diff --git a/amtu-1.0.7-makefile.patch b/amtu-1.0.7-makefile.patch deleted file mode 100644 index ee865e7..0000000 --- a/amtu-1.0.7-makefile.patch +++ /dev/null @@ -1,78 +0,0 @@ -diff -ur amtu-1.0.7.orig/configure.in amtu-1.0.7/configure.in ---- amtu-1.0.7.orig/configure.in 2009-07-01 10:29:09.000000000 -0400 -+++ amtu-1.0.7/configure.in 2009-07-01 11:05:07.000000000 -0400 -@@ -1,19 +1,14 @@ --AC_REVISION($Revision: 1.2 $)dnl --# AC_CANONICAL_SYSTEM is deprecated in the latest version of AUTOMAKE. --# We aren't using the latest version so we'll keep using it --#AC_CANONICAL_TARGET --AC_INIT(src/amtu.c) -+AC_REVISION($Revision: 1.3 $)dnl -+AC_INIT(amtu,1.0.7) - AC_PREREQ(2.12)dnl --AC_CONFIG_AUX_DIR(config) --AC_CONFIG_SRCDIR(src/amtu.c) - AM_CONFIG_HEADER(config.h) - --VERSION=1.0.6 --echo Configuring amtu $VERSION -- --AC_CANONICAL_SYSTEM --AM_INIT_AUTOMAKE(amtu, $VERSION) -+AC_CANONICAL_TARGET -+AM_INIT_AUTOMAKE - AC_PROG_CC -+AC_PROG_INSTALL -+AC_PROG_AWK -+ - case "$target" in - i386-* | i486-* | i586-* | i686-*) AC_DEFINE(HAVE_I86,1,NULL);; - powerpc-*) AC_DEFINE(HAVE_PPC,1,NULL);; -@@ -25,3 +20,15 @@ - AC_CHECK_LIB(laus, laus_open) - AC_CHECK_LIB(audit, audit_open) - AC_OUTPUT(Makefile src/Makefile doc/Makefile) -+ -+echo . -+echo " -+ -+ amtu: $VERSION -+ Target: $target -+ Installation prefix: $prefix -+ Compiler: $CC -+ Compiler flags: -+`echo $CFLAGS | fmt -w 50 | sed 's,^, ,'` -+" -+ -diff -ur amtu-1.0.7.orig/doc/Makefile.am amtu-1.0.7/doc/Makefile.am ---- amtu-1.0.7.orig/doc/Makefile.am 2009-07-01 10:29:09.000000000 -0400 -+++ amtu-1.0.7/doc/Makefile.am 2009-07-01 10:56:52.000000000 -0400 -@@ -1 +1,3 @@ -+CONFIG_CLEAN_FILES = *.rej *.orig -+EXTRA_DIST = $(man_MANS) - man_MANS = amtu.8 -diff -ur amtu-1.0.7.orig/Makefile.am amtu-1.0.7/Makefile.am ---- amtu-1.0.7.orig/Makefile.am 2009-07-01 10:29:09.000000000 -0400 -+++ amtu-1.0.7/Makefile.am 2009-07-01 10:36:48.000000000 -0400 -@@ -1 +1,8 @@ - SUBDIRS = src doc -+EXTRA_DIST = bootstrap LICENSE CPLv1.0.htm README -+CONFIG_CLEAN_FILES = debug*.list config/* -+ -+clean-generic: -+ rm -rf autom4te*.cache -+ rm -f *.rej *.orig -+ -diff -ur amtu-1.0.7.orig/src/Makefile.am amtu-1.0.7/src/Makefile.am ---- amtu-1.0.7.orig/src/Makefile.am 2009-07-01 10:29:09.000000000 -0400 -+++ amtu-1.0.7/src/Makefile.am 2009-07-01 10:55:44.000000000 -0400 -@@ -1,3 +1,8 @@ --AM_CPPFLAGS = -Wall -W -Wfloat-equal -Wundef -+CLEANFILES = $(BUILT_SOURCES) -+CONFIG_CLEAN_FILES = *.loT *.rej *.orig -+AM_CFLAGS = -Wall -W -Wfloat-equal -Wundef -+INCLUDES = -I. -I${top_srcdir} -+noinst_HEADERS = amtu.h - bin_PROGRAMS = amtu - amtu_SOURCES = amtu-i86.c amtu-ppc.c amtu-s390.c amtu-ia64.c amtu.c memory.c memsep.c iodisktest.c networkio.c -+amtu_DEPENDENCIES = $(amtu_SOURCES) ${top_srcdir}/config.h diff --git a/amtu-1.0.8-init.patch b/amtu-1.0.8-init.patch new file mode 100644 index 0000000..7f2687b --- /dev/null +++ b/amtu-1.0.8-init.patch @@ -0,0 +1,267 @@ +diff -urN amtu-1.0.8.orig/configure.in amtu-1.0.8/configure.in +--- amtu-1.0.8.orig/configure.in 2009-07-06 09:39:44.000000000 -0400 ++++ amtu-1.0.8/configure.in 2009-07-06 10:11:15.000000000 -0400 +@@ -19,7 +19,7 @@ + esac + AC_CHECK_LIB(laus, laus_open) + AC_CHECK_LIB(audit, audit_open) +-AC_OUTPUT(Makefile src/Makefile doc/Makefile) ++AC_OUTPUT(Makefile src/Makefile init/Makefile doc/Makefile) + + echo . + echo " +diff -urN amtu-1.0.8.orig/doc/AMTUHowTo.txt amtu-1.0.8/doc/AMTUHowTo.txt +--- amtu-1.0.8.orig/doc/AMTUHowTo.txt 1969-12-31 19:00:00.000000000 -0500 ++++ amtu-1.0.8/doc/AMTUHowTo.txt 2009-07-06 10:20:42.000000000 -0400 +@@ -0,0 +1,105 @@ ++ABSTRACT MACHINE TEST UTILITY HOWTO ++ ++ ++OVERVIEW ++ ++Abstract Machine Test Utility (AMTU) is an administrative utility to check ++whether the underlying protection mechanism of the hardware are still being ++enforced. This is a requirement of the Controlled Access Protection Profile ++(CAPP) FTP_AMT.1, see http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf. ++AMTU executes the following tests: ++ ++* Memory ++ ++Randomly writes to areas of memory and then reading the memory back to ++ensure the values written remain unchanged. ++ ++* Memory Separation ++ ++Ensures that user space programs cannot read and write to areas of memory ++utilized by the likes of Video RAM, kernel code, etc. ++ ++* I/O Controller - Network ++ ++Verifies random data transmitted is also the data received for each configured ++network device. Only ethernet and token ring devices that are configured and ++up are checked. Async devices are not checked. ++ ++* I/O Controller - Disk ++ ++Verifies that information written to disks remains unchanged. Only SCSI and IDE ++controllers associated with mounted filesystems are checked. ++ ++* Supervisor Mode Instructions ++ ++Ensures that the enforcement of the property that privileged instructions ++should only be in supervisor mode is still in effect. The set privileged ++instructions tested to confirm this is architecture dependant. ++ ++ ++ ++TESTED VERSIONS ++ ++AMTU has been tested on the following: ++ ++* RHEL4 and 5 ++* SuSE SLES 8 ++* pSeries (32-bit and 64-bit) ++* iSeries (64-bit) ++* zSeries (31-bit) ++* xSeries (32-bit) ++ ++ ++ ++INSTALLING AMTU ++ ++VERIFYING SYSTEM REQUIREMENTS AND PREREQUISITES ++ ++Before installing AMTU, verify that your system meets the following ++requirements and prerequisites: ++ ++* The system is running in the Common Criteria evaluated configuration. ++ ++ ++COMPILING AND INSTALLING AMTU ++ ++Untar the AMTU source tarball. Then issue the following commands: ++ ./bootstrap ++ ./configure ++ make ++ make install ++ ++Only the last step must be run as root. During the ./configure stage ++you may opt to change various options including default install directory. ++ ++When compiling AMTU as a 64-bit application on a PPC64 architecture (with the ++exception of Squadron pSeries), specify ++ ++ ./configure CC=/opt/cross/bin/powerpc64-linux-gcc ++ ++where /opt/cross/bin/powerpc64-linux-gcc is the 64-bit gcc compiler. ++ ++To compile as a 64-bit application on X86_64 architecture or Squadron pSeries, ++ ++ ./configure CC="gcc -m64" ++ ++ ++ ++RUNNING AMTU ++ ++AMTU installs to /usr/bin/amtu by default. You can add optional command line ++arguments (see the AMTU man page (amtu.8) for more details). ++ ++ ++ ++INTERPRETING RESULTS ++ ++AMTU issues the following return codes when executed: ++ ++ * -1 - Program abort error ++ * 0 - Successful program completion ++ ++If the error is repeatable, you can re-run amtu with the -d option to get ++more information about the failure. The success or failure of AMTU is logged ++in the audit log files (see auditd.8). ++ +diff -urN amtu-1.0.8.orig/doc/Makefile.am amtu-1.0.8/doc/Makefile.am +--- amtu-1.0.8.orig/doc/Makefile.am 2009-07-06 09:39:44.000000000 -0400 ++++ amtu-1.0.8/doc/Makefile.am 2009-07-06 09:40:49.000000000 -0400 +@@ -1,3 +1,3 @@ + CONFIG_CLEAN_FILES = *.rej *.orig +-EXTRA_DIST = $(man_MANS) ++EXTRA_DIST = $(man_MANS) AbstractMachineTestingDesign.doc AMTUHowTo.txt + man_MANS = amtu.8 +diff -urN amtu-1.0.8.orig/init/amtu.init amtu-1.0.8/init/amtu.init +--- amtu-1.0.8.orig/init/amtu.init 1969-12-31 19:00:00.000000000 -0500 ++++ amtu-1.0.8/init/amtu.init 2009-07-06 10:17:43.000000000 -0400 +@@ -0,0 +1,90 @@ ++#!/bin/sh ++# ++# amtu: Abstract Machine Tests ++# ++# chkconfig: - 96 99 ++# description: This service runs the abstract machine tests to check the \ ++# underlying security assumptions. It can be configured to ++# halt the machine in the event of failure. The program does ++# not stay resident, but rather runs once. ++# ++# processname: /sbin/amtu ++# config: /etc/sysconfig/amtu ++# ++# Return values according to LSB for all commands but status: ++# 0 - success ++# 1 - generic or unspecified error ++# 2 - invalid or excess argument(s) ++# 3 - unimplemented feature (e.g. "reload") ++# 4 - insufficient privilege ++# 5 - program is not installed ++# 6 - program is not configured ++# 7 - program is not running ++ ++PATH=/sbin:/bin:/usr/bin:/usr/sbin ++prog="amtu" ++ ++# Source function library. ++. /etc/rc.d/init.d/functions ++ ++# Allow anyone to run status ++if [ "$1" = "status" ] ; then ++ exit 0 ++fi ++ ++# Check that we are root ... so non-root users stop here ++test $EUID = 0 || exit 4 ++ ++# Check config ++test -f /etc/sysconfig/amtu && . /etc/sysconfig/amtu ++ ++RETVAL=0 ++ ++start() { ++ test -x /usr/bin/amtu || exit 5 ++ # Now check that the syconfig is found and has important things ++ # configured ++ test -f /etc/sysconfig/amtu || exit 6 ++ test x"$AMTU_HALT_ON_FAILURE" = "x" || exit 6 ++ test x"$HALT_COMMAND" = "x" || exit 6 ++ echo -n $"Starting $prog: " ++ daemon $prog "$EXTRAOPTIONS" ++ RETVAL=$? ++ if [ $RETVAL -ne 0 ] ; then ++ if [ "$AMTU_HALT_ON_FAILURE" = "yes" ] ; then ++ # Give audit daemon chance to write to disk ++ sleep 3 ++ logger "Amtu failed and halt on failure requested" ++ $HALT_COMMAND ++ fi ++ fi ++ return $RETVAL ++} ++ ++stop() { ++ /bin/true ++} ++ ++# See how we were called. ++case "$1" in ++ start) ++ start ++ ;; ++ stop) ++ stop ++ ;; ++ status) ++ ;; ++ restart) ++ stop ++ start ++ ;; ++ condrestart) ++ ;; ++ reload) ++ ;; ++ *) ++ echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}" ++ ;; ++esac ++exit $RETVAL +diff -urN amtu-1.0.8.orig/init/amtu.sysconfig amtu-1.0.8/init/amtu.sysconfig +--- amtu-1.0.8.orig/init/amtu.sysconfig 1969-12-31 19:00:00.000000000 -0500 ++++ amtu-1.0.8/init/amtu.sysconfig 2009-07-06 10:06:07.000000000 -0400 +@@ -0,0 +1,11 @@ ++# Add extra options here: ++EXTRAOPTIONS="" ++# ++# This option is used to determine if failing any amtu test should result in ++# the machine being unusable. The default is no, but it can be changed to ++# yes in case this is desired. ++AMTU_HALT_ON_FAILURE="no" ++# ++# Should halt on failure trigger and its set to yes, the following command ++# will be issued to stop the system: ++HALT_COMMAND="poweroff" +diff -urN amtu-1.0.8.orig/init/Makefile.am amtu-1.0.8/init/Makefile.am +--- amtu-1.0.8.orig/init/Makefile.am 1969-12-31 19:00:00.000000000 -0500 ++++ amtu-1.0.8/init/Makefile.am 2009-07-06 10:14:22.000000000 -0400 +@@ -0,0 +1,16 @@ ++ ++CONFIG_CLEAN_FILES = *.rej *.orig ++EXTRA_DIST = amtu.init amtu.sysconfig ++initdir=$(sysconfdir)/rc.d/init.d ++sysconfigdir=$(sysconfdir)/sysconfig ++ ++install-data-hook: ++ $(INSTALL_DATA) -D -m 640 ${srcdir}/amtu.sysconfig ${DESTDIR}${sysconfigdir}/amtu ++ ++install-exec-hook: ++ $(INSTALL_SCRIPT) -D -m 755 ${srcdir}/amtu.init ${DESTDIR}${initdir}/amtu ++ ++uninstall-hook: ++ rm ${DESTDIR}${sysconfigdir}/amtu ++ rm ${DESTDIR}${initdir}/amtu ++ +diff -urN amtu-1.0.8.orig/Makefile.am amtu-1.0.8/Makefile.am +--- amtu-1.0.8.orig/Makefile.am 2009-07-06 09:39:44.000000000 -0400 ++++ amtu-1.0.8/Makefile.am 2009-07-06 10:10:55.000000000 -0400 +@@ -1,4 +1,4 @@ +-SUBDIRS = src doc ++SUBDIRS = src init doc + EXTRA_DIST = bootstrap LICENSE CPLv1.0.htm README + CONFIG_CLEAN_FILES = debug*.list config/* + diff --git a/amtu.spec b/amtu.spec index 0b91287..5559fba 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,18 +1,16 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu -Version: 1.0.7 +Version: 1.0.8 Release: 1%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ Source0: %{name}-%{version}.tar.gz -Patch1: amtu-1.0.7-makefile.patch +Patch1: amtu-1.0.8-init.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: audit-libs-devel >= 1.1.2 BuildRequires: automake -Requires: audit >= 1.1.2 - -# Red Hat AMTU SPEC file +Requires: chkconfig %description Abstract Machine Test Utility (AMTU) is an administrative utility to check @@ -26,7 +24,6 @@ http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf %patch1 -p1 %build -# next 3 items is to quieten autoreconf touch ChangeLog touch NEWS touch AUTHORS @@ -41,13 +38,28 @@ make "DESTDIR=${RPM_BUILD_ROOT}" install %clean rm -rf $RPM_BUILD_ROOT +%post +/sbin/chkconfig --add amtu + +%preun +if [ $1 -eq 0 ]; then + /sbin/service amtu stop > /dev/null 2>&1 + /sbin/chkconfig --del amtu +fi + %files %defattr(-,root,root, -) -%doc doc/AMTUHowTo.txt COPYING +%doc doc/AMTUHowTo.txt LICENSE +%attr(755,root,root) /etc/rc.d/init.d/amtu +%config(noreplace) %attr(640,root,root) /etc/sysconfig/amtu %attr(0750,root,root) %{_bindir}/amtu %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Fri Aug 21 2009 Steve Grubb 1.0.8-1 +- new upstream version +- Add init script for bootup system check + * Wed Jul 01 2009 Steve Grubb 1.0.7-1 - new upstream version diff --git a/sources b/sources index 462d897..c2f8d81 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -8858a47c667ffc4af840d72d8ced6605 amtu-1.0.7.tar.gz +755b517a3a1cc4092435c349d9b99312 amtu-1.0.8.tar.gz