aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README4
-rw-r--r--recipes-security/redhat-security/files/find-elf4tmp.sh8
-rw-r--r--recipes-security/redhat-security/files/rpm-chksec.sh2
-rw-r--r--recipes-security/redhat-security/redhat-security_1.0.bb2
4 files changed, 10 insertions, 6 deletions
diff --git a/README b/README
index e6449a1..06f3948 100644
--- a/README
+++ b/README
@@ -73,6 +73,10 @@ help for each package.
In this mode it will only give a summary result for the package. To find which files don't comply,
re-run using just the package name.
+ !!! WARNING !!! - in order to use this script you need to add to your conf/local.conf file the following lines:
+ IMAGE_ROOTFS_EXTRA_SPACE = "" - specifying the extra space of the image
+ IMAGE_FEATURES += "package management" - for the correct output of rpm -qa
+
- find-nodrop-groups.sh : This will scan a whole file system to see if a program makes calls to change UID
and GID without also calling setgroups or initgroups.
diff --git a/recipes-security/redhat-security/files/find-elf4tmp.sh b/recipes-security/redhat-security/files/find-elf4tmp.sh
index 8f39baa..3118a70 100644
--- a/recipes-security/redhat-security/files/find-elf4tmp.sh
+++ b/recipes-security/redhat-security/files/find-elf4tmp.sh
@@ -19,7 +19,7 @@ if [ $# -ge 2 ] ; then
echo "Usage: find_elf4tmp [directory]" 1>&2
exit 1
fi
-if [ ! -x /usr/bin/eu-strings ] ; then
+if [ ! -x /usr/bin/strings ] ; then
echo "Skipping due to missing /usr/bin/eu-strings utility"
exit 1
fi
@@ -49,7 +49,7 @@ do
# Get just the elf executables
testf=`echo $f | /usr/bin/file -n -f - 2>/dev/null | grep ELF`
if [ x"$testf" != "x" ] ; then
- test_res=`/usr/bin/eu-strings $f | /bin/grep '/tmp/' | /bin/egrep -v 'XX|/tmp/$|[ .,:]/tmp/'`
+ test_res=`/usr/bin/strings $f | /bin/grep '/tmp/' | /bin/egrep -v 'XX|/tmp/$|[ .,:]/tmp/'`
if [ x"$test_res" = "x" ] ; then
continue
fi
@@ -64,13 +64,13 @@ do
FOUND=1
# Get the package
- RPM=`/bin/rpm -qf --queryformat "%{NAME}-%{VERSION}" $f 2>/dev/null | /bin/grep -v 'not owned' | /bin/sort | /usr/bin/uniq`
+ RPM=`/bin/rpm -qf --queryformat "%{NAME}-%{VERSION}" $f 2>/dev/null | /bin/grep -v 'not owned' | /usr/bin/sort | /usr/bin/uniq`
if [ x"$RPM" = "x" ] ; then
RPM="<unowned>"
fi
# For each tmp string, output the line
- echo $test_res | /usr/bin/tr '\b' '\n' | /bin/awk 'NF >= 1 { printf "%-46s\t%-30s\t%s\n", f, r, $1 }' r=$RPM f=$f
+ echo $test_res | /usr/bin/tr '\b' '\n' | /usr/bin/awk 'NF >= 1 { printf "%-46s\t%-30s\t%s\n", f, r, $1 }' r=$RPM f=$f
fi
done
done
diff --git a/recipes-security/redhat-security/files/rpm-chksec.sh b/recipes-security/redhat-security/files/rpm-chksec.sh
index 983c218..a0e8bb1 100644
--- a/recipes-security/redhat-security/files/rpm-chksec.sh
+++ b/recipes-security/redhat-security/files/rpm-chksec.sh
@@ -242,7 +242,7 @@ if [ "$MODE" = "single" ] ; then
fi
# Skip the kernel as its special
-packages=`rpm -qa --queryformat "%{NAME}.%{ARCH}\n" | egrep -v 'kernel.|debuginfo.|.noarch|gpg-pubkey' | sort`
+packages=`rpm -qa | egrep -v 'kernel.|debuginfo.|.noarch|gpg-pubkey' | sort`
printf "%-50s %-5s %-4s %-14s" "PACKAGE" "RELRO" "PIE" "CLASS"
echo
for p in $packages
diff --git a/recipes-security/redhat-security/redhat-security_1.0.bb b/recipes-security/redhat-security/redhat-security_1.0.bb
index 134cefe..5f92696 100644
--- a/recipes-security/redhat-security/redhat-security_1.0.bb
+++ b/recipes-security/redhat-security/redhat-security_1.0.bb
@@ -5,7 +5,7 @@ LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
PR = "r0"
-RDEPENDS_${PN} = "file"
+RDEPENDS_${PN} = "file libcap-ng rpm rpmresolve procps findutils"
SRC_URI = "file://find-chroot-py.sh \
file://find-chroot.sh \