diff options
Diffstat (limited to 'meta-security/classes/aide-db-init.bbclass')
-rw-r--r-- | meta-security/classes/aide-db-init.bbclass | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/meta-security/classes/aide-db-init.bbclass b/meta-security/classes/aide-db-init.bbclass new file mode 100644 index 0000000000..800006fcf6 --- /dev/null +++ b/meta-security/classes/aide-db-init.bbclass @@ -0,0 +1,52 @@ +# +# Copyright 2022 Armin Kuster <akuster808@gmail.com> +# +# This class creates the initial aide database durning +# the build cycle allowing for that set being skipped during boot +# It has an additional benefit of having not being tamper with +# after build. +# +# To have the aide db created during build +# 1. Extend local.conf: +# INHERIT += "adie-init-db" +# +# These are the defaults as defined in aide-base.bbclass +# They can be overriden in your local.conf or other distro include +# +# To define where the share directory should be. +# STAGING_AIDE_DIR = "${TMPDIR}/work-shared/${MACHINE}/aida" +# +# To define which directories should be inclued in a scan +# AIDE_INCLUDE_DIRS ?= "/lib" +# +# To exclude directories and files from being scanned +# AIDE_SKIP_DIRS ?= "/lib/modules/.\*" +# +# To controll if a db init should happen at postint +# AIDE_SCAN_POSTINIT ?= "0" +# +# To cotroll if a db recan should be run at postinit +# AIDE_RESCAN_POSTINIT ?= "0" + +inherit aide-base + +aide_init_db() { + for dir in ${AIDE_INCLUDE_DIRS}; do + echo "${IMAGE_ROOTFS}${dir} NORMAL" >> ${STAGING_AIDE_DIR}/aide.conf + done + for dir in ${AIDE_SKIP_DIRS}; do + echo "!${IMAGE_ROOTFS}${dir}" >> ${STAGING_AIDE_DIR}/aide.conf + done + + + ${STAGING_AIDE_DIR}/bin/aide -c ${STAGING_AIDE_DIR}/aide.conf --init + gunzip ${STAGING_AIDE_DIR}/lib/aide.db.gz + # strip out native path + sed -i -e 's:${IMAGE_ROOTFS}::' ${STAGING_AIDE_DIR}/lib/aide.db + gzip -9 ${STAGING_AIDE_DIR}/lib/aide.db + cp -f ${STAGING_AIDE_DIR}/lib/aide.db.gz ${IMAGE_ROOTFS}${libdir}/aide +} + +EXTRA_IMAGEDEPENDS:append = " aide-native" + +ROOTFS_POSTPROCESS_COMMAND:append = " aide_init_db;" |