mirror of
https://git.yoctoproject.org/meta-security
synced 2026-07-16 03:47:21 +00:00
Security layer version 1.0
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
This commit is contained in:
@@ -15,7 +15,7 @@ This layer depends on:
|
|||||||
prio: default
|
prio: default
|
||||||
|
|
||||||
Adding the security layer to your build
|
Adding the security layer to your build
|
||||||
=================================================
|
========================================
|
||||||
|
|
||||||
In order to use this layer, you need to make the build system aware of
|
In order to use this layer, you need to make the build system aware of
|
||||||
it.
|
it.
|
||||||
@@ -29,8 +29,195 @@ other layers needed. e.g.:
|
|||||||
/path/to/yocto/meta \
|
/path/to/yocto/meta \
|
||||||
/path/to/poky/meta-security \
|
/path/to/poky/meta-security \
|
||||||
|
|
||||||
|
Contents and Help
|
||||||
|
=================
|
||||||
|
|
||||||
|
In this section the contents of the layer is listed, along with a short
|
||||||
|
help for each package.
|
||||||
|
|
||||||
|
== bastille ==
|
||||||
|
|
||||||
|
Bastille is a system hardening / lockdown program which enhances the
|
||||||
|
security of a Unix host. It configures daemons, system settings and
|
||||||
|
firewalls to be more secure. It can shut off unneeded services
|
||||||
|
like rcp and rlogin, and helps create "chroot jails" that help limit the
|
||||||
|
vulnerability of common Internet services like Web services and DNS.
|
||||||
|
|
||||||
|
usage : Bastille can be used via meta-security layer only in command line mode.
|
||||||
|
To start Bastille simply write in a terminal :
|
||||||
|
|
||||||
|
bastille -c
|
||||||
|
|
||||||
|
If this is the first usage of Bastille on the system, the user will be
|
||||||
|
guided through a list of questions which need to be answered. In the end,
|
||||||
|
a config file will be created and run. After these steps, you will have a
|
||||||
|
hardened system.
|
||||||
|
|
||||||
|
If you only want to run the config file, without stepping through the
|
||||||
|
list of questions, simply write in a terminal :
|
||||||
|
|
||||||
|
bastille -b
|
||||||
|
|
||||||
|
More information can be found in the package readme and manual.
|
||||||
|
|
||||||
|
|
||||||
|
== redhat-security ==
|
||||||
|
|
||||||
|
Sometimes you want to check different aspects of a distribution for security problems.
|
||||||
|
This can be anything from file permissions to correctness of code. This is a collection of those tools.
|
||||||
|
Depending on what information the tool has to access, it may need to be run as root.
|
||||||
|
|
||||||
|
- rpm-chksec.sh : This will take an rpm name as input and verify each ELF file to see if its compiled with the intended flags
|
||||||
|
to most effectively use PIE and RELRO. Green is good, Orange could use work but is acceptable, and Red needs fixing.
|
||||||
|
It has a mode --all that is the equivalent of using rpm -qa and feeding the packages to it.
|
||||||
|
In this mode it will only give a summary result for the package. To find which files don't comply,
|
||||||
|
re-run using just the package name.
|
||||||
|
|
||||||
|
- find-nodrop-groups.sh : This will scan a whole file system to see if a program makes calls to change UID
|
||||||
|
and GID without also calling setgroups or initgroups.
|
||||||
|
|
||||||
|
- rpm-drop-groups.sh : Same as above, but takes an rpm name instead.
|
||||||
|
|
||||||
|
- find-chroot.sh : This script scans the whole file system looking for ELF files that calls chroot(2) that also do not include a call to chdir.
|
||||||
|
Programs that fail to do this do not have the cwd inside the chroot. This means the app can escape the protection that was intended.
|
||||||
|
|
||||||
|
- find-chroot-py.sh : This test is like the one above except it examines python scripts for the same problem.
|
||||||
|
|
||||||
|
- find-execstack.sh : This program scans the whole file system for ELF programs that have marked the stack as being executable.
|
||||||
|
This means that if the program has another vulnerablity such as stack buffer overflow,
|
||||||
|
any code the attacker places there is executable. Any program found must be fixed.
|
||||||
|
|
||||||
|
- find-hidden-exec.sh : This program scans the whole file system looking for excutables that are hidden.
|
||||||
|
Anything found must be investigated since its highly unusual for executables to be hidden.
|
||||||
|
|
||||||
|
- find-sh4errors.sh : This program scans the whole file system looking for shell scripts.
|
||||||
|
It then does a sh -n on the script which causes bash to parse the file to see if there are any mistakes.
|
||||||
|
|
||||||
|
- selinux-check-devices.sh : This script checks the /dev directory to see if there are any devices that are not correctly labeled.
|
||||||
|
Anything found by this test should be reported so that selinux policy can be fixed.
|
||||||
|
This test is very hardware specific, so to be effective a lot of people with different hardware
|
||||||
|
should run this test each upstream kernel version release.
|
||||||
|
|
||||||
|
- selinux-ls-unconfined.sh : This script scans the running processes and looks for anything labeled with initrc_t or inetd.
|
||||||
|
These both mean that there are daemons that do not have policy and are therefore running unconfined.
|
||||||
|
These should be reported as SE Linux policy problems. Because it checks currently running daemons,
|
||||||
|
the more you have running, the better the test is.
|
||||||
|
|
||||||
|
- find-sh4tmp.sh : This script scans the whole filesystem to check if shell scripts are using well known tmp file names
|
||||||
|
instead of obscure ones created by something like mktemp.
|
||||||
|
|
||||||
|
- find-elf4tmp.sh : This script scans the whole file system for ELF files using /tmp. When it finds this,
|
||||||
|
it also looks to see if any of the known good random name generator functions is called by looking
|
||||||
|
at the symbol table. If not, it will output the string.
|
||||||
|
|
||||||
|
- lib-bin-check.sh : This will check all installed library packages to see if an application is also part of the package.
|
||||||
|
The relationship to security is that the SHA256 hash check will fail if a 32 bit version overwrites it.
|
||||||
|
Also, the less binaries on a system, the more secure it is by virtue of removing the chance for an exploitable bug.
|
||||||
|
|
||||||
|
|
||||||
|
usage : simply invoke the script name in the terminal.
|
||||||
|
|
||||||
|
|
||||||
|
== pax-utils ==
|
||||||
|
|
||||||
|
pax-utils is a small set of various PaX aware and related utilities for
|
||||||
|
ELF binaries.
|
||||||
|
|
||||||
|
- scanelf : With this application you can print out information specific to the ELF structure of a binary.
|
||||||
|
For more help please consult the man pages or the readme file.
|
||||||
|
|
||||||
|
- pspax : is a user-space utility that scans the proc directory and list
|
||||||
|
ELF types, as well as their respective PaX flags and filenames and
|
||||||
|
attributes. Depending on build options, it may additionaly display the
|
||||||
|
process running set of capabilities.
|
||||||
|
|
||||||
|
- scanmacho : is a user-space utility to quickly scan given
|
||||||
|
Mach-Os, directories, or common system paths for different information. This
|
||||||
|
may include Mach-O types, their install_names, etc.
|
||||||
|
|
||||||
|
- dumpelf : is a user-space utility to dump all of the internal
|
||||||
|
ELF structures into the equivalent C structures for fun debugging and/or
|
||||||
|
reference purposes.
|
||||||
|
|
||||||
|
|
||||||
|
usage : simply invoke the script name in the terminal.
|
||||||
|
|
||||||
|
|
||||||
|
== buck-security ==
|
||||||
|
|
||||||
|
Buck-Security is a security scanner for Debian and Ubuntu Linux. It runs a couple of important checks and helps you to harden your Linux
|
||||||
|
system. This enables you to quickly overview the security status of your Linux system.
|
||||||
|
|
||||||
|
usage : switch to directory /usr/local/buck-security.
|
||||||
|
before running the script, you should check the activated checks in conf/buck-security.conf file.
|
||||||
|
after altering the changes, save the file and simply run :
|
||||||
|
|
||||||
|
./buck-security
|
||||||
|
|
||||||
|
you can choose between different outputs : 1, 2(default) or 3.
|
||||||
|
|
||||||
|
More detailed usage can be found typing ./buck-security --help
|
||||||
|
|
||||||
|
|
||||||
|
== libseccomp ==
|
||||||
|
|
||||||
|
The libseccomp library provides and easy to use, platform independent, interface to the Linux Kernel's syscall filtering mechanism: seccomp.
|
||||||
|
The libseccomp API is designed to abstract away the underlying BPF based syscall filter language and present a more conventional
|
||||||
|
function-call based filtering interface that should be familiar to, and easily adopted by application developers.
|
||||||
|
|
||||||
|
usage : More detailed usage can be found in the man pages and README file of the package.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
== checksecurity ==
|
||||||
|
|
||||||
|
checksecurity is a simple package which will scan your system for several simple security holes.
|
||||||
|
It uses a simple collection of plugins, all of which are shell scripts which are configured by environmental variables.
|
||||||
|
|
||||||
|
!! IMPORTANT !!
|
||||||
|
|
||||||
|
When including this package in the image, please consider adding the following line to the end of the conf/local.conf file:
|
||||||
|
|
||||||
|
CORE_IMAGE_EXTRA_INSTALL = "coreutils"
|
||||||
|
|
||||||
|
usage : To start checksecurity simply write in the terminal :
|
||||||
|
|
||||||
|
checksecurity
|
||||||
|
|
||||||
|
More detailed usage can be found in the man pages and README file of the package.
|
||||||
|
|
||||||
|
|
||||||
|
== nikto ==
|
||||||
|
|
||||||
|
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items,
|
||||||
|
including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific
|
||||||
|
problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files,
|
||||||
|
HTTP server options, and will attempt to identify installed web servers and software.
|
||||||
|
|
||||||
|
usage : To start nikto simply write in the terminal :
|
||||||
|
|
||||||
|
nikto
|
||||||
|
|
||||||
|
More detailed usage can be found in the man pages and README file of the package.
|
||||||
|
|
||||||
|
|
||||||
|
== nmap ==
|
||||||
|
|
||||||
|
Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.
|
||||||
|
Many systems and network administrators also find it useful for tasks such as network inventory,
|
||||||
|
managing service upgrade schedules, and monitoring host or service uptime.
|
||||||
|
|
||||||
|
usage : To start nikto simply write in the terminal :
|
||||||
|
|
||||||
|
nmap
|
||||||
|
|
||||||
|
More detailed usage can be found in the man pages and README file of the package.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
License
|
License
|
||||||
-------
|
=======
|
||||||
|
|
||||||
All metadata is MIT licensed unless otherwise stated. Source code included
|
All metadata is MIT licensed unless otherwise stated. Source code included
|
||||||
in tree for individual recipes is under the LICENSE stated in each recipe
|
in tree for individual recipes is under the LICENSE stated in each recipe
|
||||||
|
|||||||
@@ -1,19 +0,0 @@
|
|||||||
SUMMARY = "e-mail filter"
|
|
||||||
DESCRIPTION = "SpamAssassin is a mail filter which attempts to identify spam using a variety of mechanisms including text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases."
|
|
||||||
SECTION = "security"
|
|
||||||
LICENSE = "GPL-2.0"
|
|
||||||
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
|
|
||||||
DEPENDS = "perl"
|
|
||||||
|
|
||||||
SRC_URI = "http://apache.mirrors.hoobly.com/spamassassin/source/${PN}-${PV}.tar.gz"
|
|
||||||
|
|
||||||
SRC_URI[md5sum] = "d1d62cc5c6eac57e88c4006d9633b81e"
|
|
||||||
SRC_URI[sha256sum] = "5323038939a0ef9fc97d5264defce3ae1d95e98b3a94c4c3b583341c927f32df"
|
|
||||||
|
|
||||||
EXTRA_CPANFLAGS = "EXPATLIBPATH=${STAGING_LIBDIR} EXPATINCPATH=${STAGING_INCDIR}"
|
|
||||||
inherit cpan
|
|
||||||
|
|
||||||
do_compile(){
|
|
||||||
export LIBC="$(find ${STAGING_DIR_TARGET}/${base_libdir}/ -name 'libc-*.so')"
|
|
||||||
cpan_do_compile
|
|
||||||
}
|
|
||||||
@@ -4,6 +4,7 @@ LICENSE = "GPLv2"
|
|||||||
LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b"
|
LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b"
|
||||||
# Bash is needed for set +o privileged (check busybox), might also need ncurses
|
# Bash is needed for set +o privileged (check busybox), might also need ncurses
|
||||||
RDEPENDS_${PN} = "perl bash tcl perl-module-getopt-long perl-module-text-wrap lib-perl perl-module-file-path perl-module-mime-base64 perl-module-file-find perl-module-errno perl-module-file-glob perl-module-tie-hash-namedcapture perl-module-file-copy perl-module-english perl-module-exporter perl-module-cwd curses-perl coreutils"
|
RDEPENDS_${PN} = "perl bash tcl perl-module-getopt-long perl-module-text-wrap lib-perl perl-module-file-path perl-module-mime-base64 perl-module-file-find perl-module-errno perl-module-file-glob perl-module-tie-hash-namedcapture perl-module-file-copy perl-module-english perl-module-exporter perl-module-cwd curses-perl coreutils"
|
||||||
|
FILES_${PN} += "/run/lock/subsys/bastille"
|
||||||
|
|
||||||
inherit allarch
|
inherit allarch
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,36 @@
|
|||||||
|
From e10b9b1f6704057ace39956ae1dc5c7caca07ff1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrei Dinu <andrei.adrianx.dinu@intel.com>
|
||||||
|
Date: Mon, 8 Jul 2013 11:53:54 +0300
|
||||||
|
Subject: [PATCH] Setting the location of nikto on the image
|
||||||
|
|
||||||
|
Upstream Status: Inapropriate
|
||||||
|
|
||||||
|
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
|
||||||
|
---
|
||||||
|
nikto.conf | 10 +++++-----
|
||||||
|
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/nikto.conf b/nikto.conf
|
||||||
|
index 25b784d..9577033 100644
|
||||||
|
--- a/nikto.conf
|
||||||
|
+++ b/nikto.conf
|
||||||
|
@@ -61,11 +61,11 @@ CIRT=174.142.17.165
|
||||||
|
CHECKMETHODS=HEAD GET
|
||||||
|
|
||||||
|
# If you want to specify the location of any of the files, specify them here
|
||||||
|
-# EXECDIR=/opt/nikto # Location of Nikto
|
||||||
|
-# PLUGINDIR=/opt/nikto/plugins # Location of plugin dir
|
||||||
|
-# DBDIR=/opt/nikto/databases # Location of plugin dir
|
||||||
|
-# TEMPLATEDIR=/opt/nikto/templates # Location of tempmlate dir
|
||||||
|
-# DOCDIR=/opt/nikto/docs # Location of docs dir
|
||||||
|
+EXECDIR=/usr/bin/nikto # Location of Nikto
|
||||||
|
+PLUGINDIR=/etc/nikto/plugins # Location of plugin dir
|
||||||
|
+DBDIR=/etc/nikto/databases # Location of plugin dir
|
||||||
|
+TEMPLATEDIR=/etc/nikto/templates # Location of tempmlate dir
|
||||||
|
+DOCDIR=/usr/share/doc/nikto # Location of docs dir
|
||||||
|
|
||||||
|
# Default plugin macros
|
||||||
|
@@MUTATE=dictionary;subdomain
|
||||||
|
--
|
||||||
|
1.7.9.5
|
||||||
|
|
||||||
@@ -0,0 +1,101 @@
|
|||||||
|
SUMMARY = "web server scanner"
|
||||||
|
DESCRIPTION = "Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous \
|
||||||
|
files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers."
|
||||||
|
SECTION = "security"
|
||||||
|
LICENSE = "GPLv2"
|
||||||
|
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
|
||||||
|
RDEPENDS_${PN} = "perl libnet-ssleay-perl perl-module-getopt-long perl-module-time-local perl-module-io-socket nikto-doc"
|
||||||
|
|
||||||
|
SRC_URI = "http://cirt.net/nikto/${PN}-${PV}.tar.gz \
|
||||||
|
file://location.patch"
|
||||||
|
|
||||||
|
SRC_URI[md5sum] = "efcc98a918becb77471ee9a5df0a7b1e"
|
||||||
|
SRC_URI[sha256sum] = "0e672a6a46bf2abde419a0e8ea846696d7f32e99ad18a6b405736ee6af07509f"
|
||||||
|
|
||||||
|
do_install() {
|
||||||
|
install -d ${D}${bindir}
|
||||||
|
install -d ${D}${datadir}
|
||||||
|
install -d ${D}${datadir}/man/man1
|
||||||
|
install -d ${D}${datadir}/doc/nikto
|
||||||
|
install -d ${D}${sysconfdir}/nikto
|
||||||
|
install -d ${D}${sysconfdir}/nikto/databases
|
||||||
|
install -d ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -d ${D}${sysconfdir}/nikto/templates
|
||||||
|
|
||||||
|
install -m 0644 databases/db_404_strings ${D}${sysconfdir}/nikto/databases
|
||||||
|
install -m 0644 databases/db_content_search ${D}${sysconfdir}/nikto/databases
|
||||||
|
install -m 0644 databases/db_dictionary ${D}${sysconfdir}/nikto/databases
|
||||||
|
install -m 0644 databases/db_embedded ${D}${sysconfdir}/nikto/databases
|
||||||
|
install -m 0644 databases/db_favicon ${D}${sysconfdir}/nikto/databases
|
||||||
|
install -m 0644 databases/db_headers ${D}${sysconfdir}/nikto/databases
|
||||||
|
install -m 0644 databases/db_httpoptions ${D}${sysconfdir}/nikto/databases
|
||||||
|
install -m 0644 databases/db_multiple_index ${D}${sysconfdir}/nikto/databases
|
||||||
|
install -m 0644 databases/db_outdated ${D}${sysconfdir}/nikto/databases
|
||||||
|
install -m 0644 databases/db_parked_strings ${D}${sysconfdir}/nikto/databases
|
||||||
|
install -m 0644 databases/db_realms ${D}${sysconfdir}/nikto/databases
|
||||||
|
install -m 0644 databases/db_server_msgs ${D}${sysconfdir}/nikto/databases
|
||||||
|
install -m 0644 databases/db_subdomains ${D}${sysconfdir}/nikto/databases
|
||||||
|
install -m 0644 databases/db_tests ${D}${sysconfdir}/nikto/databases
|
||||||
|
install -m 0644 databases/db_variables ${D}${sysconfdir}/nikto/databases
|
||||||
|
|
||||||
|
install -m 0644 plugins/JSON-PP.pm ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/LW2.pm ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_apache_expect_xss.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_apacheusers.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_auth.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_cgi.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_clientaccesspolicy.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_content_search.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_cookies.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_core.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_dictionary_attack.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_embedded.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_favicon.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_fileops.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_headers.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_httpoptions.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_msgs.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_multiple_index.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_outdated.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_parked.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_paths.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_put_del_test.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_report_csv.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_report_html.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_report_msf.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_report_nbe.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_report_text.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_report_xml.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_robots.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_siebel.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_ssl.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_subdomain.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
install -m 0644 plugins/nikto_tests.plugin ${D}${sysconfdir}/nikto/plugins
|
||||||
|
|
||||||
|
install -m 0644 templates/htm_close.tmpl ${D}${sysconfdir}/nikto/templates
|
||||||
|
install -m 0644 templates/htm_end.tmpl ${D}${sysconfdir}/nikto/templates
|
||||||
|
install -m 0644 templates/htm_host_head.tmpl ${D}${sysconfdir}/nikto/templates
|
||||||
|
install -m 0644 templates/htm_host_im.tmpl ${D}${sysconfdir}/nikto/templates
|
||||||
|
install -m 0644 templates/htm_host_item.tmpl ${D}${sysconfdir}/nikto/templates
|
||||||
|
install -m 0644 templates/htm_start.tmpl ${D}${sysconfdir}/nikto/templates
|
||||||
|
install -m 0644 templates/htm_stop.tmpl ${D}${sysconfdir}/nikto/templates
|
||||||
|
install -m 0644 templates/htm_start.tmpl ${D}${sysconfdir}/nikto/templates
|
||||||
|
install -m 0644 templates/htm_summary.tmpl ${D}${sysconfdir}/nikto/templates
|
||||||
|
install -m 0644 templates/xml_end.tmpl ${D}${sysconfdir}/nikto/templates
|
||||||
|
install -m 0644 templates/xml_host_head.tmpl ${D}${sysconfdir}/nikto/templates
|
||||||
|
install -m 0644 templates/xml_host_im.tmpl ${D}${sysconfdir}/nikto/templates
|
||||||
|
install -m 0644 templates/xml_host_item.tmpl ${D}${sysconfdir}/nikto/templates
|
||||||
|
install -m 0644 templates/xml_start.tmpl ${D}${sysconfdir}/nikto/templates
|
||||||
|
install -m 0644 templates/xml_summary.tmpl ${D}${sysconfdir}/nikto/templates
|
||||||
|
|
||||||
|
install -m 0644 nikto.conf ${D}${sysconfdir}
|
||||||
|
|
||||||
|
install -m 0755 nikto.pl ${D}${bindir}/nikto
|
||||||
|
install -m 0644 replay.pl ${D}${bindir}
|
||||||
|
install -m 0644 docs/nikto.1 ${D}${datadir}/man/man1
|
||||||
|
|
||||||
|
install -m 0644 docs/CHANGES.txt ${D}${datadir}/doc/nikto
|
||||||
|
install -m 0644 docs/LICENSE.txt ${D}${datadir}/doc/nikto
|
||||||
|
install -m 0644 docs/nikto.dtd ${D}${datadir}/doc/nikto
|
||||||
|
install -m 0644 docs/nikto_manual.html ${D}${datadir}/doc/nikto
|
||||||
|
}
|
||||||
@@ -3,6 +3,7 @@ DESCRIPTION = "Nmap ("Network Mapper") is a free and open source (license) utili
|
|||||||
SECTION = "security"
|
SECTION = "security"
|
||||||
LICENSE = "GPL-2.0"
|
LICENSE = "GPL-2.0"
|
||||||
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
|
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
|
||||||
|
FILES_${PN} += "${target_datadir}/ncat"
|
||||||
|
|
||||||
SRC_URI = "http://nmap.org/dist/${PN}-${PV}.tar.bz2 \
|
SRC_URI = "http://nmap.org/dist/${PN}-${PV}.tar.bz2 \
|
||||||
file://lua.patch"
|
file://lua.patch"
|
||||||
@@ -12,6 +13,8 @@ SRC_URI[sha256sum] = "3349cc6d36b86b95ca2b8075d16615a3a598cef494920d6652f9a8bf9f
|
|||||||
|
|
||||||
inherit autotools
|
inherit autotools
|
||||||
|
|
||||||
|
DEPENDS = "libpcap"
|
||||||
|
|
||||||
EXTRA_OECONF = "--without-liblua --without-zenmap"
|
EXTRA_OECONF = "--without-liblua --without-zenmap"
|
||||||
|
|
||||||
do_configure() {
|
do_configure() {
|
||||||
|
|||||||
@@ -1,13 +0,0 @@
|
|||||||
DESCRIPTION = "The module OpenVAS-CLI collects command line tools to handle with the OpenVAS services via the respective protocols."
|
|
||||||
SECTION = "security"
|
|
||||||
LICENSE = "GPL-2.0"
|
|
||||||
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
|
|
||||||
|
|
||||||
DEPENDS = "gnutls openvas-libraries glib-2.0"
|
|
||||||
|
|
||||||
SRC_URI = "http://wald.intevation.org/frs/download.php/1323/${PN}-${PV}.tar.gz"
|
|
||||||
|
|
||||||
SRC_URI[md5sum] = "e712eb71f3a13cc1b70b50f696465f8e"
|
|
||||||
SRC_URI[sha256sum] = "d195ca01a44940d1e6fd2ad54ee4fc9b57a3d103235f0a1f05a8b35d97db6be8"
|
|
||||||
|
|
||||||
inherit cmake pkgconfig
|
|
||||||
@@ -1,36 +0,0 @@
|
|||||||
From f498503889b8178f165afa66dc33aa8ad8901371 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andrei Dinu <andrei.adrianx.dinu@intel.com>
|
|
||||||
Date: Fri, 28 Jun 2013 09:38:08 +0300
|
|
||||||
Subject: [PATCH] removed the g_type_init()
|
|
||||||
|
|
||||||
The function is depricated in glib >= 2.35.0 and is
|
|
||||||
automatically called.
|
|
||||||
|
|
||||||
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
|
|
||||||
---
|
|
||||||
base/openvas_file.c | 2 --
|
|
||||||
1 file changed, 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/base/openvas_file.c b/base/openvas_file.c
|
|
||||||
index 8597198..d110c7f 100644
|
|
||||||
--- a/base/openvas_file.c
|
|
||||||
+++ b/base/openvas_file.c
|
|
||||||
@@ -164,7 +164,6 @@ openvas_file_copy (const gchar *source_file, const gchar *dest_file)
|
|
||||||
GFile *sfile, *dfile;
|
|
||||||
GError *error;
|
|
||||||
|
|
||||||
- g_type_init ();
|
|
||||||
sfile = g_file_new_for_path (source_file);
|
|
||||||
dfile = g_file_new_for_path (dest_file);
|
|
||||||
error = NULL;
|
|
||||||
@@ -200,7 +199,6 @@ openvas_file_move (const gchar *source_file, const gchar *dest_file)
|
|
||||||
GFile *sfile, *dfile;
|
|
||||||
GError *error;
|
|
||||||
|
|
||||||
- g_type_init ();
|
|
||||||
sfile = g_file_new_for_path (source_file);
|
|
||||||
dfile = g_file_new_for_path (dest_file);
|
|
||||||
error = NULL;
|
|
||||||
--
|
|
||||||
1.7.9.5
|
|
||||||
|
|
||||||
@@ -1,14 +0,0 @@
|
|||||||
DESCRIPTION = "This is the libraries module for the Open Vulnerability Assessment System (OpenVAS)."
|
|
||||||
SECTION = "security"
|
|
||||||
LICENSE = "GPL-2.0"
|
|
||||||
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
|
|
||||||
|
|
||||||
DEPENDS = "bison flex gpgme glib-2.0"
|
|
||||||
|
|
||||||
SRC_URI = "http://wald.intevation.org/frs/download.php/1303/${PN}-${PV}.tar.gz \
|
|
||||||
file://g_type_init.patch"
|
|
||||||
|
|
||||||
SRC_URI[md5sum] = "0e8b73ee4ad5b36984b5d7be5d6bdfc0"
|
|
||||||
SRC_URI[sha256sum] = "50d23afd46f7b49c4cb82a6500b0fe1fb53378af5efce95fd275ea33c879e1dd"
|
|
||||||
|
|
||||||
inherit cmake pkgconfig
|
|
||||||
@@ -0,0 +1,73 @@
|
|||||||
|
From 34698c7f561fb575293a1c991a71e1b4ddc5ae73 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrei Dinu <andrei.adrianx.dinu@intel.com>
|
||||||
|
Date: Fri, 5 Jul 2013 11:56:58 +0300
|
||||||
|
Subject: [PATCH] Mandir and perl install dir were overwritten with faulty
|
||||||
|
information in the Makefile. Now the Mandir and perl
|
||||||
|
install dir are sent via paramters from the recipe.
|
||||||
|
|
||||||
|
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
|
||||||
|
---
|
||||||
|
Makefile.pl | 12 +++++++-----
|
||||||
|
1 file changed, 7 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Makefile.pl b/Makefile.pl
|
||||||
|
index 9ca5602..8776e18 100644
|
||||||
|
--- a/Makefile.pl
|
||||||
|
+++ b/Makefile.pl
|
||||||
|
@@ -131,6 +131,8 @@ foreach (keys %MODULES){
|
||||||
|
|
||||||
|
# adjust DESTDIR, if needed
|
||||||
|
$DESTDIR = $ENV{DESTDIR} if(defined $ENV{DESTDIR});
|
||||||
|
+$MANDIR = $ENV{MANDIR} if(defined $ENV{MANDIR});
|
||||||
|
+$INSTALLDIR = $ENV{INSTALLDIR} if(defined $ENV{INSTALLDIR});
|
||||||
|
|
||||||
|
# parse command line build options
|
||||||
|
while($COMMAND = shift @ARGV){
|
||||||
|
@@ -171,7 +173,7 @@ sub command_install_pod {
|
||||||
|
command_build() if(!-e $TARGET);
|
||||||
|
die("Can not install without Config.pm") if($MODULES{Config}==0);
|
||||||
|
$CWD=&cwd if($MODULES{Cwd}>0);
|
||||||
|
- my $where=$DESTDIR . $Config{'man3direxp'};
|
||||||
|
+ my $where=$DESTDIR . $MANDIR;
|
||||||
|
my $t = $TARGET;
|
||||||
|
if($LIBRARY){
|
||||||
|
$t="$PACKAGE.3pm";
|
||||||
|
@@ -219,7 +221,7 @@ sub command_install_pod {
|
||||||
|
sub command_uninstall_pod {
|
||||||
|
die("Can not uninstall without Config.pm") if($MODULES{Config}==0);
|
||||||
|
$CWD=&cwd if($MODULES{Cwd}>0);
|
||||||
|
- my $where=$DESTDIR . $Config{'man3direxp'};
|
||||||
|
+ my $where=$DESTDIR . $MANDIR;
|
||||||
|
my $t = $TARGET;
|
||||||
|
if($LIBRARY){
|
||||||
|
$t="$PACKAGE.3pm";
|
||||||
|
@@ -243,7 +245,7 @@ sub command_install_library {
|
||||||
|
command_build() if(!-e $TARGET);
|
||||||
|
die("Can not install without Config.pm") if($MODULES{Config}==0);
|
||||||
|
$CWD=&cwd if($MODULES{Cwd}>0);
|
||||||
|
- my $where=$DESTDIR . $Config{'installsitelib'};
|
||||||
|
+ my $where=$DESTDIR . $INSTALLDIR;
|
||||||
|
if(!-e $where){
|
||||||
|
print STDOUT "WARNING!\n\n",
|
||||||
|
"The local perl site directory does not exist:\n",
|
||||||
|
@@ -271,7 +273,7 @@ sub command_install_library {
|
||||||
|
sub command_uninstall_library {
|
||||||
|
die("Can not uninstall without Config.pm") if($MODULES{Config}==0);
|
||||||
|
$CWD=&cwd if($MODULES{Cwd}>0);
|
||||||
|
- my $where=$DESTDIR . $Config{'installsitelib'};
|
||||||
|
+ my $where=$DESTDIR . $INSTALLDIR;
|
||||||
|
chdir($where);
|
||||||
|
if(-e $TARGET){
|
||||||
|
unlink $TARGET;
|
||||||
|
@@ -401,7 +403,7 @@ sub command_socket_diag {
|
||||||
|
sub command_install_compat {
|
||||||
|
die("Can not install without Config.pm") if($MODULES{Config}==0);
|
||||||
|
$CWD=&cwd if($MODULES{Cwd}>0);
|
||||||
|
- my $where=$DESTDIR . $Config{'installsitelib'};
|
||||||
|
+ my $where=$DESTDIR . $INSTALLDIR;
|
||||||
|
if(!-e $where){
|
||||||
|
print STDOUT "WARNING!\n\n",
|
||||||
|
"The local perl site directory does not exist:\n",
|
||||||
|
--
|
||||||
|
1.7.9.5
|
||||||
|
|
||||||
@@ -0,0 +1,25 @@
|
|||||||
|
DESCRIPTION = "This package contains the Parser.pm module with friends."
|
||||||
|
|
||||||
|
SECTION = "libs"
|
||||||
|
LICENSE = "Artistic-1.0 | GPL-1.0+"
|
||||||
|
|
||||||
|
LIC_FILES_CHKSUM = "file://README;md5=6c3dacf9f405c7483870ab5f148770c3"
|
||||||
|
|
||||||
|
DEPENDS += "perl"
|
||||||
|
|
||||||
|
SRC_URI = "http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/HTML-Parser-${PV}.tar.gz"
|
||||||
|
|
||||||
|
SRC_URI[md5sum] = "9128a45893097dfa3bf03301b19c5efe"
|
||||||
|
SRC_URI[sha256sum] = "be918b3749d3ff93627f72ee4b825683332ecb4c81c67a3a8d72b0435ffbd802"
|
||||||
|
|
||||||
|
S = "${WORKDIR}/HTML-Parser-${PV}"
|
||||||
|
|
||||||
|
EXTRA_CPANFLAGS = "EXPATLIBPATH=${STAGING_LIBDIR} EXPATINCPATH=${STAGING_INCDIR}"
|
||||||
|
|
||||||
|
inherit cpan
|
||||||
|
|
||||||
|
do_compile() {
|
||||||
|
export LIBC="$(find ${STAGING_DIR_TARGET}/${base_libdir}/ -name 'libc-*.so')"
|
||||||
|
cpan_do_compile
|
||||||
|
}
|
||||||
|
BBCLASSEXTEND = "native"
|
||||||
@@ -0,0 +1,25 @@
|
|||||||
|
DESCRIPTION = "This package contains the DNS.pm module with friends."
|
||||||
|
|
||||||
|
SECTION = "libs"
|
||||||
|
LICENSE = "Artistic-1.0 | GPL-1.0+"
|
||||||
|
|
||||||
|
LIC_FILES_CHKSUM = "file://README;md5=f21d77d9c6b56a07470bbce561b169e3"
|
||||||
|
|
||||||
|
DEPENDS += "perl"
|
||||||
|
|
||||||
|
SRC_URI = "http://search.cpan.org/CPAN/authors/id/N/NL/NLNETLABS/Net-DNS-${PV}.tar.gz"
|
||||||
|
|
||||||
|
SRC_URI[md5sum] = "393e48ec6f28abe5ed30204276e02775"
|
||||||
|
SRC_URI[sha256sum] = "a62cae0be54a9684c305456cb95515a0bd3128d6ef3093b6069fe8e8e8d5943f"
|
||||||
|
|
||||||
|
S = "${WORKDIR}/Net-DNS-${PV}"
|
||||||
|
|
||||||
|
EXTRA_CPANFLAGS = "EXPATLIBPATH=${STAGING_LIBDIR} EXPATINCPATH=${STAGING_INCDIR}"
|
||||||
|
|
||||||
|
inherit cpan
|
||||||
|
|
||||||
|
do_compile() {
|
||||||
|
export LIBC="$(find ${STAGING_DIR_TARGET}/${base_libdir}/ -name 'libc-*.so')"
|
||||||
|
cpan_do_compile
|
||||||
|
}
|
||||||
|
BBCLASSEXTEND = "native"
|
||||||
@@ -0,0 +1,24 @@
|
|||||||
|
DESCRIPTION = "Perl module for using OpenSSL"
|
||||||
|
|
||||||
|
SECTION = "libs"
|
||||||
|
LICENSE = "Artistic-1.0 | GPL-1.0+"
|
||||||
|
|
||||||
|
LIC_FILES_CHKSUM = "file://README;md5=94ec8036b939a2e3c9b5e7f10af8f4ee"
|
||||||
|
|
||||||
|
DEPENDS += "perl openssl"
|
||||||
|
|
||||||
|
SRC_URI = "http://search.cpan.org/CPAN/authors/id/M/MI/MIKEM/Net-SSLeay-${PV}.tar.gz"
|
||||||
|
|
||||||
|
SRC_URI[md5sum] = "473b8d66ca69d5784bb0e428721f58e0"
|
||||||
|
SRC_URI[sha256sum] = "8cd5f09722e07b4e436102cb3a4b93623d753c171665ca9752c3b39a62ea3a79"
|
||||||
|
|
||||||
|
S = "${WORKDIR}/Net-SSLeay-${PV}"
|
||||||
|
|
||||||
|
EXTRA_CPANFLAGS = "INC='-I${STAGING_INCDIR}' LIBS='-L${STAGING_LIBDIR} -lssl -lcrypto -lz'"
|
||||||
|
|
||||||
|
inherit cpan
|
||||||
|
|
||||||
|
do_compile() {
|
||||||
|
export LIBC="$(find ${STAGING_DIR_TARGET}/${base_libdir}/ -name 'libc-*.so')"
|
||||||
|
cpan_do_compile
|
||||||
|
}
|
||||||
@@ -0,0 +1,24 @@
|
|||||||
|
DESCRIPTION = "This package contains the IP.pm module with friends."
|
||||||
|
|
||||||
|
SECTION = "libs"
|
||||||
|
LICENSE = "Artistic-1.0 | GPL-1.0+"
|
||||||
|
|
||||||
|
LIC_FILES_CHKSUM = "file://Copying;md5=cde580764a0fbc0f02fafde4c65d6227"
|
||||||
|
|
||||||
|
DEPENDS += "perl"
|
||||||
|
|
||||||
|
SRC_URI = "http://search.cpan.org/CPAN/authors/id/M/MI/MIKER/NetAddr-IP-${PV}.tar.gz"
|
||||||
|
|
||||||
|
SRC_URI[md5sum] = "7721135fcea390327f75421a6b701144"
|
||||||
|
SRC_URI[sha256sum] = "96739afc484eca1597c4f4b520864b342169c8fdeef486778511e5a1527ba4e7"
|
||||||
|
|
||||||
|
S = "${WORKDIR}/NetAddr-IP-${PV}"
|
||||||
|
|
||||||
|
EXTRA_CPANFLAGS = "EXPATLIBPATH=${STAGING_LIBDIR} EXPATINCPATH=${STAGING_INCDIR}"
|
||||||
|
|
||||||
|
inherit cpan
|
||||||
|
|
||||||
|
do_compile() {
|
||||||
|
cpan_do_compile
|
||||||
|
}
|
||||||
|
BBCLASSEXTEND = "native"
|
||||||
@@ -0,0 +1,24 @@
|
|||||||
|
DESCRIPTION = "Libwhisker is a Perl module geared specificly for HTTP testing."
|
||||||
|
|
||||||
|
SECTION = "libs"
|
||||||
|
LICENSE = "Artistic-1.0 | GPL-1.0+"
|
||||||
|
|
||||||
|
LIC_FILES_CHKSUM = "file://LICENSE;md5=254b8e29606fce6d1c1a4c9e32354573"
|
||||||
|
|
||||||
|
DEPENDS = "perl"
|
||||||
|
|
||||||
|
SRC_URI = "http://sourceforge.net/projects/whisker/files/libwhisker/${PV}/libwhisker2-${PV}.tar.gz \
|
||||||
|
file://libwhisker2.patch"
|
||||||
|
|
||||||
|
SRC_URI[md5sum] = "7cc1718dddde8f9a439d5622ae2f37eb"
|
||||||
|
SRC_URI[sha256sum] = "f45a1cf2ad2637b29dd1b13d7221ea12e3923ea09d107ced446400f19070a42f"
|
||||||
|
|
||||||
|
S = "${WORKDIR}/libwhisker2-2.5"
|
||||||
|
|
||||||
|
inherit cpan-base perlnative
|
||||||
|
|
||||||
|
do_install() {
|
||||||
|
install -d 755 ${D}${PERLLIBDIRS}/vendor_perl/${PERLVERSION}
|
||||||
|
install -d 755 ${D}${datadir}/perl/${PERLVERSION}
|
||||||
|
oe_runmake install DESTDIR=${D} INSTALLDIR=${PERLLIBDIRS}/vendor_perl/${PERLVERSION} MANDIR=${datadir}/perl/${PERLVERSION}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user