From patchwork Tue Jul 21 08:16:43 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Venkata Pyla <venkata.pyla@toshiba-tsip.com>
X-Patchwork-Id: 11675207
Return-Path: 
 <SRS0=QB6n=BA=lists.cip-project.org=bounce+64572+4946+4520428+8129116@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6EFE814E3
	for <patchwork-cip-dev@patchwork.kernel.org>;
 Tue, 21 Jul 2020 08:15:59 +0000 (UTC)
Received: from web01.groups.io (web01.groups.io [66.175.222.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 205DD2068F
	for <patchwork-cip-dev@patchwork.kernel.org>;
 Tue, 21 Jul 2020 08:15:58 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=lists.cip-project.org
 header.i=@lists.cip-project.org header.b="r3Gqs2gh"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 205DD2068F
Authentication-Results: mail.kernel.org;
 dmarc=none (p=none dis=none) header.from=toshiba-tsip.com
Authentication-Results: mail.kernel.org;
 spf=pass
 smtp.mailfrom=bounce+64572+4946+4520428+8129116@lists.cip-project.org
X-Received: by 127.0.0.2 with SMTP id kEAkYY4521763x39IwhTJem3;
 Tue, 21 Jul 2020 01:15:58 -0700
X-Received: from peak.toshiba-tesi.com (peak.toshiba-tesi.com
 [202.56.254.199])
 by mx.groups.io with SMTP id smtpd.web12.14665.1595319357454409839
 for <cip-dev@lists.cip-project.org>;
 Tue, 21 Jul 2020 01:15:57 -0700
IronPort-SDR: 
 usSp1612os4pNC9DZTRf99rdnZ0H804w94SbEQ8WqZwk9F3qCWQXr5ZiXIzFk1VcWFFWplmK4k
 bDij0foEGHqQ==
X-IronPort-AV: E=Sophos;i="5.75,378,1589221800";
   d="scan'208";a="5058944"
X-Received: from unknown (HELO TOSBLRMBX0119.TOSHIBA-TSIP.COM)
 ([172.28.80.118])
  by peak.toshiba-tesi.com with ESMTP; 21 Jul 2020 14:19:42 +0530
X-Received: from TOSBLRMBX0219.TOSHIBA-TSIP.COM (172.28.80.119) by
 TOSBLRMBX0119.TOSHIBA-TSIP.COM (172.28.80.118) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.1847.3; Tue, 21 Jul 2020 13:45:55 +0530
X-Received: from pvenkat.TOSHIBA-TSIP.COM (172.28.80.121) by
 TOSBLRMBX0219.TOSHIBA-TSIP.COM (172.28.80.119) with Microsoft SMTP Server id
 15.1.1847.3 via Frontend Transport; Tue, 21 Jul 2020 13:45:55 +0530
From: "Venkata Pyla" <venkata.pyla@toshiba-tsip.com>
To: <cip-dev@lists.cip-project.org>
CC: Kazuhiro Hayashi <kazuhiro3.hayashi@toshiba.co.jp>, pvenkata2
	<venkata.pyla@toshiba-tsip.com>
Subject: [cip-dev] [PATCH 1/3] cip-security: Add packages for IEC-62443-4-2
 Evaluation.
Date: Tue, 21 Jul 2020 13:46:43 +0530
Message-ID: <20200721081645.1789-1-venkata.pyla@toshiba-tsip.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <https://lists.cip-project.org/g/cip-dev/unsub>
Sender: cip-dev@lists.cip-project.org
List-Id: <cip-dev.lists.cip-project.org>
Mailing-List: list cip-dev@lists.cip-project.org;
 contact cip-dev+owner@lists.cip-project.org
Delivered-To: mailing list cip-dev@lists.cip-project.org
Reply-To: cip-dev@lists.cip-project.org
X-Gm-Message-State: BS0TOiBSF1ieXcp50BRXEmHRx4520428AA=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=lists.cip-project.org; q=dns/txt; s=20140610; t=1595319358;
 bh=llghuJl9X/8gEVzjeTh1QN+uVkDLUMZvFvOtqEnCLwo=;
 h=CC:Content-Type:Date:From:Reply-To:Subject:To;
 b=r3Gqs2gh8z5OYINxGHEyAyyxBHlNki/AmVybX04ze/jwlAVV+7r99cpYm5TbxRRooWU
 RPur2kwugL7bjz1xUHDaXCx13KRhh6fXNwZjZp4DckhO2TeWlg3UhivI1OKtdq/j9n2LC
 TfKd20nZGUSYOkAiSx6/xpaxT2vXPGg2GbI=

From: Kazuhiro Hayashi <kazuhiro3.hayashi@toshiba.co.jp>

Identified security packages are added to the target image
and that will be used for IEC-62443-4-2 evaluation

Signed-off-by: Kazuhiro Hayashi <kazuhiro3.hayashi@toshiba.co.jp>
Signed-off-by: pvenkata2 <venkata.pyla@toshiba-tsip.com>
---
 .../images/cip-core-image-security.bb         | 37 +++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 recipes-core/images/cip-core-image-security.bb

diff --git a/recipes-core/images/cip-core-image-security.bb b/recipes-core/images/cip-core-image-security.bb
new file mode 100644
index 0000000..8253952
--- /dev/null
+++ b/recipes-core/images/cip-core-image-security.bb
@@ -0,0 +1,37 @@
+#
+# A reference image which includes security packages
+#
+# Copyright (c) Toshiba Corporation, 2020
+#
+# Authors:
+#  Kazuhiro Hayashi <kazuhiro3.hayashi@toshiba.co.jp>
+#
+# SPDX-License-Identifier: MIT
+#
+
+inherit image
+
+DESCRIPTION = "CIP Core image including security packages"
+
+# Use the same customizations as cip-core-image
+IMAGE_INSTALL += "customizations"
+
+# Debian packages that provide security features
+IMAGE_PREINSTALL += " \
+	openssl libssl1.1 \
+	fail2ban \
+	openssh-server openssh-sftp-server openssh-client \
+	syslog-ng-core syslog-ng-mod-journal \
+	aide aide-common \
+	libnftables0 nftables \
+	libpam-pkcs11 \
+	chrony \
+	tpm2-tools \
+	tpm2-abrmd \
+	libtss2-esys0 libtss2-udev \
+	libpam-cracklib \
+	acl \
+	libauparse0 audispd-plugins auditd \
+	uuid-runtime \
+	sudo \
+"