aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-security/samhain/samhain.inc
blob: db96264b3ca75f9177ca32a6c7d1093233084229 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
DESCRIPTION = "Provides file integrity checking and log file monitoring/analysis"
HOMEPAGE    = "http://www.la-samhna.de/samhain/"
LICENSE     = "GPLv2"
LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b"


SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
           file://samhain-cross-compile.patch \
           file://samhain-mips64-aarch64-dnmalloc-hash-fix.patch \
           file://samhain-samhainrc.patch \
           file://samhain-samhainrc-fix-files-dirs-path.patch \
           file://samhain-pid-path.patch \
           file://samhain-sha256-big-endian.patch \
           file://samhain-configure-add-option-for-ps.patch \
           file://samhain-avoid-searching-host-for-postgresql.patch \
           file://samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch \
           file://${INITSCRIPT_NAME}.init \
           file://${INITSCRIPT_NAME}.default \
           file://samhain.service \
           "

SRC_URI[md5sum] = "f499d5d06bfd1d787073a45bf28dd60f"
SRC_URI[sha256sum] = "0f3e64afb3f00064c9b136d34a72d580cd41248c5941eba0452f364a109003c7"

S = "${WORKDIR}/samhain-${PV}"

inherit autotools-brokensep update-rc.d pkgconfig systemd

SAMHAIN_PORT ??= "49777"
SAMHAIN_SERVER ??= "NULL"

INITSCRIPT_NAME = "${BPN}"
INITSCRIPT_PARAMS ?= "defaults"

SYSTEMD_PACKAGES = "${PN}"
SYSTEMD_SERVICE_${PN} = "${INITSCRIPT_NAME}.service"
SYSTEMD_AUTO_ENABLE = "disable"

# mode mapping:
# BPN                MODE_NAME   SAMHAIN_MODE
# samhain-standalone standalone  no
# samhain-client     client      client
# samhain-server     server      server
MODE_NAME = "${@d.getVar('BPN').split('-')[1]}"
SAMHAIN_MODE = "${@oe.utils.ifelse(d.getVar('MODE_NAME') == 'standalone', 'no', '${MODE_NAME}')}"

# supports mysql|postgresql|oracle|odbc but postgresql is the only one available

PACKAGECONFIG ??= "postgresql ps \
    ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \
    ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)} \
    ${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)} \
"

PACKAGECONFIG[postgresql]  = "--with-database=postgresql --enable-xml-log PGSQL_INC_DIR=${STAGING_INCDIR} PGSQL_LIB_DIR=${STAGING_LIBDIR}, , postgresql"
PACKAGECONFIG[suidcheck]  = "--enable-suidcheck, , "
PACKAGECONFIG[logwatch]  = "--enable-login-watch, , "
PACKAGECONFIG[mounts]  = "--enable-mounts-check, , "
PACKAGECONFIG[userfiles]  = "--enable-userfiles, , "
PACKAGECONFIG[ipv6]  = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux attr"
PACKAGECONFIG[acl] = " --enable-posix-acl , --disable-posix-acl, acl"
PACKAGECONFIG[audit] = "ac_cv_header_auparse_h=yes,ac_cv_header_auparse_h=no,audit"
PACKAGECONFIG[ps] = "--with-ps-path=${base_bindir}/ps,,,procps"

do_unpack_samhain() {
    cd ${WORKDIR}
    tar -xzvf samhain-${PV}.tar.gz
}

python do_unpack_append() {
    bb.build.exec_func('do_unpack_samhain', d)
}

do_configure_prepend_arm() {
    export sh_cv___va_copy=yes
}

do_configure_prepend_aarch64() {
    export sh_cv___va_copy=yes
}

# If we use oe_runconf in do_configure() it will by default
# use the prefix --oldincludedir=/usr/include which is not
# recognized by Samhain's configure script and would invariably
# throw back the error "unrecognized option: --oldincludedir=/usr/include"
do_configure_prepend () {
    cat << EOF > ${S}/config-site.${BP}
ssp_cv_lib=no
sh_cv_va_copy=yes
EOF
    export CONFIG_SITE=${S}/config-site.${BP}
}

do_configure () {
	autoconf -f
	./configure \
	--build=${BUILD_SYS} \
	--host=${HOST_SYS} \
	--target=${TARGET_SYS} \
	--prefix=${prefix} \
	--exec_prefix=${exec_prefix} \
	--bindir=${bindir} \
	--sbindir=${sbindir} \
	--libexecdir=${libexecdir} \
	--datadir=${datadir} \
	--sysconfdir=${sysconfdir} \
	--sharedstatedir=${sharedstatedir} \
	--localstatedir=${localstatedir} \
	--libdir=${libdir} \
	--includedir=${includedir} \
	--infodir=${infodir} \
	--mandir=${mandir} \
	--enable-network=${SAMHAIN_MODE} \
	--with-pid-file=${localstatedir}/run/samhain.pid \
	--with-data-file=${localstatedir}/lib/samhain/samhain_file \
	${EXTRA_OECONF}
}

do_compile_prepend_libc-musl () {
	sed -i 's/^#define HAVE_MALLOC_H.*//' ${B}/config.h
}

# Install the init script, it's default file, and the extraneous
# documentation.
do_install_append () {
	oe_runmake install DESTDIR='${D}' INSTALL=install-boot

	install -D -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.init \
		${D}${sysconfdir}/init.d/${INITSCRIPT_NAME}

	install -D -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.default \
		${D}${sysconfdir}/default/${INITSCRIPT_NAME}

	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
		if [ "${SAMHAIN_MODE}" = "no" ]; then
		    install -D -m 0644 ${WORKDIR}/samhain.service ${D}/${systemd_system_unitdir}/samhain.service
		else
		    install -D -m 0644 ${WORKDIR}/samhain.service ${D}/${systemd_system_unitdir}/${BPN}.service
		fi
		install -D -m 0755 ${WORKDIR}/${BPN}.init ${D}/${libexecdir}/${BPN}
		sed -i -e 's,@LIBDIR@,${libexecdir},' \
		       -e 's,@SAMHAIN_HELPER@,${BPN},' \
		       -e 's,@MODE_NAME@,${MODE_NAME},' \
		       ${D}${systemd_system_unitdir}/samhain*.service
    fi

	install -d ${D}${docdir}/${BPN}
	cp -r docs/* ${D}${docdir}/${BPN}
	cp -r scripts ${D}${docdir}/${BPN}
	install -d -m 755 ${D}${localstatedir}/samhain

	# Prevent QA warnings about installed ${localstatedir}/run
	if [ -d ${D}${localstatedir}/run ]; then
		rmdir ${D}${localstatedir}/run
	fi
}

FILES_${PN} += "${systemd_system_unitdir}"