diff options
Diffstat (limited to 'dynamic-layers/meta-perl/recipes-scanners')
2 files changed, 53 insertions, 0 deletions
diff --git a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb new file mode 100644 index 0000000..8006c9f --- /dev/null +++ b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb @@ -0,0 +1,29 @@ +SUMMARY = "basic system security checks" +DESCRIPTION = "checksecurity is a simple package which will scan your system for several simple security holes." +SECTION = "security" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" + +SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}+nmu1.tar.gz \ + file://check-setuid-use-more-portable-find-args.patch \ + " + +SRC_URI[sha256sum] = "9803b3760e9ec48e06ebaf48cec081db48c6fe72254a476224e4c5c55ed97fb0" + +S = "${WORKDIR}/checksecurity-${PV}+nmu1" + + +# allow for anylocal, no need to patch +LOGDIR="/etc/checksecurity" + +do_compile() { + sed -i -e "s;LOGDIR=/var/log/setuid;LOGDIR=${LOGDIR};g" ${B}/etc/check-setuid.conf + sed -i -e "s;LOGDIR=/var/log/setuid;LOGDIR=${LOGDIR};g" ${B}/plugins/check-setuid + sed -i -e "s;LOGDIR:=/var/log/setuid;LOGDIR:=${LOGDIR};g" ${B}/plugins/check-setuid +} + +do_install() { + oe_runmake PREFIX=${D} +} + +RDEPENDS:${PN} = "perl libenv-perl perl-module-tie-array perl-module-getopt-long perl-module-file-glob perl-module-carp perl-module-env perl-module-tap-parser-iterator-array util-linux findutils coreutils" diff --git a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch new file mode 100644 index 0000000..1754e1e --- /dev/null +++ b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch @@ -0,0 +1,24 @@ +From f3073b8e06a607677d47ad9a19533b2e33408a4f Mon Sep 17 00:00:00 2001 +From: Christopher Larson <chris_larson@mentor.com> +Date: Wed, 5 Sep 2018 23:21:43 +0500 +Subject: [PATCH] check-setuid: use more portable find args + +Upstream-Status: Pending +Signed-off-by: Christopher Larson <chris_larson@mentor.com> +--- + plugins/check-setuid | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +Index: checksecurity-2.0.16+nmu1/plugins/check-setuid +=================================================================== +--- checksecurity-2.0.16+nmu1.orig/plugins/check-setuid ++++ checksecurity-2.0.16+nmu1/plugins/check-setuid +@@ -100,7 +100,7 @@ ionice -t -c3 \ + find `mount | grep -vE "$CHECKSECURITY_FILTER" | cut -d ' ' -f 3` \ + -ignore_readdir_race \ + -xdev $PATHCHK \ +- \( -type f -perm /06000 -o \( \( -type b -o -type c \) \ ++ \( -type f \( -perm -4000 -o -perm -2000 \) -o \( \( -type b -o -type c \) \ + $DEVCHK \) \) \ + -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | + sort -k 12 >$TMPSETUID |