Fixed redhat-security tools problems

- added libcap-ng needed recipe
 - tweaked the scripts
 - updated README file

Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>

README

@@ -73,6 +73,10 @@ help for each package.
                           In this mode it will only give a summary result for the package. To find which files don't comply,
                           re-run using just the package name.
 
+		!!! WARNING !!! - in order to use this script you need to add to your conf/local.conf file the following lines:
+						IMAGE_ROOTFS_EXTRA_SPACE = ""  - specifying the extra space of the image
+						IMAGE_FEATURES += "package management" - for the correct output of rpm -qa
+
         - find-nodrop-groups.sh : This will scan a whole file system to see if a program makes calls to change UID
                                   and GID without also calling setgroups or initgroups.
 

recipes-security/libcap-ng/libcap-ng_0.7.3.bb

@@ -0,0 +1,12 @@
+DESCRIPTION = "The libcap-ng library is intended to make programming with posix capabilities much easier than the traditional libcap library."
+HOMEPAGE = "http://people.redhat.com/sgrubb/libcap-ng/index.html"
+LICENSE = "GPL-2.0"
+DEPENDS = "libcap"
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+
+SRC_URI = "http://people.redhat.com/sgrubb/libcap-ng/${PN}-${PV}.tar.gz"
+
+SRC_URI[md5sum] = "610afb774f80a8032b711281df126283"
+SRC_URI[sha256sum] = "5ca441c8d3a1e4cfe8a8151907977662679457311ccaa7eaac91447c33a35bb1"
+
+inherit autotools

recipes-security/redhat-security/files/find-elf4tmp.sh

@@ -19,7 +19,7 @@ if [ $# -ge 2 ] ; then
 	echo "Usage: find_elf4tmp [directory]" 1>&2
 	exit 1
 fi
-if [ ! -x /usr/bin/eu-strings ] ; then
+if [ ! -x /usr/bin/strings ] ; then
 	echo "Skipping due to missing /usr/bin/eu-strings utility"
 	exit 1
 fi
@@ -49,7 +49,7 @@ do
 		# Get just the elf executables
 		testf=`echo $f | /usr/bin/file -n -f - 2>/dev/null | grep ELF`
 		if [ x"$testf" != "x" ] ; then
-			test_res=`/usr/bin/eu-strings $f | /bin/grep '/tmp/' | /bin/egrep -v 'XX|/tmp/$|[ .,:]/tmp/'`
+			test_res=`/usr/bin/strings $f | /bin/grep '/tmp/' | /bin/egrep -v 'XX|/tmp/$|[ .,:]/tmp/'`
 			if [ x"$test_res" = "x" ] ; then
 				continue
 			fi
@@ -64,13 +64,13 @@ do
 			FOUND=1
 
 			# Get the package
-			RPM=`/bin/rpm -qf --queryformat "%{NAME}-%{VERSION}" $f 2>/dev/null | /bin/grep -v 'not owned' | /bin/sort | /usr/bin/uniq`
+			RPM=`/bin/rpm -qf --queryformat "%{NAME}-%{VERSION}" $f 2>/dev/null | /bin/grep -v 'not owned' | /usr/bin/sort | /usr/bin/uniq`
 			if [ x"$RPM" = "x" ] ; then
 				RPM="<unowned>"
 			fi
 
 			# For each tmp string, output the line
-			echo $test_res | /usr/bin/tr '\b' '\n' | /bin/awk 'NF >= 1 { printf "%-46s\t%-30s\t%s\n", f, r, $1 }' r=$RPM f=$f
+			echo $test_res | /usr/bin/tr '\b' '\n' | /usr/bin/awk 'NF >= 1 { printf "%-46s\t%-30s\t%s\n", f, r, $1 }' r=$RPM f=$f
 		fi
 	done
 done

recipes-security/redhat-security/files/rpm-chksec.sh

@@ -242,7 +242,7 @@ if [ "$MODE" = "single" ] ; then
 fi
 
 # Skip the kernel as its special
-packages=`rpm -qa --queryformat "%{NAME}.%{ARCH}\n" | egrep -v 'kernel.|debuginfo.|.noarch|gpg-pubkey' | sort`
+packages=`rpm -qa | egrep -v 'kernel.|debuginfo.|.noarch|gpg-pubkey' | sort`
 printf "%-50s  %-5s  %-4s  %-14s" "PACKAGE" "RELRO" "PIE" "CLASS"
 echo
 for p in $packages

recipes-security/redhat-security/redhat-security_1.0.bb

@@ -5,7 +5,7 @@ LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
 PR = "r0"
 
-RDEPENDS_${PN} = "file"
+RDEPENDS_${PN} = "file libcap-ng rpm rpmresolve procps findutils"
 
 SRC_URI = "file://find-chroot-py.sh \
            file://find-chroot.sh \