From unknown Sun Sep 07 17:04:54 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#33464] [PATCH] gnu: Add lynis. Resent-From: Arun Isaac Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 22 Nov 2018 13:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 33464 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 33464@debbugs.gnu.org Cc: Arun Isaac X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.154289373521935 (code B ref -1); Thu, 22 Nov 2018 13:36:01 +0000 Received: (at submit) by debbugs.gnu.org; 22 Nov 2018 13:35:35 +0000 Received: from localhost ([127.0.0.1]:40655 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gPp8p-0005hj-0T for submit@debbugs.gnu.org; Thu, 22 Nov 2018 08:35:35 -0500 Received: from eggs.gnu.org ([208.118.235.92]:42331) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gPp8n-0005hW-RT for submit@debbugs.gnu.org; Thu, 22 Nov 2018 08:35:34 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gPp8g-0001mt-9t for submit@debbugs.gnu.org; Thu, 22 Nov 2018 08:35:28 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,RCVD_IN_SORBS_WEB autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:33379) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gPp8g-0001mQ-6Q for submit@debbugs.gnu.org; Thu, 22 Nov 2018 08:35:26 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51870) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gPp8c-0007vW-80 for guix-patches@gnu.org; Thu, 22 Nov 2018 08:35:25 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gPp8Y-0001gI-Hl for guix-patches@gnu.org; Thu, 22 Nov 2018 08:35:22 -0500 Received: from vultr.systemreboot.net ([45.77.148.100]:47736) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gPp8W-0001XS-Af for guix-patches@gnu.org; Thu, 22 Nov 2018 08:35:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=systemreboot.net; s=default; h=Content-Transfer-Encoding:MIME-Version: Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=gZpzmVpEn/WxUfadWPAW8K+3tyMzfQPPDA86WgBAd78=; b=VtzbkCIFPezO9jeduV1aREx6A4 bpc5bGjJNtJka/2xe0aCbx+LZ1X77eWBo5Iz4haon6QjOBhBAMemR1l8aSthlS0h41DHFY+T5R5YY tCTgFnxVBZK60m+zFlq1NXn2SWgXoqQp3qtcfKl4hdBx7B04pqXup7sbOxm7GpUlarPk=; Received: from [103.5.134.173] (helo=steel.lan) by systemreboot.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from ) id 1gPp8M-0005y0-1t; Thu, 22 Nov 2018 19:05:07 +0530 From: Arun Isaac Date: Thu, 22 Nov 2018 19:04:28 +0530 Message-Id: <20181122133429.16838-1-arunisaac@systemreboot.net> X-Mailer: git-send-email 2.19.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -2.6 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.6 (---) * gnu/packages/admin.scm (lynis): New variable. --- gnu/packages/admin.scm | 56 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 28961ecf8..513d7a26b 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -2837,3 +2837,59 @@ support forum. It runs with the @code{/exec} command in most IRC clients.") (description "This package provides tools to manage clients of the Logitech Unifying Receiver.") (license license:gpl2))) + +(define-public lynis + (package + (name "lynis") + (version "2.7.0") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/CISOfy/lynis/archive/" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "13np0bbkcz7k8336wdcq69b93wmc2vm1ryz988cr0kan11mxsr3k")) + (modules '((guix build utils))) + (snippet + '(begin + ;; Remove proprietary plugins + (with-directory-excursion "plugins" + (for-each delete-file (list "plugin_pam_phase1" + "plugin_systemd_phase1"))) + #t)))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ; no tests + #:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "lynis" + (("/usr/share/lynis") + (string-append (assoc-ref outputs "out") "/share/lynis"))) + (substitute* "include/functions" + (("/usr/local/etc/lynis") + (string-append (assoc-ref outputs "out") "/etc/lynis"))) + #t)) + (delete 'build) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (install-file "lynis" (string-append out "/bin/")) + (install-file "default.prf" (string-append out "/etc/lynis")) + (for-each + (lambda (dir) + (copy-recursively dir (string-append out "/share/lynis/" dir))) + (list "db" "include" "plugins")) + (install-file "lynis.8" (string-append out "/share/man/man8")) + #t)))))) + (home-page "https://cisofy.com/lynis/") + (synopsis "Security auditing tool") + (description "Lynis is a security auditing tool. It performs an in-depth +security scan and runs on the system itself. The primary goal is to test +security defenses and provide tips for further system hardening. It will also +scan for general system information, vulnerable software packages, and +possible configuration issues.") + (license license:gpl3))) -- 2.19.1 From unknown Sun Sep 07 17:04:54 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#33464] [PATCH] gnu: Add lynis. Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 23 Nov 2018 19:15:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 33464 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Arun Isaac , 33464@debbugs.gnu.org Received: via spool by 33464-submit@debbugs.gnu.org id=B33464.154300045823093 (code B ref 33464); Fri, 23 Nov 2018 19:15:02 +0000 Received: (at 33464) by debbugs.gnu.org; 23 Nov 2018 19:14:18 +0000 Received: from localhost ([127.0.0.1]:44556 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gQGu7-00060N-Vy for submit@debbugs.gnu.org; Fri, 23 Nov 2018 14:14:18 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:46439) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gQGu7-00060C-2K for 33464@debbugs.gnu.org; Fri, 23 Nov 2018 14:14:15 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id D537822082; Fri, 23 Nov 2018 14:14:09 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Fri, 23 Nov 2018 14:14:09 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:in-reply-to:references:date:message-id :mime-version:content-type; s=fm1; bh=0g4x2zBbDxqGjEPk/GWP6OESXo EvEQgeoPFmhUFZNbk=; b=XfWfttzm7YjsJef9A+GgIfqr/OM2ENygeSUx46SqRH nuFtoLlZ50+oqlTBP4Fv1fS0CW+ezYjBuLVGV+t+qKmE6yhF9kW3v97On81N2ods 7BVsXxReWIhIelI9GwmzLIKexXCOzdEZmQ/4TZ+41N4NOJMFBMCp8zgbd8XAzVom OOEqZGKU5OhAuCVWvKISuX/+HPsNWBYYONvq2aEEgoPVXJsN8jfe1y1bcICh9QPb 5phMJCtmTcCu5zIGhOSQZDTcD4VUbOkINcHIfCniVeHOgSPhFNrrjG2WpX4uTRSp xGQZHYk7THIUvyN/XmFxWCK4w2UUNyUPOFOIph2ZCoMw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=0g4x2z BbDxqGjEPk/GWP6OESXoEvEQgeoPFmhUFZNbk=; b=HPg3tTjMZTNuSMMyelSfXx If32piE/EyoBxINMRCUaN5tweDFOweaemh49DXvGCWM4qkMWpVVJaF4OkpbtUSvH xAr0lj3Mbc6DnhoByw9mKaXl2UaMr4i2BDlMhKHTxjkK7AEFURx4P8JqtDMNi/2O TuYIgGCZ0oWEZU+2QxXLrB6+ImwCd36lTznlUqjdoTAayklm2oDHZJCxSlI8lOey PHRjxxOxxX8y6w5qrZci1iaIF9b8yM2cScBt+L9sza5S4C9YCulPv0GsTZoCRNGa WBl3BIfYzlgg3vHVQsG8QE7yYY54jrJazJpIqwggk1/bjh9lRy3jbJSNbxcwQkkQ == X-ME-Sender: X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id B1CBF102F1; Fri, 23 Nov 2018 14:14:08 -0500 (EST) From: Marius Bakke In-Reply-To: <20181122133429.16838-1-arunisaac@systemreboot.net> References: <20181122133429.16838-1-arunisaac@systemreboot.net> User-Agent: Notmuch/0.28 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu) Date: Fri, 23 Nov 2018 20:14:07 +0100 Message-ID: <87y39jmwsg.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain Arun Isaac writes: > * gnu/packages/admin.scm (lynis): New variable. [...] > +(define-public lynis > + (package > + (name "lynis") > + (version "2.7.0") > + (source > + (origin > + (method url-fetch) > + (uri (string-append "https://github.com/CISOfy/lynis/archive/" > + version ".tar.gz")) > + (file-name (string-append name "-" version ".tar.gz")) Can you use "git-fetch" here instead? The autogenerated GitHub "archive" tarballs are not stable: their hash may change in the future. > + (sha256 > + (base32 > + "13np0bbkcz7k8336wdcq69b93wmc2vm1ryz988cr0kan11mxsr3k")) > + (modules '((guix build utils))) > + (snippet > + '(begin > + ;; Remove proprietary plugins > + (with-directory-excursion "plugins" > + (for-each delete-file (list "plugin_pam_phase1" > + "plugin_systemd_phase1"))) Only one of these files have an explicit proprietary license, but given the wording in the README it is safe to assume the other might not be free. In fact, since the README states "community plugins are available under a restriced license", I would prefer to delete everything except a whitelist here. WDYT? > + #t)))) > + (build-system gnu-build-system) > + (arguments > + `(#:tests? #f ; no tests The .travis.yml runs "cd ./lynis-sdk && sh lynis-devkit run unit-tests". Is that an option for us? > + #:phases > + (modify-phases %standard-phases > + (replace 'configure > + (lambda* (#:key outputs #:allow-other-keys) > + (substitute* "lynis" > + (("/usr/share/lynis") > + (string-append (assoc-ref outputs "out") "/share/lynis"))) > + (substitute* "include/functions" > + (("/usr/local/etc/lynis") > + (string-append (assoc-ref outputs "out") "/etc/lynis"))) > + #t)) > + (delete 'build) > + (replace 'install > + (lambda* (#:key outputs #:allow-other-keys) > + (let ((out (assoc-ref outputs "out"))) > + (install-file "lynis" (string-append out "/bin/")) > + (install-file "default.prf" (string-append out "/etc/lynis")) > + (for-each > + (lambda (dir) > + (copy-recursively dir (string-append out "/share/lynis/" dir))) > + (list "db" "include" "plugins")) > + (install-file "lynis.8" (string-append out "/share/man/man8")) > + #t)))))) > + (home-page "https://cisofy.com/lynis/") > + (synopsis "Security auditing tool") > + (description "Lynis is a security auditing tool. It performs an in-depth > +security scan and runs on the system itself. The primary goal is to test > +security defenses and provide tips for further system hardening. It will also > +scan for general system information, vulnerable software packages, and > +possible configuration issues.") > + (license license:gpl3))) The file headers only say "This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See LICENSE file for usage of this software.". The GPL3 copy in LICENSE states that: If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. So I think this should be "gpl3+". The rest LGTM, thanks! --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlv4UX8ACgkQoqBt8qM6 VPrVrgf+J5P93DSBsjruBsi/5BBFd5h5V+xtepWrLFrN/pVl4wAHvw8XyLQT3ZKz MYbdwF2aDIFDHDyl/5Fn3R+xfvKL+VRRk9FXP90vSPyP/EPmCw1hRH1MCNkmgL5c MGLsgotOEQuOLQrpNVaqTySKfEtp7z40oL3NonMxAHnKoEYm7gI4XiUjH2llyaZt im6wBrHVW7MWcy+yffeYvqMoAXfHWOJI9XlTmL6sFC9XslUZV84bqvTllrnLmxUt T+nrY0Vs44yBI9k591u9v/QXamoi7ypLsv+8zypdif+zEnPfxdUzZ4aBNH8PK1IN YuVTNQdmBU1nB1EjZpJ2fFbvBYojIw== =38fc -----END PGP SIGNATURE----- --=-=-=-- From unknown Sun Sep 07 17:04:54 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#33464] [PATCH] gnu: Add lynis. Resent-From: Arun Isaac Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 24 Nov 2018 19:53:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 33464 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Marius Bakke , 33464@debbugs.gnu.org Received: via spool by 33464-submit@debbugs.gnu.org id=B33464.15430891215913 (code B ref 33464); Sat, 24 Nov 2018 19:53:01 +0000 Received: (at 33464) by debbugs.gnu.org; 24 Nov 2018 19:52:01 +0000 Received: from localhost ([127.0.0.1]:45815 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gQdyD-0001XG-F1 for submit@debbugs.gnu.org; Sat, 24 Nov 2018 14:52:01 -0500 Received: from vultr.systemreboot.net ([45.77.148.100]:39524) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gQdyB-0001X4-DC for 33464@debbugs.gnu.org; Sat, 24 Nov 2018 14:52:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=systemreboot.net; s=default; h=Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:To:From:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=x4JMRRBb7I+Fnw3MtB7KM0ZeNVjQXwCoV1T/OiGslxM=; b=ZFxy6pBSDvifcQfcGbQ6hsPPM 2RZHu7wjJaWR1FyemPAPkdpptf1iK87SyTCMfVAIv1llDulNripY+kx7b4pAEFIGn5JQXjLpvsBxk ArhYCdGp2TiyVAVsCBFVGn08t0tiyBi+j/LAurkU7xEfgDyig5jCa9PlfDYc+duHuiqug=; Received: from [103.5.134.173] (helo=steel) by systemreboot.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from ) id 1gQdy6-00010C-0O; Sun, 25 Nov 2018 01:21:55 +0530 From: Arun Isaac In-Reply-To: <87y39jmwsg.fsf@fastmail.com> References: <20181122133429.16838-1-arunisaac@systemreboot.net> <87y39jmwsg.fsf@fastmail.com> Date: Sun, 25 Nov 2018 01:21:46 +0530 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: 1.5 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: I have made all the suggested changes. Please find attached a new patch. From 6a39021cd2ee2ad2c74dddc7c1649e79fad97e41 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Thu, 22 Nov 2018 19:00:48 +0530 Subject: [PATCH v2] gnu: Add lynis. Content analysis details: (1.5 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server [103.5.134.173 listed in dnsbl.sorbs.net] -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.5 (/) --=-=-= Content-Type: text/plain I have made all the suggested changes. Please find attached a new patch. --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=v2-0001-gnu-Add-lynis.patch >From 6a39021cd2ee2ad2c74dddc7c1649e79fad97e41 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Thu, 22 Nov 2018 19:00:48 +0530 Subject: [PATCH v2] gnu: Add lynis. * gnu/packages/admin.scm (lynis): New variable. --- gnu/packages/admin.scm | 79 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 28961ecf8..02fe3f0c5 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -2837,3 +2837,82 @@ support forum. It runs with the @code{/exec} command in most IRC clients.") (description "This package provides tools to manage clients of the Logitech Unifying Receiver.") (license license:gpl2))) + +(define-public lynis + (package + (name "lynis") + (version "2.7.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/CISOfy/lynis") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0rzc0y8lk22bymf56249jzmllki2lh0rz5in4lkrc5fkmp29c2wv")) + (modules '((guix build utils))) + (snippet + '(begin + ;; Remove proprietary plugins. As of now, all plugins supplied with + ;; lynis are proprietary. In the future, if free plugins are + ;; provided, whitelist them from deletion. + (for-each delete-file (find-files "plugins")) + #t)))) + (build-system gnu-build-system) + (native-inputs + `(;; For tests + ("lynis-sdk" + ,(origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/CISOfy/lynis-sdk") + (commit "3310aef4f2b3dd97d166c96ad0253c89c4ad390d"))) + (file-name (git-file-name "lynis-sdk" version)) + (sha256 + (base32 + "0sqsrm5wal742yrwps8bqb8a8lxd93n4b93n3kkm1b30nbs25g7y")))))) + (arguments + `(#:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key inputs outputs #:allow-other-keys) + (substitute* "lynis" + (("/usr/share/lynis") + (string-append (assoc-ref outputs "out") "/share/lynis"))) + (substitute* "include/functions" + (("/usr/local/etc/lynis") + (string-append (assoc-ref outputs "out") "/etc/lynis"))) + #t)) + (delete 'build) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (install-file "lynis" (string-append out "/bin/")) + (install-file "default.prf" (string-append out "/etc/lynis")) + (for-each + (lambda (dir) + (copy-recursively dir (string-append out "/share/lynis/" dir))) + (list "db" "include" "plugins")) + (install-file "lynis.8" (string-append out "/share/man/man8")) + #t))) + (replace 'check + (lambda* (#:key inputs #:allow-other-keys) + (copy-recursively (assoc-ref inputs "lynis-sdk") "../lynis-sdk") + (setenv "LANG" "en_US.UTF-8") + (let ((lynis-dir (getcwd))) + (with-directory-excursion "../lynis-sdk" + (substitute* "config" + (("\\.\\./lynis") lynis-dir)) + (substitute* "unit-tests/tests-language-translations.sh" + (("\\.\\./lynis") lynis-dir)) + (invoke "sh" "lynis-devkit" "run" "unit-tests")))))))) + (home-page "https://cisofy.com/lynis/") + (synopsis "Security auditing tool") + (description "Lynis is a security auditing tool. It performs an in-depth +security scan and runs on the system itself. The primary goal is to test +security defenses and provide tips for further system hardening. It will also +scan for general system information, vulnerable software packages, and +possible configuration issues.") + (license license:gpl3+))) -- 2.19.1 --=-=-=-- From unknown Sun Sep 07 17:04:54 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#33464] [PATCH] gnu: Add lynis. Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 29 Nov 2018 20:34:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 33464 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Arun Isaac , 33464@debbugs.gnu.org Received: via spool by 33464-submit@debbugs.gnu.org id=B33464.154352360217974 (code B ref 33464); Thu, 29 Nov 2018 20:34:01 +0000 Received: (at 33464) by debbugs.gnu.org; 29 Nov 2018 20:33:22 +0000 Received: from localhost ([127.0.0.1]:55169 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gSSzy-0004fq-2Z for submit@debbugs.gnu.org; Thu, 29 Nov 2018 15:33:22 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:46817) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gSSzw-0004fa-Jn for 33464@debbugs.gnu.org; Thu, 29 Nov 2018 15:33:20 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id CAE6A23A48; Thu, 29 Nov 2018 15:33:14 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Thu, 29 Nov 2018 15:33:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:in-reply-to:references:date:message-id :mime-version:content-type; s=fm1; bh=Q7L7qma1gb7SC5/aKWTMuKv7GZ AsgA6R8X+73Z0IWyM=; b=DBcTep4mZOd8MHszOCE/ukcMJjWRZ1UxzqKZK1baSz RdruppmtNsUOQ6bUwBzb/PfN/MjAiSGwR4Qhk6nk4X55XL9I1ibp74M34EFITi55 LkN2nR7NHxsCi+vc1LYyZu/6zVXx678tjB5Re8BTIVAAkT5DTRnU/kVtAjxRdFeF Tv5QO3J4+/ABdbt0un6rkiAWbW4mFC2DR+40qD8z1uy3lhYM6cdQbMYzGY/Zh56S vFWjvg93yHSlkCP4zl/oljZ6l66FcNSULrUOQG1/e8e5vy42kaXTSDtNKcQtd0B1 xCubsurP2+XBfumu/4isFohMrkIK16bvZcJlh1ZZxU7Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=Q7L7qm a1gb7SC5/aKWTMuKv7GZAsgA6R8X+73Z0IWyM=; b=Sv84/QfG/JbdLL9suRY8kj +LcCXoBVDwjoWJc/25Vjc6ZGKgeRiS1O3UuIgMe/qjr7/5F+5vm0te6OwdTdDYsf IdZREH7RFmZwDJRTHEh8v0QCHqpgilSbPU0tk2HHvDDCbd9d50hR9nLC80mvJz2H X4nq9mA+RH3qZqdqSOE48dqMpweo3mTsaXExqSVZTBnPhQmT1w8v+HKDXSjIZ0st z5VXAmGxiC018cj5RKhnaaAkAAO+Ztv/cq98c73vHiEmKmBuQgySh6uwdnUmvnp4 QhPiaBZIWnfwD6LONXkvTjeyxKhaXCenEO8AkNh1adD7W9D3N+O1mmNTi7YScdxA == X-ME-Sender: X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 11A3F102F4; Thu, 29 Nov 2018 15:33:13 -0500 (EST) From: Marius Bakke In-Reply-To: References: <20181122133429.16838-1-arunisaac@systemreboot.net> <87y39jmwsg.fsf@fastmail.com> User-Agent: Notmuch/0.28 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu) Date: Thu, 29 Nov 2018 21:33:11 +0100 Message-ID: <87o9a7lj3s.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain Arun Isaac writes: > I have made all the suggested changes. Please find attached a new patch. LGTM, thank you! --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlwATQcACgkQoqBt8qM6 VPpyiAf/TQfW9p6n5qzAMQW6kSGlIPeK40n5wZi3Aadi8PBxDGY4OZIYLicaXdK2 fhaPkAV7x/se2W59aUGUJnYM/M0NJDioAa4+DEYAMEZPHcFHqqsICh2fff6BFlBX DwQ8woyL4Lxs+c9SmBuKsRq6u3U3kPHG6ojPKS1SSC6p3d5c7P/yUuKe41uxvlWB DMy22GNQTR2mRfBOA+xNWBn/UL+m6pkJ+yYm+9B0MD1zhsl08gahisxyyHW1vGPA uzxED51gIbS5PqolD6+5fhyvY/J+jxKDrIHWLSaBI3pe1fy9MXwRPfMDviTxW/4c v7DZkNxEsoz7mSKy6s9IMfISKkygKw== =PYGi -----END PGP SIGNATURE----- --=-=-=-- From unknown Sun Sep 07 17:04:54 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Arun Isaac Subject: bug#33464: closed (Re: [bug#33464] [PATCH] gnu: Add lynis.) Message-ID: References: <20181122133429.16838-1-arunisaac@systemreboot.net> X-Gnu-PR-Message: they-closed 33464 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 33464@debbugs.gnu.org Date: Fri, 30 Nov 2018 07:06:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1543561562-23984-1" This is a multi-part message in MIME format... ------------=_1543561562-23984-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #33464: [PATCH] gnu: Add lynis. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 33464@debbugs.gnu.org. --=20 33464: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D33464 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1543561562-23984-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 33464-done) by debbugs.gnu.org; 30 Nov 2018 07:05:49 +0000 Received: from localhost ([127.0.0.1]:55410 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gScs1-0006EI-9i for submit@debbugs.gnu.org; Fri, 30 Nov 2018 02:05:49 -0500 Received: from vultr.systemreboot.net ([45.77.148.100]:33664) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gScrz-0006E4-Dx for 33464-done@debbugs.gnu.org; Fri, 30 Nov 2018 02:05:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=systemreboot.net; s=default; h=Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:To:From:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=5gPJwUMt3p8K10jLvLRhbGWF2JRAs6ptpNLnNYnRY6s=; b=IzlTFI6932ld2NGYpPWzNtnZg eCuGnau7wUwdPsGonMeIEMjXYFkoy3dYV/6JO8DvGX5DqcYy/9PoOMcqzM84ZJmM+CGc6ebjy/glM H20Ao0GCmQKP+YCdaFKMP7NLKQI3TBNW+71iXrKmwlBtnMCDyvY5W2dJcEEL4N87+Hr3c=; Received: from [14.139.128.15] (helo=steel) by systemreboot.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from ) id 1gScru-0000iL-68; Fri, 30 Nov 2018 12:35:43 +0530 From: Arun Isaac To: Marius Bakke , 33464-done@debbugs.gnu.org Subject: Re: [bug#33464] [PATCH] gnu: Add lynis. In-Reply-To: <87o9a7lj3s.fsf@fastmail.com> References: <20181122133429.16838-1-arunisaac@systemreboot.net> <87y39jmwsg.fsf@fastmail.com> <87o9a7lj3s.fsf@fastmail.com> Date: Fri, 30 Nov 2018 12:35:33 +0530 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 33464-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Pushed to master! Thanks for the review! :-) ------------=_1543561562-23984-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 22 Nov 2018 13:35:35 +0000 Received: from localhost ([127.0.0.1]:40655 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gPp8p-0005hj-0T for submit@debbugs.gnu.org; Thu, 22 Nov 2018 08:35:35 -0500 Received: from eggs.gnu.org ([208.118.235.92]:42331) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gPp8n-0005hW-RT for submit@debbugs.gnu.org; Thu, 22 Nov 2018 08:35:34 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gPp8g-0001mt-9t for submit@debbugs.gnu.org; Thu, 22 Nov 2018 08:35:28 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,RCVD_IN_SORBS_WEB autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:33379) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gPp8g-0001mQ-6Q for submit@debbugs.gnu.org; Thu, 22 Nov 2018 08:35:26 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51870) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gPp8c-0007vW-80 for guix-patches@gnu.org; Thu, 22 Nov 2018 08:35:25 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gPp8Y-0001gI-Hl for guix-patches@gnu.org; Thu, 22 Nov 2018 08:35:22 -0500 Received: from vultr.systemreboot.net ([45.77.148.100]:47736) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gPp8W-0001XS-Af for guix-patches@gnu.org; Thu, 22 Nov 2018 08:35:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=systemreboot.net; s=default; h=Content-Transfer-Encoding:MIME-Version: Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=gZpzmVpEn/WxUfadWPAW8K+3tyMzfQPPDA86WgBAd78=; b=VtzbkCIFPezO9jeduV1aREx6A4 bpc5bGjJNtJka/2xe0aCbx+LZ1X77eWBo5Iz4haon6QjOBhBAMemR1l8aSthlS0h41DHFY+T5R5YY tCTgFnxVBZK60m+zFlq1NXn2SWgXoqQp3qtcfKl4hdBx7B04pqXup7sbOxm7GpUlarPk=; Received: from [103.5.134.173] (helo=steel.lan) by systemreboot.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from ) id 1gPp8M-0005y0-1t; Thu, 22 Nov 2018 19:05:07 +0530 From: Arun Isaac To: guix-patches@gnu.org Subject: [PATCH] gnu: Add lynis. Date: Thu, 22 Nov 2018 19:04:28 +0530 Message-Id: <20181122133429.16838-1-arunisaac@systemreboot.net> X-Mailer: git-send-email 2.19.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -2.6 (--) X-Debbugs-Envelope-To: submit Cc: Arun Isaac X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.6 (---) * gnu/packages/admin.scm (lynis): New variable. --- gnu/packages/admin.scm | 56 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 28961ecf8..513d7a26b 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -2837,3 +2837,59 @@ support forum. It runs with the @code{/exec} command in most IRC clients.") (description "This package provides tools to manage clients of the Logitech Unifying Receiver.") (license license:gpl2))) + +(define-public lynis + (package + (name "lynis") + (version "2.7.0") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/CISOfy/lynis/archive/" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "13np0bbkcz7k8336wdcq69b93wmc2vm1ryz988cr0kan11mxsr3k")) + (modules '((guix build utils))) + (snippet + '(begin + ;; Remove proprietary plugins + (with-directory-excursion "plugins" + (for-each delete-file (list "plugin_pam_phase1" + "plugin_systemd_phase1"))) + #t)))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ; no tests + #:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "lynis" + (("/usr/share/lynis") + (string-append (assoc-ref outputs "out") "/share/lynis"))) + (substitute* "include/functions" + (("/usr/local/etc/lynis") + (string-append (assoc-ref outputs "out") "/etc/lynis"))) + #t)) + (delete 'build) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (install-file "lynis" (string-append out "/bin/")) + (install-file "default.prf" (string-append out "/etc/lynis")) + (for-each + (lambda (dir) + (copy-recursively dir (string-append out "/share/lynis/" dir))) + (list "db" "include" "plugins")) + (install-file "lynis.8" (string-append out "/share/man/man8")) + #t)))))) + (home-page "https://cisofy.com/lynis/") + (synopsis "Security auditing tool") + (description "Lynis is a security auditing tool. It performs an in-depth +security scan and runs on the system itself. The primary goal is to test +security defenses and provide tips for further system hardening. It will also +scan for general system information, vulnerable software packages, and +possible configuration issues.") + (license license:gpl3))) -- 2.19.1 ------------=_1543561562-23984-1--