diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 9ec1f57..0000000 --- a/.gitignore +++ /dev/null @@ -1,10 +0,0 @@ -amtu-0.1.tar.gz -amtu-1.0.tar.gz -amtu-1.0.1.tar.gz -amtu-1.0.2.tar.gz -amtu-1.0.3.tar.gz -amtu-1.0.4.tar.gz -amtu-1.0.5-1.tar.gz -amtu-1.0.6.tar.gz -amtu-1.0.7.tar.gz -amtu-1.0.8.tar.gz diff --git a/amtu-1.0.8-doc.patch b/amtu-1.0.8-doc.patch deleted file mode 100644 index b6fb6ac..0000000 --- a/amtu-1.0.8-doc.patch +++ /dev/null @@ -1,117 +0,0 @@ -diff -urN amtu-1.0.8.orig/doc/AMTUHowTo.txt amtu-1.0.8/doc/AMTUHowTo.txt ---- amtu-1.0.8.orig/doc/AMTUHowTo.txt 1969-12-31 19:00:00.000000000 -0500 -+++ amtu-1.0.8/doc/AMTUHowTo.txt 2009-07-06 10:20:42.000000000 -0400 -@@ -0,0 +1,105 @@ -+ABSTRACT MACHINE TEST UTILITY HOWTO -+ -+ -+OVERVIEW -+ -+Abstract Machine Test Utility (AMTU) is an administrative utility to check -+whether the underlying protection mechanism of the hardware are still being -+enforced. This is a requirement of the Controlled Access Protection Profile -+(CAPP) FTP_AMT.1, see http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf. -+AMTU executes the following tests: -+ -+* Memory -+ -+Randomly writes to areas of memory and then reading the memory back to -+ensure the values written remain unchanged. -+ -+* Memory Separation -+ -+Ensures that user space programs cannot read and write to areas of memory -+utilized by the likes of Video RAM, kernel code, etc. -+ -+* I/O Controller - Network -+ -+Verifies random data transmitted is also the data received for each configured -+network device. Only ethernet and token ring devices that are configured and -+up are checked. Async devices are not checked. -+ -+* I/O Controller - Disk -+ -+Verifies that information written to disks remains unchanged. Only SCSI and IDE -+controllers associated with mounted filesystems are checked. -+ -+* Supervisor Mode Instructions -+ -+Ensures that the enforcement of the property that privileged instructions -+should only be in supervisor mode is still in effect. The set privileged -+instructions tested to confirm this is architecture dependant. -+ -+ -+ -+TESTED VERSIONS -+ -+AMTU has been tested on the following: -+ -+* RHEL4 and 5 -+* SuSE SLES 8 -+* pSeries (32-bit and 64-bit) -+* iSeries (64-bit) -+* zSeries (31-bit) -+* xSeries (32-bit) -+ -+ -+ -+INSTALLING AMTU -+ -+VERIFYING SYSTEM REQUIREMENTS AND PREREQUISITES -+ -+Before installing AMTU, verify that your system meets the following -+requirements and prerequisites: -+ -+* The system is running in the Common Criteria evaluated configuration. -+ -+ -+COMPILING AND INSTALLING AMTU -+ -+Untar the AMTU source tarball. Then issue the following commands: -+ ./bootstrap -+ ./configure -+ make -+ make install -+ -+Only the last step must be run as root. During the ./configure stage -+you may opt to change various options including default install directory. -+ -+When compiling AMTU as a 64-bit application on a PPC64 architecture (with the -+exception of Squadron pSeries), specify -+ -+ ./configure CC=/opt/cross/bin/powerpc64-linux-gcc -+ -+where /opt/cross/bin/powerpc64-linux-gcc is the 64-bit gcc compiler. -+ -+To compile as a 64-bit application on X86_64 architecture or Squadron pSeries, -+ -+ ./configure CC="gcc -m64" -+ -+ -+ -+RUNNING AMTU -+ -+AMTU installs to /usr/bin/amtu by default. You can add optional command line -+arguments (see the AMTU man page (amtu.8) for more details). -+ -+ -+ -+INTERPRETING RESULTS -+ -+AMTU issues the following return codes when executed: -+ -+ * -1 - Program abort error -+ * 0 - Successful program completion -+ -+If the error is repeatable, you can re-run amtu with the -d option to get -+more information about the failure. The success or failure of AMTU is logged -+in the audit log files (see auditd.8). -+ -diff -urN amtu-1.0.8.orig/doc/Makefile.am amtu-1.0.8/doc/Makefile.am ---- amtu-1.0.8.orig/doc/Makefile.am 2009-07-06 09:39:44.000000000 -0400 -+++ amtu-1.0.8/doc/Makefile.am 2009-07-06 09:40:49.000000000 -0400 -@@ -1,3 +1,3 @@ - CONFIG_CLEAN_FILES = *.rej *.orig --EXTRA_DIST = $(man_MANS) -+EXTRA_DIST = $(man_MANS) AbstractMachineTestingDesign.doc AMTUHowTo.txt - man_MANS = amtu.8 diff --git a/amtu-1.0.8-init.patch b/amtu-1.0.8-init.patch deleted file mode 100644 index 2b3061b..0000000 --- a/amtu-1.0.8-init.patch +++ /dev/null @@ -1,146 +0,0 @@ -diff -urN amtu-1.0.8.orig/configure.in amtu-1.0.8/configure.in ---- amtu-1.0.8.orig/configure.in 2009-09-11 09:43:44.000000000 -0400 -+++ amtu-1.0.8/configure.in 2009-09-11 09:44:10.000000000 -0400 -@@ -19,7 +19,7 @@ - esac - AC_CHECK_LIB(laus, laus_open) - AC_CHECK_LIB(audit, audit_open) --AC_OUTPUT(Makefile src/Makefile doc/Makefile) -+AC_OUTPUT(Makefile src/Makefile init/Makefile doc/Makefile) - - echo . - echo " -diff -urN amtu-1.0.8.orig/init/amtu.init amtu-1.0.8/init/amtu.init ---- amtu-1.0.8.orig/init/amtu.init 1969-12-31 19:00:00.000000000 -0500 -+++ amtu-1.0.8/init/amtu.init 2009-09-11 13:35:53.000000000 -0400 -@@ -0,0 +1,86 @@ -+#!/bin/sh -+# -+# amtu: Abstract Machine Tests -+# -+# chkconfig: - 96 99 -+# description: This service runs the abstract machine tests to check the \ -+# underlying security assumptions. It can be configured to -+# halt the machine in the event of failure. The program does -+# not stay resident, but rather runs once. -+# -+# processname: /sbin/amtu -+# config: /etc/sysconfig/amtu -+# -+# Return values according to LSB for all commands but status: -+# 0 - success -+# 1 - generic or unspecified error -+# 2 - invalid or excess argument(s) -+# 3 - unimplemented feature (e.g. "reload") -+# 4 - insufficient privilege -+# 5 - program is not installed -+# 6 - program is not configured -+# 7 - program is not running -+ -+PATH=/sbin:/bin:/usr/bin:/usr/sbin -+prog="amtu" -+ -+# Source function library. -+. /etc/rc.d/init.d/functions -+ -+# Allow anyone to run status -+if [ "$1" = "status" ] ; then -+ exit 0 -+fi -+ -+# Check that we are root ... so non-root users stop here -+test $EUID = 0 || exit 4 -+ -+# Check config -+test -f /etc/sysconfig/amtu && . /etc/sysconfig/amtu -+ -+RETVAL=0 -+ -+start() { -+ test -x /usr/bin/amtu || exit 5 -+ # Now check that the syconfig is found and has important things -+ # configured -+ test -f /etc/sysconfig/amtu || exit 6 -+ test x"$AMTU_HALT_ON_FAILURE" != "x" || exit 6 -+ test x"$HALT_COMMAND" != "x" || exit 6 -+ echo -n $"Starting $prog: " -+ daemon $prog "$EXTRAOPTIONS" >/dev/null 2>&1 -+ RETVAL=$? -+ echo -+ if [ $RETVAL -ne 0 ] ; then -+ if [ "$AMTU_HALT_ON_FAILURE" = "yes" ] ; then -+ # Give audit daemon chance to write to disk -+ sleep 3 -+ logger "Amtu failed and halt on failure requested" -+ $HALT_COMMAND -+ fi -+ fi -+ return $RETVAL -+} -+ -+stop() { -+ /bin/true -+} -+ -+# See how we were called. -+case "$1" in -+ start) -+ start -+ ;; -+ stop) -+ stop -+ ;; -+ restart) -+ stop -+ start -+ ;; -+ *) -+ echo $"Usage: $0 {start|stop|restart}" -+ RETVAL=3 -+ ;; -+esac -+exit $RETVAL -diff -urN amtu-1.0.8.orig/init/amtu.sysconfig amtu-1.0.8/init/amtu.sysconfig ---- amtu-1.0.8.orig/init/amtu.sysconfig 1969-12-31 19:00:00.000000000 -0500 -+++ amtu-1.0.8/init/amtu.sysconfig 2009-09-11 09:44:10.000000000 -0400 -@@ -0,0 +1,11 @@ -+# Add extra options here: -+EXTRAOPTIONS="" -+# -+# This option is used to determine if failing any amtu test should result in -+# the machine being unusable. The default is no, but it can be changed to -+# yes in case this is desired. -+AMTU_HALT_ON_FAILURE="no" -+# -+# Should halt on failure trigger and its set to yes, the following command -+# will be issued to stop the system: -+HALT_COMMAND="poweroff" -diff -urN amtu-1.0.8.orig/init/Makefile.am amtu-1.0.8/init/Makefile.am ---- amtu-1.0.8.orig/init/Makefile.am 1969-12-31 19:00:00.000000000 -0500 -+++ amtu-1.0.8/init/Makefile.am 2009-09-11 09:44:10.000000000 -0400 -@@ -0,0 +1,16 @@ -+ -+CONFIG_CLEAN_FILES = *.rej *.orig -+EXTRA_DIST = amtu.init amtu.sysconfig -+initdir=$(sysconfdir)/rc.d/init.d -+sysconfigdir=$(sysconfdir)/sysconfig -+ -+install-data-hook: -+ $(INSTALL_DATA) -D -m 640 ${srcdir}/amtu.sysconfig ${DESTDIR}${sysconfigdir}/amtu -+ -+install-exec-hook: -+ $(INSTALL_SCRIPT) -D -m 755 ${srcdir}/amtu.init ${DESTDIR}${initdir}/amtu -+ -+uninstall-hook: -+ rm ${DESTDIR}${sysconfigdir}/amtu -+ rm ${DESTDIR}${initdir}/amtu -+ -diff -urN amtu-1.0.8.orig/Makefile.am amtu-1.0.8/Makefile.am ---- amtu-1.0.8.orig/Makefile.am 2009-09-11 09:43:44.000000000 -0400 -+++ amtu-1.0.8/Makefile.am 2009-09-11 09:44:10.000000000 -0400 -@@ -1,4 +1,4 @@ --SUBDIRS = src doc -+SUBDIRS = src init doc - EXTRA_DIST = bootstrap LICENSE CPLv1.0.htm README - CONFIG_CLEAN_FILES = debug*.list config/* - diff --git a/amtu.spec b/amtu.spec deleted file mode 100644 index cd9a3ef..0000000 --- a/amtu.spec +++ /dev/null @@ -1,153 +0,0 @@ -Summary: Abstract Machine Test Utility (AMTU) -Name: amtu -Version: 1.0.8 -Release: 5%{?dist} -License: CPL -Group: System Environment/Base -URL: http://sourceforge.net/projects/amtueal/ -Source0: %{name}-%{version}.tar.gz -Patch1: amtu-1.0.8-doc.patch -Patch2: amtu-1.0.8-init.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: audit-libs-devel >= 1.1.2 -BuildRequires: automake -Requires: chkconfig -ExclusiveArch: i386 i686 x86_64 ppc ppc64 s390 s390x ia64 - -%description -Abstract Machine Test Utility (AMTU) is an administrative utility to check -whether the underlying protection mechanism of the hardware are still being -enforced. This is a requirement of the Controlled Access Protection Profile -FPT_AMT.1, see -http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf - -%prep -%setup -q -%patch1 -p1 -%patch2 -p1 - -%build -touch ChangeLog -touch NEWS -touch AUTHORS -autoreconf -fv --install -%configure -make %{?_smp_mflags} - -%install -rm -rf $RPM_BUILD_ROOT -make "DESTDIR=${RPM_BUILD_ROOT}" install - -%clean -rm -rf $RPM_BUILD_ROOT - -%post -/sbin/chkconfig --add amtu - -%preun -if [ $1 -eq 0 ]; then - /sbin/service amtu stop > /dev/null 2>&1 - /sbin/chkconfig --del amtu -fi - -%files -%defattr(-,root,root, -) -%doc doc/AMTUHowTo.txt LICENSE -%attr(755,root,root) /etc/rc.d/init.d/amtu -%config(noreplace) %attr(640,root,root) /etc/sysconfig/amtu -%attr(0750,root,root) %{_bindir}/amtu -%attr(0644,root,root) %{_mandir}/man8/* - -%changelog -* Fri Sep 11 2009 Steve Grubb - 1.0.8-5 -- Corrected config file test (#522708) -- Made init script more LSB compatible (#522789) - -* Fri Aug 28 2009 Steve Grubb - 1.0.8-4 -- Add ExclusiveArch for platforms having memory separation tests - -* Fri Aug 21 2009 Tomas Mraz - 1.0.8-3 -- rebuilt with new audit - -* Wed Aug 19 2009 Steve Grubb 1.0.8-2 -- rebuild for new audit-libs - -* Sun Jul 26 2009 Steve Grubb 1.0.8-1 -- new upstream version -- Add init script for bootup system check - -* Fri Jul 24 2009 Fedora Release Engineering - 1.0.7-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Wed Jul 01 2009 Steve Grubb 1.0.7-1 -- new upstream version - -* Mon Feb 23 2009 Fedora Release Engineering - 1.0.6-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Mon Jul 14 2008 Tom "spot" Callaway - 1.0.6-3 -- fix license tag - -* Tue Feb 19 2008 Fedora Release Engineering - 1.0.6-2 -- Autorebuild for GCC 4.3 - -* Sat Dec 08 2007 Steve Grubb 1.0.6-1 -- new upstream version - -* Thu Mar 08 2007 Steve Grubb 1.0.5-1 -- new upstream version - -* Fri Feb 16 2007 Steve Grubb 1.0.4-6 -- change buildroot - -* Thu Feb 8 2007 Steve Grubb 1.0.4-5 -- specfile updates - -* Tue Jan 9 2007 Steve Grubb 1.0.4-4 -- patch fixing network and disk tests - -* Wed Jul 12 2006 Jesse Keating - 1.0.4-3.1 -- rebuild - -* Mon Jun 12 2006 Jesse Keating - 1.0.4-3 -- Fix missing BR on automake - -* Fri Feb 10 2006 Jesse Keating - 1.0.4-2.2 -- bump again for double-long bug on ppc(64) - -* Tue Feb 07 2006 Jesse Keating - 1.0.4-2.1 -- rebuilt for new gcc4.1 snapshot and glibc changes - -* Tue Jan 3 2006 Jesse Keating 1.0.4-2 -- rebuilt - -* Fri Dec 9 2005 Steve Grubb 1.0.4-1 -- New upstream version updated for new audit messages -* Mon Dec 5 2005 Steve Grubb 1.0.2-2 -- Fix "clean" section of spec file (bz 172942) -- Add memsep-random patch (bz 174767) -* Thu Jul 14 2005 Steve Grubb 1.0.2-1 -- New upstream version. -* Tue Jul 12 2005 Steve Grubb 1.0.1-1 -- New version fixes bug where audit system was disable at end of test. -* Wed Jun 8 2005 Steve Grubb 1.0-2 -- add a few more include "config.h" -* Fri May 27 2005 Steve Grubb 1.0-1 -- New upstream version from IBM -- Drop memsep patch -- Rework specfile -* Thu Sep 2 2004 root 0.1-7RHEL -- integrate memsep patch from Matt Anderson at HP -* Mon Aug 16 2004 root 0.1-6RHEL -- Integrate ia64 patches from HP's Matt Anderson, enabling use on ia64 -* Tue Jun 29 2004 root 0.1-4RHEL -- fix /usr/bin/amtu modes for real this time -* Tue Jun 29 2004 root 0.1-4RHEL -- set execute bits on /usr/bin/amtu -* Fri May 28 2004 ccb 0.1-3RHEL -- fixed owners and permissions in "files" -* Wed May 26 2004 ccb 0.1-2RHEL -- move docs to a version-qualified directory name -* Sat May 1 2004 root -- Initial build. - diff --git a/dead.package b/dead.package new file mode 100644 index 0000000..b18e62c --- /dev/null +++ b/dead.package @@ -0,0 +1 @@ +AMTU was needed for Common Criteria testing. No PP has needed it in about 5 years. Upstream for the package is also dead. diff --git a/sources b/sources deleted file mode 100644 index c2f8d81..0000000 --- a/sources +++ /dev/null @@ -1 +0,0 @@ -755b517a3a1cc4092435c349d9b99312 amtu-1.0.8.tar.gz