rpms/amtu
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

- Corrected config file test (#522708)

Browse source 
- Made init script more LSB compatible (#522789)
This commit is contained in:
Steve Grubb 2009-09-11 17:48:10 +00:00
commit 38ee4b19a3
3 changed files with 139 additions and 137 deletions
Download patch file Download diff file Expand all files Collapse all files

117
amtu-1.0.8-doc.patch Normal file
View file

@ -0,0 +1,117 @@
diff -urN amtu-1.0.8.orig/doc/AMTUHowTo.txt amtu-1.0.8/doc/AMTUHowTo.txt
--- amtu-1.0.8.orig/doc/AMTUHowTo.txt 1969-12-31 19:00:00.000000000 -0500
+++ amtu-1.0.8/doc/AMTUHowTo.txt 2009-07-06 10:20:42.000000000 -0400
@@ -0,0 +1,105 @@
+ABSTRACT MACHINE TEST UTILITY HOWTO
+
+
+OVERVIEW
+
+Abstract Machine Test Utility (AMTU) is an administrative utility to check
+whether the underlying protection mechanism of the hardware are still being
+enforced. This is a requirement of the Controlled Access Protection Profile
+(CAPP) FTP_AMT.1, see http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf.
+AMTU executes the following tests:
+
+* Memory
+
+Randomly writes to areas of memory and then reading the memory back to
+ensure the values written remain unchanged.
+
+* Memory Separation
+
+Ensures that user space programs cannot read and write to areas of memory
+utilized by the likes of Video RAM, kernel code, etc.
+
+* I/O Controller - Network
+
+Verifies random data transmitted is also the data received for each configured
+network device. Only ethernet and token ring devices that are configured and
+up are checked. Async devices are not checked.
+
+* I/O Controller - Disk
+
+Verifies that information written to disks remains unchanged. Only SCSI and IDE
+controllers associated with mounted filesystems are checked.
+
+* Supervisor Mode Instructions
+
+Ensures that the enforcement of the property that privileged instructions
+should only be in supervisor mode is still in effect. The set privileged
+instructions tested to confirm this is architecture dependant.
+
+
+
+TESTED VERSIONS
+
+AMTU has been tested on the following:
+
+* RHEL4 and 5
+* SuSE SLES 8
+* pSeries (32-bit and 64-bit)
+* iSeries (64-bit)
+* zSeries (31-bit)
+* xSeries (32-bit)
+
+
+
+INSTALLING AMTU
+
+VERIFYING SYSTEM REQUIREMENTS AND PREREQUISITES
+
+Before installing AMTU, verify that your system meets the following
+requirements and prerequisites:
+
+* The system is running in the Common Criteria evaluated configuration.
+
+
+COMPILING AND INSTALLING AMTU
+
+Untar the AMTU source tarball. Then issue the following commands:
+ ./bootstrap
+ ./configure
+ make
+ make install
+
+Only the last step must be run as root. During the ./configure stage
+you may opt to change various options including default install directory.
+
+When compiling AMTU as a 64-bit application on a PPC64 architecture (with the
+exception of Squadron pSeries), specify
+
+ ./configure CC=/opt/cross/bin/powerpc64-linux-gcc
+
+where /opt/cross/bin/powerpc64-linux-gcc is the 64-bit gcc compiler.
+
+To compile as a 64-bit application on X86_64 architecture or Squadron pSeries,
+
+ ./configure CC="gcc -m64"
+
+
+
+RUNNING AMTU
+
+AMTU installs to /usr/bin/amtu by default. You can add optional command line
+arguments (see the AMTU man page (amtu.8) for more details).
+
+
+
+INTERPRETING RESULTS
+
+AMTU issues the following return codes when executed:
+
+ * -1 - Program abort error
+ * 0 - Successful program completion
+
+If the error is repeatable, you can re-run amtu with the -d option to get
+more information about the failure. The success or failure of AMTU is logged
+in the audit log files (see auditd.8).
+
diff -urN amtu-1.0.8.orig/doc/Makefile.am amtu-1.0.8/doc/Makefile.am
--- amtu-1.0.8.orig/doc/Makefile.am 2009-07-06 09:39:44.000000000 -0400
+++ amtu-1.0.8/doc/Makefile.am 2009-07-06 09:40:49.000000000 -0400
@@ -1,3 +1,3 @@
CONFIG_CLEAN_FILES = *.rej *.orig
-EXTRA_DIST = $(man_MANS)
+EXTRA_DIST = $(man_MANS) AbstractMachineTestingDesign.doc AMTUHowTo.txt
man_MANS = amtu.8

149
amtu-1.0.8-init.patch
View file

@ -1,6 +1,6 @@
diff -urN amtu-1.0.8.orig/configure.in amtu-1.0.8/configure.in
--- amtu-1.0.8.orig/configure.in 2009-07-06 09:39:44.000000000 -0400
+++ amtu-1.0.8/configure.in 2009-07-06 10:11:15.000000000 -0400
--- amtu-1.0.8.orig/configure.in 2009-09-11 09:43:44.000000000 -0400
+++ amtu-1.0.8/configure.in 2009-09-11 09:44:10.000000000 -0400
@@ -19,7 +19,7 @@
esac
AC_CHECK_LIB(laus, laus_open)
@ -10,127 +10,10 @@ diff -urN amtu-1.0.8.orig/configure.in amtu-1.0.8/configure.in
echo .
echo "
diff -urN amtu-1.0.8.orig/doc/AMTUHowTo.txt amtu-1.0.8/doc/AMTUHowTo.txt
--- amtu-1.0.8.orig/doc/AMTUHowTo.txt 1969-12-31 19:00:00.000000000 -0500
+++ amtu-1.0.8/doc/AMTUHowTo.txt 2009-07-06 10:20:42.000000000 -0400
@@ -0,0 +1,105 @@
+ABSTRACT MACHINE TEST UTILITY HOWTO
+
+
+OVERVIEW
+
+Abstract Machine Test Utility (AMTU) is an administrative utility to check
+whether the underlying protection mechanism of the hardware are still being
+enforced. This is a requirement of the Controlled Access Protection Profile
+(CAPP) FTP_AMT.1, see http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf.
+AMTU executes the following tests:
+
+* Memory
+
+Randomly writes to areas of memory and then reading the memory back to
+ensure the values written remain unchanged.
+
+* Memory Separation
+
+Ensures that user space programs cannot read and write to areas of memory
+utilized by the likes of Video RAM, kernel code, etc.
+
+* I/O Controller - Network
+
+Verifies random data transmitted is also the data received for each configured
+network device. Only ethernet and token ring devices that are configured and
+up are checked. Async devices are not checked.
+
+* I/O Controller - Disk
+
+Verifies that information written to disks remains unchanged. Only SCSI and IDE
+controllers associated with mounted filesystems are checked.
+
+* Supervisor Mode Instructions
+
+Ensures that the enforcement of the property that privileged instructions
+should only be in supervisor mode is still in effect. The set privileged
+instructions tested to confirm this is architecture dependant.
+
+
+
+TESTED VERSIONS
+
+AMTU has been tested on the following:
+
+* RHEL4 and 5
+* SuSE SLES 8
+* pSeries (32-bit and 64-bit)
+* iSeries (64-bit)
+* zSeries (31-bit)
+* xSeries (32-bit)
+
+
+
+INSTALLING AMTU
+
+VERIFYING SYSTEM REQUIREMENTS AND PREREQUISITES
+
+Before installing AMTU, verify that your system meets the following
+requirements and prerequisites:
+
+* The system is running in the Common Criteria evaluated configuration.
+
+
+COMPILING AND INSTALLING AMTU
+
+Untar the AMTU source tarball. Then issue the following commands:
+ ./bootstrap
+ ./configure
+ make
+ make install
+
+Only the last step must be run as root. During the ./configure stage
+you may opt to change various options including default install directory.
+
+When compiling AMTU as a 64-bit application on a PPC64 architecture (with the
+exception of Squadron pSeries), specify
+
+ ./configure CC=/opt/cross/bin/powerpc64-linux-gcc
+
+where /opt/cross/bin/powerpc64-linux-gcc is the 64-bit gcc compiler.
+
+To compile as a 64-bit application on X86_64 architecture or Squadron pSeries,
+
+ ./configure CC="gcc -m64"
+
+
+
+RUNNING AMTU
+
+AMTU installs to /usr/bin/amtu by default. You can add optional command line
+arguments (see the AMTU man page (amtu.8) for more details).
+
+
+
+INTERPRETING RESULTS
+
+AMTU issues the following return codes when executed:
+
+ * -1 - Program abort error
+ * 0 - Successful program completion
+
+If the error is repeatable, you can re-run amtu with the -d option to get
+more information about the failure. The success or failure of AMTU is logged
+in the audit log files (see auditd.8).
+
diff -urN amtu-1.0.8.orig/doc/Makefile.am amtu-1.0.8/doc/Makefile.am
--- amtu-1.0.8.orig/doc/Makefile.am 2009-07-06 09:39:44.000000000 -0400
+++ amtu-1.0.8/doc/Makefile.am 2009-07-06 09:40:49.000000000 -0400
@@ -1,3 +1,3 @@
CONFIG_CLEAN_FILES = *.rej *.orig
-EXTRA_DIST = $(man_MANS)
+EXTRA_DIST = $(man_MANS) AbstractMachineTestingDesign.doc AMTUHowTo.txt
man_MANS = amtu.8
diff -urN amtu-1.0.8.orig/init/amtu.init amtu-1.0.8/init/amtu.init
--- amtu-1.0.8.orig/init/amtu.init 1969-12-31 19:00:00.000000000 -0500
+++ amtu-1.0.8/init/amtu.init 2009-07-06 10:17:43.000000000 -0400
@@ -0,0 +1,90 @@
+++ amtu-1.0.8/init/amtu.init 2009-09-11 13:35:53.000000000 -0400
@@ -0,0 +1,86 @@
+#!/bin/sh
+#
+# amtu: Abstract Machine Tests
@ -178,11 +61,12 @@ diff -urN amtu-1.0.8.orig/init/amtu.init amtu-1.0.8/init/amtu.init
+ # Now check that the syconfig is found and has important things
+ # configured
+ test -f /etc/sysconfig/amtu || exit 6
+ test x"$AMTU_HALT_ON_FAILURE" = "x" || exit 6
+ test x"$HALT_COMMAND" = "x" || exit 6
+ test x"$AMTU_HALT_ON_FAILURE" != "x" || exit 6
+ test x"$HALT_COMMAND" != "x" || exit 6
+ echo -n $"Starting $prog: "
+ daemon $prog "$EXTRAOPTIONS"
+ daemon $prog "$EXTRAOPTIONS" >/dev/null 2>&1
+ RETVAL=$?
+ echo
+ if [ $RETVAL -ne 0 ] ; then
+ if [ "$AMTU_HALT_ON_FAILURE" = "yes" ] ; then
+ # Give audit daemon chance to write to disk
@ -206,24 +90,19 @@ diff -urN amtu-1.0.8.orig/init/amtu.init amtu-1.0.8/init/amtu.init
+ stop)
+ stop
+ ;;
+ status)
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ condrestart)
+ ;;
+ reload)
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}"
+ echo $"Usage: $0 {start|stop|restart}"
+ RETVAL=3
+ ;;
+esac
+exit $RETVAL
diff -urN amtu-1.0.8.orig/init/amtu.sysconfig amtu-1.0.8/init/amtu.sysconfig
--- amtu-1.0.8.orig/init/amtu.sysconfig 1969-12-31 19:00:00.000000000 -0500
+++ amtu-1.0.8/init/amtu.sysconfig 2009-07-06 10:06:07.000000000 -0400
+++ amtu-1.0.8/init/amtu.sysconfig 2009-09-11 09:44:10.000000000 -0400
@@ -0,0 +1,11 @@
+# Add extra options here:
+EXTRAOPTIONS=""
@ -238,7 +117,7 @@ diff -urN amtu-1.0.8.orig/init/amtu.sysconfig amtu-1.0.8/init/amtu.sysconfig
+HALT_COMMAND="poweroff"
diff -urN amtu-1.0.8.orig/init/Makefile.am amtu-1.0.8/init/Makefile.am
--- amtu-1.0.8.orig/init/Makefile.am 1969-12-31 19:00:00.000000000 -0500
+++ amtu-1.0.8/init/Makefile.am 2009-07-06 10:14:22.000000000 -0400
+++ amtu-1.0.8/init/Makefile.am 2009-09-11 09:44:10.000000000 -0400
@@ -0,0 +1,16 @@
+
+CONFIG_CLEAN_FILES = *.rej *.orig
@ -257,8 +136,8 @@ diff -urN amtu-1.0.8.orig/init/Makefile.am amtu-1.0.8/init/Makefile.am
+ rm ${DESTDIR}${initdir}/amtu
+
diff -urN amtu-1.0.8.orig/Makefile.am amtu-1.0.8/Makefile.am
--- amtu-1.0.8.orig/Makefile.am 2009-07-06 09:39:44.000000000 -0400
+++ amtu-1.0.8/Makefile.am 2009-07-06 10:10:55.000000000 -0400
--- amtu-1.0.8.orig/Makefile.am 2009-09-11 09:43:44.000000000 -0400
+++ amtu-1.0.8/Makefile.am 2009-09-11 09:44:10.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = src doc
+SUBDIRS = src init doc

10
amtu.spec
View file

@ -1,12 +1,13 @@
Summary: Abstract Machine Test Utility (AMTU)
Name: amtu
Version: 1.0.8
Release: 4%{?dist}
Release: 5%{?dist}
License: CPL
Group: System Environment/Base
URL: http://sourceforge.net/projects/amtueal/
Source0: %{name}-%{version}.tar.gz
Patch1: amtu-1.0.8-init.patch
Patch1: amtu-1.0.8-doc.patch
Patch2: amtu-1.0.8-init.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: audit-libs-devel >= 1.1.2
BuildRequires: automake
@ -23,6 +24,7 @@ http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%build
touch ChangeLog
@ -57,6 +59,10 @@ fi
%attr(0644,root,root) %{_mandir}/man8/*
%changelog
* Fri Sep 11 2009 Steve Grubb <sgrubb@redhat.com> - 1.0.8-5
- Corrected config file test (#522708)
- Made init script more LSB compatible (#522789)
* Fri Aug 28 2009 Steve Grubb <sgrubb@redhat.com> - 1.0.8-4
- Add ExclusiveArch for platforms having memory separation tests