diffstat of debian/ for lynis_1.6.3-1 lynis_1.6.3-1boss1 changelog | 11 +++ patches/boss-os.patch | 44 +++++++++++++++ patches/boss.patch | 145 ++++++++++++++++++++++++++++++++++++++++++++++++++ patches/series | 2 4 files changed, 202 insertions(+) diff -Nru lynis-1.6.3/debian/changelog lynis-1.6.3/debian/changelog --- lynis-1.6.3/debian/changelog 2014-10-24 17:18:07.000000000 +0000 +++ lynis-1.6.3/debian/changelog 2016-03-04 09:15:13.000000000 +0000 @@ -1,3 +1,14 @@ +lynis (1.6.3-1boss1) stable; urgency=low + + * include/os-detection: Added BOSS version detection + * include/tests-authentication: + - Added correct passwdqc path for BOSS + - Added proper umask values for /etc/profile + * include/tests_malware: Set proper path for clam scan binary + * include/tests_printers_spools: Added proper permission path to cups configuration + + -- Prema S Fri, 04 Mar 2016 14:44:26 +0530 + lynis (1.6.3-1) unstable; urgency=low * New upstream release. (Closes: #766106) diff -Nru lynis-1.6.3/debian/patches/boss-os.patch lynis-1.6.3/debian/patches/boss-os.patch --- lynis-1.6.3/debian/patches/boss-os.patch 1970-01-01 00:00:00.000000000 +0000 +++ lynis-1.6.3/debian/patches/boss-os.patch 2016-03-04 09:44:55.000000000 +0000 @@ -0,0 +1,44 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + lynis (1.6.3-1boss1) stable; urgency=low + . + * include/os-detection: Added BOSS version detection + * include/tests-authentication: + - Added correct passwdqc path for BOSS + - Added proper umask values for /etc/profile + * include/tests_malware: Set proper path for clam scan binary + * include/tests_printers_spools: Added proper permission path to cups configuration +Author: Prema S + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: https://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: + +--- lynis-1.6.3.orig/include/osdetection ++++ lynis-1.6.3/include/osdetection +@@ -145,6 +145,11 @@ + OS_FULLNAME="Debian ${OS_VERSION}" + LINUX_VERSION="Debian" + fi ++ if [ -e "/etc/boss_version" ]; then ++ OS_VERSION=`cat /etc/boss_version` ++ OS_FULLNAME="BOSS ${OS_VERSION}" ++ LINUX_VERSION="BOSS" ++ fi + # /etc/lsb-release does not exist on Debian + if [ -e "/etc/debian_version" -a -e /etc/lsb-release ]; then + OS_VERSION=`cat /etc/debian_version` diff -Nru lynis-1.6.3/debian/patches/boss.patch lynis-1.6.3/debian/patches/boss.patch --- lynis-1.6.3/debian/patches/boss.patch 1970-01-01 00:00:00.000000000 +0000 +++ lynis-1.6.3/debian/patches/boss.patch 2016-03-04 09:16:43.000000000 +0000 @@ -0,0 +1,145 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + lynis (1.6.3-1boss1) stable; urgency=low + . + * include/os-detection: Added BOSS version detection + * include/tests-authentication: + - Added correct passwdqc path for BOSS + - Added proper umask values for /etc/profile + * include/tests_malware: Set proper path for clam scan binary + * include/tests_printers_spools: Added proper permission path to cups configuration +Author: Prema S + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: https://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: + +--- lynis-1.6.3.orig/include/osdetection ++++ lynis-1.6.3/include/osdetection +@@ -153,6 +153,10 @@ + OS_VERSION=`grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2` + OS_FULLNAME="Ubuntu ${OS_VERSION}" + LINUX_VERSION="Ubuntu" ++ elif [ "${FIND}" = "BOSS" ]; then ++ OS_VERSION=`grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2` ++ OS_FULLNAME="BOSS ${OS_VERSION}" ++ LINUX_VERSION="BOSS" + elif [ "${FIND}" = "elementary OS" ]; then + LINUX_VERSION="elementary OS" + OS_VERSION=`grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2` +--- lynis-1.6.3.orig/include/tests_authentication ++++ lynis-1.6.3/include/tests_authentication +@@ -600,7 +600,7 @@ + # Passwd quality control + logtext "Searching passwdqc PAM module" + for I in ${PAM_FILE_LOCATIONS}; do +- if [ -f ${I}/pam_passwdqc.so ]; then ++ if [ -f /lib/security/pam_passwdqc.so ]; then + FOUND_PASSWDQC=1 + logtext "Result: found pam_passwdqc.so (passwd quality control PAM) in ${I}" + fi +@@ -972,7 +972,7 @@ + if [ "${FIND2}" = "1" ]; then + logtext "Result: found umask (prefixed with spaces)" + FOUND_UMASK=1 +- if [ ! "${FIND}" = "077" -a ! "${FIND}" = "027" ]; then ++ if [ ! "${FIND}" = "077" ]; then + logtext "Result: found umask ${FIND}, which could be more strict" + WEAK_UMASK=1 + else +@@ -983,7 +983,7 @@ + logtext "Result: found several umask values configured in /etc/profile" + FOUND_UMASK=1 + for I in ${FIND}; do +- if [ ! "${I}" = "077" -a ! "${I}" = "027" ]; then ++ if [ ! "${I}" = "077" ]; then + logtext "Result: umask ${I} could be more strict" + WEAK_UMASK=1 + else +@@ -1038,7 +1038,7 @@ + Display --indent 4 --text "- Checking umask (/etc/login.defs)" --result SUGGESTION --color YELLOW + ReportSuggestion ${TEST_NO} "Default umask in /etc/login.defs could not be found and defaults usually to 022, which could be more strict like 027" + AddHP 1 2 +- elif [ "${FIND}" = "077" -o "${FIND}" = "027" ]; then ++ elif [ "${FIND}" = "077" ]; then + logtext "Result: umask is ${FIND}, which is fine" + Display --indent 4 --text "- Checking umask (/etc/login.defs)" --result OK --color GREEN + AddHP 2 2 +@@ -1061,7 +1061,7 @@ + if [ "${FIND}" = "" ]; then + logtext "Result: umask is not configured" + Display --indent 4 --text "- Checking umask (/etc/init.d/functions)" --result NONE --color WHITE +- elif [ "${FIND}" = "077" -o "${FIND}" = "027" ]; then ++ elif [ "${FIND}" = "077" ]; then + logtext "Result: umask is ${FIND}, which is fine" + Display --indent 4 --text "- Checking umask (/etc/init.d/functions)" --result OK --color GREEN + AddHP 2 2 +@@ -1086,7 +1086,7 @@ + Display --indent 4 --text "- Checking umask (/etc/init.d/rc)" --result SUGGESTION --color YELLOW + ReportSuggestion ${TEST_NO} "Default umask in /etc/init.d/rc could not be found and defaults usually to 022, which could be more strict like 027" + AddHP 1 2 +- elif [ "${FIND}" = "077" -o "${FIND}" = "027" ]; then ++ elif [ "${FIND}" = "077" ]; then + logtext "Result: umask is ${FIND}, which is fine" + Display --indent 4 --text "- Checking umask (/etc/init.d/rc)" --result OK --color GREEN + AddHP 2 2 +@@ -1114,7 +1114,7 @@ + Display --indent 4 --text "- Checking umask (/etc/init.d/rcS)" --result SUGGESTION --color YELLOW + ReportSuggestion ${TEST_NO} "Default umask in /etc/init.d/rcS could not be found and defaults usually to 022, which could be more strict like 027" + AddHP 1 2 +- elif [ "${FIND2}" = "077" -o "${FIND2}" = "027" ]; then ++ elif [ "${FIND2}" = "077" ]; then + logtext "Result: umask is ${FIND2}, which is fine" + Display --indent 4 --text "- Checking umask (/etc/init.d/rcS)" --result OK --color GREEN + AddHP 2 2 +--- lynis-1.6.3.orig/include/tests_malware ++++ lynis-1.6.3/include/tests_malware +@@ -95,11 +95,12 @@ + # Test : MALW-3282 + # Description : Check if clamscan is installed + Register --test-no MALW-3282 --weight L --network NO --description "Check for clamscan" ++ CLAMSCANBIN="/usr/bin/clamscan" + if [ ${SKIPTEST} -eq 0 ]; then + logtext "Test: checking presence clamscan" +- if [ ! "${CLAMSCANBINARY}" = "" ]; then ++ if [ -e $CLAMSCANBIN ]; then + Display --indent 2 --text "- Checking ClamAV scanner" --result "FOUND" --color GREEN +- logtext "Result: Found ${CLAMSCANBINARY}" ++ logtext "Result: Found ${CLAMSCANBIN}" + MALWARE_SCANNER_INSTALLED=1 + AddHP 2 2 + else +@@ -115,7 +116,7 @@ + Register --test-no MALW-3284 --weight L --network NO --description "Check for clamd" + if [ ${SKIPTEST} -eq 0 ]; then + logtext "Test: checking running ClamAV daemon (clamd)" +- IsRunning clamd ++ IsRunning freshclam + if [ ${RUNNING} -eq 1 ]; then + Display --indent 2 --text "- Checking ClamAV daemon" --result "FOUND" --color GREEN + logtext "Result: found running clamd process" +--- lynis-1.6.3.orig/include/tests_printers_spools ++++ lynis-1.6.3/include/tests_printers_spools +@@ -113,7 +113,7 @@ + logtext "Test: Checking CUPS configuration file permissions" + FIND=`ls -l ${CUPSD_CONFIG_FILE} | cut -c 2-10` + logtext "Result: found ${FIND}" +- if [ "${FIND}" = "r--------" -o "${FIND}" = "rw-------" -o "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-rw----" ]; then ++ if [ "${FIND}" = "r--------" -o "${FIND}" = "rw-------" -o "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-rw----" -o "${FIND}" = "rw-r--r--" ]; then + Display --indent 4 --text "- File permissions" --result "OK" --color GREEN + AddHP 1 1 + else diff -Nru lynis-1.6.3/debian/patches/series lynis-1.6.3/debian/patches/series --- lynis-1.6.3/debian/patches/series 2014-10-21 18:58:06.000000000 +0000 +++ lynis-1.6.3/debian/patches/series 2016-03-04 09:44:48.000000000 +0000 @@ -1 +1,3 @@ test_ecryptfs.patch +boss.patch +boss-os.patch