meta-security: subtree update:3001c3ebfc..b72cc7f87c

Armin Kuster (10):
      apparmor: add distro check
      smack: add distro check
      python-fail2ban: Drop python2 package
      python3-fail2ban: include python-fail2ban.inc
      google-authenticator-libpam: update to 1.07
      smack-test: add feature check for smack
      lib/oeqa/runtime: fix clamav test order
      clamav: update to 0.101.5
      meta-integrity: fix issues with yocto-check-layer
      fail2ban: fix runtime error

Change-Id: I4f7e656b0f9e2e9dc32989a1756c94e4e0143c42
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-security/lib/oeqa/runtime/cases/clamav.py b/meta-security/lib/oeqa/runtime/cases/clamav.py
index 2808df4..cf83937 100644
--- a/meta-security/lib/oeqa/runtime/cases/clamav.py
+++ b/meta-security/lib/oeqa/runtime/cases/clamav.py
@@ -48,6 +48,15 @@
         self.assertEqual(status, 0, msg = msg)
 
     @OETestDepends(['clamav.ClamavTest.test_ping_clamav_net'])
+    def test_freshclam_check_mirrors(self):
+        status, output = self.target.run('freshclam --list-mirrors')
+        match = re.search('Failures: 0', output)
+        if not match:
+            msg = ('freshclam --list-mirrors: failed. '
+               'Status and output:%s and %s' % (status, output))
+            self.assertEqual(status, 1, msg = msg)
+
+    @OETestDepends(['clamav.ClamavTest.test_freshclam_check_mirrors'])
     def test_freshclam_download(self):
         status, output = self.target.run('freshclam --show-progress')
         match = re.search('Database updated', output)
@@ -57,12 +66,3 @@
                'Status and output:%s and %s' % (status, output))
             self.assertEqual(status, 1, msg = msg)
 
-    @OETestDepends(['clamav.ClamavTest.test_ping_clamav_net'])
-    def test_freshclam_check_mirrors(self):
-        status, output = self.target.run('freshclam --list-mirrors')
-        match = re.search('Failures: 0', output)
-        if not match:
-            msg = ('freshclam --list-mirrors: failed. '
-               'Status and output:%s and %s' % (status, output))
-            self.assertEqual(status, 1, msg = msg)
-
diff --git a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
index 95c853a..dacdc8b 100644
--- a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
+++ b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
@@ -16,6 +16,9 @@
 
 SRC_URI = " file://ima"
 
+inherit features_check
+REQUIRED_DISTRO_FEATURES = "ima"
+
 do_install () {
     install -d ${D}/${sysconfdir}/ima
     install -d ${D}/init.d
diff --git a/meta-security/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb b/meta-security/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb
index 18acc9d..8196edb 100644
--- a/meta-security/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb
+++ b/meta-security/meta-integrity/recipes-core/packagegroups/packagegroup-ima-evm-utils.bb
@@ -1,7 +1,9 @@
 SUMMARY = "IMA/EVM userspace tools"
 LICENSE = "MIT"
 
-inherit packagegroup
+inherit packagegroup features_check
+
+REQUIRED_DISTRO_FEATURES = "ima"
 
 # Only one at the moment, but perhaps more will come in the future.
 RDEPENDS_${PN} = " \
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
index 92c24c9..7f649c2 100644
--- a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
+++ b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
@@ -23,7 +23,9 @@
 
 S = "${WORKDIR}/git"
 
-inherit pkgconfig autotools
+inherit pkgconfig autotools features_check
+
+REQUIRED_DISTRO_FEATURES = "ima"
 
 EXTRA_OECONF_append_class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}"
 
diff --git a/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb b/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb
index b58d3fe..da62a4c 100644
--- a/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb
+++ b/meta-security/meta-integrity/recipes-security/ima_policy_appraise_all/ima-policy-appraise-all_1.0.bb
@@ -9,6 +9,9 @@
 
 SRC_URI = " file://${IMA_POLICY}"
 
+inherit features_check
+REQUIRED_DISTRO_FEATURES = "ima"
+
 do_install () {
     install -d ${D}/${sysconfdir}/ima
     install ${WORKDIR}/${IMA_POLICY}  ${D}/${sysconfdir}/ima/ima-policy
diff --git a/meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb b/meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb
index 3352daa..ebb0426 100644
--- a/meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb
+++ b/meta-security/meta-integrity/recipes-security/ima_policy_hashed/ima-policy-hashed_1.0.bb
@@ -11,6 +11,9 @@
     file://${IMA_POLICY} \
 "
 
+inherit features_check
+REQUIRED_DISTRO_FEATURES = "ima"
+
 do_install () {
     install -d ${D}/${sysconfdir}/ima
     install ${WORKDIR}/${IMA_POLICY}  ${D}/${sysconfdir}/ima/ima-policy
diff --git a/meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb b/meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
index 17132aa..cb4b6b8 100644
--- a/meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
+++ b/meta-security/meta-integrity/recipes-security/ima_policy_simple/ima-policy-simple_1.0.bb
@@ -9,6 +9,9 @@
 
 SRC_URI = " file://${IMA_POLICY}"
 
+inherit features_check
+REQUIRED_DISTRO_FEATURES = "ima"
+
 do_install () {
     install -d ${D}/${sysconfdir}/ima
     install ${WORKDIR}/${IMA_POLICY}  ${D}/${sysconfdir}/ima/ima-policy
diff --git a/meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb b/meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb
index 60d5e68..32230a5 100644
--- a/meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb
+++ b/meta-security/recipes-mac/AppArmor/apparmor_2.13.3.bb
@@ -30,7 +30,8 @@
 
 PARALLEL_MAKE = ""
 
-inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative ptest cpan manpages systemd
+inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative ptest cpan manpages systemd features_check
+REQUIRED_DISTRO_FEATURES = "apparmor"
 
 PACKAGECONFIG ??= "python perl aa-decode"
 PACKAGECONFIG[manpages] = "--enable-man-pages, --disable-man-pages"
diff --git a/meta-security/recipes-mac/smack/smack-test_1.0.bb b/meta-security/recipes-mac/smack/smack-test_1.0.bb
index 7cf8f2e..d5de607 100644
--- a/meta-security/recipes-mac/smack/smack-test_1.0.bb
+++ b/meta-security/recipes-mac/smack/smack-test_1.0.bb
@@ -12,6 +12,10 @@
 
 S = "${WORKDIR}"
 
+inherit features_check
+
+REQUIRED_DISTRO_FEATURES = "smack"
+
 do_install() {
     install -d ${D}${sbindir}
     install -m 0755 notroot.py ${D}${sbindir}
diff --git a/meta-security/recipes-mac/smack/smack_1.3.1.bb b/meta-security/recipes-mac/smack/smack_1.3.1.bb
index f32d91b..b1ea4e9 100644
--- a/meta-security/recipes-mac/smack/smack_1.3.1.bb
+++ b/meta-security/recipes-mac/smack/smack_1.3.1.bb
@@ -13,7 +13,12 @@
 
 PV = "1.3.1"
 
-inherit autotools update-rc.d pkgconfig ptest ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)}
+inherit autotools update-rc.d pkgconfig ptest
+inherit ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)}
+inherit features_check
+
+REQUIRED_DISTRO_FEATURES = "smack"
+
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-security/recipes-security/clamav/clamav_0.99.4.bb b/meta-security/recipes-security/clamav/clamav_0.101.5.bb
similarity index 76%
rename from meta-security/recipes-security/clamav/clamav_0.99.4.bb
rename to meta-security/recipes-security/clamav/clamav_0.101.5.bb
index a340b48..a4c32e1 100644
--- a/meta-security/recipes-security/clamav/clamav_0.99.4.bb
+++ b/meta-security/recipes-security/clamav/clamav_0.101.5.bb
@@ -4,14 +4,14 @@
 SECTION = "security"
 LICENSE = "LGPL-2.1"
 
-DEPENDS = "libtool db libmspack openssl zlib llvm chrpath-replacement-native clamav-native"
-DEPENDS_class-native = "db-native openssl-native zlib-native"
+DEPENDS = "libtool db libxml2 openssl zlib curl llvm clamav-native libmspack"
+DEPENDS_class-native = "db-native openssl-native zlib-native llvm-native curl-native"
  
 LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092"
 
-SRCREV = "b66e5e27b48c0a07494f9df9b809ed933cede047"
+SRCREV = "482fcd413b07e9fd3ef9850e6d01a45f4e187108"
 
-SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.99 \
+SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.101 \
     file://clamd.conf \
     file://freshclam.conf \
     file://volatiles.03_clamav \
@@ -23,20 +23,14 @@
 S = "${WORKDIR}/git"
 
 LEAD_SONAME = "libclamav.so"
-SO_VER = "7.1.1"
+SO_VER = "9.0.2"
 
-EXTRANATIVEPATH += "chrpath-native"
+inherit autotools pkgconfig useradd systemd
 
-inherit autotools-brokensep pkgconfig useradd systemd
-
-UID = "clamav"
-GID = "clamav"
+CLAMAV_UID ?= "clamav"
+CLAMAV_GID ?= "clamav"
 INSTALL_CLAMAV_CVD ?= "1"
 
-# Clamav has a built llvm version 2 but does not build with gcc 6.x,
-# disable the internal one. This is a known issue
-# If you want LLVM support, use the one in core
-
 CLAMAV_USR_DIR = "${STAGING_DIR_NATIVE}/usr"
 CLAMAV_USR_DIR_class-target = "${STAGING_DIR_HOST}/usr"
 
@@ -45,49 +39,40 @@
 PACKAGECONFIG_class-target += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
 
 PACKAGECONFIG[pcre] = "--with-pcre=${STAGING_LIBDIR},  --without-pcre, libpcre"
-PACKAGECONFIG[xml] = "--with-xml=${CLAMAV_USR_DIR}, --disable-xml, libxml2,"
-PACKAGECONFIG[json] = "--with-libjson=${STAGING_LIBDIR}, --without-libjson, json,"
-PACKAGECONFIG[curl] = "--with-libcurl=${STAGING_LIBDIR}, --without-libcurl, curl,"
+PACKAGECONFIG[json] = "--with-libjson=${STAGING_LIBDIR}, --without-libjson, json-c,"
 PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6"
-PACKAGECONFIG[bz2] = "--with-libbz2-prefix=${CLAMAV_USR_DIR}, --without-libbz2-prefix, "
+PACKAGECONFIG[bz2] = "--with-libbz2-prefix=${CLAMAV_USR_DIR}, --disable-bzip2, bzip2"
 PACKAGECONFIG[ncurses] = "--with-libncurses-prefix=${CLAMAV_USR_DIR}, --without-libncurses-prefix, ncurses, "
 PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/, --without-systemdsystemunitdir, "
 
 EXTRA_OECONF_CLAMAV = "--without-libcheck-prefix --disable-unrar \
-            --with-system-llvm --with-llvm-linking=dynamic --disable-llvm \
             --disable-mempool \
             --program-prefix="" \
-            --disable-yara \
-            --disable-xml \
+            --disable-zlib-vcheck \
+            --with-xml=${CLAMAV_USR_DIR} \
+            --with-zlib=${CLAMAV_USR_DIR} \
             --with-openssl=${CLAMAV_USR_DIR} \
-            --with-zlib=${CLAMAV_USR_DIR} --disable-zlib-vcheck \
+            --with-libcurl=${CLAMAV_USR_DIR} \
+            --with-system-libmspack=${CLAMAV_USR_DIR} \
+            --with-iconv=no \
+            --enable-check=no \
             "
 
 EXTRA_OECONF_class-native += "${EXTRA_OECONF_CLAMAV}"
-EXTRA_OECONF_class-target += "--with-user=${UID}  --with-group=${GID} --disable-rpath ${EXTRA_OECONF_CLAMAV}"
+EXTRA_OECONF_class-target += "--with-user=${CLAMAV_UID}  --with-group=${CLAMAV_GID} ${EXTRA_OECONF_CLAMAV}"
 
 do_configure () {
     ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF} 
-    install -d ${S}/clamav_db
 }
 
 do_configure_class-native () {
     ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF} 
 }
 
-
 do_compile_append_class-target() {
-    # brute force removing RPATH
-    chrpath -d  ${B}/libclamav/.libs/libclamav.so.${SO_VER}
-    chrpath -d  ${B}/sigtool/.libs/sigtool
-    chrpath -d  ${B}/clambc/.libs/clambc
-    chrpath -d  ${B}/clamscan/.libs/clamscan
-    chrpath -d  ${B}/clamconf/.libs/clamconf
-    chrpath -d  ${B}/clamd/.libs/clamd
-    chrpath -d  ${B}/freshclam/.libs/freshclam
-
     if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
         bbnote "CLAMAV creating cvd"
+        install -d ${S}/clamav_db
         ${STAGING_BINDIR_NATIVE}/freshclam --datadir=${S}/clamav_db --config=${WORKDIR}/freshclam-native.conf
     fi
 }
@@ -117,7 +102,7 @@
         ${sysconfdir}/init.d/populate-volatile.sh update
     fi
     mkdir -p ${localstatedir}/lib/clamav
-    chown -R ${UID}:${GID} ${localstatedir}/lib/clamav
+    chown -R ${CLAMAV_UID}:${CLAMAV_GID} ${localstatedir}/lib/clamav
 }
 
 
@@ -158,7 +143,7 @@
 
 FILES_${PN}-staticdev = "${libdir}/*.a"
 
-FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libmspack.so*\
+FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libclammspack.so*\
                           ${docdir}/libclamav/* "
 
 FILES_${PN}-doc = "${mandir}/man/* \
@@ -168,8 +153,8 @@
 FILES_${PN}-cvd =  "${localstatedir}/lib/clamav/*.cvd ${localstatedir}/lib/clamav/*.dat"
 
 USERADD_PACKAGES = "${PN}"
-GROUPADD_PARAM_${PN} = "--system ${UID}"
-USERADD_PARAM_${PN} = "--system -g ${GID} --home-dir  \
+GROUPADD_PARAM_${PN} = "--system ${CLAMAV_UID}"
+USERADD_PARAM_${PN} = "--system -g ${CLAMAV_GID} --home-dir  \
     ${localstatedir}/spool/${BPN} \
     --no-create-home  --shell /bin/false ${BPN}"
 
@@ -178,7 +163,7 @@
 RCONFLICTS_${PN} += "${PN}-systemd"
 SYSTEMD_SERVICE_${PN} = "${BPN}.service"
 
-RDEPENDS_${PN} = "openssl ncurses-libncurses libbz2 ncurses-libtinfo clamav-freshclam clamav-libclamav"
+RDEPENDS_${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-freshclam clamav-libclamav"
 RDEPENDS_${PN}_class-native = ""
 
 BBCLASSEXTEND = "native"
diff --git a/meta-security/recipes-security/fail2ban/files/initd b/meta-security/recipes-security/fail2ban/files/initd
index 4f4b394..586b3da 100644
--- a/meta-security/recipes-security/fail2ban/files/initd
+++ b/meta-security/recipes-security/fail2ban/files/initd
@@ -39,9 +39,9 @@
     RETVAL=$?
     if [ $RETVAL = 0 ]; then
         touch ${lockfile}
-        echo_success
+        success
     else
-        echo_failure
+        failure
     fi
     echo
     return $RETVAL
@@ -53,9 +53,9 @@
     RETVAL=$?
     if [ $RETVAL = 0 ]; then
         rm -f ${lockfile} ${pidfile}
-        echo_success
+        success
     else
-        echo_failure
+        failure
     fi
     echo
     return $RETVAL
diff --git a/meta-security/recipes-security/fail2ban/python-fail2ban.inc b/meta-security/recipes-security/fail2ban/python-fail2ban.inc
deleted file mode 100644
index 7270ed8..0000000
--- a/meta-security/recipes-security/fail2ban/python-fail2ban.inc
+++ /dev/null
@@ -1,49 +0,0 @@
-SUMMARY = "Daemon to ban hosts that cause multiple authentication errors."
-DESCRIPTION = "Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too \
-many failed login attempts. It does this by updating system firewall rules to reject new \
-connections from those IP addresses, for a configurable amount of time. Fail2Ban comes \
-out-of-the-box ready to read many standard log files, such as those for sshd and Apache, \
-and is easy to configure to read any log file you choose, for any error you choose."
-HOMEPAGE = "http://www.fail2ban.org"
-
-LICENSE = "GPL-2.0"
-LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"
-
-SRCREV ="aa565eb80ec6043317e8430cabcaf9c3f4e61578"
-SRC_URI = " \
-	git://github.com/fail2ban/fail2ban.git;branch=0.11 \
-	file://initd \
-        file://fail2ban_setup.py \
-        file://run-ptest \
-"
-
-inherit update-rc.d ptest
-
-S = "${WORKDIR}/git"
-
-INITSCRIPT_PACKAGES = "${PN}"
-INITSCRIPT_NAME = "fail2ban-server"
-INITSCRIPT_PARAMS = "defaults 25"
-
-do_compile_prepend () {
-    cp ${WORKDIR}/fail2ban_setup.py ${S}/setup.py
-}
-
-do_install_append () {
-	install -d ${D}/${sysconfdir}/fail2ban
-	install -d ${D}/${sysconfdir}/init.d
-    	install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server
-	chown -R root:root ${D}/${bindir}
-}
-
-do_install_ptest_append () {
-        install -d ${D}${PTEST_PATH}
-        sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest
-        install -D ${S}/bin/fail2ban-testcases ${D}${PTEST_PATH}
-}
-
-FILES_${PN} += "/run"
-
-INSANE_SKIP_${PN}_append = "already-stripped"
-
-RDEPENDS_${PN} = "sysklogd iptables sqlite3 ${PYTHON_PN} ${PYTHON_PN}-pyinotify"
diff --git a/meta-security/recipes-security/fail2ban/python-fail2ban_0.10.4.0.bb b/meta-security/recipes-security/fail2ban/python-fail2ban_0.10.4.0.bb
deleted file mode 100644
index 17a7dd8..0000000
--- a/meta-security/recipes-security/fail2ban/python-fail2ban_0.10.4.0.bb
+++ /dev/null
@@ -1,4 +0,0 @@
-inherit setuptools
-require python-fail2ban.inc
-
-RDEPENDS_${PN}-ptest = "python python-modules python-fail2ban"
diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.4.0.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.4.0.bb
index 23ef027..53f94ff 100644
--- a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.4.0.bb
+++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.4.0.bb
@@ -1,8 +1,51 @@
-inherit setuptools3
-require python-fail2ban.inc
+SUMMARY = "Daemon to ban hosts that cause multiple authentication errors."
+DESCRIPTION = "Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too \
+many failed login attempts. It does this by updating system firewall rules to reject new \
+connections from those IP addresses, for a configurable amount of time. Fail2Ban comes \
+out-of-the-box ready to read many standard log files, such as those for sshd and Apache, \
+and is easy to configure to read any log file you choose, for any error you choose."
+HOMEPAGE = "http://www.fail2ban.org"
 
-RDEPENDS_${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban"
+LICENSE = "GPL-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"
 
-SRC_URI += " \
+SRCREV ="aa565eb80ec6043317e8430cabcaf9c3f4e61578"
+SRC_URI = " \
+	git://github.com/fail2ban/fail2ban.git;branch=0.11 \
+	file://initd \
+        file://fail2ban_setup.py \
+        file://run-ptest \
         file://0001-To-fix-build-error-of-xrang.patch \
 "
+
+inherit update-rc.d ptest setuptools3
+
+S = "${WORKDIR}/git"
+
+do_compile_prepend () {
+    cp ${WORKDIR}/fail2ban_setup.py ${S}/setup.py
+}
+
+do_install_append () {
+	install -d ${D}/${sysconfdir}/fail2ban
+	install -d ${D}/${sysconfdir}/init.d
+    	install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server
+	chown -R root:root ${D}/${bindir}
+}
+
+do_install_ptest_append () {
+        install -d ${D}${PTEST_PATH}
+        sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest
+        install -D ${S}/bin/fail2ban-testcases ${D}${PTEST_PATH}
+}
+
+FILES_${PN} += "/run"
+
+INITSCRIPT_PACKAGES = "${PN}"
+INITSCRIPT_NAME = "fail2ban-server"
+INITSCRIPT_PARAMS = "defaults 25"
+
+INSANE_SKIP_${PN}_append = "already-stripped"
+
+RDEPENDS_${PN} = "sysklogd iptables sqlite3 ${PYTHON_PN} ${PYTHON_PN}-pyinotify"
+RDEPENDS_${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban"
diff --git a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.07.bb
similarity index 91%
rename from meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb
rename to meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.07.bb
index 2181629..98f895c 100644
--- a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb
+++ b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.07.bb
@@ -4,7 +4,7 @@
 LICENSE = "Apache-2.0"
 
 SRC_URI = "git://github.com/google/google-authenticator-libpam.git"
-SRCREV = "7365ed10d54393fb4c100cac063ae8edb744eac6"
+SRCREV = "c9280f43610ce896f91eafd0f740a4eb4dcecedd"
 
 DEPENDS = "libpam"