[oe] [PATCH] kernel-hardening-checker: New recipe to check security options

Mon, 06 Jan 2025 01:54:32 -0800 

From: Jörg Sommer <[email protected]>

Signed-off-by: Jörg Sommer <[email protected]>
---
 .../kernel-hardening-checker_0.6.10.bb        | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 
meta-oe/recipes-security/kernel-hardening-checker/kernel-hardening-checker_0.6.10.bb

diff --git 
a/meta-oe/recipes-security/kernel-hardening-checker/kernel-hardening-checker_0.6.10.bb
 
b/meta-oe/recipes-security/kernel-hardening-checker/kernel-hardening-checker_0.6.10.bb
new file mode 100644
index 0000000000..1daf5d8c70
--- /dev/null
+++ 
b/meta-oe/recipes-security/kernel-hardening-checker/kernel-hardening-checker_0.6.10.bb
@@ -0,0 +1,33 @@
+SUMMARY = "A tool for checking the security hardening options of the Linux 
kernel"
+DESCRIPTION = "\
+    There are plenty of security hardening options for the Linux kernel; 
Kconfig \
+    options (compile-time); Kernel cmdline arguments (boot-time); Sysctl \
+    parameters (runtime). A lot of them have to be enabled manually to make 
the \
+    system more secure which is difficult to track. This tool helps with this \
+    task by checking and reporting about the settings compared to a list of \
+    recommendation. \
+"
+HOMEPAGE = "https://github.com/a13xp0p0v/kernel-hardening-checker";
+BUGTRACKER = "https://github.com/a13xp0p0v/kernel-hardening-checker/issues";
+LICENSE = "GPL-3.0-only"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=d32239bcb673463ab874e80d47fae504"
+
+SRC_URI = 
"git://github.com/a13xp0p0v/kernel-hardening-checker;protocol=https;branch=master"
+SRCREV = "f4dbe258ff3d37489962ea9cf210192ae7ff9280"
+
+S = "${UNPACKDIR}/git"
+
+RDEPENDS:${PN} = "\
+    python3-json \
+"
+
+# /boot/config is required for the analysis
+RRECOMMENDS:${PN}:class-target = "\
+    kernel-dev \
+"
+
+inherit setuptools3
+
+# allow to run on build host, if you don't want it in the image
+# oe-run-native kernel-hardening-checker-native kernel-hardening-checker ...
+BBCLASSEXTEND = "native"
-- 
2.45.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#114660): 
https://lists.openembedded.org/g/openembedded-devel/message/114660
Mute This Topic: https://lists.openembedded.org/mt/110454124/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to