1#
2# Accepted parameters for 'rpmbuild':
3#
4# --with tests		- make tests before building
5
6Summary: File integrity and host-based IDS
7Name: samhain-client
8Version: @VERSION@
9Release: 5
10License: GPL
11Group: System Environment/Base
12Source: %{name}-%{version}.tar.gz
13BuildRoot: %{_tmppath}/samhain-client-%{version}-root
14Packager: Andre Oliveira da Costa <brblueser@uol.com.br>
15Provides: %{name}
16
17
18%description
19samhain is an open source file integrity and host-based intrusion
20detection system for Linux and Unix. It can run as a daemon process, and
21and thus can remember file changes -- contrary to a tool that runs from
22cron, if a file is modified you will get only one report, while
23subsequent checks of that file will ignore the modification as it is
24already reported (unless the file is modified again).
25
26samhain can optionally be used as client/server system to provide
27centralized monitoring for multiple host. Logging to a (MySQL or
28PostgreSQL) database is supported.
29
30NOTE: for security reasons, if you distribute binary executables to
31third parties you should point out the use of the --add-key option to
32modify the key material within the executable.
33This spec file is intended to facilitate installation on YOUR system.
34If you use this spec file to build a SRPM for distribution to third parties,
35make sure to remove the --enable-base configure option below.
36
37%prep
38%setup -q
39
40%build
41%if %{?_with_tests:1}%{!?_with_tests:0}
42# test installation (test #7 is only included if --with gpg has been
43# specified)
44for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done
45%endif
46#
47#./configure --prefix=%{_usr} \
48#            --sysconfdir=%{_sysconfdir} \
49#            --localstatedir=%{_localstatedir} \
50#            --mandir=%{_mandir}
51#
52./configure 	'--enable-network=client' \
53		'--with-port=@myport@' \
54		'--with-logserver=@mylogsrv@' \
55		'--with-data-file=REQ_FROM_SERVER/etc/samclient.data' \
56		'--with-config-file=REQ_FROM_SERVER/etc/samclient.conf' \
57		'--with-kcheck=/boot/System.map' \
58		'--enable-khide=/boot/System.map' \
59		'--enable-suidcheck' \
60		'--enable-static' \
61		'--enable-login-watch' \
62		'--enable-ptrace' \
63		'--enable-db-reload' \
64		'--enable-base=@my_key_A@,@my_key_B@' \
65		'--enable-xml-log'
66
67make
68
69%install
70rm -rf ${RPM_BUILD_ROOT}
71# sstrip shouldn't be used since binaries will be stripped later
72cat << EOF > sstrip
73#!/bin/sh
74echo "*** SSTRIP DISABLED ***"
75EOF
76make DESTDIR=${RPM_BUILD_ROOT} install
77# copy script files to /var/lib/samhain so that we can use them right
78# after the package is installed
79install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB ${RPM_BUILD_ROOT}/etc
80install -m 640 -o 0 -g 0 samhain_kmem.ko	${RPM_BUILD_ROOT}/lib/modules/`uname -r`/samhain_kmem.ko
81install -m 640 -o 0 -g 0 samhain_hide.ko        ${RPM_BUILD_ROOT}/lib/modules/`uname -r`/samhain_hide.ko
82install -m 700 -o 0 -g 0 samhain_setpwd		${RPM_BUILD_ROOT}/usr/local/sbin/samhain_setpwd
83
84%clean
85rm -rf ${RPM_BUILD_ROOT}
86
87%post
88if [ "$1" = 1 ]; then
89        # Activate boot-time start up
90        cd /etc
91        ./samhain-install.sh --verbose install-boot
92        if test -f /sbin/chkconfig; then
93		/sbin/chkconfig --add samhain
94	fi
95fi
96rm -rf /etc/samclient.conf
97rm -rf /etc/samhain.startLinux
98rm -rf /etc/samhain.startLSB
99
100cat << EOF
101
102Samhain is installed but is NOT running yet, and the database of
103file signatures is NOT initialized yet. Read the documentation,
104review configuration files, and then (i) initialize it
105(/usr/local/sbin/samhain -t init)
106and (ii) start it manually
107(/usr/local/sbin/samhain start).
108
109It is configured to start automatically on the next boot for runlevels
110[2-5].
111
112EOF
113
114%preun
115# stop running instance of samhain, if any
116if [ -f /var/run/%{name}.pid ]; then
117        /usr/local/sbin/samhain stop
118fi
119if [ "$1" = 0 ]; then
120        # remove boot-time scripts and links
121        cd /etc
122        ./samhain-install.sh --verbose uninstall-boot
123fi
124
125
126
127%files
128%defattr(-,root,root)
129%dir /var/run
130%dir /var/log
131#%doc docs/BUGS COPYING docs/Changelog
132#%doc LICENSE docs/HOWTO* docs/MANUAL-2_4.* docs/README*
133/etc
134/usr/local/sbin/samhain
135/usr/local/sbin/samhain_setpwd
136/lib/modules
137%attr(644,root,root) /etc/logrotate.d/@install_name@
138#%attr(644,root,root) /usr/local/man/man5/samhain*
139#%attr(644,root,root) /usr/local/man/man8/samhain*
140#%config(noreplace) REQ_FROM_SERVER/etc/samclient.conf
141
142%changelog
143* Thu Apr  3 2003 Rainer Wichmann <support at la-samhna dot de>
144- adapt for configure
145
146* Wed Mar 26 2003 Philipp Stadler <philipp@stadler.priv.at>
147- add samhain modules installation
148- stops installation of documentation to server
149- replace %config entry for /etc/samclient.conf
150- remove samhain.startLinux and samhain.startLSB after installation
151
152* Sun Jan 12 2003 Rainer Wichmann <support at la-samhna dot de>
153- replace %configure with ./configure
154
155* Tue Dec 24 2002 Rainer Wichmann <support at la-samhna dot de>
156- backported applicable changes to samhain.spec.in
157- warn user that database must be initialized
158- fix version of MANUAL in '%files'
159- test for chkconfig, use only if found
160
161* Sun Dec 22 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.7.0
162- fixed typo with _usr macro on ./configure
163- stops running samhain before uninstall
164- implemented conditionals to allow proper uninstalls/upgrades
165- 'BuildPreReq: gpg' is considered only if '--with gpg' is provided
166- run 'chkconfig' to activate samhain after installation
167- warn user that samhain must be manually started after
168  install/upgrade
169
170* Fri Dec 20 2002 Rainer Wichmann <support at la-samhna dot de>
171- backported to samhain.spec.in (take over user's choices from configure)
172- also save samhain.startLSB and samhain.startSuSE for install-boot
173
174* Thu Dec 19 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
175- optional parameters '--with gpg' and '--with tests'
176- use of pre-defined macros whenever possible
177
178* Wed Dec 18 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
179- Fixed installation process, avoiding hardcoded paths on the binaries
180  (thks to samhain's author Rainer Wichmann)
181
182* Mon Dec 16 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
183- First attempt to build from sources
184
185