diff options
author | Andrei Dinu <andrei.adrianx.dinu@intel.com> | 2013-07-24 16:43:29 +0300 |
---|---|---|
committer | Andrei Dinu <andrei.adrianx.dinu@intel.com> | 2013-07-24 16:52:28 +0300 |
commit | a1af92a7edaa4d9032f7a40a6c5002e1080c974c (patch) | |
tree | 74350d38209e7ec634c6164c750971f38bc269f9 | |
parent | e1a1986d8e2bb67e81c6318cab22b385a853d53d (diff) | |
download | meta-security-redhat-security_fix.tar.gz |
Fixed the issues that prevented redhat-security toolsredhat-security_fix
to run correctly.
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
-rw-r--r-- | README | 4 | ||||
-rw-r--r-- | recipes-security/redhat-security/files/find-elf4tmp.sh | 8 | ||||
-rw-r--r-- | recipes-security/redhat-security/files/rpm-chksec.sh | 2 | ||||
-rw-r--r-- | recipes-security/redhat-security/redhat-security_1.0.bb | 2 |
4 files changed, 10 insertions, 6 deletions
@@ -73,6 +73,10 @@ help for each package. | |||
73 | In this mode it will only give a summary result for the package. To find which files don't comply, | 73 | In this mode it will only give a summary result for the package. To find which files don't comply, |
74 | re-run using just the package name. | 74 | re-run using just the package name. |
75 | 75 | ||
76 | !!! WARNING !!! - in order to use this script you need to add to your conf/local.conf file the following lines: | ||
77 | IMAGE_ROOTFS_EXTRA_SPACE = "" - specifying the extra space of the image | ||
78 | IMAGE_FEATURES += "package management" - for the correct output of rpm -qa | ||
79 | |||
76 | - find-nodrop-groups.sh : This will scan a whole file system to see if a program makes calls to change UID | 80 | - find-nodrop-groups.sh : This will scan a whole file system to see if a program makes calls to change UID |
77 | and GID without also calling setgroups or initgroups. | 81 | and GID without also calling setgroups or initgroups. |
78 | 82 | ||
diff --git a/recipes-security/redhat-security/files/find-elf4tmp.sh b/recipes-security/redhat-security/files/find-elf4tmp.sh index 8f39baa..3118a70 100644 --- a/recipes-security/redhat-security/files/find-elf4tmp.sh +++ b/recipes-security/redhat-security/files/find-elf4tmp.sh | |||
@@ -19,7 +19,7 @@ if [ $# -ge 2 ] ; then | |||
19 | echo "Usage: find_elf4tmp [directory]" 1>&2 | 19 | echo "Usage: find_elf4tmp [directory]" 1>&2 |
20 | exit 1 | 20 | exit 1 |
21 | fi | 21 | fi |
22 | if [ ! -x /usr/bin/eu-strings ] ; then | 22 | if [ ! -x /usr/bin/strings ] ; then |
23 | echo "Skipping due to missing /usr/bin/eu-strings utility" | 23 | echo "Skipping due to missing /usr/bin/eu-strings utility" |
24 | exit 1 | 24 | exit 1 |
25 | fi | 25 | fi |
@@ -49,7 +49,7 @@ do | |||
49 | # Get just the elf executables | 49 | # Get just the elf executables |
50 | testf=`echo $f | /usr/bin/file -n -f - 2>/dev/null | grep ELF` | 50 | testf=`echo $f | /usr/bin/file -n -f - 2>/dev/null | grep ELF` |
51 | if [ x"$testf" != "x" ] ; then | 51 | if [ x"$testf" != "x" ] ; then |
52 | test_res=`/usr/bin/eu-strings $f | /bin/grep '/tmp/' | /bin/egrep -v 'XX|/tmp/$|[ .,:]/tmp/'` | 52 | test_res=`/usr/bin/strings $f | /bin/grep '/tmp/' | /bin/egrep -v 'XX|/tmp/$|[ .,:]/tmp/'` |
53 | if [ x"$test_res" = "x" ] ; then | 53 | if [ x"$test_res" = "x" ] ; then |
54 | continue | 54 | continue |
55 | fi | 55 | fi |
@@ -64,13 +64,13 @@ do | |||
64 | FOUND=1 | 64 | FOUND=1 |
65 | 65 | ||
66 | # Get the package | 66 | # Get the package |
67 | RPM=`/bin/rpm -qf --queryformat "%{NAME}-%{VERSION}" $f 2>/dev/null | /bin/grep -v 'not owned' | /bin/sort | /usr/bin/uniq` | 67 | RPM=`/bin/rpm -qf --queryformat "%{NAME}-%{VERSION}" $f 2>/dev/null | /bin/grep -v 'not owned' | /usr/bin/sort | /usr/bin/uniq` |
68 | if [ x"$RPM" = "x" ] ; then | 68 | if [ x"$RPM" = "x" ] ; then |
69 | RPM="<unowned>" | 69 | RPM="<unowned>" |
70 | fi | 70 | fi |
71 | 71 | ||
72 | # For each tmp string, output the line | 72 | # For each tmp string, output the line |
73 | echo $test_res | /usr/bin/tr '\b' '\n' | /bin/awk 'NF >= 1 { printf "%-46s\t%-30s\t%s\n", f, r, $1 }' r=$RPM f=$f | 73 | echo $test_res | /usr/bin/tr '\b' '\n' | /usr/bin/awk 'NF >= 1 { printf "%-46s\t%-30s\t%s\n", f, r, $1 }' r=$RPM f=$f |
74 | fi | 74 | fi |
75 | done | 75 | done |
76 | done | 76 | done |
diff --git a/recipes-security/redhat-security/files/rpm-chksec.sh b/recipes-security/redhat-security/files/rpm-chksec.sh index 983c218..a0e8bb1 100644 --- a/recipes-security/redhat-security/files/rpm-chksec.sh +++ b/recipes-security/redhat-security/files/rpm-chksec.sh | |||
@@ -242,7 +242,7 @@ if [ "$MODE" = "single" ] ; then | |||
242 | fi | 242 | fi |
243 | 243 | ||
244 | # Skip the kernel as its special | 244 | # Skip the kernel as its special |
245 | packages=`rpm -qa --queryformat "%{NAME}.%{ARCH}\n" | egrep -v 'kernel.|debuginfo.|.noarch|gpg-pubkey' | sort` | 245 | packages=`rpm -qa | egrep -v 'kernel.|debuginfo.|.noarch|gpg-pubkey' | sort` |
246 | printf "%-50s %-5s %-4s %-14s" "PACKAGE" "RELRO" "PIE" "CLASS" | 246 | printf "%-50s %-5s %-4s %-14s" "PACKAGE" "RELRO" "PIE" "CLASS" |
247 | echo | 247 | echo |
248 | for p in $packages | 248 | for p in $packages |
diff --git a/recipes-security/redhat-security/redhat-security_1.0.bb b/recipes-security/redhat-security/redhat-security_1.0.bb index 134cefe..5f92696 100644 --- a/recipes-security/redhat-security/redhat-security_1.0.bb +++ b/recipes-security/redhat-security/redhat-security_1.0.bb | |||
@@ -5,7 +5,7 @@ LICENSE = "GPLv2" | |||
5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" | 5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" |
6 | PR = "r0" | 6 | PR = "r0" |
7 | 7 | ||
8 | RDEPENDS_${PN} = "file" | 8 | RDEPENDS_${PN} = "file libcap-ng rpm rpmresolve procps findutils" |
9 | 9 | ||
10 | SRC_URI = "file://find-chroot-py.sh \ | 10 | SRC_URI = "file://find-chroot-py.sh \ |
11 | file://find-chroot.sh \ | 11 | file://find-chroot.sh \ |