Bastille: document the current status and usability of the Bastille install.

The README file is updated to indicate the functionality of Bastille that is
actually available.

The recipe file is updated with a pointer to the README file.

An additional patch is added so that when Bastille is run in interactive mode
it will not attempt to make any changes to the system. This is better than
attempting to make the changes and making the screen flicker . The text on the
final screen has been updated appropriately.

Signed-off-by: mulhern <mulhern@yoctoproject.org>

README

@@ -43,22 +43,34 @@ help for each package.
         like rcp and rlogin, and helps create "chroot jails" that help limit the
         vulnerability of common Internet services like Web services and DNS.
 
-        usage : Bastille can be used via meta-security layer only in command line mode.
-                To start Bastille simply write in a terminal :
+        usage : The functionality of Bastille which is available is
+                restricted to a purely informational one. The command:
+                bastille -c --os Yocto
+                will cause a series of menus containing security questions
+                about the system to be displayed to the user. For each
+                question, a default response, specified in the configuration
+                file which is installed with Bastille, will be selected.
+                The user may select an alternate response. When the user
+                has completed the sequence of menus Bastille saves the
+                responses to the configuration file.
 
-                bastille -c
+                The command:
+                bastille -l lists the configuration files that Bastille
+                is able to locate.
 
-                If this is the first usage of Bastille on the system, the user will be
-                guided through a list of questions which need to be answered. In the end,
-                a config file will be created and run. After these steps, you will have a
-                hardened system.
+                The other functionality which Bastille is intended to provide
+                is actually unavailable. This is not due to errors in poky
+                installation or configuration of the application. The Bastille
+                distribution is no longer supported. Significant modifications
+                would be required to make it possible to make use of the
+                functionality which is currently unavailable.
 
-                If you only want to run the config file, without stepping through the
-                list of questions, simply write in a terminal :
 
-                bastille -b
+        Additional information about Bastille can be found in the package
+        README file and other documentation.
 
-        More information can be found in the package readme and manual.
+        Alternatives to Bastille include buck-security and checksecurity,
+        described elsewhere in this file.
 
 
         == redhat-security ==

recipes-security/bastille/bastille_3.2.1.bb

@@ -1,3 +1,5 @@
+#The functionality of Bastille that is actually available is restricted. Please
+#consult the README file for the meta-security layer for additional information.
 SUMMARY = "Linux hardening tool"
 DESCRIPTION = "Bastille Linux is a Hardening and Reporting/Auditing Program which enhances the security of a Linux box, by configuring daemons, system settings and firewalling."
 LICENSE = "GPLv2"
@@ -29,6 +31,7 @@ SRC_URI = "http://sourceforge.net/projects/bastille-linux/files/bastille-linux/3
            file://allow_os_with_assess.patch \
            file://edit_usage_message.patch \
            file://organize_distro_discovery.patch \
+           file://do_not_apply_config.patch \
            "
 
 SRC_URI[md5sum] = "df803f7e38085aa5da79f85d0539f91b"

recipes-security/bastille/files/do_not_apply_config.patch

@@ -0,0 +1,40 @@
+Upstream Status: Inappropriate [No upstream maintenance]
+
+Signed-off-by: Anne Mulhern <mulhern@yoctoproject.org>
+
+---
+
+Index: Bastille/Bastille_Curses.pm
+===================================================================
+--- Bastille.orig/Bastille_Curses.pm	2013-08-27 16:43:39.130959000 -0400
++++ Bastille/Bastille_Curses.pm	2013-08-27 16:43:39.794959000 -0400
+@@ -83,11 +83,6 @@
+     # Output answers to the script and display
+     &outputConfig;
+ 
+-    # Run Bastille
+-
+-    &Run_Bastille_with_Config;
+-
+-
+     # Display Credits
+ 
+     open CREDITS,"/usr/share/Bastille/Credits";
+Index: Bastille/InteractiveBastille
+===================================================================
+--- Bastille.orig/InteractiveBastille	2013-08-27 16:43:39.434959000 -0400
++++ Bastille/InteractiveBastille	2013-08-27 17:18:55.758959000 -0400
+@@ -531,10 +531,10 @@
+     "       Please address bug reports and suggestions to jay\@bastille-linux.org\n" .
+     "\n";
+ 
+-    $InterfaceEndScreenDescription = "We will now implement the choices you have made here.\n\n" .
++    $InterfaceEndScreenDescription = "We will now record the choices you have made here.\n\n" .
+ 	"Answer NO if you want to go back and make changes!\n";
+-    $InterfaceEndScreenQuestion = "Are you finished answering the questions, i.e. may we make the changes?";
+-    $InterfaceEndScreenNoEpilogue = "Please use Back/Next buttons to move among the questions you wish to\nchange.\n\nChoose YES on this question later to implement your choices.\n";
++    $InterfaceEndScreenQuestion = "Are you finished answering the questions, i.e. may we record the answers and exit?";
++    $InterfaceEndScreenNoEpilogue = "Please use Back/Next buttons to move among the questions you wish to\nchange.\n\nChoose YES on this question later to record your choices.\n";
+     require Bastille_Curses;
+ } elsif ($GLOBAL_AUDITONLY) {
+