Wichmann | 
|---|
| 225 | - remove obsolete part fpr sh_lkm | 
|---|
| 226 | - add fixes by Franky Van L. (password, directory ownership) | 
|---|
| 227 |  | 
|---|
| 228 | * Mon Dec 18 2017 Rainer Wichmann | 
|---|
| 229 | - patch for SLES12 by Pirmin | 
|---|
| 230 | - fix missing yuleadmin.pl file | 
|---|
| 231 |  | 
|---|
| 232 | * Tue Oct 23 2012 Rainer Wichmann | 
|---|
| 233 | - fixes for yule installation | 
|---|
| 234 |  | 
|---|
| 235 | * Tue May 16 2006 Rainer Wichmann | 
|---|
| 236 | - fix manual version, noticed by Imre Gergely | 
|---|
| 237 |  | 
|---|
| 238 | * Tue Apr 05 2005 Rainer Wichmann | 
|---|
| 239 | - disable automatic stripping, use sstrip | 
|---|
| 240 |  | 
|---|
| 241 | * Thu Mar 17 2005 Rainer Wichmann | 
|---|
| 242 | - fixes for enable-khide | 
|---|
| 243 |  | 
|---|
| 244 | * Wed Oct 20 2004 Rainer Wichmann | 
|---|
| 245 | - more fixes for client/server detection | 
|---|
| 246 | - fix for samhain_stealth | 
|---|
| 247 |  | 
|---|
| 248 | * Sun Aug 15 2004 Rainer Wichmann | 
|---|
| 249 | - fix detection of client/server | 
|---|
| 250 |  | 
|---|
| 251 | * Sat Jun 19 2004 Rainer Wichmann | 
|---|
| 252 | - replace ./test.sh $i with make test$i | 
|---|
| 253 | - add logic for rpm-light (remove some more files after install) | 
|---|
| 254 | - make postun posix compliant (avoid empty argument list for rm -f) | 
|---|
| 255 |  | 
|---|
| 256 | * Wed Dec 31 2003 Stijn Jonker <sjcjonker@sjc.nl> | 
|---|
| 257 | - Fixed correctly build of yule-*-rpm | 
|---|
| 258 | - Fixed excluding of yule_setpwd, and including of yulectl on yule build | 
|---|
| 259 | - Fixed including of samhain_setpwd in samhain client build | 
|---|
| 260 | - Above changes required for correct build in newer rpms, | 
|---|
| 261 | with defaults for abort on unpacked files due to | 
|---|
| 262 | %_unpackaged_files_terminate_build 1 setting | 
|---|
| 263 | - Fixed installation text for yule, not to display samhain text | 
|---|
| 264 | - Added /sbin/chkconfig install_name on to enable the rc scripts | 
|---|
| 265 |  | 
|---|
| 266 | * Thu Dec 11 2003 Christian Vanguers  <cva at molis dot be> | 
|---|
| 267 | - Fixed typo in samhain.spec | 
|---|
| 268 | - Compiled on RedHat Enterprise Linux ES 3 | 
|---|
| 269 |  | 
|---|
| 270 | * Wed Mar 26 2003 Rainer Wichmann | 
|---|
| 271 | - strip REQ_FROM_SERVER in config file path (%config(noreplace) ...) | 
|---|
| 272 |  | 
|---|
| 273 | * Sun Jan 12 2003 Rainer Wichmann <support at la-samhna dot de> | 
|---|
| 274 | - replace %configure with ./configure | 
|---|
| 275 |  | 
|---|
| 276 | * Tue Dec 24 2002 Rainer Wichmann <support at la-samhna dot de> | 
|---|
| 277 | - backported applicable changes to samhain.spec.in | 
|---|
| 278 | - warn user that database must be initialized | 
|---|
| 279 | - fix version of MANUAL in '%files' | 
|---|
| 280 | - test for chkconfig, use only if found | 
|---|
| 281 |  | 
|---|
| 282 | * Sun Dec 22 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.7.0 | 
|---|
| 283 | - fixed typo with _usr macro on ./configure | 
|---|
| 284 | - stops running samhain before uninstall | 
|---|
| 285 | - implemented conditionals to allow proper uninstalls/upgrades | 
|---|
| 286 | - 'BuildPreReq: gpg' is considered only if '--with gpg' is provided | 
|---|
| 287 | - run 'chkconfig' to activate samhain after installation | 
|---|
| 288 | - warn user that samhain must be manually started after | 
|---|
| 289 | install/upgrade | 
|---|
| 290 |  | 
|---|
| 291 | * Fri Dec 20 2002 Rainer Wichmann <support at la-samhna dot de> | 
|---|
| 292 | - backported to samhain.spec.in (take over user's choices from configure) | 
|---|
| 293 | - also save samhain.startLSB and samhain.startSuSE for install-boot | 
|---|
| 294 |  | 
|---|
| 295 | * Thu Dec 19 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6 | 
|---|
| 296 | - optional parameters '--with gpg' and '--with tests' | 
|---|
| 297 | - use of pre-defined macros whenever possible | 
|---|
| 298 |  | 
|---|
| 299 | * Wed Dec 18 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6 | 
|---|
| 300 | - Fixed installation process, avoiding hardcoded paths on the binaries | 
|---|
| 301 | (thks to samhain's author Rainer Wichmann) | 
|---|
| 302 |  | 
|---|
| 303 | * Mon Dec 16 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6 | 
|---|
| 304 | - First attempt to build from sources | 
|---|
| 305 |  | 
|---|