diff options
Diffstat (limited to 'meta-hardening/README.md')
-rw-r--r-- | meta-hardening/README.md | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/meta-hardening/README.md b/meta-hardening/README.md new file mode 100644 index 0000000..191253c --- /dev/null +++ b/meta-hardening/README.md | |||
@@ -0,0 +1,86 @@ | |||
1 | # This is an example for Security hardening an OE or Poky image | ||
2 | |||
3 | |||
4 | Meta-hardening | ||
5 | ============= | ||
6 | |||
7 | This layer provides examples for hardening OE/Yocto images. | ||
8 | This layer does not provide 100% security protection. This is only | ||
9 | a framework from which a user can build from and can possible contribute to. | ||
10 | The goal here is to capture use cases and examples the community decided shares for | ||
11 | everyones benefit. | ||
12 | |||
13 | Building the meta-hardening layer | ||
14 | ------------------------------- | ||
15 | In order to add hardening support to the poky/OE build this layer should be added | ||
16 | to your projects bblayers.conf file. | ||
17 | |||
18 | By default the hardening components are disabled. This conforms to the | ||
19 | Yocto Project compatible guideline that indicate that simply including a | ||
20 | layer should not change the system behavior. | ||
21 | |||
22 | In order to use the components in this layer to take affect the 'harden' keyword must | ||
23 | set the DISTRO as in "DISTRO = harden". This enables the "NO ROOT access" idea or framework. | ||
24 | |||
25 | If one wants the a more complete example of a hardened image, one must also build the image: | ||
26 | harden-image-minimal | ||
27 | |||
28 | There are default example userid and passwards: | ||
29 | These can be over written in your local.conf via: | ||
30 | ROOT_DEFAULT_PASSWORD ?= "1SimplePw!" | ||
31 | DEFAULT_ADMIN_ACCOUNT ?= "myadmin" | ||
32 | |||
33 | example: | ||
34 | local.conf | ||
35 | DISTRO = "harden" | ||
36 | |||
37 | The default user and password are: | ||
38 | User: "myadmin" | ||
39 | Password: "1SimplePw!" | ||
40 | |||
41 | bitbake {qemu machine} harden-image-minimal | ||
42 | |||
43 | Dependencies | ||
44 | ============ | ||
45 | |||
46 | Branch: master | ||
47 | |||
48 | This layer depends on: | ||
49 | |||
50 | URI: git://git.yoctoproject.org/poky | ||
51 | |||
52 | or this normal combo: | ||
53 | |||
54 | URI: git://git.openembedded.org/meta-openembedded/meta-oe | ||
55 | |||
56 | URI: git://git.openembedded.org/bitbake | ||
57 | |||
58 | plus: | ||
59 | |||
60 | URI: git://git.openembedded.org/meta-openembedded | ||
61 | layers: meta-oe | ||
62 | |||
63 | |||
64 | Maintenance | ||
65 | ----------- | ||
66 | |||
67 | Send pull requests, patches, comments or questions to yocto@lists.yoctoproject.org | ||
68 | |||
69 | When sending single patches, please using something like: | ||
70 | 'git send-email -1 --to yocto@lists.yoctoproject.org --subject-prefix=meta-hardening][PATCH' | ||
71 | |||
72 | These values can be set as defaults for this repository: | ||
73 | |||
74 | $ git config sendemail.to yocto@lists.yoctoproject.org | ||
75 | $ git config format.subjectPrefix meta-hardening][PATCH | ||
76 | |||
77 | Now you can just do 'git send-email origin/master' to send all local patches. | ||
78 | |||
79 | Maintainers: Armin Kuster <akuster808@gmail.com> | ||
80 | |||
81 | License | ||
82 | ======= | ||
83 | |||
84 | All metadata is MIT licensed unless otherwise stated. Source code included | ||
85 | in tree for individual recipes is under the LICENSE stated in each recipe | ||
86 | (.bb file) unless otherwise stated. | ||