2017-12-07 18:15:50 +01:00
|
|
|
{ stdenv, makeWrapper, fetchFromGitHub, gawk, perl }:
|
|
|
|
|
|
|
|
|
|
stdenv.mkDerivation rec {
|
|
|
|
|
pname = "lynis";
|
2018-03-15 05:22:55 +01:00
|
|
|
version = "2.6.3";
|
2017-12-07 18:15:50 +01:00
|
|
|
name = "${pname}-${version}";
|
|
|
|
|
|
|
|
|
|
src = fetchFromGitHub {
|
|
|
|
|
owner = "CISOfy";
|
|
|
|
|
repo = "${pname}";
|
|
|
|
|
rev = "${version}";
|
2018-03-15 05:22:55 +01:00
|
|
|
sha256 = "17xfs0jr0rf8xvk860l2wpxg0h1m2c1dq41lqnq6wga9jifxmzqd";
|
2017-12-07 18:15:50 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
nativeBuildInputs = [ makeWrapper perl ];
|
|
|
|
|
|
|
|
|
|
postPatch = ''
|
|
|
|
|
grep -rl '/usr/local/lynis' ./ | xargs sed -i "s@/usr/local/lynis@$out/share/lynis@g"
|
|
|
|
|
# Don't use predefined binary paths. See https://github.com/CISOfy/lynis/issues/468
|
|
|
|
|
perl -i -p0e 's/BIN_PATHS="[^"]*"/BIN_PATHS=\$\(echo \$PATH\ | sed "s\/:\/ \/g")/sm;' include/consts
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
installPhase = ''
|
|
|
|
|
mkdir -p $out/share/lynis
|
|
|
|
|
cp -r include db default.prf $out/share/lynis/
|
|
|
|
|
mkdir -p $out/bin
|
|
|
|
|
cp -a lynis $out/bin
|
|
|
|
|
wrapProgram "$out/bin/lynis" --prefix PATH : ${stdenv.lib.makeBinPath [ gawk ]}
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
meta = with stdenv.lib; {
|
|
|
|
|
description = "Security auditing tool for Linux, macOS, and UNIX-based systems";
|
|
|
|
|
homepage = "https://cisofy.com/lynis/";
|
|
|
|
|
license = licenses.gpl3;
|
|
|
|
|
platforms = platforms.unix;
|
|
|
|
|
maintainers = [ maintainers.ryneeverett ];
|
|
|
|
|
};
|
|
|
|
|
}
|
