Re: RFS: lynis

To: debian-mentors@lists.debian.org
Subject: Re: RFS: lynis
From: "Paul Wise" <pabs@debian.org>
Date: Fri, 15 Feb 2008 13:06:42 +0900
Message-id: <[🔎] e13a36b30802142006k516ec6abxd05452f0228f0521@mail.gmail.com>
In-reply-to: <[🔎] 20080214205921.GA6416@maggie.lan>
References: <[🔎] 1202948562.3632.6.camel@localhost> <[🔎] 20080214205921.GA6416@maggie.lan>

First, a question:

How does lynis compare with bastille (already in Debian)?

On Fri, Feb 15, 2008 at 5:59 AM, Patrick Schoenfeld
<schoenfeld@in-medias-res.com> wrote:

>  IANADD so I cannot sponsor your upload. However I think my comments may
>  be useful for you. CC'ing my AM: Eventually he has additional comments
>  and/or is willing to sponsor your upload, when everything okay.

Additional comments below.

>  - debian/control
>     - Misses a homepage header to indicate upstream url. See [1]

Another reference: http://wiki.debian.org/HomepageFieldHOWTO

Some description changes:

s/Security/security/
s/create/creates/
s/professionals/professional/
s/adition/addition/
s/finetunning/fine-tuning/

>  - debian/copyright:

Please also reference the correct GPL file, there are both GPL-2 and
GPL-3 in /usr/share/common-licences.

>  - debian/rules:
>     - configure-stamp target misses a touch configure-stamp

Removing the configure/configure-stamp targets is another option.

Other issues:

sed -i -e 's/man page/the manual page/' debian/README.Debian

The changes to the lynis script should be moved into a quilt (or
dpatch) patch or you could make the changes using sed in the build
target like so:

build:
    ...
    mkdir build
    cp lynis build
    sed -i -e 's_PROFILE="default.prf"_PROFILE="/etc/lynis/default.prf"_'
build/lynis
    sed -i -e 's_INCLUDEDIR="include"_INCLUDEDIR="/usr/share/lynis/include"_'
build/lynis

clean:
    ...
    rm -rf build

install:
    ...
    install -D $(CURDIR)/build/lynis $(CURDIR)/debian/lynis/usr/sbin/

The postrm script is not necessary, dpkg handles removing conffiles on
purge and you are using a recent debhelper so files in /etc should be
automatically marked as conffiles.

default.prf contains a commented out debian-specific security check,
is there any reason you didn't enable it?

Please run lintian -I in future:

I: lynis: hyphen-used-as-minus-sign usr/share/man/man8/lynis.8.gz:14
I: lynis: hyphen-used-as-minus-sign usr/share/man/man8/lynis.8.gz:28
I: lynis: hyphen-used-as-minus-sign usr/share/man/man8/lynis.8.gz:30
I: lynis: hyphen-used-as-minus-sign usr/share/man/man8/lynis.8.gz:32
I: lynis: hyphen-used-as-minus-sign usr/share/man/man8/lynis.8.gz:34
I: lynis: hyphen-used-as-minus-sign usr/share/man/man8/lynis.8.gz:39
I: lynis: hyphen-used-as-minus-sign usr/share/man/man8/lynis.8.gz:43
I: lynis: hyphen-used-as-minus-sign usr/share/man/man8/lynis.8.gz:47
I: lynis: hyphen-used-as-minus-sign usr/share/man/man8/lynis.8.gz:51

Some remarks to pass upstream:

Upstream should be changed so that the patch to the lynis script is
not necessary. Same with any potential patch to default.prf. The best
way to enable that would be to write a configure script.

Upstream should provide a Makefile or script to install lynis so there
is no Debian-specific installation. Otherwise other distributions will
have to duplicate part of debian/rules.

Upstream CHANGELOG file is more of a NEWS file than a ChangeLog.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

Reply to:

References:
- RFS: lynis
  - From: Francisco García <fgclaramonte@yahoo.es>
- Re: RFS: lynis
  - From: Patrick Schoenfeld <schoenfeld@in-medias-res.com>

Prev by Date: Re: RFS: python-twitter
Next by Date: Re: RFS: syslog-summary (updated and adopted package)
Previous by thread: Re: RFS: lynis
Next by thread: Re: RFS: lynis
Index(es):
- Date
- Thread