From: "Venkata Pyla" <venkata.pyla@toshiba-tsip.com>
To: <daniel.sangorrin@toshiba.co.jp>
Cc: venkata pyla <venkata.pyla@toshiba-tsip.com>,
<cip-dev@lists.cip-project.org>
Subject: [cip-dev] [cip-core:deby 1/3] cip-security: Create new layer for cip security
Date: Tue, 15 Sep 2020 19:53:42 +0530 [thread overview]
Message-ID: <20200915142345.179-2-venkata.pyla@toshiba-tsip.com> (raw)
In-Reply-To: <20200915142345.179-1-venkata.pyla@toshiba-tsip.com>
[-- Attachment #1: Type: text/plain, Size: 3850 bytes --]
From: venkata pyla <venkata.pyla@toshiba-tsip.com>
This layer enables security packages and default configurations
required to evaluate IEC62443-4-2 assessment
Signed-off-by: venkata pyla <venkata.pyla@toshiba-tsip.com>
---
README.md | 5 +++++
kas/opt/security.yml | 32 +++++++++++++++++++++++++++++++
meta-cip-security/conf/layer.conf | 18 +++++++++++++++++
3 files changed, 55 insertions(+)
create mode 100644 kas/opt/security.yml
create mode 100644 meta-cip-security/conf/layer.conf
diff --git a/README.md b/README.md
index f90e040..f59dd0c 100644
--- a/README.md
+++ b/README.md
@@ -88,3 +88,8 @@ LTP test image for QEMU arm64 / hihope-rzg2m
$ ./scripts/kas-build.sh kas/board/qemuarm64.yml:kas/opt/deby.yml:kas/opt/dhcp.yml:kas/opt/ltp.yml
+Create Security image for QEMU x86-64
+-------------------------------------
+
+ $ ./scripts/kas-build.sh kas/board/qemux86-64.yml:kas/opt/deby.yml:kas/opt/security.yml
+
diff --git a/kas/opt/security.yml b/kas/opt/security.yml
new file mode 100644
index 0000000..e84290c
--- /dev/null
+++ b/kas/opt/security.yml
@@ -0,0 +1,32 @@
+#
+# CIP Core tiny profile with Security
+# packages and configuration
+#
+# Copyright (c) 2019 TOSHIBA Corp.
+#
+# SPDX-License-Identifier: MIT
+#
+
+header:
+ version: 8
+
+repos:
+ meta-cip-security:
+ layers:
+ meta-cip-security:
+
+local_conf_header:
+ security: |
+ DISTRO_FEATURES_append += " pam"
+ CORE_IMAGE_EXTRA_INSTALL += " \
+ aide aide-common \
+ openssl openssl-bin \
+ openssh openssh-misc \
+ chrony chronyc \
+ libpam pam-plugin-cracklib pam-plugin-tally2 \
+ syslog-ng \
+ acl \
+ sudo \
+ auditd \
+ util-linux \
+ "
diff --git a/meta-cip-security/conf/layer.conf b/meta-cip-security/conf/layer.conf
new file mode 100644
index 0000000..b015436
--- /dev/null
+++ b/meta-cip-security/conf/layer.conf
@@ -0,0 +1,18 @@
+# We have a conf and classes directory, add to BBPATH
+BBPATH =. "${LAYERDIR}:"
+
+# We have recipes-* directories, add to BBFILES
+BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
+ ${LAYERDIR}/recipes-*/*/*.bbappend"
+
+BBFILE_COLLECTIONS += "cip-security"
+BBFILE_PATTERN_cip-security = "^${LAYERDIR}/"
+BBFILE_PRIORITY_cip-security = "11"
+
+# This should only be incremented on significant changes that will
+# cause compatibility issues with other layers
+LAYERVERSION_cip-security = "1"
+
+LAYERDEPENDS_cip-security = "debian"
+
+LAYERSERIES_COMPAT_cip-security = "warrior"
--
2.27.0.windows.1
The information contained in this e-mail message and in any
attachments/annexure/appendices is confidential to the
recipient and may contain privileged information.
If you are not the intended recipient, please notify the
sender and delete the message along with any
attachments/annexure/appendices. You should not disclose,
copy or otherwise use the information contained in the
message or any annexure. Any views expressed in this e-mail
are those of the individual sender except where the sender
specifically states them to be the views of
Toshiba Software India Pvt. Ltd. (TSIP),Bangalore.
Although this transmission and any attachments are believed to be
free of any virus or other defect that might affect any computer
system into which it is received and opened, it is the responsibility
of the recipient to ensure that it is virus free and no responsibility
is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or
damage arising in any way from its use.
[-- Attachment #2: Type: text/plain, Size: 419 bytes --]
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5453): https://lists.cip-project.org/g/cip-dev/message/5453
Mute This Topic: https://lists.cip-project.org/mt/76865927/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2020-09-15 14:22 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-15 14:23 [cip-dev] [cip-core:deby 0/3] deby security layer changes Venkata Pyla
2020-09-15 14:23 ` Venkata Pyla [this message]
2020-09-17 3:05 ` [cip-dev] [cip-core:deby 1/3] cip-security: Create new layer for cip security Daniel Sangorrin
2020-09-15 14:23 ` [cip-dev] [cip-core:deby 2/3] security-configuration: apply security polcies using package bbappend Venkata Pyla
2020-09-17 3:02 ` Daniel Sangorrin
2020-09-18 4:53 ` Venkata Pyla
2020-09-19 12:15 ` Venkata Pyla
2020-09-15 14:23 ` [cip-dev] [cip-core:deby 3/3] aide-static: enable aide to build statically Venkata Pyla
2020-09-17 3:07 ` Daniel Sangorrin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200915142345.179-2-venkata.pyla@toshiba-tsip.com \
--to=venkata.pyla@toshiba-tsip.com \
--cc=cip-dev@lists.cip-project.org \
--cc=daniel.sangorrin@toshiba.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.