security layer updated work

Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
author: Andrei Dinu <andrei.adrianx.dinu@intel.com> 2013-07-01 16:45:26 +0300
committer: Andrei Dinu <andrei.adrianx.dinu@intel.com> 2013-07-01 16:45:26 +0300
commit: f359c35ab250c09e858d88b8b1aa872bb7d2cddd (patch)
tree: d535d9f471223e5bcd9cb4a0858a0dcaa06e41b7 /recipes-security/checksecurity
parent: 60d90b25631471e8193b3069c6a520ccf7c82008 (diff)
download: meta-security-f359c35ab250c09e858d88b8b1aa872bb7d2cddd.tar.gz
2 files changed, 57 insertions, 2 deletions
diff --git a/recipes-security/checksecurity/checksecurity_2.0.14.bb b/recipes-security/checksecurity/checksecurity_2.0.14.bb
index 951a3e6..72d6c64 100644
--- a/recipes-security/checksecurity/checksecurity_2.0.14.bb
+++ b/recipes-security/checksecurity/checksecurity_2.0.14.bb
@@ -1,9 +1,12 @@
-DESCRIPTION = "basic system security checks"
+SUMMARY = "basic system security checks"
+DESCRIPTION = "checksecurity is a simple package which will scan your system for several simple security holes."
 SECTION = "security"
 LICENSE = "GPL-2.0"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+RDEPENDS_${PN} = "perl env-perl perl-module-tie-array perl-module-getopt-long perl-module-file-glob util-linux findutils"
-SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz"
+SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz \
+           file://setuid-log-folder.patch"
 SRC_URI[md5sum] = "ad6cfe0cd66ebdd16dd5d4ee5fa8fa17"
 SRC_URI[sha256sum] = "a2bc2355358d6daf3cb72485d564e82cb541e8516f23b50522c816853ecd13c2"
diff --git a/recipes-security/checksecurity/files/setuid-log-folder.patch b/recipes-security/checksecurity/files/setuid-log-folder.patch
new file mode 100644
index 0000000..540ea9c
--- /dev/null
+++ b/recipes-security/checksecurity/files/setuid-log-folder.patch
@@ -0,0 +1,52 @@
+From 24dbeec135ff83f2fd35ef12fe9842f02d6fd337 Mon Sep 17 00:00:00 2001
+From: Andrei Dinu <andrei.adrianx.dinu@intel.com>
+Date: Thu, 20 Jun 2013 15:14:55 +0300
+Subject: [PATCH] changed log folder for check-setuid
+check-setuid was creating logs in /var/log directory,
+which cannot be created persistently. To avoid errors
+the log folder was changed to /etc/checksecurity/.
+Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
+---
+ etc/check-setuid.conf |    2 +-
+ plugins/check-setuid  |    6 +++---
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+diff --git a/etc/check-setuid.conf b/etc/check-setuid.conf
+index 621336f..e1532c0 100644
+--- a/etc/check-setuid.conf
+++ b/etc/check-setuid.conf
+@@ -116,4 +116,4 @@ CHECKSECURITY_PATHFILTER="-false"
+ #
+ # Location of setuid file databases. 
+ #
+-LOGDIR=/var/log/setuid
+LOGDIR=/etc/checksecurity/
+diff --git a/plugins/check-setuid b/plugins/check-setuid
+index 8d6f90b..bdb21c1 100755
+--- a/plugins/check-setuid
+++ b/plugins/check-setuid
+@@ -44,8 +44,8 @@ if [ `/usr/bin/id -u` != 0 ] ; then
+    exit 1
+ fi
+ 
+-TMPSETUID=${LOGDIR:=/var/log/setuid}/setuid.new.tmp
+-TMPDIFF=${LOGDIR:=/var/log/setuid}/setuid.diff.tmp
+TMPSETUID=${LOGDIR:=/etc/checksecurity/}/setuid.new.tmp
+TMPDIFF=${LOGDIR:=/etc/checksecurity/}/setuid.diff.tmp
+ 
+ #
+ # Check for NFS/AFS mounts that are not nosuid/nodev
+@@ -75,7 +75,7 @@ if [ "$CHECKSECURITY_NOFINDERRORS" = "TRUE" ] ; then
+ fi
+ 
+ # Guard against undefined vars
+-[ -z "$LOGDIR" ] && LOGDIR=/var/log/setuid
+[ -z "$LOGDIR" ] && LOGDIR=/etc/checksecurity/
+ if [ ! -e "$LOGDIR" ] ; then
+     echo "ERROR: Log directory $LOGDIR does not exist"
+     exit 1
+-- 
+1.7.9.5
author	Andrei Dinu <andrei.adrianx.dinu@intel.com>	2013-07-01 16:45:26 +0300
committer	Andrei Dinu <andrei.adrianx.dinu@intel.com>	2013-07-01 16:45:26 +0300
commit	f359c35ab250c09e858d88b8b1aa872bb7d2cddd (patch)
tree	d535d9f471223e5bcd9cb4a0858a0dcaa06e41b7 /recipes-security/checksecurity
parent	60d90b25631471e8193b3069c6a520ccf7c82008 (diff)
download	meta-security-f359c35ab250c09e858d88b8b1aa872bb7d2cddd.tar.gz

diff --git a/recipes-security/checksecurity/checksecurity_2.0.14.bb b/recipes-security/checksecurity/checksecurity_2.0.14.bb index 951a3e6..72d6c64 100644 --- a/recipes-security/checksecurity/checksecurity_2.0.14.bb +++ b/recipes-security/checksecurity/checksecurity_2.0.14.bb
@@ -1,9 +1,12 @@
1	DESCRIPTION = "basic system security checks"	1	SUMMARY = "basic system security checks"
		2	DESCRIPTION = "checksecurity is a simple package which will scan your system for several simple security holes."
2	SECTION = "security"	3	SECTION = "security"
3	LICENSE = "GPL-2.0"	4	LICENSE = "GPL-2.0"
4	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"	5	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
		6	RDEPENDS_${PN} = "perl env-perl perl-module-tie-array perl-module-getopt-long perl-module-file-glob util-linux findutils"
5		7
6	SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz"	8	SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz \
		9	file://setuid-log-folder.patch"
7		10
8	SRC_URI[md5sum] = "ad6cfe0cd66ebdd16dd5d4ee5fa8fa17"	11	SRC_URI[md5sum] = "ad6cfe0cd66ebdd16dd5d4ee5fa8fa17"
9	SRC_URI[sha256sum] = "a2bc2355358d6daf3cb72485d564e82cb541e8516f23b50522c816853ecd13c2"	12	SRC_URI[sha256sum] = "a2bc2355358d6daf3cb72485d564e82cb541e8516f23b50522c816853ecd13c2"


diff --git a/recipes-security/checksecurity/files/setuid-log-folder.patch b/recipes-security/checksecurity/files/setuid-log-folder.patch new file mode 100644 index 0000000..540ea9c --- /dev/null +++ b/recipes-security/checksecurity/files/setuid-log-folder.patch
@@ -0,0 +1,52 @@
		1	From 24dbeec135ff83f2fd35ef12fe9842f02d6fd337 Mon Sep 17 00:00:00 2001
		2	From: Andrei Dinu <andrei.adrianx.dinu@intel.com>
		3	Date: Thu, 20 Jun 2013 15:14:55 +0300
		4	Subject: [PATCH] changed log folder for check-setuid
		5
		6	check-setuid was creating logs in /var/log directory,
		7	which cannot be created persistently. To avoid errors
		8	the log folder was changed to /etc/checksecurity/.
		9
		10	Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
		11	---
		12	etc/check-setuid.conf \| 2 +-
		13	plugins/check-setuid \| 6 +++---
		14	2 files changed, 4 insertions(+), 4 deletions(-)
		15
		16	diff --git a/etc/check-setuid.conf b/etc/check-setuid.conf
		17	index 621336f..e1532c0 100644
		18	--- a/etc/check-setuid.conf
		19	+++ b/etc/check-setuid.conf
		20	@@ -116,4 +116,4 @@ CHECKSECURITY_PATHFILTER="-false"
		21	#
		22	# Location of setuid file databases.
		23	#
		24	-LOGDIR=/var/log/setuid
		25	+LOGDIR=/etc/checksecurity/
		26	diff --git a/plugins/check-setuid b/plugins/check-setuid
		27	index 8d6f90b..bdb21c1 100755
		28	--- a/plugins/check-setuid
		29	+++ b/plugins/check-setuid
		30	@@ -44,8 +44,8 @@ if [ `/usr/bin/id -u` != 0 ] ; then
		31	exit 1
		32	fi
		33
		34	-TMPSETUID=${LOGDIR:=/var/log/setuid}/setuid.new.tmp
		35	-TMPDIFF=${LOGDIR:=/var/log/setuid}/setuid.diff.tmp
		36	+TMPSETUID=${LOGDIR:=/etc/checksecurity/}/setuid.new.tmp
		37	+TMPDIFF=${LOGDIR:=/etc/checksecurity/}/setuid.diff.tmp
		38
		39	#
		40	# Check for NFS/AFS mounts that are not nosuid/nodev
		41	@@ -75,7 +75,7 @@ if [ "$CHECKSECURITY_NOFINDERRORS" = "TRUE" ] ; then
		42	fi
		43
		44	# Guard against undefined vars
		45	-[ -z "$LOGDIR" ] && LOGDIR=/var/log/setuid
		46	+[ -z "$LOGDIR" ] && LOGDIR=/etc/checksecurity/
		47	if [ ! -e "$LOGDIR" ] ; then
		48	echo "ERROR: Log directory $LOGDIR does not exist"
		49	exit 1
		50	--
		51	1.7.9.5
		52