| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is necessary for cryptsetup starting from v2.8.0 which introduced
"[units]" in its output breaking the parsing of veritysetup output.
VERITY header information for image-poky-20250701085433.squashfs-zst.verity.
UUID: 5dc16c55-79b8-4988-9d79-900f8e143f98
Hash type: 1
Data blocks: 40091
Data block size: 4096 [bytes]
Hash blocks: 318
Hash block size: 4096 [bytes]
Hash algorithm: sha256
Salt: f670bf67a32f4f5a22e052d7bf84830f8d35ea24e2d52f585f6275207899153b
Root hash: a7eab55b7933e347650671611e4b2a10571f2a28a1fb0fc8eae409f7a0d86693
This extends the value filter to remove the "[units]" from the .env file,
while retaining compatibility to older cryptsetup releases.
Signed-off-by: Stephan Wurm <stephan.wurm@a-eberle.de>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add option to prevent memory mappings that are both writable and
executable.
https://www.freedesktop.org/software/systemd/man/255/systemd.exec.html#MemoryDenyWriteExecute=
Core Suricata developer:
https://github.com/jasonish/suricata-rpms/blob/a606a810325dd0a4f3ee45b2756b96bda28e590b/7.0/suricata-4.1.1-service.patch#L23
Fedora:
https://src.fedoraproject.org/rpms/suricata/c/cfb3b996f54d28018cd01f9c6b9ecb77e59f344d
Resolve SELinux AVC denial:
type=PROCTITLE proctitle=/usr/bin/suricata
-c /etc/suricata/suricata.yaml -i eth0
type=SYSCALL arch=aarch64 syscall=mprotect success=no
exit=EACCES(Permission denied) a0=0x7fffa7d04000 a1=0x4000
a2=PROT_READ|PROT_WRITE|PROT_EXEC a3=0x21 items=0 ppid=1 pid=283
auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root
sgid=root fsgid=root tty=(none) ses=unset comm=Suricata-Main
exe=/usr/bin/suricata subj=system_u:system_r:initrc_t:s0 key=(null)
type=AVC avc: denied { execmem } for pid=283 comm=Suricata-Main
scontext=system_u:system_r:initrc_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=process
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
| |
Release notes:
https://github.com/CISOfy/lynis/releases/tag/3.1.6
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
| |
Update kas configuration for CI to use whinlatter branch.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
| |
Changes to catch up with current kas and future-proof a bit:
* Update the kas configuration file versions to 19 to match kas 4.8.x.
* Change refspec to branch to remove deprecation warnings.
* Add quoting around URLs to match upstream examples.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
| |
Since clang is in openembedded-core now, meta-parsec no longer needs
meta-clang. Also updated maintainers in meta-parsec README.md since
it had previously been missed.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
jansson is required as of Suricata 5.0:
https://github.com/OISF/suricata/commit/e49c40428e1b9f7e5dcdb5857c3978d5cb859fd9
This is still required in the latest release:
https://github.com/OISF/suricata/blob/suricata-8.0.2/configure.ac#L828
On exclusion attempt:
[...]
| checking for jansson.h... no
| checking for json_dump_callback in -ljansson... no
|
| ERROR: Jansson is now required.
|
| Go get it from your distribution or from:
| http://www.digip.org/jansson/
|
| Ubuntu/Debian: apt install libjansson-dev
| CentOS: yum install jansson-devel
| Fedora: dnf install jansson-devel
|
| NOTE: The following config.log files may provide further information.
| NOTE: [...]/poky-whinlatter/build/tmp/work/cortexa57-poky-linux/suricata/7.0.13/sources/suricata-7.0.13/config.log
| ERROR: configure failed
| WARNING: exit code 1 from a shell command.
ERROR: Task ([...]/poky-whinlatter/layers/meta-security/recipes-ids/suricata/suricata_7.0.13.bb:do_configure) failed with exit code '1'
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
| |
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Default add in 3f95047ae1e1d ("suricata: package update to 2.0.8")
https://docs.suricata.io/en/suricata-8.0.1/upgrade.html#id7
As of 7.0, "NSS is no longer required. File hashing and JA3 can now be
used without the NSS compile time dependency."
Removed in 8.0:
https://github.com/OISF/suricata/blob/suricata-8.0.1/ChangeLog#L647
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
|
| |
|
|
|
|
|
|
| |
The openscap added PCRE2 library since 2023 [1]
[1] https://github.com/OpenSCAP/openscap/commit/cd1d4289581fa15527e516ddd07be814af7cba55
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
| |
|
|
|
|
|
| |
Switch back to the "stable" branch in SRC_URI now that upstream
has changed its branch maintenance model so it is indeed stable.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add UPSTREAM_CHECK_GITTAGREGEX to check the correct latest stable
verison.
Before the patch:
$ devtool latest-version scap-security-guide
INFO: Current version: 0.1.78
INFO: Latest version: 0.5.0
INFO: Latest version's commit: b0a1b1c3db40f5fe8610c43cbc391bde92cc78b6
After the patch:
$ devtool latest-version scap-security-guide
INFO: Current version: 0.1.78
INFO: Latest version: 0.1.78
INFO: Latest version's commit: f7d794851971087db77d4be8eeb716944a1aae21
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Inherit github-releases class to check the correct latest stable
verison.
Before the patch:
$ devtool latest-version sssd
INFO: Current version: 2.10.2
INFO: Latest version:
After the patch:
$ devtool latest-version sssd
INFO: Current version: 2.10.2
INFO: Latest version: 2.11.1
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add UPSTREAM_CHECK_URI to check the correct latest stable verison.
Before the patch:
$ devtool latest-version libmash
INFO: Current version: 0.9.9.9
INFO: Latest version:
After the patch:
$ devtool latest-version libmash
INFO: Current version: 0.9.9.9
INFO: Latest version: 0.9.9.9
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add modern ClamAV 1.4.3 recipe with comprehensive improvements over
the legacy 0.104.4 version. Remove the end-of-life 0.104.4 recipe and
associated patches as they are superseded by this version.
Major changes in 1.4.3:
- Upgraded core engine with improved threat detection capabilities
- Added Rust components requiring cross-compilation support
- Updated CMake build system replacing legacy autotools
- Modernized library dependencies (LLVM, JSON-C, PCre2)
- Added comprehensive license compliance for multi-component package
- Enhanced cross-compilation support for all target architectures
The recipe includes dynamic Cargo configuration using Yocto variables
to support cross-compilation to any target architecture supported by
the build system.
Runtime configuration improvements:
- Set APP_CONFIG_DIRECTORY to ${sysconfdir}/clamav for proper config paths
- Added volatiles/tmpfiles support for /var/lib/clamav and /var/log/clamav
- Added pkg_postinst scripts to ensure correct directory ownership
- Implemented CMake cache variables for cross-compilation
- Updated all license checksums for compliance
- Added Rust toolchain integration with automatic environment setup
- Use Cargo vendoring with cargo + cargo-update-recipe-crates classes
Security rationale:
- ClamAV 0.104.4 reached end-of-life and is no longer maintained
- Upstream strongly recommends migration to 1.4.x for security updates
Signed-off-by: Hemant Jadhav <hemant.jadhav@emerson.com>
(regenerated diff, fixed building with systemd,
fixed target Rust configuration, disabled for 32-bit targets)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
| |
Release notes:
https://suricata.io/2025/11/06/suricata-8-0-2-and-7-0-13-released/
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add UPSTREAM_CHECK_GITTAGREGEX to check the correct latest stable
verison.
Before the patch:
$ devtool latest-version libgssglue
INFO: Current version: 0.9
INFO: Latest version: 011
INFO: Latest version's commit: af30789052a8cc5f86b5b0c8fd4758c7ba1505ff
After the patch:
$ devtool latest-version libgssglue
INFO: Current version: 0.9
INFO: Latest version: 0.9
INFO: Latest version's commit: ada76bdaec665f70505f0b3aefe871b873e7c4b6
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add basic openscap test. This looks for an existing profile and run a basic scan.
Openscap scans return 1 in case of failure, 0 in case of success and 2 when a
vulnerability has been found. As this does not aim to check openscap reports, 2 is
considered as a successful test.
Signed-off-by: Louis Rannou <louis.rannou@non.se.com>
(added to test image)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
| |
Fixes:
- typo in the RDEPENDS class-target override ('-' instead of ':')
- typo SUMARRY -> SUMMARY
Signed-off-by: Louis Rannou <louis.rannou@non.se.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
| |
The original homepage is outdated.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.78
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/OpenSCAP/openscap/releases/tag/1.4.2
Disable building on musl as scap-security-guide already does.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
| |
It was pointed out that the recipe was wrongly doing
FILESEXTRAPATHS:append, but on inspection the recipe does
not need it at all, so just remove.
Reported-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also update libhtp to required version 0.5.52.
See suricata release notes for more details about changes and
CVEs fixed:
https://suricata.io/2024/02/08/suricata-7-0-3-and-6-0-16-released/
https://suricata.io/2024/03/19/suricata-7-0-4-and-6-0-17-released/
https://suricata.io/2024/04/23/suricata-7-0-5-and-6-0-19-released/
https://suricata.io/2024/06/27/suricata-7-0-6-and-6-0-20-released/
https://suricata.io/2024/10/01/suricata-7-0-7-released/
https://suricata.io/2024/12/12/suricata-7-0-8-released/
https://suricata.io/2025/03/18/suricata-7-0-9-released/
https://suricata.io/2025/07/08/suricata-7-0-11-released/
https://suricata.io/2025/09/16/suricata-8-0-1-and-7-0-12-released/
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
In Yocto, there is only one Python interpreter (python3), and the
auto-generated "fail2ban-python" symlink is not used. To ensure
all installed scripts can run correctly, replace the shebang line
from "#!/usr/bin/env fail2ban-python" to "#!/usr/bin/env python3"
during installation.
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
|
| |
|
|
|
|
|
| |
Follow Yocto policy to add CVE tag to CVE patch
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Convert fail2ban-testcases output to follow Automake-compatible format
(PASS:/FAIL:) so that ptest-runner can correctly parse and
report test results.
root@intel-x86-64:~# ptest-runner python3-fail2ban -t 300
START: ptest-runner
2025-09-22T07:57
BEGIN: /usr/lib64/python3-fail2ban/ptest
Fail2ban 1.1.1.dev1 test suite. Python 3.12.11 (main, Jun 3 2025, 15:41:47) [GCC 13.4.0]. Please wait...
I: Skipping smtp tests: No module named 'smtpd'
I: Skipping SSL smtp tests: No module named 'aiosmtpd'
PASS: fail2ban.tests.servertestcase.Transmitter.testAction
PASS: fail2ban.tests.servertestcase.Transmitter.testAddJail
PASS: fail2ban.tests.servertestcase.Transmitter.testDatabase
PASS: fail2ban.tests.servertestcase.Transmitter.testDatePattern
PASS: fail2ban.tests.servertestcase.Transmitter.testGetNOK
PASS: fail2ban.tests.servertestcase.Transmitter.testJailAttemptIP
PASS: fail2ban.tests.servertestcase.Transmitter.testJailBanIP
...
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testBanTimeIncr
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testFlushLogs
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testLogLevel
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testLogTarget
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testLogTargetSYSLOG
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testSyslogSocket
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testSyslogSocketNOK
============================================================================
Testsuite summary
DURATION: 48
END: /usr/lib64/python3-fail2ban/ptest
2025-09-22T07:58
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
|
| |
|
|
|
|
|
| |
Replace poky repository configuration with separate bitbake,
openembedded-core, and meta-poky repository configurations.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
| |
To avoid confusion, remove stray aircrack-ng entry as it is actually
in the main layer and not meta-tpm.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changes:
- Add libmhash and libgssglue so they will get tested by CI.
- Switch to MACHINE_ARCH to facilitate the above, but it makes sense
anyway due to all the machine overrides used in the packagegroup
definition.
- Add the recently added python3-suricata-update so it will get
tested by CI.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
| |
Remove the paxctl recipe since it has seemingly been broken for a
while without anyone noticing, and there likely have been no actual
users since grsecurity stopped doing public releases in 2017.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
| |
Remove the libest recipe since it has been disabled since November
2021, and upstream has shown no activity since 2022.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
| |
Remove the tripwire recipe since it has been disabled since May 2021,
and upstream has shown no activity since 2018.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
| |
GCC 15 switched to C23 by default, which libmhash does not yet support.
So keep using C17.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
suricata has "--disable-suricata-update"
Original add: caaeb67863a6 ("suricata-update: add package to pull rules")
Suricata dropped: 7a1691c03726 ("suricata: Drop 4.1.x its EOL")
Not readded: 818a8646a689 ("suricata: rust is in core")
*Changes*
1.2.1 -> 1.3.6
Drop period and trailing space in SUMMARY value
Drop now-redundant "S"
Use HTTPS protocol for SRC_URI
LICENSE "GPLv2" -> "GPL-2.0-only"
Add "python3-shell" RDEPENDS to resolve:
ModuleNotFoundError: No module named 'shlex'
Basic target testing:
root@beaglebone-yocto:~# suricata-update
22/9/2025 -- 04:06:23 - <Info> -- Using data-directory /var/lib/suricata.
22/9/2025 -- 04:06:23 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
22/9/2025 -- 04:06:23 - <Info> -- Using /usr/share/suricata/rules for Suricata provided rules.
22/9/2025 -- 04:06:23 - <Info> -- Found Suricata version 7.0.0 at /bin/suricata.
22/9/2025 -- 04:06:23 - <Info> -- Loading /etc/suricata/suricata.yaml
22/9/2025 -- 04:06:23 - <Info> -- Disabling rules for protocol pgsql
22/9/2025 -- 04:06:23 - <Info> -- Disabling rules for protocol modbus
22/9/2025 -- 04:06:23 - <Info> -- Disabling rules for protocol dnp3
22/9/2025 -- 04:06:23 - <Info> -- Disabling rules for protocol enip
22/9/2025 -- 04:06:23 - <Info> -- No sources configured, will use Emerging Threats Open
22/9/2025 -- 04:06:23 - <Info> -- Fetching https://rules.emergingthreats.net/open/suricata-7.0.0/emerging.rules.tar.gz.
100% - 5102134/5102134
22/9/2025 -- 04:06:24 - <Info> -- Done.
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/app-layer-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/decoder-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dhcp-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dnp3-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dns-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/files.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http2-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ipsec-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/kerberos-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/modbus-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/mqtt-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/nfs-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ntp-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/quic-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/rfb-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smb-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smtp-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ssh-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/stream-events.rules
22/9/2025 -- 04:06:25 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/tls-events.rules
22/9/2025 -- 04:06:27 - <Info> -- Ignoring file ba1345f233851ca2df4d905ea4b386d2/rules/emerging-deleted.rules
22/9/2025 -- 04:06:57 - <Info> -- Loaded 61205 rules.
22/9/2025 -- 04:07:02 - <Info> -- Disabled 14 rules.
22/9/2025 -- 04:07:02 - <Info> -- Enabled 0 rules.
22/9/2025 -- 04:07:02 - <Info> -- Modified 0 rules.
22/9/2025 -- 04:07:02 - <Info> -- Dropped 0 rules.
22/9/2025 -- 04:07:03 - <Info> -- Enabled 136 rules for flowbit dependencies.
22/9/2025 -- 04:07:03 - <Info> -- Creating directory /var/lib/suricata/rules.
22/9/2025 -- 04:07:03 - <Info> -- Backing up current rules.
22/9/2025 -- 04:07:03 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 61205; enabled: 45406; added: 61205; removed 0; modified: 0
22/9/2025 -- 04:07:06 - <Info> -- Writing /var/lib/suricata/rules/classification.config
22/9/2025 -- 04:07:07 - <Info> -- Testing with suricata -T.
22/9/2025 -- 04:07:57 - <Info> -- Done.
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://docs.yoctoproject.org/dev/ref-manual/variables.html#term-SYSTEMD_SERVICE
Before:
root@beaglebone-yocto:~# systemctl status suricata
* suricata.service - Suricata IDS/IDP daemon
Loaded: loaded (/usr/lib/systemd/system/suricata.service; disabled; preset: disabled)
Active: inactive (dead)
Docs: man:suricata(8)
man:suricatasc(8)
https://redmine.openinfosecfoundation.org/projects/suricata/wiki
After:
root@beaglebone-yocto:~# systemctl status suricata
* suricata.service - Suricata IDS/IDP daemon
Loaded: loaded (/usr/lib/systemd/system/suricata.service; enabled; preset: enabled)
Active: active (running) since Mon 2025-09-22 04:05:08 UTC; 20s ago
Invocation: 8cfeb29631f443f0830bffeb00975931
Docs: man:suricata(8)
man:suricatasc(8)
https://redmine.openinfosecfoundation.org/projects/suricata/wiki
Main PID: 268 (Suricata-Main)
Tasks: 7 (limit: 4915)
Memory: 36.8M (peak: 37M)
CPU: 2.222s
CGroup: /system.slice/suricata.service
`-268 /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0
Sep 22 04:05:08 beaglebone-yocto systemd[1]: Started Suricata IDS/IDP daemon.
Sep 22 04:05:09 beaglebone-yocto suricata[268]: i: suricata: This is Suricata version 7.0.0 RELEASE running in SYSTEM mode
Sep 22 04:05:10 beaglebone-yocto suricata[268]: W: detect: No rule files match the pattern /var/lib/suricata/rules/suricata.rules
Sep 22 04:05:10 beaglebone-yocto suricata[268]: W: detect: 1 rule files specified, but no rules were loaded!
Sep 22 04:05:10 beaglebone-yocto suricata[268]: i: threads: Threads created -> W: 1 FM: 1 FR: 1 Engine started.
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to latest git rev as the current version doesn't work with
OpenSSH 9.8+[1].
Ptest result:
$ ptest-runner python3-fail2ban
START: ptest-runner
2025-09-21T12:45
BEGIN: /usr/lib64/python3-fail2ban/ptest
Ran 538 tests in 13.045s
OK (skipped=3)
DURATION: 14
END: /usr/lib64/python3-fail2ban/ptest
2025-09-21T12:46
STOP: ptest-runner
TOTAL: 1 FAIL: 0
[1] https://github.com/fail2ban/fail2ban/commit/2fed408c05ac5206b490368d94599869bd6a056d
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix ptest failures by backporting patches and updating test case config
files.
Before the patch:
$ ptest-runner python3-fail2ban
START: ptest-runner
2025-09-11T15:42
BEGIN: /usr/lib64/python3-fail2ban/ptest
<snip>
Ran 524 tests in 23.023s
FAILED (failures=5, errors=7, skipped=3)
DURATION: 24
END: /usr/lib64/python3-fail2ban/ptest
2025-09-11T15:42
STOP: ptest-runner
TOTAL: 1 FAIL: 1
After the patch:
$ ptest-runner python3-fail2ban
START: ptest-runner
2025-09-11T15:59
BEGIN: /usr/lib64/python3-fail2ban/ptest
<snip>
Ran 524 tests in 25.982s
OK (skipped=3)
DURATION: 27
END: /usr/lib64/python3-fail2ban/ptest
2025-09-11T15:59
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
| |
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
|
|
|
|
|
|
| |
The 1.13.16 version does not work on the kernel 6.16 for now [1].
Disable when waiting for the fix.
[1] https://github.com/chipsec/chipsec/issues/2563
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
|
|
|
|
| |
Update from 1.9.1 (October 2022) to the latest 1.x release, 1.13.16.
Changelog: https://github.com/chipsec/chipsec/releases
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
|
|
|
| |
Move to fetching from GitHub hashes to avoid issues at releases,
when the last-recent release changes place.
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tested on master (whinlatter) with beaglebone-yocto
New in version 3.1.5 (2025-07-29):
https://cisofy.com/changelog/lynis/#315
Added:
- Support for OpenWrt
- Bitdefender detection on Linux
- Detection of openSUSE Tumbleweed-Slowroll
Changed:
- Corrected detection of service manager SMF
- Extended GetHostID function to allow HostID and HostID2 creation on OpenWrt
- Check modules also under /usr/lib/modules.d
Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com>
|
| |
|
|
| |
Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com>
|
| |
|
|
|
|
|
| |
There is no hint of libgcrypt in the upstream code and distro packages
like Debian and Fedora do not have this dependency either.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
suricata.yaml references these configs
Resolve:
<Warning> -- could not open: "/etc/suricata/classification.config": No
such file or directory
<Error> -- please check the "classification-file" option in your
suricata.yaml file
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jason Schonberg <schonm@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add whitespaces when assigning variables in kas cofiguration.
We were getting:
WARNING: ... has a lack of whitespace around the assignment: 'BB_NUMBER_THREADS="24"'
WARNING: ... has a lack of whitespace around the assignment: 'BB_NUMBER_PARSE_THREADS="12"'
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
|
|
|
| |
Aide currently doesn't compile with musl because of copied getopt prototypes
and implementation.
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|
| |
|
|
| |
Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
|