1#The functionality of Bastille that is actually available is restricted. Please
2#consult the README file for the meta-security layer for additional information.
3SUMMARY = "Linux hardening tool"
4DESCRIPTION = "Bastille Linux is a Hardening and Reporting/Auditing Program which enhances the security of a Linux box, by configuring daemons, system settings and firewalling."
5LICENSE = "GPL-2.0-only"
6LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b"
7# Bash is needed for set +o privileged (check busybox), might also need ncurses
8DEPENDS = "virtual/kernel"
9RDEPENDS:${PN} = "perl bash tcl perl-module-getopt-long perl-module-text-wrap lib-perl perl-module-file-path perl-module-mime-base64 perl-module-file-find perl-module-errno perl-module-file-glob perl-module-tie-hash-namedcapture perl-module-file-copy perl-module-english perl-module-exporter perl-module-cwd libcurses-perl coreutils"
10FILES:${PN} += "/run/lock/subsys/bastille"
11
12SRC_URI = "http://sourceforge.net/projects/bastille-linux/files/bastille-linux/3.2.1/Bastille-3.2.1.tar.bz2 \
13           file://AccountPermission.pm \
14           file://FileContent.pm \
15           file://HPSpecific.pm \
16           file://Miscellaneous.pm \
17           file://ServiceAdmin.pm \
18           file://config \
19           file://fix_version_parse.patch \
20           file://fixed_defined_warnings.patch \
21           file://call_output_config.patch \
22           file://fix_missing_use_directives.patch \
23           file://fix_number_of_modules.patch \
24           file://remove_questions_text_file_references.patch \
25           file://simplify_B_place.patch \
26           file://find_existing_config.patch \
27           file://upgrade_options_processing.patch \
28           file://accept_os_flag_in_backend.patch \
29           file://allow_os_with_assess.patch \
30           file://edit_usage_message.patch \
31           file://organize_distro_discovery.patch \
32           file://do_not_apply_config.patch \
33           "
34
35SRC_URI[md5sum] = "df803f7e38085aa5da79f85d0539f91b"
36SRC_URI[sha256sum] = "0ea25191b1dc1c8f91e1b6f8cb5436a3aa1e57418809ef902293448efed5021a"
37
38S = "${WORKDIR}/Bastille"
39
40do_install () {
41	install -d ${D}${sbindir}
42	install -d ${D}${libdir}/perl5/site_perl/Curses
43
44	install -d ${D}${libdir}/Bastille
45	install -d ${D}${libdir}/Bastille/API
46	install -d ${D}${datadir}/Bastille
47	install -d ${D}${datadir}/Bastille/OSMap
48	install -d ${D}${datadir}/Bastille/OSMap/Modules
49	install -d ${D}${datadir}/Bastille/Questions
50	install -d ${D}${datadir}/Bastille/FKL/configs/
51	install -d ${D}${sysconfdir}/Bastille
52	install -m 0755 AutomatedBastille  ${D}${sbindir}
53	install -m 0755 BastilleBackEnd    ${D}${sbindir}
54	install -m 0755 InteractiveBastille    ${D}${sbindir}
55	install -m 0644 Modules.txt    ${D}${datadir}/Bastille
56	# New Weights file(s).
57	install -m 0644 Weights.txt    ${D}${datadir}/Bastille
58	# Castle graphic
59	install -m 0644 bastille.jpg    ${D}${datadir}/Bastille/
60	# Javascript file
61	install -m 0644 wz_tooltip.js    ${D}${datadir}/Bastille/
62	install -m 0644 Credits    ${D}${datadir}/Bastille
63	install -m 0644 FKL/configs/fkl_config_redhat.cfg    ${D}${datadir}/Bastille/FKL/configs/
64	install -m 0755 RevertBastille    ${D}${sbindir}
65	install -m 0755 bin/bastille    ${D}${sbindir}
66	install -m 0644 bastille-firewall    ${D}${datadir}/Bastille
67	install -m 0644 bastille-firewall-reset    ${D}${datadir}/Bastille
68	install -m 0644 bastille-firewall-schedule    ${D}${datadir}/Bastille
69	install -m 0644 bastille-tmpdir-defense.sh    ${D}${datadir}/Bastille
70	install -m 0644 bastille-tmpdir.csh    ${D}${datadir}/Bastille
71	install -m 0644 bastille-tmpdir.sh    ${D}${datadir}/Bastille
72	install -m 0644 bastille-firewall.cfg    ${D}${datadir}/Bastille
73	install -m 0644 bastille-ipchains    ${D}${datadir}/Bastille
74	install -m 0644 bastille-netfilter    ${D}${datadir}/Bastille
75	install -m 0644 bastille-firewall-early.sh    ${D}${datadir}/Bastille
76	install -m 0644 bastille-firewall-pre-audit.sh    ${D}${datadir}/Bastille
77	install -m 0644 complete.xbm    ${D}${datadir}/Bastille
78	install -m 0644 incomplete.xbm    ${D}${datadir}/Bastille
79	install -m 0644 disabled.xpm    ${D}${datadir}/Bastille
80	install -m 0644 ifup-local    ${D}${datadir}/Bastille
81	install -m 0644 hosts.allow    ${D}${datadir}/Bastille
82
83	install -m 0644 Bastille/AccountSecurity.pm    ${D}${libdir}/Bastille
84	install -m 0644 Bastille/Apache.pm    ${D}${libdir}/Bastille
85	install -m 0644 Bastille/API.pm    ${D}${libdir}/Bastille
86	install -m 0644 ${WORKDIR}/AccountPermission.pm    ${D}${libdir}/Bastille/API
87	install -m 0644 ${WORKDIR}/FileContent.pm    ${D}${libdir}/Bastille/API
88	install -m 0644 ${WORKDIR}/HPSpecific.pm    ${D}${libdir}/Bastille/API
89	install -m 0644 ${WORKDIR}/ServiceAdmin.pm    ${D}${libdir}/Bastille/API
90	install -m 0644 ${WORKDIR}/Miscellaneous.pm    ${D}${libdir}/Bastille/API
91	install -m 0644 Bastille/BootSecurity.pm    ${D}${libdir}/Bastille
92	install -m 0644 Bastille/ConfigureMiscPAM.pm    ${D}${libdir}/Bastille
93	install -m 0644 Bastille/DisableUserTools.pm    ${D}${libdir}/Bastille
94	install -m 0644 Bastille/DNS.pm    ${D}${libdir}/Bastille
95	install -m 0644 Bastille/FilePermissions.pm    ${D}${libdir}/Bastille
96	install -m 0644 Bastille/FTP.pm    ${D}${libdir}/Bastille
97	install -m 0644 Bastille/Firewall.pm    ${D}${libdir}/Bastille
98	install -m 0644 Bastille/OSX_API.pm    ${D}${libdir}/Bastille
99	install -m 0644 Bastille/LogAPI.pm    ${D}${libdir}/Bastille
100	install -m 0644 Bastille/HP_UX.pm    ${D}${libdir}/Bastille
101	install -m 0644 Bastille/IOLoader.pm    ${D}${libdir}/Bastille
102	install -m 0644 Bastille/Patches.pm    ${D}${libdir}/Bastille
103	install -m 0644 Bastille/Logging.pm    ${D}${libdir}/Bastille
104	install -m 0644 Bastille/MiscellaneousDaemons.pm    ${D}${libdir}/Bastille
105	install -m 0644 Bastille/PatchDownload.pm    ${D}${libdir}/Bastille
106	install -m 0644 Bastille/Printing.pm    ${D}${libdir}/Bastille
107	install -m 0644 Bastille/PSAD.pm    ${D}${libdir}/Bastille
108	install -m 0644 Bastille/RemoteAccess.pm    ${D}${libdir}/Bastille
109	install -m 0644 Bastille/SecureInetd.pm    ${D}${libdir}/Bastille
110	install -m 0644 Bastille/Sendmail.pm    ${D}${libdir}/Bastille
111	install -m 0644 Bastille/TestDriver.pm    ${D}${libdir}/Bastille
112	install -m 0644 Bastille/TMPDIR.pm    ${D}${libdir}/Bastille
113	install -m 0644 Bastille/test_AccountSecurity.pm    ${D}${libdir}/Bastille
114	install -m 0644 Bastille/test_Apache.pm    ${D}${libdir}/Bastille
115	install -m 0644 Bastille/test_DNS.pm    ${D}${libdir}/Bastille
116	install -m 0644 Bastille/test_FTP.pm    ${D}${libdir}/Bastille
117	install -m 0644 Bastille/test_HP_UX.pm    ${D}${libdir}/Bastille
118	install -m 0644 Bastille/test_MiscellaneousDaemons.pm    ${D}${libdir}/Bastille
119	install -m 0644 Bastille/test_Patches.pm    ${D}${libdir}/Bastille
120	install -m 0644 Bastille/test_SecureInetd.pm    ${D}${libdir}/Bastille
121	install -m 0644 Bastille/test_Sendmail.pm    ${D}${libdir}/Bastille
122	install -m 0644 Bastille/test_BootSecurity.pm    ${D}${libdir}/Bastille
123	install -m 0644 Bastille/test_DisableUserTools.pm    ${D}${libdir}/Bastille
124	install -m 0644 Bastille/test_FilePermissions.pm    ${D}${libdir}/Bastille
125	install -m 0644 Bastille/test_Logging.pm    ${D}${libdir}/Bastille
126	install -m 0644 Bastille/test_Printing.pm    ${D}${libdir}/Bastille
127	install -m 0644 Bastille/IPFilter.pm    ${D}${libdir}/Bastille
128	install -m 0644 Bastille_Curses.pm    ${D}${libdir}/perl5/site_perl
129	install -m 0644 Bastille_Tk.pm    ${D}${libdir}/perl5/site_perl
130	install -m 0644 Curses/Widgets.pm    ${D}${libdir}/perl5/site_perl/Curses
131
132	install -m 0644 OSMap/LINUX.bastille    ${D}${datadir}/Bastille/OSMap
133	install -m 0644 OSMap/LINUX.system    ${D}${datadir}/Bastille/OSMap
134	install -m 0644 OSMap/LINUX.service    ${D}${datadir}/Bastille/OSMap
135	install -m 0644 OSMap/HP-UX.bastille    ${D}${datadir}/Bastille/OSMap
136	install -m 0644 OSMap/HP-UX.system    ${D}${datadir}/Bastille/OSMap
137	install -m 0644 OSMap/HP-UX.service    ${D}${datadir}/Bastille/OSMap
138	install -m 0644 OSMap/OSX.bastille    ${D}${datadir}/Bastille/OSMap
139	install -m 0644 OSMap/OSX.system    ${D}${datadir}/Bastille/OSMap
140
141	install -m 0777 ${WORKDIR}/config ${D}${sysconfdir}/Bastille/config
142
143	for file in `cat Modules.txt` ; do
144		install -m 0644 Questions/$file.txt ${D}${datadir}/Bastille/Questions
145	done
146
147	${THISDIR}/files/set_required_questions.py ${D}${sysconfdir}/Bastille/config ${D}${datadir}/Bastille/Questions
148
149	ln -s RevertBastille ${D}${sbindir}/UndoBastille
150
151    # Create /var/log/Bastille in runtime.
152    if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then
153        install -d ${D}${nonarch_libdir}/tmpfiles.d
154        echo "d ${localstatedir}/log/Bastille - - - -" > ${D}${nonarch_libdir}/tmpfiles.d/Bastille.conf
155    fi
156    if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then
157        install -d ${D}${sysconfdir}/default/volatiles
158        echo "d root root 0755 ${localstatedir}/log/Bastille none" > ${D}${sysconfdir}/default/volatiles/99_Bastille
159    fi
160}
161
162FILES:${PN} += "${datadir}/Bastille \
163                ${libdir}/Bastille \
164                ${libdir}/perl* \
165                ${sysconfdir}/* \
166                ${nonarch_libdir}/tmpfiles.d"
167