For inline IPS nfqueue is nice to have, so add a PACKAGECONFIG entry for
it.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Move ${PN}-python in front so ${PN} can use default packaging rules.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
log_check] WARNING: Intentionally failing postinstall scriptlets of ['suricata', 'clamav'] to defer them to first boot is deprecated. Please place them into pkg_postinst_ontarget_${PN} ()
Signed-off-by: Armin Kuster <akuster808@gmail.com>
[log_check] WARNING: Intentionally failing postinstall scriptlets of ['suricata', 'clamav'] to defer them to first boot is deprecated. Please place them into pkg_postinst_ontarget_${PN} ()
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers
to inject arbitrary OS commands via the Server field in an HTTP response header,
which is directly injected into a CSV report.
Signed-off-by: Nagalakshmi Veeramallu <nveeramallu@mvista.com>
Reviewed-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
status get by "systemctl status samhain" is not correct.
It is active(exited) now. but actually, there is a dameon
running, it should be active(running). so change Type of
servive.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
When systemd is used as system init manager, there is a build issue complains
"can't found apparmor.service". This patch fix it.
Signed-off-by: Jinliang Li <jinliang.li@linux.alibaba.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Set the correct path of kernel configuration file in linux-yocto_4.%.bbappend
to fix the build issue, which is "Fetcher failure for URL: 'file://apparmor.cfg'.
Unable to fetch URL from any source."
Signed-off-by: Jinliang Li <jinliang.li@linux.alibaba.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
No packages depend on samhain-server-native and it doesn't
make sense to extend a server package to native, so remove
the BBCLASSEXTEND.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This solves the below error when systemd is used as init manager,
-- snip --
ERROR: clamav-0.99.2-r0 do_package: SYSTEMD_SERVICE_clamav value clamav.service does not exist
ERROR: clamav-0.99.2-r0 do_package: Function failed: systemd_populate_packages
-- snip --
Other issue:
* Ship /lib/systemd/system/clamav-freshclam.service into ${PN}-freshclam
package, to solve below warning:
-- snip --
[10240] WARNING: QA Issue: clamav: Files/directories were installed but not shipped in any package:
/lib/systemd/system/clamav-freshclam.service
-- snip --
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
While building <mlib>-trousers recipe, the below files are
not shipped but has been installed. The patch packages them
accordingly.
-- snip --
WARNING: lib32-trousers-0.3.14+gitAUTOINC+4b9a70d578-r0 do_package: QA Issue: lib32-trousers: Files/directories were installed but not shipped in any package:
/usr/src
/usr/src/debug
/usr/src/debug/lib32-trousers
/usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0
/usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/git
/usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/git/src
/usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/git/src/tcs
/usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/git/src/trspi
/usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/git/src/tcsd
/usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/git/src/tspi
/usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/git/src/include
/usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/git/src/tddl
-- snip --
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
When used in native builds, the variable STAGING_DIR_HOST expands
to the empty string. This leads 'sed' to an error because the pattern
is empty. Using STAGING_DIR instead of STAGING_DIR_HOST allows
to use xmlsec1 in native builds with the correct behaviour.
Change-Id: I55f40ac2413863c489d4219e0080f7e4e274a6db
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This allows dropping some patches for issues that were addressed
upstream. It also brings in support for connecting swtpm to qemu
without relying on CUSE.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Remove the absolute path for start-stop-daemon
to fix samhain start-up as start-stop-daemon
sometimes located in /usr/sbin, not the expected
/sbin.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It is currently impossible to override localstatedir,
mandir and sysconfdir during ./configure, because they
are being overriden unconditionally.
With this patch it is now possible to set above
locations as needed.
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The combination of using start-stop-daemon and pidof is
not working reliably in all cases. Sometimes, the
tcsd daemon isn't running yet at the time pidof is being
invoked.
This results in an empty /var/run/tcsd.pid, making it
impossible to stop tcsd using the init script.
To solve this, one could either add a delay before calling
pidof, or alternatively use start-stop-daemon's built-in
functionality to achieve the same.
Let's do the latter.
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
fscryptctl is a low-level tool written in C that handles
raw keys and manages policies for Linux filesystem
encryption [1].
For a tool that presents a higher level interface and
manages metadata, key generation, key wrapping, PAM
integration, and passphrase hashing, see fscrypt [2].
[1] https://lwn.net/Articles/639427
[2] https://github.com/google/fscrypt
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
update to 1.2.15
plus
ERROR: openscap-1.2.14-r0 do_package_qa: QA Issue: /usr/lib/openscap/ptest/tests/probes/process58/all.sh contained in package openscap-ptest requires /bin/bash, but no providers found in RDEPENDS_openscap-ptest? [file-rdeps]
ERROR: openscap-1.2.14-r0 do_package_qa: QA Issue: /usr/lib/openscap/ptest/tests/xmldiff.pl contained in package openscap-ptest requires /usr/bin/perl, but no providers found in RDEPENDS_openscap-ptest? [file-rdeps]
ERROR: openscap-1.2.14-r0 do_package_qa: QA Issue: /usr/lib/openscap/ptest/tests/nist/test_worker.py contained in package openscap-ptest requires /usr/bin/python2, but no providers found in RDEPENDS_openscap-ptest? [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Koen Kooi
Armin Kuster
Nagalakshmi Veeramallu
Changqing Li
Jinliang Li
Wenzong Fan
Yi Zhao
Jackie Huang
Jagadeesh Krishnanjanappa
José Bollo
Robert Yang
Patrick Ohly
Mingli Yu
André Draszik
Dengke Du