Backport meta-hardening from hardknott

Backports the recipes of the meta-hardening layer from meta-security in hardknott, synced up to 5050d1267ad41288c903086030594f8702bfa039 It includes recipes for hardening base-files (/etc/profile) and shadow (/etc/login.defs). Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

Backport meta-hardening from hardknott
Backports the recipes of the meta-hardening layer from meta-security in hardknott, synced up to 5050d1267ad41288c903086030594f8702bfa039 It includes recipes for hardening base-files (/etc/profile) and shadow (/etc/login.defs). Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
b321c13b · Marta Rybczynska · Bernhard Rosenkränzer · 1987326b · b321c13b · b321c13b
Commit b321c13b authored 3 years ago by Marta Rybczynska Committed by Bernhard Rosenkränzer 3 years ago
--- a/meta-ohos-staging/recipes-core/base-files/base-files_%.bbappend
+++ b/meta-ohos-staging/recipes-core/base-files/base-files_%.bbappend
+do_install_append_harden () {
+    sed -i 's/umask.*/umask 027/g' ${D}/${sysconfdir}/profile
+}
--- a/meta-ohos-staging/recipes-extended/shadow/shadow_%.bbappend
+++ b/meta-ohos-staging/recipes-extended/shadow/shadow_%.bbappend
+do_install_append_harden () {
+	# to hardend
+	sed -i -e 's:UMASK.*:UMASK 027:' ${D}${sysconfdir}/login.defs
+	sed -i -e 's:PASS_MAX_DAYS.*:PASS_MAX_DAYS 365:' ${D}${sysconfdir}/login.defs
+	sed -i -e 's:PASS_MIN_DAYS.*:PASS_MIN_DAYS 1:' ${D}${sysconfdir}/login.defs
+	sed -i -e 's:#PASS_MIN_LEN.*:PASS_MIN_LEN 11:' ${D}${sysconfdir}/login.defs
+	sed -i -e 's:PASS_WARN_AGE.*:PASS_WARN_AGE 14:' ${D}${sysconfdir}/login.defs
+	sed -i -e 's:LOGIN_RETRIES.*:LOGIN_RETRIES 3:' ${D}${sysconfdir}/login.defs
+	sed -i -e 's:LOGIN_TIMEOUT.*:LOGIN_TIMEOUT 30:' ${D}${sysconfdir}/login.defs
+}