@@ -1154,6 +1154,7 @@ F: package/lrandom/
F: package/lsqlite3/
F: package/lua*
F: package/lzlib/
+F: package/lynis/
F: package/moarvm/
F: package/mstpd/
F: package/netsurf/
@@ -2667,6 +2667,7 @@ menu "Security"
source "package/apparmor/Config.in"
source "package/checkpolicy/Config.in"
source "package/ima-evm-utils/Config.in"
+ source "package/lynis/Config.in"
source "package/optee-client/Config.in"
source "package/optee-examples/Config.in"
source "package/optee-test/Config.in"
new file mode 100644
@@ -0,0 +1,16 @@
+config BR2_PACKAGE_LYNIS
+ bool "lynis"
+ select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
+ select BR2_PACKAGE_COREUTILS # runtime (stat)
+ select BR2_PACKAGE_GAWK # runtime (awk)
+ select BR2_PACKAGE_GZIP # runtime (zgrep /proc/config.gz)
+ help
+ Lynis is an auditing tool which tests and gathers (security)
+ information from Unix based systems.
+ Written in shell and running on system itself.
+
+ Relevant optional dependency:
+
+ - Busybox compiled with CONFIG_PGREP
+
+ https://cisofy.com/lynis/
new file mode 100644
@@ -0,0 +1,3 @@
+# Locally calculated
+sha256 ca38a27c9c92e78877be4ecffce25f3345a1d24bbcd68be66a3a600e2ff748d1 lynis-3.1.1.tar.gz
+sha256 57151f0fa287550534af08facb1c6693ca803ffa65b512da38b55c3130810bcf LICENSE
new file mode 100644
@@ -0,0 +1,29 @@
+################################################################################
+#
+# lynis
+#
+################################################################################
+
+LYNIS_VERSION = 3.1.1
+LYNIS_SITE = $(call github,CISOfy,lynis,$(LYNIS_VERSION))
+LYNIS_LICENSE = GPL-3.0
+LYNIS_LICENSE_FILES = LICENSE
+
+define LYNIS_INSTALL_TARGET_CMDS
+ $(INSTALL) -m 0755 $(@D)/lynis \
+ $(TARGET_DIR)/usr/sbin/lynis
+ $(INSTALL) -D -m 0644 $(@D)/default.prf \
+ $(TARGET_DIR)/etc/lynis/default.prf
+ $(INSTALL) -D -m 0644 $(@D)/developer.prf \
+ $(TARGET_DIR)/etc/lynis/developer.prf
+ $(INSTALL) -D -m 0644 $(@D)/plugins/* \
+ -t $(TARGET_DIR)/etc/lynis/plugins
+ $(INSTALL) -D -m 0644 $(@D)/include/* \
+ -t $(TARGET_DIR)/usr/share/lynis/include
+ $(INSTALL) -D -m 0644 $(@D)/db/*.db \
+ -t $(TARGET_DIR)/usr/share/lynis/db
+ $(INSTALL) -D -m 0644 $(@D)/db/languages/en \
+ $(TARGET_DIR)/usr/share/lynis/db/languages/en
+endef
+
+$(eval $(generic-package))
new file mode 100644
@@ -0,0 +1,23 @@
+import os
+
+import infra.basetest
+
+
+class TestLynis(infra.basetest.BRTest):
+ config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \
+ """
+ BR2_TARGET_ROOTFS_CPIO=y
+ # BR2_TARGET_ROOTFS_TAR is not set
+ BR2_PACKAGE_LYNIS=y
+ """
+
+ def login(self):
+ cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
+ self.emulator.boot(arch="armv5",
+ kernel="builtin",
+ options=["-initrd", cpio_file])
+ self.emulator.login()
+
+ def test_run(self):
+ self.login()
+ self.assertRunOk("lynis show version", timeout=90)
Signed-off-by: Francois Perrad <francois.perrad@gadz.org> --- DEVELOPERS | 1 + package/Config.in | 1 + package/lynis/Config.in | 16 ++++++++++++ package/lynis/lynis.hash | 3 +++ package/lynis/lynis.mk | 29 +++++++++++++++++++++ support/testing/tests/package/test_lynis.py | 23 ++++++++++++++++ 6 files changed, 73 insertions(+) create mode 100644 package/lynis/Config.in create mode 100644 package/lynis/lynis.hash create mode 100644 package/lynis/lynis.mk create mode 100644 support/testing/tests/package/test_lynis.py