meta-security

mirror of https://git.yoctoproject.org/meta-security synced 2026-05-07 04:58:47 +00:00

Author	SHA1	Message	Date
Armin Kuster	7b287954f7	initramfs: clean up to pull in packages. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-28 07:38:52 -07:00
Armin Kuster	d1d4e78708	data: remove policies Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-28 07:38:52 -07:00
Armin Kuster	cf0123e130	policy: add ima appraise all policy Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-28 07:38:52 -07:00
Armin Kuster	1293478068	ima_policy_simple: add another sample policy Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-28 07:38:52 -07:00
Armin Kuster	c84f39f8e0	ima-policy-hashed: add new recipe Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-28 07:38:52 -07:00
Armin Kuster	8910674d19	base-files: add appending to automount securityfs Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-28 07:38:52 -07:00
Armin Kuster	e7771ce287	linux: update bbappend remove untested code Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-28 07:38:52 -07:00
Armin Kuster	f26869aef3	ima.cfg: update to 5.0 kernel Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-28 07:38:52 -07:00
Armin Kuster	756a1649b7	ima-evm-utils: cleanup and update to tip update to tip backported patches to fix build issues. fix native support Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-28 07:38:52 -07:00
Armin Kuster	d86d3353b2	README: update Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-28 07:38:52 -07:00
Armin Kuster	b2587711d1	layer.conf: add LAYERSERIES_COMPAT Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-28 07:38:52 -07:00
Armin Kuster	6680225c05	meta-integrity: port over from meta-intel-iot-security Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-28 07:38:41 -07:00
leimaohui	479d9cc23a	python3-fail2ban: Fix build error of xrange. NameError: name 'xrange' is not defined Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-21 08:18:36 -07:00
Armin Kuster	56d6256c83	checksec: add runtime test Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-21 08:18:36 -07:00
Armin Kuster	28629fe8a4	keyutils: fix library install path [v2] fix multilib support Als add native support Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-21 08:18:36 -07:00
Armin Kuster	7b9206d346	checksec: update to 1.11.1 * checksec.sh: Updated to 1.11.1 * checksec.sh: resolved issues with readelf * checksec.sh: Added docker images for testing * checksec.sh: Added armhf and aarch64 libc locations * checksec.sh: Replace FS_COUNT with fgrep * checksec.sh: Fixed symbols count in csv * checksec.sh: Fixed RW-RPATH and RW-RUNPATH * checksec.sh: Added stack canaries generated by intel compiler * checksec.sh: Mute stat errors for non-existent directories * checksec.sh: Removed invalid json structures and duplicate kernel checks * checksec.sh: fixed spaces in -d option * checksec.sh: Added stack-protector-string check * checksec.sh: Add arm64 specific kernel checks * checksec.sh: Add REFCOUNT_FULL to kernel tests * checksec.sh: Remove OSX support Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-21 08:18:36 -07:00
Armin Kuster	9f5cc2a7eb	smack: kernel fragment update Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-12 11:10:44 -07:00
Armin Kuster	6e3c025a5b	oe-selftest: add running cve checker Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-12 11:10:36 -07:00
Alexander Kanavin	462d76700a	apparmor: fetch from git Tarballs from archive.ubuntu.com can and do disappear (similar to archive.debian.org). Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-12 10:49:36 -07:00
Armin Kuster	34cb20fe5c	libseccomp: update to 2.4.1 bug fix release. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-09 20:05:47 -07:00
Armin Kuster	78d7a2ef26	libldb: add earlier version This version does not have a dependacy on samba Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-09 20:05:32 -07:00
Armin Kuster	f524ba9665	samhain: add more tests and fix ret checks Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-09 17:45:13 -07:00
Armin Kuster	8eee8727cb	smack-test: add smack tests from meta-intel-iot-security ported over smack tests Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-09 17:45:13 -07:00
Armin Kuster	5d37937f2e	smack: move patch to smack dir Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-09 17:44:59 -07:00
Armin Kuster	f67e1bc01d	apparmor: add a few more runtime Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-09 17:44:59 -07:00
Armin Kuster	f506138eb5	apparmor: fix fragment for 5.0 kernel Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-09 17:44:59 -07:00
Yi Zhao	eaa616a2e2	meta-tpm/README: update Add more description Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-01 15:53:40 -07:00
Yi Zhao	e3f6970b09	meta-tpm/conf/layer.conf: update layer dependencies Add openembedded-layer to layer dependencies. Fix the following build errors: ERROR: Required build target 'tpm2-pkcs11' has no buildable providers. Missing or unbuildable dependency chain was: ['tpm2-pkcs11', 'dstat'] ERROR: Required build target 'cryptsetup-tpm-incubator' has no buildable providers. Missing or unbuildable dependency chain was: ['cryptsetup-tpm-incubator', 'libdevmapper'] ERROR: Required build target 'tpm2-totp' has no buildable providers. Missing or unbuildable dependency chain was: ['tpm2-totp', 'qrencode'] Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-05-01 15:53:32 -07:00
Armin Kuster	5959e4f4bf	clamav-native: fix new build issue re-arch the reciped to build properly. Fixed /var/lib/clamav dir issue Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-04-14 10:54:20 -07:00
Armin Kuster	ab3c84c4d3	clamav: add clamav-cvd package for cvd db Add native package to support creating a mirror of the clamav cvd and supply it in a new package. Provide a INSTALL_CLAMAV_CVD flag to bypass this creation Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-04-14 10:54:07 -07:00
Armin Kuster	3b88d3d9ca	clamav: runtime fix local routing This addes the localhost to resolve.conf to fix: ERROR: Can't get information about database.clamav.net: Temporary failure in name resolution ERROR: Can't download main.cvd from database.clamav.net Giving up on database.clamav.net... Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-04-13 10:31:20 -07:00
Armin Kuster	361aa8c562	libldb: add waf-cross-answeres Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-04-13 10:31:20 -07:00
Armin Kuster	67369e1428	clamav: fix llvm reference version llvm8.0 does not exist. dropped the version part. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-04-13 10:31:20 -07:00
Armin Kuster	109b8260bf	clamav runtime: add resolve.conf support and ping test too Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-04-13 10:31:11 -07:00
Armin Kuster	8a1f54a246	libmspack: update to 0.10.1 For details see: https://github.com/kyz/libmspack/blob/master/libmspack/ChangeLog change compression to match that now being used from source Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-04-07 05:13:33 +05:30
Armin Kuster	98750e8933	ccs-tools: move to reciped-mac Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-04-07 05:12:43 +05:30
Armin Kuster	63af29ba48	layer.conf: Add warrior to compatible release series Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-04-07 05:10:15 +05:30
Armin Kuster	cb6d1c85ee	linux-yocto/5.0: add apparmor fragments Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-04-01 19:21:21 -07:00
Armin Kuster	cb412637a2	linux-yocto: make bbappend version neutral update apparmor configs [v2] Just update configs. leave versions intact. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-04-01 19:21:06 -07:00
Armin Kuster	5b8e4cb21b	apparmor: add basic runtime test Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-03-31 11:57:11 -07:00
Armin Kuster	5dcf7ca44e	apparmor: update to 2.13.2 Drop patch included in update: tool-paths.patch Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-03-31 11:57:02 -07:00
Armin Kuster	1460d9b86d	reorg ids: move ids recipes to recipes-ids Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-03-31 10:37:09 -07:00
Armin Kuster	75e609f7b1	reorg: move mac recipes to recipes-mac Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-03-31 10:37:09 -07:00
Armin Kuster	00f00d2897	clamav: add basic runtime tests Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-03-31 10:37:09 -07:00
Armin Kuster	6d3aa03272	clamav: drop llvm version setting There is only one llvm and its in core so drop allowing it to be overwritten. We can hardcode it now. Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-03-31 10:37:09 -07:00
Armin Kuster	f1f54b94ad	samhain: add basic runtime test Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-03-31 10:37:09 -07:00
Armin Kuster	b551fdef0e	samhain: fix runtime error fix: samhain[1652]: FATAL: x_dnmalloc.c: 2790: hashval < AMOUNTHASH Killed disable dnmalloc Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-03-31 10:37:09 -07:00
Armin Kuster	a0a4660375	suricata: add runtime testing Today there are no failures so set the trigger to zero. [v2] fix match string and conditional Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-03-31 10:37:09 -07:00
Armin Kuster	7d014432c7	tripwire: add runtime test Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-03-31 10:37:09 -07:00
Armin Kuster	1fae87cd1c	sssd: update to 1.16.4 Add systemd pkgconf via DISTRO_FEATURE Fix uid/gid of sssd.conf [v2] drop non update related changes also, this includes CVE-2019-3811 Signed-off-by: Armin Kuster <akuster808@gmail.com>	2019-03-31 10:37:09 -07:00

1 2 3 4 5 ...

539 Commits