meta-security: subtree update:b72cc7f87c..95fe86eb98
André Draszik (1):
linux-yocto: update the bbappend to 5.x
Armin Kuster (36):
README: add pull request option
sssd: drop py2 support
python3-fail2ban: update to latest
Apparmor: fix some runtime depends
linux-yocto-dev: remove "+"
checksecurity: fix runtime issues
buck-security: fix rdebends and minor style cleanup
swtpm: fix configure error
ecryptfs-utils: search nspr header files in ${STAGING_INCDIR}/nspr directory
bastille: convert to py3
tpm2-tools: update to 4.1.1
tpm2-tcti-uefi: fix build issue for i386 machine
tpm2-tss: update to 2.3.2
ibmswtpm2: update to 1563
python3-fail2ban: add 2-3 conversion changes
google-authenticator-libpam: install module in pam location
apparmor: update to tip
clamav: add bison-native to depend
meta-security-isafw: import layer from Intel
isafw: fix to work against master
layer.conf: add zeus
README.md: update to new maintainer
clamav-native: missed bison fix
secuirty*-image: remove dead var and minor cleanup
libtpm: fix build issue over pod2man
sssd: python2 not supported
libseccomp: update to 2.4.3
lynis: add missing rdepends
fail2ban: change hardcoded sysklogd to VIRTUAL-RUNTIME_base-utils-syslog
chkrootkit: add rootkit recipe
clamav: move to recipes-scanners
checksec: move to recipe-scanners
checksecurity: move to recipes-scanners
buck-security: move to recipes-scanners
arpwatch: add new recipe
buck-security: fix runtime issue with missing per module
Bartosz Golaszewski (3):
linux: drop the bbappend for linux v4.x series
classes: provide a class for generating dm-verity meta-data images
dm-verity: add a working example for BeagleBone Black
Haseeb Ashraf (1):
samhain: dnmalloc hash fix for aarch64 and mips64
Jan Luebbe (2):
apparmor: fix wrong executable permission on service file
apparmor: update to 2.13.4
Jonatan Pålsson (10):
README: Add meta-python to list of layer deps
sssd: Add PACKAGECONFIG for python2
sssd: Fix typo in PACKAGECONFIG. cyrpto -> crypto
sssd: DEPEND on nss if nothing else is chosen
sssd: Sort PACKAGECONFIG entries
sssd: Add autofs PACKAGECONFIG
sssd: Add sudo PACKAGECONFIG
sssd: Add missing files to SYSTEMD_SERVICE
sssd: Add missing DEPENDS on jansson
sssd: Add infopipe PACKAGECONFIG
Kai Kang (1):
sssd: fix for ldblibdir and systemd etc
Martin Jansa (1):
layer.conf: update LAYERSERIES_COMPAT for dunfell
Mingli Yu (1):
linux-yocto: update the bbappend to 5.x
Pierre-Jean Texier via Lists.Yoctoproject.Org (1):
google-authenticator-libpam: upgrade 1.07 -> 1.08
Yi Zhao (5):
samhain: fix build with new version attr
scap-security-guide: fix xml parsing error when build remediation files
scap-security-guide: pass the correct schema file path to openscap-native
openscap-daemon: add missing runtime dependencies
samhain-server: add volatile file for systemd
Change-Id: I3d4a4055cb9420e97d3eacf8436d9b048d34733f
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/meta-security/recipes-scanners/arpwatch/files/arpwatch_init b/meta-security/recipes-scanners/arpwatch/files/arpwatch_init
new file mode 100644
index 0000000..9860c65
--- /dev/null
+++ b/meta-security/recipes-scanners/arpwatch/files/arpwatch_init
@@ -0,0 +1,123 @@
+#!/bin/sh
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+NAME=arpwatch
+DAEMON=/usr/sbin/$NAME
+DESC="Ethernet/FDDI station monitor daemon"
+DATADIR=/var/lib/$NAME
+RETVAL=0
+
+. /etc/init.d/functions
+
+### You shouldn't touch anything below unless you know what you are doing.
+
+[ -f /etc/default/arpwatch ] && . /etc/default/arpwatch
+
+# Decide whether we have to deal with multiple interfaces.
+CONF=/etc/arpwatch.conf
+MULTIPLE=0
+if [ -r $CONF ]; then
+ grep -c '^[a-z]' $CONF 2>&1 >/dev/null && MULTIPLE=1
+fi
+
+# Check whether we have to drop privileges.
+if [ -n "$RUNAS" ]; then
+ if getent passwd "$RUNAS" >/dev/null; then
+ ARGS="-u ${RUNAS} $ARGS"
+ else
+ RUNAS=""
+ fi
+fi
+
+start_instance () {
+ IFACE=$1
+ INSTANCE=${NAME}-${IFACE}
+ DATAFILE=$DATADIR/${IFACE}.dat
+ IFACE_OPTS="-P /var/run/${INSTANCE}.pid -i ${IFACE} -f ${DATAFILE} $2"
+
+ echo -n "Starting $DESC: "
+ if [ ! -f $DATAFILE ]; then
+ echo -n "(creating $DATAFILE) " :> $DATAFILE
+ fi
+ if [ -n "$RUNAS" ]; then
+ echo -n "(chown $RUNAS $DATAFILE) "
+ chown $RUNAS $DATAFILE
+ fi
+ start-stop-daemon --start --quiet \
+ --pidfile /var/run/${INSTANCE}.pid \
+ --exec $DAEMON -- $IFACE_OPTS $ARGS
+ echo "${INSTANCE}."
+ ps h -C $NAME -o pid,args | \
+ awk "/$IFACE/ { print \$1 }" > /var/run/${INSTANCE}.pid
+}
+
+stop_instance () {
+ IFACE=$1
+ INSTANCE=${NAME}-${IFACE}
+ [ -f /var/run/${INSTANCE}.pid ] || return 0
+ echo -n "Stopping $DESC: "
+ start-stop-daemon --stop --quiet --oknodo \
+ --pidfile /var/run/${INSTANCE}.pid
+ echo "${INSTANCE}."
+ rm -f /var/run/${INSTANCE}.pid
+}
+
+process_loop_break_line () {
+ __IFACE=$1
+ shift
+ __IOPTS="$@"
+}
+
+process_loop () {
+ OPERATION=$1
+ grep '^[a-z]' $CONF 2>/dev/null | \
+ while read LINE
+ do
+ process_loop_break_line $LINE
+ I=$__IFACE
+ I_OPTS="$__IOPTS"
+ $OPERATION $I "$I_OPTS"
+ done
+}
+
+startup () {
+ process_loop start_instance
+}
+
+shutdown () {
+ process_loop stop_instance
+}
+
+case "$1" in
+ start)
+ startup
+ ;;
+ stop)
+ shutdown
+ ;;
+ reload)
+ echo "Reload operation not supported -- use restart."
+ RETVAL=2
+ ;;
+ restart|force-reload)
+ #
+ # If the "reload" option is implemented, move the "force-reload"
+ # option to the "reload" entry above. If not, "force-reload" is
+ # just the same as "restart".
+ #
+ shutdown
+ sleep 1
+ startup
+ ;;
+ status)
+ status_of_proc $DAEMON $NAME
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
+ echo "Usage: $N {start|stop|restart|force-reload}" >&2
+ RETVAL=2
+ ;;
+esac
+
+exit $RETVAL