diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index 16a7d80..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: amtu -# $Id: Makefile,v 1.1 2004/09/09 02:56:56 cvsdist Exp $ -NAME := amtu -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attempt a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) diff --git a/amtu-1.0.8-init.patch b/amtu-1.0.8-init.patch new file mode 100644 index 0000000..7f2687b --- /dev/null +++ b/amtu-1.0.8-init.patch @@ -0,0 +1,267 @@ +diff -urN amtu-1.0.8.orig/configure.in amtu-1.0.8/configure.in +--- amtu-1.0.8.orig/configure.in 2009-07-06 09:39:44.000000000 -0400 ++++ amtu-1.0.8/configure.in 2009-07-06 10:11:15.000000000 -0400 +@@ -19,7 +19,7 @@ + esac + AC_CHECK_LIB(laus, laus_open) + AC_CHECK_LIB(audit, audit_open) +-AC_OUTPUT(Makefile src/Makefile doc/Makefile) ++AC_OUTPUT(Makefile src/Makefile init/Makefile doc/Makefile) + + echo . + echo " +diff -urN amtu-1.0.8.orig/doc/AMTUHowTo.txt amtu-1.0.8/doc/AMTUHowTo.txt +--- amtu-1.0.8.orig/doc/AMTUHowTo.txt 1969-12-31 19:00:00.000000000 -0500 ++++ amtu-1.0.8/doc/AMTUHowTo.txt 2009-07-06 10:20:42.000000000 -0400 +@@ -0,0 +1,105 @@ ++ABSTRACT MACHINE TEST UTILITY HOWTO ++ ++ ++OVERVIEW ++ ++Abstract Machine Test Utility (AMTU) is an administrative utility to check ++whether the underlying protection mechanism of the hardware are still being ++enforced. This is a requirement of the Controlled Access Protection Profile ++(CAPP) FTP_AMT.1, see http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf. ++AMTU executes the following tests: ++ ++* Memory ++ ++Randomly writes to areas of memory and then reading the memory back to ++ensure the values written remain unchanged. ++ ++* Memory Separation ++ ++Ensures that user space programs cannot read and write to areas of memory ++utilized by the likes of Video RAM, kernel code, etc. ++ ++* I/O Controller - Network ++ ++Verifies random data transmitted is also the data received for each configured ++network device. Only ethernet and token ring devices that are configured and ++up are checked. Async devices are not checked. ++ ++* I/O Controller - Disk ++ ++Verifies that information written to disks remains unchanged. Only SCSI and IDE ++controllers associated with mounted filesystems are checked. ++ ++* Supervisor Mode Instructions ++ ++Ensures that the enforcement of the property that privileged instructions ++should only be in supervisor mode is still in effect. The set privileged ++instructions tested to confirm this is architecture dependant. ++ ++ ++ ++TESTED VERSIONS ++ ++AMTU has been tested on the following: ++ ++* RHEL4 and 5 ++* SuSE SLES 8 ++* pSeries (32-bit and 64-bit) ++* iSeries (64-bit) ++* zSeries (31-bit) ++* xSeries (32-bit) ++ ++ ++ ++INSTALLING AMTU ++ ++VERIFYING SYSTEM REQUIREMENTS AND PREREQUISITES ++ ++Before installing AMTU, verify that your system meets the following ++requirements and prerequisites: ++ ++* The system is running in the Common Criteria evaluated configuration. ++ ++ ++COMPILING AND INSTALLING AMTU ++ ++Untar the AMTU source tarball. Then issue the following commands: ++ ./bootstrap ++ ./configure ++ make ++ make install ++ ++Only the last step must be run as root. During the ./configure stage ++you may opt to change various options including default install directory. ++ ++When compiling AMTU as a 64-bit application on a PPC64 architecture (with the ++exception of Squadron pSeries), specify ++ ++ ./configure CC=/opt/cross/bin/powerpc64-linux-gcc ++ ++where /opt/cross/bin/powerpc64-linux-gcc is the 64-bit gcc compiler. ++ ++To compile as a 64-bit application on X86_64 architecture or Squadron pSeries, ++ ++ ./configure CC="gcc -m64" ++ ++ ++ ++RUNNING AMTU ++ ++AMTU installs to /usr/bin/amtu by default. You can add optional command line ++arguments (see the AMTU man page (amtu.8) for more details). ++ ++ ++ ++INTERPRETING RESULTS ++ ++AMTU issues the following return codes when executed: ++ ++ * -1 - Program abort error ++ * 0 - Successful program completion ++ ++If the error is repeatable, you can re-run amtu with the -d option to get ++more information about the failure. The success or failure of AMTU is logged ++in the audit log files (see auditd.8). ++ +diff -urN amtu-1.0.8.orig/doc/Makefile.am amtu-1.0.8/doc/Makefile.am +--- amtu-1.0.8.orig/doc/Makefile.am 2009-07-06 09:39:44.000000000 -0400 ++++ amtu-1.0.8/doc/Makefile.am 2009-07-06 09:40:49.000000000 -0400 +@@ -1,3 +1,3 @@ + CONFIG_CLEAN_FILES = *.rej *.orig +-EXTRA_DIST = $(man_MANS) ++EXTRA_DIST = $(man_MANS) AbstractMachineTestingDesign.doc AMTUHowTo.txt + man_MANS = amtu.8 +diff -urN amtu-1.0.8.orig/init/amtu.init amtu-1.0.8/init/amtu.init +--- amtu-1.0.8.orig/init/amtu.init 1969-12-31 19:00:00.000000000 -0500 ++++ amtu-1.0.8/init/amtu.init 2009-07-06 10:17:43.000000000 -0400 +@@ -0,0 +1,90 @@ ++#!/bin/sh ++# ++# amtu: Abstract Machine Tests ++# ++# chkconfig: - 96 99 ++# description: This service runs the abstract machine tests to check the \ ++# underlying security assumptions. It can be configured to ++# halt the machine in the event of failure. The program does ++# not stay resident, but rather runs once. ++# ++# processname: /sbin/amtu ++# config: /etc/sysconfig/amtu ++# ++# Return values according to LSB for all commands but status: ++# 0 - success ++# 1 - generic or unspecified error ++# 2 - invalid or excess argument(s) ++# 3 - unimplemented feature (e.g. "reload") ++# 4 - insufficient privilege ++# 5 - program is not installed ++# 6 - program is not configured ++# 7 - program is not running ++ ++PATH=/sbin:/bin:/usr/bin:/usr/sbin ++prog="amtu" ++ ++# Source function library. ++. /etc/rc.d/init.d/functions ++ ++# Allow anyone to run status ++if [ "$1" = "status" ] ; then ++ exit 0 ++fi ++ ++# Check that we are root ... so non-root users stop here ++test $EUID = 0 || exit 4 ++ ++# Check config ++test -f /etc/sysconfig/amtu && . /etc/sysconfig/amtu ++ ++RETVAL=0 ++ ++start() { ++ test -x /usr/bin/amtu || exit 5 ++ # Now check that the syconfig is found and has important things ++ # configured ++ test -f /etc/sysconfig/amtu || exit 6 ++ test x"$AMTU_HALT_ON_FAILURE" = "x" || exit 6 ++ test x"$HALT_COMMAND" = "x" || exit 6 ++ echo -n $"Starting $prog: " ++ daemon $prog "$EXTRAOPTIONS" ++ RETVAL=$? ++ if [ $RETVAL -ne 0 ] ; then ++ if [ "$AMTU_HALT_ON_FAILURE" = "yes" ] ; then ++ # Give audit daemon chance to write to disk ++ sleep 3 ++ logger "Amtu failed and halt on failure requested" ++ $HALT_COMMAND ++ fi ++ fi ++ return $RETVAL ++} ++ ++stop() { ++ /bin/true ++} ++ ++# See how we were called. ++case "$1" in ++ start) ++ start ++ ;; ++ stop) ++ stop ++ ;; ++ status) ++ ;; ++ restart) ++ stop ++ start ++ ;; ++ condrestart) ++ ;; ++ reload) ++ ;; ++ *) ++ echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}" ++ ;; ++esac ++exit $RETVAL +diff -urN amtu-1.0.8.orig/init/amtu.sysconfig amtu-1.0.8/init/amtu.sysconfig +--- amtu-1.0.8.orig/init/amtu.sysconfig 1969-12-31 19:00:00.000000000 -0500 ++++ amtu-1.0.8/init/amtu.sysconfig 2009-07-06 10:06:07.000000000 -0400 +@@ -0,0 +1,11 @@ ++# Add extra options here: ++EXTRAOPTIONS="" ++# ++# This option is used to determine if failing any amtu test should result in ++# the machine being unusable. The default is no, but it can be changed to ++# yes in case this is desired. ++AMTU_HALT_ON_FAILURE="no" ++# ++# Should halt on failure trigger and its set to yes, the following command ++# will be issued to stop the system: ++HALT_COMMAND="poweroff" +diff -urN amtu-1.0.8.orig/init/Makefile.am amtu-1.0.8/init/Makefile.am +--- amtu-1.0.8.orig/init/Makefile.am 1969-12-31 19:00:00.000000000 -0500 ++++ amtu-1.0.8/init/Makefile.am 2009-07-06 10:14:22.000000000 -0400 +@@ -0,0 +1,16 @@ ++ ++CONFIG_CLEAN_FILES = *.rej *.orig ++EXTRA_DIST = amtu.init amtu.sysconfig ++initdir=$(sysconfdir)/rc.d/init.d ++sysconfigdir=$(sysconfdir)/sysconfig ++ ++install-data-hook: ++ $(INSTALL_DATA) -D -m 640 ${srcdir}/amtu.sysconfig ${DESTDIR}${sysconfigdir}/amtu ++ ++install-exec-hook: ++ $(INSTALL_SCRIPT) -D -m 755 ${srcdir}/amtu.init ${DESTDIR}${initdir}/amtu ++ ++uninstall-hook: ++ rm ${DESTDIR}${sysconfigdir}/amtu ++ rm ${DESTDIR}${initdir}/amtu ++ +diff -urN amtu-1.0.8.orig/Makefile.am amtu-1.0.8/Makefile.am +--- amtu-1.0.8.orig/Makefile.am 2009-07-06 09:39:44.000000000 -0400 ++++ amtu-1.0.8/Makefile.am 2009-07-06 10:10:55.000000000 -0400 +@@ -1,4 +1,4 @@ +-SUBDIRS = src doc ++SUBDIRS = src init doc + EXTRA_DIST = bootstrap LICENSE CPLv1.0.htm README + CONFIG_CLEAN_FILES = debug*.list config/* + diff --git a/amtu.spec b/amtu.spec index 81caf27..5dd0130 100644 --- a/amtu.spec +++ b/amtu.spec @@ -1,17 +1,17 @@ Summary: Abstract Machine Test Utility (AMTU) Name: amtu -Version: 1.0.6 -Release: 4%{?dist} +Version: 1.0.8 +Release: 2%{?dist} License: CPL Group: System Environment/Base URL: http://sourceforge.net/projects/amtueal/ Source0: %{name}-%{version}.tar.gz +Patch1: amtu-1.0.8-init.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: audit-libs-devel >= 1.1.2 BuildRequires: automake -Requires: audit >= 1.1.2 - -# Red Hat AMTU SPEC file +Requires: chkconfig +ExclusiveArch: i386 i686 x86_64 ppc ppc64 s390 s390x ia64 %description Abstract Machine Test Utility (AMTU) is an administrative utility to check @@ -22,20 +22,9 @@ http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf %prep %setup -q +%patch1 -p1 %build -# Determine appropriate compiler -CC="gcc" -%ifarch ppc64 ppc64iseries ppc64pseries - CC="/usr/bin/ppc64-redhat-linux-gcc" -%endif -# Determine appropriate compiler flags -CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -Wall -pipe" -%ifarch x86_64 - CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -Wall -pipe -m64" -%endif -export CC CFLAGS -# next 3 items is to quieten autoreconf touch ChangeLog touch NEWS touch AUTHORS @@ -45,22 +34,39 @@ make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT/%{_bindir} -install -m 0750 src/amtu $RPM_BUILD_ROOT/%{_bindir} - -mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8/ -install -m 644 doc/amtu.8 $RPM_BUILD_ROOT/%{_mandir}/man8/amtu.8 +make "DESTDIR=${RPM_BUILD_ROOT}" install %clean rm -rf $RPM_BUILD_ROOT +%post +/sbin/chkconfig --add amtu + +%preun +if [ $1 -eq 0 ]; then + /sbin/service amtu stop > /dev/null 2>&1 + /sbin/chkconfig --del amtu +fi + %files -%defattr(-,root,root) -%doc doc/AMTUHowTo.txt COPYING +%defattr(-,root,root, -) +%doc doc/AMTUHowTo.txt LICENSE +%attr(755,root,root) /etc/rc.d/init.d/amtu +%config(noreplace) %attr(640,root,root) /etc/sysconfig/amtu %attr(0750,root,root) %{_bindir}/amtu %attr(0644,root,root) %{_mandir}/man8/* %changelog +* Fri Aug 28 2009 Steve Grubb - 1.0.8-2 +- Add ExclusiveArch for platforms having memory separation tests + +* Fri Aug 21 2009 Steve Grubb 1.0.8-1 +- new upstream version +- Add init script for bootup system check + +* Wed Jul 01 2009 Steve Grubb 1.0.7-1 +- new upstream version + * Mon Feb 23 2009 Fedora Release Engineering - 1.0.6-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild diff --git a/sources b/sources index 94fc11b..c2f8d81 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -9c65ae295bb875bb4aa8786e17a2f1e7 amtu-1.0.6.tar.gz +755b517a3a1cc4092435c349d9b99312 amtu-1.0.8.tar.gz