| [1] | 1 | # | 
|---|
|  | 2 | # Accepted parameters for 'rpmbuild': | 
|---|
|  | 3 | # | 
|---|
|  | 4 | # --with tests          - make tests before building | 
|---|
|  | 5 |  | 
|---|
|  | 6 | Summary: File integrity and host-based IDS | 
|---|
|  | 7 | Name: samhain-client | 
|---|
|  | 8 | Version: @VERSION@ | 
|---|
|  | 9 | Release: 5 | 
|---|
|  | 10 | License: GPL | 
|---|
|  | 11 | Group: System Environment/Base | 
|---|
|  | 12 | Source: %{name}-%{version}.tar.gz | 
|---|
|  | 13 | BuildRoot: %{_tmppath}/samhain-client-%{version}-root | 
|---|
|  | 14 | Packager: Andre Oliveira da Costa <brblueser@uol.com.br> | 
|---|
|  | 15 | Provides: %{name} | 
|---|
|  | 16 |  | 
|---|
|  | 17 |  | 
|---|
|  | 18 | %description | 
|---|
|  | 19 | samhain is an open source file integrity and host-based intrusion | 
|---|
|  | 20 | detection system for Linux and Unix. It can run as a daemon process, and | 
|---|
|  | 21 | and thus can remember file changes -- contrary to a tool that runs from | 
|---|
|  | 22 | cron, if a file is modified you will get only one report, while | 
|---|
|  | 23 | subsequent checks of that file will ignore the modification as it is | 
|---|
|  | 24 | already reported (unless the file is modified again). | 
|---|
|  | 25 |  | 
|---|
|  | 26 | samhain can optionally be used as client/server system to provide | 
|---|
|  | 27 | centralized monitoring for multiple host. Logging to a (MySQL or | 
|---|
|  | 28 | PostgreSQL) database is supported. | 
|---|
|  | 29 |  | 
|---|
|  | 30 | NOTE: for security reasons, if you distribute binary executables to | 
|---|
|  | 31 | third parties you should point out the use of the --add-key option to | 
|---|
|  | 32 | modify the key material within the executable. | 
|---|
|  | 33 | This spec file is intended to facilitate installation on YOUR system. | 
|---|
|  | 34 | If you use this spec file to build a SRPM for distribution to third parties, | 
|---|
|  | 35 | make sure to remove the --enable-base configure option below. | 
|---|
|  | 36 |  | 
|---|
|  | 37 | %prep | 
|---|
|  | 38 | %setup -q | 
|---|
|  | 39 |  | 
|---|
|  | 40 | %build | 
|---|
|  | 41 | %if %{?_with_tests:1}%{!?_with_tests:0} | 
|---|
|  | 42 | # test installation (test #7 is only included if --with gpg has been | 
|---|
|  | 43 | # specified) | 
|---|
|  | 44 | for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done | 
|---|
|  | 45 | %endif | 
|---|
|  | 46 | # | 
|---|
|  | 47 | #./configure --prefix=%{_usr} \ | 
|---|
|  | 48 | #            --sysconfdir=%{_sysconfdir} \ | 
|---|
|  | 49 | #            --localstatedir=%{_localstatedir} \ | 
|---|
|  | 50 | #            --mandir=%{_mandir} | 
|---|
|  | 51 | # | 
|---|
|  | 52 | ./configure     '--enable-network=client' \ | 
|---|
|  | 53 | '--with-port=@myport@' \ | 
|---|
|  | 54 | '--with-logserver=@mylogsrv@' \ | 
|---|
|  | 55 | '--with-data-file=REQ_FROM_SERVER/etc/samclient.data' \ | 
|---|
|  | 56 | '--with-config-file=REQ_FROM_SERVER/etc/samclient.conf' \ | 
|---|
|  | 57 | '--with-kcheck=/boot/System.map' \ | 
|---|
|  | 58 | '--enable-khide=/boot/System.map' \ | 
|---|
|  | 59 | '--enable-suidcheck' \ | 
|---|
|  | 60 | '--enable-static' \ | 
|---|
|  | 61 | '--enable-login-watch' \ | 
|---|
|  | 62 | '--enable-ptrace' \ | 
|---|
|  | 63 | '--enable-db-reload' \ | 
|---|
|  | 64 | '--enable-base=@my_key_A@,@my_key_B@' \ | 
|---|
|  | 65 | '--enable-xml-log' | 
|---|
|  | 66 |  | 
|---|
|  | 67 | make | 
|---|
|  | 68 |  | 
|---|
|  | 69 | %install | 
|---|
|  | 70 | rm -rf ${RPM_BUILD_ROOT} | 
|---|
|  | 71 | # sstrip shouldn't be used since binaries will be stripped later | 
|---|
|  | 72 | cat << EOF > sstrip | 
|---|
|  | 73 | #!/bin/sh | 
|---|
|  | 74 | echo "*** SSTRIP DISABLED ***" | 
|---|
|  | 75 | EOF | 
|---|
|  | 76 | make DESTDIR=${RPM_BUILD_ROOT} install | 
|---|
|  | 77 | # copy script files to /var/lib/samhain so that we can use them right | 
|---|
|  | 78 | # after the package is installed | 
|---|
|  | 79 | install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB ${RPM_BUILD_ROOT}/etc | 
|---|
|  | 80 | install -m 640 -o 0 -g 0 samhain_hide.o         ${RPM_BUILD_ROOT}/lib/modules/`uname -r`/samhain_hide.o | 
|---|
|  | 81 | install -m 640 -o 0 -g 0 samhain_erase.o        ${RPM_BUILD_ROOT}/lib/modules/`uname -r`/samhain_erase.o | 
|---|
|  | 82 | install -m 700 -o 0 -g 0 samhain_setpwd         ${RPM_BUILD_ROOT}/usr/local/sbin/samhain_setpwd | 
|---|
|  | 83 |  | 
|---|
|  | 84 | %clean | 
|---|
|  | 85 | rm -rf ${RPM_BUILD_ROOT} | 
|---|
|  | 86 |  | 
|---|
|  | 87 | %post | 
|---|
|  | 88 | if [ "$1" = 1 ]; then | 
|---|
|  | 89 | # Activate boot-time start up | 
|---|
|  | 90 | cd /etc | 
|---|
|  | 91 | ./samhain-install.sh --verbose install-boot | 
|---|
|  | 92 | if test -f /sbin/chkconfig; then | 
|---|
|  | 93 | /sbin/chkconfig --add samhain | 
|---|
|  | 94 | fi | 
|---|
|  | 95 | fi | 
|---|
|  | 96 | rm -rf /etc/samclient.conf | 
|---|
|  | 97 | rm -rf /etc/samhain.startLinux | 
|---|
|  | 98 | rm -rf /etc/samhain.startLSB | 
|---|
|  | 99 |  | 
|---|
|  | 100 | cat << EOF | 
|---|
|  | 101 |  | 
|---|
|  | 102 | Samhain is installed but is NOT running yet, and the database of | 
|---|
|  | 103 | file signatures is NOT initialized yet. Read the documentation, | 
|---|
|  | 104 | review configuration files, and then (i) initialize it | 
|---|
|  | 105 | (/usr/local/sbin/samhain -t init) | 
|---|
|  | 106 | and (ii) start it manually | 
|---|
|  | 107 | (/usr/local/sbin/samhain start). | 
|---|
|  | 108 |  | 
|---|
|  | 109 | It is configured to start automatically on the next boot for runlevels | 
|---|
|  | 110 | [2-5]. | 
|---|
|  | 111 |  | 
|---|
|  | 112 | EOF | 
|---|
|  | 113 |  | 
|---|
|  | 114 | %preun | 
|---|
|  | 115 | # stop running instance of samhain, if any | 
|---|
|  | 116 | if [ -f /var/run/%{name}.pid ]; then | 
|---|
|  | 117 | /usr/local/sbin/samhain stop | 
|---|
|  | 118 | fi | 
|---|
|  | 119 | if [ "$1" = 0 ]; then | 
|---|
|  | 120 | # remove boot-time scripts and links | 
|---|
|  | 121 | cd /etc | 
|---|
|  | 122 | ./samhain-install.sh --verbose uninstall-boot | 
|---|
|  | 123 | fi | 
|---|
|  | 124 |  | 
|---|
|  | 125 | %postun | 
|---|
|  | 126 | if [ "$1" = 0 ]; then | 
|---|
|  | 127 | # remove any kernel modules that might have been installed | 
|---|
|  | 128 | RVER=`uname -r` | 
|---|
|  | 129 | rm -f /lib/modules/$RVER/samhain* | 
|---|
|  | 130 | fi | 
|---|
|  | 131 |  | 
|---|
|  | 132 |  | 
|---|
|  | 133 | %files | 
|---|
|  | 134 | %defattr(-,root,root) | 
|---|
|  | 135 | %dir /var/run | 
|---|
|  | 136 | %dir /var/log | 
|---|
|  | 137 | #%doc docs/BUGS COPYING docs/Changelog docs/TODO | 
|---|
| [68] | 138 | #%doc LICENSE docs/HOWTO* docs/MANUAL-2_3.* docs/README* | 
|---|
| [1] | 139 | /etc | 
|---|
|  | 140 | /usr/local/sbin/samhain | 
|---|
|  | 141 | /usr/local/sbin/samhain_setpwd | 
|---|
|  | 142 | /lib/modules | 
|---|
|  | 143 | #%attr(644,root,root) /usr/local/man/man5/samhain* | 
|---|
|  | 144 | #%attr(644,root,root) /usr/local/man/man8/samhain* | 
|---|
|  | 145 | #%config(noreplace) REQ_FROM_SERVER/etc/samclient.conf | 
|---|
|  | 146 |  | 
|---|
|  | 147 | %changelog | 
|---|
|  | 148 | * Thu Apr  3 2003 Rainer Wichmann <support at la-samhna dot de> | 
|---|
|  | 149 | - adapt for configure | 
|---|
|  | 150 |  | 
|---|
|  | 151 | * Wed Mar 26 2003 Philipp Stadler <philipp@stadler.priv.at> | 
|---|
|  | 152 | - add samhain modules installation | 
|---|
|  | 153 | - stops installation of documentation to server | 
|---|
|  | 154 | - replace %config entry for /etc/samclient.conf | 
|---|
|  | 155 | - remove samhain.startLinux and samhain.startLSB after installation | 
|---|
|  | 156 |  | 
|---|
|  | 157 | * Sun Jan 12 2003 Rainer Wichmann <support at la-samhna dot de> | 
|---|
|  | 158 | - replace %configure with ./configure | 
|---|
|  | 159 |  | 
|---|
|  | 160 | * Tue Dec 24 2002 Rainer Wichmann <support at la-samhna dot de> | 
|---|
|  | 161 | - backported applicable changes to samhain.spec.in | 
|---|
|  | 162 | - warn user that database must be initialized | 
|---|
|  | 163 | - fix version of MANUAL in '%files' | 
|---|
|  | 164 | - test for chkconfig, use only if found | 
|---|
|  | 165 |  | 
|---|
|  | 166 | * Sun Dec 22 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.7.0 | 
|---|
|  | 167 | - fixed typo with _usr macro on ./configure | 
|---|
|  | 168 | - stops running samhain before uninstall | 
|---|
|  | 169 | - implemented conditionals to allow proper uninstalls/upgrades | 
|---|
|  | 170 | - 'BuildPreReq: gpg' is considered only if '--with gpg' is provided | 
|---|
|  | 171 | - run 'chkconfig' to activate samhain after installation | 
|---|
|  | 172 | - warn user that samhain must be manually started after | 
|---|
|  | 173 | install/upgrade | 
|---|
|  | 174 |  | 
|---|
|  | 175 | * Fri Dec 20 2002 Rainer Wichmann <support at la-samhna dot de> | 
|---|
|  | 176 | - backported to samhain.spec.in (take over user's choices from configure) | 
|---|
|  | 177 | - also save samhain.startLSB and samhain.startSuSE for install-boot | 
|---|
|  | 178 |  | 
|---|
|  | 179 | * Thu Dec 19 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6 | 
|---|
|  | 180 | - optional parameters '--with gpg' and '--with tests' | 
|---|
|  | 181 | - use of pre-defined macros whenever possible | 
|---|
|  | 182 |  | 
|---|
|  | 183 | * Wed Dec 18 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6 | 
|---|
|  | 184 | - Fixed installation process, avoiding hardcoded paths on the binaries | 
|---|
|  | 185 | (thks to samhain's author Rainer Wichmann) | 
|---|
|  | 186 |  | 
|---|
|  | 187 | * Mon Dec 16 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6 | 
|---|
|  | 188 | - First attempt to build from sources | 
|---|
|  | 189 |  | 
|---|