diff options
-rw-r--r-- | README | 9 | ||||
-rw-r--r-- | recipes-security/buck-security/buck-security_0.6.bb | 5 | ||||
-rw-r--r-- | recipes-security/buck-security/files/functionality.patch | 38 | ||||
-rw-r--r-- | recipes-security/pinentry/pinentry_0.8.3.bb | 14 |
4 files changed, 63 insertions, 3 deletions
@@ -154,7 +154,14 @@ help for each package. Buck-Security is a security scanner for Debian and Ubuntu Linux. It runs a couple of important checks and helps you to harden your Linux system. This enables you to quickly overview the security status of your Linux system. - usage : switch to directory /usr/local/buck-security. + usage : !!! before starting to use this tool please run the following command: !!! + + export GPG_TTY=`tty` + + This command is needed for the usage of the comand --make-checksum, which creates + a checksum for the files in the system. + + switch to directory /usr/local/buck-security. before running the script, you should check the activated checks in conf/buck-security.conf file. after altering the changes, save the file and simply run : diff --git a/recipes-security/buck-security/buck-security_0.6.bb b/recipes-security/buck-security/buck-security_0.6.bb index 9d4f884..f58890f 100644 --- a/recipes-security/buck-security/buck-security_0.6.bb +++ b/recipes-security/buck-security/buck-security_0.6.bb @@ -4,9 +4,10 @@ system. This enables you to quickly overview the security status of your Linux s SECTION = "security" LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" -RDEPENDS_${PN} = "perl perl-module-term-ansicolor perl-module-posix perl-module-getopt-long perl-module-time-localtime perl-module-data-dumper perl-module-lib" +RDEPENDS_${PN} = "perl perl-module-term-ansicolor perl-module-posix perl-module-getopt-long perl-module-time-localtime perl-module-data-dumper perl-module-lib net-tools coreutils gnupg pinentry" -SRC_URI = "http://sourceforge.net/projects/buck-security/files/buck-security/buck-security_0.6/${PN}_${PV}.tar.gz" +SRC_URI = "http://sourceforge.net/projects/buck-security/files/buck-security/buck-security_0.6/${PN}_${PV}.tar.gz \ + file://functionality.patch" SRC_URI[md5sum] = "edbd40742853fc91ffeae5b2d9ea7bab" SRC_URI[sha256sum] = "5d5dcc58b09c3a4bd87f60f86bb62cd2b0bfd7106a474951f8f520af0042a5b7" diff --git a/recipes-security/buck-security/files/functionality.patch b/recipes-security/buck-security/files/functionality.patch new file mode 100644 index 0000000..86fbeee --- /dev/null +++ b/recipes-security/buck-security/files/functionality.patch @@ -0,0 +1,38 @@ +From 216aed597b3f20692a9c9d74dae79fa73e36c75b Mon Sep 17 00:00:00 2001 +From: Andrei Dinu <andrei.adrianx.dinu@intel.com> +Date: Thu, 1 Aug 2013 10:30:26 +0300 +Subject: [PATCH] added functionality + + * removed sshd from the checks. When needed it can be added + in the file. + * added saving location for checksums.gpg file + +Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> +--- + conf/buck-security.conf | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/conf/buck-security.conf b/conf/buck-security.conf +index eb88982..f573aa8 100644 +--- a/conf/buck-security.conf ++++ b/conf/buck-security.conf +@@ -27,7 +27,6 @@ usermask + superusers + services + firewall +-sshd + packages_problematic + checksum + ); +@@ -48,7 +47,7 @@ $checksum_program = "sha256sum"; + $checksum_dir = "/sbin/* /bin/* /usr/sbin/* /usr/bin/*"; + + +-$checksum_file = "checksums.gpg"; ++$checksum_file = "/usr/bin/checksums.gpg"; + + + +-- +1.7.9.5 + diff --git a/recipes-security/pinentry/pinentry_0.8.3.bb b/recipes-security/pinentry/pinentry_0.8.3.bb new file mode 100644 index 0000000..0043c23 --- /dev/null +++ b/recipes-security/pinentry/pinentry_0.8.3.bb @@ -0,0 +1,14 @@ +DESCRIPTION = "This is a collection of simple PIN or passphrase entry dialogs which utilize the Assuan protocol as described by the aegypten project" +HOMEPAGE = "ftp://ftp.gnupg.org/gcrypt/" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" +DEPENDS = "glib-2.0 ncurses" + +SRC_URI = "ftp://ftp.gnupg.org/gcrypt/pinentry/${PN}-${PV}.tar.bz2" + +SRC_URI[md5sum] = "2ae681cbca0d9fb774b2c90b11ebf56c" +SRC_URI[sha256sum] = "568b0b09b50b2388a4f94d704d5bcb28718ecd4654ed1acc43ab1f97d921a0ad" + +inherit autotools + +EXTRA_OECONF +="--disable-pinentry-gtk2 --disable-pinentry-qt --disable-pinentry-qt4 --without-x --enable-ncurses" |