vincent/meta-cyber-scle
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ajout des recettes pour la compilation de wazuh agent

Browse Source
This commit is contained in:
BENOIT Vincent
2023-07-11 07:00:36 +00:00
parent c3ee5866d6
commit faf0597483
20 changed files with 1730 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
conf/distro/rpi-distro.conf Normal file
View File

@@ -0,0 +1,58 @@
#PACKAGE_CLASSES ?= "package_deb"
DISTRO_VERSION = "1.0.0"
DISTRO_NAME = "RPI Distro"
SDK_VENDOR = "-benserv"
SDK_VERSION = "${DISTRO_VERSION}"
MAINTENER = "vincent.benoit@benserv.fr"
# Image Rootfs type and size
IMAGE_FSTYPES = "tar.bz2 ext4 ext4.xz rpi-sdimg"
SDIMG_ROOTFS_TYPE = "ext4.xz"
# define a multiplier that the build system apllies to
# the initial image size (4Go freespace)
#IMAGE_OVERHEAD_FACTOR = "2"
IMAGE_ROOTFS_EXTRA_SPACE = "4194304"
# rpi specific
DISABLE_OVERSCAN = "1"
BOOT_DELAY = "0"
BOOT_DELAY_MS = "0"
DISABLE_RPI_BOOT_LOGO = "1"
DISABLE_SPLASH = "1"
ENABLE_I2C = "1"
ENABLE_UART = "1"
#KERNEL_MODULE_AUTOLOAD:rpi += "i2c-dev i2c-bcm2708 rtc-ds1307"
CMDLINE_SERIAL = "console=tty1"
#RPI_EXTRA_CONFIG = ' \n \
## Yocto Extra config \n \
#dtoverlay=i2c-rtc,ds3231 \n \
#'
# mask systemd-serialgetty parsed attribute SERIAL_CONSOLES
SERIAL_CONSOLES = ""
# Use systemd
DISTRO_FEATURES += " systemd usbhost ipv4 pam format"
VIRTUAL-RUNTIME_init_manager = "systemd"
VIRTUAL_RUNTIME_login_manager = "shadow-base"
VIRTUAL_RUNTIME_syslog = "rsyslog"
VIRTUAL-RUNTIME_initscripts = "systemd-compat-units"
DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"
IMAGE_FEATURES += " package-management ssh-server-openssh"
MACHINE_FEATURES = "rtc"
#KERNEL_MODULE_AUTOLOAD += " i2c-dev"
# set /var/log persistent
VOLATILE_LOG_DIR = "no"
INHERIT += "rm_work"
# Use extrausers
INHERIT += "extrausers"
EXTRA_USERS_PARAMS += "usermod -p '\$6\$kineintercom\$CRdIWTleZDC7c/0pNVlDZy7K56fyf5PVsAGlx27GAY8UX/EjObgmxhMi3YOOs0uLj.da3jMdv.sKFngNFUqFz1' root;"
RM_WORK_EXCLUDE += "wazuh"

14
conf/layer.conf Normal file
View File

@@ -0,0 +1,14 @@
# We have a conf and classes directory, add to BBPATH
BBPATH := "${BBPATH}:${LAYERDIR}"
# We have a packages directory, add to BBFILES
BBFILES += "${LAYERDIR}/recipes-*/*/*.bb"
BBFILES += " ${LAYERDIR}/recipes-*/*/*.bbappend"
BBFILE_COLLECTIONS += "cyber-scle"
BBFILE_PATTERN_cyber-scle := "^${LAYERDIR}/"
BBFILE_PRIORITY_cyber-scle = "11"
#LAYERDEPENDS_cyber-scle = "meta-security"
LAYERSERIES_COMPAT_cyber-scle = "zeus"

23
conf/template/bblayers.conf.sample Normal file
View File

@@ -0,0 +1,23 @@
# POKY_BBLAYERS_CONF_VERSION is increased each time build/conf/bblayers.conf
# changes incompatibly
POKY_BBLAYERS_CONF_VERSION = "2"
BBPATH = "${TOPDIR}"
BSPPATH = "${TOPDIR}/.."
BBFILES ?= ""
BBLAYERS ?= " \
${BSPPATH}/poky/meta \
${BSPPATH}/poky/meta-poky \
${BSPPATH}/poky/meta-yocto-bsp \
${BSPPATH}/meta-openembedded/meta-oe \
${BSPPATH}/meta-openembedded/meta-python \
${BSPPATH}/meta-openembedded/meta-networking \
${BSPPATH}/meta-openembedded/meta-webserver \
${BSPPATH}/meta-openembedded/meta-filesystems \
${BSPPATH}/meta-openembedded/meta-perl \
${BSPPATH}/meta-security \
${BSPPATH}/meta-security/meta-security-compliance \
${BSPPATH}/meta-raspberrypi \
${BSPPATH}/meta-cyber-scle \
"

39
conf/template/tal/bblayers.conf.sample Normal file
View File

@@ -0,0 +1,39 @@
# POKY_BBLAYERS_CONF_VERSION is increased each time build/conf/bblayers.conf
# changes incompatibly
POKY_BBLAYERS_CONF_VERSION = "2"
BBPATH = "${TOPDIR}"
BSPPATH = "${TOPDIR}/.."
BBFILES ?= ""
BBLAYERS ?= " \
${BSPPATH}/poky/meta \
${BSPPATH}/poky/meta-poky \
${BSPPATH}/poky/meta-yocto-bsp \
${BSPPATH}/meta-openembedded/meta-oe \
${BSPPATH}/meta-openembedded/meta-multimedia \
${BSPPATH}/meta-openembedded/meta-python \
${BSPPATH}/meta-openembedded/meta-networking \
${BSPPATH}/meta-openembedded/meta-gnome \
${BSPPATH}/meta-openembedded/meta-webserver \
${BSPPATH}/meta-openembedded/meta-filesystems \
${BSPPATH}/meta-openembedded/meta-xfce \
${BSPPATH}/meta-openembedded/meta-perl \
${BSPPATH}/meta-qt5 \
${BSPPATH}/meta-qt5-extra \
${BSPPATH}/meta-rust \
${BSPPATH}/meta-clang \
${BSPPATH}/meta-browser \
${BSPPATH}/meta-selinux \
${BSPPATH}/meta-java \
${BSPPATH}/meta-cp \
${BSPPATH}/meta-cp-tal-se \
${BSPPATH}/meta-emb-arkcp-se \
${BSPPATH}/meta-ihm-arkcp-se \
${BSPPATH}/meta-ihm-raid-arkcp \
${BSPPATH}/meta-configurateur-transfert \
${BSPPATH}/meta-security \
${BSPPATH}/meta-security/meta-security-compliance \
${BSPPATH}/meta-cyber-scle \
"

17
recipes-core/images/arkens-image-cybersecurite.bbappend Normal file
View File

@@ -0,0 +1,17 @@
# Copyright (C) 2023 Vincent BENOIT <vincent.benoit@scle.fr>
# Released under the MIT license (see COPYING.MIT for the terms)
LICENSE = "CLOSED"
LABELS = "Arkens CP (avec logiciels cybersecurité)"
include arkens-image.inc
SCLE_USERS += " \
arkens-users-cybersecurite \
"
IMAGE_INSTALL += " \
arkens-services-cybersecurite \
lynis \
wazuh-agent \
"

29
recipes-devtools/audit-userspace/audit-userspace_2.8.5.bb Normal file
View File

@@ -0,0 +1,29 @@
DESCRIPTION = "This is some background information about the Linux Auditing Framework"
HOMEPAGE = "https://github.com/linux-audit/audit-userspace"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
SRC_URI = "git://github.com/linux-audit/audit-userspace.git;branch=2.8_maintenance;protocol=https"
SRCREV = "5fae55c1ad15b3cefe6890eba7311af163e9133c"
S = "${WORKDIR}/git"
DEPENDS = "openldap tcp-wrappers coreutils-native python"
RDEPENDS_${PN} += "bash"
EXTRA_OECONF = "--with-python=no \
--with-libwrap \
--enable-gssapi-krb5=yes \
--with-arm --with-aarch64 --with-libcap-ng=yes \
--without-golang --enable-systemd"
inherit autotools
do_install_append() {
install -m 644 ${S}/lib/private.h ${D}${includedir}
install -m 644 ${S}/lib/dso.h ${D}${includedir}
}
FILES_${PN} += "/usr/lib/systemd/system/auditd.service"
FILES_${PN}-dev += "lib/private.h lib/dso.h"

51
recipes-devtools/audit-userspace/files/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch Normal file
View File

@@ -0,0 +1,51 @@
diff --git a/auparse/interpret.c b/auparse/interpret.c
index 51c4a5e4..337be2dd 100644
--- a/auparse/interpret.c
+++ b/auparse/interpret.c
@@ -44,8 +44,10 @@
#include <linux/ax25.h>
#include <linux/atm.h>
#include <linux/x25.h>
-#include <linux/if.h> // FIXME: remove when ipx.h is fixed
-#include <linux/ipx.h>
+#ifdef HAVE_IPX_HEADERS
+ #include <linux/if.h> // FIXME: remove when ipx.h is fixed
+ #include <linux/ipx.h>
+#endif
#include <linux/capability.h>
#include <sys/personality.h>
#include <sys/prctl.h>
@@ -1151,6 +1153,7 @@ static const char *print_sockaddr(const char *val)
x->sax25_call.ax25_call[6]);
}
break;
+#ifdef HAVE_IPX_HEADERS
case AF_IPX:
{
const struct sockaddr_ipx *ip =
@@ -1160,6 +1163,7 @@ static const char *print_sockaddr(const char *val)
str, ip->sipx_port, ip->sipx_network);
}
break;
+#endif
case AF_ATMPVC:
{
const struct sockaddr_atmpvc* at =
diff --git a/configure.ac b/configure.ac
index 6e345f12..5ff2d78e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -402,6 +402,13 @@ if test x"$LIBWRAP_LIBS" != "x"; then
AC_DEFINE_UNQUOTED(HAVE_LIBWRAP, [], Define if tcp_wrappers support is enabled )
fi
+# linux/ipx.h - deprecated in 2018
+AC_CHECK_HEADER(linux/ipx.h, ipx_headers=yes, ipx_headers=no)
+if test $ipx_headers = yes ; then
+ AC_DEFINE(HAVE_IPX_HEADERS,1,[IPX packet interpretation])
+fi
+
+
# See if we want to support lower capabilities for plugins
LIBCAP_NG_PATH

11
recipes-devtools/audit-userspace/files/0002-ausearch-common.patch Normal file
View File

@@ -0,0 +1,11 @@
--- a/src/ausearch-common.h
+++ b/src/ausearch-common.h
@@ -50,7 +50,7 @@ extern pid_t event_pid;
extern int event_exact_match;
extern uid_t event_uid, event_euid, event_loginuid;
extern const char *event_tuid, *event_teuid, *event_tauid;
-slist *event_node_list;
+extern slist *event_node_list;
extern const char *event_comm;
extern const char *event_filename;
extern const char *event_hostname;

21
recipes-devtools/cjson/cjson_1.7.15.bb Normal file
View File

@@ -0,0 +1,21 @@
DESCRIPTION = "Ultralightweight JSON parser in ANSI C"
AUTHOR = "Dave Gamble"
HOMEPAGE = "https://github.com/DaveGamble/cJSON"
SECTION = "libs"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=218947f77e8cb8e2fa02918dc41c50d0"
SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https"
SRCREV = "d348621ca93571343a56862df7de4ff3bc9b5667"
S = "${WORKDIR}/git"
inherit cmake pkgconfig
EXTRA_OECMAKE += "\
-DENABLE_CJSON_UTILS=On \
-DENABLE_CUSTOM_COMPILER_FLAGS=OFF \
-DBUILD_SHARED_AND_STATIC_LIBS=On \
"
BBCLASSEXTEND = "native nativesdk"

29
recipes-devtools/nlohmann-json/nlohmann-json_3.7.3.bb Normal file
View File

@@ -0,0 +1,29 @@
SUMMARY = "JSON for modern C++"
HOMEPAGE = "https://nlohmann.github.io/json/"
SECTION = "libs"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE.MIT;md5=f5f7c71504da070bcf4f090205ce1080"
SRC_URI = "git://github.com/nlohmann/json.git;protocol=https;branch=develop"
PV = "3.7.3+git${SRCPV}"
SRCREV = "e7b3b40b5a95bc74b9a7f662830a27c49ffc01b4"
S = "${WORKDIR}/git"
inherit cmake
EXTRA_OECMAKE += "-DJSON_BuildTests=OFF"
# nlohmann-json is a header only C++ library, so the main package will be empty.
RDEPENDS_${PN}-dev = ""
BBCLASSEXTEND = "native nativesdk"
# other packages commonly reference the file directly as "json.hpp"
# create symlink to allow this usage
do_install_append() {
ln -s nlohmann/json.hpp ${D}${includedir}/json.hpp
}

275
recipes-scanners/wazuh/files/0001-Makefile.patch Normal file
View File

@@ -0,0 +1,275 @@
diff --git a/src/Makefile b/src/Makefile
index df5cf62c25..12f41a611f 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -398,7 +398,7 @@ ifeq (,$(filter ${V},YES yes y Y 1))
QUIET_ENDCOLOR= @printf '%b' ${ENDCOLOR} 1>&2;
endif
-MING_BASE:=
+#MING_BASE:=
ifeq (${TARGET}, winagent)
# Avoid passing environment variables such CFLAGS to external Makefiles
ifeq (${CC}, gcc)
@@ -455,8 +455,8 @@ OSSEC_CC =${QUIET_CC}${MING_BASE}${CC}
OSSEC_CCBIN =${QUIET_CCBIN}${MING_BASE}${CC}
OSSEC_CXXBIN =${QUIET_CCBIN}${MING_BASE}${CXX}
OSSEC_SHARED =${QUIET_CCBIN}${MING_BASE}${CC} -shared
-OSSEC_LINK =${QUIET_LINK}${MING_BASE}ar -crus
-OSSEC_RANLIB =${QUIET_RANLIB}${MING_BASE}ranlib
+OSSEC_LINK =${QUIET_LINK}${MING_BASE}${AR} -crus
+OSSEC_RANLIB =${QUIET_RANLIB}${MING_BASE}${RANLIB}
OSSEC_WINDRES =${QUIET_CCBIN}${MING_BASE}windres
@@ -780,8 +780,9 @@ ifeq (${MAKECMDGOALS},agent)
$(error Do not use 'agent' directly, use 'TARGET=agent')
endif
-agent: external ${CPPLIBDEPS}
- ${MAKE} ${BUILD_CMAKE_PROJECTS}
+#agent: external ${CPPLIBDEPS}
+agent:
+# ${MAKE} ${BUILD_CMAKE_PROJECTS}
${MAKE} ${BUILD_AGENT}
ifneq (,$(filter ${USE_SELINUX},YES yes y Y 1))
@@ -914,6 +915,7 @@ ifeq (${uname_S},Darwin)
EXTERNAL_LIBS += ${LIBPLIST_LIB}
endif
+EXTERNAL_LIBS :=
.PHONY: external test_external
external: test_external $(EXTERNAL_LIBS) $(JEMALLOC_LIB)
@@ -1002,6 +1004,7 @@ os_zlib_c := os_zlib/os_zlib.c
os_zlib_o := $(os_zlib_c:.c=.o)
os_zlib/%.o: os_zlib/%.c
+ @echo "SCLE: os_zlib"
${OSSEC_CC} ${OSSEC_CFLAGS} -c $< -o $@
#### bzip2 ##########
@@ -1032,10 +1035,12 @@ cjson_c := ${EXTERNAL_JSON}cJSON.c
cjson_o := $(cjson_c:.c=.o)
$(JSON_LIB): ${cjson_o}
+ @echo "[SCLE]: PLIP1"
${OSSEC_LINK} $@ $^
${OSSEC_RANLIB} $@
${EXTERNAL_JSON}%.o: ${EXTERNAL_JSON}%.c
+ @echo "[SCLE]: PLIP2"
${OSSEC_CC} ${OSSEC_CFLAGS} -fPIC -c $^ -o $@
#### libyaml ##########
@@ -1365,7 +1370,8 @@ endif
####################
WAZUHEXT_LIB = libwazuhext.$(SHARED)
WAZUH_LIB = libwazuhshared.$(SHARED)
-BUILD_LIBS = libwazuh.a $(WAZUHEXT_LIB)
+#BUILD_LIBS = libwazuh.a $(WAZUHEXT_LIB)
+BUILD_LIBS = libwazuh.a
$(BUILD_SERVER) $(BUILD_AGENT) $(WINDOWS_BINS) $(WINDOWS_BINS): $(BUILD_LIBS)
@@ -1375,6 +1381,7 @@ os_xml_c := $(wildcard os_xml/*.c)
os_xml_o := $(os_xml_c:.c=.o)
os_xml/%.o: os_xml/%.c
+ @echo "SCLE: os_xml"
${OSSEC_CC} ${OSSEC_CFLAGS} -fPIC -c $^ -o $@
#### os_regex ######
@@ -1383,6 +1390,7 @@ os_regex_c := $(wildcard os_regex/*.c)
os_regex_o := $(os_regex_c:.c=.o)
os_regex/%.o: os_regex/%.c
+ @echo "SCLE: os_regex"
${OSSEC_CC} ${OSSEC_CFLAGS} -fPIC -c $^ -o $@
#### os_net ##########
@@ -1391,6 +1399,7 @@ os_net_c := $(wildcard os_net/*.c)
os_net_o := $(os_net_c:.c=.o)
os_net/%.o: os_net/%.c
+ @echo "SCLE: os_net"
${OSSEC_CC} ${OSSEC_CFLAGS} -fPIC -c $^ -o $@
#### Shared ##########
@@ -1565,6 +1574,7 @@ shared_c := $(wildcard shared/*.c)
shared_o := $(shared_c:.c=.o)
shared/%.o: shared/%.c
+ @echo "SCLE: shared"
${OSSEC_CC} ${OSSEC_CFLAGS} -fPIC -DARGV0=\"wazuh-remoted\" -c $^ -o $@
shared/debug_op_proc.o: shared/debug_op.c
@@ -1596,6 +1606,7 @@ config_c := $(wildcard config/*.c)
config_o := $(config_c:.c=.o)
config/%.o: config/%.c
+ @echo "SCLE: config"
${OSSEC_CC} ${OSSEC_CFLAGS} -c $^ -o $@
build_shared_modules: $(WAZUHEXT_LIB)
@@ -1710,6 +1721,7 @@ os_crypto/signature/%.o: os_crypto/signature/%.c
${OSSEC_CC} ${OSSEC_CFLAGS} -c $< -o $@
analysisd/logmsg.o: analysisd/logmsg.c
+ @echo "SCLE: analysisd/logmsg"
${OSSEC_CC} ${OSSEC_CFLAGS} -c $< -o $@
@@ -1728,6 +1740,7 @@ crypto_o := ${crypto_blowfish_o} \
#### libwazuh #########
libwazuh.a: ${config_o} ${wmodules_dep} ${crypto_o} ${shared_o} ${os_net_o} ${os_regex_o} ${os_xml_o} ${os_zlib_o} ${UNIT_TEST_WRAPPERS} os_auth/ssl.o os_auth/check_cert.o addagent/validate.o ${manage_agents} analysisd/logmsg.o
+ echo "SCLE: PLUP1"
${OSSEC_LINK} $@ $^
${OSSEC_RANLIB} $@
@@ -1737,10 +1750,12 @@ ifeq (${uname_S},Darwin)
WAZUH_SHFLAGS=-install_name @rpath/libwazuhext.$(SHARED)
$(WAZUHEXT_LIB): $(EXTERNAL_LIBS)
+ @echo "[SCLE] $(WAZUHEXT_LIB) - SHARED: $(OSSEC_SHARED) - CFLAGS: $(OSSEC_CFLAGS)"
$(OSSEC_SHARED) $(OSSEC_CFLAGS) $(WAZUH_SHFLAGS) -o $@ -Wl,-all_load $^ -Wl,-noall_load $(OSSEC_LIBS)
else
ifeq (${TARGET}, winagent)
$(WAZUHEXT_LIB): $(EXTERNAL_LIBS)
+ @echo "[SCLE] PLOP5"
$(OSSEC_SHARED) $(OSSEC_CFLAGS) -o $@ -static-libgcc -Wl,--export-all-symbols -Wl,--whole-archive $^ -Wl,--no-whole-archive ${OSSEC_LIBS}
else
ifeq (${uname_S},SunOS)
@@ -1751,14 +1766,17 @@ LIBGCC_FLAGS := -Wl,-rpath,\$$ORIGIN
endif
ifeq (${uname_P},sparc)
$(WAZUHEXT_LIB): $(EXTERNAL_LIBS)
+ @echo "[SCLE] PLOP6"
$(OSSEC_SHARED) $(OSSEC_CFLAGS) -mimpure-text -o $@ $(LIBGCC_FLAGS) -Wl,--whole-archive $^ -Wl,--no-whole-archive ${OSSEC_LIBS}
else
$(WAZUHEXT_LIB): $(EXTERNAL_LIBS)
+ @echo "[SCLE] PLOP1"
$(OSSEC_SHARED) $(OSSEC_CFLAGS) -o $@ $(LIBGCC_FLAGS) -Wl,--whole-archive $^ -Wl,--no-whole-archive ${OSSEC_LIBS}
endif
else
ifneq (,$(filter ${uname_S},AIX HP-UX))
$(WAZUHEXT_LIB): $(EXTERNAL_LIBS)
+ @echo "[SCLE] PLOP2"
mkdir -p libwazuhext;
find external/ -name \*.a -exec cp {} libwazuhext/ \;
for lib in libcjson.a libz.a libmsgpack.a libssl.a libcrypto.a libsqlite3.a libyaml.a libpcre2-8.a ; do \
@@ -1769,6 +1787,7 @@ $(WAZUHEXT_LIB): $(EXTERNAL_LIBS)
else
$(WAZUHEXT_LIB): $(EXTERNAL_LIBS)
+ @echo "[SCLE] PLOP3"
$(OSSEC_SHARED) $(OSSEC_CFLAGS) -o $@ -Wl,--whole-archive $^ -Wl,--no-whole-archive ${OSSEC_LIBS}
endif
endif
@@ -1840,12 +1859,15 @@ os_logcollector_o := $(os_logcollector_c:.c=.o)
os_logcollector_eventchannel_o := $(os_logcollector_c:.c=-event.o)
logcollector/%.o: logcollector/%.c
+ @echo "[SCLE] logcollector - OSSEC_CFLAGS: ${OSSEC_CFLAGS}"
${OSSEC_CC} ${OSSEC_CFLAGS} -DARGV0=\"wazuh-logcollector\" -c $^ -o $@
logcollector/%-event.o: logcollector/%.c
+ @echo "[SCLE] logcollector2 - OSSEC_CFLAGS: ${OSSEC_CFLAGS}"
${OSSEC_CC} ${OSSEC_CFLAGS} -DEVENTCHANNEL_SUPPORT -DARGV0=\"wazuh-logcollector\" -c $^ -o $@
wazuh-logcollector: ${os_logcollector_o}
+ @echo "[SCLE] wazuh-logcollector - OSSEC_LDFLAGS: ${OSSEC_LDFLAGS}"
${OSSEC_CCBIN} ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -o $@
#### remoted #########
@@ -1865,9 +1887,11 @@ client_agent_c := $(wildcard client-agent/*.c)
client_agent_o := $(client_agent_c:.c=.o)
client-agent/%.o: client-agent/%.c
+ @echo "client-agent - OSSEC_CC: ${OSSEC_CC} - OSSEC_CFLAGS: ${OSSEC_CFLAGS}"
${OSSEC_CC} ${OSSEC_CFLAGS} -I./client-agent -DARGV0=\"wazuh-agentd\" -c $^ -o $@
wazuh-agentd: ${client_agent_o} monitord/rotate_log.o monitord/compress_log.o
+ @echo "wazuh-agentd - OSSEC_LDFLAGS: ${OSSEC_LDFLAGS}"
${OSSEC_CCBIN} ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -o $@
#### addagent ######
@@ -1876,10 +1900,12 @@ addagent_c := $(wildcard addagent/*.c)
addagent_o := $(addagent_c:.c=.o)
addagent/%.o: addagent/%.c
+ @echo "addagent - OSSEC_CFLAGS: ${OSSEC_CFLAGS}"
${OSSEC_CC} ${OSSEC_CFLAGS} -I./addagent -DARGV0=\"manage_agents\" -c $^ -o $@
manage_agents: ${addagent_o}
+ @echo "manage_agents - OSSEC_LDFLAGS: ${OSSEC_LDFLAGS}"
${OSSEC_CCBIN} ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -o $@
#### Active Response ####
@@ -1954,10 +1980,12 @@ ifeq (${uname_S},Darwin)
WAZUH_SHARED_SHFLAGS=-install_name @rpath/libwazuhshared.$(SHARED)
$(WAZUH_LIB): $(WAZUHEXT_LIB) $(AR_PROGRAMS_DEPS)
+ @echo "[SCLE] PLAP1"
$(OSSEC_SHARED) $(OSSEC_CFLAGS) $(WAZUH_SHARED_SHFLAGS) -o $@ -Wl,-all_load $^ -Wl,-noall_load $(OSSEC_LIBS)
else
ifeq (${TARGET}, winagent)
$(WAZUH_LIB): $(WAZUHEXT_LIB) $(AR_PROGRAMS_DEPS)
+ @echo "[SCLE] PLAP2"
$(OSSEC_SHARED) $(OSSEC_CFLAGS) -UOSSECHIDS -o $@ -static-libgcc -Wl,--export-all-symbols -Wl,--whole-archive $^ -Wl,--no-whole-archive ${OSSEC_LIBS}
else
ifeq (${uname_S},SunOS)
@@ -1968,17 +1996,21 @@ LIBGCC_FLAGS := -Wl,-rpath,\$$ORIGIN
endif
ifeq (${uname_P},sparc)
$(WAZUH_LIB): $(WAZUHEXT_LIB) $(AR_PROGRAMS_DEPS)
+ @echo "[SCLE] PLAP3"
$(OSSEC_SHARED) $(OSSEC_CFLAGS) -mimpure-text -o $@ $(LIBGCC_FLAGS) -Wl,--whole-archive $^ -Wl,--no-whole-archive ${OSSEC_LIBS}
else
$(WAZUH_LIB): $(WAZUHEXT_LIB) $(AR_PROGRAMS_DEPS)
+ @echo "[SCLE] PLAP4"
$(OSSEC_SHARED) $(OSSEC_CFLAGS) -o $@ $(LIBGCC_FLAGS) -Wl,--whole-archive $^ -Wl,--no-whole-archive ${OSSEC_LIBS}
endif
else
ifneq (,$(filter ${uname_S},AIX HP-UX))
$(WAZUH_LIB): $(WAZUHEXT_LIB) $(AR_PROGRAMS_DEPS)
+ @echo "[SCLE] PLAP5"
$(OSSEC_SHARED) $(OSSEC_CFLAGS) $^ ${OSSEC_LIBS} -o $@ -static-libgcc
else
$(WAZUH_LIB): $(WAZUHEXT_LIB) $(AR_PROGRAMS_DEPS)
+ @echo "[SCLE] PLAP6"
$(OSSEC_SHARED) $(OSSEC_CFLAGS) -o $@ -Wl,--whole-archive $^ -Wl,--no-whole-archive ${OSSEC_LIBS}
endif
endif
@@ -2028,6 +2060,7 @@ rootcheck/%.o: rootcheck/%.c
${OSSEC_CC} ${OSSEC_CFLAGS} -DARGV0=\"rootcheck\" -c $^ -o $@
librootcheck.a: ${rootcheck_o_lib}
+ @echo "SCLE: librootcheck.a"
${OSSEC_LINK} $@ $^
${OSSEC_RANLIB} $@
@@ -2035,7 +2068,7 @@ librootcheck.a: ${rootcheck_o_lib}
#### FIM ######
wazuh-syscheckd: librootcheck.a libwazuh.a ${WAZUHEXT_LIB} build_shared_modules
- cd syscheckd && mkdir -p build && cd build && cmake ${CMAKE_OPTS} -DCMAKE_C_FLAGS="${DEFINES} -pipe -Wall -Wextra -std=gnu99" ${SYSCHECK_TEST} ${SYSCHECK_RELEASE_TYPE} .. && ${MAKE}
+ cd syscheckd && mkdir -p build && cd build && cmake ${CMAKE_OPTS} -DCMAKE_C_FLAGS="${DEFINES} -pipe -Wall -Wextra -std=gnu99" ${SYSCHECK_TEST} ${SYSCHECK_RELEASE_TYPE} --log-level=DEBUG .. && ${MAKE}
#### Monitor #######
@@ -2070,9 +2103,11 @@ os_auth/%.o: os_auth/%.c
${OSSEC_CC} ${OSSEC_CFLAGS} -I./os_auth -DARGV0=\"wazuh-authd\" -c $^ -o $@
agent-auth: addagent/validate.o os_auth/main-client.o os_auth/ssl.o os_auth/check_cert.o
+ @echo "agent-auth - OSSEC_LDFLAGS: ${OSSEC_LDFLAGS}"
${OSSEC_CCBIN} ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -o $@
wazuh-authd: addagent/validate.o os_auth/main-server.o os_auth/local-server.o os_auth/ssl.o os_auth/check_cert.o os_auth/config.o os_auth/authcom.o os_auth/auth.o os_auth/key_request.o os_auth/generate_cert.o
+ @echo "wazuh-authd - OSSEC_LDFLAGS: ${OSSEC_LDFLAGS}"
${OSSEC_CCBIN} ${OSSEC_LDFLAGS} $^ ${OSSEC_LIBS} -o $@
#### integratord #####

251
recipes-scanners/wazuh/files/0002-headers-correction.patch Normal file
View File

@@ -0,0 +1,251 @@
--- a/src/headers/expression.h
+++ b/src/headers/expression.h
@@ -12,7 +12,8 @@
#define EXPRESSION_H_
#define PCRE2_CODE_UNIT_WIDTH 8
-#include "../external/libpcre2/include/pcre2.h"
+//#include "../external/libpcre2/include/pcre2.h"
+#include <pcre2.h>
#include "../os_regex/os_regex.h"
#define OSMATCH_STR "osmatch"
--- a/src/headers/regex_op.h
+++ b/src/headers/regex_op.h
@@ -13,7 +13,8 @@
#ifndef WIN32
#include <regex.h>
-#include "../external/sqlite/sqlite3.h"
+#include <sqlite3.h>
+//#include "../external/sqlite/sqlite3.h"
/**
* @brief Compare a string with a regular expression.
--- a/src/headers/url.h
+++ b/src/headers/url.h
@@ -12,7 +12,8 @@
#ifndef URL_GET_H_
#define URL_GET_H_
-#include "../external/curl/include/curl/curl.h"
+//#include "../external/curl/include/curl/curl.h"
+#include <curl.h>
#define WURL_WRITE_FILE_ERROR "Cannot open file '%s'"
#define WURL_DOWNLOAD_FILE_ERROR "Cannot download file '%s' from URL: '%s'"
--- a/src/headers/yaml2json.h
+++ b/src/headers/yaml2json.h
@@ -11,7 +11,8 @@
#ifndef YAML2JSON_H
#define YAML2JSON_H
-#include "../external/libyaml/include/yaml.h"
+//#include "../external/libyaml/include/yaml.h"
+#include <yaml.h>
#include <cJSON.h>
int yaml_parse_stdin(yaml_document_t * document);
--- a/src/config/syscheck-config.h
+++ b/src/config/syscheck-config.h
@@ -143,7 +143,8 @@ typedef enum fdb_stmt {
#include "../os_crypto/md5_sha1_sha256/md5_sha1_sha256_op.h"
#include "integrity_op.h"
-#include "../external/sqlite/sqlite3.h"
+//#include "../external/sqlite/sqlite3.h"
+#include <sqlite3.h>
#include "../headers/list_op.h"
#ifdef WIN32
--- a/src/monitord/compress_log.c
+++ b/src/monitord/compress_log.c
@@ -10,8 +10,8 @@
#include "shared.h"
#include "monitord.h"
-#include "../external/zlib/zlib.h"
-
+//#include "../external/zlib/zlib.h"
+#include <zlib.h>
/* gzip a log file */
void OS_CompressLog(const char *logfile)
--- a/src/wazuh_db/wdb.h
+++ b/src/wazuh_db/wdb.h
@@ -15,7 +15,8 @@
#include <shared.h>
#include <pthread.h>
#include <openssl/evp.h>
-#include "../external/sqlite/sqlite3.h"
+//#include "../external/sqlite/sqlite3.h"
+#include <sqlite3.h>
#include "syscheck_op.h"
#include "rootcheck_op.h"
#include "wazuhdb_op.h"
--- a/src/wazuh_modules/wm_control.c
+++ b/src/wazuh_modules/wm_control.c
@@ -20,7 +20,8 @@
#include "wm_control.h"
#include "sysInfo.h"
#include "sym_load.h"
-#include "external/cJSON/cJSON.h"
+//#include "external/cJSON/cJSON.h"
+#include <cJSON.h>
#include "file_op.h"
#include "../os_net/os_net.h"
static void *wm_control_main();
--- a/src/wazuh_modules/wm_database.c
+++ b/src/wazuh_modules/wm_database.c
@@ -14,7 +14,8 @@
#include "remoted_op.h"
#include "wazuh_db/helpers/wdb_global_helpers.h"
#include "addagent/manage_agents.h" // FILE_SIZE
-#include "external/cJSON/cJSON.h"
+//#include "external/cJSON/cJSON.h"
+#include <cJSON.h>
#ifndef CLIENT
--- a/src/wazuh_modules/agent_upgrade/agent/wm_agent_upgrade_com.c
+++ b/src/wazuh_modules/agent_upgrade/agent/wm_agent_upgrade_com.c
@@ -21,7 +21,8 @@
#endif
#include <shared.h>
-#include "external/zlib/zlib.h"
+//#include "external/zlib/zlib.h"
+#include <zlib.h>
#include "os_crypto/sha1/sha1_op.h"
#include "os_crypto/signature/signature.h"
#include "wazuh_modules/wmodules.h"
--- a/src/wazuh_db/wdb_parser.c
+++ b/src/wazuh_db/wdb_parser.c
@@ -12,7 +12,8 @@
#include "wazuhdb_op.h"
#include "wdb.h"
#include "wdb_agents.h"
-#include "external/cJSON/cJSON.h"
+//#include "external/cJSON/cJSON.h"
+#include <cJSON.h>
#include "wdb_state.h"
#define HOTFIXES_FIELD_COUNT 3
--- a/src/shared/file_op.c
+++ b/src/shared/file_op.c
@@ -14,7 +14,8 @@
#include "shared.h"
#include "version_op.h"
-#include "../external/zlib/zlib.h"
+//#include "../external/zlib/zlib.h"
+#include <zlib.h>
#ifdef WAZUH_UNIT_TESTING
#ifdef WIN32
--- a/src/shared/debug_op.c
+++ b/src/shared/debug_op.c
@@ -9,7 +9,8 @@
*/
#include "headers/shared.h"
-#include <external/cJSON/cJSON.h>
+//#include <external/cJSON/cJSON.h>
+#include <cJSON.h>
#ifdef WIN32
#define localtime_r(x, y) localtime_s(y, x)
--- a/src/os_zlib/os_zlib.c
+++ b/src/os_zlib/os_zlib.c
@@ -10,7 +10,8 @@
#include "os_zlib.h"
-#include "../external/zlib/zlib.h"
+//#include "../external/zlib/zlib.h"
+#include <zlib.h>
unsigned long int os_zlib_compress(const char *src, char *dst,
unsigned long int src_size,
--- a/src/rootcheck/config.c
+++ b/src/rootcheck/config.c
@@ -12,7 +12,8 @@
#include "shared.h"
#include "rootcheck.h"
#include "config/config.h"
-#include "external/cJSON/cJSON.h"
+//#include "external/cJSON/cJSON.h"
+#include <cJSON.h>
/* Read the rootcheck config */
diff --git a/src/os_execd/execd.c b/src/os_execd/execd.c
index 6e07023b02..d4263b1559 100644
--- a/src/os_execd/execd.c
+++ b/src/os_execd/execd.c
@@ -13,7 +13,8 @@
#include "os_regex/os_regex.h"
#include "os_net/os_net.h"
#include "wazuh_modules/wmodules.h"
-#include "../external/cJSON/cJSON.h"
+//#include "../external/cJSON/cJSON.h"
+#include <cJSON.h>
#include "execd.h"
#include "active-response/active_responses.h"
diff --git a/src/os_execd/wcom.c b/src/os_execd/wcom.c
index ea99700ba7..bc731c1a2a 100644
--- a/src/os_execd/wcom.c
+++ b/src/os_execd/wcom.c
@@ -15,7 +15,8 @@
#include "os_crypto/sha1/sha1_op.h"
#include "os_crypto/signature/signature.h"
#include "wazuh_modules/wmodules.h"
-#include "external/zlib/zlib.h"
+//#include "external/zlib/zlib.h"
+#include <zlib.h>
#include "client-agent/agentd.h"
#include "logcollector/logcollector.h"
#include "rootcheck/rootcheck.h"
diff --git a/src/addagent/manage_keys.c b/src/addagent/manage_keys.c
index c1cd1e8245..330ae9fb7f 100644
--- a/src/addagent/manage_keys.c
+++ b/src/addagent/manage_keys.c
@@ -10,7 +10,8 @@
#include "manage_agents.h"
#include "os_crypto/md5/md5_op.h"
-#include "external/cJSON/cJSON.h"
+//#include "external/cJSON/cJSON.h"
+#include <cJSON.h>
#include <stdlib.h>
#include "config/authd-config.h"
diff --git a/src/addagent/manage_agents.c b/src/addagent/manage_agents.c
index 3f32cac1ea..1a9a369cff 100644
--- a/src/addagent/manage_agents.c
+++ b/src/addagent/manage_agents.c
@@ -16,7 +16,8 @@
#include "debug_op.h"
#include "defs.h"
#include "os_crypto/md5/md5_op.h"
-#include "external/cJSON/cJSON.h"
+//#include "external/cJSON/cJSON.h"
+#include <cJSON.h>
#include "os_err.h"
#include <stdio.h>
#include <stdlib.h>
diff --git a/src/syscheckd/src/whodata/syscheck_audit.c b/src/syscheckd/src/whodata/syscheck_audit.c
index b516852cea..c4e572753d 100644
--- a/src/syscheckd/src/whodata/syscheck_audit.c
+++ b/src/syscheckd/src/whodata/syscheck_audit.c
@@ -9,7 +9,8 @@
*/
#ifdef __linux__
#include "syscheck_audit.h"
-#include "../external/procps/readproc.h"
+//#include "../external/procps/readproc.h"
+#include <proc/readproc.h>
#include <sys/socket.h>
#include <sys/un.h>

76
recipes-scanners/wazuh/files/0003-CMakeLists.patch Normal file
View File

@@ -0,0 +1,76 @@
diff --git a/src/shared_modules/dbsync/CMakeLists.txt b/src/shared_modules/dbsync/CMakeLists.txt
index bca1b4b3d3..88671b07fc 100644
--- a/src/shared_modules/dbsync/CMakeLists.txt
+++ b/src/shared_modules/dbsync/CMakeLists.txt
@@ -43,6 +43,9 @@ include_directories(${CMAKE_SOURCE_DIR}/include/)
include_directories(${CMAKE_SOURCE_DIR}/src/)
include_directories(${SHARED_MODULES}/utils/)
include_directories(${SHARED_MODULES}/common/)
+include_directories(${STAGING_DIR}/usr/include/)
+include_directories(${STAGING_DIR}/usr/include/cjson/)
+include_directories(${STAGING_DIR}/usr/include/curl/)
if(CMAKE_SYSTEM_NAME STREQUAL "HP-UX")
link_directories(${INSTALL_PREFIX}/lib)
@@ -54,6 +57,8 @@ endif(CMAKE_SYSTEM_NAME STREQUAL "HP-UX")
link_directories(${SRC_FOLDER})
link_directories(${SRC_FOLDER}/external/sqlite/)
link_directories(${SRC_FOLDER}/external/cJSON/)
+link_directories(${STAGING_DIR}/lib/)
+link_directories(${STAGING_DIR}/usr/lib/)
file(GLOB DBSYNC_SRC
"${CMAKE_SOURCE_DIR}/src/*.cpp"
diff --git a/src/shared_modules/rsync/CMakeLists.txt b/src/shared_modules/rsync/CMakeLists.txt
index 298ff49d94..e62c7abcac 100644
--- a/src/shared_modules/rsync/CMakeLists.txt
+++ b/src/shared_modules/rsync/CMakeLists.txt
@@ -45,6 +45,9 @@ include_directories(${CMAKE_SOURCE_DIR}/src/)
include_directories(${SHARED_MODULES}/dbsync/include/)
include_directories(${SHARED_MODULES}/utils/)
include_directories(${SHARED_MODULES}/common/)
+include_directories(${STAGING_DIR}/usr/include/)
+include_directories(${STAGING_DIR}/usr/include/cjson/)
+include_directories(${STAGING_DIR}/usr/include/curl/)
if(CMAKE_SYSTEM_NAME STREQUAL "HP-UX")
link_directories(${INSTALL_PREFIX}/lib)
@@ -57,6 +60,8 @@ link_directories(${SHARED_MODULES}/dbsync/build/lib/)
link_directories(${SRC_FOLDER})
link_directories(${SRC_FOLDER}/external/cJSON/)
link_directories(${SRC_FOLDER}/external/openssl/)
+link_directories(${STAGING_DIR}/lib/)
+link_directories(${STAGING_DIR}/usr/lib/)
file(GLOB RSYNC_SRC
"${CMAKE_SOURCE_DIR}/src/*.cpp")
--- a/src/syscheckd/CMakeLists.txt
+++ b/src/syscheckd/CMakeLists.txt
@@ -10,6 +10,8 @@ endif()
get_filename_component(SRC_FOLDER ${CMAKE_SOURCE_DIR}/../ ABSOLUTE)
+set(CMAKE_VERBOSE_MAKEFILE ON)
+
include_directories(${SRC_FOLDER}/headers/)
include_directories(${SRC_FOLDER}/external/cJSON/)
include_directories(${SRC_FOLDER}/external/bzip2/)
@@ -20,6 +22,9 @@ include_directories(${SRC_FOLDER}/external/openssl/include/)
include_directories(${SRC_FOLDER}/shared_modules/common/)
include_directories(${CMAKE_SOURCE_DIR}/include)
include_directories(${CMAKE_SOURCE_DIR}/src/db/include/)
+include_directories(${STAGING_DIR}/usr/include/)
+include_directories(${STAGING_DIR}/usr/include/cjson/)
+include_directories(${STAGING_DIR}/usr/include/curl/)
if(CMAKE_SYSTEM_NAME STREQUAL "HP-UX")
link_directories(${INSTALL_PREFIX}/lib)
@@ -28,6 +33,8 @@ endif(CMAKE_SYSTEM_NAME STREQUAL "HP-UX")
link_directories(${SRC_FOLDER}/shared_modules/dbsync/build/lib/)
link_directories(${SRC_FOLDER}/shared_modules/rsync/build/lib/)
link_directories(${SRC_FOLDER}/)
+link_directories(${STAGING_DIR}/lib/)
+link_directories(${STAGING_DIR}/usr/lib/)
add_definitions(-DARGV0="wazuh-syscheckd")

188
recipes-scanners/wazuh/files/ossec.conf Normal file
View File

@@ -0,0 +1,188 @@
<!--
Wazuh - Agent - Default configuration for Yocto build
More info at: https://documentation.wazuh.com
Mailing list: https://groups.google.com/forum/#!forum/wazuh
-->
<ossec_config>
<client>
<server>
<address>MANAGER_IP</address>
<port>1514</port>
<protocol>tcp</protocol>
</server>
<config-profile>yocto, zeus</config-profile>
<notify_time>10</notify_time>
<time-reconnect>60</time-reconnect>
<auto_restart>yes</auto_restart>
<crypto_method>aes</crypto_method>
</client>
<client_buffer>
<!-- Agent buffer options -->
<disabled>no</disabled>
<queue_size>5000</queue_size>
<events_per_second>500</events_per_second>
</client_buffer>
<!-- Policy monitoring -->
<rootcheck>
<disabled>no</disabled>
<check_files>yes</check_files>
<check_trojans>yes</check_trojans>
<check_dev>yes</check_dev>
<check_sys>yes</check_sys>
<check_pids>yes</check_pids>
<check_ports>yes</check_ports>
<check_if>yes</check_if>
<!-- Frequency that rootcheck is executed - every 12 hours -->
<frequency>43200</frequency>
<rootkit_files>etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>etc/shared/rootkit_trojans.txt</rootkit_trojans>
<skip_nfs>yes</skip_nfs>
</rootcheck>
<wodle name="cis-cat">
<disabled>yes</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
<java_path>wodles/java</java_path>
<ciscat_path>wodles/ciscat</ciscat_path>
</wodle>
<!-- Osquery integration -->
<wodle name="osquery">
<disabled>yes</disabled>
<run_daemon>yes</run_daemon>
<log_path>/var/log/osquery/osqueryd.results.log</log_path>
<config_path>/etc/osquery/osquery.conf</config_path>
<add_labels>yes</add_labels>
</wodle>
<!-- System inventory -->
<wodle name="syscollector">
<disabled>no</disabled>
<interval>1h</interval>
<scan_on_start>yes</scan_on_start>
<hardware>yes</hardware>
<os>yes</os>
<network>yes</network>
<packages>yes</packages>
<ports all="no">yes</ports>
<processes>yes</processes>
<!-- Database synchronization settings -->
<synchronization>
<max_eps>10</max_eps>
</synchronization>
</wodle>
<sca>
<enabled>yes</enabled>
<scan_on_start>yes</scan_on_start>
<interval>12h</interval>
<skip_nfs>yes</skip_nfs>
</sca>
<!-- File integrity monitoring -->
<syscheck>
<disabled>no</disabled>
<!-- Frequency that syscheck is executed default every 12 hours -->
<frequency>43200</frequency>
<scan_on_start>yes</scan_on_start>
<!-- Directories to check (perform all possible verifications) -->
<directories>/etc,/usr/bin,/usr/sbin</directories>
<directories>/bin,/sbin,/boot</directories>
<!-- Files/directories to ignore -->
<ignore>/etc/mtab</ignore>
<ignore>/etc/hosts.deny</ignore>
<ignore>/etc/mail/statistics</ignore>
<ignore>/etc/random-seed</ignore>
<ignore>/etc/random.seed</ignore>
<ignore>/etc/adjtime</ignore>
<ignore>/etc/httpd/logs</ignore>
<ignore>/etc/utmpx</ignore>
<ignore>/etc/wtmpx</ignore>
<ignore>/etc/cups/certs</ignore>
<ignore>/etc/dumpdates</ignore>
<ignore>/etc/svc/volatile</ignore>
<!-- File types to ignore -->
<ignore type="sregex">.log$|.swp$</ignore>
<!-- Check the file, but never compute the diff -->
<nodiff>/etc/ssl/private.key</nodiff>
<skip_nfs>yes</skip_nfs>
<skip_dev>yes</skip_dev>
<skip_proc>yes</skip_proc>
<skip_sys>yes</skip_sys>
<!-- Nice value for Syscheck process -->
<process_priority>10</process_priority>
<!-- Maximum output throughput -->
<max_eps>100</max_eps>
<!-- Database synchronization settings -->
<synchronization>
<enabled>yes</enabled>
<interval>5m</interval>
<max_interval>1h</max_interval>
<max_eps>10</max_eps>
</synchronization>
</syscheck>
<!-- Log analysis -->
<localfile>
<log_format>syslog</log_format>
<location>/var/ossec/logs/active-responses.log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/dpkg.log</location>
</localfile>
<localfile>
<log_format>command</log_format>
<command>df -P</command>
<frequency>360</frequency>
</localfile>
<localfile>
<log_format>full_command</log_format>
<command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
<alias>netstat listening ports</alias>
<frequency>360</frequency>
</localfile>
<localfile>
<log_format>full_command</log_format>
<command>last -n 20</command>
<frequency>360</frequency>
</localfile>
<!-- Active response -->
<active-response>
<disabled>no</disabled>
<ca_store>etc/wpk_root.pem</ca_store>
<ca_store>/path/to/my_cert.pem</ca_store>
<ca_verification>yes</ca_verification>
</active-response>
<!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
<logging>
<log_format>plain</log_format>
</logging>
</ossec_config>

17
recipes-scanners/wazuh/files/wazuh-agent.service Normal file
View File

@@ -0,0 +1,17 @@
[Unit]
Description=Wazuh agent
Wants=network-online.target
After=network.target network-online.target
[Service]
Type=forking
ExecStart=/usr/bin/env /var/ossec/bin/wazuh-control start
ExecStop=/usr/bin/env /var/ossec/bin/wazuh-control stop
ExecReload=/usr/bin/env /var/ossec/bin/wazuh-control reload
KillMode=process
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

253
recipes-scanners/wazuh/wazuh-agent_4.7.0.bb Normal file
View File

@@ -0,0 +1,253 @@
# Copyright (C) 2023 Vincent BENOIT <vincent.benoit@scle.fr>
# Release under the MIT license (see COPYING.MIT for the terms)
HOMEPAGE = "https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent-package-linux.html"
SUMMARY = "The agent runs on the host you want to monitor and communicates with the Wazuh server"
MAINTAINER = "Vincent BENOIT <vincent.benoit@benserv.fr>"
LIC_FILES_CHKSUM = "file://LICENSE;md5=i522ae3a9266aa0b86a5f314c85dbb560"
LICENSE = "CLOSED"
FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
DEPENDS = "curl-native \
audit-userspace \
cjson \
curl \
libffi \
procps \
openssl \
libyaml \
libdbi \
libffi \
libyaml \
openssl \
procps \
sqlite3 \
zlib \
bzip2 \
nlohmann-json \
googletest \
libpcre2 \
libplist \
libarchive \
popt \
msgpack-c \
rpm \
cmake-native \
wazuh-users \
"
RDEPENDS_${PN} += "wazuh-users"
inherit systemd
SRC_URI = " \
git://github.com/wazuh/wazuh.git;protocol=https;branch=master \
file://ossec.conf \
file://wazuh-agent.service \
file://0001-Makefile.patch \
file://0002-headers-correction.patch \
file://0003-CMakeLists.patch \
"
SRCREV = "786d3137f57ca9132c4cfc4501ad68c2554c3cb8"
PV = "4.7.0"
S = "${WORKDIR}/git"
SYSTEMD_AUTO_ENABLE = "enable"
SYSTEMD_SERVICE_${PN} = "wazuh-agent.service"
EXTRA_OEMAKE = ' \
CC="${CC}" \
CXX="${CXX}" \
RANLIB="${RANLIB}" \
AR="${AR}" \
CFLAGS="${CFLAGS} -I${STAGING_INCDIR} -I${STAGING_INCDIR}/cjson -I${STAGING_INCDIR}/curl" \
LDFLAGS="-Wl,--sysroot=${STAGING_DIR_TARGET} -L${STAGING_LIBDIR} -lm -lcjson -lssl -lcrypto -lpcre2-8 -lz -lsqlite3 -lyaml -lcurl -lmsgpackc -laudit -lprocps" \
CMAKE_OPTS="-DSTAGING_DIR=${STAGING_DIR_TARGET}" \
'
do_compile() {
(cd src && oe_runmake TARGET=agent INSTALLDIR="/var/ossec")
}
do_install() {
install -d ${D}${systemd_unitdir}/system/
install -m 0644 ${WORKDIR}/wazuh-agent.service ${D}${systemd_unitdir}/system/
install -d -o root -g wazuh ${D}/var/ossec
install -d ${D}/var/ossec/lib
install -m 0750 -o root -g wazuh ${S}/src/libwazuhext.so ${D}/var/ossec/lib/
install -m 0750 -o root -g wazuh ${S}/src/libwazuhshared.so ${D}/var/ossec/lib/
install -m 0750 -o root -g wazuh ${S}/src/shared_modules/dbsync/build/lib/libdbsync.so ${D}/var/ossec/lib/
install -m 0750 -o root -g wazuh ${S}/src/shared_modules/rsync/build/lib/librsync.so ${D}/var/ossec/lib/
install -m 0750 -o root -g wazuh ${S}/src/syscheckd/build/lib/libfimdb.so ${D}/var/ossec/lib/
chrpath -d ${D}/var/ossec/lib/libfimdb.so
chrpath -d ${D}/var/ossec/lib/librsync.so
chrpath -d ${D}/var/ossec/lib/libdbsync.so
install -d ${D}/var/ossec/bin
install -m 0750 ${S}/src/wazuh-agentd ${D}/var/ossec/bin/
install -m 0750 ${S}/src/agent-auth ${D}/var/ossec/bin/
install -m 0750 ${S}/src/wazuh-logcollector ${D}/var/ossec/bin/
install -m 0750 ${S}/src/syscheckd/build/bin/wazuh-syscheckd ${D}/var/ossec/bin/
install -m 0750 ${S}/src/wazuh-execd ${D}/var/ossec/bin/
install -m 0750 ${S}/src/manage_agents ${D}/var/ossec/bin/
install -m 0750 ${S}/src/wazuh-modulesd ${D}/var/ossec/bin/
install -m 0750 ${S}/src/init/wazuh-client.sh ${D}/var/ossec/bin/wazuh-control
chrpath -d ${D}/var/ossec/bin/wazuh-syscheckd
install -d -o root -g wazuh ${D}${localstatedir}/ossec/tmp
install -d -o root -g wazuh ${D}${localstatedir}/ossec/queue
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/rids
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/alerts
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/sockets
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/diff
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/fim
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/fim/db
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/syscollector
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/syscollector/db
install -m 0640 ${S}/src/wazuh_modules/syscollector/norm_config.json ${D}/var/ossec/queue/syscollector/
chown root:wazuh ${D}/var/ossec/queue/syscollector/norm_config.json
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/logcollector
install -d -o root -g wazuh ${D}${localstatedir}/ossec/incoming
install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset
install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca
install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca/generic
install -m 0640 -o root -g wazuh ${S}/ruleset/sca/generic/*.yml ${D}/var/ossec/ruleset/sca/generic/
install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca/mongodb
install -m 0640 -o root -g wazuh ${S}/ruleset/sca/mongodb/*.yml ${D}/var/ossec/ruleset/sca/mongodb/
install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca/applications
install -m 0640 -o root -g wazuh ${S}/ruleset/sca/applications/*.yml ${D}/var/ossec/ruleset/sca/applications/
install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca/nginx
install -m 0640 -o root -g wazuh ${S}/ruleset/sca/nginx/*.yml ${D}/var/ossec/ruleset/sca/nginx/
install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles
install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/gcloud
install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/gcloud/pubsub
install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/gcloud/buckets
install -d -o root -g wazuh ${D}${localstatedir}/ossec/var/wodles
install -m 0750 -o root -g wazuh ${S}/wodles/__init__.py ${D}/var/ossec/wodles/
install -m 0750 -o root -g wazuh ${S}/wodles/utils.py ${D}/var/ossec/wodles/
install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/aws
install -m 0750 -o root -g wazuh ${S}/wodles/aws/aws_s3.py ${D}/var/ossec/wodles/aws/aws-s3
install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/gcloud.py ${D}/var/ossec/wodles/gcloud/gcloud
install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/integration.py ${D}/var/ossec/wodles/gcloud/
install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/tools.py ${D}/var/ossec/wodles/gcloud/
install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/exceptions.py ${D}/var/ossec/wodles/gcloud/
install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/buckets/bucket.py ${D}/var/ossec/wodles/gcloud/buckets/
install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/buckets/access_logs.py ${D}/var/ossec/wodles/gcloud/buckets/
install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/pubsub/subscriber.py ${D}/var/ossec/wodles/gcloud/pubsub/
install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/docker
install -m 0750 -o root -g wazuh ${S}/wodles/docker-listener/DockerListener.py ${D}/var/ossec/wodles/docker/DockerListener
install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/azure
install -m 0750 -o root -g wazuh ${S}/wodles/azure/azure-logs.py ${D}/var/ossec/wodles/azure/azure-logs
install -m 0750 -o root -g wazuh ${S}/wodles/azure/orm.py ${D}/var/ossec/wodles/azure/
install -d -o wazuh -g wazuh ${D}/var/ossec/etc
install -d -o root -g wazuh ${D}/var/ossec/etc/shared
install -m 0660 -o root -g wazuh ${WORKDIR}/ossec.conf ${D}/var/ossec/etc/
install -m 0660 -o root -g wazuh ${S}/ruleset/rootcheck/db/*.txt ${D}/var/ossec/etc/shared/
install -m 0640 -o root -g wazuh ${S}/etc/wpk_root.pem ${D}/var/ossec/etc/
touch ${D}/var/ossec/etc/client.keys
chown -R root:wazuh ${D}/var/ossec/etc/client.keys
install -m 0640 -o root -g wazuh ${S}/etc/internal_options.conf ${D}/var/ossec/etc/
install -m 0640 -o root -g wazuh ${S}/etc/local_internal_options.conf ${D}/var/ossec/etc/
install -d -o root -g wazuh ${D}/var/ossec/active-response
install -d -o root -g wazuh ${D}/var/ossec/active-response/bin
install -m 0750 -o root -g wazuh ${S}/src/firewalld-drop ${D}/var/ossec/active-response/bin/
install -m 0750 -o root -g wazuh ${S}/src/wazuh-slack ${D}/var/ossec/active-response/bin/
install -m 0750 -o root -g wazuh ${S}/src/route-null ${D}/var/ossec/active-response/bin/
install -m 0750 -o root -g wazuh ${S}/src/restart-wazuh ${D}/var/ossec/active-response/bin/
install -m 0750 -o root -g wazuh ${S}/src/kaspersky ${D}/var/ossec/active-response/bin/
install -m 0750 -o root -g wazuh ${S}/src/ip-customblock ${D}/var/ossec/active-response/bin/
install -m 0750 -o root -g wazuh ${S}/src/pf ${D}/var/ossec/active-response/bin/
install -m 0750 -o root -g wazuh ${S}/src/npf ${D}/var/ossec/active-response/bin/
install -m 0750 -o root -g wazuh ${S}/src/ipfw ${D}/var/ossec/active-response/bin/
install -m 0750 -o root -g wazuh ${S}/src/default-firewall-drop ${D}/var/ossec/active-response/bin/
install -m 0750 -o root -g wazuh ${S}/src/disable-account ${D}/var/ossec/active-response/bin/
install -m 0750 -o root -g wazuh ${S}/src/host-deny ${D}/var/ossec/active-response/bin/
install -m 0750 -o root -g wazuh ${S}/src/active-response/kaspersky.py ${D}/var/ossec/active-response/bin/
install -m 0750 -o root -g wazuh ${S}/src/active-response/restart.sh ${D}/var/ossec/active-response/bin/
install -d -o root -g wazuh ${D}/var/ossec/agentless
install -m 0750 -o root -g wazuh ${S}/src/agentlessd/scripts/* ${D}/var/ossec/agentless/
install -d -o root -g wazuh ${D}/var/ossec/var
install -d -o root -g wazuh ${D}/var/ossec/var/run
install -d -o root -g wazuh ${D}/var/ossec/var/upgrade
install -d -o root -g wazuh ${D}/var/ossec/var/selinux
install -d -o root -g wazuh ${D}/var/ossec/var/incoming
install -d -o root -g wazuh ${D}/var/ossec/backup
install -d -o wazuh -g wazuh ${D}/var/ossec/logs
touch ${D}/var/ossec/logs/ossec.log
chown -R wazuh:wazuh ${D}/var/ossec/logs/ossec.log
touch ${D}/var/ossec/logs/ossec.json
chown -R wazuh:wazuh ${D}/var/ossec/logs/ossec.json
install -d -o wazuh -g wazuh ${D}/var/ossec/logs/wazuh
}
FILES_${PN} += " \
${systemd_unitdir}/system/wazuh-agent.service \
/var/ossec/lib/libwazuhext.so \
/var/ossec/lib/libwazuhshared.so \
/var/ossec/lib/libdbsync.so \
/var/ossec/lib/librsync.so \
/var/ossec/lib/libfimdb.so \
/var/ossec/bin/wazuh-agentd \
/var/ossec/bin/agent-auth \
/var/ossec/bin/wazuh-logcollector \
/var/ossec/bin/wazuh-syscheckd \
/var/ossec/bin/wazuh-execd \
/var/ossec/bin/manage_agents \
/var/ossec/bin/wazuh-modulesd \
/var/ossec/bin/wazuh-control \
/var/ossec/etc/ossec.conf \
/var/ossec/etc/shared/*.txt \
/var/ossec/etc/wpk_root.pem \
/var/ossec/etc/client.keys \
/var/ossec/etc/internal_options.conf \
/var/ossec/etc/local_internal_options.conf \
/var/ossec/active-response/bin/firewalld-drop \
/var/ossec/active-response/bin/wazuh-slack \
/var/ossec/active-response/bin/route-null \
/var/ossec/active-response/bin/restart-wazuh \
/var/ossec/active-response/bin/kaspersky \
/var/ossec/active-response/bin/ip-customblock \
/var/ossec/active-response/bin/pf \
/var/ossec/active-response/bin/npf \
/var/ossec/active-response/bin/ipfw \
/var/ossec/active-response/bin/default-firewall-drop \
/var/ossec/active-response/bin/disable-account \
/var/ossec/active-response/bin/host-deny \
/var/ossec/active-response/bin/kapersky.py \
/var/ossec/active-response/bin/restart.sh \
/var/ossec/ruleset/sca/generic/*.yml \
/var/ossec/ruleset/sca/mongodb/*.yml \
/var/ossec/ruleset/sca/applications/*.yml \
/var/ossec/ruleset/sca/nginx/*.yml \
/var/ossec/wodles/__init__.py \
/var/ossec/wodles/utils.py \
/var/ossec/wodles/aws/aws-s3 \
/var/ossec/wodles/gcloud/gcloud \
/var/ossec/wodles/gcloud/integration.py \
/var/ossec/wodles/gcloud/tools.py \
/var/ossec/wodles/gcloud/exceptions.py \
/var/ossec/wodles/gcloud/buckets/bucket.py \
/var/ossec/wodles/gcloud/buckets/access_logs.py \
/var/ossec/wodles/gcloud/pubsub/subscriber.py \
/var/ossec/wodles/docker/DockerListener \
/var/ossec/wodles/azure/azure-logs \
/var/ossec/wodles/azure/orm.py \
/var/ossec/agentless/* \
/var/ossec/logs/ossec.log \
/var/ossec/logs/ossec.json \
"
INSANE_SKIP_${PN} = "ldflags"
#For dev packages only
INSANE_SKIP_${PN}-dev = "ldflags"

23
recipes-scanners/wazuh/wazuh-users.bb Normal file
View File

@@ -0,0 +1,23 @@
# Copyright (C) 2023 Vincent BENOIT <vincent.benoit@scle.fr>
# Release under the MIT license (see COPYING.MIT for the terms)
SUMMARY = "Wazuh Users"
MAINTAINER = "Vincent BENOIT <vincent.benoit@scle.fr>"
LICENSE = "CLOSED"
#DEPENDS_${PN} = "base-files"
S = "${WORKDIR}"
inherit useradd
USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM_${PN} = "-g 987 --system wazuh;"
# To change the password use something like this : "mkpasswd -m sha-512 p@ssw0rd -s 'seed'"
# mkpasswd from 'whois' debian package
USERADD_PARAM_${PN} = "-u 1234 -g 987 --system --shell /bin/bash --password '\$6\$wazuhAgent\$Q/QdBOx6lTuY6Z0P8yTRYboRNil49oNOJOwG41H3.9YLnAMmuKG6qw8hwWuE7r/rdirrd9zhdHVFLJNpJK6Mn1' wazuh"
# Specify whether to produce an output package even if it is empty
ALLOW_EMPTY_${PN} = "1"

70
recipes-support/sqlite/sqlite3.inc Normal file
View File

@@ -0,0 +1,70 @@
SUMMARY = "Embeddable SQL database engine"
HOMEPAGE = "http://www.sqlite.org"
SECTION = "libs"
PE = "3"
def sqlite_download_version(d):
pvsplit = d.getVar('PV').split('.')
if len(pvsplit) < 4:
pvsplit.append('0')
return pvsplit[0] + ''.join([part.rjust(2,'0') for part in pvsplit[1:]])
SQLITE_PV = "${@sqlite_download_version(d)}"
S = "${WORKDIR}/sqlite-autoconf-${SQLITE_PV}"
UPSTREAM_CHECK_URI = "http://www.sqlite.org/"
UPSTREAM_CHECK_REGEX = "releaselog/(?P<pver>(\d+[\.\-_]*)+)\.html"
CVE_PRODUCT = "sqlite"
inherit autotools pkgconfig siteinfo
# enable those which are enabled by default in configure
PACKAGECONFIG ?= "fts4 fts5 json1 rtree dyn_ext"
PACKAGECONFIG_class-native ?= "fts4 fts5 json1 rtree dyn_ext"
PACKAGECONFIG[editline] = "--enable-editline,--disable-editline,libedit"
PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline ncurses"
PACKAGECONFIG[fts3] = "--enable-fts3,--disable-fts3"
PACKAGECONFIG[fts4] = "--enable-fts4,--disable-fts4"
PACKAGECONFIG[fts5] = "--enable-fts5,--disable-fts5"
PACKAGECONFIG[json1] = "--enable-json1,--disable-json1"
PACKAGECONFIG[rtree] = "--enable-rtree,--disable-rtree"
PACKAGECONFIG[session] = "--enable-session,--disable-session"
PACKAGECONFIG[dyn_ext] = "--enable-dynamic-extensions,--disable-dynamic-extensions"
PACKAGECONFIG[zlib] = ",,zlib"
CACHED_CONFIGUREVARS += "${@bb.utils.contains('PACKAGECONFIG', 'zlib', '', 'ac_cv_search_deflate=no',d)}"
EXTRA_OECONF = " \
--enable-shared \
--enable-threadsafe \
--disable-static-shell \
"
CFLAGS_append = " -fPIC"
# pread() is in POSIX.1-2001 so any reasonable system must surely support it
CFLAGS_append = " -DUSE_PREAD"
# Provide column meta-data API
CFLAGS_append = " -DSQLITE_ENABLE_COLUMN_METADATA"
# Unless SQLITE_BYTEORDER is predefined, the code falls back to build time
# huristics, which are not always correct
CFLAGS_append = " ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DSQLITE_BYTEORDER=1234', '-DSQLITE_BYTEORDER=4321', d)}"
PACKAGES = "lib${BPN} lib${BPN}-dev lib${BPN}-doc ${PN}-dbg lib${BPN}-staticdev ${PN}"
FILES_${PN} = "${bindir}/*"
FILES_lib${BPN} = "${libdir}/*.so.*"
FILES_lib${BPN}-dev = "${libdir}/*.la ${libdir}/*.so \
${libdir}/pkgconfig ${includedir}"
FILES_lib${BPN}-doc = "${docdir} ${mandir} ${infodir}"
FILES_lib${BPN}-staticdev = "${libdir}/lib*.a"
AUTO_LIBNAME_PKGS = "${MLPREFIX}lib${BPN}"
BBCLASSEXTEND = "native nativesdk"

11
recipes-support/sqlite/sqlite3_3.36.0.bb Normal file
View File

@@ -0,0 +1,11 @@
require sqlite3.inc
LICENSE = "PD"
LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66"
SRC_URI = "http://www.sqlite.org/2021/sqlite-autoconf-${SQLITE_PV}.tar.gz \
"
SRC_URI[md5sum] = "f5752052fc5b8e1b539af86a3671eac7"
SRC_URI[sha256sum] = "bd90c3eb96bee996206b83be7065c9ce19aef38c3f4fb53073ada0d0b69bbce3"
PREFERRED_VERSION_glibc = "2.30"

274
scripts/envsetup.sh Normal file
View File

@@ -0,0 +1,274 @@
#!/bin/bash
#----------------------------------------------
# Make sure script has been sourced
#
if [ "$0" = "$BASH_SOURCE" ]; then
echo "###################################"
echo "ERROR: YOU MUST SOURCE the script"
echo "###################################"
exit 1
fi
BUILD_DIR=$1
# Init env var
SCLE_ROOT_DIR=`realpath $PWD`
SCLE_DIR="meta-cyber-scle"
if [ "a${SCLE_DL_DIR}" = "a" ]; then
SCLE_DL_DIR="$SCLE_ROOT_DIR/oe-downloads"
fi
if [ "a${SCLE_SSTATE_DIR}" = "a" ]; then
SCLE_SSTATE_DIR="${SCLE_ROOT_DIR}/sstate-cache"
fi
# Use utf-8 encoding
if ! echo $LANG | grep -q "en_US.UTF-8"
then
export LANG="en_US.UTF-8"
fi
if [ "a${DISTRO}" = "a" ]; then
DISTRO="rpi-distro"
fi
if [ "a${MACHINE}" = "a" ]; then
MACHINE="raspberrypi4"
fi
if [ "a${VERS}" = "a" ]; then
VERS="none"
fi
if [ "a${REV}" = "a" ]; then
REV="0"
fi
_TEMPLATECONF="$SCLE_ROOT_DIR/${SCLE_DIR}/conf/template/"
#----------------------------------------------
# Standard Openembedded init
#
echo -e "[source $SCLE_ROOT_DIR/poky/oe-init-build-env]"
TEMPLATECONF=${_TEMPLATECONF} source $SCLE_ROOT_DIR/poky/oe-init-build-env ${BUILD_DIR} > /dev/null 2> /dev/null
_FORMAT_PATTERN='::-::'
######################################################
# Make selection for <TARGET> requested from <LISTING> provided using shell or ui choice
#
_choice_shell() {
#format list to have display aligned on column with '-' separation between name and description
local options=$(echo "$2" | column -t -s "::")
if [ "z$ZSH_NAME" != "z" ]
then
# zsh don't split string as expected (see http://zsh.sourceforge.net/FAQ/zshfaq03.html)
eval "options=($options)"
fi
#change separator from 'space' to 'end of line' for 'select' command
old_IFS=$IFS
IFS=$'\n'
local i=1
unset LAUNCH_MENU_CHOICES
for opt in $options; do
printf "%3.3s. %s\n" $i $opt
LAUNCH_MENU_CHOICES=(${LAUNCH_MENU_CHOICES[@]} $opt)
i=$(($i+1))
done
IFS=$old_IFS
# Item selection from list
local selection=""
while [ -z "$selection" ]; do
echo -n "Please enter your choice of $1 (1-$(echo "$options" | wc -l)): "
read answer
if [[ $answer =~ ^[0-9]+$ ]]; then
if [ $answer -gt 0 ] && [ $answer -le ${#LAUNCH_MENU_CHOICES[@]} ]; then
if [ "z$ZSH_NAME" != "z" ]
then
selection=${LAUNCH_MENU_CHOICES[$(($answer))]}
else
selection=${LAUNCH_MENU_CHOICES[$(($answer-1))]}
fi
break
fi
fi
echo "Invalid choice: $answer"
done
eval $1=$(echo $selection | cut -d' ' -f1)
}
_choice_ui() {
local target=""
#change separator from 'space' to 'end of line' to get full line
old_IFS=$IFS
IFS=$'\n'
for ITEM in $2; do
local target_name=$(echo $ITEM | awk -F''"${_FORMAT_PATTERN}"'' '{print $1}')
local target_desc=$(echo $ITEM | awk -F''"${_FORMAT_PATTERN}"'' '{print $NF}')
TARGETTABLE+=($target_name "$target_desc" OFF)
done
IFS=$old_IFS
while [[ -z $target ]]
do
target=$(${UI_CMD} --title "Available $1" --radiolist "Please choose a $1" 0 0 0 "${TARGETTABLE[@]}" 3>&1 1>&2 2>&3)
test -z $target || break
#display dialog box to provide some help to user
${UI_CMD} --title "How to select $1" --msgbox "Keyboard usage:\n\n'ENTER' to validate\n'SPACE' to select\n 'TAB' to navigate" 0 0
done
unset TARGETTABLE
unset ITEM
eval $1=$target
}
choice() {
local __TARGET=$1
local choices="$2"
echo "[$__TARGET configuration]"
if [ $(echo "$choices" | wc -l) -eq 1 ]; then
eval $__TARGET=$(echo $choices | awk -F''"${_FORMAT_PATTERN}"'' '{print $1}')
else
if ! [[ -z $DISPLAY ]] && ! [[ -z ${UI_CMD} ]]; then
_choice_ui $__TARGET "$choices"
else
_choice_shell $__TARGET "$choices"
fi
fi
echo "Selected $__TARGET: $(eval echo \$$__TARGET)"
echo ""
}
######################################################
# Choose target machine
#
conf_machine()
{
local choices=$(find ${SCLE_ROOT_DIR}/${SCLE_DIR}/conf/machine/ -name "*.conf" 2>/dev/null | sort | uniq)
for ITEM in $choices
do
if [[ -z $(grep "#@DESCRIPTION" $ITEM) ]]; then
echo ""
echo "ERROR: No '#@DESCRIPTION' field available in $__CONGIG file:"
echo "$ITEM"
echo ""
return 1
fi
done
unset ITEM
if [ $(echo $choices | wc -l) -eq 1 ]; then
# return only file name (distro or machine)
echo "$(echo $choices | sed 's|^.*/\(.*\)\.conf|\1|')"
else
echo "$(echo $choices | xargs grep "#@DESCRIPTION" | sed 's|^.*/\(.*\)\.conf:#@DESCRIPTION:[ \t]*\(.*$\)|\1'"${_FORMAT_PATTERN}"'\2|')"
fi
}
######################################################
# Apply configuration to site.conf file
#
conf_siteconf()
{
_NCPU=$(grep '^processor' /proc/cpuinfo 2>/dev/null | wc -l)
# Sanity check that we have a valid number, if not then fallback to a safe default
[ "$_NCPU" -ge 1 ] 2>/dev/null || _NCPU=2
cat > conf/site.conf <<EOF
#
# local.conf covers user settings, site.conf covers site specific information
# such as proxy server addresses and optionally any shared download location
#
# SITE_CONF_VERSION is increased each time build/conf/site.conf
# changes incompatibly
SCONF_VERSION = "1"
BB_NUMBER_THREADS = "${_NCPU}"
PARALLEL_MAKE = "-j ${_NCPU}"
DL_DIR = "$SCLE_DL_DIR"
SSTATE_DIR = "$SCLE_SSTATE_DIR"
MACHINE = "$MACHINE"
DISTRO = "$DISTRO"
PACKAGE_CLASSES = "package_deb"
#LICENSE_FLAGS_WHITELIST += "commercial"
INHERIT += "rm_work"
EOF
}
######################################################
# Update bblayer.conf file
update_layerconf() {
cp $1/conf/template/bblayers.conf.sample conf/bblayers.conf
}
######################################################
# extract description for images provided
list_images_descr() {
list_images=$1
if [ "z$ZSH_NAME" != "z" ]
then
# zsh don't split string as expected (see http://zsh.sourceforge.net/FAQ/zshfaq03.html)
eval "list_images=($list_images)"
fi
for l in $list_images;
do
local image=`echo $l | sed -e 's#^.*/\([^/]*\).bb$#\1#'`
if [ ! -z "$(grep "^SUMMARY[ \t]*=" $l)" ]; then
local descr=`grep "^SUMMARY[ \t]*=" $l | sed -e 's/^.*"\(.*\)["\]$/\1/'`
else
local descr=`grep "^DESCRIPTION[ \t]*=" $l | sed -e 's/^.*"\(.*\)["\]$/\1/'`
fi
if [ -z "$descr" ] && [ "$2" == "ERR" ]; then
echo ""
echo "ERROR: No description available for image: $image"
echo "$l"
echo ""
return 1
else
printf " %-33s - $descr\n" $image
fi
done
}
######################################################
# alias function: list all images available
#
list_images() {
local metalayer=$1
if [[ -z $metalayer ]] || ! [[ -e "$SCLE_ROOT_DIR/$metalayer" ]]; then
echo ""
echo "ERROR: Cannot find layer '$metalayer' at $SCLE_ROOT_DIR/ root."
echo "Please use full meta layer path from baseline root:"
echo "eg: 'stoe_list_images openembedded-core'"
echo ""
return 1
fi
local LIST=`find $SCLE_ROOT_DIR/$metalayer/* -wholename "*/images/*.bb" | grep -v meta-skeleton | sort`
echo ""
echo "=================================================="
echo "Available images for '$metalayer' layer are:"
echo ""
list_images_descr "$LIST" "ERR"
echo ""
}
touch conf/local.conf
if [ -f conf/site.conf ]; then
echo "=====> !!!! [WARNING] site.conf already exists. Nothing done... !!!!"
else
conf_siteconf
fi
update_layerconf ${SCLE_ROOT_DIR}/${SCLE_DIR}
list_images ${SCLE_DIR}