source: trunk/scripts/redhat_i386.client.spec.in@ 432

Last change on this file since 432 was 412, checked in by katerina, 12 years ago

Enhancements for ticket #312 (logrotate) and #313 (--enable-suid).

File size: 6.2 KB
Line 
1#
2# Accepted parameters for 'rpmbuild':
3#
4# --with tests - make tests before building
5
6Summary: File integrity and host-based IDS
7Name: samhain-client
8Version: @VERSION@
9Release: 5
10License: GPL
11Group: System Environment/Base
12Source: %{name}-%{version}.tar.gz
13BuildRoot: %{_tmppath}/samhain-client-%{version}-root
14Packager: Andre Oliveira da Costa <brblueser@uol.com.br>
15Provides: %{name}
16
17
18%description
19samhain is an open source file integrity and host-based intrusion
20detection system for Linux and Unix. It can run as a daemon process, and
21and thus can remember file changes -- contrary to a tool that runs from
22cron, if a file is modified you will get only one report, while
23subsequent checks of that file will ignore the modification as it is
24already reported (unless the file is modified again).
25
26samhain can optionally be used as client/server system to provide
27centralized monitoring for multiple host. Logging to a (MySQL or
28PostgreSQL) database is supported.
29
30NOTE: for security reasons, if you distribute binary executables to
31third parties you should point out the use of the --add-key option to
32modify the key material within the executable.
33This spec file is intended to facilitate installation on YOUR system.
34If you use this spec file to build a SRPM for distribution to third parties,
35make sure to remove the --enable-base configure option below.
36
37%prep
38%setup -q
39
40%build
41%if %{?_with_tests:1}%{!?_with_tests:0}
42# test installation (test #7 is only included if --with gpg has been
43# specified)
44for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done
45%endif
46#
47#./configure --prefix=%{_usr} \
48# --sysconfdir=%{_sysconfdir} \
49# --localstatedir=%{_localstatedir} \
50# --mandir=%{_mandir}
51#
52./configure '--enable-network=client' \
53 '--with-port=@myport@' \
54 '--with-logserver=@mylogsrv@' \
55 '--with-data-file=REQ_FROM_SERVER/etc/samclient.data' \
56 '--with-config-file=REQ_FROM_SERVER/etc/samclient.conf' \
57 '--with-kcheck=/boot/System.map' \
58 '--enable-khide=/boot/System.map' \
59 '--enable-suidcheck' \
60 '--enable-static' \
61 '--enable-login-watch' \
62 '--enable-ptrace' \
63 '--enable-db-reload' \
64 '--enable-base=@my_key_A@,@my_key_B@' \
65 '--enable-xml-log'
66
67make
68
69%install
70rm -rf ${RPM_BUILD_ROOT}
71# sstrip shouldn't be used since binaries will be stripped later
72cat << EOF > sstrip
73#!/bin/sh
74echo "*** SSTRIP DISABLED ***"
75EOF
76make DESTDIR=${RPM_BUILD_ROOT} install
77# copy script files to /var/lib/samhain so that we can use them right
78# after the package is installed
79install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB ${RPM_BUILD_ROOT}/etc
80install -m 640 -o 0 -g 0 samhain_kmem.ko ${RPM_BUILD_ROOT}/lib/modules/`uname -r`/samhain_kmem.ko
81install -m 640 -o 0 -g 0 samhain_hide.ko ${RPM_BUILD_ROOT}/lib/modules/`uname -r`/samhain_hide.ko
82install -m 700 -o 0 -g 0 samhain_setpwd ${RPM_BUILD_ROOT}/usr/local/sbin/samhain_setpwd
83
84%clean
85rm -rf ${RPM_BUILD_ROOT}
86
87%post
88if [ "$1" = 1 ]; then
89 # Activate boot-time start up
90 cd /etc
91 ./samhain-install.sh --verbose install-boot
92 if test -f /sbin/chkconfig; then
93 /sbin/chkconfig --add samhain
94 fi
95fi
96rm -rf /etc/samclient.conf
97rm -rf /etc/samhain.startLinux
98rm -rf /etc/samhain.startLSB
99
100cat << EOF
101
102Samhain is installed but is NOT running yet, and the database of
103file signatures is NOT initialized yet. Read the documentation,
104review configuration files, and then (i) initialize it
105(/usr/local/sbin/samhain -t init)
106and (ii) start it manually
107(/usr/local/sbin/samhain start).
108
109It is configured to start automatically on the next boot for runlevels
110[2-5].
111
112EOF
113
114%preun
115# stop running instance of samhain, if any
116if [ -f /var/run/%{name}.pid ]; then
117 /usr/local/sbin/samhain stop
118fi
119if [ "$1" = 0 ]; then
120 # remove boot-time scripts and links
121 cd /etc
122 ./samhain-install.sh --verbose uninstall-boot
123fi
124
125%postun
126if [ "$1" = 0 ]; then
127 # remove any kernel modules that might have been installed
128 RVER=`uname -r`
129 rm -f /lib/modules/$RVER/samhain*
130fi
131
132
133%files
134%defattr(-,root,root)
135%dir /var/run
136%dir /var/log
137#%doc docs/BUGS COPYING docs/Changelog docs/TODO
138#%doc LICENSE docs/HOWTO* docs/MANUAL-2_3.* docs/README*
139/etc
140/usr/local/sbin/samhain
141/usr/local/sbin/samhain_setpwd
142/lib/modules
143%attr(644,root,root) /etc/logrotate.d/@install_name@
144#%attr(644,root,root) /usr/local/man/man5/samhain*
145#%attr(644,root,root) /usr/local/man/man8/samhain*
146#%config(noreplace) REQ_FROM_SERVER/etc/samclient.conf
147
148%changelog
149* Thu Apr 3 2003 Rainer Wichmann <support at la-samhna dot de>
150- adapt for configure
151
152* Wed Mar 26 2003 Philipp Stadler <philipp@stadler.priv.at>
153- add samhain modules installation
154- stops installation of documentation to server
155- replace %config entry for /etc/samclient.conf
156- remove samhain.startLinux and samhain.startLSB after installation
157
158* Sun Jan 12 2003 Rainer Wichmann <support at la-samhna dot de>
159- replace %configure with ./configure
160
161* Tue Dec 24 2002 Rainer Wichmann <support at la-samhna dot de>
162- backported applicable changes to samhain.spec.in
163- warn user that database must be initialized
164- fix version of MANUAL in '%files'
165- test for chkconfig, use only if found
166
167* Sun Dec 22 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.7.0
168- fixed typo with _usr macro on ./configure
169- stops running samhain before uninstall
170- implemented conditionals to allow proper uninstalls/upgrades
171- 'BuildPreReq: gpg' is considered only if '--with gpg' is provided
172- run 'chkconfig' to activate samhain after installation
173- warn user that samhain must be manually started after
174 install/upgrade
175
176* Fri Dec 20 2002 Rainer Wichmann <support at la-samhna dot de>
177- backported to samhain.spec.in (take over user's choices from configure)
178- also save samhain.startLSB and samhain.startSuSE for install-boot
179
180* Thu Dec 19 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
181- optional parameters '--with gpg' and '--with tests'
182- use of pre-defined macros whenever possible
183
184* Wed Dec 18 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
185- Fixed installation process, avoiding hardcoded paths on the binaries
186 (thks to samhain's author Rainer Wichmann)
187
188* Mon Dec 16 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
189- First attempt to build from sources
190
Note: See TracBrowser for help on using the repository browser.