mbox series

[isar-cip-core,0/3] Clean up security config

Message ID 20240528144903.922587-1-Quirin.Gylstorff@siemens.com (mailing list archive)
Headers show
Series Clean up security config | expand

Message

Quirin Gylstorff May 28, 2024, 2:42 p.m. UTC 
From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

Move security related recipes to the folder recipes-security.
Use systemd as the fail2ban backend.
Remove the tpm2-abrmd

Quirin Gylstorff (3):
  Move security-customizations to recipes-security
  Add fail2ban-config
  Remove tpm2-abrmd

 .../images/cip-core-image-security.bb         |  4 +---
 .../fail2ban-config/fail2ban-config.bb        | 23 +++++++++++++++++++
 .../files/systemd-defaults.conf               | 11 +++++++++
 .../security-customizations/files/postinst    |  0
 .../files/ssh-pam-remote.conf                 |  0
 .../files/ssh-remote-session-term.conf        |  0
 .../security-customizations.bb                |  0
 7 files changed, 35 insertions(+), 3 deletions(-)
 create mode 100644 recipes-security/fail2ban-config/fail2ban-config.bb
 create mode 100644 recipes-security/fail2ban-config/files/systemd-defaults.conf
 rename {recipes-core => recipes-security}/security-customizations/files/postinst (100%)
 rename {recipes-core => recipes-security}/security-customizations/files/ssh-pam-remote.conf (100%)
 rename {recipes-core => recipes-security}/security-customizations/files/ssh-remote-session-term.conf (100%)
 rename {recipes-core => recipes-security}/security-customizations/security-customizations.bb (100%)

Comments

Jan Kiszka May 28, 2024, 3:27 p.m. UTC | #1 
On 28.05.24 16:42, Quirin Gylstorff wrote:
> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
> 
> Move security related recipes to the folder recipes-security.
> Use systemd as the fail2ban backend.
> Remove the tpm2-abrmd
> 
> Quirin Gylstorff (3):
>   Move security-customizations to recipes-security
>   Add fail2ban-config
>   Remove tpm2-abrmd
> 
>  .../images/cip-core-image-security.bb         |  4 +---
>  .../fail2ban-config/fail2ban-config.bb        | 23 +++++++++++++++++++
>  .../files/systemd-defaults.conf               | 11 +++++++++
>  .../security-customizations/files/postinst    |  0
>  .../files/ssh-pam-remote.conf                 |  0
>  .../files/ssh-remote-session-term.conf        |  0
>  .../security-customizations.bb                |  0
>  7 files changed, 35 insertions(+), 3 deletions(-)
>  create mode 100644 recipes-security/fail2ban-config/fail2ban-config.bb
>  create mode 100644 recipes-security/fail2ban-config/files/systemd-defaults.conf
>  rename {recipes-core => recipes-security}/security-customizations/files/postinst (100%)
>  rename {recipes-core => recipes-security}/security-customizations/files/ssh-pam-remote.conf (100%)
>  rename {recipes-core => recipes-security}/security-customizations/files/ssh-remote-session-term.conf (100%)
>  rename {recipes-core => recipes-security}/security-customizations/security-customizations.bb (100%)
> 

Please have a look from the security WG perspective. Patch 2 and 3
apparently address the open issues, regressions compared to 1.3 but also
longer pending problems. Would be great to have them in upcoming 1.4
release. Further discussions and cleanups can be done later, without a
hurry.

Jan
Jan Kiszka May 31, 2024, 6:34 a.m. UTC | #2 
On 28.05.24 17:27, Jan Kiszka wrote:
> On 28.05.24 16:42, Quirin Gylstorff wrote:
>> From: Quirin Gylstorff <quirin.gylstorff@siemens.com>
>>
>> Move security related recipes to the folder recipes-security.
>> Use systemd as the fail2ban backend.
>> Remove the tpm2-abrmd
>>
>> Quirin Gylstorff (3):
>>   Move security-customizations to recipes-security
>>   Add fail2ban-config
>>   Remove tpm2-abrmd
>>
>>  .../images/cip-core-image-security.bb         |  4 +---
>>  .../fail2ban-config/fail2ban-config.bb        | 23 +++++++++++++++++++
>>  .../files/systemd-defaults.conf               | 11 +++++++++
>>  .../security-customizations/files/postinst    |  0
>>  .../files/ssh-pam-remote.conf                 |  0
>>  .../files/ssh-remote-session-term.conf        |  0
>>  .../security-customizations.bb                |  0
>>  7 files changed, 35 insertions(+), 3 deletions(-)
>>  create mode 100644 recipes-security/fail2ban-config/fail2ban-config.bb
>>  create mode 100644 recipes-security/fail2ban-config/files/systemd-defaults.conf
>>  rename {recipes-core => recipes-security}/security-customizations/files/postinst (100%)
>>  rename {recipes-core => recipes-security}/security-customizations/files/ssh-pam-remote.conf (100%)
>>  rename {recipes-core => recipes-security}/security-customizations/files/ssh-remote-session-term.conf (100%)
>>  rename {recipes-core => recipes-security}/security-customizations/security-customizations.bb (100%)
>>
> 
> Please have a look from the security WG perspective. Patch 2 and 3
> apparently address the open issues, regressions compared to 1.3 but also
> longer pending problems. Would be great to have them in upcoming 1.4
> release. Further discussions and cleanups can be done later, without a
> hurry.
> 

I heard no complaints, I went forward and merge patch 2 and 3.

Thanks,
Jan