diff --git a/DEVELOPERS b/DEVELOPERS index 10b8031ad3..d48b4c5500 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -1168,6 +1168,7 @@ F: package/lpty/ F: package/lrandom/ F: package/lsqlite3/ F: package/lua* +F: package/lynis/ F: package/lzlib/ F: package/moarvm/ F: package/mstpd/ @@ -1185,6 +1186,7 @@ F: package/wsapi-fcgi/ F: package/wsapi-xavante/ F: package/xavante/ F: support/testing/tests/package/test_lua* +F: support/testing/tests/package/test_lynis.py F: utils/scancpan N: Frank Hunleth diff --git a/package/Config.in b/package/Config.in index 44b285d348..a4a8bd394f 100644 --- a/package/Config.in +++ b/package/Config.in @@ -2737,6 +2737,7 @@ menu "Security" source "package/apparmor/Config.in" source "package/checkpolicy/Config.in" source "package/ima-evm-utils/Config.in" + source "package/lynis/Config.in" source "package/optee-client/Config.in" source "package/optee-examples/Config.in" source "package/optee-test/Config.in" diff --git a/package/lynis/Config.in b/package/lynis/Config.in new file mode 100644 index 0000000000..2757e86a2d --- /dev/null +++ b/package/lynis/Config.in @@ -0,0 +1,10 @@ +config BR2_PACKAGE_LYNIS + bool "lynis" + select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS + select BR2_PACKAGE_GZIP # runtime (zgrep /proc/config.gz) + help + Lynis is an auditing tool which tests and gathers (security) + information from Unix based systems. + Written in shell and running on system itself. + + https://cisofy.com/lynis/ diff --git a/package/lynis/lynis.hash b/package/lynis/lynis.hash new file mode 100644 index 0000000000..1027fb21aa --- /dev/null +++ b/package/lynis/lynis.hash @@ -0,0 +1,3 @@ +# Locally calculated +sha256 9932147acafb1c5e13289a8bd46e8d330d4a97473da30ec04650ad019e497cd0 lynis-3.1.3.tar.gz +sha256 57151f0fa287550534af08facb1c6693ca803ffa65b512da38b55c3130810bcf LICENSE diff --git a/package/lynis/lynis.mk b/package/lynis/lynis.mk new file mode 100644 index 0000000000..13a883bd55 --- /dev/null +++ b/package/lynis/lynis.mk @@ -0,0 +1,48 @@ +################################################################################ +# +# lynis +# +################################################################################ + +LYNIS_VERSION = 3.1.3 +LYNIS_SITE = $(call github,CISOfy,lynis,$(LYNIS_VERSION)) +LYNIS_LICENSE = GPL-3.0 +LYNIS_LICENSE_FILES = LICENSE + +define LYNIS_INSTALL_TARGET_CMDS + $(INSTALL) -m 0755 $(@D)/lynis \ + $(TARGET_DIR)/usr/sbin/lynis + $(INSTALL) -D -m 0644 $(@D)/default.prf \ + $(TARGET_DIR)/etc/lynis/default.prf + $(INSTALL) -D -m 0644 $(@D)/developer.prf \ + $(TARGET_DIR)/etc/lynis/developer.prf + $(INSTALL) -D -m 0644 $(@D)/plugins/* \ + -t $(TARGET_DIR)/etc/lynis/plugins + $(INSTALL) -D -m 0644 $(@D)/include/* \ + -t $(TARGET_DIR)/usr/share/lynis/include + $(INSTALL) -D -m 0644 $(@D)/db/*.db \ + -t $(TARGET_DIR)/usr/share/lynis/db + $(INSTALL) -D -m 0644 $(@D)/db/languages/en \ + $(TARGET_DIR)/usr/share/lynis/db/languages/en +endef + +ifneq ($(BR2_PACKAGE_GAWK),y) +define LYNIS_AWK_BUSYBOX_CONFIG_FIXUPS + $(call KCONFIG_ENABLE_OPT,CONFIG_AWK) + $(call KCONFIG_ENABLE_OPT,CONFIG_FEATURE_AWK_LIBM) +endef +endif + +ifneq ($(BR2_PACKAGE_COREUTILS),y) +define LYNIS_STAT_BUSYBOX_CONFIG_FIXUPS + $(call KCONFIG_ENABLE_OPT,CONFIG_STAT) +endef +endif + +define LYNIS_BUSYBOX_CONFIG_FIXUPS + $(call KCONFIG_ENABLE_OPT,CONFIG_PGREP) + $(LYNIS_AWK_BUSYBOX_CONFIG_FIXUPS) + $(LYNIS_STAT_BUSYBOX_CONFIG_FIXUPS) +endef + +$(eval $(generic-package)) diff --git a/support/testing/tests/package/test_lynis.py b/support/testing/tests/package/test_lynis.py new file mode 100644 index 0000000000..bed4023e64 --- /dev/null +++ b/support/testing/tests/package/test_lynis.py @@ -0,0 +1,26 @@ +import os + +import infra.basetest + + +class TestLynis(infra.basetest.BRTest): + config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \ + """ + BR2_TARGET_ROOTFS_CPIO=y + # BR2_TARGET_ROOTFS_TAR is not set + BR2_PACKAGE_LYNIS=y + """ + + def login(self): + cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio") + self.emulator.boot(arch="armv5", + kernel="builtin", + options=["-initrd", cpio_file]) + self.emulator.login() + + def test_run(self): + self.login() + self.assertRunOk("which awk") + self.assertRunOk("which stat") + self.assertRunOk("which zgrep") + self.assertRunOk("lynis show version", timeout=90)