diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-06-25 14:35:09 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-06-25 14:35:09 +0000 |
| commit | c87ffc6692e7894cd76072498d650881f4846ed6 (patch) | |
| tree | b2540d1cdd3136a95620558e50e6fb2c4d30eab3 | |
| parent | Adding upstream version 4.1.4. (diff) | |
| download | samhain-c87ffc6692e7894cd76072498d650881f4846ed6.tar.xz samhain-c87ffc6692e7894cd76072498d650881f4846ed6.zip | |
Adding debian version 4.1.4-3.debian/4.1.4-3
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
46 files changed, 3251 insertions, 22 deletions
diff --git a/Makefile.in b/Makefile.in index 684e92b..409b003 100644 --- a/Makefile.in +++ b/Makefile.in @@ -54,7 +54,7 @@ selectconfig = @selectconfig@ top_builddir = . INSTALL = @INSTALL@ -INSTALL_PROGRAM = @INSTALL@ -s -m 700 +INSTALL_PROGRAM = @INSTALL@ -m 700 INSTALL_SHELL = @INSTALL@ -m 700 INSTALL_DATA = @INSTALL@ -m 600 INSTALL_MAN = @INSTALL@ -m 644 @@ -229,7 +229,7 @@ PROGRAMS = $(SETPWD) $(STEGIN) $(SAMHAIN) $(YULECTL) $(SADMIN) # #---------------------------------------------------------- -all: $(top_srcdir)/depend.sum $(SETPWD) $(STEGIN) $(SAMHAIN) $(YULECTL) sstrip +all: $(top_srcdir)/depend.sum $(SETPWD) $(STEGIN) $(SAMHAIN) $(YULECTL) #---------------------------------------------------------- @@ -512,7 +512,7 @@ uninstall-boot: samhain-install.sh # -install-program: $(PROGRAMS) sstrip +install-program: $(PROGRAMS) @$(mkinstalldirs) $(DESTDIR)$(sbindir) @if test x$(mytmpdir) != x; then \ $(mkinstalldirs) $(DESTDIR)$(mytmpdir); \ @@ -525,8 +525,6 @@ install-program: $(PROGRAMS) sstrip echo " $(INSTALL_PROGRAM) $$p $$target"; \ $(INSTALL_PROGRAM) $$p $$target; \ chmod 0700 $$target; \ - echo " ./sstrip $$target"; \ - ./sstrip $$target; \ else \ echo " $(INSTALL_SHELL) $$p $$target"; \ $(INSTALL_SHELL) $$p $$target; \ @@ -1256,29 +1254,26 @@ exepack_fill: $(srcsrc)/exepack_fill.c minilzo.o exepack echo "$(LINK) exepack_fill.o minilzo.o"; \ $(LINK) exepack_fill.o minilzo.o -samhain.pk: $(SAMHAIN) exepack exepack_fill sstrip +samhain.pk: $(SAMHAIN) exepack exepack_fill @echo "cp ./$(SAMHAIN) ./samhain.pk.data"; \ - cp ./$(SAMHAIN) ./samhain.pk.data; \ + cp ./$(SAMHAIN) ./samhain.pk.data echo "strip ./samhain.pk.data"; \ - strip ./samhain.pk.data > /dev/null 2>&1 || echo "... is already stripped"; \ - echo "./sstrip ./samhain.pk.data"; \ - ./sstrip ./samhain.pk.data > /dev/null 2>&1 || echo "sstrip returned false"; \ - test -f exepack.out && rm exepack.out; \ + strip ./samhain.pk.data > /dev/null 2>&1 || echo "... is already stripped" + test -f exepack.out && rm exepack.out echo "./exepack_fill exepack samhain.pk.data exepack.out"; \ - ./exepack_fill exepack samhain.pk.data exepack.out; \ - chmod +x exepack.out; \ + ./exepack_fill exepack samhain.pk.data exepack.out + chmod +x exepack.out echo "strip exepack.out"; \ - strip exepack.out > /dev/null 2>&1 || echo "... is already stripped"; \ - ./sstrip exepack.out > /dev/null 2>&1 || echo "sstrip returned false"; \ + strip exepack.out > /dev/null 2>&1 || echo "... is already stripped" echo "mv exepack.out samhain.pk"; \ rm -f samhain.pk; mv exepack.out samhain.pk samhain-packed: $(SAMHAIN) samhain_setpwd @echo "samhain_setpwd samhain new $(CLIENTPASSWD)"; \ - samhain_setpwd samhain new $(CLIENTPASSWD); \ + samhain_setpwd samhain new $(CLIENTPASSWD) echo "rm -f samhain; mv samhain.new samhain"; \ - rm -f samhain; mv samhain.new samhain; \ - $(MAKE) samhain.pk; \ + rm -f samhain; mv samhain.new samhain + $(MAKE) samhain.pk echo "rm -f samhain; mv samhain.pk samhain"; \ rm -f samhain; mv samhain.pk samhain @@ -4330,7 +4330,7 @@ enable_asm_ok=yes case "$host_os" in - *linux*) + *linux*|*-kfreebsd*-gnu|*-gnu*) sh_use_lcaps="yes" $as_echo "#define HOST_IS_LINUX 1" >>confdefs.h diff --git a/configure.ac b/configure.ac index 1b3e2ac..7dd90e8 100644 --- a/configure.ac +++ b/configure.ac @@ -56,7 +56,7 @@ enable_asm_ok=yes case "$host_os" in - *linux*) + *linux*|*-kfreebsd*-gnu|*-gnu*) sh_use_lcaps="yes" AC_DEFINE(HOST_IS_LINUX) AC_DEFINE(HAVE_EXT2_IOCTLS) diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 0000000..af80fcc --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,26 @@ +samhain (2.5.4-1) unstable; urgency=low + + Since version 2.5.4 samhain uses the dnmalloc allocator as a proactive + security measure against heap buffer overflows. If you experience stability + problems, please report these issues as a bug report against the Debian + package providing information on your architecture. + + As a workaround you can use the sources and use recompile them using + --disable-dnmalloc flag. + + -- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Thu, 05 Mar 2009 09:04:22 +0100 + +samhain (1.7.10-4) unstable; urgency=low + + Since version 1.7.10-4 the postinst has been fixed and the integrity + database will not be initialized each time the package is upgrade. + Previous versions would do so and, as a consequence, the + /var/state/samhain/samhain_file would be appended an will grow with + each upgrade. Users that have frequently upgraded samhain are suggested + to review the size of that file and consider (if it's too big, i.e + over 2-3 MBs) to purge it and re-run 'samhain -t init' to recreate it. + When I find a good way to detect appended databases code will be added + to the package management scripts in order to remove and regenerate it + (just in case some users suffer from this issue). + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 20 Sep 2003 23:13:12 +0200 diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..728ac91 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,117 @@ +samhain for Debian +------------------ + +Samhain reports +--------------- +(in systems that are upgrade periodically) + +If you are running samhain and are constantly updating your system, +maybe because you are running Debian 'sid' (i.e. unstable, not advised +on production servers) you will find that when you run 'apt-get upgrade' +you will get a flood of e-mails warning of system changes. +You will also get them when the system is rebooted or samhain is restarted. + +The main reason for this is that samhain is essentially doing its job: +warning the administrator of file system changes, and will keep on doing +this until the administrator updates the file system integrity database. +Notice that in a production server this will also happen when a security +update is made and patches are installed from Debian sources. + +This package will _never_ include a cron job that will do this for you, +since it could open a way for attackers to leave samhain useless (kill +samhain, make your changes, wait until the cron job updates samhain, restart +samhain...) + +It's the administrator job to determine whether a change samhain has +reported since the database was initialized/updated is correct or not and +when this has been verified he needs to manually reset the database +('samhain -t update -m none'). + +If this is your situation, and your integrity database is in your system +in read-write media (again, not recommended) you might want to run +'samhain -t update' after each programmed upgrade. +Moreover, you could do this automatically by +changing apt.conf (again, not recommend): + +-------------------------------------------------------------------------- +DPkg +{ + Pre-Invoke { "/etc/init.d/samhain stop" }; + Post-Invoke { "echo Updating samhain database" ; + "/usr/sbin/samhain -t update --foreground -m none" ; + "/etc/init.d/samhain start" }; +}; +-------------------------------------------------------------------------- + +Notice this configuration opens up a "window of vulnerability" in which +an attacker can wait until you run an update through apt, and makes his +changes before all the packages are installed. Since samhain is stopped +before that and the database is updated before it's restarted, the attacker's +changes will go unnoticed. + +With this configuration you will only receive a mail of the fact that samhain +was stopped and started, but no mail regarding the changes done to the filesystem +(you can modify the '-m' switch to change this, however) + +Included functionality +---------------------- + +Whileas samhain provides a client/server model as well as some nifty +security features (such as using GNUpg to test the database) +and functionality features (such as logging to SQL databases) they +have not been (yet) included in the package. Please read the manual and +use the sources (adjusting as needed) if you want these options. + +You can still use the Debian sources, if you want, to create new packages with +those features. For example, if you want to compile the server instead you +have to use the --enable-network=server flag. You can change this in the +debian/rules file inside the sources of the Debian package and recompile the +package (dpkg-buildpackage). You could do something like this: + +$ apt-get source samhain +$ cd samhain-2.0.10a +$ vi debian/rules +[ change the --enable-network= call ] +$ dch --newversion 1:2.2.0-1 +[ ... introduce a relevant changelog entry ... ] +$ dpkg-buildpackage +[ ... builds the package ... ] + +If you change the Debian version of the package (using 'dch') apt will +not update your package from Debian sources if these get update with a new +release. That's what the 'dch --newversion 1:2.2.0-1' is for. +A package with this version should never be upgraded by apt (as it would be +higher to any other version I might introduce in the archive due to the '1:' +epoch). You can also put the samhain package 'on hold' will not be +upgraded either (read more on 'holding' packages in the dpkg or apt +documentation) + +Samhain does not provide the web-based console (Beltane) either, you can +retrieve it from http://la-samhna.de/beltane/index.html + +The feature to detect loadable kernel module rootkits has been disabled +for the time being (it is kernel specific) + +In any clase, please take you time to customise samhain's configuration +file (/etc/samhain/samhainrc) specially the places (and kind of errors) +which Samahin will log (by sending an email, printing to console or to +syslog), please do 'man samhainrc' + +FIXED? (check) +- Make samhainrc adapted to Debian system -> 1.6 comes with a profile for + Debian-i386linux (this one is installed) + +TODO list +- Write manpages for samhain_encode and samhain_pwd based on README +- Currently not compiled with options, but could be compiled with +GPG/PGP support +- postrm script should remove database (if any) +- create a samhain-stealth package that conflicts with sanhain and does not +include the manpages and provides kernel module for stealth +- probably separate the client and server stuff in different packages + + -- Javier Fernandez-Sanguino Pea <jfs@computer.org> +Thu, 1 Jun 2006 21:36:21 +0200 + + + diff --git a/debian/TODO b/debian/TODO new file mode 100644 index 0000000..60e0de5 --- /dev/null +++ b/debian/TODO @@ -0,0 +1,13 @@ + +* Check why the init script provided upstream and the Debian init script are different + +* Check why the daemon does not behave the same when sending mail locally if the MTA is + not listening in port 25. It seems not to be able to send mails directly to local users + +* Fix the issue with ELF headers in non-i386 architectures + +* Determine if old bugs are still relevant + +* Provide also the samhain LKM and the applet-monitor + +* Provide versions for mysql and postgres? diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..32ac26b --- /dev/null +++ b/debian/changelog @@ -0,0 +1,643 @@ +samhain (4.1.4-3) sid; urgency=medium + + * Uploading to sid. + * Taking over package, Javier seems to be MIA (#893069). + + -- Daniel Baumann <daniel.baumann@progress-linux.org> Sun, 25 Jun 2023 16:33:52 +0200 + +samhain (4.1.4-2) unstable; urgency=medium + + * Add Build-Dep on libpcre3-dev to fix FTBFS. This library is required + after enabling the optional logfile-monitor module (Closes: #827791) + + -- Javier Fernández-Sanguino Peña <jfs@debian.org> Wed, 22 Jun 2016 19:47:39 +0200 + +samhain (4.1.4-1) unstable; urgency=medium + + * New upstream release (Closes: #820293) + * debian/samhain.doc-base: Update doc version + + -- Javier Fernández-Sanguino Peña <jfs@debian.org> Tue, 14 Jun 2016 00:46:35 +0200 + +samhain (3.1.0-8) unstable; urgency=medium + + * Enable the following optional modules: login-watch, + mounts-check, logfile-monitor, process-check, port-check, suidcheck. + Note: not configured in samhainrc file by default. + * Updated config.{guess,sub} + * debian/README.Debian: Fix typos + * debian/compat: Update compatibility version to 9 + * debian/control: + - Updated debhelper version requirement + - Update Standards Version + - Add Build dependencies to dh-autoreconf + - Add misc:depends to Depends: + * debian/rules: Rewrite to use debhelper instead of manual definitions, + moving content from the rules file to separate files in the debian/ + directory. + + -- Javier Fernández-Sanguino Peña <jfs@debian.org> Sun, 12 Jun 2016 10:58:11 +0200 + +samhain (3.1.0-7) unstable; urgency=medium + + * Applied patch provided by Andrea Claudi to move all non-volatile package + state from /var/state/samhain to /var/lib/samhain, according to the FHS + (Closes: #771461) + * debian/preinst: Move the contents of /var/state/samhain (if they exist) + to /var/lib/samhain on upgrades to avoid re-creating the Samhain state + database on upgrades from previous versions. + + -- Javier Fernández-Sanguino Peña <jfs@debian.org> Wed, 03 Dec 2014 00:57:15 +0100 + +samhain (3.1.0-6) unstable; urgency=medium + + * debian/rules: Add an option to disable the ASM code when building + on amd64 targets. Work around to fix the FTBFS on amd64 and kfreebsd + (Closes: #735530) + Patch provided by Adam Conrad. + * debian/control: Change build-deps to add autotools-dev. Build on new + architectures will get config.{sub,guess} automatically without you needing + to do a fresh upload to update the diff. + Patch provided by Adam Conrad. + * debian/samhain.init,debian/postinst: Initialise the integrity database if + it does not exist the first time the init.d script is run, do not do it in + postinst. This prevents package installation from sending a mail to root + which causes problems in automated testing tools (such as piuparts) + (Closes: #749602) + * debian/samhain.init: Fix call to pidofproc, provide it with the required + arguments (Closes: #751747) (LP: #1330424) + + + -- Javier Fernández-Sanguino Peña <jfs@debian.org> Wed, 18 Jun 2014 21:39:56 +0200 + +samhain (3.1.0-5) unstable; urgency=medium + + * debian/samhainrc: Use 'root@localhost' for SetMailAddress instead of just + 'root' since the basic mailer configuration requires that a domain is + provided in the RCPT TO. + * debian/samhain.init: Improve the init script: + - Do not fail in 'start' if the daemon is already started, use --oknodo + (Closes: #736375) + - Do not try to stop the daemon (and wait for it to stop) if it is not running + - If the pidfile has been lost, try to determine the status using the + process name instead + * debian/control: Do not require libauparse-dev in kfreebsd (Closes: #736169) + * debian/rules: update config.{sub,guess} on build if available and restore + on clean + + -- Javier Fernández-Sanguino Peña <jfs@debian.org> Thu, 23 Jan 2014 04:00:30 +0100 + +samhain (3.1.0-3) unstable; urgency=medium + + * debian/rules: + - Disable dnmalloc for all architectures expect those known to work. It + seems to be the source of problems and segfaults in many different + architectures (Closes: #533860, #657307) + + Even though dnmalloc improves samhain's security this is done to avoid + potential problematic situations while we wait more information from + upstream indicating in which architectures dnmalloc() can + be safely enabled. + + -- Javier Fernández-Sanguino Peña <jfs@debian.org> Thu, 16 Jan 2014 03:30:24 +0100 + +samhain (3.1.0-2) unstable; urgency=medium + + * debian/rules: + - Disable dnmalloc for s390x, as it is done for s390 already + (Closes: #733875) + - Preliminary code to build server (yule) and client although. This a + first step to fix #343346 + * debian/control + - Add libauparse-dev to the Build-dependencies to ensure that audit + support is enabled (Closes: #700156) + + -- Javier Fernández-Sanguino Peña <jfs@debian.org> Thu, 16 Jan 2014 01:57:57 +0100 + +samhain (3.1.0-1) unstable; urgency=medium + + * New upstream release. (Closes: #733468, #700109) + * This new upstream release builds with gcc 4.8 (Closes: #701353) + * Fix use of /var/run/samhain, which is created by the init.d script since + version 2.6.2-1: + - Remove the /var/run/samhain directory when the package is purged + - Do not ship /var/run/samhain in the package file + Thanks go to Thomas Goirand for spotting this issue and providing a patch, + which I used as a basis for the above changes + (Closes: #689902) + * Default samhainrc now uses SetMailAddress=root, SetMailRelay=localhost + since there have been reports of the previous confguration + (SetMailAddress=root@localhost, SetMailRelay=NULL) not working since + samhain tries to retrieve an MX record for 'localhost' from the DNS + (Closes: 709753) + + -- Javier Fernández-Sanguino Peña <jfs@debian.org> Fri, 10 Jan 2014 16:51:45 +0100 + +samhain (3.0.3-1) experimental; urgency=low + + * Updated to latest upstream version + * Updated config.sub and config.guess with latest autools-dev versions + * Update maintainer's name in debian/control + + -- Javier Fernández-Sanguino Peña <jfs@debian.org> Mon, 09 Apr 2012 23:28:06 +0200 + +samhain (2.8.3a-1) unstable; urgency=low + + * New upstream release (Closes: #602678) + - Remove call to sstrip in Makefile.in + * debian/samhain.init: + - Do not try to remove stale lockfile, its location was not + correct (it was /var/log/samhain/samhain.lock) and samhain + will start nevertheless (Closes: 645678) + - When restarting, check if the daemon is running before attempting + to start it and complain if it's still there + - Add a 'status' call to check if the daemon is running. + [ Changes by Stephen Gran ] + * debian/rules: + - Disable dnmalloc where we know it doesn't work (Closes: #618728, #501232) + According to upstream documentation dnmalloc doesn't work AMD64 + architectures including ia64 and freebsd-amd64 + (http://www.la-samhna.de/samhain/manual/dnmalloc.html) + * debian/samhain.init, debian/samhain.logrotate.d: + - Switch back to /var/run/samhain, as /var/run is now a symlink to /run, + and samhain won't run if it's piddir is a symlink. + (Closes: #645016, #631580) + + -- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Fri, 28 Oct 2011 10:36:35 +0200 + +samhain (2.6.2-2) unstable; urgency=low + + * Change configuration so that the pidfile used is /var/run/samhain.pid + instead of /var/run/samhain/samhain.pid + * Restore the NMU of version 2.2.3-6.1 in the debian/changelog history + and source (although the rmel alignment bug is currently commented + out) (Closes: #502820) + * Updated config.sub and config.guess (Closes: #539945) + * debian/rules changes: + - Use pidfile checks to stop the daemon (Closes: #533859) + - Use LSB messages + * Add /var/log/samhain/supervise to the directories to remove when purging + (this directory was created in older versions of Samhain) + * Include translations to debconf templates: + - Danish translation, provided by Joe Dalton (Closes: #586240) + - Brazilian Portuguese, provided by Flamarion Jorge (Closes: #619250) + + -- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Tue, 26 Apr 2011 00:08:29 +0200 + +samhain (2.6.2-1) unstable; urgency=low + + * New upstream release. + * Fix FTBFS on KFreeBSD by defining _GNU_SOURCE and adjusting + samhain-install.sh.in (Closes: #565820) + * Lintian fixes: + - Do not create /var/run/samhain in debian/dirs but, instead, do it in the + init script when the daemon is started. (LP: #391111, #878242) + - Fix debian/samhain.doc-base: section and PDf location + - debian/postinst: change absolute reference to samhain binary + - debian/control: Move Homepage to package header + - debian/copyright: Re-encode in UTF-8 + * Use debhelper compatibility version 5 adjusting debian/compat + and commenting out DH_COMPAT in debian/rules + + -- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Thu, 18 Feb 2010 23:24:52 +0100 + +samhain (2.5.4-2) unstable; urgency=low + + * Fix FTBFS on KFreeBSD by defining _GNU_SOURCE and adjusting + samhain-install.sh.in (Closes: #565820) + + -- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Thu, 18 Feb 2010 23:15:40 +0100 + +samhain (2.5.4-1) experimental; urgency=low + + * New upstream release, upload to experimental since it uses a new + dnmalloc allocator as a security measure against heap buffer overflows + and might introduce stability problems + + -- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Thu, 05 Mar 2009 09:03:09 +0100 + +samhain (2.4.6a-1) experimental; urgency=low + + * New upstream release (Closes: #493114) + * Update maintainer address + * Add procps to Build-Depends + * Adjust documentation handling for this new release in maintainer + build scripts + * Reenable GCC_STACK_PROTECT in the configure scripts to try to see if + #382617 reproduces. + + -- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 28 Sep 2008 18:05:27 +0200 + +samhain (2.2.3-6.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix armel alignment issues by aligning a buffer in the Tiger implementation + in src/sh_tiger0.c on a 32-bit boundary (Closes: #501231) + + -- Paul Wise <pabs@debian.org> Mon, 20 Oct 2008 11:52:16 +0800 + +samhain (2.2.3-6) unstable; urgency=low + + * Take over maintainership. Previous upload was not a proper NMU. + - Acknowledge changes in previous NMU. Actually, the fix + to the init.d script also fixed a long-standing bug, which had the same + symptoms (Closes: #499799, #255435) + + -- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 28 Sep 2008 17:59:50 +0200 + +samhain (2.2.3-5) unstable; urgency=low + + * Use "--oknodo" when stopping the daemon when restarting it + Closes: #499799 + + -- Christian Perrier <bubulle@debian.org> Sun, 28 Sep 2008 17:20:13 +0200 + +samhain (2.2.3-4) unstable; urgency=low + + * Add LSB header to the init.d script (Closes: #468167) + + -- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Fri, 21 Mar 2008 02:09:28 +0100 + +samhain (2.2.3-3) unstable; urgency=low + + * Add OS detection to support kFreeBSD and Hurd with patches provided + by Cyril Brulebois (Closes: #414151) + * Add --foreground option to the example in the README.Debian + (Closes: #390061) + * Add support for Prelude, using patch provided by Pierre Chifflier + (Closes: #312276) + * Add additional files to the default samhainrc as suggested by Olleg + Samoylov (Closes: #394622) + * Modify Makefile.in so that the samhain program is not installe the program + stripped, let dh_strip do his job (Closes: 437948) + + -- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 28 Oct 2007 21:53:52 +0100 + +samhain (2.2.3-2) unstable; urgency=low + + * Disable GCC_STACK_PROTECT from the autoconf definition as this + introduces a FTBFS currently. Should be reenabled once this + issue is fixed (Closes: #382617) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 19 Aug 2006 10:38:36 +0200 + +samhain (2.2.3-1) unstable; urgency=low + + * Upgrade to latest release + * Make samhain's configuration file mode 640 (instead of 644, users + don't need to read this file) + * Modify default samhainrc so it does not include /usr/X11R6/bin since + in the latest Xorg (v7) packages this directory is now a symlink + (Closes: #378320) + * Add /etc/nologin to the IgnoreAll section as suggested by Olleg Samoylov + (Closes: #381859) + * Add debconf translation to Portuguese contributed by Rui Branco (Note: had + to change the PO-Revision-Date since it was not properly defined and had + the default value) (Closes: #381446) + * Further modify Makefile.in so 'sstrip' doesn't even get compiled (as we + don't use it or redistribute it), it is also a pain to maintain as it + includes kernel headers and breaks occasionally. + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 17 Aug 2006 01:10:22 +0200 + +samhain (2.2.0-2) unstable; urgency=low + + * Include patch provided by upstream fix build issues in amd64 with + gcc 4.1 (Closes: #370808) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 9 Jun 2006 16:15:08 +0200 + +samhain (2.2.0-1) unstable; urgency=low + + * New upstream release (Closes: #366826) + * Include patch provided by upstream to fix build error + when building with autoconf 2.59d (Closes: #369503) + * Provide Swedish Debconf translation sent by Daniel Nylander + (Closes: #331582) + * Add information on how to build the server version and make new + packages in the README.Debian file. + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 5 Jun 2006 22:10:15 +0200 + +samhain (2.0.10a-4) unstable; urgency=low + + * Add Build-Depends on autoconf (Closes: #369387) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 30 May 2006 01:31:07 +0200 + +samhain (2.0.10a-3) unstable; urgency=low + + * Use AC_TRY_LINK instead of AC_TRY_COMPILE in aclocal.m4's + GCC_STACK_PROTECT_CC to prevent a FTBFS with gcc-4.1 in + mips (Closes: #358644) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 28 May 2006 19:17:49 +0200 + +samhain (2.0.10a-2) unstable; urgency=low + + * Make the package a non-native Debian package. + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 5 Nov 2005 16:00:30 +0100 + +samhain (2.0.10a-1) unstable; urgency=low + + * New upstream release. + * Update FSF address in debian/copyright (Closes #329046) + * Added Swedish translation provided by Daniel Nylander (Closes #331582) + * Fixed example in HOWTO-samhain+GnuPG.html to use --with-ftp (Closes: + #306462) + * Added /etc/postfix/prng_exch to the default samhainrc so that + it is not checked for size change (Closes: #320110) + * Commented out [Kernel] and [Utmp] sections in the default samhainrc file + as they don't apply to Linux (Closes: #306971) + * Properly purge samhain generate files (Closes: #333422) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 11 Oct 2005 23:31:17 +0200 + +samhain (2.0.9-1) unstable; urgency=low + + * New upstream release (Closes: #319587) + * Use debhelper compatibility version 4, adjust debian/rules + and remove debian/conffiles + * Fix location of doc-base documents (Closes: #306471) + * Added Vietnamese debconf translation provided by Clytie Siddall + (Closes: #317877) + * Removed usr/bin from debian/dirs as it is not needed + * Add Dependency on "debconf | debconf-2.0" as requested by Joey Hess + * Added copyright statements from the included libraries in debian/copyright + after a review of the COPYING file and the source code. + * Minor fixes in the header of debian/rules (20001 -> 2001 :-) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 28 Aug 2005 17:21:30 +0200 + +samhain (2.0.2a-2) unstable; urgency=low + + * Added check translation provided by Miroslav Kure (Closes: #294780) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 12 Feb 2005 12:32:32 +0100 + +samhain (2.0.2a-1) unstable; urgency=low + + * New upstream release (Closes: #259275) + - Fixes buffer overflow which can lead to local root compromise. + (no CVE entry) (Closes: #281199) + - Adjusted locations of files used under debian/ since they have + been moved in upstream sources + * Since profiles have been removed provide a samhainrc file under debian/ + - This new samhainrc file is based in the samhainrc.linux file with + the default values used in previous releases. It changes, however, + the mail subject so it's clearer to the admin that the messages + are sent by samhain. + * Modified Makefile so errors related to used targets are trapped + (Closes: #259958) + * Fixed apt.conf example in README.Debian (Closes: #269843) + * Included italian debian/po translation provided by Luca Monducci + (Closes: #280140) + * Added a new 'get-orig-source' target to retrieve the latest version + from the homepage. + * Replaced dh_installmanpages by dh_installman + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 14 Nov 2004 23:12:33 +0100 + +samhain (1.8.9-1) unstable; urgency=low + + * New upstream release (Closes: #238758) + * Added new docs provided in this release do debian/docs + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 3 Jul 2004 16:29:25 +0200 + +samhain (1.8.2-4) unstable; urgency=low + + * Included Japanese translation provided by Hideki Yamane (Closes: #243274) + * Added logfile rotation as suggested by Max Goodman (Closes: #251799) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 7 Jun 2004 10:37:04 +0200 + +samhain (1.8.2-3) unstable; urgency=low + + * Added e2fslibs-dev to Build-Depends (Closes: #229851) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 27 Jan 2004 23:08:41 +0100 + +samhain (1.8.2-2) unstable; urgency=low + + * Removed redundant dependancy on libgmp3 (lintian error) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 26 Jan 2004 22:00:10 +0100 + +samhain (1.8.2-1) unstable; urgency=low + + * New upstream release (Closes: #228958) + * Added more example files contributed under scripts/ to the package. + * Added more documents provided under DOCS/ + * Added README.Debian note about using samhain on sid systems and over + reports generated there (Closes: #226731) + * Sh_unix.c now includes ext2fs/ext2fs.h instead of the Linux kernel headers + (which are bound to break and should not be included by applications + directly) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 26 Jan 2004 20:42:55 +0100 + +samhain (1.7.10-4) unstable; urgency=medium + + * Fixed postinst so the database is only initialised if it + does not exist, otherwise it will get appended and will + grow in each upgrade (potentially making samhain slower every + time..) + * Added NEWS file for users suggesting the revision of their + state files due to this unreported bug. + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 20 Sep 2003 23:13:12 +0200 + +samhain (1.7.10-3) unstable; urgency=low + + * Added dutch po-debconf translation (Closes: #205167) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 24 Aug 2003 01:44:14 +0200 + +samhain (1.7.10-2) unstable; urgency=high + + * Updated config.sub and config.guess with latest version (Closes: #203795) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 3 Aug 2003 22:19:33 +0200 + +samhain (1.7.10-1) unstable; urgency=low + + * New upstream release (Closes: #199571) + * Moved to debconf po templates (Closes: #203671) + * Added french po translation (Closes: #203672) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 1 Aug 2003 17:37:42 +0200 + +samhain (1.7.8-1) unstable; urgency=low + + * New upstream release. + * Modified the debian/rules and debian/docs files in order to adjust + to the upstream changes in the upstream package. + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 14 Jun 2003 22:26:31 +0200 + +samhain (1.7.1a-6) unstable; urgency=low + + * Added ${shlibs:Depends} since samhain is no longer compiled + staticly (Closes: #196602) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 14 Jun 2003 22:11:20 +0200 + +samhain (1.7.1a-5) unstable; urgency=low + + * Now _reall_ removed the samhain.1.todo file + * Added debconf versioned dependancy to ensure start-stop + of samhain. + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 5 Apr 2003 18:12:21 +0200 + +samhain (1.7.1a-4) unstable; urgency=low + + * Changed from Architecture: all to any. Stupid me. + * Sstrip does not get called any longer (commented out in + # Makefile.in) (Closes: #148453) + * Re-enabled dh_strip + * Removed samhain.1.todo from Debian dir (was getting installed + as a manpage) + * Postinst was not starting properly the samhain database, when + was this removed???? + * Updating year in copyright file + * Improved the description of the package + * Removed dh_undocumented from debian/rules + * Added more info to the README file + * Modified Debian profiel so that nothing gets printed to /dev/console + (PrintSeverity) and so that higher priorities get logged to syslog + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 4 Apr 2003 20:19:50 +0200 + +samhain (1.7.1a-3) unstable; urgency=low + + * Now Architecture: all (Closes: #178883) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 30 Jan 2003 22:33:03 +0100 + +samhain (1.7.1a-2) unstable; urgency=low + + * Added a TODO file + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 10 Jan 2003 01:59:54 +0100 + +samhain (1.7.1a-1) unstable; urgency=low + + * New upstream release + * Added latest config.sub and config.guess files (Closes: #173073) + * Properly added an init script (I'm considering using the one provided in the package + for all Linux distributions, and have fixed a typo in it, but I'm not sure about doing + it just yet) + * Removed undocumented manpages of binaries no longer present + * Fixed many lintian errors + * Made it 'i386' only, still no clue about the ELF header bug #148453 + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 9 Jan 2003 20:17:21 +0100 + +samhain (1.6.1-2) unstable; urgency=low + + * Fixed typo in templates (unreported bug sent by Thomas Gebhardt) + * Move template.ru to templates.ru (!) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 18 Nov 2002 12:17:34 +0100 + +samhain (1.6.1-1) unstable; urgency=low + + * New upstream release (missed 1.5, oh well...) + * This package installs correctly (Closes: #152925) + * Since yule is no longer installed the "ELF header" bug does no longer stand + (Closes: #148453) + * Fixed upstream's Makefile to clean the binaries properly. + * Added a doc-base file for the manual. + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 6 Sep 2002 09:52:41 +0200 + +samhain (1.4.7-4) unstable; urgency=low + + * Compiled against libgmp3-dev and changed dependancies (Closes: #151218) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 29 Jun 2002 01:08:26 +0200 + +samhain (1.4.7-3) unstable; urgency=low + + * Added libgmp2 depends and build-depends (Closes: #148594) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 27 Jun 2002 01:56:05 +0200 + +samhain (1.4.7-2) unstable; urgency=low + + * Changed Makefile to strip and then sstrip (previous buildds did this + and worked for ia64). (Closes: #148463) + * Added (properly) german and russian template files + (Closes: #112158, #136607) + * Modified default samhainrc to properly work for Debian environments + (Closes: #131909) + * This *is* a new release upstream, should have closed this bug + previously (Closes: #148059) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 29 May 2002 14:09:56 +0200 + +samhain (1.4.7-1) unstable; urgency=low + + * Latest upstream release (stable) (Closes: + * Added missing dirs to debian/dirs. + * Added init.d as a conffile. + * Moved /var/samhain to /var/log/samhain and also make use of + other directories (/var/run, /var/lock/...) + * Fixed postinst script accordingly. + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 24 May 2002 19:37:15 +0200 + +samhain (1.3.0-4) unstable; urgency=low + + * Fixed init script to properly run samhain (Closes: #148057) + * Added german template file (Closes: #112158) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 30 Dec 2001 17:23:19 +0100 + +samhain (1.3.0-3) unstable; urgency=medium + + * Fixed postinst issue (Closes: #120575) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 22 Nov 2001 21:42:30 +0100 + +samhain (1.3.0-2) unstable; urgency=low + + * Fixed positinst (Closes: #115890) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 20 Nov 2001 15:59:17 +0100 + +samhain (1.3.0-1) unstable; urgency=low + + * New upstream version. + * Postinst does not fork when creating database (Closes: #115888) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 19 Nov 2001 17:06:15 +0100 + +samhain (1.2.6-4) unstable; urgency=high + + * Added debconf note and samhain initialization in background (Closes: #110841) + * Changed section to admin. + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 4 Sep 2001 19:42:25 +0200 + +samhain (1.2.6-3) unstable; urgency=low + + * Changed configure options so log files are installed in /var (Closes: #110668) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 30 Aug 2001 19:06:27 +0200 + +samhain (1.2.6-2) unstable; urgency=low + + * Added --oknodo to the Samhain stop in the init.d file (Closes: #110506) + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 29 Aug 2001 15:55:44 +0200 + +samhain (1.2.6-1) unstable; urgency=low + + * Initial Release. + + -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 20 Aug 2001 20:36:17 +0200 + diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/config b/debian/config new file mode 100644 index 0000000..02f1056 --- /dev/null +++ b/debian/config @@ -0,0 +1,9 @@ +# Debconf Config Script for samhain +# + +# Let's use debconf. +. /usr/share/debconf/confmodule + +# Show note. +db_input medium samhain/init-log || true +db_go diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..0c9043c --- /dev/null +++ b/debian/control @@ -0,0 +1,30 @@ +Source: samhain +Section: admin +Priority: optional +Maintainer: Daniel Baumann <daniel.baumann@progress-linux.org> +Build-Depends: debhelper (>> 9), autoconf, procps, libgmp3-dev, e2fslibs-dev, libprelude-dev, libauparse-dev [linux-any], autotools-dev, dh-autoreconf, libpcre3-dev +Standards-Version: 3.9.8 +Homepage: http://la-samhna.de/samhain/index.html + +Package: samhain +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, debconf (>= 1.2.9) | debconf-2.0 +Description: Data integrity and host intrusion alert system + Samhain is an integrity checker and host intrusion detection system that + can be used on single hosts as well as large, UNIX-based networks. + It supports central monitoring as well as powerful (and new) stealth + features to run undetected on memory using steganography. + . + Main features + * Complete integrity check + + uses cryptographic checksums of files to detect + modifications, + + can find rogue SUID executables anywhere on disk, and + * Centralized monitoring + + native support for logging to a central server via encrypted + and authenticated connections + * Tamper resistance + + database and configuration files can be signed + + logfile entries and e-mail reports are signed + + support for stealth operation + . diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..afcbaa3 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,392 @@ +This package was debianized by Javier Fernandez-Sanguino Peña <jfs@computer.org> + on Mon, 20 Aug 2001 20:36:17 +0200. + +It was downloaded from http://la-samhna.de/samhain/index.html + +Upstream Author: Rainer Wichmann <support at la-samhna dot de> + +Copyright: (c) 1999-2005 Rainer Wichmann + +Some portions (see below for details) are + + * Copyright (C) Ross Anderson and Eli Biham + * Copyright (C) Matt Bishop + * Copyright (C) Henrik.Johansson@Nexus.Comm.SE + * Copyright (C) 1996-1999 Markus Franz Xaver Johannes Oberhumer + * Copyright (C) 1990, 91, 92, 93, 94 Free Software Foundation, Inc. + * Copyright (c) 2000 Virtual Unlimited B.V. + * Copyright (C) 1995, A.M. Kuchling + * Copyright (C) Eircom Net Computer Incident Response Team + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * Copyright (C) 2005 Yoann Vandoorselaere, Prelude IDS Technologies + * Copyright (C) 2003 Red Hat, Inc + * Copyright (C) 1998,2001 Michael H. Buselli + * Copyright (C) 2000,2001,2002 Carnegie Mellon University + * Copyright (C) 2001 Jed Pickel <jed@pickel.net> + * Copyright (C) 2001 Andrew R. Baker <andrewb@farm9.com> + * Copyright (C) 2003 Manuel Novoa III + * Copyright (C) 1998 Kenneth Albanowski <kjahds@kjahds.com>, + The Silver Hammer Group, Ltd. + * Copyright (c) 1985, 1993, 1994 The Regents of the University of California. + * Copyright (c) 1993 by Digital Equipment Corporation. + * Copyright (c) 1996-1999 by Internet Software Consortium. + * Copyright (c) 1996-2001, The PostgreSQL Global Development Group + * Copyright (C) 1999-2001 by Brian Raiter + * Copyright 1991 by the Massachusetts Institute of Technology + * Copyright (c) 2000-2002 Cable & Wireless Deutschland GmbH + * Copyright (c) 2000-2002 The OpenPKG Project <http://www.openpkg.org/> + * Copyright (c) 2000-2002 Ralf S. Engelschall <rse@engelschall.com> + +License: +-------- + +This program ('samhain') is free software; you can redistribute it +and/or modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 of the +License, or (at your option) any later version. +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You can find a copy of the GNU GPL license in your Debian system under +/usr/share/common-licenses + +Some code has been incorporated from other projects, the following section +describes the licenses of incorporated code. + +Incorporated code +----------------- + + (i) Support for the TIGER cryptographic checksum algorithm + is provided by the reference implementation, which includes + the following statement: + + * Tiger: A Fast New Hash Function + * + * Ross Anderson and Eli Biham + * + * Tiger has no usage restrictions nor patents. It can be used freely, + * with the reference implementation, + * with other implementations or with + * a modification to the reference implementation (as long as it still + * implements Tiger). We only ask you to let us know about your + * implementation and to cite the origin of Tiger and of the reference + * implementation. + * + * The authors' home pages can be found both in + * http://www.cs.technion.ac.il/~biham/ and in + * http://www.cl.cam.ac.uk/users/rja14/. + * The authors' email addresses are biham@cs.technion.ac.il + * and rja14@cl.cam.ac.uk. + + + (ii) Support for testing write access by untrusted users + to any element in the path of a file is provided by the + public domain trustfile library, which includes the following + statement: + + * Author information: + * Matt Bishop + * Department of Computer Science + * University of California at Davis + * Davis, CA 95616-8562 + * phone (916) 752-8060 + * email bishop@cs.ucdavis.edu + * + * This code is placed in the public domain. I do ask that + * you keep my name associated with it, that you not represent + * it as written by you, and that you preserve these comments. + * This software is provided "as is" and without any guarantees + * of any sort. + + (iii) Support for big integer arithmetic is provided by the bignum + package (v. 1.2) by Henrik.Johansson@Nexus.Comm.SE, + which includes the following statement: + + * Everyone is allowed to distribute this package to anyone + * else, as long as all changes are recorded and mentioned. + * If you are including this in a commercial product, be sure + * to distribute _all_ of the package with the product. + * + * (...writing more stuff here later, but I guess everyone + * knows the approximate contents of it - no warranty, no + * charge, and so on. I guess it is like the GNU concept. + * Read that for further details...) + + (iv) Support for compression is provided by the (mini) LZO library, + which includes the following statement: + + * Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer + * Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer + * Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer + * Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer + * + * The LZO library is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * The LZO library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with the LZO library; see the file COPYING. + * If not, write to the Free Software Foundation, Inc., + * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + * + * Markus F.X.J. Oberhumer + * <markus.oberhumer@jk.uni-linz.ac.at> + * http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html + + (v) Support for determining the type of a file system is provided by + code from the GNU find(1) utility which includes the following statement: + + /* fstype.c -- determine type of filesystems that files are on + Copyright (C) 1990, 91, 92, 93, 94 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301, USA. + */ + + /* Written by David MacKenzie <djm@gnu.ai.mit.edu>. */ + + + (vi) Support for the MD5 hash algorithm is provided by code + from beecrypt which is distributed under the LGPL. + + /* + * md5.c + * + * MD5 hash function, code + * + * Copyright (c) 2000 Virtual Unlimited B.V. + * + * Author: Bob Deblier <bob@virtualunlimited.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + * MA 02110-1301, USA. + */ + + (vi) Support for the SHA-1 hash algorithm is provided by code + from mhash which includes the following statement: + + /* sha.c - Implementation of the Secure Hash Algorithm + * + * Copyright (C) 1995, A.M. Kuchling + * + * Distribute and use freely; there are no restrictions on further + * dissemination and usage except those imposed by the laws of your + * country of residence. + * + * Adapted to pike and some cleanup by Niels Möller. + */ + + /* $Id: sha1.c,v 1.2 2001/01/24 08:20:29 nmav Exp $ */ + + /* SHA: NIST's Secure Hash Algorithm */ + + /* Based on SHA code originally posted to sci.crypt by Peter Gutmann + in message <30ajo5$oe8@ccu2.auckland.ac.nz>. + Modified to test for endianness on creation of SHA objects by AMK. + Also, the original specification of SHA was found to have a weakness + by NSA/NIST. This code implements the fixed version of SHA. + */ + + (vii) Support for AVL Trees is provided by code + from AVLTree which includes the following statement: + + /* zAVLTree.h: Header file for zAVLTrees. + * Copyright (C) 1998,2001 Michael H. Buselli + * This is version 0.1.3 (alpha). + * Generated from $Id: xAVLTree.h.sh,v 1.5 2001/06/07 06:58:28 cosine Exp $ + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with this library; if not, write to the Free + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, + * USA. + * + * The author of this library can be reached at the following address: + * Michael H. Buselli + * 30051 N. Waukegan Rd. Apt. 103 + * Lake Bluff, IL 60044-5412 + * + * Or you can send email to <cosine@cosine.org>. + * The official web page for this product is: + * http://www.cosine.org/project/AVLTree/ + */ + + (viii) The modules sh_userfiles.c and sh_mounts.c have been + contributed by Eircom Net Computer Incident Response Team and + are authored by Jerry Connolly and Cian Synnott, respectively. + + They are released under the terms of the GNU General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version: + + "Feel free to GPL those files - + they were fully released by our company to the project. + + Cian + + -- + Cian Synnott + Eircom Net Computer Incident Response Team" + + (ix) Enhanced functionality for the SUID check has been + contributed with a patch copyright by Rob Rati <rob.rati@motorola.com>. + The patch is licensed under the GPL with the following statement: + + "Here is the patch with the aforementioned feature enhancements, and I + license all changes within this patch under the GNU Public License (GPL) + GNU General Public License as published by the Free Software Foundation; + either version 2 of the License, or (at your option) any later version." + + This package has been compiled to use the SRP authentication algorithm + (in an independent implementation, without any use of code from the + original SRP software). + The original SRP software contains the following license statement: + + The SRP License + --------------- + + SRP and all related technologies are free for both commercial and + non-commercial use. They are distributed under a standard + X11-style Open Source license which is shown below. + + The SRP distribution contains parts from various freeware + packages; these parts fall under both the SRP Open Source license + and any existing licenses. Care has been taken to ensure that + these licenses are compatible with Open Source distribution, + but it is the responsibility of the licensee to comply with these + licenses. The file "Copyrights" contains a list of the copyrights + incorporated by portions of the software. + + This software is covered under the following copyright: + + /* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + + + Prelude library is: + + /* + * Copyright (C) 2005 Yoann Vandoorselaere, Prelude IDS Technologies + * Rainer Wichmann + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file COPYING. If not, write to + * the Free Software Foundation, 51 Franklin St, Fifth Floor, Boston, + * MA 02110-1301, USA. + * + */ + + Samhain also includes code from the GNOME vfs library: + +/* gnome-vfs-unix-mounts.c - read and monitor fstab/mtab + + Copyright (C) 2003 Red Hat, Inc + + The Gnome Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + The Gnome Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public + License along with the Gnome Library; see the file COPYING.LIB. If not, + write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, + Boston, MA 02110-1301, USA. + + Author: Alexander Larsson <alexl@redhat.com> +*/ + + diff --git a/debian/dirs b/debian/dirs new file mode 100644 index 0000000..4e05262 --- /dev/null +++ b/debian/dirs @@ -0,0 +1,7 @@ +usr/sbin +usr/share/doc/samhain +etc/init.d +etc/samhain +var/log/samhain +var/lib/samhain +etc/logrotate.d diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..9f91591 --- /dev/null +++ b/debian/docs @@ -0,0 +1,17 @@ +samhain.jpg +docs/FAQ.html +docs/BUGS +docs/HOWTO-client+server.html +docs/HOWTO-client+server-troubleshooting.html +docs/HOWTO-samhain+GnuPG.html +docs/HOWTO-write-modules.html +docs/MANUAL-2_4.html.tar +docs/MANUAL-2_4.pdf +docs/MANUAL-2_4.epub +docs/README +docs/README.gcc_bug +docs/README.LZO +docs/README.sstrip +docs/README.UPGRADE +docs/sh_mounts.txt +docs/sh_userfiles.txt diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 0000000..cef83a3 --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] templates diff --git a/debian/po/cs.po b/debian/po/cs.po new file mode 100644 index 0000000..868317d --- /dev/null +++ b/debian/po/cs.po @@ -0,0 +1,39 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: samhain\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-07-26 22:57+0200\n" +"PO-Revision-Date: 2005-02-09 20:51+0100\n" +"Last-Translator: Miroslav Kure <kurem@debian.cz>\n" +"Language-Team: Czech <debian-l10n-czech@debian.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-2\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:3 +msgid "Samhain initialization" +msgstr "Inicializace Samhainu" + +#. Description +#: ../templates:3 +msgid "" +"The database used for Samhain will be initialized now. Any errors/messages " +"regarding this initialization can be recovered from /var/log/samhain/samhain-" +"init.log" +msgstr "" +"Nyn bude inicializovna databze Samhainu. Veker chyby s inicializac " +"spojen budou uchovny v souboru /var/log/samhain/samhain-init.log." diff --git a/debian/po/da.po b/debian/po/da.po new file mode 100644 index 0000000..fc26603 --- /dev/null +++ b/debian/po/da.po @@ -0,0 +1,35 @@ +# Danish translation Samhain. +# Copyright (C) 2010 Samhain & nedenstående oversættere. +# This file is distributed under the same license as the Samhain package. +# Joe Hansen <joedalton2@yahoo.dk>, 2010. +# +msgid "" +msgstr "" +"Project-Id-Version: Samhain\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-02-20 10:31+0100\n" +"PO-Revision-Date: 2010-06-17 17:30+01:00\n" +"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n" +"Language-Team: Danish <debian-l10n-danish@lists.debian.org> \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../templates:1001 +msgid "Samhain initialization" +msgstr "Initialisering af Samhain" + +#. Type: note +#. Description +#: ../templates:1001 +msgid "" +"The database used for Samhain will be initialized now. Any errors/messages " +"regarding this initialization can be recovered from /var/log/samhain/samhain-" +"init.log" +msgstr "" +"Databasen brugt til Samhain vil blive initialiseret nu. Alle fejl/beskeder " +"angående denne initialisering kan ses i /var/log/samhain/samhain-" +"init.log" + diff --git a/debian/po/de.po b/debian/po/de.po new file mode 100644 index 0000000..71822c1 --- /dev/null +++ b/debian/po/de.po @@ -0,0 +1,40 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: samhain 1.7.10-1\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-07-26 22:57+0200\n" +"PO-Revision-Date: 2003-08-01 16:40+0200\n" +"Last-Translator: Sebastian Feltel <sebastian@feltel.de>\n" +"Language-Team: German <debian-l10n-german@lists.debian.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:3 +msgid "Samhain initialization" +msgstr "Initialisierung von Samhain" + +#. Description +#: ../templates:3 +msgid "" +"The database used for Samhain will be initialized now. Any errors/messages " +"regarding this initialization can be recovered from /var/log/samhain/samhain-" +"init.log" +msgstr "" +"Die Datenbank fr Samhain wird jetzt initialisiert. Fehlermeldungen und " +"Hinweise dazu knnen Sie in der Datei /var/log/samhain/samhain-init.log " +"nachlesen." diff --git a/debian/po/es.po b/debian/po/es.po new file mode 100644 index 0000000..f033160 --- /dev/null +++ b/debian/po/es.po @@ -0,0 +1,41 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: samhain 1.7.10-1\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-07-26 22:57+0200\n" +"PO-Revision-Date: 2003-08-01 16:40+0200\n" +"Last-Translator: Javier Fernandez-Sanguino <jfs@debian.org>\n" +"Language-Team: Spanish translation list <debian-l10n-spanish@lists.debian." +"org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:3 +msgid "Samhain initialization" +msgstr "Inicializacin de Samhain" + +#. Description +#: ../templates:3 +msgid "" +"The database used for Samhain will be initialized now. Any errors/messages " +"regarding this initialization can be recovered from /var/log/samhain/samhain-" +"init.log" +msgstr "" +"Se va a inicializar ahora la base de datos utilizada por Samhain. Cualquier " +"error o mensaje de esta inicializacin puede ser consultado en /var/log/" +"samhain/samhain-init.log" diff --git a/debian/po/fr.po b/debian/po/fr.po new file mode 100644 index 0000000..53def24 --- /dev/null +++ b/debian/po/fr.po @@ -0,0 +1,38 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: samhain_1.7.1a-6\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-07-26 22:57+0200\n" +"PO-Revision-Date: 2003-07-29 06:58+0200\n" +"Last-Translator: Michel Grentzinger <mic.grentz@online.fr>\n" +"Language-Team: French <debian-l10n-french@lists.debian.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:3 +msgid "Samhain initialization" +msgstr "Initialisation de Samhain" + +#. Description +#: ../templates:3 +msgid "" +"The database used for Samhain will be initialized now. Any errors/messages " +"regarding this initialization can be recovered from /var/log/samhain/samhain-" +"init.log" +msgstr "" +"La base de donnes utilise pour Samhain va maintenant tre initialise. Les " +"messages et les erreurs relatifs cette initialisation seront consigns " +"dans /var/log/samhain/samhain-init.log." diff --git a/debian/po/it.po b/debian/po/it.po new file mode 100644 index 0000000..424da76 --- /dev/null +++ b/debian/po/it.po @@ -0,0 +1,32 @@ +# samhain po-debconf translation to italian
+# Copyright (C) 2004 Software in the Public Interest
+# This file is distributed under the same license as the samhain package.
+# Luca Monducci <luca.mo@tiscali.it>, 2004.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: samhain 1.8.9 debconf templates\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2003-07-26 22:57+0200\n"
+"PO-Revision-Date: 2004-11-07 14:51+0100\n"
+"Last-Translator: Luca Monducci <luca.mo@tiscali.it>\n"
+"Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Description
+#: ../templates:3
+msgid "Samhain initialization"
+msgstr "Inizializzazione di Samhain"
+
+#. Description
+#: ../templates:3
+msgid ""
+"The database used for Samhain will be initialized now. Any errors/messages "
+"regarding this initialization can be recovered from /var/log/samhain/samhain-"
+"init.log"
+msgstr ""
+"Adesso verrà inizializzato il database usato da Samhain. Qualsiasi errore "
+"o messaggio relativo a questa inizializzazione può essere consultato in "
+"/var/log/samhain/samhain-init.log"
diff --git a/debian/po/ja.po b/debian/po/ja.po new file mode 100644 index 0000000..8f33eed --- /dev/null +++ b/debian/po/ja.po @@ -0,0 +1,42 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: samhain 1.8.2-3\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2004-04-12 15:07+0900\n" +"PO-Revision-Date: 2004-04-12 15:18+0900\n" +"Last-Translator: Hideki Yamane <henrich@samba.gr.jp>\n" +"Language-Team: Japanese <debian-japanese@lists.debian.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=EUC-JP\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../templates:3 +msgid "Samhain initialization" +msgstr "samhain ν" + +#. Type: note +#. Description +#: ../templates:3 +msgid "" +"The database used for Samhain will be initialized now. Any errors/messages " +"regarding this initialization can be recovered from /var/log/samhain/samhain-" +"init.log" +msgstr "" +"samhain ǻѤǡ١ޤν˴ؤ륨顼" +" /var/log/samhain/samhain-init.log dzǧǤޤ" diff --git a/debian/po/nl.po b/debian/po/nl.po new file mode 100644 index 0000000..b50b07c --- /dev/null +++ b/debian/po/nl.po @@ -0,0 +1,40 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: samhain\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-07-26 22:57+0200\n" +"PO-Revision-Date: 2003-08-12 17:16+0100\n" +"Last-Translator: Bart Cornelis <cobaco@linux.be>\n" +"Language-Team: dutch <debian-l10n-dutch@lists.debian.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:3 +msgid "Samhain initialization" +msgstr "Samhain initializatie" + +#. Description +#: ../templates:3 +msgid "" +"The database used for Samhain will be initialized now. Any errors/messages " +"regarding this initialization can be recovered from /var/log/samhain/samhain-" +"init.log" +msgstr "" +"De voor Samhain gebruikte database zal nu genitializeerd worden. Alle " +"foutmelding betreffende deze initializatie vind u terug in /var/log/samhain/" +"samhain-init.log" diff --git a/debian/po/pt.po b/debian/po/pt.po new file mode 100644 index 0000000..93a8261 --- /dev/null +++ b/debian/po/pt.po @@ -0,0 +1,33 @@ +# Portuguese translation for samhain debconf messages. +# This file is distributed under the same license as the samhain package. +# Luísa Lourenço <kikentai@gmail.com>, 2006 +# +msgid "" +msgstr "" +"Project-Id-Version: samhain 2.2.0-2\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2006-06-28 08:43-0600\n" +"PO-Revision-Date: 2006-08-04 14:48+0000\n" +"Last-Translator: Luísa Lourenço <kikentai@gmail.com>\n" +"Language-Team: Native Portuguese <traduz@debianpt.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../templates:3 +msgid "Samhain initialization" +msgstr "Inicialização do Samhain" + +#. Type: note +#. Description +#: ../templates:3 +msgid "" +"The database used for Samhain will be initialized now. Any errors/messages " +"regarding this initialization can be recovered from /var/log/samhain/samhain-" +"init.log" +msgstr "" +"A base de dados usada pelo Samhain será inicializada agora. Quaisquer " +"erros/mensagens acerca desta inicialização podem ser recuperadas em " +"/var/log/samhain/samhain-init.log" diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po new file mode 100644 index 0000000..ffe3ba8 --- /dev/null +++ b/debian/po/pt_BR.po @@ -0,0 +1,36 @@ +# Debconf translations for samhain. +# Copyright (C) 2011 THE samhain'S COPYRIGHT HOLDER +# This file is distributed under the same license as the samhain package. +# Flamarion Jorge <jorge.flamarion@gmail.com>, 2011. +# +msgid "" +msgstr "" +"Project-Id-Version: samhain 2.6.2-1\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2010-02-20 10:31+0100\n" +"PO-Revision-Date: 2011-03-19 11:17-0300\n" +"Last-Translator: Flamarion Jorge <jorge.flamarion@gmail.com>\n" +"Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian." +"org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: pt_BR\n" + +#. Type: note +#. Description +#: ../templates:1001 +msgid "Samhain initialization" +msgstr "Inicialização do Samhain" + +#. Type: note +#. Description +#: ../templates:1001 +msgid "" +"The database used for Samhain will be initialized now. Any errors/messages " +"regarding this initialization can be recovered from /var/log/samhain/samhain-" +"init.log" +msgstr "" +"O banco de dados usado pelo Samhain será inicializado agora. Quaisquer erros/" +"mensagens relacionadas a essa inicialização podem ser recuperados a partir " +"de /var/log/samhain/samhain-init.log" diff --git a/debian/po/ru.po b/debian/po/ru.po new file mode 100644 index 0000000..752efd4 --- /dev/null +++ b/debian/po/ru.po @@ -0,0 +1,40 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: samhain 1.7.10-1\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-07-26 22:57+0200\n" +"PO-Revision-Date: 2003-08-01 16:40+0200\n" +"Last-Translator: Ilgiz Kalmetev <ilgiz@bashtelecom.ru>\n" +"Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=KOI8-R\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:3 +msgid "Samhain initialization" +msgstr " Samhain" + +#. Description +#: ../templates:3 +msgid "" +"The database used for Samhain will be initialized now. Any errors/messages " +"regarding this initialization can be recovered from /var/log/samhain/samhain-" +"init.log" +msgstr "" +" , Samhain, . " +"/ /var/" +"log/samhain/samhain-init.log" diff --git a/debian/po/sv.po b/debian/po/sv.po new file mode 100644 index 0000000..a1e0933 --- /dev/null +++ b/debian/po/sv.po @@ -0,0 +1,39 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# , fuzzy +# +# +msgid "" +msgstr "" +"Project-Id-Version: samhain 2.0.9-1\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-07-26 22:57+0200\n" +"PO-Revision-Date: 2005-10-05 05:34+0200\n" +"Last-Translator: Daniel Nylander <po@danielnylander.se>\n" +"Language-Team: Swedish <sv@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit" + +#. Description +#: ../templates:3 +msgid "Samhain initialization" +msgstr "Samhain frbereder sig" + +#. Description +#: ../templates:3 +msgid "" +"The database used for Samhain will be initialized now. Any errors/messages " +"regarding this initialization can be recovered from /var/log/samhain/samhain-" +"init.log" +msgstr "" +"Databasen som anvnds fr Samhain kommer att frberedas nu. Alla fel/meddelanden " +"som denna process kan hmtas frn /var/log/samhain/samhain-init.log" + diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 0000000..f592426 --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,38 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-07-26 22:57+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:3 +msgid "Samhain initialization" +msgstr "" + +#. Description +#: ../templates:3 +msgid "" +"The database used for Samhain will be initialized now. Any errors/messages " +"regarding this initialization can be recovered from /var/log/samhain/samhain-" +"init.log" +msgstr "" diff --git a/debian/po/vi.po b/debian/po/vi.po new file mode 100644 index 0000000..a5f24b8 --- /dev/null +++ b/debian/po/vi.po @@ -0,0 +1,30 @@ +# Vietnamese translation for samhain. +# Copyright © 2005 Free Software Foundation, Inc. +# Clytie Siddall <clytie@riverland.net.au>, 2005. +# +msgid "" +msgstr "" +"Project-Id-Version: samhain 2.0.2a-2\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-07-26 22:57+0200\n" +"PO-Revision-Date: 2005-07-12 16:26+0930\n" +"Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n" +"Language-Team: Vietnamese <gnomevi-list@lists.sourceforge.net>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0\n" +"X-Generator: LocFactoryEditor 1.2.2\n" + +#. Description +#: ../templates:3 +msgid "Samhain initialization" +msgstr "Khởi động Samhain" + +#. Description +#: ../templates:3 +msgid "" +"The database used for Samhain will be initialized now. Any errors/messages " +"regarding this initialization can be recovered from /var/log/samhain/samhain-" +"init.log" +msgstr "Lúc này sẽ khởi tạo cơ sở dữ liệu được dùng cho Samhain. Có thể phục hồi thông tin lỗi / thông điệp nào về việc khởi tạo này từ bản ghi «/var/log/samhain/samhain-init.log»." diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 0000000..fe33a7d --- /dev/null +++ b/debian/postinst @@ -0,0 +1,28 @@ +#!/bin/sh -e + +. /usr/share/debconf/confmodule +test $DEBIAN_SCRIPT_DEBUG && set -v -x + + +case "$1" in + install) + ;; + upgrade) + ;; + configure) + # Do not do anything. In the past we setup samhain's database but + # that would send a mail to root on installation and was determined + # to be unwise (see Debian Bug #749602) + ;; + abort-upgrade|abort-remove|abort-deconfigure) + ;; + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + + +#DEBHELPER# + +exit 0 diff --git a/debian/postrm b/debian/postrm new file mode 100644 index 0000000..236c646 --- /dev/null +++ b/debian/postrm @@ -0,0 +1,31 @@ +#! /bin/sh +# postrm script for samhain +# +# see: dh_installdeb(1) + +set -e + +case "$1" in + purge) + for dir in /var/log/samhain/supervise /var/log/samhain /var/lib/samhain /var/run/samhain /var/state/samhain + do + [ -d "$dir" ] && { + find $dir -type f -exec rm -f {} \; + rmdir $dir + } + done + + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) +# Do nothing + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# diff --git a/debian/preinst b/debian/preinst new file mode 100644 index 0000000..aae4d0d --- /dev/null +++ b/debian/preinst @@ -0,0 +1,26 @@ +# Preinstall file for samhain + + +case "$1" in + install|upgrade) +# If there are files in /var/state from previous version of Samhain +# them move all the files and remove the old directory (deprecated since +# 3.1.0-7) + if [ -e /var/state/samhain/ ] ; then + [ ! -e /var/lib/samhain ] && mkdir -p /var/lib/samhain + mv /var/state/samhain/* /var/lib/samhain + rmdir /var/state/samhain/ || true + fi + ;; + abort-upgrade) + ;; + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + + +#DEBHELPER# + +exit 0 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..56eb6ed --- /dev/null +++ b/debian/rules @@ -0,0 +1,149 @@ +#!/usr/bin/make -f +# debian/rules for samhain +# Copyright (C) 2001 to 2016 by Javier Fernandez-Sanguino + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatability version to use. +# export DH_COMPAT=5 + +# Disable dnmalloc for most architectures except for +# those known to work (i386 and amd64). +# For more information see: +# http://www.la-samhna.de/samhain/manual/dnmalloc.html +ifeq (linux,$(DEB_HOST_ARCH_OS)) +ifeq (amd64,$(DEB_HOST_ARCH)) +DNMALLOC = --enable-dnmalloc +else ifeq (i386,$(DEB_HOST_ARCH)) +DNMALLOC = --enable-dnmalloc +else +DNMALLOC = --disable-dnmalloc +endif +else +ifeq (amd64,$(DEB_HOST_ARCH)) +DNMALLOC = --enable-dnmalloc +else ifeq (i386,$(DEB_HOST_ARCH)) +DNMALLOC = --enable-dnmalloc +else +DNMALLOC = --disable-dnmalloc +endif +endif + +ifeq (x86_64,$(DEB_HOST_GNU_CPU)) +DISABLE_ASM = --disable-asm +endif + +%: + dh $@ --with-autoreconf + +override_dh_auto_configure: + ./configure --prefix=/usr --mandir=\$${prefix}/share/man \ + --with-config-file=/etc/samhain/samhainrc \ + --with-state-dir=/var/lib/samhain \ + --with-prelude \ + $(DNMALLOC) \ + $(DISABLE_ASM) \ + --enable-network=no \ + --enable-login-watch \ + --enable-mounts-check \ + --enable-logfile-monitor \ + --enable-process-check \ + --enable-port-check \ + --enable-suidcheck \ + --with-pid-file=/var/run/samhain/samhain.pid \ + --with-log-file=/var/log/samhain/samhain.log + +override_dh_clean: + [ ! -f Makefile ] || $(MAKE) distclean + -rm -f samhainrc.install + -rm -f build-stamp build-server-stamp build-client-stamp + dh_clean + + +override_dh_installdirs: + dh_installdirs + # Fix the permissions + chmod o-rX `pwd`/debian/samhain/var/log/samhain \ + `pwd`/debian/samhain/var/lib/samhain \ + `pwd`/debian/samhain/etc/samhain + +override_dh_install: + $(MAKE) install install-boot DESTDIR=`pwd`/debian/samhain + # However, remove the rc.d links + -rm -rf `pwd`/debian/samhain/etc/rc?.d + # Remove /var/run/samhain from the package, it is created by the init script + -rm -rf `pwd`/debian/samhain/var/run/samhain + + +override_dh_installdocs: + dh_installdocs + [ -f debian/samhain/usr/share/doc/samhain/MANUAL-2_4.html.tar ] && \ + cd debian/samhain/usr/share/doc/samhain && \ + tar xf MANUAL-2_4.html.tar && mv MANUAL-2_4 manual.html && \ + rm -f MANUAL-2_4.html.tar + +override_dh_installinit: + dh_installinit -- defaults 19 + +override_dh_installchangelogs: + dh_installchangelogs docs/Changelog + +# TODO: create install targets for client and server +# Builds the server (Yule) +# See http://www.la-samhna.de/samhain/manual/yule.html +build-server: build-server-stamp +build-server-stamp: + dh_testdir + ./configure --prefix=/usr --mandir=\$${prefix}/share/man \ + --with-config-file=/etc/yule/yulerc \ + --with-state-dir=/var/lib/yule \ + --with-prelude \ + $(DNMALLOC) \ + --enable-network=server \ + --enable-login-watch \ + --enable-mounts-check \ + --enable-logfile-monitor \ + --enable-process-check \ + --enable-port-check \ + --enable-suidcheck \ + --with-pid-file=/var/run/samhain/yule.pid \ + --with-log-file=/var/log/samhain/yule.log + $(MAKE) + touch build-server-stamp + +# Build the Samhain client +build-client: build-client-stamp +build-client-stamp: + dh_testdir + ./configure --prefix=/usr --mandir=\$${prefix}/share/man \ + --with-config-file=/etc/samhain/samhainrc \ + --with-state-dir=/var/lib/samhain \ + --with-prelude \ + $(DNMALLOC) \ + --enable-network=client \ + --enable-login-watch \ + --enable-mounts-check \ + --enable-logfile-monitor \ + --enable-process-check \ + --enable-port-check \ + --enable-suidcheck \ + --with-pid-file=/var/run/samhain/samhain.pid \ + --with-log-file=/var/log/samhain/samhain.log + $(MAKE) + touch build-client-stamp + + +get-orig-source: + @echo "Retrieving source" + wget -q -O samhain-current.tar.gz http://la-samhna.de/samhain/samhain-current.tar.gz + @echo "Extracting source" + tar -zxf samhain-current.tar.gz + @echo "Verifying source" + # Take the latest version + file=`tar -ztf samhain-current.tar.gz |grep -v asc | head -1`; \ + gpgfile=`tar -ztf samhain-current.tar.gz |grep asc | head -1`; \ + newfile=`echo $$file | sed -e 's/-/_/; s/\.tar/.orig.tar/'`; \ + mv $$file $$newfile; \ + gpg -q --verify $$gpgfile $$newfile + rm -f samhain-current.tar.gz diff --git a/debian/samhain.doc-base b/debian/samhain.doc-base new file mode 100644 index 0000000..8538723 --- /dev/null +++ b/debian/samhain.doc-base @@ -0,0 +1,16 @@ +Document: samhain-manual +Title: Samhain Manual +Author: Rainer Wichmann +Abstract: This manual describes what samhain is + and how it can be used to check the file integrity of your + server. +Section: System/Security + + +Format: PDF +Files: /usr/share/doc/samhain/MANUAL-2_4.pdf.gz + +Format: HTML +Index: /usr/share/doc/samhain/manual.html/index.html +Files: /usr/share/doc/samhain/manual.html/*.html + diff --git a/debian/samhain.examples b/debian/samhain.examples new file mode 100644 index 0000000..eb95e92 --- /dev/null +++ b/debian/samhain.examples @@ -0,0 +1,11 @@ +scripts/example_pager.pl +scripts/example_sms.pl +yulerc.template +samhainrc.linux +scripts/README +scripts/samhainadmin.pl +scripts/samhain.cgi +scripts/samhain.xsl +scripts/samhain.dtd +scripts/chroot.sh +scripts/*spec diff --git a/debian/samhain.init b/debian/samhain.init new file mode 100644 index 0000000..858d569 --- /dev/null +++ b/debian/samhain.init @@ -0,0 +1,120 @@ +#! /bin/sh +# +# Init.d file for Samhain, based on the example init.d file written by +# Miquel van Smoorenburg and modified for Debian GNU/Linux by Ian Murdock +# +### BEGIN INIT INFO +# Provides: samhain +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +### END INIT INFO +# + +prefix="/usr" +exec_prefix="${prefix}" + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=${exec_prefix}/sbin/samhain +NAME=samhain +DESC="file integrity checker" +PIDFILE=/var/run/${NAME}/${NAME}.pid + +test -x $DAEMON || exit 0 + +. /lib/lsb/init-functions + +set -e + +# Check if a daemon is running +running() +{ +# Check with pidfile first, if available + if [ -r "$PIDFILE" ] ; then + pid=`cat $PIDFILE` +# No pid, probably no daemon present + if [ -n "$pid" ] ; then + pidofproc -p $PIDFILE $DAEMON + return $? + fi + fi +# Try to find the daemon by name + pidof $DAEMON >/dev/null + return $? +} + +# Initialize +init_db() +{ +# Initialize the database only if does not exist yet, abort if +# it cannot be created + [ -f /var/lib/samhain/samhain_file ] && return + log_progress_msg "Creating integrity database (this can take some minutes)." + samhain -t init >/var/log/samhain/samhain-init.log 2>&1 + if [ ! -f /var/lib/samhain/samhain_file ] ; then + log_failure_msg "Database could not be created. Review /var/log/samhain/samhain-init.log" + log_end_msg 1 + exit 1 + fi + log_progress_msg "Database created." +} + + + +case "$1" in + start) + [ ! -e /var/run/${NAME} ] && mkdir -p /var/run/${NAME} + log_begin_msg "Starting $DESC: $NAME" + init_db + start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON + log_end_msg $? + ;; + stop) + log_begin_msg "Stopping $DESC: $NAME" + start-stop-daemon --stop --quiet --retry 5 --oknodo --pidfile $PIDFILE --name $NAME + log_end_msg $? + ;; + reload) + log_begin_msg "Reloading $DESC configuration files: $NAME" + if running ; then + start-stop-daemon --stop --signal 1 --quiet --exec $DAEMON + log_end_msg $? + else + log_daemon_msg " ERROR: $DAEMON is not running." + log_end_msg 1 + fi + + ;; + restart|force-reload) + log_begin_msg "Restarting $DESC: $NAME" + if running; then + start-stop-daemon --stop --quiet --retry 5 --oknodo --pidfile $PIDFILE --name $NAME + for i in 1 2 3 ; do + if ! running; then break ; fi + sleep 1 + done + fi + if ! running ; then + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON + log_end_msg $? + else + log_daemon_msg " ERROR: $DAEMON did not die in the expected time, will not restart/force-reload" + log_end_msg 1 + fi + ;; + status) + if [ -e $PIDFILE ] ; then + status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $? + else + status_of_proc $DAEMON $NAME && exit 0 || exit $? + fi + ;; + *) + N=/etc/init.d/${0##*/} + echo "Usage: $N {start|stop|restart|reload|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/samhain.install b/debian/samhain.install new file mode 100644 index 0000000..88de4d1 --- /dev/null +++ b/debian/samhain.install @@ -0,0 +1,3 @@ +#!/usr/bin/dh-exec +debian/samhainrc => /etc/samhain/samhainrc +debian/samhain.logrotate.d => /etc/logrotate.d/samhain diff --git a/debian/samhain.logrotate.d b/debian/samhain.logrotate.d new file mode 100644 index 0000000..025611e --- /dev/null +++ b/debian/samhain.logrotate.d @@ -0,0 +1,14 @@ +/var/log/samhain/*.log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + if [ -f /var/run/samhain/samhain.pid ]; then \ + /etc/init.d/samhain reload > /dev/null; fi + endscript +} diff --git a/debian/samhain.manpages b/debian/samhain.manpages new file mode 100644 index 0000000..5d9afd1 --- /dev/null +++ b/debian/samhain.manpages @@ -0,0 +1,2 @@ +man/samhain.8 +man/samhainrc.5 diff --git a/debian/samhainrc b/debian/samhainrc new file mode 100644 index 0000000..a5ba9be --- /dev/null +++ b/debian/samhainrc @@ -0,0 +1,708 @@ +##################################################################### +# +# Configuration file template for samhain. +# +##################################################################### +# +# -- empty lines and lines starting with '#', ';' or '//' are ignored +# -- boolean options can be Yes/No or True/False or 1/0 +# -- you can PGP clearsign this file -- samhain will check (if compiled +# with support) or otherwise ignore the signature +# -- CHECK mail address +# +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### +# +# SETUP for file system checking: +# +# (i) There are several policies, each has its own section. Put files +# into the section for the appropriate policy (see below). +# (ii) Section [EventSeverity]: +# To each policy, you can assign a severity (further below). +# (iii) Section [Log]: +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### + +##################################################################### +# +# Files are defined with: file = /absolute/path +# +# Directories are defined with: dir = /absolute/path +# or with an optional recursion depth (N <= 99): dir = N/absolute/path +# +# Directory inodes are checked. If you only want to check files +# in a directory, but not the directory inode itself, use (e.g.): +# +# [ReadOnly] +# dir = /some/directory +# [IgnoreAll] +# file = /some/directory +# +# You can use shell-style globbing patterns, like: file = /path/foo* +# +###################################################################### + +[Misc] +## +## Add or subtract tests from the policies +## - if you want to change their definitions, +## you need to do that before using the policies +## +# RedefReadOnly = (no default) +# RedefAttributes=(no default) +# RedefLogFiles=(no default) +# RedefGrowingLogFiles=(no default) +# RedefIgnoreAll=(no default) +# RedefIgnoreNone=(no default) +# RedefUser0=(no default) +# RedefUser1=(no default) + +[Attributes] +## +## for these files, only changes in permissions and ownership are checked +## +file=/etc/mtab +file=/etc/ssh_random_seed +file=/etc/asound.conf +file=/etc/resolv.conf +file=/etc/localtime +file=/etc/ioctl.save +file=/etc/passwd.backup +file=/etc/shadow.backup +file=/etc/postfix/prng_exch +file=/etc/adjtime +file=/etc/network/run/ifstate +file=/etc/lvm/.cache +file=/etc/ld.so.cache + +# +# There are files in /etc that might change, thus changing the directory +# timestamps. Put it here as 'file', and in the ReadOnly section as 'dir'. +# +file=/etc + +[LogFiles] +## +## for these files, changes in signature, timestamps, and size are ignored +## +file=/var/run/utmp +file=/etc/motd + + + +##################################################################### +# +# This would be the proper syntax for parts that should only be +# included for certain hosts. +# You may enclose anything in a @HOSTNAME/@end bracket, as long as the +# result still has the proper syntax for the config file. +# You may have any number of @HOSTNAME/@end brackets. +# HOSTNAME should be the fully qualified 'official' name +# (e.g. 'nixon.watergate.com', not 'nixon'), no aliases. +# No IP number - except if samhain cannot determine the +# fully qualified hostname. +# +# @HOSTNAME +# file=/foo/bar +# @end +# +# These are two examples for conditional inclusion/exclusion +# of a machine based on the output from 'uname -srm' +# +# $Linux:2.*.7:i666 +# file=/foo/bar3 +# $end +# +# !$Linux:2.*.7:i686 +# file=/foo/bar2 +# $end +# +##################################################################### + +[GrowingLogFiles] +## +## for these files, changes in signature, timestamps, and increase in size +## are ignored +## +file=/var/log/warn +file=/var/log/messages +file=/var/log/wtmp +file=/var/log/faillog +file=/var/log/auth.log +file=/var/log/daemon.log +file=/var/log/user.log +file=/var/log/kern.log +file=/var/log/syslog + + +[IgnoreAll] +## +## for these files, no modifications are reported +## +## This file might be created or removed by the system sometimes. +## +file=/etc/resolv.conf.pcmcia.save +file=/etc/nologin +file=/etc/network/run + + +[IgnoreNone] +## +## for these files, all modifications (even access time) are reported +## - you may create some interesting-looking file (like /etc/safe_passwd), +## just to watch whether someone will access it ... +## + +[Prelink] +## +## Use for prelinked files or directories holding them +## + + +[ReadOnly] +## +## for these files, only access time is ignored +## +dir=/usr/bin +dir=/bin +dir=/boot +# +# SuSE (old) has the boot init scripts in /sbin/init.d/*, +# so we go 3 levels deep +# +dir=3/sbin +dir=/usr/sbin +dir=/lib +# +# RedHat and Debian have the bootinit scripts in /etc/init.d/* or /etc/rc.d/*, +# so we go 3 levels deep there too +# +dir=3/etc + +# Various directories / files that may include / be SUID/SGID binaries +# +# +file=/usr/lib/pt_chown +# X11, in Debian X7 this is now a symlink +#dir=/usr/X11R6/bin +#dir=/usr/X11R6/lib/X11/xmcd/bin +# Apache: +#file=/usr/lib/apache/suexec +#file=/usr/lib/apache/suexec.disabled +# Extra directories: +#dir=/opt/gnome/bin +#dir=/opt/kde/bin + +[User0] +[User1] +## User0 and User1 are sections for files/dirs with user-definable checking +## (see the manual) + + +[EventSeverity] +## +## Here you can assign severities to policy violations. +## If this severity exceeds the treshold of a log facility (see below), +## a policy violation will be logged to that facility. +## +## Severity for verification failures. +## +# SeverityReadOnly=crit +# SeverityLogFiles=crit +# SeverityGrowingLogs=crit +# SeverityIgnoreNone=crit +# SeverityAttributes=crit +# SeverityUser0=crit +# SeverityUser1=crit + +# Default behaviour +SeverityReadOnly=crit +SeverityLogFiles=crit +SeverityGrowingLogs=warn +SeverityIgnoreNone=crit +SeverityAttributes=crit + + +## +## We have a file in IgnoreAll that might or might not be present. +## Setting the severity to 'info' prevents messages about deleted/new file. +## +# SeverityIgnoreAll=crit +SeverityIgnoreAll=info + +## Files : file access problems +# SeverityFiles=crit + +## Dirs : directory access problems +# SeverityDirs=crit + +## Names : suspect (non-printable) characters in a pathname +# SeverityNames=crit + +# Default behaviour +SeverityFiles=crit +SeverityDirs=crit +SeverityNames=warn + + +[Log] +## +## Switch on/OFF log facilities and set their threshold severity +## +## Values: debug, info, notice, warn, mark, err, crit, alert, none. +## 'mark' is used for timestamps. +## +## +## Use 'none' to SWITCH OFF a log facility +## +## By default, everything equal to and above the threshold is logged. +## The specifiers '*', '!', and '=' are interpreted as +## 'all', 'all but', and 'only', respectively (like syslogd(8) does, +## at least on Linux). Examples: +## MailSeverity=* +## MailSeverity=!warn +## MailSeverity==crit + +## E-mail +## +# MailSeverity=none + +## Console +## +# PrintSeverity=info + +## Logfile +## +# LogSeverity=mark + +## Syslog +## +# SyslogSeverity=none + +## Remote server (yule) +## +# ExportSeverity=none + +## External script or program +## +# ExternalSeverity = none + +## Logging to a database +## +# DatabaseSeverity = none + +# Default behaviour +MailSeverity=crit +PrintSeverity=none +LogSeverity=info +SyslogSeverity=alert +ExportSeverity=none + + + + + +##################################################### +# +# Optional modules +# +##################################################### + +# [SuidCheck] +## +## --- Check the filesystem for SUID/SGID binaries +## + +## Switch on +# +# SuidCheckActive = yes + +## Interval for check (seconds) +# +# SuidCheckInterval = 7200 + +## Alternative: crontab-like schedule +# +# SuidCheckSchedule = NULL + +## Directory to exclude +# +# SuidCheckExclude = NULL + +## Limit on files per second (0 == no limit) +# +# SuidCheckFps = 0 + +## Alternative: yield after every file +# +# SuidCheckYield = no + +## Severity of a detection +# +# SeveritySuidCheck = crit + +## Quarantine SUID/SGID files if found +# +# SuidCheckQuarantineFiles = yes + +## Method for Quarantining files: +# 0 - Delete or truncate the file. +# 1 - Remove SUID/SGID permissions from file. +# 2 - Move SUID/SGID file to quarantine dir. +# +# SuidCheckQuarantineMethod = 0 + +## For method 1 and 3, really delete instead of truncating +# +# SuidCheckQuarantineDelete = yes + +# [Kernel] +## +## --- Check for loadable kernel module rootkits (Linux/FreeBSD only) +## + +## Switch on/off +# +# KernelCheckActive = True + +## Check interval (seconds); btw., the check is VERY fast +# +# KernelCheckInterval = 300 + +## Severity +# +# SeverityKernel = crit + + +# [Utmp] +## +## --- Logging of login/logout events +## + +## Switch on/off +# +# LoginCheckActive = True + +## Severity for logins, multiple logins, logouts +# +# SeverityLogin=info +# SeverityLoginMulti=warn +# SeverityLogout=info + +## Interval for login/logout checks +# +# LoginCheckInterval = 300 + + +# [Database] +## +## --- Logging to a relational database +## + +## Database name +# +# SetDBName = samhain + +## Database table +# +# SetDBTable = log + +## Database user +# +# SetDBUser = samhain + +## Database password +# +# SetDBPassword = (default: none) + +## Database host +# +# SetDBHost = localhost + +## Log the server timestamp for received messages +# +# SetDBServerTstamp = True + +## Use a persistent connection +# +# UsePersistent = True + +# [External] +## +## Interface to call external scripts/programs for logging +## + +## The absolute path to the command +## - Each invocation of this directive will end the definition of the +## preceding command, and start the definition of +## an additional, new command +# +# OpenCommand = (no default) + +## Type (log or rv) +## - log for log messages, srv for messages received by the server +# +# SetType = log + +## The command (full command line) to execute +# +# SetCommandLine = (no default) + +## The environment (KEY=value; repeat for more) +# +# SetEnviron = TZ=(your timezone) + +## The TIGER192 checksum (optional) +# +# SetChecksum = (no default) + +## User who runs the command +# +# SetCredentials = (default: samhain process uid) + +## Words not allowed in message +# +# SetFilterNot = (none) + +## Words required (ALL of them) +# +# SetFilterAnd = (none) + +## Words required (at least one) +# +# SetFilterOr = (none) + +## Deadtime between consecutive calls +# +# SetDeadtime = 0 + +## Add default environment (HOME, PATH, SHELL) +# +# SetDefault = no + + +##################################################### +# +# Miscellaneous configuration options +# +##################################################### + +[Misc] + +## whether to become a daemon process +## (this is not honoured on database initialisation) +# +# Daemon = no +Daemon = yes + +## whether to test signature of files (init/check/none) +## - if 'none', then we have to decide this on the command line - +# +# ChecksumTest = none +ChecksumTest=check + +## whether to drop linux capabilities that are not required +## - will make a root process a 'mere mortal' in many respects +# +# UseCaps = yes + +## Set nice level (-19 to 19, see 'man nice'), +## and I/O limit (kilobytes per second; 0 == off) +## to reduce load on host. +# +# SetNiceLevel = 0 +# SetIOLimit = 0 + +## The version string to embed in file signature databases +# +# VersionString = NULL + +## Interval between time stamp messages +# +# SetLoopTime = 60 +SetLoopTime = 600 + +## Interval between file checks +# +# SetFileCheckTime = 600 +SetFileCheckTime = 7200 + +## Alternative: crontab-like schedule +# +# FileCheckScheduleOne = NULL + +## Alternative: crontab-like schedule(2) +# +# FileCheckScheduleTwo = NULL + +## Report only once on modified fles +## Setting this to 'FALSE' will generate a report for any policy +## violation (old and new ones) each time the daemon checks the file system. +# +# ReportOnlyOnce = True + +## Report in full detail +# +# ReportFullDetail = False + +## Report file timestamps in local time rather than GMT +# +# UseLocalTime = No + +## The console device (can also be a file or named pipe) +## - There are two console devices. Accordingly, you can use +## this directive a second time to set the second console device. +## If you have not defined the second device at compile time, +## and you don't want to use it, then: +## setting it to /dev/null is less effective than just leaving +## it alone (setting to /dev/null will waste time by opening +## /dev/null and writing to it) +# +# SetConsole = /dev/console + +## Activate the SysV IPC message queue +# +# MessageQueueActive = False + + +## If false, skip reverse lookup when connecting to a host known +## by name rather than IP address (i.e. trust the DNS) +# +# SetReverseLookup = True + +## --- E-Mail --- + +# Only highest-level (alert) reports will be mailed immediately, +# others will be queued. Here you can define, when the queue will +# be flushed (Note: the queue is automatically flushed after +# completing a file check). +# +SetMailTime = 86400 + +## Maximum number of mails to queue +# +SetMailNum = 10 + +## Recipient (max. 8) +# +SetMailAddress=root@localhost + +## Mail relay (IP address) +# +SetMailRelay = localhost + +## Custom subject format +# +MailSubject = [Samhain at %H] %T: %S + +## --- end E-Mail --- + +## Path to the prelink executable +# +# SetPrelinkPath = /usr/sbin/prelink + +## TIGER192 checksum of the prelink executable +# +# SetPrelinkChecksum = (no default) + + +## Path to the executable. If set, will be checksummed after startup +## and before exit. +# +# SamhainPath = (no default) + + +## The IP address of the log server +# +# SetLogServer = (default: compiled-in) + +## The IP address of the time server +# +# SetTimeServer = (default: compiled-in) + +## Trusted Users (comma delimited list of user names) +# +# TrustedUser = (no default; this adds to the compiled-in list) + +## Path to the file signature database +# +# SetDatabasePath = (default: compiled-in) + +## Path to the log file +# +# SetLogfilePath = (default: compiled-in) + +## Path to the PID file +# +# SetLockPath = (default: compiled-in) + + +## The digest/checksum/hash algorithm +# +# DigestAlgo = TIGER192 + + +## Custom format for message header. +## CAREFUL if you use XML logfile format. +## +## %S severity +## %T timestamp +## %C class +## +## %F source file +## %L source line +# +# MessageHeader="%S %T " + + +## Don't log path to config/database file on startup +# +# HideSetup = False + +## The syslog facility, if you log to syslog +# +# SyslogFacility = LOG_AUTHPRIV +SyslogFacility=LOG_LOCAL2 + +## The message authentication method +## - If you change this, you *must* change it +## on client *and* server +# +# MACType = HMAC-TIGER + + +## everything below is ignored +[EOF] + +##################################################################### +# This would be the proper syntax for parts that should only be +# included for certain hosts. +# You may enclose anything in a @HOSTNAME/@end bracket, as long as the +# result still has the proper syntax for the config file. +# You may have any number of @HOSTNAME/@end brackets. +# HOSTNAME should be the fully qualified 'official' name +# (e.g. 'nixon.watergate.com', not 'nixon'), no aliases. +# No IP number - except if samhain cannot determine the +# fully qualified hostname. +# +# @HOSTNAME +# file=/foo/bar +# @end +# +# These are two examples for conditional inclusion/exclusion +# of a machine based on the output from 'uname -srm' +# $Linux:2.*.7:i666 +# file=/foo/bar3 +# $end +# +# !$Linux:2.*.7:i686 +# file=/foo/bar2 +# $end +# +##################################################################### diff --git a/debian/templates b/debian/templates new file mode 100644 index 0000000..67a37fc --- /dev/null +++ b/debian/templates @@ -0,0 +1,6 @@ +Template: samhain/init-log +Type: note +_Description: Samhain initialization + The database used for Samhain will be initialized now. Any errors/messages + regarding this initialization can be recovered from + /var/log/samhain/samhain-init.log diff --git a/samhain-install.sh.in b/samhain-install.sh.in index 195dfe1..849a1fd 100644 --- a/samhain-install.sh.in +++ b/samhain-install.sh.in @@ -879,7 +879,7 @@ then rc_uinst="rm -f ${DESTDIR}/etc/init.d/@install_name@; rm -f ${DESTDIR}/etc/rc0.d/K10@install_name@; rm -f ${DESTDIR}/etc/rc1.d/K10@install_name@; rm -f ${DESTDIR}/etc/rc3.d/S99@install_name@" ;; - Linux/* | GNU/kFreeBSD* | GNU/* ) + Linux/* | GNU/kFreeBSD/* | GNU/* ) rlv="2 3 4 5" linkopt="-f -s" # find rc directories diff --git a/src/dnmalloc.c b/src/dnmalloc.c index 4ab3b9a..3a85797 100644 --- a/src/dnmalloc.c +++ b/src/dnmalloc.c @@ -216,6 +216,7 @@ kernel versions newer than 1.3.77. */ +#define _GNU_SOURCE 1 #ifndef HAVE_MREMAP #ifdef linux #define HAVE_MREMAP 1 diff --git a/src/sh_tiger0.c b/src/sh_tiger0.c index aea8158..6e590d2 100644 --- a/src/sh_tiger0.c +++ b/src/sh_tiger0.c @@ -110,7 +110,7 @@ void tiger_dbg(sh_word32 res[6], int step, * implementation */ -/* static sh_byte buffer[PRIV_MAX + 72]; */ +/* static sh_byte buffer[PRIV_MAX + 72] __attribute__((aligned(4))); */ #if defined(TIGER_64_BIT) static diff --git a/stamp-dep b/stamp-dep new file mode 100644 index 0000000..ee5af9b --- /dev/null +++ b/stamp-dep @@ -0,0 +1 @@ +./src @@ -0,0 +1 @@ +timestamp @@ -0,0 +1,338 @@ +##################################################################### +# +# Configuration file template for yule. +# +##################################################################### +# +# NOTE: This is a log server-only configuration file TEMPLATE. +# +# NOTE: The log server ('yule') will look for THAT configuration file +# that has been defined at compile time with the configure option +# ./configure --with-config-file=FILE +# The default is "/usr/local/etc/.samhainrc" (NOT "yulerc"). +# +##################################################################### +# +# -- empty lines and lines starting with '#', ';' or '//' are ignored +# -- you can PGP clearsign this file -- samhain will check (if compiled +# with support) or otherwise ignore the signature +# -- CHECK mail address +# +# To each log facility, you can assign a threshold severity. Only +# reports with at least the threshold severity will be logged +# to the respective facility (even further below). +# +##################################################################### + + +[Log] +## +## Switch on/OFF log facilities and set their threshold severity +## +## Values: debug, info, notice, warn, mark, err, crit, alert, none. +## 'mark' is used for timestamps. +## +## +## Use 'none' to SWITCH OFF a log facility +## +## By default, everything equal to and above the threshold is logged. +## The specifiers '*', '!', and '=' are interpreted as +## 'all', 'all but', and 'only', respectively (like syslogd(8) does, +## at least on Linux). Examples: +## MailSeverity=* +## MailSeverity=!warn +## MailSeverity==crit + +## E-mail +## +# MailSeverity=none +MailSeverity=crit + +## Console +## +# PrintSeverity=info + +## Logfile +## +# LogSeverity=none + +## Syslog +## +# SyslogSeverity=none + +## External script or program +## +# ExternalSeverity = none + +## Logging to a database +## +# DatabaseSeverity = none + + +# [Database] +## +## --- Logging to a relational database +## + +## Database name +# +# SetDBName = samhain + +## Database table +# +# SetDBTable = log + +## Database user +# +# SetDBUser = samhain + +## Database password +# +# SetDBPassword = (default: none) + +## Database host +# +# SetDBHost = localhost + +## Log the server timestamp for received messages +# +SetDBServerTstamp = True + +## Use a persistent connection +# +UsePersistent = True + + + +# [External] +## +## Interface to call external scripts/programs for logging +## + +## The absolute path to the command +## - Each invocation of this directive will end the definition of the +## preceding command, and start the definition of +## an additional, new command +# +# OpenCommand = (no default) + +## Type (log or rv) +## - log for log messages, srv for messages received by the server +# +# SetType = log + +## The command (full command line) to execute +# +# SetCommandLine = (no default) + +## The environment (KEY=value; repeat for more) +# +# SetEnviron = TZ=(your timezone) + +## The TIGER192 checksum (optional) +# +# SetChecksum = (no default) + +## User who runs the command +# +# SetCredentials = (default: samhain process uid) + +## Words not allowed in message +# +# SetFilterNot = (none) + +## Words required (ALL of them) +# +# SetFilterAnd = (none) + +## Words required (at least one) +# +# SetFilterOr = (none) + +## Deadtime between consecutive calls +# +# SetDeadtime = 0 + +## Add default environment (HOME, PATH, SHELL) +# +# SetDefault = no + + +##################################################### +# +# Miscellaneous configuration options +# +##################################################### + +[Misc] + +## whether to become a daemon process +## (this is not honoured on database initialisation) +# +# Daemon = no +Daemon = yes + + + +[Misc] +# whether to become a daemon process +Daemon=yes + +## Interval between time stamp messages +# +# SetLoopTime = 60 +SetLoopTime = 600 + +## The maximum time between client messages (seconds) +## This allows the server to flag clients that have exceeded +## the timeout limits; i.e. might have died for some reason. +# +# SetClientTimeLimit = 86400 + +## Use client address as known to the communication layer (might be +## incorrect if the client is behind NAT). The default is to use +## the client name as claimed by the client, and verify it against +## the former (might be incorrect if the client has several +## interfaces, and its hostname resolves to the wrong interface). +# +# SetClientFromAccept = False + +## If SetClientFromAccept is False (default), severity of a +## failure to resolve the hostname claimed by the client +## to the IP address of the socket peer. +# +# SeverityLookup = crit + +## The console device (can also be a file or named pipe) +## - There are two console devices. Accordingly, you can use +## this directive a second time to set the second console device. +## If you have not defined the second device at compile time, +## and you don't want to use it, then: +## setting it to /dev/null is less effective than just leaving +## it alone (setting to /dev/null will waste time by opening +## /dev/null and writing to it) +# +# SetConsole = /dev/console + +## Use separate logfiles for individual clients +# +# UseSeparateLogs = False + +## Enable listening on port 514/udp for logging of remote syslog +## messages (if optionally compiled with support for this) +# +# SetUDPActive = False + + +## Activate the SysV IPC message queue +# +# MessageQueueActive = False + + +## If false, skip reverse lookup when connecting to a host known +## by name rather than IP address (i.e. trust the DNS) +# +# SetReverseLookup = True + +## If true, open a Unix domain socket to listen for commands that should +## be passed to clients upon next connection. Only works on systems +## that support passing of peer credentials (for authentication) via sockets. +## Use yulectl to access the socket. +# +# SetUseSocket = False + +## The UID of the user that is allowed to pass commands to the server +## via the Unix domain socket. +# +# SetSocketAllowUid = 0 + +## --- E-Mail --- + +# Only highest-level (alert) reports will be mailed immediately, +# others will be queued. Here you can define, when the queue will +# be flushed (Note: the queue is automatically flushed after +# completing a file check). +# +# SetMailTime = 86400 + +## Maximum number of mails to queue +# +# SetMailNum = 10 + +## Recipient (max. 8) +# +# SetMailAddress=root@localhost + +## Mail relay (IP address) +# +# SetMailRelay = NULL + +## Custom subject format +# +# MailSubject = NULL + +## --- end E-Mail --- + +# The binary. Setting the path will allow +# samhain to check for modifications between +# startup and exit. +# +# SamhainPath=/usr/local/bin/yule + +## The IP address of the time server +# +# SetTimeServer = (default: compiled-in) + +## Trusted Users (comma delimited list of user names) +# +# TrustedUser = (no default; this adds to the compiled-in list) + +## Custom format for message header. +## CAREFUL if you use XML logfile format. +## +## %S severity +## %T timestamp +## %C class +## +## %F source file +## %L source line +# +# MessageHeader="%S %T " + + +## Don't log path to config/database file on startup +# +# HideSetup = False + +## The syslog facility, if you log to syslog +# +# SyslogFacility = LOG_AUTHPRIV + + +## The message authentication method +## - If you change this, you *must* change it +## on client *and* server +# +# MACType = HMAC-TIGER + + +[Clients] +## +## This is a sample registry entry for a client at host 'HOSTNAME'. This entry +## is valid for the default password. +## You are STRONGLY ADVISED to reset te password (see the README) and +## compute your own entries using 'samhain -P <password>' +## +## Usually, HOSTNAME should be a fully qualified hostname, +## no numerical address. +## -- exception: if the client (samhain) cannot determine the +## fully qualified hostname of its host, +## the numerical address may be required. +## You will know if you get a message like: +## 'Invalid connection attempt: Not in +## client list what.ever.it.is' +## +## First entry is for challenge/response, second one for SRP authentication. +# +# Client=HOSTNAME@00000000@C39F0EEFBC64E4A8BBF72349637CC07577F714B420B62882 +# Client=HOSTNAME@8F81BA58956F8F42@8932D08C49CA76BD843C51EDD1D6640510FA032A7A2403E572BBDA2E5C6B753991CF7E091141D20A2499C5CD3E14C1639D17482E14E1548E5246ACF4E7193D524CDDAC9C9D6A9A36C596B4ECC68BEB0C5BB7082224946FC98E3ADE214EA1343E2DA8DF4229D4D8572AD8679228928A787B6E5390D3A713102FFCC9D0B2188C92 |