summaryrefslogtreecommitdiffstats
path: root/recipes-ids
Commit message (Collapse)AuthorAgeFilesLines
* samhain: remove the buildpathMingli Yu2023-11-081-0/+4
| | | | | | | | | | Fixes: WARNING: samhain-server-4.4.10-r0 do_package_qa: QA Issue: File /var/lib/samhain/samhain-install.sh in package samhain-server contains reference to TMPDIR [buildpaths] WARNING: samhain-server-4.4.10-r0 do_package_qa: QA Issue: File /usr/share/doc/samhain-server/scripts/samhain.ebuild-light in package samhain-server-doc contains reference to TMPDIR File /usr/share/doc/samhain-server/scripts/samhain.ebuild in package samhain-server-doc contains reference to TMPDIR [buildpaths] Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libhtp: update to 0.5.45Armin Kuster2023-09-251-0/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: Update to 7.0.0Armin Kuster2023-09-254-673/+1101
| | | | | | | refersh patches update libhtp Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: fix build issue.Armin Kuster2023-09-121-1/+2
| | | | | | If you want to try to generate the lock file without accessing the network, remove the --frozen flag and use --offline instead. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ossec-hids: Fix usermodArmin Kuster2023-07-311-53/+58
| | | | | | | Use built in USERMOD to set uid and gid properly. convert to using OSSEC_DIR instead of DIR Signed-off-by: Armin Kuster <akuster808@gmail.com>
* .patch: remove probably unused patchesMartin Jansa2023-06-251-18/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There could be some false possitives (the script is far from perfect), so please test it on your QA, I've only double checked with "git grep" (the script looks only in parent directory). @ ~/layers/meta-security $ /OE/extra-layers/meta-ros/scripts/check-patch-files.sh . ./recipes-ids/tripwire/files/add_armeb_arch.patch: not used in any recipe ./dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch: not used in any recipe ./recipes-scanners/clamav/files/fix2_libcurl_check.patch: not used in any recipe ./recipes-scanners/arpwatch/files/postfix_workaround.patch: not used in any recipe ./meta-tpm/recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch: not used in any recipe ./meta-tpm/recipes-tpm/libtpm/files/fix_signed_issue.patch: not used in any recipe ./meta-tpm/recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch: not used in any recipe ./meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch: not used in any recipe ./meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch: not used in any recipe ./recipes-mac/AppArmor/files/disable_perl_h_check.patch: not used in any recipe @ ~/layers/meta-security $ git grep add_armeb_arch.patch @ ~/layers/meta-security $ git grep 0001-To-fix-build-error-of-xrang.patch @ ~/layers/meta-security $ git grep fix2_libcurl_check.patch @ ~/layers/meta-security $ git grep postfix_workaround.patch @ ~/layers/meta-security $ git grep Use-format-s-for-call-to-dprintf.patch @ ~/layers/meta-security $ git grep fix_signed_issue.patch @ ~/layers/meta-security $ git grep Convert-another-vdprintf-to-dprintf.patch @ ~/layers/meta-security $ git grep fix_lib_search_path.patch @ ~/layers/meta-security $ git grep fix_fcntl_h.patch @ ~/layers/meta-security $ git grep disable_perl_h_check.patch Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* *.patch: fix malformed Upstream-Status and SOB linesMartin Jansa2023-06-253-8/+8
| | | | | | | | | | | | | | | | | | | | | | * as reported by openembedded-core/scripts/contrib/patchreview.py -v . Malformed Signed-off-by 'Signed-Off-By:' (./recipes-mac/AppArmor/files/crosscompile_perl_bindings.patch) Malformed Signed-off-by 'Signed-Off-By:' (./recipes-mac/AppArmor/files/disable_perl_h_check.patch) Missing Upstream-Status tag (./recipes-compliance/scap-security-guide/files/0001-standard.profile-expand-checks.patch) Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/samhain/files/samhain-not-run-ptest-on-host.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/samhain/files/samhain-pid-path.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/suricata/files/fixup.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-scanners/clamav/files/fix2_libcurl_check.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/isic/files/configure_fix.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/krill/files/panic_workaround.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/opendnssec/files/libdns_conf_fix.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/opendnssec/files/libxml2_conf.patch Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: Update to 4.4.10Armin Kuster2023-05-221-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 6.0.11Armin Kuster2023-05-061-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libhtp: update to 0.5.43Armin Kuster2023-05-061-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ossec-hids: update to tip of 3.7.0Armin Kuster2023-05-061-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: Missed on crate dependsArmin Kuster2023-04-081-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: Fixup to work within the recent crate changes.Armin Kuster2023-04-082-90/+725
| | | | | | | | Had to delete some wonky Cargo.toml files to get update_crates to work. Manually updated one crate to a newer version included by update_crates as it would not compile. Manually applied several crates missed by update_crates. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 6.0.10Armin Kuster2023-03-201-1/+2
| | | | | | fixup another python file to use py3 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libhtp: update to 0.5.42Armin Kuster2023-03-201-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: rework due to changed cache handlingMax Krummenacher2023-01-284-8/+9
| | | | | | | | | | | | | | | | | | | | | | | OE-Core changed the cache handling which made the use of ${BPN} no fail. | Parsing recipes...WARNING: .../samhain-standalone.bb: Exception during build_dependencies for do_configure | WARNING: .../samhain-standalone.bb: Error during finalise of .../samhain-standalone.bb | ERROR: ExpansionError during parsing .../samhain-standalone.bb | Traceback (most recent call last): | File "Var <MODE_NAME>", line 1, in <module> | bb.data_smart.ExpansionError: Failure expanding variable MODE_NAME, expression was ${@d.getVar('BPN').split('-')[1]} which triggered exception IndexError: list index out of range | The variable dependency chain for the failure is: MODE_NAME -> SAMHAIN_MODE -> do_configure Simplify the setting of MODE_NAME and SAMHAIN_MODE by setting them in the recipe files where we know their values. bitbake: ee89ade5 cache/codeparser: Switch to a new BB_CACHEDIR variable for cache location oe-core: 7c15e03dd3 bitbake.conf: Add BB_HASH_CODEPARSER_VALS Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: fix compile issueArmin Kuster2022-09-121-0/+2
| | | | | | make[2]: *** No rule to make target '../rust/target/arm-poky-linux-gnueabi/release/libsuricata.a', needed by 'suricata' Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain-standalone: fix buildpaths issueMingli Yu2022-08-252-0/+45
| | | | | | | | | Fixes: WARNING: samhain-standalone-4.4.9-r0 do_package_qa: QA Issue: File /usr/share/doc/samhain-standalone/scripts/samhain.ebuild-light in package samhain-standalone-doc contains reference to TMPDIR File /usr/share/doc/samhain-standalone/scripts/samhain.ebuild in package samhain-standalone-doc contains reference to TMPDIR [buildpaths] Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* aide: add UPSTREAM_CHECK_URIArmin Kuster2022-08-021-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 6.0.5Armin Kuster2022-07-301-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* aide.conf: adjust to allow for build time db creationArmin Kuster2022-06-231-7/+4
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* aide: add native support for build time db creationArmin Kuster2022-06-231-2/+30
| | | | | | | | | | | This will help create a aide db during build that is then installed on the rootfs for verification at boot time. This work was inspired by: Marco Cavallini Yocto Project Ambassador Signed-off-by: Armin Kuster <akuster808@gmail.com>
* aide: add a few more config optionsArmin Kuster2022-06-231-1/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* aide: fix typoYi Zhao2022-06-181-1/+2
| | | | | | | | Fix typo: RDPENDS_${PN} -> RDEPENDS:${PN} Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: update to 4.4.9Armin Kuster2022-05-231-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 5.0.5Armin Kuster2022-05-232-2/+2
| | | | libhtp rolls with it
* ossec-hids: update to 3.7.0Armin Kuster2022-05-231-1/+1
| | | | | | See https://github.com/ossec/ossec-hids/releases/tag/3.7.0 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* aide: Update 01.17.4Armin Kuster2022-05-231-1/+1
| | | | | | Precalculate buffer size in base64 functions (CVE-2021-45417) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* aide: Add depend on audit when audit is enabled.Jeremy A. Puhlman2022-05-231-1/+1
| | | | | | | | | | checking for libaudit.h... no | configure: error: You don't have libaudit properly installed. Install it if you need it. | NOTE: The following config.log files may provide further information. Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: drop nfnetlink from pkg configArmin Kuster2022-05-141-1/+2
| | | | | | nfnetlink has a layer dependancy to meta-networking. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* LICENSE: update to SPDX standard namesJoe Slater2022-04-133-3/+3
| | | | | | | Use convert-spdx-licenses.py to update LICENSE in recipes. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain.inc: Correct LICENSE to GPL-2.0-onlyRanjitsinh Rathod2022-04-131-1/+1
| | | | | | | | | It seems below change done manually and so LICENSE variable modified from GPLv2 to GPL-2.0-or-later. But it should be GPL-2.0-only Link: https://git.yoctoproject.org/meta-security/commit/?id=c56ae450c93a1383a1ce800a32a6ef2c3fbbae1c Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: update to 4.4.7Armin Kuster2022-04-071-2/+2
| | | | | | This fixes musl builds too. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security : Use SPDX style licensing formatAshish Sharma2022-04-022-2/+2
| | | | | | | | | | | | | | WARNING: selinux-sandbox-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: selinux-gui-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: semodule-utils-3.3-r0.1 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: selinux-dbus-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: libwhisker2-perl-2.5-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-1.0+ [obsolete-license] \ WARNING: lib-perl-0.63-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-1.0+ [obsolete-license] \ WARNING: libhtp-0.5.39-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ ... Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: Use renamed SKIP_RECIPE varFlagArmin Kuster2022-02-221-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 6.0.4Armin Kuster2022-02-042-3/+3
| | | | | | bump lexical-core to 0.6.8 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: upgrade 4.4.3 -> 4.4.6Yi Zhao2022-01-301-2/+2
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: Update SRC_URI branch and protocolsArmin Kuster2021-11-043-3/+3
| | | | | | | | This patch updates SRC_URIs using git to include branch=master if no branch is set and also to use protocol=https for github urls as generated by the conversion script in OE-Core. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: rust is in coreArmin Kuster2021-08-269-0/+1623
| | | | | | drop dynamic-layer Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security: Convert to new override syntaxArmin Kuster2021-08-018-38/+38
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* crowdsec: add pkgArmin Kuster2021-07-281-0/+42
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: Drop 4.1.x its EOLArmin Kuster2021-07-2811-1556/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ossec-hids: musl not compatableArmin Kuster2021-06-051-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* aide: Add another idsArmin Kuster2021-05-162-0/+135
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: 4.1.x add UPSTREAM_CHECK_URIArmin Kuster2021-05-161-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ossec-hids: add UPSTREAM_CHECK_COMMITSArmin Kuster2021-05-161-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tripwire: Blacklist pkg, upstream seems abandondArmin Kuster2021-05-161-0/+2
| | | | | | | Last update was 2018. Does not build with gcc11. There are other actively maintained IDS options. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ossec-hids: add new pkgArmin Kuster2021-04-263-0/+449
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-suricata-update: update to 1.2.1Armin Kuster2021-04-121-3/+5
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: fix compile error on powerpcKai Kang2021-03-182-0/+29
| | | | | | | | | | | | | | It fails to comile samhain for powerpc(qemuppc): | x_sh_dbIO.c: In function 'swap_short': | x_sh_dbIO.c:229:36: error: initializer element is not constant | 229 | static unsigned short ooop = *iptr; | | ^ Assign after initialization of the static variable to avoid the failure. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>