debian/0000755000000000000000000000000012240321702007157 5ustar debian/NEWS0000644000000000000000000000155712240321702007666 0ustar stealth (1.47.4-1) unstable; urgency=low Please note that starting with this release the stealth executables and scripts are expected in /usr/bin rather than /usr/sbin, following a suggestion made in Bug Report #530657. The package puts stealth in /usr/bin, but support scripts (stealthcleanup.gz, stealthcron.gz, stealthmail.gz) are found in /usr/share/doc/stealth/scripts/usr/bin. When used previously they are most likely found in /usr/sbin, where you need to remove them `by hand' followed by the installation of the gunzipped distributed scripts in /usr/bin. Also note that scripts calling stealth (or its support scripts) should refer to /usr/bin, rather than /usr/sbin (e.g., you might use a script /etc/cron.d/stealth calling stealthcron). -- Frank B. Brokken Thu, 03 Sep 2009 14:41:42 +0200 debian/dirs0000644000000000000000000000006112240321702010040 0ustar usr/bin usr/share/man/man1 usr/share/doc/stealth debian/rules0000755000000000000000000000626212240321702010245 0ustar #!/usr/bin/make -f # Uncomment this to turn on verbose mode. # export DH_VERBOSE=1 # archive downloaded from https://www.icce.rug.nl/debian/stealth MD5TRUSTED := dc0130dd9cc572ca29fd42df4c95f5da export CPPFLAGS = $(shell dpkg-buildflags --get CPPFLAGS) export LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS) export CXXFLAGS = $(shell dpkg-buildflags --get CXXFLAGS) export CXXFLAGS += --std=c++0x -Wall export CXX = g++-4.8 build: build-indep build-arch build-arch: dh_testdir ./build program ./build man build-indep: ./build manual clean: dh_testdir dh_testroot ./build distclean dh_clean install-arch: dh_testdir dh_testroot dh_prep dh_installdirs # Add here commands to install the package into debian/stealth. ./build install program debian/stealth/usr/bin/stealth ./build install man debian/stealth/usr/share/man/man1 ./build install std debian/stealth/usr/share/doc/stealth ./build install extra debian/stealth/usr/share/doc/stealth install-indep: ./build install manual debian/stealth-doc/usr/share/doc/stealth-doc binary-indep: build-indep install-indep dh_testdir -i dh_testroot -i dh_installdocs -i dh_installinfo -i dh_installchangelogs -i dh_link -i dh_compress -i -X.dvi -X.latex -X.txt -X.ps -X.pdf dh_fixperms -i dh_installdeb -i dh_gencontrol -i dh_md5sums -i dh_builddeb -i binary-arch: build-arch install-arch dh_testdir -a dh_testroot -a dh_installdocs -a dh_installexamples -a dh_installmenu -a dh_installcron -a dh_installman -a dh_installinfo -a dh_installchangelogs -a dh_link -a dh_strip -a dh_compress -a dh_fixperms -a dh_installdeb -a dh_shlibdeps -a dh_gencontrol -a dh_md5sums -a dh_builddeb -a # The following is for internal development usage only # Update that sum when new _upstream_ releases occur, this # catches silent file content forges at the upstream server side DEBVERSION:=$(shell head -n 1 debian/changelog | sed -e 's/^[^(]*(\([^)]*\)).*/\1/') UPVERSION:=$(shell echo $(DEBVERSION) | sed -e 's/^.*://' -e 's/-[0-9.]*$$//' -e 's/.dfsg$$//') UPNAME := stealth UPFILE := $(UPNAME)_$(UPVERSION).tar.gz DEFILE := $(UPNAME)_$(UPVERSION).orig.tar.gz URL := https://www.icce.rug.nl/debian/stealth MD5CURRENT := `md5sum ../tarballs/$(DEFILE) | sed -e 's/ .*//'` get-orig-source: @@[ -d ../tarballs/. ]||mkdir -p ../tarballs -@if [ ! -f ../tarballs/$(DEFILE) ] ; then \ echo -e "Downloading $(URL)/$(UPFILE)\nSaving into ../tarballs/$(DEFILE) ..." ; \ wget --no-check-certificate --quiet -N -nv -T10 -t3 -O \ ../tarballs/$(DEFILE) $(URL)/$(UPFILE) ; \ else \ echo "Upstream source tarball have been already downloaded" ; \ fi -@if [ "$(MD5CURRENT)" != "$(MD5TRUSTED)" ] ; then \ echo "Expecting upstream filename md5sum $(MD5TRUSTED), but $(MD5CURRENT) found" ; \ echo "Upstream filename md5sum is NOT trusted! Possible upstream filename forge!" ; \ false ; \ else \ echo "Upstream filename md5sum is trusted!" ; \ fi print-version: @@echo "Debian version: $(DEBVERSION)" @@echo "Upstream version: $(UPVERSION)" binary: binary-arch binary-indep .PHONY: build build-indep build-arch clean binary-indep binary-arch binary \ install-indep install-arch debian/changelog0000644000000000000000000004551212240321702011040 0ustar stealth (2.11.03-2) unstable; urgency=low * Add patch for FTBFS with bobcat 3.17.00. (Closes: #729302) - Thank you to Andreas Moog. * Bump Standards-Version to 3.9.5 (no changes). -- tony mancill Mon, 11 Nov 2013 19:41:47 -0800 stealth (2.11.03-1) unstable; urgency=low [ Frank B. Brokken ] * New upstream version. * 2.11.02-2 patch now processed at the upstream level. Patch removed. [ tony mancill ] * Update Vcs URLs to be canonical. * Explicitly depend on g++-4.8; set CXX accordingly. -- tony mancill Sun, 11 Aug 2013 18:38:58 -0700 stealth (2.11.02-2) unstable; urgency=low * Add patch to update POSIX perm format in documentation (Closes: #711694) * Remove build-stamp from debian/rules. -- tony mancill Mon, 10 Jun 2013 14:37:46 -0700 stealth (2.11.02-1) unstable; urgency=low * New upstream release. * Stealth now catches std::exceptions instead of FBB::Errno exceptions * Stealth returns 0 with options --help and --version -- Frank B. Brokken Fri, 25 Jan 2013 11:17:55 +0100 stealth (2.11.01-2) unstable; urgency=low * Revert change to Build-Depends-Indep so the auto-builders have a chance. -- tony mancill Thu, 24 Jan 2013 14:18:02 -0800 stealth (2.11.01-1) unstable; urgency=low [ Frank B. Brokken ] * improved handling of skip-files specifications, several related modifications, see the changelog [ tony mancill ] * Update Vcs fields in d/control to point to collab-maint repository on git.debian.org. * Bump Standards-Version to 3.9.4 (no changes required). * Bump debhelper dependency and d/compat to 9. * Depend explicitly on g++-4.7, set CXX in d/rules. * Split Build-Depends into Build-Depends and Build-Depends-Indep. -- tony mancill Thu, 24 Jan 2013 10:38:33 -0800 stealth (2.10.01-1) unstable; urgency=low * build script recognizes CXX, CPPFLAGS, CXXFLAGS, and LDFLAGS environment variables, relro removed from LDFLAGS -- Frank B. Brokken Sun, 22 Jul 2012 12:49:59 +0200 stealth (2.10.00-1) unstable; urgency=low * New upstream release + new option --reload and supports skipping directories * Added relro to LDFLAGS -- Frank B. Brokken Sat, 16 Jun 2012 16:03:36 +0200 stealth (2.04.00-1) unstable; urgency=low * New upstream release fixes failing command recognition -- Frank B. Brokken Sun, 03 Jun 2012 16:23:10 +0200 stealth (2.03.00-1) unstable; urgency=low [ Frank B. Brokken ] * New upstream release depends on Bobcat 3.01.00 [ tony mancill ] * d/compat set to 8 -- tony mancill Thu, 31 May 2012 22:15:50 -0700 stealth (2.02.02-1) unstable; urgency=low * New upstream release * Build-Depend on g++ >= 4.6.2, and bobcat >= 2.21.00 -- Frank B. Brokken Sun, 08 Jan 2012 14:46:07 +0100 stealth (2.02.01-3) unstable; urgency=low * Build-Depend on g++ >= 4:4.6.0, better support for c++0x. (fixes ftbfs with older compilers on some architectures) -- George Danchev Mon, 27 Jun 2011 09:43:50 +0300 stealth (2.02.01-2) unstable; urgency=low * install-arch should not depend on build. * move texlive-latex-base, texlive-generic-recommended, texlive-latex-recommended, texlive-fonts-recommended, ghostscript back to depends as they are need to create the documentation of stealth (arch-dependent) package. -- George Danchev Sun, 26 Jun 2011 21:31:39 +0300 stealth (2.02.01-1) unstable; urgency=low * Nw upstream release + Removed FnWrap* calls from Stealth's sources + `build' script now recognizes CXXFLAGS and LDFLAGS for, resp. g++ and ld flags. Default values are set in INSTALL.im, as before. * [GD] Rename build to build-arch. * [GD] Drop configure* targets. -- Frank B. Brokken Sun, 26 Jun 2011 14:26:24 +0200 stealth (2.02.00-2) unstable; urgency=low * [GD] pass -a to dh_* in binary-arch. * [GD] do not compess .dvi, .latex, .txt, .ps, .pdf. * [GD] drop duplicate (empty) binary-indep target. * [GD] remove useless spaces from rules and control. -- George Danchev Wed, 08 Jun 2011 19:26:15 +0300 stealth (2.02.00-1) unstable; urgency=low * New upstream release. * [FB] build depend on bobcat >= 2.17.00. * [GD] honor noopt via DEB_BUILD_OPTIONS. -- Frank B. Brokken Tue, 07 Jun 2011 13:14:50 +0200 stealth (2.01.00-4) unstable; urgency=low * Change to source format 3.0 (quilt). -- George Danchev Tue, 31 May 2011 21:02:29 +0300 stealth (2.01.00-3) unstable; urgency=low * Build-Depends: libbobcat-dev 2.16.00 (fixes a linkage problem, previous bobcat library versions had, on armel) * Add Vcs-Browser field. -- George Danchev Thu, 26 May 2011 18:18:40 +0300 stealth (2.01.00-2) unstable; urgency=low * Build-Depends: libbobcat-dev (>= 2.15.02) to pick up latest fixes. * Drop leading articles from description (thanks lintian). * Standards-Version: 3.9.2 (no changes needed). -- George Danchev Tue, 17 May 2011 10:43:35 +0300 stealth (2.01.00-1) unstable; urgency=low * New upstream release, new bobcat dependency: >= 2.14.00 -- Frank B. Brokken Sat, 05 Feb 2011 12:41:22 +0100 stealth (2.00.1-2) unstable; urgency=low * New bobcat dependency: >= 2.11.0 -- Frank B. Brokken Mon, 10 Jan 2011 14:12:39 +0100 stealth (2.00.1-1) unstable; urgency=low [ Frank B. Brokken ] * New upstream release depends on Yodl >= 3.00.0, bobcat >= 2.10.02 [ tony mancill ] * Set distribution to unstable. -- tony mancill Sat, 25 Dec 2010 19:49:18 -0800 stealth (2.00.0-1) experimental; urgency=low [ Frank B. Brokken ] * New upstream release (repaired defunct -o option, added option --skip-files, multiple cosmetic changes) * Build-Depends on bobcat 2.09.02 [ tony mancill ] * Set distribution to experimental. -- tony mancill Fri, 05 Nov 2010 22:33:32 -0700 stealth (1.47.4-1) unstable; urgency=low * New upstream version (Closes: #530657, #542991) * Changed usr/sbin to usr/bin in debian/dirs * Build-Depends on bobcat 2.04.01 -- Frank B. Brokken Thu, 03 Sep 2009 14:41:42 +0200 stealth (1.47.3-1) unstable; urgency=low [ Frank B. Brokken ] * New upstream version * Split-off a supplementary documention package stealth-doc * Application package stealth now suggests stealth-doc * Added binary-indep, build-indep, install-indep for stealth-doc construction [ tony mancill ] * Added cm-super to Build-Depends-Indep * Modified case of name in debian/control -- tony mancill Mon, 30 Mar 2009 11:47:01 -0700 stealth (1.47.2-4) unstable; urgency=low * rebuild against bobcat 2.00.1-2 -- George Danchev Sun, 07 Dec 2008 06:41:40 +0200 stealth (1.47.2-3) unstable; urgency=low * stealth depends on libbobcat-dev >= 2.00.0, updated debian/control -- Frank B. Brokken Sat, 29 Nov 2008 20:05:20 +0100 stealth (1.47.2-2) unstable; urgency=low * stealth depends run-time on libbobcat1 >= 1.21.1, updated debian/control -- Frank B. Brokken Sun, 02 Nov 2008 11:27:51 +0100 stealth (1.47.2-1) unstable; urgency=low * stealth depends on libbobcat1-dev >= 1.21.1, updated debian/control -- Frank B. Brokken Sun, 26 Oct 2008 16:33:47 +0100 stealth (1.47.1-2) unstable; urgency=low * stealth depends on libbobcat1-dev >= 1.20.1, updated various control file versions -- Frank B. Brokken Sun, 07 Sep 2008 21:38:17 +0200 stealth (1.47.1-1) unstable; urgency=low * New upstream release * build-depends depends on debhelper (>> 5.0.37.3) and temporarily not using LaTeX (ps2pdf problems on hppa and sparc) -- Frank B. Brokken Sun, 16 Mar 2008 12:10:45 +0100 stealth (1.46.1-2) unstable; urgency=low [ George Danchev ] * build-depend on libbobcat1-dev >= 1.17.1-1 * standards-version 3.7.3 [ tony mancill ] * Add Homepage: and Vcs-Svn: fields to debian/control -- tony mancill Mon, 31 Dec 2007 15:04:10 -0800 stealth (1.46.1-1) unstable; urgency=low * New upstream release (Closes: #438053) -- Frank B. Brokken Wed, 05 Sep 2007 14:11:20 +0200 stealth (1.46-2) unstable; urgency=low * Added missing ${misc:Depends} -- George Danchev Sun, 12 Aug 2007 19:10:54 +0300 stealth (1.46-1) unstable; urgency=low [ Frank Brokken ] * New upstream release. * control: Transition build-deps from tetex to texlive packages [ George Danchev ] * control: Added Tony Mancill to Uploaders * rules: Added get-orig-source target * rules: Use build distclean to allow subsequent builds from the same source tree to succeed (Closes: #424234) -- Frank B. Brokken Fri, 25 May 2007 13:01:04 +0200 stealth (1.45-3) unstable; urgency=low * install upstream changelog -- George Danchev Sat, 23 Sep 2006 01:28:03 +0300 stealth (1.45-2) unstable; urgency=low * rules: don't use ./build install since icmake 6.22-7 seems to be problematic on powerpc (Closes: #388423) -- George Danchev Wed, 20 Sep 2006 18:54:06 +0300 stealth (1.45-1) unstable; urgency=low * New upstream release [ Frank Brokken ] * Debian packageing now uses icmake scripts and INSTALL.im to define the locations of the various targets. Added the directory ./icmake [ George Danchev ] * drop patch merged upstream * new build-depends: icmake, yodl, tetex-bin, tetex-extra, gs-gpl | gs -- George Danchev Sat, 26 Aug 2006 12:37:35 +0300 stealth (1.44-3) unstable; urgency=low * build-depend on tetex-bin and g++ instead of g++-x.y -- George Danchev Thu, 3 Aug 2006 21:21:10 +0300 stealth (1.44-2) unstable; urgency=low [ George Danchev ] * 01_gen_manual.dpatch: generate manual, without latex * control: Add yodl, dpatch to build-depends * rules: Add get-orig-source and print-version targets -- George Danchev Sun, 23 Jul 2006 03:05:12 +0300 stealth (1.44-1) unstable; urgency=low * License changed to the GNU GENERAL PUBLIC LICENSE. See the file `copyright'. Introduced George Danchev as uploader From now on this file will only reflect Debian-specific changes. See the newly added file Changelog for `upstream' changes. At this point, Changelog will be a mere copy of debian's changelog file. -- Frank B. Brokken Wed, 19 Jul 2006 12:57:17 +0200 stealth (1.43) unstable; urgency=low * Following suggestions made by George Danchev, this version was compiled by the unstable's g++ compiler (version >= 4.1), which unveiled several flaws in the library's class header files. These flaws were removed (i.e., repaired). In order to facilitate compiler selection, the compiler to use is defined in the INSTALL.cf file. The debian control-files (i.e., all files under the debian subdirectory) were removed from the source distribution, which is now also named in accordance with the Debian policy. A diff.gz file was added. -- Frank B. Brokken Thu, 6 Jul 2006 12:24:58 +0200 stealth (1.42) unstable; urgency=low * When a (remote) CHECK command failed to return 0, Stealth didn't properly terminate. This was repaired by changing the return value of Reporter::relax() to type bool, returning d_continue. This return value is now checked in Monitor::control(). If not true, the Monitor::control() loop terminates, thus terminating the program with exit value 1. make/install script now defines PREFIX=/ if called without argument. -- Frank B. Brokken Mon, 26 Jun 2006 09:27:34 +0200 stealth (1.41c) unstable; urgency=low * Stealth was `lintianized' and `lindanized'. The info in debian's control file was adapted. As the bobcat libraries are now in libbobcat1* packages, stealth's dependencies were adapted accordingly. -- Frank B. Brokken Sun, 28 May 2006 12:39:15 +0200 stealth (1.41b) unstable; urgency=low * Recompilation because of changes in the bobcat library. This version of Stealth depends on bobcat 1.7.0. No changes to Stealth itself. The compilation dependency for the g++ compiler has been restored. -- Frank B. Brokken Tue, 2 May 2006 21:37:31 +0200 stealth (1.41a) unstable; urgency=low * Minor changes to the make/library script, adapted the program's release years. Dependency check in debian/control for g++ removed since it fails for unkown reasons. The version should be >= 4.0.2 -- Frank B. Brokken Wed, 1 Feb 2006 12:46:01 +0100 stealth (1.41) unstable; urgency=low * Library requirement up-to-date: bobcat 1.6.0 -- Frank B. Brokken Mon, 26 Dec 2005 19:17:24 +0100 stealth (1.40) unstable; urgency=low * all local Pattern objects are now static data members removed: superfluous stealth.doc-base; debugmacro; classes arg, configfile, errno fdout fork ifdnbuf pattern pipe selector (now in bobcat) Renamed all .h2 headers to my standard .ih names: util, configsorter, reporter scanner Reporter::reset() now calls Reporter::rewind() Reporter uses d_hasMail data member instead of d_sizeBeyondHeader: d_hasMail can simply be set to false following the writing of the header, and then to true at each sync() command. added: Reporter::exit(), first inserting the message into the reporter, then to cerr, and exiting. fatal error messages are no longer suppressed with -q man(ual) pages adapted accordingly. -- Frank B. Brokken Mon, 26 Dec 2005 18:23:25 +0100 stealth (1.35) unstable; urgency=low * Recompilation using g++-4.0. Requires bobcat >= 1.4.0 -- Frank B. Brokken Sat, 19 Nov 2005 16:47:28 +0100 stealth (1.34) unstable; urgency=low * Removed dependencies on `icmake'. See the file `INSTALL' for details about compiling and installing `stealth' from the source package, rather than from the binary (.deb) package. Stealth's functionality has not been altered. -- Frank B. Brokken Sun, 4 Sep 2005 15:11:46 +0200 stealth (1.33) unstable; urgency=low * With the advent of the bobcat library (Brokken's Own Base Classes And Templates) various classes were removed from stealth's distribution: Arg, Configfile, Errno, Fork, Hashclasses, Ifdstreambuf, Ofdbuf, Pattern, and Pipe. Also, the manual pages were adapted to reflect the fact that I'm distributing Debian (source and binary) packages, rather than pure source packages. No further change in functionality was implemented. To compile stealth bobcat-dev is required, to run the binary bobcat itself. See http://bobcat.sourceforge.net and http://sourceforge.net/projects/bobcat for further information about bobcat. -- Frank B. Brokken Sat, 20 Aug 2005 15:35:32 +0200 stealth (1.32) unstable; urgency=low * Version 1.31 was not distributed. Version 1.32 offers identical user options as V 1.31, but has some minor internal improvements in its code over 1.31. In particular, a running stealth process will signal its suppressor that it's ready. This simplifies the construction of, e.g., logrotate scripts. Note btw that the date and timestamps in this file are CET (+ DST when active) -- Frank B. Brokken Mon, 1 Aug 2005 10:49:36 +0200 stealth (1.31) unstable; urgency=low * Added --suspend and --resume options allowing logfile rotations on a keepalive running stealth process. Changed the manual page using standard manpage*() macros instead of SUBST()s Internally, a Monitor class was added, exercising and taking over much of the control functionality of the Scanner class -- Frank B. Brokken Sat, 30 Jul 2005 00:13:14 +0200 stealth (1.30-2a) unstable; urgency=low * Stupid: forgot to update the program's version itself :-( Now it's 1.30-2a -- Frank B. Brokken Tue, 27 Apr 2004 17:56:54 +0200 stealth (1.30-2) unstable; urgency=low * Repaired bug in Scanner::Scanner(): The process-id's of the SH and SSH programs were assigned before IOFORK::fork() was executed, so they received undefined values. This was repaired by assigning the d_shPid and d_sshPid assignments to the Scanner::preamble() function. Also, the call to killChildren() at the end of stealth's main() function (in stealth.cc) was superfluous, as the atexit() call in preamble already ensures that the childprocesses are called. Finally, the Yodl manual files are adapted to Yodl V. >= 2.00. The /usr/local/share/yodl/macros.yo file isn't required anymore, and the XXsloppyhfuzz undefinition was changed into a call of nosloppyhfuzz(). -- Frank B. Brokken Tue, 27 Apr 2004 17:39:17 +0200 stealth (1.30-1) unstable; urgency=low * --keep-alive, --terminate and --rerun require the name of a file in which the process id of the running stealth process is stored. This file will be writen when the --keep-alive flag is used, read by the other two and removed by the corresponding stealth process when it terminates. Manpages and docs updated accordingly. -- Frank B. Brokken Wed, 17 Dec 2003 09:21:11 +0100 stealth (1.30) unstable; urgency=low * --terminate, --rerun, --repeat and --keep-alive flags were added to allow stealth to keep an existing connection for longer periods of time. Manpages and docs updated accordingly -- Frank B. Brokken Fri, 12 Dec 2003 12:45:45 +0100 stealth (1.22-0) unstable; urgency=low * Added GET and PUT. Put allows stealth to put files to the client using the existing ssh connection. -- Frank B. Brokken Wed, 26 Nov 2003 21:25:02 +0100 stealth (1.21-0) unstable; urgency=low * Added the GET command, allowing stealth to retrieve files from the client for, e.g., local inspection, without requiring an additional ssh connection. -- Frank B. Brokken Sat, 22 Nov 2003 13:55:40 +0100 stealth (1.20-2) unstable; urgency=low * New buildscripts added for man(ual) pages. This file will take over from CHANGELOG which logged the original, non-Debian distribution. -- Frank B. Brokken Fri, 20 Jun 2003 17:21:42 +0200 stealth (1.20-1) unstable; urgency=low * Initial Release. -- Frank B. Brokken Wed, 18 Jun 2003 12:13:41 +0200 debian/patches/0000755000000000000000000000000012240321702010606 5ustar debian/patches/series0000644000000000000000000000002712240321702012022 0ustar 01_include_errno.patch debian/patches/01_include_errno.patch0000644000000000000000000000056112240321702014761 0ustar Description: Add missing include to fix FTBFS Author: Andreas Moog --- stealth-2.11.03.orig/scanner/scanner.ih +++ stealth-2.11.03/scanner/scanner.ih @@ -17,6 +17,7 @@ #include #include #include +#include #include "../util/util.h" #include "../configsorter/configsorter.h" debian/source/0000755000000000000000000000000012240321702010457 5ustar debian/source/format0000644000000000000000000000001412240321702011665 0ustar 3.0 (quilt) debian/compat0000644000000000000000000000000212240321702010355 0ustar 9 debian/copyright0000644000000000000000000000056512240321702011120 0ustar This package was debianized by Frank B. Brokken on Wed, 18 Jun 2003 12:13:41 +0200. Copyright: Stealth File Integrity Scanner Copyright (c) 2003 - now by Frank B. Brokken, University of Groningen. Licensed under the Gnu General Public License, see /usr/share/common-licenses/GPL Upstream Author: Frank B. Brokken debian/control0000644000000000000000000001157512240321702010573 0ustar Source: stealth Section: admin Priority: optional Maintainer: Frank B. Brokken Uploaders: George Danchev , tony mancill Build-Depends: debhelper (>= 9), libbobcat-dev (>= 3.01.00), icmake (>= 7.19.00), g++-4.8, yodl (>= 3.00.0), texlive-latex-base, texlive-generic-recommended, texlive-latex-recommended, texlive-fonts-recommended, ghostscript Standards-Version: 3.9.5 Vcs-Git: git://anonscm.debian.org/collab-maint/stealth.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/stealth.git Homepage: http://stealth.sourceforge.net/ Package: stealth Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Suggests: stealth-doc Description: stealthy File Integrity Checker The STEALTH program performs File Integrity Checks on (remote) clients. It differs from other File Integrity Checkers by not requiring baseline integrity data to be kept on either write-only media or in the client's file system. In fact, clients will hardly contain any indication suggesting that they are being monitored, thus improving the stealthiness of the integrity scans. . STEALTH uses standard available software to perform file integrity checks (like find(1) and sha1sum(1)). Using individualized policy files, it is highly adaptable to the specific characteristics of its clients. . In production environments STEALTH should be run from an isolated computer (called the `STEALTH monitor'). In optimal configurations the STEALTH monitor should be a computer not accepting incoming connections. The account used to connect to its clients does not have to be `root'; usually read-access to the client's file system is enough to perform a full integrity check. Instead of using `root' a more restrictive administrative or ordinary account might offer all necessary requirements for the desired integrity check. . STEALTH itself must communicate with the computers it should monitor. It is essential that this communication is secure. STEALTH configurations therefore normally specify SSH as the command-shell to use for connecting to clients. STEALTH may be configured so as to use but one SSH connection per client, even if integrity scans are to be performed repeatedly. Apart from this, the STEALTH monitor is commonly allowed to send e-mail to remote client systems' maintainers. . STEALTH-runs itself may start randomly within specified intervals. The resulting unpredicability of STEALTH-runs further increases STEALTH's stealthiness. . STEALTH's acronym is expanded to `Ssh-based Trust Enforcement Acquired through a Locally Trusted Host': the client's trust is enforced, the locally trusted host is the STEALTH monitor. Package: stealth-doc Architecture: all Section: doc Depends: ${shlibs:Depends}, ${misc:Depends} Description: stealthy File Integrity Checker STEALTH program performs File Integrity Checks on (remote) clients. It differs from other File Integrity Checkers by not requiring baseline integrity data to be kept on either write-only media or in the client's file system. In fact, client's will contain hardly any indication at all that they are being monitored, thus improving the stealthiness of the integrity scans. . STEALTH uses standard available software to perform file integrity checks (like find(1) and md5sum(1)). Using individualized policy files, it is highly adaptable to the specific requirements of its clients. . In production environments STEALTH should be run from an isolated computer (called the `STEALTH monitor'). In optimal configurations the STEALTH monitor should be a computer not accepting incoming connections. The account used to connect to its clients does not have to be `root': usually read-access to the client's file system is enough to perform a full integrity check. Instead of using `root' a more restrictive administrative or ordinary account might offer all requirements for the desired integrity check. . STEALTH itself must communicate with the computers it should monitor. It is essential that this communication is secure, and STEALTH configurations will therefore normally specify SSH as the command-shell to use to connect to its clients. STEALTH may be configured so as to use but one SSH connection per client, even if integrity scans are to be performed repeatedly. Apart from this, the STEALTH monitor might be allowed to send e-mail to remote clients system's maintainers. . STEALTH-runs itself may start randomly within specified intervals. The resulting unpredicability of STEALTH-runs further increases STEALTH's stealthiness. . STEALTH's acronym is expanded to `Ssh-based Trust Enforcement Acquired through a Locally Trusted Host': the client's trust is enforced, the locally trusted host is the STEALTH monitor. . This package provides the supplemental documentation for Stealth.