rpms/amtu/F-11 amtu-1.0.8-init.patch, NONE, 1.1 amtu.spec, 1.25, 1.26 sources, 1.11, 1.12 amtu-1.0.7-makefile.patch, 1.1, NONE

Steve Grubb sgrubb at fedoraproject.org
Fri Aug 21 21:52:47 UTC 2009 

Author: sgrubb

Update of /cvs/pkgs/rpms/amtu/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6820

Modified Files:
	amtu.spec sources 
Added Files:
	amtu-1.0.8-init.patch 
Removed Files:
	amtu-1.0.7-makefile.patch 
Log Message:
* Fri Aug 21 2009 Steve Grubb <sgrubb at redhat.com> 1.0.8-1
- new upstream version
- Add init script for bootup system check


amtu-1.0.8-init.patch:
 Makefile.am         |    2 
 configure.in        |    2 
 doc/AMTUHowTo.txt   |  105 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 doc/Makefile.am     |    2 
 init/Makefile.am    |   16 +++++++
 init/amtu.init      |   90 ++++++++++++++++++++++++++++++++++++++++++++
 init/amtu.sysconfig |   11 +++++
 7 files changed, 225 insertions(+), 3 deletions(-)

--- NEW FILE amtu-1.0.8-init.patch ---
diff -urN amtu-1.0.8.orig/configure.in amtu-1.0.8/configure.in
--- amtu-1.0.8.orig/configure.in	2009-07-06 09:39:44.000000000 -0400
+++ amtu-1.0.8/configure.in	2009-07-06 10:11:15.000000000 -0400
@@ -19,7 +19,7 @@
 esac
 AC_CHECK_LIB(laus, laus_open)
 AC_CHECK_LIB(audit, audit_open)
-AC_OUTPUT(Makefile src/Makefile doc/Makefile)
+AC_OUTPUT(Makefile src/Makefile init/Makefile doc/Makefile)
 
 echo .
 echo "
diff -urN amtu-1.0.8.orig/doc/AMTUHowTo.txt amtu-1.0.8/doc/AMTUHowTo.txt
--- amtu-1.0.8.orig/doc/AMTUHowTo.txt	1969-12-31 19:00:00.000000000 -0500
+++ amtu-1.0.8/doc/AMTUHowTo.txt	2009-07-06 10:20:42.000000000 -0400
@@ -0,0 +1,105 @@
+ABSTRACT MACHINE TEST UTILITY HOWTO
+
+
+OVERVIEW
+
+Abstract Machine Test Utility (AMTU) is an administrative utility to check 
+whether the underlying protection mechanism of the hardware are still being 
+enforced. This is a requirement of the Controlled Access Protection Profile 
+(CAPP) FTP_AMT.1, see http://www.radium.ncsc.mil/tpep/library/protection_profiles/CAPP-1.d.pdf.
+AMTU executes the following tests:
+
+* Memory 
+
+Randomly writes to areas of memory and then reading the memory back to 
+ensure the values written remain unchanged. 
+
+* Memory Separation
+
+Ensures that user space programs cannot read and write to areas of memory
+utilized by the likes of Video RAM, kernel code, etc.
+
+* I/O Controller - Network
+
+Verifies random data transmitted is also the data received for each configured
+network device. Only ethernet and token ring devices that are configured and
+up are checked. Async devices are not checked.
+
+* I/O Controller - Disk
+
+Verifies that information written to disks remains unchanged. Only SCSI and IDE
+controllers associated with mounted filesystems are checked.
+
+* Supervisor Mode Instructions
+
+Ensures that the enforcement of the property that privileged instructions
+should only be in supervisor mode is still in effect. The set privileged
+instructions tested to confirm this is architecture dependant.
+
+
+
+TESTED VERSIONS
+
+AMTU has been tested on the following:
+
+* RHEL4 and 5
+* SuSE SLES 8
+* pSeries (32-bit and 64-bit)
+* iSeries (64-bit)
+* zSeries (31-bit)
+* xSeries (32-bit)
+
+
+
+INSTALLING AMTU
+
+VERIFYING SYSTEM REQUIREMENTS AND PREREQUISITES
+
+Before installing AMTU, verify that your system meets the following
+requirements and prerequisites:
+
+* The system is running in the Common Criteria evaluated configuration.
+
+
+COMPILING AND INSTALLING AMTU
+
+Untar the AMTU source tarball.  Then issue the following commands:
+	./bootstrap
+	./configure
+	make
+	make install
+
+Only the last step must be run as root. During the ./configure stage
+you may opt to change various options including default install directory.
+
+When compiling AMTU as a 64-bit application on a PPC64 architecture (with the
+exception of Squadron pSeries), specify
+ 
+	./configure CC=/opt/cross/bin/powerpc64-linux-gcc
+
+where /opt/cross/bin/powerpc64-linux-gcc is the 64-bit gcc compiler.
+
+To compile as a 64-bit application on X86_64 architecture or Squadron pSeries, 
+
+	./configure CC="gcc -m64" 
+
+
+
+RUNNING AMTU
+
+AMTU installs to /usr/bin/amtu by default. You can add optional command line 
+arguments (see the AMTU man page (amtu.8) for more details).
+
+
+
+INTERPRETING RESULTS
+
+AMTU issues the following return codes when executed:
+
+	* -1 - Program abort error
+	*  0 - Successful program completion
+
+If the error is repeatable, you can re-run amtu with the -d option to get 
+more information about the failure. The success or failure of AMTU is logged
+in the audit log files (see auditd.8).
+
diff -urN amtu-1.0.8.orig/doc/Makefile.am amtu-1.0.8/doc/Makefile.am
--- amtu-1.0.8.orig/doc/Makefile.am	2009-07-06 09:39:44.000000000 -0400
+++ amtu-1.0.8/doc/Makefile.am	2009-07-06 09:40:49.000000000 -0400
@@ -1,3 +1,3 @@
 CONFIG_CLEAN_FILES = *.rej *.orig
-EXTRA_DIST = $(man_MANS)
+EXTRA_DIST = $(man_MANS) AbstractMachineTestingDesign.doc AMTUHowTo.txt
 man_MANS = amtu.8
diff -urN amtu-1.0.8.orig/init/amtu.init amtu-1.0.8/init/amtu.init
--- amtu-1.0.8.orig/init/amtu.init	1969-12-31 19:00:00.000000000 -0500
+++ amtu-1.0.8/init/amtu.init	2009-07-06 10:17:43.000000000 -0400
@@ -0,0 +1,90 @@
+#!/bin/sh
+#
+# amtu:		Abstract Machine Tests
+#
+# chkconfig: - 96 99
+# description:  This service runs the abstract machine tests to check the \
+#		underlying security assumptions. It can be configured to
+#		halt the machine in the event of failure. The program does
+#		not stay resident, but rather runs once.
+#
+# processname: /sbin/amtu
+# config: /etc/sysconfig/amtu
+#
+# Return values according to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 2 - invalid or excess argument(s)
+# 3 - unimplemented feature (e.g. "reload")
+# 4 - insufficient privilege
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+
+PATH=/sbin:/bin:/usr/bin:/usr/sbin
+prog="amtu"
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Allow anyone to run status
+if [ "$1" = "status" ] ; then
+	exit 0
+fi
+
+# Check that we are root ... so non-root users stop here
+test $EUID = 0  ||  exit 4
+
+# Check config
+test -f /etc/sysconfig/amtu && . /etc/sysconfig/amtu
+
+RETVAL=0
+
+start() {
+	test -x /usr/bin/amtu  || exit 5
+	# Now check that the syconfig is found and has important things
+	# configured
+	test -f /etc/sysconfig/amtu || exit 6
+	test x"$AMTU_HALT_ON_FAILURE" = "x" || exit 6
+	test x"$HALT_COMMAND" = "x" || exit 6
+	echo -n $"Starting $prog: "
+	daemon $prog "$EXTRAOPTIONS"
+	RETVAL=$?
+	if [ $RETVAL -ne 0 ] ; then
+		if [ "$AMTU_HALT_ON_FAILURE" = "yes" ] ; then
+			# Give audit daemon chance to write to disk
+			sleep 3
+			logger "Amtu failed and halt on failure requested"
+			$HALT_COMMAND
+		fi
+	fi
+	return $RETVAL
+}
+
+stop() {
+	/bin/true
+}
+
+# See how we were called.
+case "$1" in
+    start)
+	start
+	;;
+    stop)
+	stop
+	;;
+    status)
+        ;;
+    restart)
+	stop
+	start
+	;;
+    condrestart)
+	;;
+    reload)
+        ;;
+    *)
+	echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}"
+	;;
+esac
+exit $RETVAL
diff -urN amtu-1.0.8.orig/init/amtu.sysconfig amtu-1.0.8/init/amtu.sysconfig
--- amtu-1.0.8.orig/init/amtu.sysconfig	1969-12-31 19:00:00.000000000 -0500
+++ amtu-1.0.8/init/amtu.sysconfig	2009-07-06 10:06:07.000000000 -0400
@@ -0,0 +1,11 @@
+# Add extra options here:
+EXTRAOPTIONS=""
+#
+# This option is used to determine if failing any amtu test should result in
+# the machine being unusable. The default is no, but it can be changed to
+# yes in case this is desired.
+AMTU_HALT_ON_FAILURE="no"
+#
+# Should halt on failure trigger and its set to yes, the following command
+# will be issued to stop the system:
+HALT_COMMAND="poweroff"
diff -urN amtu-1.0.8.orig/init/Makefile.am amtu-1.0.8/init/Makefile.am
--- amtu-1.0.8.orig/init/Makefile.am	1969-12-31 19:00:00.000000000 -0500
+++ amtu-1.0.8/init/Makefile.am	2009-07-06 10:14:22.000000000 -0400
@@ -0,0 +1,16 @@
+
+CONFIG_CLEAN_FILES = *.rej *.orig
+EXTRA_DIST = amtu.init amtu.sysconfig
+initdir=$(sysconfdir)/rc.d/init.d
+sysconfigdir=$(sysconfdir)/sysconfig
+
+install-data-hook:
+	$(INSTALL_DATA) -D -m 640 ${srcdir}/amtu.sysconfig ${DESTDIR}${sysconfigdir}/amtu
+
+install-exec-hook:
+	$(INSTALL_SCRIPT) -D -m 755 ${srcdir}/amtu.init ${DESTDIR}${initdir}/amtu
+
+uninstall-hook:
+	rm ${DESTDIR}${sysconfigdir}/amtu
+	rm ${DESTDIR}${initdir}/amtu
+
diff -urN amtu-1.0.8.orig/Makefile.am amtu-1.0.8/Makefile.am
--- amtu-1.0.8.orig/Makefile.am	2009-07-06 09:39:44.000000000 -0400
+++ amtu-1.0.8/Makefile.am	2009-07-06 10:10:55.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = src doc
+SUBDIRS = src init doc
 EXTRA_DIST = bootstrap LICENSE CPLv1.0.htm README
 CONFIG_CLEAN_FILES = debug*.list config/*
 


Index: amtu.spec
===================================================================
RCS file: /cvs/pkgs/rpms/amtu/F-11/amtu.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -p -r1.25 -r1.26
--- amtu.spec	1 Jul 2009 15:57:05 -0000	1.25
+++ amtu.spec	21 Aug 2009 21:52:47 -0000	1.26
@@ -1,18 +1,16 @@
 Summary: Abstract Machine Test Utility (AMTU)
 Name: amtu 
-Version: 1.0.7
+Version: 1.0.8
 Release: 1%{?dist}
 License: CPL
 Group: System Environment/Base
 URL: http://sourceforge.net/projects/amtueal/
 Source0: %{name}-%{version}.tar.gz
-Patch1: amtu-1.0.7-makefile.patch
+Patch1: amtu-1.0.8-init.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: audit-libs-devel >= 1.1.2
 BuildRequires: automake
-Requires: audit >= 1.1.2
-
-# Red Hat AMTU SPEC file
+Requires: chkconfig
 
 %description
 Abstract Machine Test Utility (AMTU) is an administrative utility to check
@@ -26,7 +24,6 @@ http://www.radium.ncsc.mil/tpep/library/
 %patch1 -p1
 
 %build
-# next 3 items is to quieten autoreconf
 touch ChangeLog
 touch NEWS
 touch AUTHORS
@@ -41,13 +38,28 @@ make "DESTDIR=${RPM_BUILD_ROOT}" install
 %clean
 rm -rf $RPM_BUILD_ROOT
 
+%post
+/sbin/chkconfig --add amtu
+
+%preun
+if [ $1 -eq 0 ]; then
+   /sbin/service amtu stop > /dev/null 2>&1
+   /sbin/chkconfig --del amtu
+fi
+
 %files
 %defattr(-,root,root, -)
-%doc doc/AMTUHowTo.txt COPYING
+%doc doc/AMTUHowTo.txt LICENSE
+%attr(755,root,root) /etc/rc.d/init.d/amtu
+%config(noreplace) %attr(640,root,root) /etc/sysconfig/amtu
 %attr(0750,root,root) %{_bindir}/amtu
 %attr(0644,root,root) %{_mandir}/man8/*
 
 %changelog
+* Fri Aug 21 2009 Steve Grubb <sgrubb at redhat.com> 1.0.8-1
+- new upstream version
+- Add init script for bootup system check
+
 * Wed Jul 01 2009 Steve Grubb <sgrubb at redhat.com> 1.0.7-1
 - new upstream version
 


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/amtu/F-11/sources,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -p -r1.11 -r1.12
--- sources	1 Jul 2009 15:57:06 -0000	1.11
+++ sources	21 Aug 2009 21:52:47 -0000	1.12
@@ -1 +1 @@
-8858a47c667ffc4af840d72d8ced6605  amtu-1.0.7.tar.gz
+755b517a3a1cc4092435c349d9b99312  amtu-1.0.8.tar.gz


--- amtu-1.0.7-makefile.patch DELETED ---

More information about the fedora-extras-commits mailing list