diff options
| -rw-r--r-- | README | 44 | ||||
| -rw-r--r-- | recipes-security/bastille/bastille_3.2.1.bb | 3 | ||||
| -rw-r--r-- | recipes-security/bastille/files/do_not_apply_config.patch | 40 |
3 files changed, 71 insertions, 16 deletions
@@ -43,22 +43,34 @@ help for each package. like rcp and rlogin, and helps create "chroot jails" that help limit the vulnerability of common Internet services like Web services and DNS. - usage : Bastille can be used via meta-security layer only in command line mode. - To start Bastille simply write in a terminal : - - bastille -c - - If this is the first usage of Bastille on the system, the user will be - guided through a list of questions which need to be answered. In the end, - a config file will be created and run. After these steps, you will have a - hardened system. - - If you only want to run the config file, without stepping through the - list of questions, simply write in a terminal : - - bastille -b - - More information can be found in the package readme and manual. + usage : The functionality of Bastille which is available is + restricted to a purely informational one. The command: + bastille -c --os Yocto + will cause a series of menus containing security questions + about the system to be displayed to the user. For each + question, a default response, specified in the configuration + file which is installed with Bastille, will be selected. + The user may select an alternate response. When the user + has completed the sequence of menus Bastille saves the + responses to the configuration file. + + The command: + bastille -l lists the configuration files that Bastille + is able to locate. + + The other functionality which Bastille is intended to provide + is actually unavailable. This is not due to errors in poky + installation or configuration of the application. The Bastille + distribution is no longer supported. Significant modifications + would be required to make it possible to make use of the + functionality which is currently unavailable. + + + Additional information about Bastille can be found in the package + README file and other documentation. + + Alternatives to Bastille include buck-security and checksecurity, + described elsewhere in this file. == redhat-security == diff --git a/recipes-security/bastille/bastille_3.2.1.bb b/recipes-security/bastille/bastille_3.2.1.bb index 1c924e7..06215a2 100644 --- a/recipes-security/bastille/bastille_3.2.1.bb +++ b/recipes-security/bastille/bastille_3.2.1.bb @@ -1,3 +1,5 @@ +#The functionality of Bastille that is actually available is restricted. Please +#consult the README file for the meta-security layer for additional information. SUMMARY = "Linux hardening tool" DESCRIPTION = "Bastille Linux is a Hardening and Reporting/Auditing Program which enhances the security of a Linux box, by configuring daemons, system settings and firewalling." LICENSE = "GPLv2" @@ -29,6 +31,7 @@ SRC_URI = "http://sourceforge.net/projects/bastille-linux/files/bastille-linux/3 file://allow_os_with_assess.patch \ file://edit_usage_message.patch \ file://organize_distro_discovery.patch \ + file://do_not_apply_config.patch \ " SRC_URI[md5sum] = "df803f7e38085aa5da79f85d0539f91b" diff --git a/recipes-security/bastille/files/do_not_apply_config.patch b/recipes-security/bastille/files/do_not_apply_config.patch new file mode 100644 index 0000000..574aa98 --- /dev/null +++ b/recipes-security/bastille/files/do_not_apply_config.patch @@ -0,0 +1,40 @@ +Upstream Status: Inappropriate [No upstream maintenance] + +Signed-off-by: Anne Mulhern <mulhern@yoctoproject.org> + +--- + +Index: Bastille/Bastille_Curses.pm +=================================================================== +--- Bastille.orig/Bastille_Curses.pm 2013-08-27 16:43:39.130959000 -0400 ++++ Bastille/Bastille_Curses.pm 2013-08-27 16:43:39.794959000 -0400 +@@ -83,11 +83,6 @@ + # Output answers to the script and display + &outputConfig; + +- # Run Bastille +- +- &Run_Bastille_with_Config; +- +- + # Display Credits + + open CREDITS,"/usr/share/Bastille/Credits"; +Index: Bastille/InteractiveBastille +=================================================================== +--- Bastille.orig/InteractiveBastille 2013-08-27 16:43:39.434959000 -0400 ++++ Bastille/InteractiveBastille 2013-08-27 17:18:55.758959000 -0400 +@@ -531,10 +531,10 @@ + " Please address bug reports and suggestions to jay\@bastille-linux.org\n" . + "\n"; + +- $InterfaceEndScreenDescription = "We will now implement the choices you have made here.\n\n" . ++ $InterfaceEndScreenDescription = "We will now record the choices you have made here.\n\n" . + "Answer NO if you want to go back and make changes!\n"; +- $InterfaceEndScreenQuestion = "Are you finished answering the questions, i.e. may we make the changes?"; +- $InterfaceEndScreenNoEpilogue = "Please use Back/Next buttons to move among the questions you wish to\nchange.\n\nChoose YES on this question later to implement your choices.\n"; ++ $InterfaceEndScreenQuestion = "Are you finished answering the questions, i.e. may we record the answers and exit?"; ++ $InterfaceEndScreenNoEpilogue = "Please use Back/Next buttons to move among the questions you wish to\nchange.\n\nChoose YES on this question later to record your choices.\n"; + require Bastille_Curses; + } elsif ($GLOBAL_AUDITONLY) { + |