mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-01-12 03:10:13 +00:00
Code Issues Projects Releases Wiki Activity
1,203 Commits 37 Branches 0 Tags
fdff18d9da93f826d29df99bf568784e6170ba07
Commit Graph

1203 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Armin Kuster
fdff18d9da README: update email address 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
0b9e9c0519 lynis: update to 3.0.8 
See changelog for details: https://cisofy.com/changelog/lynis/#308

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
94edbcea9a ccs-tools: update to 1.8.9 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
14b2a6ac18 oeqa: shut done swtpm before and after testing 
fixes:
swtpm: Could not open TCP socket: Address already in use

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
b5642c519b oeqa: meta-tpm shut swtpm down before and after testing 
fixes:
swtpm: Could not open TCP socket: Address already in use

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
fccbe155be oeqa/clamav drop depricated --list-mirror test 
Fix download test

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
123c59c313 security-test-image: add firejail and aide test suites 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
6cdb369591 packagegroup-core-security: add firejail 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
4e0d448aca oeqa: Add a very basic firejail test 
Currently check if --help works.

RESULTS:
RESULTS - ping.PingTest.test_ping: PASSED (0.07s)
RESULTS - ssh.SSHTest.test_ssh: PASSED (2.41s)
RESULTS - firejail.FirejailTest.test_firejail_basic: PASSED (1.30s)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
fec94e6ce4 firejail: Add new package 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
6dedb1de70 aide.conf: adjust to allow for build time db creation 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
1f11389089 aide: add native support for build time db creation 
This will help create a aide db during build that is
then installed on the rootfs for verification at boot time.

This work was inspired by:
Marco Cavallini
Yocto Project Ambassador

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
a0665584ab classes: add aide routines 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
80bc8b7133 libmhash: add native pkg support 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
71061edbe1 oeqa: add aide test 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
36d0577057 aide: add a few more config options 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
102e47f14d oeqa: update smack runtime test 
drop test_smack_mmap_enforced as is was skipped do to possible licensing issues

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
95f7abc7ef smack-test: more py3 covertion 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-23 18:47:59 -07:00
Armin Kuster
6c77d06b84 security-test-image: auto include layers if present. 
This is to simplify tesing to build one image and include pkgs depending on the
layers included in the BBLAYERS.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
caadc8672b sssd: update to 2.7.1 
drop CVE-2021-3621.patch
refresh a few patches

fixup configure-unsafe globally via sed in build.m4

=== test
RESULTS - sssd.SSSDTest.test_sssd_help: PASSED (1.70s)
RESULTS - sssd.SSSDTest.test_sssd_sssctl_conf_perms_chk: PASSED (2.71s)
RESULTS - sssd.SSSDTest.test_sssd_sssctl_deamon: PASSED (2.07s)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
4bb7e5b84a oeqa: sssd.py fix tests 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
23d501eb70 sssd: use example conf file 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
72ba0a4a14 oeqa: fix checksec runtime test 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
ed2535a84f packagegroup-core-security.bbappend: add sssd 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
db2ebfc0d3 packagegroup-core-security: drop sssd 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
e4bb9a9e7f layer.conf:add meta-netorking to BBFILES_DYNAMIC 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
db3a3e87a6 sssd:move to dynamic networking-layer 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
b67b4cf5ca apparmor: fix ownership issues 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Yi Zhao
b0b626721e aide: fix typo 
Fix typo:
RDPENDS_${PN} -> RDEPENDS:${PN}

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-18 06:48:22 -07:00
Armin Kuster
8c6fe006a1 packagegroup-core-security: don't include aprwatch for musl 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
d93501969c arpwatch: update to 3.3 
not compatible with musl

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
2a90888cfd chkrootkit: Fix missing includes for musl 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
5bdb7a35c1 packagegroup-core-security: drop arpwatch for riscv from pkg grp 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
20c250884d arpwatch: riscv not supported 
exclude this arch for compat list

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
87eda5e187 README: Update for dynamic layers 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
5c215dd679 layer.conf: Post release codename changes 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
982ff6fb97 packagegroup-core-security: add arpwatch and chkrootkit to pkg grp 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
93b888c7b4 chkrootkit: update SRC_URI 
0.55 no longer hosted from main source. Use Ubuntu archive

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
a5a05f61cd checksec: update 2.6.0 
LIC_FILES_CHKSUM changed do to yr update

add native support

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
3e5502a31c oeqa/smack: consolidate classes 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
98df792565 smack-test: switch to python3 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
c78cfc5cd0 tpm2-pkcs11: we really need the symlinks 
MASK dev-so
Drop un-needed install append steps.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
3db9e08300 oeqa/tpm2: fix and cleanup tests 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
50eff83d42 oeqa/swtpm: add swtpm runtime 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
3cb0ec3086 swtpm: enable gnutls 
needed for cert support

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
a2783a8d8b security-tpm2-image: add swtpm 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Armin Kuster
f658bd542a swtpm: enable seccomp if DISTRO is enabled 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-06-07 16:58:24 -07:00
Anton Antonov
7628a3e90b meta-parsec: Update Parsec runtime tests 
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-26 16:09:42 -07:00
Anton Antonov
ddd4b13ea0 Parsec-service: Fix arm32 build 
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-26 16:09:42 -07:00
Armin Kuster
1afcf4413b oeqa: add parsec runtime tests 
Signed-off-by: Armin Kuster <akuster808@gmail.com>

---
v2]
Add parsec-cli-tests.sh to mix

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2022-05-26 16:09:42 -07:00