diff options
author | Andrei Dinu <andrei.adrianx.dinu@intel.com> | 2013-07-01 16:45:26 +0300 |
---|---|---|
committer | Andrei Dinu <andrei.adrianx.dinu@intel.com> | 2013-07-01 16:45:26 +0300 |
commit | f359c35ab250c09e858d88b8b1aa872bb7d2cddd (patch) | |
tree | d535d9f471223e5bcd9cb4a0858a0dcaa06e41b7 /recipes-security/checksecurity | |
parent | 60d90b25631471e8193b3069c6a520ccf7c82008 (diff) | |
download | meta-security-f359c35ab250c09e858d88b8b1aa872bb7d2cddd.tar.gz |
security layer updated work
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Diffstat (limited to 'recipes-security/checksecurity')
-rw-r--r-- | recipes-security/checksecurity/checksecurity_2.0.14.bb | 7 | ||||
-rw-r--r-- | recipes-security/checksecurity/files/setuid-log-folder.patch | 52 |
2 files changed, 57 insertions, 2 deletions
diff --git a/recipes-security/checksecurity/checksecurity_2.0.14.bb b/recipes-security/checksecurity/checksecurity_2.0.14.bb index 951a3e6..72d6c64 100644 --- a/recipes-security/checksecurity/checksecurity_2.0.14.bb +++ b/recipes-security/checksecurity/checksecurity_2.0.14.bb | |||
@@ -1,9 +1,12 @@ | |||
1 | DESCRIPTION = "basic system security checks" | 1 | SUMMARY = "basic system security checks" |
2 | DESCRIPTION = "checksecurity is a simple package which will scan your system for several simple security holes." | ||
2 | SECTION = "security" | 3 | SECTION = "security" |
3 | LICENSE = "GPL-2.0" | 4 | LICENSE = "GPL-2.0" |
4 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" | 5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" |
6 | RDEPENDS_${PN} = "perl env-perl perl-module-tie-array perl-module-getopt-long perl-module-file-glob util-linux findutils" | ||
5 | 7 | ||
6 | SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz" | 8 | SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz \ |
9 | file://setuid-log-folder.patch" | ||
7 | 10 | ||
8 | SRC_URI[md5sum] = "ad6cfe0cd66ebdd16dd5d4ee5fa8fa17" | 11 | SRC_URI[md5sum] = "ad6cfe0cd66ebdd16dd5d4ee5fa8fa17" |
9 | SRC_URI[sha256sum] = "a2bc2355358d6daf3cb72485d564e82cb541e8516f23b50522c816853ecd13c2" | 12 | SRC_URI[sha256sum] = "a2bc2355358d6daf3cb72485d564e82cb541e8516f23b50522c816853ecd13c2" |
diff --git a/recipes-security/checksecurity/files/setuid-log-folder.patch b/recipes-security/checksecurity/files/setuid-log-folder.patch new file mode 100644 index 0000000..540ea9c --- /dev/null +++ b/recipes-security/checksecurity/files/setuid-log-folder.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From 24dbeec135ff83f2fd35ef12fe9842f02d6fd337 Mon Sep 17 00:00:00 2001 | ||
2 | From: Andrei Dinu <andrei.adrianx.dinu@intel.com> | ||
3 | Date: Thu, 20 Jun 2013 15:14:55 +0300 | ||
4 | Subject: [PATCH] changed log folder for check-setuid | ||
5 | |||
6 | check-setuid was creating logs in /var/log directory, | ||
7 | which cannot be created persistently. To avoid errors | ||
8 | the log folder was changed to /etc/checksecurity/. | ||
9 | |||
10 | Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> | ||
11 | --- | ||
12 | etc/check-setuid.conf | 2 +- | ||
13 | plugins/check-setuid | 6 +++--- | ||
14 | 2 files changed, 4 insertions(+), 4 deletions(-) | ||
15 | |||
16 | diff --git a/etc/check-setuid.conf b/etc/check-setuid.conf | ||
17 | index 621336f..e1532c0 100644 | ||
18 | --- a/etc/check-setuid.conf | ||
19 | +++ b/etc/check-setuid.conf | ||
20 | @@ -116,4 +116,4 @@ CHECKSECURITY_PATHFILTER="-false" | ||
21 | # | ||
22 | # Location of setuid file databases. | ||
23 | # | ||
24 | -LOGDIR=/var/log/setuid | ||
25 | +LOGDIR=/etc/checksecurity/ | ||
26 | diff --git a/plugins/check-setuid b/plugins/check-setuid | ||
27 | index 8d6f90b..bdb21c1 100755 | ||
28 | --- a/plugins/check-setuid | ||
29 | +++ b/plugins/check-setuid | ||
30 | @@ -44,8 +44,8 @@ if [ `/usr/bin/id -u` != 0 ] ; then | ||
31 | exit 1 | ||
32 | fi | ||
33 | |||
34 | -TMPSETUID=${LOGDIR:=/var/log/setuid}/setuid.new.tmp | ||
35 | -TMPDIFF=${LOGDIR:=/var/log/setuid}/setuid.diff.tmp | ||
36 | +TMPSETUID=${LOGDIR:=/etc/checksecurity/}/setuid.new.tmp | ||
37 | +TMPDIFF=${LOGDIR:=/etc/checksecurity/}/setuid.diff.tmp | ||
38 | |||
39 | # | ||
40 | # Check for NFS/AFS mounts that are not nosuid/nodev | ||
41 | @@ -75,7 +75,7 @@ if [ "$CHECKSECURITY_NOFINDERRORS" = "TRUE" ] ; then | ||
42 | fi | ||
43 | |||
44 | # Guard against undefined vars | ||
45 | -[ -z "$LOGDIR" ] && LOGDIR=/var/log/setuid | ||
46 | +[ -z "$LOGDIR" ] && LOGDIR=/etc/checksecurity/ | ||
47 | if [ ! -e "$LOGDIR" ] ; then | ||
48 | echo "ERROR: Log directory $LOGDIR does not exist" | ||
49 | exit 1 | ||
50 | -- | ||
51 | 1.7.9.5 | ||
52 | |||