diff --git a/pkgs/tools/security/lynis/default.nix b/pkgs/tools/security/lynis/default.nix new file mode 100644 index 000000000000..5e13674bb77a --- /dev/null +++ b/pkgs/tools/security/lynis/default.nix @@ -0,0 +1,38 @@ +{ stdenv, makeWrapper, fetchFromGitHub, gawk, perl }: + +stdenv.mkDerivation rec { + pname = "lynis"; + version = "2.5.7"; + name = "${pname}-${version}"; + + src = fetchFromGitHub { + owner = "CISOfy"; + repo = "${pname}"; + rev = "${version}"; + sha256 = "19rfkiri73bi43i4yxpqrxjzpqn5rfrkq2picja5filjv14hbyly"; + }; + + nativeBuildInputs = [ makeWrapper perl ]; + + postPatch = '' + grep -rl '/usr/local/lynis' ./ | xargs sed -i "s@/usr/local/lynis@$out/share/lynis@g" + # Don't use predefined binary paths. See https://github.com/CISOfy/lynis/issues/468 + perl -i -p0e 's/BIN_PATHS="[^"]*"/BIN_PATHS=\$\(echo \$PATH\ | sed "s\/:\/ \/g")/sm;' include/consts + ''; + + installPhase = '' + mkdir -p $out/share/lynis + cp -r include db default.prf $out/share/lynis/ + mkdir -p $out/bin + cp -a lynis $out/bin + wrapProgram "$out/bin/lynis" --prefix PATH : ${stdenv.lib.makeBinPath [ gawk ]} + ''; + + meta = with stdenv.lib; { + description = "Security auditing tool for Linux, macOS, and UNIX-based systems"; + homepage = "https://cisofy.com/lynis/"; + license = licenses.gpl3; + platforms = platforms.unix; + maintainers = [ maintainers.ryneeverett ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 36d392c20edb..5587ec2e44f1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1183,6 +1183,8 @@ with pkgs; iio-sensor-proxy = callPackage ../os-specific/linux/iio-sensor-proxy { }; + lynis = callPackage ../tools/security/lynis { }; + mathics = pythonPackages.mathics; masscan = callPackage ../tools/security/masscan { };