system/glyptodon: Added. (file-system analyzer).
Signed-off-by: Michiel van Wessem <michiel@slackbuilds.org>
This commit is contained in:
Menno Duursma
Michiel van Wessem
parent
d6c310f4a8
commit
44930dbae6
|
|
@ -0,0 +1,9 @@
|
|||
Glyptodon is a little file-system analyzer for Linux systems.
|
||||
It is written in bash and it comes with an installer to make it run
|
||||
everyday automatically. his script writes some general infos about files
|
||||
permission, socket, ownership etc...
|
||||
|
||||
This script also verifies the file-system for potential risk, such as
|
||||
set-uid files, world writable files, symlinks nouser files, etc.
|
||||
Since the 1.1 version, Glyptodon also scan the system for threats linked
|
||||
to POSIX file capabilities.
|
||||
|
|
@ -0,0 +1 @@
|
|||
/usr/local/sbin/glyptodon --capabilities-scan --capabilities-scan --skip-dir=/mnt,/media --log=/var/log/glyptodon.log
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
|
||||
/var/log/glyptodon.log {
|
||||
weekly
|
||||
size 16k
|
||||
rotate 8
|
||||
compress
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
config() {
|
||||
NEW="$1"
|
||||
OLD="$(dirname $NEW)/$(basename $NEW .new)"
|
||||
# If there's no config file by that name, mv it over:
|
||||
if [ ! -r $OLD ]; then
|
||||
mv $NEW $OLD
|
||||
elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
|
||||
# toss the redundant copy
|
||||
rm $NEW
|
||||
fi
|
||||
# Otherwise, we leave the .new copy for the admin to consider...
|
||||
}
|
||||
|
||||
config etc/cron.daily/glyptodon.new
|
||||
config etc/logrotate.d/glyptodon.new
|
||||
|
|
@ -0,0 +1,58 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Slackware build script for Glyptodon
|
||||
|
||||
# Written by Menno Duursma <druiloor@zonnet.nl>
|
||||
|
||||
# This program is free software. It comes without any warranty.
|
||||
# Granted WTFPL, Version 2, as published by Sam Hocevar. See
|
||||
# http://sam.zoy.org/wtfpl/COPYING for more details.
|
||||
|
||||
PRGNAM=glyptodon
|
||||
VERSION=${VERSION:-1.2b}
|
||||
BUILD=${BUILD:-1}
|
||||
TAG=${TAG:-_SBo}
|
||||
ARCH=noarch
|
||||
|
||||
CWD=$(pwd)
|
||||
TMP=${TMP:-/tmp/SBo}
|
||||
PKG=$TMP/package-$PRGNAM
|
||||
OUTPUT=${OUTPUT:-/tmp}
|
||||
|
||||
set -e # Exit on most errors
|
||||
|
||||
rm -rf $PKG
|
||||
mkdir -p $TMP $PKG $OUTPUT
|
||||
cd $TMP
|
||||
|
||||
# Easiest to just hardcode this
|
||||
rm -rf Glyptodon_1.2-beta
|
||||
tar xvf $CWD/Glyptodon_1-2-beta-tar.gz
|
||||
cd Glyptodon_1.2-beta
|
||||
|
||||
chown -R root:root .
|
||||
find . \
|
||||
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
|
||||
-exec chmod 755 {} \; -o \
|
||||
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
|
||||
-exec chmod 644 {} \;
|
||||
|
||||
# Patch to remove FCAPS kernel-config check
|
||||
cat $CWD/patches/glyptodon.sh-1.2b-caps.diff | patch -p0 --verbose
|
||||
|
||||
|
||||
install -D -m0755 glyptodon.sh $PKG/usr/sbin/glyptodon
|
||||
|
||||
install -D -m0644 $CWD/config/glyptodon.cron $PKG/etc/cron.daily/glyptodon.new
|
||||
install -D -m0644 $CWD/config/glyptodon.logrotate $PKG/etc/logrotate.d/glyptodon.new
|
||||
|
||||
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
|
||||
cp -a COPYING README $PKG/usr/doc/$PRGNAM-$VERSION
|
||||
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
|
||||
|
||||
mkdir -p $PKG/install
|
||||
cat $CWD/slack-desc > $PKG/install/slack-desc
|
||||
cat $CWD/doinst.sh > $PKG/install/doinst.sh
|
||||
|
||||
cd $PKG
|
||||
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
PRGNAM="glyptodon"
|
||||
VERSION="1.2b"
|
||||
HOMEPAGE="http://www.sevagas.com/?-Glyptodon-"
|
||||
DOWNLOAD="http://www.sevagas.com/IMG/gz/Glyptodon_1-2-beta-tar.gz"
|
||||
MD5SUM="d159a8396d4c022686c48293ca15de1b"
|
||||
DOWNLOAD_x86_64=""
|
||||
MD5SUM_x86_64=""
|
||||
MAINTAINER="Menno Duursma"
|
||||
EMAIL="druiloor@zonnet.nl"
|
||||
APPROVED="michiel"
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
--- glyptodon.sh.old 2010-09-14 22:45:49.000000000 +0200
|
||||
+++ glyptodon.sh 2010-09-22 15:52:25.000000000 +0200
|
||||
@@ -196,11 +196,11 @@
|
||||
# Verifye system is compatiable and has the tools to manage POSIX capabilities
|
||||
if [ $CAPABILITIES ]
|
||||
then
|
||||
- if ! grep -x "CONFIG_SECURITY_FILE_CAPABILITIES=y" /boot/config-`cat /proc/version | cut -d " " -f 3` &> /dev/null
|
||||
- then
|
||||
- writeAndLog "Error : Your kernel configuration does not allow file capabilities -> Abort script."
|
||||
- exit 1
|
||||
- fi
|
||||
+# if ! grep -x "CONFIG_SECURITY_FILE_CAPABILITIES=y" /boot/config-`cat /proc/version | cut -d " " -f 3` &> /dev/null
|
||||
+# then
|
||||
+# writeAndLog "Error : Your kernel configuration does not allow file capabilities -> Abort script."
|
||||
+# exit 1
|
||||
+# fi
|
||||
for tool in $CAPABILITIES_TOOLS
|
||||
do
|
||||
if ! command -v "$tool" &>/dev/null
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
# HOW TO EDIT THIS FILE:
|
||||
# The "handy ruler" below makes it easier to edit a package description. Line
|
||||
# up the first '|' above the ':' following the base package name, and the '|'
|
||||
# on the right side marks the last column you can put a character in. You must
|
||||
# make exactly 11 lines for the formatting to be correct. It's also
|
||||
# customary to leave one space after the ':'.
|
||||
|
||||
|-----handy-ruler-----------------------------------------------------|
|
||||
glyptodon: Glyptodon (file-system analyzer)
|
||||
glyptodon:
|
||||
glyptodon: A file-system analyzer and security sacnner for Linux systems.
|
||||
glyptodon:
|
||||
glyptodon: Glyptodon was written by Emeric Nasi
|
||||
glyptodon:
|
||||
glyptodon:
|
||||
glyptodon:
|
||||
glyptodon:
|
||||
glyptodon:
|
||||
glyptodon:
|
||||
Loading…
Reference in New Issue