--- integrit-4.1.orig/debian/changelog +++ integrit-4.1/debian/changelog @@ -0,0 +1,239 @@ +integrit (4.1-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Apply change from Andreas Henriksson to add a Built-Using field. + (Closes: #847577) + * Apply changes from Chris Lamb and Valerie R Young to make the + build reproducible. (Closes: #776973, #846891) + + -- Adrian Bunk Wed, 18 Jan 2017 16:50:19 +0200 + +integrit (4.1-1) unstable; urgency=low + + * new upstream release. + * debian/rules: no longer build and install integrit program from 3.05. + * debian/diff/doc-html.diff: rename to + 0001-doc-Makefile.in-properly-build-and-clean-html-doc.diff; adapt. + * debian/rules: apply patches from debian/diff/ with -p1. + * debian/diff/0002-allow-tTdD-in-config-rule-checksets-as-documented.diff: + new; allow tTdD in config rule checksets as documented (closes: #436360). + + -- Gerrit Pape Thu, 09 Aug 2007 21:39:58 +0000 + +integrit (4.0-1) unstable; urgency=low + + * new upstream release (closes: #381414). + * debian/integrit.cron.daily: minor. + * diff/doc-html.diff: adapt. + * debian/implicit: update to revision 1.11. + * integrit-3.05/: new; include sources of previous version in diff to + help migration to new database format. + * debian/rules: additionally build integrit program from version 3.05, + and install as /usr/sbin/integrit3. + * debian/integrit.NEWS.Debian: note on migration to new database format. + + -- Gerrit Pape Mon, 16 Oct 2006 16:34:53 +0000 + +integrit (3.05-1) unstable; urgency=low + + * new upstream version. + * debian/control: remove version restriction on Build-Depends: + dietlibc-dev. + * debian/copyright: 2005. + * debian/integrit.cron.daily: head -1 -> head -n1. + * debian/integrit.docs: add HACKING. + * debian/integrit.examples: add examples/integrit-run.c. + * debian/diff/gnupg-md5.diff, debian/diff/include-getopt.h.diff: remove; + obsolete. + * debian/rules: add -nostdinc to CC. + * debian/integrit.NEWS.Debian: update: databases should be re-created + manually with this version. + + -- Gerrit Pape Sun, 25 Sep 2005 22:15:39 +0000 + +integrit (3.02.00-11) unstable; urgency=low + + * debian/control, debian/rules: add Build-Depends: dietlibc-dev [amd64 + ppc64]; add ppc64 to DIET_ARCHS (thx Andreas Jochens, Frederik Schueler, + closes: #301013, #301017). + + -- Gerrit Pape Fri, 25 Mar 2005 10:42:43 +0000 + +integrit (3.02.00-10) unstable; urgency=low + + * debian/control: Build-Depends: dietlibc-dev (>> 0.28-0) to make diet + compiled programs work with a kernel with stack protection (thx Csillag + Tamas, closes: 299550). + * debian/implicit: update to revision 1.10. + * debian/rules: handle DIET_ARCHS and optional patches more gracefully; + cleanup. + + -- Gerrit Pape Tue, 22 Mar 2005 08:39:38 +0000 + +integrit (3.02.00-9) unstable; urgency=low + + * debian/control: Build-Depends: dietlibc-dev (>> 0.24-5) (closes: + #232200). + * debian/implicit: update to revision 1.8. + + -- Gerrit Pape Fri, 26 Mar 2004 09:13:41 +0000 + +integrit (3.02.00-8) unstable; urgency=low + + * debian/rules: don't run dpkg-shlibdeps, integrit programs are linked + statically even with glibc (fixes build failure on m68k). + + -- Gerrit Pape Thu, 22 Jan 2004 08:24:46 +0000 + +integrit (3.02.00-7) unstable; urgency=low + + * debian/implicit: update to revision 1.5. + * debian/rules: adapt. + * debian/integrit.docs: remove debian/README.Debian, now installed + implicitly. + * debian/README.Debian: rename to debian/integrit.README.Debian. + * debian/integrit.NEWS.Debian: new: cron job no longer replaces known.cdb + (closes: #226706). + + -- Gerrit Pape Tue, 20 Jan 2004 10:58:19 +0000 + +integrit (3.02.00-6) unstable; urgency=low + + * debian/control: no longer Build-Depends: debhelper; Build-Depends: + dietlibc-dev (>> 0.24-0), now also on s390; Standards-Version: 3.6.1.0. + * debian/integrit.docs: add README.Debian. + * debian/integrit.examples: don't use wildcard. + * debian/rules: stop using debhelper, use implicit rules. + * debian/implicit: new; implicit rules. + * debian/integrit.conffiles: new. + * debian/compat, debian/integrit.dirs: remove; obsolete. + + -- Gerrit Pape Wed, 17 Dec 2003 15:20:45 +0000 + +integrit (3.02.00-5) unstable; urgency=low + + * debian/integrit.debian.conf: change EMAIL_SUBJ to show the hostname + (closes: #201837). + * debian/control: Build-Depends: dietlibc-dev (>> 0.23-0) [alpha arm hppa + i386 ia64 mips mipsel powerpc sparc]; Standards-Version: 3.6.0. + * debian/rules: re-enable compiling against dietlibc on hppa, sparc. + + -- Gerrit Pape Sat, 13 Sep 2003 11:43:47 +0000 + +integrit (3.02.00-4) unstable; urgency=low + + * debian/etc/*.conf: new; valid configuration file examples. + * debian/rules: don't use dietlibc on hppa, sparc for now (build failure + due to dietlibc problem); install debian/etc/ as + /usr/share/doc/integrit/etc/. + * debian/README.Debian: adapt; document usage of configuration templates + in /usr/share/doc/integrit/etc/ (closes: #175656). + * debian/integrit.cron.daily: show correct exit code from each integrit + run, remember failure; automatically create initial known databases if + they don't exist (e.g. on the first run). + * debian/control: remove Depends: gcc-3.2 [hppa sparc], gcc-3.3 works + fine. + + -- Gerrit Pape Wed, 11 Jun 2003 14:44:40 +0200 + +integrit (3.02.00-3) unstable; urgency=low + + * debian/diff/gnupg-md5.diff: new: taken from gnupg_1.2.2-1; fixes build + failure on big endian. + * debian/control: gcc-3.2 [hppa sparc]. + * debian/rules: use gcc-3.2 on hppa, sparc; work around build failure with + dietlibc and gcc-3.3 (either of them must be fixed; closes: #194567). + + -- Gerrit Pape Sun, 25 May 2003 00:22:52 +0200 + +integrit (3.02.00-2) unstable; urgency=low + + * new maintainer (closes: #193148). + * build programs statically with the diet libc on architectures with diet + libc available, and with glib on others. + * example cron job is disabled by default; cron job no more updates the + current database by default, and doesn't rotate known.cdb. It's the + admin's responsibility to provide and update known.cdb + (closes: #157238). + * drop debconf support (closes: #162230, #187515). + * configuration files are installed with mode 0600 by default + (closes: #155128). + * provide documentation in html format (closes: #171902). + + -- Gerrit Pape Sat, 24 May 2003 19:10:16 +0200 + +integrit (3.02.00-1) unstable; urgency=low + + * New upstream release. + - Several portability enhancements, test suite (not included + in the Debian package). + - Large file support. + - Made i-ls accept multiple filenames. + - Made i-ls and i-viewdb show SHA-1 checksums by default. + - Changing to cmp-style exit status: 0 for no change; 1 for + changes detected; 2 for error. + - New database format, incompatible with the old one. Please + read README.Debian. + * Major clean-up in the package. + - Removed install-time database generation, it was pointless, + and didn't even work. + - Added debconf question about sending out mails when no + changes were detected. + - /etc/integrit/integrit.debian.conf is no longer a conffile, + as it is automatically modified by the postinst script. + - Lowered priorities of debconf questions. + - Fixed scripts (Closes: #134869). + * Added debconf dependancy, removed fall-back mechanism. + * Added mailx dependancy, required by the cron job. + * Corrected spelling error in description (Closes: #124758). + + -- Andras Bali Mon, 9 Sep 2002 21:15:32 +0200 + +integrit (2.03.02-1) unstable; urgency=low + + * New upstream release. + + -- Andras Bali Sun, 23 Sep 2001 17:48:42 +0200 + +integrit (2.02.02beta-1) unstable; urgency=low + + * New upstream release. + + -- Andras Bali Sun, 12 Aug 2001 13:30:37 +0200 + +integrit (2.00.00beta-2) unstable; urgency=low + + * Added german debconf translation, thanks to Sebastian Feltel + (Closes: #102177). + * Added lintian overrides file. + + -- Andras Bali Thu, 28 Jun 2001 01:02:04 +0200 + +integrit (2.00.00beta-1) unstable; urgency=low + + * New upstream release: + - Removed cdb dependancy thus resolved licensing issues, + therefore it's possible to distribute the package. + - Removed openssl dependancy, therefore integrit can go + into "main" now instead of "non-US". + - Builds on Hurd (Closes: #99643). + + -- Andras Bali Thu, 21 Jun 2001 22:49:35 +0200 + +integrit (1.06.06-2) unstable; urgency=low + + * The package now build-depends on libssl-dev (Closes: #96484). + * Examples are installed in /usr/share/doc/integrit/examples + instead of /usr/share/doc/integrit/examples/examples. + + -- Andras Bali Wed, 16 May 2001 01:07:24 +0200 + +integrit (1.06.06-1) unstable; urgency=low + + * Initial Release (Closes: #81714, #94021). + + -- Andras Bali Sat, 14 Apr 2001 22:47:04 +0200 + +Local variables: +mode: debian-changelog +End: --- integrit-4.1.orig/debian/control +++ integrit-4.1/debian/control @@ -0,0 +1,27 @@ +Source: integrit +Section: admin +Priority: optional +Maintainer: Gerrit Pape +Build-Depends: texinfo, dietlibc-dev [alpha amd64 arm hppa i386 ia64 mips mipsel powerpc ppc64 s390 sparc] +Standards-Version: 3.6.1.0 + +Package: integrit +Architecture: any +Depends: ${shlibs:Depends} +Recommends: cron, mailx +Built-Using: ${Built-Using} +Description: A file integrity verification program + Integrit helps you determine whether an intruder has modified your + system. Without the use of integrit, a sysadmin wouldn't know if the + programs used for investigating the system are trojan horses or not. + Integrit works by creating a database that is a snapshot of the most + essential parts of the system. You put the database somewhere safe, + and then later you can use it to make sure that no one has made any + illicit modifications to your file system. + . + Integrit's key features are the small memory footprint, the design + with unattended use in mind, intuitive cascading rulesets for the + paths listed in the configuration file, the possibility of XML or + human-readable output, and simultaneous checks and updates. + . + See http://integrit.sourceforge.net/ for more information. --- integrit-4.1.orig/debian/copyright +++ integrit-4.1/debian/copyright @@ -0,0 +1,18 @@ +This package was debianized by Andras Bali on +Thu, 21 Jun 2001 22:58:25 +0200, +and was adopted by Gerrit Pape on +Sat, 24 May 2003 14:08:15 +0200. + +It was downloaded from http://www.noserose.net/e/integrit/download/ + +Upstream Author: Ed L Cashin + +Copyright: + +This software is copyright (c) 2005 Ed L. Cashin. + +You are free to distribute this software under the terms of +the GNU General Public License. + +On Debian systems, the complete text of the GNU General Public +License can be found in /usr/share/common-licenses/GPL file. --- integrit-4.1.orig/debian/diff/0001-doc-Makefile.in-properly-build-and-clean-html-doc.diff +++ integrit-4.1/debian/diff/0001-doc-Makefile.in-properly-build-and-clean-html-doc.diff @@ -0,0 +1,30 @@ +From f4c5864aa8ee73998f1cef0c7c7b18a2f701e344 Mon Sep 17 00:00:00 2001 +From: Gerrit Pape +Date: Wed, 8 Aug 2007 15:21:14 +0000 +Subject: [PATCH] doc/Makefile.in: properly build and clean html doc. + +--- + doc/Makefile.in | 5 ++--- + 1 files changed, 2 insertions(+), 3 deletions(-) + +diff --git a/doc/Makefile.in b/doc/Makefile.in +index 4c73476..61a8b82 100644 +--- a/doc/Makefile.in ++++ b/doc/Makefile.in +@@ -117,11 +117,10 @@ html : + echo $$INTEGRIT_VERSION; \ + sed "s/[@]INTEGRIT_VERSION[@]/$$INTEGRIT_VERSION/g" \ + integrit.texi.in > integrit.texi \ +- && ~/opt/texinfo-4.2/bin/makeinfo --html --no-split integrit.texi +-# && makeinfo --html integrit.texi ++ && makeinfo --html --no-split integrit.texi + + clean : +- rm -f integrit.1 i-viewdb.1 i-ls.1 integrit.texi ++ rm -f integrit.1 i-viewdb.1 i-ls.1 integrit.texi integrit.html + + realclean : clean + +-- +debian.1.5.3_rc4.1-dirty + --- integrit-4.1.orig/debian/diff/0002-allow-tTdD-in-config-rule-checksets-as-documented.diff +++ integrit-4.1/debian/diff/0002-allow-tTdD-in-config-rule-checksets-as-documented.diff @@ -0,0 +1,58 @@ +From dcfb13aee39561f3623a0bd89915c6db915a52f1 Mon Sep 17 00:00:00 2001 +From: Gerrit Pape +Date: Thu, 9 Aug 2007 08:39:20 +0000 +Subject: [PATCH] allow tTdD in config rule checksets as documented. + +The tTdD switches in config rule checksets are documented and implemented, +so don't reject them in the options parser. + +This was noticed by whollygoat and reported through + http://bugs.debian.org/436360 +--- + README | 2 ++ + examples/root.conf | 2 ++ + options.c | 2 +- + 3 files changed, 5 insertions(+), 1 deletions(-) + +diff --git a/README b/README +index ae7fdd8..e29ae88 100644 +--- a/README ++++ b/README +@@ -262,6 +262,8 @@ Here's a table of letters and the corresponding options: + s checksum + i inode + p permissions ++ t file type ++ d device type (if file is blk or chr special) + l number of links + u uid + g gid +diff --git a/examples/root.conf b/examples/root.conf +index 550965d..d73721c 100644 +--- a/examples/root.conf ++++ b/examples/root.conf +@@ -19,6 +19,8 @@ current=/root/databases/integrit-foohost.cdb.new + # s checksum + # i inode + # p permissions ++# t file type ++# d device type (if file is blk or chr special) + # l number of links + # u uid + # g gid +diff --git a/options.c b/options.c +index f28fa63..7ad6450 100644 +--- a/options.c ++++ b/options.c +@@ -312,7 +312,7 @@ inline static void do_rule(integrit_t *it, char *buf) + buf[n_switches - 1] = '\0'; + --n_switches; + } +- if (strspn(buf, "SsIiPpLlUuGgZzAaMmCcRr") != n_switches) ++ if (strspn(buf, "SsIiPpTtDdLlUuGgZzAaMmCcRr") != n_switches) + die(__FUNCTION__, + "Error: unrecognized check switch in conf file rule for %s", + namebuf); +-- +debian.1.5.3_rc4.1-dirty + --- integrit-4.1.orig/debian/etc/bin.conf +++ integrit-4.1/debian/etc/bin.conf @@ -0,0 +1,19 @@ +root=/bin + +known=/var/lib/integrit/bin.cdb +current=/var/lib/integrit/bin-current.cdb + +# # Here's a table of letters and the corresponding checks / options: +# # Uppercase turns the check off, lowercase turns it on. +# # +# # s checksum +# # i inode +# # p permissions +# # l number of links +# # u uid +# # g gid +# # z file size (redundant if checksums are on) +# # a access time +# # m modification time +# # c ctime (time UN*X file info last changed) +# # r reset access time (use with care) --- integrit-4.1.orig/debian/etc/boot.conf +++ integrit-4.1/debian/etc/boot.conf @@ -0,0 +1,19 @@ +root=/boot + +known=/var/lib/integrit/boot.cdb +current=/var/lib/integrit/boot-current.cdb + +# # Here's a table of letters and the corresponding checks / options: +# # Uppercase turns the check off, lowercase turns it on. +# # +# # s checksum +# # i inode +# # p permissions +# # l number of links +# # u uid +# # g gid +# # z file size (redundant if checksums are on) +# # a access time +# # m modification time +# # c ctime (time UN*X file info last changed) +# # r reset access time (use with care) --- integrit-4.1.orig/debian/etc/dev.conf +++ integrit-4.1/debian/etc/dev.conf @@ -0,0 +1,21 @@ +root=/dev + +known=/var/lib/integrit/dev.cdb +current=/var/lib/integrit/dev-current.cdb + +# # Here's a table of letters and the corresponding checks / options: +# # Uppercase turns the check off, lowercase turns it on. +# # +# # s checksum +# # i inode +# # p permissions +# # l number of links +# # u uid +# # g gid +# # z file size (redundant if checksums are on) +# # a access time +# # m modification time +# # c ctime (time UN*X file info last changed) +# # r reset access time (use with care) + +/dev AMC --- integrit-4.1.orig/debian/etc/etc.conf +++ integrit-4.1/debian/etc/etc.conf @@ -0,0 +1,19 @@ +root=/etc + +known=/var/lib/integrit/etc.cdb +current=/var/lib/integrit/etc-current.cdb + +# # Here's a table of letters and the corresponding checks / options: +# # Uppercase turns the check off, lowercase turns it on. +# # +# # s checksum +# # i inode +# # p permissions +# # l number of links +# # u uid +# # g gid +# # z file size (redundant if checksums are on) +# # a access time +# # m modification time +# # c ctime (time UN*X file info last changed) +# # r reset access time (use with care) --- integrit-4.1.orig/debian/etc/lib.conf +++ integrit-4.1/debian/etc/lib.conf @@ -0,0 +1,19 @@ +root=/lib + +known=/var/lib/integrit/lib.cdb +current=/var/lib/integrit/lib-current.cdb + +# # Here's a table of letters and the corresponding checks / options: +# # Uppercase turns the check off, lowercase turns it on. +# # +# # s checksum +# # i inode +# # p permissions +# # l number of links +# # u uid +# # g gid +# # z file size (redundant if checksums are on) +# # a access time +# # m modification time +# # c ctime (time UN*X file info last changed) +# # r reset access time (use with care) --- integrit-4.1.orig/debian/etc/sbin.conf +++ integrit-4.1/debian/etc/sbin.conf @@ -0,0 +1,19 @@ +root=/sbin + +known=/var/lib/integrit/sbin.cdb +current=/var/lib/integrit/sbin-current.cdb + +# # Here's a table of letters and the corresponding checks / options: +# # Uppercase turns the check off, lowercase turns it on. +# # +# # s checksum +# # i inode +# # p permissions +# # l number of links +# # u uid +# # g gid +# # z file size (redundant if checksums are on) +# # a access time +# # m modification time +# # c ctime (time UN*X file info last changed) +# # r reset access time (use with care) --- integrit-4.1.orig/debian/etc/usr.conf +++ integrit-4.1/debian/etc/usr.conf @@ -0,0 +1,32 @@ +root=/usr + +known=/var/lib/integrit/usr.cdb +current=/var/lib/integrit/usr-current.cdb + +# # Here's a table of letters and the corresponding checks / options: +# # Uppercase turns the check off, lowercase turns it on. +# # +# # s checksum +# # i inode +# # p permissions +# # l number of links +# # u uid +# # g gid +# # z file size (redundant if checksums are on) +# # a access time +# # m modification time +# # c ctime (time UN*X file info last changed) +# # r reset access time (use with care) + +# # to cut down on runtime and db size: +=/usr/include +=/usr/X11R6/include +=/usr/doc +=/usr/info +=/usr/share +=/usr/X11R6/man +=/usr/X11R6/lib/X11/fonts + +# # ignore user-dependant directories +!/usr/local +!/usr/src --- integrit-4.1.orig/debian/implicit +++ integrit-4.1/debian/implicit @@ -0,0 +1,93 @@ +# $Id$ + +.PHONY: deb-checkdir deb-checkuid + +deb-checkdir: + @test -e debian/control || sh -cx '! : wrong directory' +deb-checkuid: + @test "`id -u`" -eq 0 || sh -cx '! : need root privileges' + +%.deb: %.deb-docs %.deb-DEBIAN + @rm -f $*.deb $*.deb-checkdir $*.deb-docs $*.deb-docs-base \ + $*.deb-docs-docs $*.deb-docs-examples $*.deb-DEBIAN \ + $*.deb-DEBIAN-dir $*.deb-DEBIAN-scripts $*.deb-DEBIAN-md5sums + +%.udeb: %.deb-DEBIAN + @rm -f $*.deb $*.deb-checkdir $*.deb-DEBIAN $*.deb-DEBIAN-dir \ + $*.deb-DEBIAN-scripts $*.deb-DEBIAN-md5sums + +%.deb-checkdir: + @test -d debian/$* || sh -cx '! : directory debian/$* missing' + @test "`id -u`" -eq 0 || sh -cx '! : need root privileges' + +%.deb-docs-base: + : implicit + @rm -f debian/$*/usr/share/doc/$*/* || : + @install -d -m0755 debian/$*/usr/share/doc/$* + : debian/$*/usr/share/doc/$*/ + @sh -cx 'install -m0644 debian/copyright debian/$*/usr/share/doc/$*/' + @sh -cx 'install -m0644 debian/changelog \ + debian/$*/usr/share/doc/$*/changelog.Debian' + @test ! -r changelog || \ + sh -cx 'install -m0644 changelog debian/$*/usr/share/doc/$*/' + @test -r debian/$*/usr/share/doc/$*/changelog || \ + sh -cx 'mv debian/$*/usr/share/doc/$*/changelog.Debian \ + debian/$*/usr/share/doc/$*/changelog' + @test -s debian/$*/usr/share/doc/$*/changelog || \ + sh -cx 'rm -f debian/$*/usr/share/doc/$*/changelog' + @gzip -9n debian/$*/usr/share/doc/$*/changelog* +%.deb-docs-docs: + @for i in `cat debian/$*.docs 2>/dev/null || :`; do \ + if test -d $$i; then \ + sh -cx "install -d -m0755 debian/$*/usr/share/doc/$*/$${i##*/}" && \ + for j in $$i/*; do \ + sh -cx "install -m0644 $$j \ + debian/$*/usr/share/doc/$*/$${i##*/}/" || exit 1; \ + done || exit 1; \ + continue; \ + fi; \ + sh -cx "install -m0644 $$i debian/$*/usr/share/doc/$*/" || exit 1; \ + done + @test ! -r debian/$*.README.Debian || \ + sh -cx 'install -m0644 debian/$*.README.Debian \ + debian/$*/usr/share/doc/$*/README.Debian' + @if test -r debian/$*.NEWS.Debian; then \ + sh -cx 'install -m0644 debian/$*.NEWS.Debian \ + debian/$*/usr/share/doc/$*/NEWS.Debian && \ + gzip -9n debian/$*/usr/share/doc/$*/NEWS.Debian'; \ + fi +%.deb-docs-examples: + @rm -rf debian/$*/usr/share/doc/$*/examples + : debian/$*/usr/share/doc/$*/examples/ + @test ! -r debian/$*.examples || \ + install -d -m0755 debian/$*/usr/share/doc/$*/examples + @for i in `cat debian/$*.examples 2>/dev/null || :`; do \ + sh -cx "install -m0644 $$i debian/$*/usr/share/doc/$*/examples/" \ + || exit 1; \ + done +%.deb-docs: %.deb-checkdir %.deb-docs-base %.deb-docs-docs %.deb-docs-examples + : debian/$*/usr/share/doc/$*/ ok + +%.deb-DEBIAN-base: + @rm -rf debian/$*/DEBIAN + : debian/$*/DEBIAN/ + @install -d -m0755 debian/$*/DEBIAN + @for i in conffiles shlibs templates; do \ + test ! -r debian/$*.$$i || \ + sh -cx "install -m0644 debian/$*.$$i debian/$*/DEBIAN/$$i" \ + || exit 1; \ + done +%.deb-DEBIAN-scripts: + @for i in preinst prerm postinst postrm config; do \ + test ! -r debian/$*.$$i || \ + sh -cx "install -m0755 debian/$*.$$i debian/$*/DEBIAN/$$i" \ + || exit 1; \ + done +%.deb-DEBIAN-md5sums: + : debian/$*/DEBIAN/md5sums + @rm -f debian/$*/DEBIAN/md5sums + @cd debian/$* && find * -path 'DEBIAN' -prune -o \ + -type f -exec md5sum {} \; | LC_ALL=C sort >>DEBIAN/md5sums +%.deb-DEBIAN: %.deb-checkdir %.deb-DEBIAN-base %.deb-DEBIAN-scripts \ + %.deb-DEBIAN-md5sums + : debian/$*/DEBIAN/ ok --- integrit-4.1.orig/debian/integrit.NEWS.Debian +++ integrit-4.1/debian/integrit.NEWS.Debian @@ -0,0 +1,31 @@ +integrit (4.0-1) unstable; urgency=low + + * integrit 4.0 breaks db compatibility with versions 3.x and upstream + has chosen not to support previous formats for the sake of simplicity. + If you need to compare old dbs, this Debian package ships the integrit + program from version 3.05 as /usr/sbin/integrit3. + + Migration to 4.0 can be performed safely with a two-cycle update: + create a new integrit 4.0 db with the same configuration file but + different db locations, check-update the old db with integrit 3 and + double-check for changes. The old integrit 3 db can now be removed. + + See /usr/share/doc/integrit/README for details. + + -- Gerrit Pape Mon, 09 Oct 2006 13:27:00 +0000 + +integrit (3.05-1) unstable; urgency=low + + * integrit now treats symbolic links similarly to regular files, in that + it computes an SHA-1 checksum for them, but not for the file contents, + but rather for the name in the symlink (using readlink()). Then, if a + file remains a symlink, but points to a different target, that's flagged + as an "SHA-1" change to the file. + This means integrit will report changed checksums for symbolic links + when comparing against databases created with integrit version 3.02.00; + the databases should be re-created manually with this version, e.g. + + # rm /var/lib/integrit/*.cdb + # /etc/cron.daily/integrit & + + -- Gerrit Pape Sun, 25 Sep 2005 22:15:17 +0000 --- integrit-4.1.orig/debian/integrit.README.Debian +++ integrit-4.1/debian/integrit.README.Debian @@ -0,0 +1,40 @@ +integrit for Debian +------------------- + +A program like integrit must be suited for each system. Therefore the +supplied configuration file /etc/integrit/integrit.conf is just an example, +and the example daily cron job to check the filesystem for changes is +disabled. + +Please read and understand the integrit documentation before proceeding. +See /usr/share/doc/integrit/integrit.html for the big picture, see the +man pages for integrit(1), i-viewdb(1), and i-ls(1), and look at the +examples in /usr/share/doc/integrit/examples/. + +Obviously simply running integrit from cron and mailing a report to some +mail address isn't the best way to run integrit, but it's a kind of +general configuration a package can provide, and it's what this package +provides. It's recommended to adapt the configuration, schedule, and +strategy to run integrit to your individual needs. + +In order to enable the example daily cron job, first provide one or +more valid configuration file(s) for integrit. To do so, either edit +the example config file /etc/integrit/integrit.conf, and set ``root'', +``known'', ``current'', and some rules, or copy one or more configuration +files from /usr/share/doc/integrit/etc/ into /etc/integrit/. + +Then edit /etc/integrit/integrit.debian.conf and add your configuration +files to the CONFIGS variable (optionally adapt the other setting in +this file), and run the cron job manually once in a shell, e.g.: + + # grep ^CONFIGS /etc/integrit/integrit.debian.conf + CONFIGS="/etc/integrit/etc.conf /etc/integrit/usr.conf" + # /etc/cron.daily/integrit + +This will create the initial state of the databases. + +You can test your configuration by running the cron job again in a shell. + +Thanks to Andras Bali for initially packaging integrit for Debian. + + -- Gerrit Pape , Sat, 24 May 2003 14:03:41 +0200 --- integrit-4.1.orig/debian/integrit.conf +++ integrit-4.1/debian/integrit.conf @@ -0,0 +1,76 @@ +# /etc/integrit.conf : configuration file for integrit +# +# See integrit(1) and /usr/share/doc/integrit/examples/ +# for more information. +# +# *** WARNING *** +# +# This is a simple default configuration file for Debian systems. +# It contains only comments, therefore integrit will not run with +# it. To make integrit functional, you must edit this file according +# to your needs. +# +# Please read README.Debian before running integrit. +# +# *** WARNING *** + +# +# root=/ +# known=/var/lib/integrit/known.cdb +# current=/var/lib/integrit/current.cdb +# +# # Here's a table of letters and the corresponding checks / options: +# # Uppercase turns the check off, lowercase turns it on. +# # +# # s checksum +# # i inode +# # p permissions +# # l number of links +# # u uid +# # g gid +# # z file size (redundant if checksums are on) +# # a access time +# # m modification time +# # c ctime (time UN*X file info last changed) +# # r reset access time (use with care) +# +# # ignore directories that are expected to change +# +# !/cdrom +# !/dev +# !/etc +# !/floppy +# !/home +# !/lost+found +# !/mnt +# !/proc +# !/root +# !/tmp +# !/var +# +# # ignore inode, change time and modification time +# # for ephemeral module files. +# +# /lib/modules/2.4.3/modules.dep IMC +# /lib/modules/2.4.3/modules.generic_string IMC +# /lib/modules/2.4.3/modules.isapnpmap IMC +# /lib/modules/2.4.3/modules.parportmap IMC +# /lib/modules/2.4.3/modules.pcimap IMC +# /lib/modules/2.4.3/modules.usbmap IMC +# +# # to cut down on runtime and db size: +# +# =/usr/include +# =/usr/X11R6/include +# +# =/usr/doc +# =/usr/info +# =/usr/share +# +# =/usr/X11R6/man +# =/usr/X11R6/lib/X11/fonts +# +# # ignore user-dependant directories +# +# !/usr/local +# !/usr/src --- integrit-4.1.orig/debian/integrit.conffiles +++ integrit-4.1/debian/integrit.conffiles @@ -0,0 +1,3 @@ +/etc/integrit/integrit.conf +/etc/integrit/integrit.debian.conf +/etc/cron.daily/integrit --- integrit-4.1.orig/debian/integrit.cron.daily +++ integrit-4.1/debian/integrit.cron.daily @@ -0,0 +1,47 @@ +#!/bin/sh + +# /etc/cron.daily/integrit : integrit daily cron job +# initially written by Andras Bali + +test -x /usr/sbin/integrit || exit 0 +test -f /etc/integrit/integrit.debian.conf || exit 0 +CONFIGS="" +. /etc/integrit/integrit.debian.conf +test -n "$CONFIGS" || exit 0 +if test -z "$EMAIL_RCPT"; then + echo "EMAIL_RCPT must be set in /etc/integrit/integrit.debian.conf" >&2 + exit 1 +fi + +REPORT="/var/lib/integrit/current.report.$$" +cp /dev/null "$REPORT" +trap "rm -f \"$REPORT\"" EXIT + +rc=0 +for i in $CONFIGS; do + known=`sed -n 's/^ *known *= *\(.\+\) *$/\1/p' <$i |head -n1` + current=`sed -n 's/^ *current *= *\(.\+\) *$/\1/p' <$i |head -n1` + if test -z "$known" -o -z "$current"; then + echo "known and/or current not set in $i, skipping." >&2; echo + continue + fi + + OPTS='-cu' + test -e "$known" || OPTS='-u' + + echo "start: integrit -C $i $OPTS" + RC=0 + nice integrit -C $i "$OPTS" 2>&1 || RC="$?" + echo "exit: $RC"; echo + + if test "$RC" -eq 0; then + test -e "$known" || cp "$current" "$known" + else + rc="$RC" + fi + +done >>"$REPORT" + +test "$rc" -ne 0 || test "$ALWAYS_EMAIL" = 'true' || exit 0 + +mail -s "$EMAIL_SUBJ" "$EMAIL_RCPT" <"$REPORT" --- integrit-4.1.orig/debian/integrit.debian.conf +++ integrit-4.1/debian/integrit.debian.conf @@ -0,0 +1,19 @@ +# Configuration of the example daily cron job /etc/cron.daily/integrit + +# Set the configuration file(s) for integrit. /etc/cron.daily/integrit +# will run ``integrit -uc -C '' for each file specified in CONFIGS. +# An empty CONFIGS variable disables /etc/cron.daily/integrit. Multiple +# file names are separated with spaces, e.g.: +# CONFIGS="/etc/integrit/usr.conf /etc/integrit/lib.conf" +# CONFIGS="/etc/integrit/integrit.conf" +CONFIGS="" + +# Set the mail address reports are sent to +EMAIL_RCPT="root" + +# Set the subject line for the report mails +EMAIL_SUBJ="[integrit] `hostname -f`: report on changes in the filesystems" + +# If ALWAYS_EMAIL is set to ``true'', a report is mailed on every run. +# Normally a report is only generated when integrit(1) exits non-zero. +ALWAYS_EMAIL=false --- integrit-4.1.orig/debian/integrit.docs +++ integrit-4.1/debian/integrit.docs @@ -0,0 +1,4 @@ +README +HACKING +todo.txt +doc/integrit.html --- integrit-4.1.orig/debian/integrit.examples +++ integrit-4.1/debian/integrit.examples @@ -0,0 +1,9 @@ +examples/README +examples/crontab +examples/install_db +examples/integrit-run.c +examples/integrit_check +examples/root.conf +examples/src.conf +examples/usr.conf +examples/viewreport --- integrit-4.1.orig/debian/integrit.lintian +++ integrit-4.1/debian/integrit.lintian @@ -0,0 +1 @@ +integrit: statically-linked-binary --- integrit-4.1.orig/debian/rules +++ integrit-4.1/debian/rules @@ -0,0 +1,111 @@ +#!/usr/bin/make -f + +CFLAGS =-Wall -Drpl_malloc=malloc +STRIP =strip +CC =diet -v -Os gcc -nostdinc + +DEB_HOST_GNU_TYPE ?=$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?=$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +DEB_HOST_ARCH ?=$(shell dpkg-architecture -qDEB_HOST_ARCH) + +DIET_ARCHS =alpha amd64 arm hppa i386 ia64 mips mipsel powerpc ppc64 s390 sparc +ifeq (,$(findstring $(DEB_HOST_ARCH),$(DIET_ARCHS))) + CC =gcc +endif + +ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) + CFLAGS +=-g +endif +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS +=-O0 +else + CFLAGS +=-O2 +endif +ifneq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + STRIP =: nostrip +endif + +DIR =$(shell pwd)/debian/integrit + +patch: deb-checkdir patch-stamp +patch-stamp: + for i in `ls -1 debian/diff/*.diff || :`; do \ + patch -p1 <$$i || exit 1; \ + done + touch patch-stamp + +config: deb-checkdir config.status +config.status: patch-stamp configure + CC='$(CC)' CFLAGS='$(CFLAGS)' sh ./configure \ + --host='$(DEB_HOST_GNU_TYPE)' \ + --build='$(DEB_BUILD_GNU_TYPE)' \ + --prefix=/usr \ + --mandir='$${prefix}/share/man' \ + --infodir='$${prefix}/share/info' + +build: deb-checkdir build-stamp +build-stamp: config.status + -gcc -v + $(MAKE) + $(MAKE) utils + $(MAKE) -Cdoc html + touch build-stamp + +clean: deb-checkdir deb-checkuid + -$(MAKE) distclean + test ! -e patch-stamp || \ + for i in `ls -1r debian/diff/*.diff || :`; do \ + patch -p1 -R <$$i || exit 1; \ + done + rm -f build-stamp patch-stamp + rm -rf '$(DIR)' + rm -f debian/files debian/substvars changelog + +install: deb-checkdir deb-checkuid build-stamp + rm -rf '$(DIR)' + # bin sbin + install -d -m0755 '$(DIR)'/usr/bin + install -d -m0755 '$(DIR)'/usr/sbin + install -m0500 integrit utils/i-viewdb '$(DIR)'/usr/sbin/ + install -m0755 utils/i-ls '$(DIR)'/usr/bin/ + $(STRIP) -R .note -R .comment '$(DIR)'/usr/bin/* '$(DIR)'/usr/sbin/* + # lib + install -d -m0755 '$(DIR)'/var/lib/integrit/ + # etc + install -d -m0755 '$(DIR)'/etc/integrit + install -m0600 -oroot -groot debian/integrit.conf \ + debian/integrit.debian.conf '$(DIR)'/etc/integrit/ + # cron + install -d -m0755 '$(DIR)'/etc/cron.daily + install -m0755 debian/integrit.cron.daily \ + '$(DIR)'/etc/cron.daily/integrit + # man + install -d -m0755 '$(DIR)'/usr/share/man/man1 + install -m0644 doc/*.1 '$(DIR)'/usr/share/man/man1/ + gzip -9n '$(DIR)'/usr/share/man/man1/*.1 + # info + install -d -m0755 '$(DIR)'/usr/share/info + install -m0644 doc/integrit.info '$(DIR)'/usr/share/info/ + gzip -9n '$(DIR)'/usr/share/info/*.info + # lintian overrides + install -d -m0755 '$(DIR)'/usr/share/lintian/overrides + install -m0644 debian/integrit.lintian \ + $(DIR)/usr/share/lintian/overrides/integrit + # upstream changelog + rm -f changelog && ln -s Changes changelog + # additional docs + install -m0755 -d '$(DIR)'/usr/share/doc/integrit/etc + install -m0644 debian/etc/*.conf '$(DIR)'/usr/share/doc/integrit/etc/ + +binary-indep: + +binary-arch: deb-checkdir deb-checkuid install integrit.deb + dpkg-gencontrol -isp -pintegrit -P'$(DIR)' \ + -VBuilt-Using="$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), ' -W dietlibc-dev)" + dpkg -b '$(DIR)' .. + +binary: binary-indep binary-arch + +.PHONY: patch config build clean binary-indep binary-arch binary install + +include debian/implicit