@@ -1167,6 +1167,7 @@ F: package/lpty/
F: package/lrandom/
F: package/lsqlite3/
F: package/lua*
+F: package/lynis/
F: package/lzlib/
F: package/moarvm/
F: package/mstpd/
@@ -2701,6 +2701,7 @@ menu "Security"
source "package/apparmor/Config.in"
source "package/checkpolicy/Config.in"
source "package/ima-evm-utils/Config.in"
+ source "package/lynis/Config.in"
source "package/optee-client/Config.in"
source "package/optee-examples/Config.in"
source "package/optee-test/Config.in"
new file mode 100644
@@ -0,0 +1,10 @@
+config BR2_PACKAGE_LYNIS
+ bool "lynis"
+ select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS
+ select BR2_PACKAGE_GZIP # runtime (zgrep /proc/config.gz)
+ help
+ Lynis is an auditing tool which tests and gathers (security)
+ information from Unix based systems.
+ Written in shell and running on system itself.
+
+ https://cisofy.com/lynis/
new file mode 100644
@@ -0,0 +1,3 @@
+# Locally calculated
+sha256 b0ed01d30a4415beb78acc47867f8e0779c9966d4febc5f4a31594ba2a0bd44d lynis-3.1.2.tar.gz
+sha256 57151f0fa287550534af08facb1c6693ca803ffa65b512da38b55c3130810bcf LICENSE
new file mode 100644
@@ -0,0 +1,48 @@
+################################################################################
+#
+# lynis
+#
+################################################################################
+
+LYNIS_VERSION = 3.1.2
+LYNIS_SITE = $(call github,CISOfy,lynis,$(LYNIS_VERSION))
+LYNIS_LICENSE = GPL-3.0
+LYNIS_LICENSE_FILES = LICENSE
+
+define LYNIS_INSTALL_TARGET_CMDS
+ $(INSTALL) -m 0755 $(@D)/lynis \
+ $(TARGET_DIR)/usr/sbin/lynis
+ $(INSTALL) -D -m 0644 $(@D)/default.prf \
+ $(TARGET_DIR)/etc/lynis/default.prf
+ $(INSTALL) -D -m 0644 $(@D)/developer.prf \
+ $(TARGET_DIR)/etc/lynis/developer.prf
+ $(INSTALL) -D -m 0644 $(@D)/plugins/* \
+ -t $(TARGET_DIR)/etc/lynis/plugins
+ $(INSTALL) -D -m 0644 $(@D)/include/* \
+ -t $(TARGET_DIR)/usr/share/lynis/include
+ $(INSTALL) -D -m 0644 $(@D)/db/*.db \
+ -t $(TARGET_DIR)/usr/share/lynis/db
+ $(INSTALL) -D -m 0644 $(@D)/db/languages/en \
+ $(TARGET_DIR)/usr/share/lynis/db/languages/en
+endef
+
+ifneq ($(BR2_PACKAGE_GAWK),y)
+define LYNIS_AWK_BUSYBOX_CONFIG_FIXUPS
+ $(call KCONFIG_ENABLE_OPT,CONFIG_AWK)
+ $(call KCONFIG_ENABLE_OPT,CONFIG_FEATURE_AWK_LIBM)
+endef
+endif
+
+ifneq ($(BR2_PACKAGE_COREUTILS),y)
+define LYNIS_STAT_BUSYBOX_CONFIG_FIXUPS
+ $(call KCONFIG_ENABLE_OPT,CONFIG_STAT)
+endef
+endif
+
+define LYNIS_BUSYBOX_CONFIG_FIXUPS
+ $(call KCONFIG_ENABLE_OPT,CONFIG_PGREP)
+ $(LYNIS_AWK_BUSYBOX_CONFIG_FIXUPS)
+ $(LYNIS_STAT_BUSYBOX_CONFIG_FIXUPS)
+endef
+
+$(eval $(generic-package))
new file mode 100644
@@ -0,0 +1,26 @@
+import os
+
+import infra.basetest
+
+
+class TestLynis(infra.basetest.BRTest):
+ config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \
+ """
+ BR2_TARGET_ROOTFS_CPIO=y
+ # BR2_TARGET_ROOTFS_TAR is not set
+ BR2_PACKAGE_LYNIS=y
+ """
+
+ def login(self):
+ cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
+ self.emulator.boot(arch="armv5",
+ kernel="builtin",
+ options=["-initrd", cpio_file])
+ self.emulator.login()
+
+ def test_run(self):
+ self.login()
+ self.assertRunOk("which awk")
+ self.assertRunOk("which stat")
+ self.assertRunOk("which zgrep")
+ self.assertRunOk("lynis show version", timeout=90)
Signed-off-by: Francois Perrad <francois.perrad@gadz.org> --- DEVELOPERS | 1 + package/Config.in | 1 + package/lynis/Config.in | 10 +++++ package/lynis/lynis.hash | 3 ++ package/lynis/lynis.mk | 48 +++++++++++++++++++++ support/testing/tests/package/test_lynis.py | 26 +++++++++++ 6 files changed, 89 insertions(+) create mode 100644 package/lynis/Config.in create mode 100644 package/lynis/lynis.hash create mode 100644 package/lynis/lynis.mk create mode 100644 support/testing/tests/package/test_lynis.py