diff options
Diffstat (limited to 'package/osiris/patches')
| -rw-r--r-- | package/osiris/patches/configure-cross.patch | 22 | ||||
| -rw-r--r-- | package/osiris/patches/install-non-interactive.patch | 70 | ||||
| -rw-r--r-- | package/osiris/patches/mod_nvram.patch | 207 | ||||
| -rw-r--r-- | package/osiris/patches/mod_uptime.patch | 239 | ||||
| -rw-r--r-- | package/osiris/patches/osirisd-pidfile.patch | 68 |
5 files changed, 606 insertions, 0 deletions
diff --git a/package/osiris/patches/configure-cross.patch b/package/osiris/patches/configure-cross.patch new file mode 100644 index 000000000..9ef79d0fd --- /dev/null +++ b/package/osiris/patches/configure-cross.patch @@ -0,0 +1,22 @@ +--- osiris-4.1.8-orig/configure 2005-04-13 15:22:13.000000000 +0200 ++++ osiris-4.1.8-1/configure 2005-04-22 23:11:32.000000000 +0200 +@@ -3606,7 +3606,7 @@ + esac + + +-DB_CONFIG_ARGS="--enable-shared=no --enable-static=yes" ++DB_CONFIG_ARGS="--target=${target} --host=${host} --build=${build} --enable-shared=no --enable-static=yes" + + case "${OS_NAME}" in + MINGW32*) +--- osiris-4.1.8-orig/configure.ac 2005-04-13 15:22:13.000000000 +0200 ++++ osiris-4.1.8-1/configure.ac 2005-04-22 23:11:32.000000000 +0200 +@@ -270,7 +270,7 @@ + + dnl configure local copy of Berkely DB: + +-DB_CONFIG_ARGS="--enable-shared=no --enable-static=yes" ++DB_CONFIG_ARGS="--target=${target} --host=${host} --build=${build} --enable-shared=no --enable-static=yes" + + case "${OS_NAME}" in + MINGW32*) diff --git a/package/osiris/patches/install-non-interactive.patch b/package/osiris/patches/install-non-interactive.patch new file mode 100644 index 000000000..ac5a17773 --- /dev/null +++ b/package/osiris/patches/install-non-interactive.patch @@ -0,0 +1,70 @@ +diff -ruN osiris-4.1.8-orig/Makefile.am osiris-4.1.8-1/Makefile.am +--- osiris-4.1.8-orig/Makefile.am 2005-01-13 06:49:15.000000000 +0100 ++++ osiris-4.1.8-1/Makefile.am 2005-04-22 23:11:32.000000000 +0200 +@@ -72,5 +72,5 @@ + # everything. + + install-data-local: +- @cd ./src/install;./install.sh ++ @cd ./src/install;./install.sh non-interactive + @rm ./src/osirisd/modules/libmodules.a +diff -ruN osiris-4.1.8-orig/Makefile.in osiris-4.1.8-1/Makefile.in +--- osiris-4.1.8-orig/Makefile.in 2005-04-04 14:51:19.000000000 +0200 ++++ osiris-4.1.8-1/Makefile.in 2005-04-22 23:11:32.000000000 +0200 +@@ -505,7 +505,7 @@ + # everything. + + install-data-local: +- @cd ./src/install;./install.sh ++ @cd ./src/install;./install.sh non-interactive + @rm ./src/osirisd/modules/libmodules.a + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. +diff -ruN osiris-4.1.8-orig/configure osiris-4.1.8-1/configure +diff -ruN osiris-4.1.8-orig/configure.ac osiris-4.1.8-1/configure.ac +diff -ruN osiris-4.1.8-orig/ipkg/osirisd/CONTROL/control osiris-4.1.8-1/ipkg/osirisd/CONTROL/control +diff -ruN osiris-4.1.8-orig/ipkg/osirisd/etc/init.d/osirisd osiris-4.1.8-1/ipkg/osirisd/etc/init.d/osirisd +diff -ruN osiris-4.1.8-orig/ipkg/osirisd-static/CONTROL/control osiris-4.1.8-1/ipkg/osirisd-static/CONTROL/control +diff -ruN osiris-4.1.8-orig/ipkg/rules osiris-4.1.8-1/ipkg/rules +diff -ruN osiris-4.1.8-orig/ipkg/version osiris-4.1.8-1/ipkg/version +diff -ruN osiris-4.1.8-orig/src/install/install.sh.in osiris-4.1.8-1/src/install/install.sh.in +--- osiris-4.1.8-orig/src/install/install.sh.in 2005-04-15 22:38:31.000000000 +0200 ++++ osiris-4.1.8-1/src/install/install.sh.in 2005-04-22 23:41:21.000000000 +0200 +@@ -14,7 +14,9 @@ + + SERVICE_DESC="Osiris Host Integrity Monitor" + +-INTERACTIVE=1 ++if [ -z "${INTERACTIVE}" ]; then ++ INTERACTIVE=1 ++fi + PACKAGE_MODE=0 + NO_USER_ADDED=0 + +@@ -1117,18 +1119,6 @@ + + # look for interactive mode argument. + +-if [ -z "${1}" ] ; then +- INTERACTIVE=1 +-else +- INTERACTIVE=0 +-fi +- +-# Change behaviour if we are creating packages. +-if [ -n "$DESTDIR" ]; then +- PACKAGE_MODE=1 +- INTERACTIVE=0 +-fi +- + pre_install + create_users_and_groups + prompts +diff -ruN osiris-4.1.8-orig/src/osirisd/modules/mod_nvram/Makefile osiris-4.1.8-1/src/osirisd/modules/mod_nvram/Makefile +diff -ruN osiris-4.1.8-orig/src/osirisd/modules/mod_nvram/README osiris-4.1.8-1/src/osirisd/modules/mod_nvram/README +diff -ruN osiris-4.1.8-orig/src/osirisd/modules/mod_nvram/mod_nvram.c osiris-4.1.8-1/src/osirisd/modules/mod_nvram/mod_nvram.c +diff -ruN osiris-4.1.8-orig/src/osirisd/modules/mod_uptime/Makefile osiris-4.1.8-1/src/osirisd/modules/mod_uptime/Makefile +diff -ruN osiris-4.1.8-orig/src/osirisd/modules/mod_uptime/README osiris-4.1.8-1/src/osirisd/modules/mod_uptime/README +diff -ruN osiris-4.1.8-orig/src/osirisd/modules/mod_uptime/mod_uptime.c osiris-4.1.8-1/src/osirisd/modules/mod_uptime/mod_uptime.c +diff -ruN osiris-4.1.8-orig/src/osirisd/osirisd.c osiris-4.1.8-1/src/osirisd/osirisd.c +diff -ruN osiris-4.1.8-orig/src/osirisd/rootpriv.c osiris-4.1.8-1/src/osirisd/rootpriv.c diff --git a/package/osiris/patches/mod_nvram.patch b/package/osiris/patches/mod_nvram.patch new file mode 100644 index 000000000..91ad1ec6a --- /dev/null +++ b/package/osiris/patches/mod_nvram.patch @@ -0,0 +1,207 @@ +--- osiris-4.1.8-orig/src/osirisd/modules/mod_nvram/Makefile 1970-01-01 01:00:00.000000000 +0100 ++++ osiris-4.1.8-1/src/osirisd/modules/mod_nvram/Makefile 2005-04-22 23:11:32.000000000 +0200 +@@ -0,0 +1,16 @@ ++ ++include ../Makefile ++ ++SRCS=mod_nvram.c ++OBJS=$(SRCS:.c=.o) ++ ++module: ${SRCS} ${OBJS} ++ ++INCS=-I../.. -I../../../libosiris -I../../../libfileapi -I../../../.. ++ ++# meta-rule for compiling any "C" source file. ++$(OBJS): $(SRCS) ++ $(CC) $(DEFS) $(DEFAULT_INCLUDES) ${INCLUDES} ${INCS} $(AM_CPPFLAGS) \ ++ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c $(SRCS) ++ cp $@ .. ++ +--- osiris-4.1.8-orig/src/osirisd/modules/mod_nvram/README 1970-01-01 01:00:00.000000000 +0100 ++++ osiris-4.1.8-1/src/osirisd/modules/mod_nvram/README 2005-04-22 23:11:32.000000000 +0200 +@@ -0,0 +1,40 @@ ++ ++Module: mod_nvram ++Author: Brian Wotring (brian@shmoo.com) ++ ++ ++ ++DESCRIPTION: ++ ++The mod_nvram module reads the key=value pairs stored in nvram. This ++is primarily for Linksys routers, but could be modified to run on ++other systems if necessary. On the routers like the WRT54G, the ++nvram settings hold sensitive information that needs to be monitored. ++The format for the record structure is as follows: ++ ++ name:value ++ ++USE: ++ ++To use this module, all that is needed is to include it in the System ++block of a scan configuration, e.g.: ++ ++ <System> ++ ... ++ Include mod_nvram ++ ... ++ </System> ++ ++ ++PARAMETERS: ++ ++There are no parameters for this module. ++ ++PLATFORMS: ++ ++Currently, only for the Linksys WRT54G and WRT54GS devices. ++ ++NOTES: ++ ++ ++ +--- osiris-4.1.8-orig/src/osirisd/modules/mod_nvram/mod_nvram.c 1970-01-01 01:00:00.000000000 +0100 ++++ osiris-4.1.8-1/src/osirisd/modules/mod_nvram/mod_nvram.c 2005-04-22 23:11:32.000000000 +0200 +@@ -0,0 +1,142 @@ ++ ++/****************************************************************************** ++** ++** This program is free software; you can redistribute it and/or ++** modify it, however, you cannot sell it. ++** ++** This program is distributed in the hope that it will be useful, ++** but WITHOUT ANY WARRANTY; without even the implied warranty of ++** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ++** ++** You should have received a copy of the license attached to the ++** use of this software. If not, visit www.shmoo.com/osiris for ++** details. ++** ++******************************************************************************/ ++ ++/***************************************************************************** ++** ++** File: mod_users.c ++** Date: January 1, 2004 ++** ++** Author: Brian Wotring ++** Purpose: platform specific methods for reading user file information. ++** ++******************************************************************************/ ++ ++#include "libosiris.h" ++#include "libfileapi.h" ++#include "rootpriv.h" ++#include "common.h" ++#include "version.h" ++ ++#include "scanner.h" ++#include "logging.h" ++ ++ ++#define NVRAM_PATH "/usr/sbin/nvram" ++#define NVRAM_ARG "show" ++ ++static const char *MODULE_NAME = "mod_nvram"; ++ ++ ++void mod_nvram( SCANNER *scanner ) ++{ ++ int pid; ++ int pc[2]; ++ int cp[2]; ++ char temp_line[4096]; ++ FILE *file; ++ SCAN_RECORD_TEXT_1 record; ++ ++ if( pipe(pc) < 0) ++ { ++ log_error( "mod_nvram: error creating pipe!" ); ++ return; ++ } ++ ++ if( pipe(cp) < 0) ++ { ++ log_error( "mod_nvram: error creating pipe!" ); ++ return; ++ } ++ ++ /* Create a child to run nvram command. */ ++ ++ switch( pid = fork() ) ++ { ++ case -1: ++ log_error( "nvram: fork error!" ); ++ return; ++ ++ case 0: ++ ++ /* child */ ++ ++ close(1); ++ dup( cp[1]); ++ close(0); ++ close( pc[1]); ++ close( cp[0]); ++ execl( NVRAM_PATH, NVRAM_PATH, NVRAM_ARG, NULL ); ++ exit(0); ++ ++ default: ++ ++ /* parent */ ++ ++ close(pc[1]); ++ close(cp[1]); ++ ++ file = fdopen( cp[0], "r" ); ++ ++ for(;;) ++ { ++ char *line; ++ char *key_end; ++ ++ line = fgets( temp_line, sizeof( temp_line ), file ); ++ ++ if( line == NULL) ++ { ++ break; ++ } ++ ++ line = trim_white_space( line ); ++ ++ /* skip commented and empty lines. */ ++ ++ if( ( line == NULL ) || ( line[0] == '#' ) ) ++ { ++ continue; ++ } ++ ++ /* locate the username, this is the first item in the colon list. */ ++ ++ if( ( key_end = strchr( line, '=' ) ) == NULL ) ++ { ++ continue; ++ } ++ ++ initialize_scan_record( (SCAN_RECORD *)&record, ++ SCAN_RECORD_TYPE_TEXT_1 ); ++ ++ osi_strlcpy( record.module_name, MODULE_NAME, ++ sizeof( record.module_name ) ); ++ ++ /* user the key as a key/path for this record. */ ++ ++ (*key_end) = '\0'; ++ key_end++; ++ osi_strlcpy( record.name, "nvram:", sizeof( record.name ) ); ++ osi_strlcat( record.name, line, sizeof( record.name ) ); ++ ++ /* now copy in the value into the data portion. */ ++ /* and send this record on its way. */ ++ ++ osi_strlcpy( record.data, key_end, sizeof( record.data ) ); ++ send_scan_data( scanner, (SCAN_RECORD *)&record ); ++ } ++ } ++} ++ diff --git a/package/osiris/patches/mod_uptime.patch b/package/osiris/patches/mod_uptime.patch new file mode 100644 index 000000000..138075f6d --- /dev/null +++ b/package/osiris/patches/mod_uptime.patch @@ -0,0 +1,239 @@ +--- osiris-4.1.8-orig/src/osirisd/modules/mod_uptime/Makefile 1970-01-01 01:00:00.000000000 +0100 ++++ osiris-4.1.8-1/src/osirisd/modules/mod_uptime/Makefile 2005-04-22 23:11:32.000000000 +0200 +@@ -0,0 +1,16 @@ ++ ++include ../Makefile ++ ++SRCS=mod_uptime.c ++OBJS=$(SRCS:.c=.o) ++ ++module: ${SRCS} ${OBJS} ++ ++INCS=-I../.. -I../../../libosiris -I../../../libfileapi -I../../../.. ++ ++# meta-rule for compiling any "C" source file. ++$(OBJS): $(SRCS) ++ $(CC) $(DEFS) $(DEFAULT_INCLUDES) ${INCLUDES} ${INCS} $(AM_CPPFLAGS) \ ++ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c $(SRCS) ++ cp $@ .. ++ +--- osiris-4.1.8-orig/src/osirisd/modules/mod_uptime/README 1970-01-01 01:00:00.000000000 +0100 ++++ osiris-4.1.8-1/src/osirisd/modules/mod_uptime/README 2005-04-22 23:11:32.000000000 +0200 +@@ -0,0 +1,36 @@ ++ ++Module: mod_uptime ++Author: Brian Wotring (brian@shmoo.com) ++ ++ ++ ++DESCRIPTION: ++ ++The mod_uptime module obtains the system boot time value for comparison ++with scans. ++ ++USE: ++ ++To use this module, all that is needed is to include it in the System ++block of a scan configuration, e.g.: ++ ++ <System> ++ ... ++ Include mod_uptime ++ ... ++ </System> ++ ++ ++PARAMETERS: ++ ++There are no parameters for this module. ++ ++PLATFORMS: ++ ++Currently, this module is implemented for FreeBSD, OpenBSD, ++Linux, Solaris, and Mac OS X. ++ ++NOTES: ++ ++ ++ +--- osiris-4.1.8-orig/src/osirisd/modules/mod_uptime/mod_uptime.c 1970-01-01 01:00:00.000000000 +0100 ++++ osiris-4.1.8-1/src/osirisd/modules/mod_uptime/mod_uptime.c 2005-04-22 23:11:32.000000000 +0200 +@@ -0,0 +1,178 @@ ++ ++/****************************************************************************** ++** ++** This program is free software; you can redistribute it and/or ++** modify it, however, you cannot sell it. ++** ++** This program is distributed in the hope that it will be useful, ++** but WITHOUT ANY WARRANTY; without even the implied warranty of ++** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ++** ++** You should have received a copy of the license attached to the ++** use of this software. If not, visit www.shmoo.com/osiris for ++** details. ++** ++******************************************************************************/ ++ ++/***************************************************************************** ++** ++** File: mod_uptime.c ++** Date: March 22, 2004 ++** ++** Author: Brian Wotring ++** Purpose: platform specific methods for obtaining the system boot time. ++** ++******************************************************************************/ ++ ++#include "libosiris.h" ++#include "libfileapi.h" ++#include "rootpriv.h" ++#include "common.h" ++#include "version.h" ++ ++#include "scanner.h" ++#include "logging.h" ++#include "config.h" ++ ++#ifdef HAVE_SYS_SYSCTL_H ++#include <sys/sysctl.h> ++#endif ++ ++#ifdef SYSTEM_SUNOS ++#include <utmpx.h> ++#endif ++ ++#ifdef SYSTEM_LINUX ++#include <utmp.h> ++#endif ++ ++#define PROC_FILE "/proc/uptime" ++#define OSI_WTMP_FILE "/var/log/wtmp" ++ ++static const char *MODULE_NAME = "mod_uptime"; ++ ++ ++void mod_uptime( SCANNER *scanner ) ++{ ++ SCAN_RECORD_TEXT_1 record; ++ char *time = NULL; ++ char *temp; ++ ++ initialize_scan_record( (SCAN_RECORD *)&record, ++ SCAN_RECORD_TYPE_TEXT_1 ); ++ ++ osi_strlcpy( record.module_name, MODULE_NAME, ++ sizeof( record.module_name ) ); ++ ++#if defined(SYSTEM_FREEBSD) || defined(SYSTEM_OPENBSD) || defined(SYSTEM_DARWIN) ++ { ++ time_t t; ++ struct timeval result; ++ ++ int request[2] = { CTL_KERN, KERN_BOOTTIME }; ++ size_t result_len = sizeof(result); ++ ++ if( sysctl( request, 2, &result, &result_len, NULL, 0 ) < 0) ++ { ++ log_error( "unable to obtain uptime value." ); ++ return; ++ } ++ ++ t = result.tv_sec; ++ time = ctime( &t ); ++ } ++ ++#elif defined(SYSTEM_SUNOS) ++ { ++ struct utmpx * ent; ++ time_t t; ++ ++ while( ( ent = getutxent() ) ) ++ { ++ if( !strcmp( "system boot", ent->ut_line ) ) ++ { ++ t = ent->ut_tv.tv_sec; ++ time = ctime( &t ); ++ } ++ } ++ } ++ ++#elif defined(SYSTEM_LINUX) ++ { ++ FILE *fp; ++ time_t t; ++ struct utmp ut; ++ ++ char buf[40]; ++ char buf2[10]; ++ int filecount = 0; ++ ++next_file: ++ ++ osi_strlcpy( buf, OSI_WTMP_FILE, sizeof( buf ) ); ++ ++ if( filecount > 0 ) ++ { ++ osi_snprintf( buf2, sizeof(buf2), "%d", filecount ); ++ osi_strlcat( buf, buf2, sizeof(buf) ); ++ } ++ ++ fp = osi_fopen( buf, "r", 0 ); ++ ++ if( fp == NULL ) ++ { ++ log_error( "unable to obtain uptime value." ); ++ return; ++ } ++ ++ while(1) ++ { ++ int rc = fread( &ut, 1, sizeof(ut), fp ); ++ ++ /* end of file, try next. */ ++ ++ if( rc == 0 ) ++ { ++ filecount++; ++ fclose( fp ); ++ ++ goto next_file; ++ } ++ ++ /* found restart event. */ ++ ++ if( ( strcmp( ut.ut_name, "reboot" ) == 0 ) || ++ ( strcmp( ut.ut_name, "shutdown" ) == 0 ) ) ++ { ++ ++ t = ut.ut_time; ++ time = ctime( &t ); ++ ++ break; ++ } ++ } ++ ++ fclose( fp ); ++ } ++#endif ++ ++ if( time == NULL ) ++ { ++ log_error( "unable to obtain uptime value." ); ++ return; ++ } ++ ++ /* remove any trailing newline from the ctime() calls. */ ++ ++ if( ( temp = strchr( time, '\n' ) ) ) ++ { ++ (*temp) = '\0'; ++ } ++ ++ osi_strlcpy( record.name, "uptime", sizeof( record.name ) ); ++ osi_strlcpy( record.data, time, sizeof( record.data ) ); ++ ++ send_scan_data( scanner, (SCAN_RECORD *)&record ); ++} ++ ++ diff --git a/package/osiris/patches/osirisd-pidfile.patch b/package/osiris/patches/osirisd-pidfile.patch new file mode 100644 index 000000000..80c52dbf1 --- /dev/null +++ b/package/osiris/patches/osirisd-pidfile.patch @@ -0,0 +1,68 @@ +--- osiris-4.1.8-orig/src/osirisd/osirisd.c 2005-04-14 01:00:55.000000000 +0200 ++++ osiris-4.1.8-1/src/osirisd/osirisd.c 2005-04-22 23:11:32.000000000 +0200 +@@ -218,6 +218,8 @@ + + #ifdef USE_PRIVSEP + rootpriv_setup_pidfile(); ++#else ++ setup_pidfile(); + #endif + + process(); +--- osiris-4.1.8-orig/src/osirisd/rootpriv.c 2005-04-14 00:55:59.000000000 +0200 ++++ osiris-4.1.8-1/src/osirisd/rootpriv.c 2005-04-22 23:25:10.000000000 +0200 +@@ -35,6 +35,10 @@ + #include "logging.h" + #include "rootpriv.h" + ++#ifndef WIN32 ++extern char pid_file[MAX_PATH_LENGTH]; ++#endif ++ + #ifdef USE_PRIVSEP + + /* this is defined in regex, and sometimes conflicts with stuff */ +@@ -80,10 +84,6 @@ + extern pid_t child_pid; + extern int rootpriv_pipe[2]; /* socketpair used for rootpriv comm. */ + +-#ifndef WIN32 +-extern char pid_file[MAX_PATH_LENGTH]; +-#endif +- + #define INCOMING_ROOT_REQUEST() ( FD_ISSET( rootpriv_pipe[1], &root_read_set ) ) + + +@@ -292,17 +292,6 @@ + #endif + } + +-void setup_pidfile() +-{ +- FILE *pidfile = fopen( pid_file, "wb" ); +- +- if( pidfile != NULL ) +- { +- fprintf( pidfile, "%ld\n", (long)getpid() ); +- fclose( pidfile ); +- } +-} +- + void handle_signals() + { + pid_t pid; +@@ -789,3 +778,14 @@ + + #endif /* USE_PRIVSEP */ + ++void setup_pidfile() ++{ ++ FILE *pidfile = fopen( pid_file, "wb" ); ++ ++ if( pidfile != NULL ) ++ { ++ fprintf( pidfile, "%ld\n", (long)getpid() ); ++ fclose( pidfile ); ++ } ++} ++ |