From patchwork Mon Jul 27 11:41:33 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Venkata Pyla <venkata.pyla@toshiba-tsip.com>
X-Patchwork-Id: 11686769
Return-Path: 
 <SRS0=GshO=BG=lists.cip-project.org=bounce+64572+5021+4520428+8129116@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5F14514E3
	for <patchwork-cip-dev@patchwork.kernel.org>;
 Mon, 27 Jul 2020 11:40:46 +0000 (UTC)
Received: from web01.groups.io (web01.groups.io [66.175.222.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 132CD2072E
	for <patchwork-cip-dev@patchwork.kernel.org>;
 Mon, 27 Jul 2020 11:40:45 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=lists.cip-project.org
 header.i=@lists.cip-project.org header.b="n09Yu7U3"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 132CD2072E
Authentication-Results: mail.kernel.org;
 dmarc=none (p=none dis=none) header.from=toshiba-tsip.com
Authentication-Results: mail.kernel.org;
 spf=pass
 smtp.mailfrom=bounce+64572+5021+4520428+8129116@lists.cip-project.org
X-Received: by 127.0.0.2 with SMTP id bQO3YY4521763xgwfUKXaMSV;
 Mon, 27 Jul 2020 04:40:45 -0700
X-Received: from peak.toshiba-tesi.com (peak.toshiba-tesi.com
 [202.56.254.199])
 by mx.groups.io with SMTP id smtpd.web11.53494.1595850044463669930
 for <cip-dev@lists.cip-project.org>;
 Mon, 27 Jul 2020 04:40:44 -0700
IronPort-SDR: 
 JF5QtnJFagkOiOL10I7kF40xksd46/cO3MEiyhG6sgoTitboyqo9KOzU7PcLiGnSsQukx/OOCM
 SEmZDSN76cEQ==
X-IronPort-AV: E=Sophos;i="5.75,402,1589221800";
   d="scan'208";a="5175745"
X-Received: from unknown (HELO TOSBLRMBX0419.TOSHIBA-TSIP.COM)
 ([10.116.85.28])
  by peak.toshiba-tesi.com with ESMTP; 27 Jul 2020 17:45:15 +0530
X-Received: from TOSBLRMBX0219.TOSHIBA-TSIP.COM (172.28.80.119) by
 TOSBLRMBX0419.TOSHIBA-TSIP.COM (10.116.85.28) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.1847.3; Mon, 27 Jul 2020 17:10:41 +0530
X-Received: from pvenkat.TOSHIBA-TSIP.COM (172.28.80.121) by
 TOSBLRMBX0219.TOSHIBA-TSIP.COM (172.28.80.119) with Microsoft SMTP Server id
 15.1.1847.3 via Frontend Transport; Mon, 27 Jul 2020 17:10:41 +0530
From: "Venkata Pyla" <venkata.pyla@toshiba-tsip.com>
To: <jan.kiszka@siemens.com>
CC: Kazuhiro Hayashi <kazuhiro3.hayashi@toshiba.co.jp>,
	<cip-dev@lists.cip-project.org>, Venkata Pyla <venkata.pyla@toshiba-tsip.com>
Subject: [cip-dev] [isar-cip-core 1/3] cip-security: Add packages for
 IEC-62443-4-2 evaluation
Date: Mon, 27 Jul 2020 17:11:33 +0530
Message-ID: <20200727114135.368-2-venkata.pyla@toshiba-tsip.com>
In-Reply-To: <20200727114135.368-1-venkata.pyla@toshiba-tsip.com>
References: <20200727114135.368-1-venkata.pyla@toshiba-tsip.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <https://lists.cip-project.org/g/cip-dev/unsub>
Sender: cip-dev@lists.cip-project.org
List-Id: <cip-dev.lists.cip-project.org>
Mailing-List: list cip-dev@lists.cip-project.org;
 contact cip-dev+owner@lists.cip-project.org
Delivered-To: mailing list cip-dev@lists.cip-project.org
Reply-To: cip-dev@lists.cip-project.org
X-Gm-Message-State: oqctxZrd3mQ9ekGBhprGsOwpx4520428AA=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=lists.cip-project.org; q=dns/txt; s=20140610; t=1595850045;
 bh=ShzPTMAbumTbURUV5SiK2BNddc5kObFte6Tqp1Rpg3Y=;
 h=CC:Content-Type:Date:From:Reply-To:Subject:To;
 b=n09Yu7U3sfV0ekXQyyC149FihczAc0gmOdM3UQb8pgnFoy0vtSoAKB/ySyD3Hsqn5yD
 OMrJR47gpSSxUGvf5xNGrEv5ABuHnfxmm4gy/09W6oAWlwXTrtkBXTiP8YRX8Nc6Ax/1i
 MaQMKNZG7Qjol85TuGDuYC17V7rJDdv8XqM=

From: Kazuhiro Hayashi <kazuhiro3.hayashi@toshiba.co.jp>

Identified security packages are added to the target image
and that will be used for IEC-62443-4-2 evaluation

Signed-off-by: Kazuhiro Hayashi <kazuhiro3.hayashi@toshiba.co.jp>
Signed-off-by: Venkata Pyla <venkata.pyla@toshiba-tsip.com>
---
 .../images/cip-core-image-security.bb         | 36 +++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 recipes-core/images/cip-core-image-security.bb

diff --git a/recipes-core/images/cip-core-image-security.bb b/recipes-core/images/cip-core-image-security.bb
new file mode 100644
index 0000000..a17c522
--- /dev/null
+++ b/recipes-core/images/cip-core-image-security.bb
@@ -0,0 +1,36 @@
+#
+# A reference image which includes security packages
+#
+# Copyright (c) Toshiba Corporation, 2020
+#
+# Authors:
+#  Kazuhiro Hayashi <kazuhiro3.hayashi@toshiba.co.jp>
+#
+# SPDX-License-Identifier: MIT
+#
+
+inherit image
+
+DESCRIPTION = "CIP Core image including security packages"
+
+IMAGE_INSTALL += "customizations"
+
+# Debian packages that provide security features
+IMAGE_PREINSTALL += " \
+	openssl libssl1.1 \
+	fail2ban \
+	openssh-server openssh-sftp-server openssh-client \
+	syslog-ng-core syslog-ng-mod-journal \
+	aide aide-common \
+	libnftables0 nftables \
+	libpam-pkcs11 \
+	chrony \
+	tpm2-tools \
+	tpm2-abrmd \
+	libtss2-esys0 libtss2-udev \
+	libpam-cracklib \
+	acl \
+	libauparse0 audispd-plugins auditd \
+	uuid-runtime \
+	sudo \
+"