summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArun Isaac <arunisaac@systemreboot.net>2018-11-22 19:00:48 +0530
committerArun Isaac <arunisaac@systemreboot.net>2018-11-30 12:28:31 +0530
commit4d26987dcbc31f4f6a3c524b22af7d3dac52f39a (patch)
tree34a4c28361791b544e03b8a73d0aa136e0dc6ca1
parent6878890c42c7cb5b394f505731b798899e155c38 (diff)
gnu: Add lynis.
* gnu/packages/admin.scm (lynis): New variable.
-rw-r--r--gnu/packages/admin.scm79
1 files changed, 79 insertions, 0 deletions
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 2f611432c7..94bf6900ce 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -2871,3 +2871,82 @@ support forum. It runs with the @code{/exec} command in most IRC clients.")
(description "This package provides tools to manage clients of the
Logitech Unifying Receiver.")
(license license:gpl2)))
+
+(define-public lynis
+ (package
+ (name "lynis")
+ (version "2.7.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/CISOfy/lynis")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0rzc0y8lk22bymf56249jzmllki2lh0rz5in4lkrc5fkmp29c2wv"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; Remove proprietary plugins. As of now, all plugins supplied with
+ ;; lynis are proprietary. In the future, if free plugins are
+ ;; provided, whitelist them from deletion.
+ (for-each delete-file (find-files "plugins"))
+ #t))))
+ (build-system gnu-build-system)
+ (native-inputs
+ `(;; For tests
+ ("lynis-sdk"
+ ,(origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/CISOfy/lynis-sdk")
+ (commit "3310aef4f2b3dd97d166c96ad0253c89c4ad390d")))
+ (file-name (git-file-name "lynis-sdk" version))
+ (sha256
+ (base32
+ "0sqsrm5wal742yrwps8bqb8a8lxd93n4b93n3kkm1b30nbs25g7y"))))))
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (replace 'configure
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (substitute* "lynis"
+ (("/usr/share/lynis")
+ (string-append (assoc-ref outputs "out") "/share/lynis")))
+ (substitute* "include/functions"
+ (("/usr/local/etc/lynis")
+ (string-append (assoc-ref outputs "out") "/etc/lynis")))
+ #t))
+ (delete 'build)
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (install-file "lynis" (string-append out "/bin/"))
+ (install-file "default.prf" (string-append out "/etc/lynis"))
+ (for-each
+ (lambda (dir)
+ (copy-recursively dir (string-append out "/share/lynis/" dir)))
+ (list "db" "include" "plugins"))
+ (install-file "lynis.8" (string-append out "/share/man/man8"))
+ #t)))
+ (replace 'check
+ (lambda* (#:key inputs #:allow-other-keys)
+ (copy-recursively (assoc-ref inputs "lynis-sdk") "../lynis-sdk")
+ (setenv "LANG" "en_US.UTF-8")
+ (let ((lynis-dir (getcwd)))
+ (with-directory-excursion "../lynis-sdk"
+ (substitute* "config"
+ (("\\.\\./lynis") lynis-dir))
+ (substitute* "unit-tests/tests-language-translations.sh"
+ (("\\.\\./lynis") lynis-dir))
+ (invoke "sh" "lynis-devkit" "run" "unit-tests"))))))))
+ (home-page "https://cisofy.com/lynis/")
+ (synopsis "Security auditing tool")
+ (description "Lynis is a security auditing tool. It performs an in-depth
+security scan and runs on the system itself. The primary goal is to test
+security defenses and provide tips for further system hardening. It will also
+scan for general system information, vulnerable software packages, and
+possible configuration issues.")
+ (license license:gpl3+)))