Squashed 'import-layers/meta-security/' content from commit 4d139b9
Subtree from git://git.yoctoproject.org/meta-security
Change-Id: I14bb13faa3f2b2dc1f5d81b339dd48ffedf8562f
git-subtree-dir: import-layers/meta-security
git-subtree-split: 4d139b95c4f152d132592f515c5151f4dd6269c1
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
diff --git a/import-layers/meta-security/recipes-security/bastille/files/Miscellaneous.pm b/import-layers/meta-security/recipes-security/bastille/files/Miscellaneous.pm
new file mode 100644
index 0000000..b3bdf10
--- /dev/null
+++ b/import-layers/meta-security/recipes-security/bastille/files/Miscellaneous.pm
@@ -0,0 +1,166 @@
+package Bastille::API::Miscellaneous;
+use strict;
+
+use File::Path;
+use Bastille::API;
+use Bastille::API::HPSpecific;
+use Bastille::API::FileContent;
+
+require Exporter;
+our @ISA = qw(Exporter);
+our @EXPORT_OK = qw(
+PrepareToRun
+B_is_package_installed
+);
+our @EXPORT = @EXPORT_OK;
+
+
+###########################################################################
+#
+# PrepareToRun sets up Bastille to run. It checks the ARGV array for
+# special options and runs ConfigureForDistro to set necessary file
+# locations and other global variables.
+#
+###########################################################################
+
+sub PrepareToRun {
+
+ # Make sure we're root!
+ if ( $> != 0 ) {
+ &B_log("ERROR","Bastille must run as root!\n");
+ exit(1);
+ }
+
+
+ # Make any directories that don't exist...
+ foreach my $dir (keys %GLOBAL_BDIR) {
+ my $BdirPath = $GLOBAL_BDIR{$dir};
+ if ( $BdirPath =~ /^\s*\// ) { #Don't make relative directories
+ mkpath ($BdirPath,0,0700);
+ }
+ }
+
+ if(&GetDistro =~ "^HP-UX") {
+ &B_check_system;
+ }
+
+ &B_log("ACTION","\n########################################################\n" .
+ "# Begin Bastille Run #\n" .
+ "########################################################\n\n");
+
+ #read sum file if it exists.
+ &B_read_sums;
+
+
+# No longer necessary as flags are no longer in sum file, and sums are
+# are now checked "real time"
+
+ # check the integrity of the files listed
+# for my $file (sort keys %GLOBAL_SUM) {
+# &B_check_sum($file);
+# }
+ # write out the newly flagged sums
+# &B_write_sums;
+
+
+}
+
+
+
+###########################################################################
+# &B_is_package_installed($package);
+#
+# This function checks for the existence of the package named.
+#
+# TODO: Allow $package to be an expression.
+# TODO: Allow optional $version, $release, $epoch arguments so we can
+# make sure that the given package is at least as recent as some
+# given version number.
+#
+# scalar return values:
+# 0: $package is not installed
+# 1: $package is installed
+###########################################################################
+
+sub B_is_package_installed($) {
+ no strict;
+ my $package = $_[0];
+# Create a "global" variable with values scoped to this function
+# We do this to avoid having to repeatedly swlist/rpm
+# when we run B_is_package_installed
+local %INSTALLED_PACKAGE_LIST;
+
+ my $distro = &GetDistro;
+ if ($distro =~ /^HP-UX/) {
+ if (&checkProcsForService('swagent','ignore_warning') == SECURE_CANT_CHANGE()) {
+ &B_log("WARNING","Software Distributor Agent(swagent) is not running. Can not tell ".
+ "if package: $package is installed or not. Bastille will assume not. ".
+ "If the package is actually installed, Bastille may report or configure incorrectly.".
+ "To use Bastille-results as-is, please check to ensure $package is not installed, ".
+ "or re-run with the swagent running to get correct results.");
+ return 0; #FALSE
+ }
+ my $swlist=&getGlobal('BIN','swlist');
+ if (%INSTALLED_PACKAGE_LIST == () ) { # re-use prior results
+ if (open(SWLIST, "$swlist -a state -l fileset |")) {
+ while (my $line = <SWLIST>){
+ if ($line =~ /^ {2}\S+\.(\S+)\s*(\w+)/) {
+ $INSTALLED_PACKAGE_LIST{$1} = $2;
+ }
+ }
+ close SWLIST;
+ } else {
+ &B_log("ERROR","B_is_package_installed was unable to run the swlist command: $swlist,\n");
+ return FALSE;
+ }
+ }
+ # Now find the entry
+ if ($INSTALLED_PACKAGE_LIST{$package} == 'configured') {
+ return TRUE;
+ } else {
+ return FALSE;
+ }
+ } #End HP-UX Section
+ # This routine only works on RPM-based distros: Red Hat, Fedora, Mandrake and SuSE
+ elsif ( ($distro !~ /^RH/) and ($distro !~ /^MN/) and($distro !~ /^SE/) ) {
+ return 0;
+ } else { #This is a RPM-based distro
+ # Run an rpm command -- librpm is extremely messy, dynamic and not
+ # so much a perl thing. It's actually barely a C/C++ thing...
+ if (open RPM,"rpm -q $package") {
+ # We should get only one line back, but let's parse a few
+ # just in case.
+ my @lines = <RPM>;
+ close RPM;
+ #
+ # This is what we're trying to parse:
+ # $ rpm -q jay
+ # package jay is not installed
+ # $ rpm -q bash
+ # bash-2.05b-305.1
+ #
+
+ foreach $line (@lines) {
+ if ($line =~ /^package\s$package\sis\snot\sinstalled/) {
+ return 0;
+ }
+ elsif ($line =~ /^$package\-/) {
+ return 1;
+ }
+ }
+
+ # If we've read every line without finding one of these, then
+ # our parsing is broken
+ &B_log("ERROR","B_is_package_installed was unable to find a definitive RPM present or not present line.\n");
+ return 0;
+ } else {
+ &B_log("ERROR","B_is_package_installed was unable to run the RPM command,\n");
+ return 0;
+ }
+ }
+}
+
+
+
+1;
+