diff options
Diffstat (limited to 'recipes-compliance')
5 files changed, 220 insertions, 0 deletions
diff --git a/recipes-compliance/lynis/lynis_3.1.1.bb b/recipes-compliance/lynis/lynis_3.1.1.bb new file mode 100644 index 0000000..b69f4df --- /dev/null +++ b/recipes-compliance/lynis/lynis_3.1.1.bb @@ -0,0 +1,42 @@ +# Copyright (C) 2017 Armin Kuster <akuster808@gmail.com> +# Released under the MIT license (see COPYING.MIT for the terms) + +SUMMARY = "Lynis is a free and open source security and auditing tool." +HOMEDIR = "https://cisofy.com/" +LICENSE = "GPL-3.0-only" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3edd6782854304fd11da4975ab9799c1" + +SRC_URI = "https://downloads.cisofy.com/lynis/${BPN}-${PV}.tar.gz" + +SRC_URI[sha256sum] = "d72f4ee7325816bb8dbfcf31eb104207b9fe58a2493c2a875373746a71284cc3" + +#UPSTREAM_CHECK = "https://downloads.cisofy.com/lynis" + +S = "${WORKDIR}/${BPN}" + +inherit autotools-brokensep + +do_compile[noexec] = "1" +do_configure[noexec] = "1" + +do_install () { + install -d ${D}/${bindir} + install -d ${D}/${sysconfdir}/lynis + install -m 555 ${S}/lynis ${D}/${bindir} + + install -d ${D}/${datadir}/lynis/db + install -d ${D}/${datadir}/lynis/plugins + install -d ${D}/${datadir}/lynis/include + install -d ${D}/${datadir}/lynis/extras + + cp -r ${S}/db/* ${D}/${datadir}/lynis/db/. + cp -r ${S}/plugins/* ${D}/${datadir}/lynis/plugins/. + cp -r ${S}/include/* ${D}/${datadir}/lynis/include/. + cp -r ${S}/extras/* ${D}/${datadir}/lynis/extras/. + cp ${S}/*.prf ${D}/${sysconfdir}/lynis +} + +FILES:${PN} += "${sysconfdir}/developer.prf ${sysconfdir}/default.prf" +FILES:${PN}-doc += "lynis.8 FAQ README CHANGELOG.md CONTRIBUTIONS.md CONTRIBUTORS.md" + +RDEPENDS:${PN} += "procps findutils coreutils iproute2-ip iproute2-ss net-tools" diff --git a/recipes-compliance/openscap/openscap_1.3.9.bb b/recipes-compliance/openscap/openscap_1.3.9.bb new file mode 100644 index 0000000..b35ce9f --- /dev/null +++ b/recipes-compliance/openscap/openscap_1.3.9.bb @@ -0,0 +1,76 @@ +# Copyright (C) 2017 - 2023 Armin Kuster <akuster808@gmail.com> +# Released under the MIT license (see COPYING.MIT for the terms) + +SUMARRY = "NIST Certified SCAP 1.2 toolkit" +HOME_URL = "https://www.open-scap.org/tools/openscap-base/" +LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" +LICENSE = "LGPL-2.1-only" + +DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig libpcre xmlsec1" +DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native libpcre-native xmlsec1-native" + +#March 18th, 2024 +SRCREV = "0e7f654570971c1acee6dd3f34b17121372d6152" +SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https " + +S = "${WORKDIR}/git" + +inherit cmake pkgconfig python3native python3targetconfig perlnative systemd + +PACKAGECONFIG ?= "python3 rpm perl gcrypt ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" +PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=ON, ,python3, python3" +PACKAGECONFIG[perl] = "-DENABLE_PERL=ON, ,perl, perl" +PACKAGECONFIG[rpm] = "-DENABLE_OSCAP_UTIL_AS_RPM=ON, ,rpm, rpm" +PACKAGECONFIG[gcrypt] = "-DWITH_CRYPTO=gcrypt, ,libgcrypt" +PACKAGECONFIG[nss3] = "-DWITH_CRYPTO=nss3, ,nss" +PACKAGECONFIG[selinux] = ", ,libselinux" +PACKAGECONFIG[remdediate_service] = "-DENABLE_OSCAP_REMEDIATE_SERVICE=ON,-DENABLE_OSCAP_REMEDIATE_SERVICE=NO," + +EXTRA_OECMAKE += "-DENABLE_PROBES_LINUX=ON -DENABLE_PROBES_UNIX=ON \ + -DENABLE_PROBES_SOLARIS=OFF -DENABLE_PROBES_INDEPENDENT=ON \ + -DENABLE_OSCAP_UTIL=ON -DENABLE_OSCAP_UTIL_SSH=ON \ + -DENABLE_OSCAP_UTIL_DOCKER=OFF -DENABLE_OSCAP_UTIL_CHROOT=OFF \ + -DENABLE_OSCAP_UTIL_PODMAN=OFF -DENABLE_OSCAP_UTIL_VM=OFF \ + -DENABLE_PROBES_WINDOWS=OFF -DENABLE_VALGRIND=OFF \ + -DENABLE_SCE=ON -DENABLE_MITRE=OFF -DENABLE_TESTS=OFF \ + -DCMAKE_SKIP_INSTALL_RPATH=ON -DCMAKE_SKIP_RPATH=ON \ + -DPREFERRED_PYTHON_PATH=${bindir}/python3 \ + -DPYTHON3_PATH=${bindir}/python3 \ + " + +STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source" +STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts" + +do_configure:append:class-native () { + sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${B}/config.h + sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${B}/config.h + sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${B}/config.h +} + +do_install:append () { + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + if ${@bb.utils.contains('PACKAGECONFIG','remdediate_service','true','false',d)}; then + install -D -m 0644 ${B}/oscap-remediate.service ${D}${systemd_system_unitdir}/oscap-remediate.service + fi + fi +} + +do_install:class-native[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}" +do_install:append:class-native () { + oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native} + install -d $oscapdir + cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir +} + + +SYSTEMD_PACKAGES = "${PN}" +SYSTEMD_SERVICE:${PN} = "${@bb.utils.contains('PACKAGECONFIG','remdediate_service', 'oscap-remediate.service', '',d)}" +SYSTEMD_AUTO_ENABLE = "disable" + + +FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR}" + + +RDEPENDS:${PN} = "libxml2 python3-core libgcc bash" +RDEPENDS:${PN}-class-target = "libxml2 python3-core libgcc bash os-release" +BBCLASSEXTEND = "native" diff --git a/recipes-compliance/scap-security-guide/files/run-ptest b/recipes-compliance/scap-security-guide/files/run-ptest new file mode 100644 index 0000000..e8d270f --- /dev/null +++ b/recipes-compliance/scap-security-guide/files/run-ptest @@ -0,0 +1,7 @@ +#!/bin/sh + +export PYTHONPATH="/usr/lib/scap-security-guide/ptest/git:$PYTHONPATH" + +cd git/build + +ctest --output-on-failure -E unique-stigids diff --git a/recipes-compliance/scap-security-guide/files/run_eval.sh b/recipes-compliance/scap-security-guide/files/run_eval.sh new file mode 100644 index 0000000..cc79bac --- /dev/null +++ b/recipes-compliance/scap-security-guide/files/run_eval.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +oscap xccdf eval --results results.xml --report report.html --profile xccdf_org.ssgproject.content_profile_standard /usr/share/xml/scap/ssg/content/ssg-openembedded-ds.xml diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb new file mode 100644 index 0000000..5e45332 --- /dev/null +++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb @@ -0,0 +1,92 @@ +# Copyright (C) 2017 - 2024 Armin Kuster <akuster808@gmail.com> +# Released under the MIT license (see COPYING.MIT for the terms) + +SUMARRY = "SCAP content for various platforms, upstream version" +HOME_URL = "https://www.open-scap.org/security-policies/scap-security-guide/" +LIC_FILES_CHKSUM = "file://LICENSE;md5=9bfa86579213cb4c6adaffface6b2820" +LICENSE = "BSD-3-Clause" + +SRCREV = "459f0abf2ac08d36e5fc4a2619bc75cff7000da9" +SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=stable;protocol=https \ + file://run_eval.sh \ + file://run-ptest \ + " + + +DEPENDS = "openscap-native python3-pyyaml-native python3-jinja2-native libxml2-native expat-native coreutils-native" + +S = "${WORKDIR}/git" +B = "${S}/build" + +inherit cmake pkgconfig python3native python3targetconfig ptest + +STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts" +export OSCAP_CPE_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe" +export OSCAP_SCHEMA_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas" +export OSCAP_XSLT_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl" + +OECMAKE_GENERATOR = "Unix Makefiles" + +EXTRA_OECMAKE += "-DENABLE_PYTHON_COVERAGE=OFF -DSSG_PRODUCT_DEFAULT=OFF -DSSG_PRODUCT_OPENEMBEDDED=ON" + +do_configure[depends] += "openscap-native:do_install" + +do_configure:prepend () { + sed -i -e 's:NAMES\ sed:NAMES\ ${HOSTTOOLS_DIR}/sed:g' ${S}/CMakeLists.txt + sed -i -e 's:NAMES\ grep:NAMES\ ${HOSTTOOLS_DIR}/grep:g' ${S}/CMakeLists.txt +} + +do_install:append() { + install -d ${D}${datadir}/openscap + install ${WORKDIR}/run_eval.sh ${D}${datadir}/openscap/. +} + +do_compile_ptest() { + cd ${S}/build + cmake ../ + make +} + +do_install_ptest() { + + # remove host & work dir from tests + for x in $(find ${S}/build -type f) ; + do + sed -e 's#${HOSTTOOLS_DIR}/##g' \ + -e 's#${RECIPE_SYSROOT_NATIVE}##g' \ + -e 's#${WORKDIR}#${PTEST_PATH}#g' \ + -e 's#/.*/xmllint#/usr/bin/xmllint#g' \ + -e 's#/.*/oscap#/usr/bin/oscap#g' \ + -e 's#/python3-native##g' \ + -i ${x} + done + + for x in $(find ${S}/build-scripts -type f) ; + do + sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' ${x} + done + + for x in $(find ${S}/tests -type f) ; + do + sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' ${x} + done + + for x in $(find ${S}/utils -type f) ; + do + sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' ${x} + done + + PDIRS="apple_os build controls products shared components applications linux_os ocp-resources tests utils ssg build-scripts" + t=${D}/${PTEST_PATH}/git + for d in ${PDIRS}; do + install -d ${t}/$d + cp -fr ${S}/$d/* ${t}/$d/. + done +} + +FILES:${PN} += "${datadir}/xml ${datadir}/openscap" + +RDEPENDS:${PN} = "openscap" +RDEPENDS:${PN}-ptest = "cmake grep sed bash git python3 python3-modules python3-mypy python3-pyyaml python3-yamlpath python3-xmldiff python3-json2html python3-pandas python3-openpyxl python3-pytest libxml2-utils libxslt-bin" + +COMPATIBLE_HOST:libc-musl = "null" |