5 files changed, 220 insertions, 0 deletions
diff --git a/recipes-compliance/lynis/lynis_3.1.1.bb b/recipes-compliance/lynis/lynis_3.1.1.bb
new file mode 100644
index 0000000..b69f4df
--- /dev/null
+++ b/recipes-compliance/lynis/lynis_3.1.1.bb
@@ -0,0 +1,42 @@
+# Copyright (C) 2017 Armin Kuster  <akuster808@gmail.com>
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+SUMMARY = "Lynis is a free and open source security and auditing tool."
+HOMEDIR = "https://cisofy.com/"
+LICENSE = "GPL-3.0-only"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=3edd6782854304fd11da4975ab9799c1"
+
+SRC_URI = "https://downloads.cisofy.com/lynis/${BPN}-${PV}.tar.gz"
+
+SRC_URI[sha256sum] = "d72f4ee7325816bb8dbfcf31eb104207b9fe58a2493c2a875373746a71284cc3"
+
+#UPSTREAM_CHECK = "https://downloads.cisofy.com/lynis"
+
+S = "${WORKDIR}/${BPN}"
+
+inherit autotools-brokensep
+
+do_compile[noexec] = "1"
+do_configure[noexec] = "1"
+
+do_install () {
+	install -d ${D}/${bindir}
+	install -d ${D}/${sysconfdir}/lynis
+	install -m 555 ${S}/lynis ${D}/${bindir}
+
+	install -d ${D}/${datadir}/lynis/db
+	install -d ${D}/${datadir}/lynis/plugins
+	install -d ${D}/${datadir}/lynis/include
+	install -d ${D}/${datadir}/lynis/extras
+
+	cp -r ${S}/db/* ${D}/${datadir}/lynis/db/.
+	cp -r ${S}/plugins/*  ${D}/${datadir}/lynis/plugins/.
+	cp -r ${S}/include/* ${D}/${datadir}/lynis/include/.
+	cp -r ${S}/extras/*  ${D}/${datadir}/lynis/extras/.
+        cp ${S}/*.prf ${D}/${sysconfdir}/lynis
+}
+
+FILES:${PN} += "${sysconfdir}/developer.prf ${sysconfdir}/default.prf"
+FILES:${PN}-doc += "lynis.8 FAQ README CHANGELOG.md CONTRIBUTIONS.md CONTRIBUTORS.md" 
+
+RDEPENDS:${PN} += "procps findutils coreutils iproute2-ip iproute2-ss net-tools"
diff --git a/recipes-compliance/openscap/openscap_1.3.9.bb b/recipes-compliance/openscap/openscap_1.3.9.bb
new file mode 100644
index 0000000..b35ce9f
--- /dev/null
+++ b/recipes-compliance/openscap/openscap_1.3.9.bb
@@ -0,0 +1,76 @@
+# Copyright (C) 2017  - 2023 Armin Kuster  <akuster808@gmail.com>
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+SUMARRY = "NIST Certified SCAP 1.2 toolkit"
+HOME_URL = "https://www.open-scap.org/tools/openscap-base/"
+LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24"
+LICENSE = "LGPL-2.1-only"
+
+DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig libpcre  xmlsec1"
+DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native libpcre-native xmlsec1-native"
+
+#March 18th, 2024
+SRCREV = "0e7f654570971c1acee6dd3f34b17121372d6152"
+SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https "
+
+S = "${WORKDIR}/git"
+
+inherit cmake pkgconfig python3native python3targetconfig perlnative systemd
+
+PACKAGECONFIG ?= "python3 rpm perl gcrypt ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
+PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=ON, ,python3, python3"
+PACKAGECONFIG[perl] = "-DENABLE_PERL=ON, ,perl, perl"
+PACKAGECONFIG[rpm] = "-DENABLE_OSCAP_UTIL_AS_RPM=ON, ,rpm, rpm"
+PACKAGECONFIG[gcrypt] = "-DWITH_CRYPTO=gcrypt, ,libgcrypt"
+PACKAGECONFIG[nss3] = "-DWITH_CRYPTO=nss3, ,nss"
+PACKAGECONFIG[selinux] = ", ,libselinux"
+PACKAGECONFIG[remdediate_service] = "-DENABLE_OSCAP_REMEDIATE_SERVICE=ON,-DENABLE_OSCAP_REMEDIATE_SERVICE=NO,"
+
+EXTRA_OECMAKE += "-DENABLE_PROBES_LINUX=ON -DENABLE_PROBES_UNIX=ON \
+                  -DENABLE_PROBES_SOLARIS=OFF -DENABLE_PROBES_INDEPENDENT=ON \
+                  -DENABLE_OSCAP_UTIL=ON -DENABLE_OSCAP_UTIL_SSH=ON \
+                  -DENABLE_OSCAP_UTIL_DOCKER=OFF -DENABLE_OSCAP_UTIL_CHROOT=OFF \
+                  -DENABLE_OSCAP_UTIL_PODMAN=OFF -DENABLE_OSCAP_UTIL_VM=OFF \
+                  -DENABLE_PROBES_WINDOWS=OFF -DENABLE_VALGRIND=OFF \
+                  -DENABLE_SCE=ON -DENABLE_MITRE=OFF -DENABLE_TESTS=OFF \
+                  -DCMAKE_SKIP_INSTALL_RPATH=ON -DCMAKE_SKIP_RPATH=ON \
+                  -DPREFERRED_PYTHON_PATH=${bindir}/python3 \
+                  -DPYTHON3_PATH=${bindir}/python3 \
+                  "
+
+STAGING_OSCAP_DIR = "${TMPDIR}/work-shared/${MACHINE}/oscap-source"
+STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
+
+do_configure:append:class-native () {
+    sed -i 's:OSCAP_DEFAULT_CPE_PATH.*$:OSCAP_DEFAULT_CPE_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe":' ${B}/config.h
+    sed -i 's:OSCAP_DEFAULT_SCHEMA_PATH.*$:OSCAP_DEFAULT_SCHEMA_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas":' ${B}/config.h
+    sed -i 's:OSCAP_DEFAULT_XSLT_PATH.*$:OSCAP_DEFAULT_XSLT_PATH "${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl":' ${B}/config.h
+}
+
+do_install:append () {
+    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+        if ${@bb.utils.contains('PACKAGECONFIG','remdediate_service','true','false',d)}; then
+            install -D -m 0644 ${B}/oscap-remediate.service ${D}${systemd_system_unitdir}/oscap-remediate.service
+        fi
+    fi
+}
+
+do_install:class-native[cleandirs] += " ${STAGING_OSCAP_BUILDDIR}"
+do_install:append:class-native () {
+    oscapdir=${STAGING_OSCAP_BUILDDIR}/${datadir_native}
+    install -d $oscapdir
+    cp -a ${D}/${STAGING_DATADIR_NATIVE}/openscap $oscapdir
+}
+
+
+SYSTEMD_PACKAGES = "${PN}"
+SYSTEMD_SERVICE:${PN} = "${@bb.utils.contains('PACKAGECONFIG','remdediate_service', 'oscap-remediate.service', '',d)}"
+SYSTEMD_AUTO_ENABLE = "disable"
+
+
+FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR}"
+
+
+RDEPENDS:${PN} = "libxml2 python3-core libgcc bash"
+RDEPENDS:${PN}-class-target = "libxml2 python3-core libgcc bash os-release"
+BBCLASSEXTEND = "native"
diff --git a/recipes-compliance/scap-security-guide/files/run-ptest b/recipes-compliance/scap-security-guide/files/run-ptest
new file mode 100644
index 0000000..e8d270f
--- /dev/null
+++ b/recipes-compliance/scap-security-guide/files/run-ptest
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+export PYTHONPATH="/usr/lib/scap-security-guide/ptest/git:$PYTHONPATH"
+
+cd git/build
+
+ctest --output-on-failure -E unique-stigids
diff --git a/recipes-compliance/scap-security-guide/files/run_eval.sh b/recipes-compliance/scap-security-guide/files/run_eval.sh
new file mode 100644
index 0000000..cc79bac
--- /dev/null
+++ b/recipes-compliance/scap-security-guide/files/run_eval.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+oscap xccdf eval --results results.xml --report report.html --profile xccdf_org.ssgproject.content_profile_standard /usr/share/xml/scap/ssg/content/ssg-openembedded-ds.xml
diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb
new file mode 100644
index 0000000..5e45332
--- /dev/null
+++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb
@@ -0,0 +1,92 @@
+# Copyright (C) 2017 - 2024 Armin Kuster  <akuster808@gmail.com>
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+SUMARRY = "SCAP content for various platforms, upstream version"
+HOME_URL = "https://www.open-scap.org/security-policies/scap-security-guide/"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=9bfa86579213cb4c6adaffface6b2820"
+LICENSE = "BSD-3-Clause"
+
+SRCREV = "459f0abf2ac08d36e5fc4a2619bc75cff7000da9"
+SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=stable;protocol=https \
+           file://run_eval.sh \
+           file://run-ptest \
+           "
+
+
+DEPENDS = "openscap-native python3-pyyaml-native python3-jinja2-native libxml2-native expat-native coreutils-native"
+
+S = "${WORKDIR}/git"
+B = "${S}/build"
+
+inherit cmake pkgconfig python3native python3targetconfig ptest
+
+STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
+export OSCAP_CPE_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe"
+export OSCAP_SCHEMA_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/schemas"
+export OSCAP_XSLT_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/xsl"
+
+OECMAKE_GENERATOR = "Unix Makefiles"
+
+EXTRA_OECMAKE += "-DENABLE_PYTHON_COVERAGE=OFF -DSSG_PRODUCT_DEFAULT=OFF -DSSG_PRODUCT_OPENEMBEDDED=ON"
+
+do_configure[depends] += "openscap-native:do_install"
+
+do_configure:prepend () {
+    sed -i -e 's:NAMES\ sed:NAMES\ ${HOSTTOOLS_DIR}/sed:g' ${S}/CMakeLists.txt
+    sed -i -e 's:NAMES\ grep:NAMES\ ${HOSTTOOLS_DIR}/grep:g' ${S}/CMakeLists.txt
+}
+
+do_install:append() {
+    install -d ${D}${datadir}/openscap
+    install  ${WORKDIR}/run_eval.sh ${D}${datadir}/openscap/.
+}
+
+do_compile_ptest() {
+    cd ${S}/build
+    cmake ../
+    make 
+}
+
+do_install_ptest() {
+
+    # remove host & work dir from tests
+    for x in $(find ${S}/build -type f) ;
+    do
+       sed -e 's#${HOSTTOOLS_DIR}/##g' \
+           -e 's#${RECIPE_SYSROOT_NATIVE}##g' \
+           -e 's#${WORKDIR}#${PTEST_PATH}#g' \
+           -e 's#/.*/xmllint#/usr/bin/xmllint#g' \
+           -e 's#/.*/oscap#/usr/bin/oscap#g' \
+           -e 's#/python3-native##g' \
+           -i ${x}
+    done
+
+    for x in $(find ${S}/build-scripts -type f) ;
+    do
+       sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' ${x}
+    done
+
+    for x in $(find ${S}/tests -type f) ;
+    do
+       sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' ${x}
+    done
+
+    for x in $(find ${S}/utils -type f) ;
+    do
+       sed -i -e '1s|^#!.*|#!/usr/bin/env python3|' ${x}
+    done
+
+    PDIRS="apple_os build controls products shared components applications linux_os ocp-resources tests utils ssg build-scripts"
+    t=${D}/${PTEST_PATH}/git
+    for d in ${PDIRS}; do
+        install -d ${t}/$d
+        cp -fr ${S}/$d/* ${t}/$d/.
+    done
+}
+
+FILES:${PN} += "${datadir}/xml ${datadir}/openscap"
+
+RDEPENDS:${PN} = "openscap"
+RDEPENDS:${PN}-ptest = "cmake grep sed bash git python3 python3-modules python3-mypy python3-pyyaml python3-yamlpath python3-xmldiff python3-json2html python3-pandas python3-openpyxl python3-pytest libxml2-utils libxslt-bin"
+
+COMPATIBLE_HOST:libc-musl = "null"