vincent/meta-cyber-scle
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

correction des différents bugs

Browse Source
This commit is contained in:
BENOIT Vincent
2023-07-11 08:30:14 +00:00
parent faf0597483
commit 940ddd1b1f
10 changed files with 71 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
conf/distro/rpi-distro.conf
View File

@@ -34,7 +34,7 @@ CMDLINE_SERIAL = "console=tty1"
SERIAL_CONSOLES = "" SERIAL_CONSOLES = ""
# Use systemd # Use systemd
DISTRO_FEATURES += " systemd usbhost ipv4 pam format" DISTRO_FEATURES += " systemd usbhost ipv4 pam format security"
VIRTUAL-RUNTIME_init_manager = "systemd" VIRTUAL-RUNTIME_init_manager = "systemd"
VIRTUAL_RUNTIME_login_manager = "shadow-base" VIRTUAL_RUNTIME_login_manager = "shadow-base"
VIRTUAL_RUNTIME_syslog = "rsyslog" VIRTUAL_RUNTIME_syslog = "rsyslog"
@@ -55,4 +55,4 @@ INHERIT += "rm_work"
INHERIT += "extrausers" INHERIT += "extrausers"
EXTRA_USERS_PARAMS += "usermod -p '\$6\$kineintercom\$CRdIWTleZDC7c/0pNVlDZy7K56fyf5PVsAGlx27GAY8UX/EjObgmxhMi3YOOs0uLj.da3jMdv.sKFngNFUqFz1' root;" EXTRA_USERS_PARAMS += "usermod -p '\$6\$kineintercom\$CRdIWTleZDC7c/0pNVlDZy7K56fyf5PVsAGlx27GAY8UX/EjObgmxhMi3YOOs0uLj.da3jMdv.sKFngNFUqFz1' root;"
RM_WORK_EXCLUDE += "wazuh" RM_WORK_EXCLUDE += "wazuh-agent"

2
conf/layer.conf
View File

@@ -11,4 +11,4 @@ BBFILE_PRIORITY_cyber-scle = "11"
#LAYERDEPENDS_cyber-scle = "meta-security" #LAYERDEPENDS_cyber-scle = "meta-security"
LAYERSERIES_COMPAT_cyber-scle = "zeus" LAYERSERIES_COMPAT_cyber-scle = "kirkstone"

0
recipes-core/images/arkens-image-cybersecurite.bbappend → recipes-core/images/arkens-image-cybersecurite.bbappend.old
View File

4
recipes-core/images/rpi-test-image.bb Normal file
View File

@@ -0,0 +1,4 @@
# Copyright (C) 2022 Vincent BENOIT <vincent.benoit@benserv.fr>
# Release under the MIT license (see COPYING.MIT for the terms)
SUMMARY = "RPI Test Image"
include rpi-test-image.inc

27
recipes-core/images/rpi-test-image.inc Normal file
View File

@@ -0,0 +1,27 @@
SUMMARY = "Cyber Scle Image"
PV = "1.0.0"
inherit core-image
EXTRA_IMAGE_FEATURES = ""
GLIBC_GENERATE_LOCALES = "en_US.UTF-8 fr_FR.UTF-8"
IMAGE_LINGUAS = "fr-fr"
PROCESS_INSTALL = " \
lynis \
"
PYTHON_INSTALL = " \
"
IMAGE_INSTALL += " \
sudo \
logrotate \
rsyslog \
iptables \
procps \
kbd-keymaps \
vim \
usbutils \
${PROCESS_INSTALL} \
"

19
recipes-devtools/audit-userspace/audit-userspace_2.8.5.bb
View File

@@ -1,16 +1,23 @@
DESCRIPTION = "This is some background information about the Linux Auditing Framework" DESCRIPTION = "This is some background information about the Linux Auditing Framework"
HOMEPAGE = "https://github.com/linux-audit/audit-userspace" HOMEPAGE = "https://github.com/linux-audit/audit-userspace"
LICENSE = "GPLv2" LICENSE = "GPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
SRC_URI = "git://github.com/linux-audit/audit-userspace.git;branch=2.8_maintenance;protocol=https" SRC_URI = "git://github.com/linux-audit/audit-userspace.git;branch=2.8_maintenance;protocol=https"
SRCREV = "5fae55c1ad15b3cefe6890eba7311af163e9133c" SRCREV = "5fae55c1ad15b3cefe6890eba7311af163e9133c"
SRC_URI += " \
file://0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch \
file://0002-ausearch-common.patch \
"
S = "${WORKDIR}/git" S = "${WORKDIR}/git"
DEPENDS = "openldap tcp-wrappers coreutils-native python" DEPENDS = "openldap tcp-wrappers coreutils-native python3"
RDEPENDS_${PN} += "bash" RDEPENDS:${PN} += "bash"
EXTRA_OECONF = "--with-python=no \ EXTRA_OECONF = "--with-python=no \
--with-libwrap \ --with-libwrap \
@@ -20,10 +27,10 @@ EXTRA_OECONF = "--with-python=no \
inherit autotools inherit autotools
do_install_append() { do_install:append() {
install -m 644 ${S}/lib/private.h ${D}${includedir} install -m 644 ${S}/lib/private.h ${D}${includedir}
install -m 644 ${S}/lib/dso.h ${D}${includedir} install -m 644 ${S}/lib/dso.h ${D}${includedir}
} }
FILES_${PN} += "/usr/lib/systemd/system/auditd.service" FILES:${PN} += "/usr/lib/systemd/system/auditd.service"
FILES_${PN}-dev += "lib/private.h lib/dso.h" FILES:${PN}-dev += "lib/private.h lib/dso.h"

4
recipes-devtools/nlohmann-json/nlohmann-json_3.7.3.bb
View File

@@ -18,12 +18,12 @@ EXTRA_OECMAKE += "-DJSON_BuildTests=OFF"
# nlohmann-json is a header only C++ library, so the main package will be empty. # nlohmann-json is a header only C++ library, so the main package will be empty.
RDEPENDS_${PN}-dev = "" RDEPENDS:${PN}-dev = ""
BBCLASSEXTEND = "native nativesdk" BBCLASSEXTEND = "native nativesdk"
# other packages commonly reference the file directly as "json.hpp" # other packages commonly reference the file directly as "json.hpp"
# create symlink to allow this usage # create symlink to allow this usage
do_install_append() { do_install:append() {
ln -s nlohmann/json.hpp ${D}${includedir}/json.hpp ln -s nlohmann/json.hpp ${D}${includedir}/json.hpp
} }

12
recipes-scanners/wazuh/wazuh-agent_4.7.0.bb
View File

@@ -5,7 +5,7 @@ SUMMARY = "The agent runs on the host you want to monitor and communicates with
MAINTAINER = "Vincent BENOIT <vincent.benoit@benserv.fr>" MAINTAINER = "Vincent BENOIT <vincent.benoit@benserv.fr>"
LIC_FILES_CHKSUM = "file://LICENSE;md5=i522ae3a9266aa0b86a5f314c85dbb560" LIC_FILES_CHKSUM = "file://LICENSE;md5=i522ae3a9266aa0b86a5f314c85dbb560"
LICENSE = "CLOSED" LICENSE = "CLOSED"
FILESEXTRAPATHS_prepend := "${THISDIR}/files:" FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
DEPENDS = "curl-native \ DEPENDS = "curl-native \
audit-userspace \ audit-userspace \
@@ -35,7 +35,7 @@ DEPENDS = "curl-native \
wazuh-users \ wazuh-users \
" "
RDEPENDS_${PN} += "wazuh-users" RDEPENDS:${PN} += "wazuh-users"
inherit systemd inherit systemd
@@ -53,7 +53,7 @@ PV = "4.7.0"
S = "${WORKDIR}/git" S = "${WORKDIR}/git"
SYSTEMD_AUTO_ENABLE = "enable" SYSTEMD_AUTO_ENABLE = "enable"
SYSTEMD_SERVICE_${PN} = "wazuh-agent.service" SYSTEMD_SERVICE:${PN} = "wazuh-agent.service"
EXTRA_OEMAKE = ' \ EXTRA_OEMAKE = ' \
CC="${CC}" \ CC="${CC}" \
@@ -191,7 +191,7 @@ do_install() {
install -d -o wazuh -g wazuh ${D}/var/ossec/logs/wazuh install -d -o wazuh -g wazuh ${D}/var/ossec/logs/wazuh
} }
FILES_${PN} += " \ FILES:${PN} += " \
${systemd_unitdir}/system/wazuh-agent.service \ ${systemd_unitdir}/system/wazuh-agent.service \
/var/ossec/lib/libwazuhext.so \ /var/ossec/lib/libwazuhext.so \
/var/ossec/lib/libwazuhshared.so \ /var/ossec/lib/libwazuhshared.so \
@@ -248,6 +248,6 @@ FILES_${PN} += " \
/var/ossec/logs/ossec.json \ /var/ossec/logs/ossec.json \
" "
INSANE_SKIP_${PN} = "ldflags" INSANE_SKIP:${PN} = "ldflags already-stripped"
#For dev packages only #For dev packages only
INSANE_SKIP_${PN}-dev = "ldflags" INSANE_SKIP:${PN}-dev = "ldflags already-stripped"

6
recipes-scanners/wazuh/wazuh-users.bb
View File

@@ -13,11 +13,11 @@ inherit useradd
USERADD_PACKAGES = "${PN}" USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM_${PN} = "-g 987 --system wazuh;" GROUPADD_PARAM:${PN} = "-g 987 --system wazuh;"
# To change the password use something like this : "mkpasswd -m sha-512 p@ssw0rd -s 'seed'" # To change the password use something like this : "mkpasswd -m sha-512 p@ssw0rd -s 'seed'"
# mkpasswd from 'whois' debian package # mkpasswd from 'whois' debian package
USERADD_PARAM_${PN} = "-u 1234 -g 987 --system --shell /bin/bash --password '\$6\$wazuhAgent\$Q/QdBOx6lTuY6Z0P8yTRYboRNil49oNOJOwG41H3.9YLnAMmuKG6qw8hwWuE7r/rdirrd9zhdHVFLJNpJK6Mn1' wazuh" USERADD_PARAM:${PN} = "-u 1234 -g 987 --system --shell /bin/bash --password '\$6\$wazuhAgent\$Q/QdBOx6lTuY6Z0P8yTRYboRNil49oNOJOwG41H3.9YLnAMmuKG6qw8hwWuE7r/rdirrd9zhdHVFLJNpJK6Mn1' wazuh"
# Specify whether to produce an output package even if it is empty # Specify whether to produce an output package even if it is empty
ALLOW_EMPTY_${PN} = "1" ALLOW_EMPTY:${PN} = "1"

23
recipes-support/sqlite/sqlite3.inc
View File

@@ -44,26 +44,29 @@ EXTRA_OECONF = " \
--disable-static-shell \ --disable-static-shell \
" "
CFLAGS_append = " -fPIC" CFLAGS:append = " -fPIC"
# pread() is in POSIX.1-2001 so any reasonable system must surely support it # pread() is in POSIX.1-2001 so any reasonable system must surely support it
CFLAGS_append = " -DUSE_PREAD" CFLAGS:append = " -DUSE_PREAD"
# Provide column meta-data API # Provide column meta-data API
CFLAGS_append = " -DSQLITE_ENABLE_COLUMN_METADATA" CFLAGS:append = " -DSQLITE_ENABLE_COLUMN_METADATA"
# Unless SQLITE_BYTEORDER is predefined, the code falls back to build time # Unless SQLITE_BYTEORDER is predefined, the code falls back to build time
# huristics, which are not always correct # huristics, which are not always correct
CFLAGS_append = " ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DSQLITE_BYTEORDER=1234', '-DSQLITE_BYTEORDER=4321', d)}" CFLAGS:append = " ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DSQLITE_BYTEORDER=1234', '-DSQLITE_BYTEORDER=4321', d)}"
PACKAGES = "lib${BPN} lib${BPN}-dev lib${BPN}-doc ${PN}-dbg lib${BPN}-staticdev ${PN}" PACKAGES = "lib${BPN} lib${BPN}-dev lib${BPN}-doc ${PN}-dbg lib${BPN}-staticdev ${PN}"
FILES_${PN} = "${bindir}/*" FILES:${PN} = "${bindir}/*"
FILES_lib${BPN} = "${libdir}/*.so.*" FILES:lib${BPN} = "${libdir}/*.so.*"
FILES_lib${BPN}-dev = "${libdir}/*.la ${libdir}/*.so \ FILES:lib${BPN}-dev = "${libdir}/*.la \
${libdir}/pkgconfig ${includedir}" ${libdir}/*.so \
FILES_lib${BPN}-doc = "${docdir} ${mandir} ${infodir}" ${libdir}/pkgconfig \
FILES_lib${BPN}-staticdev = "${libdir}/lib*.a" ${includedir}"
FILES:lib${BPN}-doc = "${docdir} ${mandir} ${infodir}"
FILES:lib${BPN}-staticdev = "${libdir}/lib*.a"
AUTO_LIBNAME_PKGS = "${MLPREFIX}lib${BPN}" AUTO_LIBNAME_PKGS = "${MLPREFIX}lib${BPN}"