7cff72ef80
lkrg: update to 0.9.3
...
refresh patch
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-07-05 19:26:50 -04:00
f453866cf6
security-build-image: add lkrg-module to build image
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
a87a1a3e7c
chipsec: update to 1.8.5
...
minor recipe cleanup
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
a68a46ded9
packagegroup-core-security: skip mips firejail
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
fdff18d9da
README: update email address
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
0b9e9c0519
lynis: update to 3.0.8
...
See changelog for details: https://cisofy.com/changelog/lynis/#308
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
94edbcea9a
ccs-tools: update to 1.8.9
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
14b2a6ac18
oeqa: shut done swtpm before and after testing
...
fixes:
swtpm: Could not open TCP socket: Address already in use
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
b5642c519b
oeqa: meta-tpm shut swtpm down before and after testing
...
fixes:
swtpm: Could not open TCP socket: Address already in use
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
fccbe155be
oeqa/clamav drop depricated --list-mirror test
...
Fix download test
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
123c59c313
security-test-image: add firejail and aide test suites
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
6cdb369591
packagegroup-core-security: add firejail
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
4e0d448aca
oeqa: Add a very basic firejail test
...
Currently check if --help works.
RESULTS:
RESULTS - ping.PingTest.test_ping: PASSED (0.07s)
RESULTS - ssh.SSHTest.test_ssh: PASSED (2.41s)
RESULTS - firejail.FirejailTest.test_firejail_basic: PASSED (1.30s)
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
fec94e6ce4
firejail: Add new package
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
6dedb1de70
aide.conf: adjust to allow for build time db creation
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
1f11389089
aide: add native support for build time db creation
...
This will help create a aide db during build that is
then installed on the rootfs for verification at boot time.
This work was inspired by:
Marco Cavallini
Yocto Project Ambassador
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
a0665584ab
classes: add aide routines
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
80bc8b7133
libmhash: add native pkg support
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
71061edbe1
oeqa: add aide test
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
36d0577057
aide: add a few more config options
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
102e47f14d
oeqa: update smack runtime test
...
drop test_smack_mmap_enforced as is was skipped do to possible licensing issues
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
95f7abc7ef
smack-test: more py3 covertion
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-23 18:47:59 -07:00
6c77d06b84
security-test-image: auto include layers if present.
...
This is to simplify tesing to build one image and include pkgs depending on the
layers included in the BBLAYERS.
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-18 06:48:22 -07:00
caadc8672b
sssd: update to 2.7.1
...
drop CVE-2021-3621.patch
refresh a few patches
fixup configure-unsafe globally via sed in build.m4
=== test
RESULTS - sssd.SSSDTest.test_sssd_help: PASSED (1.70s)
RESULTS - sssd.SSSDTest.test_sssd_sssctl_conf_perms_chk: PASSED (2.71s)
RESULTS - sssd.SSSDTest.test_sssd_sssctl_deamon: PASSED (2.07s)
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-18 06:48:22 -07:00
4bb7e5b84a
oeqa: sssd.py fix tests
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-18 06:48:22 -07:00
23d501eb70
sssd: use example conf file
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-18 06:48:22 -07:00
72ba0a4a14
oeqa: fix checksec runtime test
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-18 06:48:22 -07:00
ed2535a84f
packagegroup-core-security.bbappend: add sssd
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-18 06:48:22 -07:00
db2ebfc0d3
packagegroup-core-security: drop sssd
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-18 06:48:22 -07:00
e4bb9a9e7f
layer.conf:add meta-netorking to BBFILES_DYNAMIC
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-18 06:48:22 -07:00
db3a3e87a6
sssd:move to dynamic networking-layer
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-18 06:48:22 -07:00
b67b4cf5ca
apparmor: fix ownership issues
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-18 06:48:22 -07:00
b0b626721e
aide: fix typo
...
Fix typo:
RDPENDS_${PN} -> RDEPENDS:${PN}
Signed-off-by: Yi Zhao <yi.zhao@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-18 06:48:22 -07:00
8c6fe006a1
packagegroup-core-security: don't include aprwatch for musl
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
d93501969c
arpwatch: update to 3.3
...
not compatible with musl
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
2a90888cfd
chkrootkit: Fix missing includes for musl
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
5bdb7a35c1
packagegroup-core-security: drop arpwatch for riscv from pkg grp
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
20c250884d
arpwatch: riscv not supported
...
exclude this arch for compat list
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
87eda5e187
README: Update for dynamic layers
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
5c215dd679
layer.conf: Post release codename changes
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
982ff6fb97
packagegroup-core-security: add arpwatch and chkrootkit to pkg grp
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
93b888c7b4
chkrootkit: update SRC_URI
...
0.55 no longer hosted from main source. Use Ubuntu archive
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
a5a05f61cd
checksec: update 2.6.0
...
LIC_FILES_CHKSUM changed do to yr update
add native support
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
3e5502a31c
oeqa/smack: consolidate classes
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
98df792565
smack-test: switch to python3
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
c78cfc5cd0
tpm2-pkcs11: we really need the symlinks
...
MASK dev-so
Drop un-needed install append steps.
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
3db9e08300
oeqa/tpm2: fix and cleanup tests
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
50eff83d42
oeqa/swtpm: add swtpm runtime
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
3cb0ec3086
swtpm: enable gnutls
...
needed for cert support
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
a2783a8d8b
security-tpm2-image: add swtpm
...
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2022-06-07 16:58:24 -07:00
Armin Kuster
Yi Zhao