Added missing functionality to buck-security

* added pinentry recipe needed for buck-security option * added missing rdepends to recipe * added functionality patch * updated README file Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
author: Andrei Dinu <andrei.adrianx.dinu@intel.com> 2013-08-01 10:52:33 +0300
committer: Andrei Dinu <andrei.adrianx.dinu@intel.com> 2013-08-01 10:52:33 +0300
commit: 9534de459e6d48dd9809710e9ce6bf6712821237 (patch)
tree: 439a47e7a5f6ff9d7d6d483e805f1ff5de57520c
parent: 37a5e5d66f8ee1177caa49519dc201df11fa5373 (diff)
download: meta-security-9534de459e6d48dd9809710e9ce6bf6712821237.tar.gz
4 files changed, 63 insertions, 3 deletions
diff --git a/README b/README
index 06f3948..c9549f9 100644
--- a/README
+++ b/README
@@ -154,7 +154,14 @@ help for each package.
        Buck-Security is a security scanner for Debian and Ubuntu Linux. It runs a couple of important checks and helps you to harden your Linux
        system. This enables you to quickly overview the security status of your Linux system.
-                usage : switch to directory /usr/local/buck-security.
+                usage : !!! before starting to use this tool please run the following command: !!!
+                                                export GPG_TTY=`tty`
+                                                This command is needed for the usage of the comand --make-checksum, which creates
+                                                a checksum for the files in the system.
+                                                switch to directory /usr/local/buck-security.
                        before running the script, you should check the activated checks in conf/buck-security.conf file.
                        after altering the changes, save the file and simply run :
diff --git a/recipes-security/buck-security/buck-security_0.6.bb b/recipes-security/buck-security/buck-security_0.6.bb
index 9d4f884..f58890f 100644
--- a/recipes-security/buck-security/buck-security_0.6.bb
+++ b/recipes-security/buck-security/buck-security_0.6.bb
@@ -4,9 +4,10 @@ system. This enables you to quickly overview the security status of your Linux s
 SECTION = "security"
 LICENSE = "GPL-2.0"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
-RDEPENDS_${PN} = "perl perl-module-term-ansicolor perl-module-posix perl-module-getopt-long perl-module-time-localtime perl-module-data-dumper perl-module-lib"
+RDEPENDS_${PN} = "perl perl-module-term-ansicolor perl-module-posix perl-module-getopt-long perl-module-time-localtime perl-module-data-dumper perl-module-lib net-tools coreutils gnupg pinentry"
-SRC_URI = "http://sourceforge.net/projects/buck-security/files/buck-security/buck-security_0.6/${PN}_${PV}.tar.gz"
+SRC_URI = "http://sourceforge.net/projects/buck-security/files/buck-security/buck-security_0.6/${PN}_${PV}.tar.gz \
+           file://functionality.patch"
 SRC_URI[md5sum] = "edbd40742853fc91ffeae5b2d9ea7bab"
 SRC_URI[sha256sum] = "5d5dcc58b09c3a4bd87f60f86bb62cd2b0bfd7106a474951f8f520af0042a5b7"
diff --git a/recipes-security/buck-security/files/functionality.patch b/recipes-security/buck-security/files/functionality.patch
new file mode 100644
index 0000000..86fbeee
--- /dev/null
+++ b/recipes-security/buck-security/files/functionality.patch
@@ -0,0 +1,38 @@
+From 216aed597b3f20692a9c9d74dae79fa73e36c75b Mon Sep 17 00:00:00 2001
+From: Andrei Dinu <andrei.adrianx.dinu@intel.com>
+Date: Thu, 1 Aug 2013 10:30:26 +0300
+Subject: [PATCH] added functionality
+ * removed sshd from the checks. When needed it can be added
+ in the file.
+ * added saving location for checksums.gpg file
+Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
+---
+ conf/buck-security.conf |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+diff --git a/conf/buck-security.conf b/conf/buck-security.conf
+index eb88982..f573aa8 100644
+--- a/conf/buck-security.conf
+++ b/conf/buck-security.conf
+@@ -27,7 +27,6 @@ usermask
+ superusers
+ services
+ firewall
+-sshd
+ packages_problematic
+ checksum
+ );
+@@ -48,7 +47,7 @@ $checksum_program = "sha256sum";
+ $checksum_dir = "/sbin/* /bin/* /usr/sbin/* /usr/bin/*";
+ 
+ 
+-$checksum_file = "checksums.gpg";
+$checksum_file = "/usr/bin/checksums.gpg";
+ 
+ 
+ 
+-- 
+1.7.9.5
diff --git a/recipes-security/pinentry/pinentry_0.8.3.bb b/recipes-security/pinentry/pinentry_0.8.3.bb
new file mode 100644
index 0000000..0043c23
--- /dev/null
+++ b/recipes-security/pinentry/pinentry_0.8.3.bb
@@ -0,0 +1,14 @@
+DESCRIPTION = "This is a collection of simple PIN or passphrase entry dialogs which utilize the Assuan protocol as described by the aegypten project"
+HOMEPAGE = "ftp://ftp.gnupg.org/gcrypt/"
+LICENSE = "GPL-2.0"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+DEPENDS = "glib-2.0 ncurses"
+SRC_URI = "ftp://ftp.gnupg.org/gcrypt/pinentry/${PN}-${PV}.tar.bz2"
+SRC_URI[md5sum] = "2ae681cbca0d9fb774b2c90b11ebf56c"
+SRC_URI[sha256sum] = "568b0b09b50b2388a4f94d704d5bcb28718ecd4654ed1acc43ab1f97d921a0ad"
+inherit autotools
+EXTRA_OECONF +="--disable-pinentry-gtk2 --disable-pinentry-qt --disable-pinentry-qt4 --without-x --enable-ncurses"
author	Andrei Dinu <andrei.adrianx.dinu@intel.com>	2013-08-01 10:52:33 +0300
committer	Andrei Dinu <andrei.adrianx.dinu@intel.com>	2013-08-01 10:52:33 +0300
commit	9534de459e6d48dd9809710e9ce6bf6712821237 (patch)
tree	439a47e7a5f6ff9d7d6d483e805f1ff5de57520c
parent	37a5e5d66f8ee1177caa49519dc201df11fa5373 (diff)
download	meta-security-9534de459e6d48dd9809710e9ce6bf6712821237.tar.gz

diff --git a/README b/README index 06f3948..c9549f9 100644 --- a/README +++ b/README
@@ -154,7 +154,14 @@ help for each package.
154	Buck-Security is a security scanner for Debian and Ubuntu Linux. It runs a couple of important checks and helps you to harden your Linux	154	Buck-Security is a security scanner for Debian and Ubuntu Linux. It runs a couple of important checks and helps you to harden your Linux
155	system. This enables you to quickly overview the security status of your Linux system.	155	system. This enables you to quickly overview the security status of your Linux system.
156		156
157	usage : switch to directory /usr/local/buck-security.	157	usage : !!! before starting to use this tool please run the following command: !!!
		158
		159	export GPG_TTY=`tty`
		160
		161	This command is needed for the usage of the comand --make-checksum, which creates
		162	a checksum for the files in the system.
		163
		164	switch to directory /usr/local/buck-security.
158	before running the script, you should check the activated checks in conf/buck-security.conf file.	165	before running the script, you should check the activated checks in conf/buck-security.conf file.
159	after altering the changes, save the file and simply run :	166	after altering the changes, save the file and simply run :
160		167


diff --git a/recipes-security/buck-security/buck-security_0.6.bb b/recipes-security/buck-security/buck-security_0.6.bb index 9d4f884..f58890f 100644 --- a/recipes-security/buck-security/buck-security_0.6.bb +++ b/recipes-security/buck-security/buck-security_0.6.bb
@@ -4,9 +4,10 @@ system. This enables you to quickly overview the security status of your Linux s
4	SECTION = "security"	4	SECTION = "security"
5	LICENSE = "GPL-2.0"	5	LICENSE = "GPL-2.0"
6	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"	6	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
7	RDEPENDS_${PN} = "perl perl-module-term-ansicolor perl-module-posix perl-module-getopt-long perl-module-time-localtime perl-module-data-dumper perl-module-lib"	7	RDEPENDS_${PN} = "perl perl-module-term-ansicolor perl-module-posix perl-module-getopt-long perl-module-time-localtime perl-module-data-dumper perl-module-lib net-tools coreutils gnupg pinentry"
8		8
9	SRC_URI = "http://sourceforge.net/projects/buck-security/files/buck-security/buck-security_0.6/${PN}_${PV}.tar.gz"	9	SRC_URI = "http://sourceforge.net/projects/buck-security/files/buck-security/buck-security_0.6/${PN}_${PV}.tar.gz \
		10	file://functionality.patch"
10		11
11	SRC_URI[md5sum] = "edbd40742853fc91ffeae5b2d9ea7bab"	12	SRC_URI[md5sum] = "edbd40742853fc91ffeae5b2d9ea7bab"
12	SRC_URI[sha256sum] = "5d5dcc58b09c3a4bd87f60f86bb62cd2b0bfd7106a474951f8f520af0042a5b7"	13	SRC_URI[sha256sum] = "5d5dcc58b09c3a4bd87f60f86bb62cd2b0bfd7106a474951f8f520af0042a5b7"


diff --git a/recipes-security/buck-security/files/functionality.patch b/recipes-security/buck-security/files/functionality.patch new file mode 100644 index 0000000..86fbeee --- /dev/null +++ b/recipes-security/buck-security/files/functionality.patch
@@ -0,0 +1,38 @@
		1	From 216aed597b3f20692a9c9d74dae79fa73e36c75b Mon Sep 17 00:00:00 2001
		2	From: Andrei Dinu <andrei.adrianx.dinu@intel.com>
		3	Date: Thu, 1 Aug 2013 10:30:26 +0300
		4	Subject: [PATCH] added functionality
		5
		6	* removed sshd from the checks. When needed it can be added
		7	in the file.
		8	* added saving location for checksums.gpg file
		9
		10	Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
		11	---
		12	conf/buck-security.conf \| 3 +--
		13	1 file changed, 1 insertion(+), 2 deletions(-)
		14
		15	diff --git a/conf/buck-security.conf b/conf/buck-security.conf
		16	index eb88982..f573aa8 100644
		17	--- a/conf/buck-security.conf
		18	+++ b/conf/buck-security.conf
		19	@@ -27,7 +27,6 @@ usermask
		20	superusers
		21	services
		22	firewall
		23	-sshd
		24	packages_problematic
		25	checksum
		26	);
		27	@@ -48,7 +47,7 @@ $checksum_program = "sha256sum";
		28	$checksum_dir = "/sbin/* /bin/* /usr/sbin/* /usr/bin/*";
		29
		30
		31	-$checksum_file = "checksums.gpg";
		32	+$checksum_file = "/usr/bin/checksums.gpg";
		33
		34
		35
		36	--
		37	1.7.9.5
		38


diff --git a/recipes-security/pinentry/pinentry_0.8.3.bb b/recipes-security/pinentry/pinentry_0.8.3.bb new file mode 100644 index 0000000..0043c23 --- /dev/null +++ b/recipes-security/pinentry/pinentry_0.8.3.bb
@@ -0,0 +1,14 @@
		1	DESCRIPTION = "This is a collection of simple PIN or passphrase entry dialogs which utilize the Assuan protocol as described by the aegypten project"
		2	HOMEPAGE = "ftp://ftp.gnupg.org/gcrypt/"
		3	LICENSE = "GPL-2.0"
		4	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
		5	DEPENDS = "glib-2.0 ncurses"
		6
		7	SRC_URI = "ftp://ftp.gnupg.org/gcrypt/pinentry/${PN}-${PV}.tar.bz2"
		8
		9	SRC_URI[md5sum] = "2ae681cbca0d9fb774b2c90b11ebf56c"
		10	SRC_URI[sha256sum] = "568b0b09b50b2388a4f94d704d5bcb28718ecd4654ed1acc43ab1f97d921a0ad"
		11
		12	inherit autotools
		13
		14	EXTRA_OECONF +="--disable-pinentry-gtk2 --disable-pinentry-qt --disable-pinentry-qt4 --without-x --enable-ncurses"