summary refs log tree commit diff
diff options
context:
space:
mode:
authorArun Isaac <arunisaac@systemreboot.net>2018-11-22 19:00:48 +0530
committerArun Isaac <arunisaac@systemreboot.net>2018-11-30 12:28:31 +0530
commit4d26987dcbc31f4f6a3c524b22af7d3dac52f39a (patch)
tree34a4c28361791b544e03b8a73d0aa136e0dc6ca1
parent6878890c42c7cb5b394f505731b798899e155c38 (diff)
downloadguix-4d26987dcbc31f4f6a3c524b22af7d3dac52f39a.tar.gz
gnu: Add lynis.
* gnu/packages/admin.scm (lynis): New variable.
-rw-r--r--gnu/packages/admin.scm79
1 files changed, 79 insertions, 0 deletions
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 2f611432c7..94bf6900ce 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -2871,3 +2871,82 @@ support forum.  It runs with the @code{/exec} command in most IRC clients.")
     (description "This package provides tools to manage clients of the
 Logitech Unifying Receiver.")
     (license license:gpl2)))
+
+(define-public lynis
+  (package
+    (name "lynis")
+    (version "2.7.0")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/CISOfy/lynis")
+             (commit version)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "0rzc0y8lk22bymf56249jzmllki2lh0rz5in4lkrc5fkmp29c2wv"))
+       (modules '((guix build utils)))
+       (snippet
+        '(begin
+           ;; Remove proprietary plugins. As of now, all plugins supplied with
+           ;; lynis are proprietary. In the future, if free plugins are
+           ;; provided, whitelist them from deletion.
+           (for-each delete-file (find-files "plugins"))
+           #t))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(;; For tests
+       ("lynis-sdk"
+        ,(origin
+           (method git-fetch)
+           (uri (git-reference
+                 (url "https://github.com/CISOfy/lynis-sdk")
+                 (commit "3310aef4f2b3dd97d166c96ad0253c89c4ad390d")))
+           (file-name (git-file-name "lynis-sdk" version))
+           (sha256
+            (base32
+             "0sqsrm5wal742yrwps8bqb8a8lxd93n4b93n3kkm1b30nbs25g7y"))))))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (substitute* "lynis"
+               (("/usr/share/lynis")
+                (string-append (assoc-ref outputs "out") "/share/lynis")))
+             (substitute* "include/functions"
+               (("/usr/local/etc/lynis")
+                (string-append (assoc-ref outputs "out") "/etc/lynis")))
+             #t))
+         (delete 'build)
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (install-file "lynis" (string-append out "/bin/"))
+               (install-file "default.prf" (string-append out "/etc/lynis"))
+               (for-each
+                (lambda (dir)
+                  (copy-recursively dir (string-append out "/share/lynis/" dir)))
+                (list "db" "include" "plugins"))
+               (install-file "lynis.8" (string-append out "/share/man/man8"))
+               #t)))
+         (replace 'check
+           (lambda* (#:key inputs #:allow-other-keys)
+             (copy-recursively (assoc-ref inputs "lynis-sdk") "../lynis-sdk")
+             (setenv "LANG" "en_US.UTF-8")
+             (let ((lynis-dir (getcwd)))
+               (with-directory-excursion "../lynis-sdk"
+                 (substitute* "config"
+                   (("\\.\\./lynis") lynis-dir))
+                 (substitute* "unit-tests/tests-language-translations.sh"
+                   (("\\.\\./lynis") lynis-dir))
+                 (invoke "sh" "lynis-devkit" "run" "unit-tests"))))))))
+    (home-page "https://cisofy.com/lynis/")
+    (synopsis "Security auditing tool")
+    (description "Lynis is a security auditing tool.  It performs an in-depth
+security scan and runs on the system itself.  The primary goal is to test
+security defenses and provide tips for further system hardening.  It will also
+scan for general system information, vulnerable software packages, and
+possible configuration issues.")
+    (license license:gpl3+)))