| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
This fixes the following error preventing startup in daemon mode:
suricata[20485]: 31/7/2018 -- 13:19:48 - <Error> - [ERRCODE: SC_ERR_MISSING_CONFIG_PARAM(118)] - NO logging compatible with daemon mode selected, suricata won't be able to log. Please update 'logging.outputs'
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This fixes the following error preventing startup:
suricata[18771]: 31/7/2018 -- 13:08:21 - <Error> - [ERRCODE: SC_ERR_LOGDIR_CONFIG(116)] - The logging directory "/var/log/suricata/" supplied by /etc/suricata/suricata.yaml (default-log-dir) doesn't exist. Shut>
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Based on the debian systemd unit.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
For inline IPS nfqueue is nice to have, so add a PACKAGECONFIG entry for
it.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
This preserves user edits during package upgrades.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Move ${PN}-python in front so ${PN} can use default packaging rules.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Apart from hardcoding the wrong networking device it won't survive device restart
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
log_check] WARNING: Intentionally failing postinstall scriptlets of ['suricata', 'clamav'] to defer them to first boot is deprecated. Please place them into pkg_postinst_ontarget_${PN} ()
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
[log_check] WARNING: Intentionally failing postinstall scriptlets of ['suricata', 'clamav'] to defer them to first boot is deprecated. Please place them into pkg_postinst_ontarget_${PN} ()
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers
to inject arbitrary OS commands via the Server field in an HTTP response header,
which is directly injected into a CSV report.
Signed-off-by: Nagalakshmi Veeramallu <nveeramallu@mvista.com>
Reviewed-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
| |
|
|
|
|
|
|
|
|
| |
status get by "systemctl status samhain" is not correct.
It is active(exited) now. but actually, there is a dameon
running, it should be active(running). so change Type of
servive.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
When systemd is used as system init manager, there is a build issue complains
"can't found apparmor.service". This patch fix it.
Signed-off-by: Jinliang Li <jinliang.li@linux.alibaba.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Refresh patches with devtool command.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
No packages depend on samhain-server-native and it doesn't
make sense to extend a server package to native, so remove
the BBCLASSEXTEND.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This solves the below error when systemd is used as init manager,
-- snip --
ERROR: clamav-0.99.2-r0 do_package: SYSTEMD_SERVICE_clamav value clamav.service does not exist
ERROR: clamav-0.99.2-r0 do_package: Function failed: systemd_populate_packages
-- snip --
Other issue:
* Ship /lib/systemd/system/clamav-freshclam.service into ${PN}-freshclam
package, to solve below warning:
-- snip --
[10240] WARNING: QA Issue: clamav: Files/directories were installed but not shipped in any package:
/lib/systemd/system/clamav-freshclam.service
-- snip --
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
removed unused hash checksums
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
resides in meta-networking now
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
drop git hash from PV
Use master branch
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
update some PACKAGECONFIG changes
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Drop patch included in update.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Drop git PV for bb reciped PV.
supports 4.15 kernel
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When used in native builds, the variable STAGING_DIR_HOST expands
to the empty string. This leads 'sed' to an error because the pattern
is empty. Using STAGING_DIR instead of STAGING_DIR_HOST allows
to use xmlsec1 in native builds with the correct behaviour.
Change-Id: I55f40ac2413863c489d4219e0080f7e4e274a6db
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Remove the absolute path for start-stop-daemon
to fix samhain start-up as start-stop-daemon
sometimes located in /usr/sbin, not the expected
/sbin.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fscryptctl is a low-level tool written in C that handles
raw keys and manages policies for Linux filesystem
encryption [1].
For a tool that presents a higher level interface and
manages metadata, key generation, key wrapping, PAM
integration, and passphrase hashing, see fscrypt [2].
[1] https://lwn.net/Articles/639427
[2] https://github.com/google/fscrypt
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old URL can't be available, give the new URL to keynote.
The project already moved to:
https://sourceforge.net/projects/keynote-2-3/
The different between old and new tarball was:
the old tarball contains doc directory, source codes were same.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
WARNING: bastille-3.2.1-r0 do_package_qa: QA Issue: Symlink /usr/sbin/UndoBastille in bastille points to TMPDIR [symlink-to-sysroot]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
libhtp updated in // as suricata contains the sources
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use '${COMMON_LICENSE_DIR}/MIT' for MIT License to fix the warning:
| WARNING: packagegroup-core-security do_populate_lic:
${COREBASE}/LICENSE is not a valid license file, please use
'${COMMON_LICENSE_DIR}/MIT' for a MIT License file in LIC_FILES_CHKSUM.
This will become an error in the future
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Add LDFLAGS variable to fix QA issue for GNU_HASH:
| ERROR: samhain-client-4.2.2-r0 do_package_qa: QA Issue:
No GNU_HASH in the elf binary: '/builddir/usr/sbin/samhain_setpwd' [ldflags]
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Add a patch to avoid searching host dir for postgresql,
and set PGSQL_INC_DIR and PGSQL_LIB_DIR instead.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* The "??=" assignment for PACKAGECONFIG is overridden by
the following "+=" assignments, which is not expected,
so combine them into one assignment with multiple lines.
* Fix a typo for postgresql.
* Remove unneeded quotation marks.
* run aotoconf to regenerate the configure, or the patch
for ps option doesn't work:
| configure: error: unrecognized option: --with-ps-path=/bin/ps
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
The extended attribute is required by selinux feature,
so add the dependency when selinux is enabled.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
configure.ac:8: http://www.gnu.org/software/automake/manual/automake.html#Modernize-AM_005fINIT_005fAUTOMAKE-invocation
| configure.ac:8: error: version mismatch. This is Automake 1.15.1,
| configure.ac:8: but the definition used by this AM_INIT_AUTOMAKE
add aclocal
and
make: Entering directory '/home/akuster/oss/clean/poky/build/tmp/work/mips64-poky-linux/apparmor/2.11.0-r0/apparmor-2.11.0/binutils'
| error: ../libraries/libapparmor//src/.libs/libapparmor.a is missing. Pick one of these possible solutions:
remove --disable-static
and
ERROR: apparmor-2.11.0-r0 do_package_qa: QA Issue: /usr/lib/apparmor/ptest/testsuite/parser/tst/gen-dbus.pl contained in package apparmor-ptest requires /usr/bin/perl, but no providers found in RDEPENDS_apparmor-ptest? [file-rdeps]
add perl to ptest RDEPENDS
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Don't want to add layer depends for one package unless needed.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
LIC_CHKSUM_FILES changed do to yr update.
add a few more PACKCONFIG
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easy to configure to read any log file you choose, for any error you choose.
Though Fail2Ban is able to reduce the rate of incorrect authentications attempts, it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* update to version 4.2.2
* Add new recipe for standalone mode
* Add systemd support
* Add patches to fix several issues
* samhain-standalone: add ptest support
* samhain-server: no need to depend on samhain-server-native
* Move common things from the bb to the inc file
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
