diff options
Diffstat (limited to 'dynamic-layers/meta-perl/recipes-security/bastille/files/organize_distro_discovery.patch')
| -rw-r--r-- | dynamic-layers/meta-perl/recipes-security/bastille/files/organize_distro_discovery.patch | 476 |
1 files changed, 476 insertions, 0 deletions
diff --git a/dynamic-layers/meta-perl/recipes-security/bastille/files/organize_distro_discovery.patch b/dynamic-layers/meta-perl/recipes-security/bastille/files/organize_distro_discovery.patch new file mode 100644 index 0000000..5a5be6f --- /dev/null +++ b/dynamic-layers/meta-perl/recipes-security/bastille/files/organize_distro_discovery.patch @@ -0,0 +1,476 @@ +Upstream-Status: Inappropriate [No upstream maintenance] + +Signed-off-by: Anne Mulhern <mulhern@yoctoproject.org> + +--- + +Index: Bastille/Bastille/API.pm +=================================================================== +--- Bastille.orig/Bastille/API.pm 2013-08-22 04:32:38.269968002 -0400 ++++ Bastille/Bastille/API.pm 2013-08-22 11:29:53.137968002 -0400 +@@ -141,7 +141,7 @@ + checkProcsForService + + +- $GLOBAL_OS $GLOBAL_ACTUAL_OS $CLI ++ $CLI + $GLOBAL_LOGONLY $GLOBAL_VERBOSE $GLOBAL_DEBUG $GLOBAL_AUDITONLY $GLOBAL_AUDIT_NO_BROWSER $errorFlag + %GLOBAL_BIN %GLOBAL_DIR %GLOBAL_FILE + %GLOBAL_BDIR %GLOBAL_BFILE +@@ -198,7 +198,7 @@ + my $err ="ERROR: "; + my $spc =" "; + my $GLOBAL_OS="None"; +-my $GLOBAL_ACTUAL_OS="None"; ++my $GLOBAL_INFERRED_OS="None"; + my %GLOBAL_SUMS=(); + my $CLI=''; + +@@ -306,7 +306,7 @@ + + ########################################################################### + # +-# GetDistro checks to see if the target is a known distribution and reports ++# InferDistro checks to see if the target is a known distribution and reports + # said distribution. + # + # This is used throughout the script, but also by ConfigureForDistro. +@@ -314,205 +314,194 @@ + # + ########################################################################### + +-sub GetDistro() { ++sub InferDistro() { + + my ($release,$distro); + +- # Only read files for the distro once. +- # if the --os option was used then +- if ($GLOBAL_OS eq "None") { +- if ( -e "/etc/mandrake-release" ) { +- open(MANDRAKE_RELEASE,"/etc/mandrake-release"); +- $release=<MANDRAKE_RELEASE>; +- +- if ( ($release =~ /^Mandrake Linux release (\d+\.\d+\w*)/) or ($release =~ /^Linux Mandrake release (\d+\.\d+\w*)/) ) { +- $distro="MN$1"; +- } +- elsif ( $release =~ /^Mandrakelinux release (\d+\.\d+)\b/ ) { +- $distro="MN$1"; +- } +- else { +- print STDERR "$err Couldn't determine Mandrake/Mandriva version! Setting to 10.1!\n"; +- $distro="MN10.1"; +- } +- +- close(MANDRAKE_RELEASE); +- } +- elsif ( -e "/etc/immunix-release" ) { +- open(IMMUNIX_RELEASE,"/etc/immunix-release"); +- $release=<IMMUNIX_RELEASE>; +- unless ($release =~ /^Immunix Linux release (\d+\.\d+\w*)/) { +- print STDERR "$err Couldn't determine Immunix version! Setting to 6.2!\n"; +- $distro="RH6.2"; +- } +- else { +- $distro="RH$1"; +- } +- close(*IMMUNIX_RELEASE); +- } +- elsif ( -e '/etc/fedora-release' ) { +- open(FEDORA_RELEASE,'/etc/fedora-release'); +- $release=<FEDORA_RELEASE>; +- close FEDORA_RELEASE; +- if ($release =~ /^Fedora Core release (\d+\.?\d*)/) { +- $distro = "RHFC$1"; +- } +- elsif ($release =~ /^Fedora release (\d+\.?\d*)/) { +- $distro = "RHFC$1"; +- } +- else { +- print STDERR "$err Could not determine Fedora version! Setting to Fedora Core 8\n"; +- $distro='RHFC8'; +- } ++ if ( -e "/etc/mandrake-release" ) { ++ open(MANDRAKE_RELEASE,"/etc/mandrake-release"); ++ $release=<MANDRAKE_RELEASE>; ++ ++ if ( ($release =~ /^Mandrake Linux release (\d+\.\d+\w*)/) or ($release =~ /^Linux Mandrake release (\d+\.\d+\w*)/) ) { ++ $distro="MN$1"; ++ } ++ elsif ( $release =~ /^Mandrakelinux release (\d+\.\d+)\b/ ) { ++ $distro="MN$1"; ++ } ++ else { ++ print STDERR "$err Could not infer Mandrake/Mandriva version! Setting to 10.1!\n"; ++ $distro="MN10.1"; ++ } ++ ++ close(MANDRAKE_RELEASE); ++ } ++ elsif ( -e "/etc/immunix-release" ) { ++ open(IMMUNIX_RELEASE,"/etc/immunix-release"); ++ $release=<IMMUNIX_RELEASE>; ++ unless ($release =~ /^Immunix Linux release (\d+\.\d+\w*)/) { ++ print STDERR "$err Could not infer Immunix version! Setting to 6.2!\n"; ++ $distro="RH6.2"; ++ } ++ else { ++ $distro="RH$1"; + } +- elsif ( -e "/etc/redhat-release" ) { +- open(*REDHAT_RELEASE,"/etc/redhat-release"); +- $release=<REDHAT_RELEASE>; +- if ($release =~ /^Red Hat Linux release (\d+\.?\d*\w*)/) { +- $distro="RH$1"; +- } +- elsif ($release =~ /^Red Hat Linux .+ release (\d+)\.?\d*([AEW]S)/) { +- $distro="RHEL$1$2"; +- } +- elsif ($release =~ /^Red Hat Enterprise Linux ([AEW]S) release (\d+)/) { +- $distro="RHEL$2$1"; ++ close(*IMMUNIX_RELEASE); ++ } ++ elsif ( -e '/etc/fedora-release' ) { ++ open(FEDORA_RELEASE,'/etc/fedora-release'); ++ $release=<FEDORA_RELEASE>; ++ close FEDORA_RELEASE; ++ if ($release =~ /^Fedora Core release (\d+\.?\d*)/) { ++ $distro = "RHFC$1"; ++ } ++ elsif ($release =~ /^Fedora release (\d+\.?\d*)/) { ++ $distro = "RHFC$1"; ++ } ++ else { ++ print STDERR "$err Could not infer Fedora version! Setting to Fedora Core 8\n"; ++ $distro='RHFC8'; ++ } ++ } ++ elsif ( -e "/etc/redhat-release" ) { ++ open(*REDHAT_RELEASE,"/etc/redhat-release"); ++ $release=<REDHAT_RELEASE>; ++ if ($release =~ /^Red Hat Linux release (\d+\.?\d*\w*)/) { ++ $distro="RH$1"; ++ } ++ elsif ($release =~ /^Red Hat Linux .+ release (\d+)\.?\d*([AEW]S)/) { ++ $distro="RHEL$1$2"; ++ } ++ elsif ($release =~ /^Red Hat Enterprise Linux ([AEW]S) release (\d+)/) { ++ $distro="RHEL$2$1"; ++ } ++ elsif ($release =~ /^CentOS release (\d+\.\d+)/) { ++ my $version = $1; ++ if ($version =~ /^4\./) { ++ $distro='RHEL4AS'; + } +- elsif ($release =~ /^CentOS release (\d+\.\d+)/) { +- my $version = $1; +- if ($version =~ /^4\./) { +- $distro='RHEL4AS'; +- } +- elsif ($version =~ /^3\./) { +- $distro='RHEL3AS'; +- } +- else { +- print STDERR "$err Could not determine CentOS version! Setting to Red Hat Enterprise 4 AS.\n"; +- $distro='RHEL4AS'; +- } +- } +- else { +- # JJB/HP - Should this be B_log? +- print STDERR "$err Couldn't determine Red Hat version! Setting to 9!\n"; +- $distro="RH9"; +- } +- close(REDHAT_RELEASE); +- +- } +- elsif ( -e "/etc/debian_version" ) { +- $stable="3.1"; #Change this when Debian stable changes +- open(*DEBIAN_RELEASE,"/etc/debian_version"); +- $release=<DEBIAN_RELEASE>; +- unless ($release =~ /^(\d+\.\d+\w*)/) { +- print STDERR "$err System is not running a stable Debian GNU/Linux version. Setting to $stable.\n"; +- $distro="DB$stable"; ++ elsif ($version =~ /^3\./) { ++ $distro='RHEL3AS'; + } + else { +- $distro="DB$1"; +- } +- close(DEBIAN_RELEASE); +- } +- elsif ( -e "/etc/SuSE-release" ) { +- open(*SUSE_RELEASE,"/etc/SuSE-release"); +- $release=<SUSE_RELEASE>; +- if ($release =~ /^SuSE Linux (\d+\.\d+\w*)/i) { +- $distro="SE$1"; +- } +- elsif ($release =~ /^SUSE LINUX Enterprise Server (\d+\.?\d?\w*)/i) { +- $distro="SESLES$1"; +- } +- elsif ($release =~ /^SUSE Linux Enterprise Server (\d+\.?\d?\w*)/i) { +- $distro="SESLES$1"; +- } +- elsif ($release =~ /^openSuSE (\d+\.\d+\w*)/i) { +- $distro="SE$1"; ++ print STDERR "$err Could not infer CentOS version! Setting to Red Hat Enterprise 4 AS.\n"; ++ $distro='RHEL4AS'; + } +- else { +- print STDERR "$err Couldn't determine SuSE version! Setting to 10.3!\n"; +- $distro="SE10.3"; +- } +- close(SUSE_RELEASE); +- } +- elsif ( -e "/etc/turbolinux-release") { +- open(*TURBOLINUX_RELEASE,"/etc/turbolinux-release"); +- $release=<TURBOLINUX_RELEASE>; +- unless ($release =~ /^Turbolinux Workstation (\d+\.\d+\w*)/) { +- print STDERR "$err Couldn't determine TurboLinux version! Setting to 7.0!\n"; +- $distro="TB7.0"; +- } +- else { +- $distro="TB$1"; +- } +- close(TURBOLINUX_RELEASE); ++ } ++ else { ++ # JJB/HP - Should this be B_log? ++ print STDERR "$err Could not infer Red Hat version! Setting to 9!\n"; ++ $distro="RH9"; ++ } ++ close(REDHAT_RELEASE); ++ ++ } ++ elsif ( -e "/etc/debian_version" ) { ++ $stable="3.1"; #Change this when Debian stable changes ++ open(*DEBIAN_RELEASE,"/etc/debian_version"); ++ $release=<DEBIAN_RELEASE>; ++ unless ($release =~ /^(\d+\.\d+\w*)/) { ++ print STDERR "$err System is not running a stable Debian GNU/Linux version. Setting to $stable.\n"; ++ $distro="DB$stable"; ++ } ++ else { ++ $distro="DB$1"; ++ } ++ close(DEBIAN_RELEASE); ++ } ++ elsif ( -e "/etc/SuSE-release" ) { ++ open(*SUSE_RELEASE,"/etc/SuSE-release"); ++ $release=<SUSE_RELEASE>; ++ if ($release =~ /^SuSE Linux (\d+\.\d+\w*)/i) { ++ $distro="SE$1"; ++ } ++ elsif ($release =~ /^SUSE LINUX Enterprise Server (\d+\.?\d?\w*)/i) { ++ $distro="SESLES$1"; ++ } ++ elsif ($release =~ /^SUSE Linux Enterprise Server (\d+\.?\d?\w*)/i) { ++ $distro="SESLES$1"; ++ } ++ elsif ($release =~ /^openSuSE (\d+\.\d+\w*)/i) { ++ $distro="SE$1"; ++ } ++ else { ++ print STDERR "$err Could not infer SuSE version! Setting to 10.3!\n"; ++ $distro="SE10.3"; + } ++ close(SUSE_RELEASE); ++ } ++ elsif ( -e "/etc/turbolinux-release") { ++ open(*TURBOLINUX_RELEASE,"/etc/turbolinux-release"); ++ $release=<TURBOLINUX_RELEASE>; ++ unless ($release =~ /^Turbolinux Workstation (\d+\.\d+\w*)/) { ++ print STDERR "$err Could not infer TurboLinux version! Setting to 7.0!\n"; ++ $distro="TB7.0"; ++ } + else { +- # We're either on Mac OS X, HP-UX or an unsupported O/S. +- if ( -x '/usr/bin/uname') { ++ $distro="TB$1"; ++ } ++ close(TURBOLINUX_RELEASE); ++ } ++ else { ++ # We're either on Mac OS X, HP-UX or an unsupported O/S. ++ if ( -x '/usr/bin/uname') { + # uname is in /usr/bin on Mac OS X and HP-UX +- $release=`/usr/bin/uname -sr`; +- } +- else { +- print STDERR "$err Could not determine operating system version!\n"; +- $distro="unknown" +- } +- +- # Figure out what kind of system we're on. +- if ($release ne "") { +- if ($release =~ /^Darwin\s+(\d+)\.(\d+)/) { +- if ($1 == 6 ) { +- $distro = "OSX10.2"; +- } +- elsif ($1 == 7) { +- $distro = "OSX10.3"; +- } +- elsif ($1 == 8) { +- $distro = "OSX10.3"; +- } +- else { +- $distro = "unknown"; +- } ++ $release=`/usr/bin/uname -sr`; ++ } ++ else { ++ print STDERR "$err Could not infer operating system version from filesystem context. Setting inferred distro to 'unknown'.\n"; ++ $distro="unknown"; ++ } ++ ++ # Figure out what kind of system we're on. ++ if ($release ne "") { ++ if ($release =~ /^Darwin\s+(\d+)\.(\d+)/) { ++ if ($1 == 6 ) { ++ $distro = "OSX10.2"; + } +- elsif ( $release =~ /(^HP-UX)\s*B\.(\d+\.\d+)/ ) { +- $distro="$1$2"; ++ elsif ($1 == 7) { ++ $distro = "OSX10.3"; + } ++ elsif ($1 == 8) { ++ $distro = "OSX10.3"; ++ } + else { +- print STDERR "$err Could not determine operating system version!\n"; +- $distro="unknown"; ++ print STDERR "$err Could not infer operating system version from filesystem context. Setting inferred distro to 'unknown'.\n"; ++ $distro = "unknown"; + } + } ++ elsif ( $release =~ /(^HP-UX)\s*B\.(\d+\.\d+)/ ) { ++ $distro="$1$2"; ++ } ++ else { ++ print STDERR "$err Could not infer operating system version from filesystem context. Setting inferred distro to 'unknown'.\n"; ++ $distro="unknown"; ++ } + } +- +- $GLOBAL_OS=$distro; +- } elsif (not (defined $GLOBAL_OS)) { +- print "ERROR: GLOBAL OS Scoping Issue\n"; +- } else { +- $distro = $GLOBAL_OS; + } +- + return $distro; + } + + ################################################################################### +-# &getActualDistro; # ++# &getInferredDistro; # + # # + # This subroutine returns the actual os version in which is running on. This # + # os version is independent of the --os switch feed to bastille. # + # # + ################################################################################### +-sub getActualDistro { +- # set local variable to $GLOBAL_OS ++sub getInferredDistro { ++ if ($GLOBAL_INFERRED_OS eq "None") { ++ $GLOBAL_INFERRED_OS = &InferDistro; ++ } ++ return $GLOBAL_INFERRED_OS; ++} + +- if ($GLOBAL_ACTUAL_OS eq "None") { +- my $os = $GLOBAL_OS; +- # undef GLOBAL_OS so that the GetDistro routine will return +- # the actualDistro, it might otherwise return the distro set +- # by the --os switch. +- $GLOBAL_OS = "None"; +- $GLOBAL_ACTUAL_OS = &GetDistro; +- # reset the GLOBAL_OS variable +- $GLOBAL_OS = $os; ++sub GetDistro { ++ if ($GLOBAL_OS eq "None") { ++ return &getInferredDistro; + } +- return $GLOBAL_ACTUAL_OS; ++ return $GLOBAL_OS; + } ++ + # These are helper routines which used to be included inside GetDistro + sub is_OS_supported($) { + my $os=$_[0]; +@@ -556,7 +545,8 @@ + "SE7.2","SE7.3", "SE8.0","SE8.1","SE9.0","SE9.1", + "SE9.2","SE9.3","SE10.0","SE10.1","SE10.2","SE10.3", + "SESLES8","SESLES9","SESLES10", +- "TB7.0" ++ "TB7.0", ++ "Yocto" + ], + + "HP-UX" => [ +@@ -882,23 +872,19 @@ + ########################################################################### + sub ConfigureForDistro { + +- my $retval=1; +- +- # checking to see if the os version given is in fact supported + my $distro = &GetDistro; + +- # checking to see if the actual os version is in fact supported +- my $actualDistro = &getActualDistro; ++ my $inferredDistro = &getInferredDistro; ++ ++ if (! ($inferredDistro eq $distro) ) { ++ print STDERR "WARNING: Inferred distro $inferredDistro is not the same as specified distro $distro. Using specified distro.\n"; ++ } ++ + $ENV{'LOCALE'}=''; # So that test cases checking for english results work ok. +- if ((! &is_OS_supported($distro)) or (! &is_OS_supported($actualDistro)) ) { +- # if either is not supported then print out a list of supported versions +- if (! &is_OS_supported($distro)) { +- print STDERR "$err '$distro' is not a supported operating system.\n"; +- } +- else { +- print STDERR "$err Bastille is unable to operate correctly on this\n"; +- print STDERR "$spc $distro operating system.\n"; +- } ++ ++ if (! &is_OS_supported($distro)) { ++ print STDERR "$err '$distro' is not a supported operating system.\n"; ++ + my %supportedOSHash = &getSupportedOSHash; + print STDERR "$spc Valid operating system versions are as follows:\n"; + +@@ -930,7 +916,7 @@ + # intend via setting the Perl umask + umask(077); + +- &getFileAndServiceInfo($distro,$actualDistro); ++ &getFileAndServiceInfo($distro,$distro); + + # &dumpFileInfo; # great for debuging file location issues + # &dumpServiceInfo; # great for debuging service information issues +@@ -942,7 +928,7 @@ + "$spc You must use Bastille\'s -n flag (for example:\n" . + "$spc bastille -f -n) or \'touch $nodisclaim_file \'\n"; + +- return $retval; ++ return 1; + } + + +Index: Bastille/Bastille/LogAPI.pm +=================================================================== +--- Bastille.orig/Bastille/LogAPI.pm 2013-08-22 04:32:38.269968002 -0400 ++++ Bastille/Bastille/LogAPI.pm 2013-08-22 04:32:47.509968002 -0400 +@@ -111,7 +111,7 @@ + # do this here to prevent bootstrapping problem, where we need to + # write an error that the errorlog location isn't defined. + my $logdir="/var/log/Bastille"; +- if(&getActualDistro =~ "^HP-UX"){ ++ if(&getInferredDistro =~ "^HP-UX"){ + $logdir = "/var/opt/sec_mgmt/bastille/log/"; + } + |