openRuyi-tutorials/buildroot
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/lynis: new package

Browse Source 
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Francois Perrad
2025-01-06 19:20:17 +01:00
committed by Thomas Petazzoni
parent 3ef139386d
commit 48bce6ad8f
6 changed files with 90 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
DEVELOPERS
View File

@@ -1168,6 +1168,7 @@ F: package/lpty/
F: package/lrandom/
F: package/lsqlite3/
F: package/lua*
F: package/lynis/
F: package/lzlib/
F: package/moarvm/
F: package/mstpd/
@@ -1185,6 +1186,7 @@ F: package/wsapi-fcgi/
F: package/wsapi-xavante/
F: package/xavante/
F: support/testing/tests/package/test_lua*
F: support/testing/tests/package/test_lynis.py
F: utils/scancpan
N: Frank Hunleth <fhunleth@troodon-software.com>

1
package/Config.in
View File

@@ -2737,6 +2737,7 @@ menu "Security"
source "package/apparmor/Config.in"
source "package/checkpolicy/Config.in"
source "package/ima-evm-utils/Config.in"
source "package/lynis/Config.in"
source "package/optee-client/Config.in"
source "package/optee-examples/Config.in"
source "package/optee-test/Config.in"

10
package/lynis/Config.in Normal file
View File

@@ -0,0 +1,10 @@
config BR2_PACKAGE_LYNIS
bool "lynis"
select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
select BR2_PACKAGE_GZIP # runtime (zgrep /proc/config.gz)
help
Lynis is an auditing tool which tests and gathers (security)
information from Unix based systems.
Written in shell and running on system itself.
https://cisofy.com/lynis/

3
package/lynis/lynis.hash Normal file
View File

@@ -0,0 +1,3 @@
# Locally calculated
sha256 9932147acafb1c5e13289a8bd46e8d330d4a97473da30ec04650ad019e497cd0 lynis-3.1.3.tar.gz
sha256 57151f0fa287550534af08facb1c6693ca803ffa65b512da38b55c3130810bcf LICENSE

48
package/lynis/lynis.mk Normal file
View File

@@ -0,0 +1,48 @@
################################################################################
#
# lynis
#
################################################################################
LYNIS_VERSION = 3.1.3
LYNIS_SITE = $(call github,CISOfy,lynis,$(LYNIS_VERSION))
LYNIS_LICENSE = GPL-3.0
LYNIS_LICENSE_FILES = LICENSE
define LYNIS_INSTALL_TARGET_CMDS
$(INSTALL) -m 0755 $(@D)/lynis \
$(TARGET_DIR)/usr/sbin/lynis
$(INSTALL) -D -m 0644 $(@D)/default.prf \
$(TARGET_DIR)/etc/lynis/default.prf
$(INSTALL) -D -m 0644 $(@D)/developer.prf \
$(TARGET_DIR)/etc/lynis/developer.prf
$(INSTALL) -D -m 0644 $(@D)/plugins/* \
-t $(TARGET_DIR)/etc/lynis/plugins
$(INSTALL) -D -m 0644 $(@D)/include/* \
-t $(TARGET_DIR)/usr/share/lynis/include
$(INSTALL) -D -m 0644 $(@D)/db/*.db \
-t $(TARGET_DIR)/usr/share/lynis/db
$(INSTALL) -D -m 0644 $(@D)/db/languages/en \
$(TARGET_DIR)/usr/share/lynis/db/languages/en
endef
ifneq ($(BR2_PACKAGE_GAWK),y)
define LYNIS_AWK_BUSYBOX_CONFIG_FIXUPS
$(call KCONFIG_ENABLE_OPT,CONFIG_AWK)
$(call KCONFIG_ENABLE_OPT,CONFIG_FEATURE_AWK_LIBM)
endef
endif
ifneq ($(BR2_PACKAGE_COREUTILS),y)
define LYNIS_STAT_BUSYBOX_CONFIG_FIXUPS
$(call KCONFIG_ENABLE_OPT,CONFIG_STAT)
endef
endif
define LYNIS_BUSYBOX_CONFIG_FIXUPS
$(call KCONFIG_ENABLE_OPT,CONFIG_PGREP)
$(LYNIS_AWK_BUSYBOX_CONFIG_FIXUPS)
$(LYNIS_STAT_BUSYBOX_CONFIG_FIXUPS)
endef
$(eval $(generic-package))

26
support/testing/tests/package/test_lynis.py Normal file
View File

@@ -0,0 +1,26 @@
import os
import infra.basetest
class TestLynis(infra.basetest.BRTest):
config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \
"""
BR2_TARGET_ROOTFS_CPIO=y
# BR2_TARGET_ROOTFS_TAR is not set
BR2_PACKAGE_LYNIS=y
"""
def login(self):
cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
self.emulator.boot(arch="armv5",
kernel="builtin",
options=["-initrd", cpio_file])
self.emulator.login()
def test_run(self):
self.login()
self.assertRunOk("which awk")
self.assertRunOk("which stat")
self.assertRunOk("which zgrep")
self.assertRunOk("lynis show version", timeout=90)