linux hardening: checksecurity 2.0.15 -fail to fetch from: http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_2.0.15.tar.gz unable to fetch and compile checksecurity into Petalinux for basic system security checks.

[hudini87]

HI,

working with Petalinux 2021.2, (gatesgarth), with linux red hat on my PC.

trying to implement meta-security with its hardening features like bastille and checksecurity as s explained in :

https://github.com/Xilinx/meta-security/tree/rel-v2021.2

in meta-security layer i want to use checksecurity package, as explained in docs folder overview.txt.

meta-security is exist and implemented in linux as a layer, and for example nmap and other packages are compiled with command petalinux -build -c ..

for checksecurity package (in recipes-scanners) the fetch process fails as seen in attached picture:

unable to fetch from http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_2.0.15.tar.gz.

when i'm trying to go to the source with my PC /phone i get :

"the requested URL was not found on this server".

1.what are the possibilities & tools to harden my linux with petalinux? 2.maybe the tar.gz location was changed? 3.what is the right way to compile checksecurity into my image? 4 . in addition, bastille doesn't work on my embedded while typing " bastille -c --os Yocto" , command is unknown.

Meta-security Docs

=============

In this section the contents of the layer is listed, along with a short

help for each package.

 == bastille ==

Bastille is a system hardening / lockdown program which enhances the

security of a Unix host. It configures daemons, system settings and

firewalls to be more secure. It can shut off unneeded services

like rcp and rlogin, and helps create "chroot jails" that help limit the

vulnerability of common Internet services like Web services and DNS.

usage : The functionality of Bastille which is available is

    restricted to a purely informational one. The command:

    bastille -c --os Yocto

    will cause a series of menus containing security questions

    about the system to be displayed to the user. For each

    question, a default response, specified in the configuration

    file which is installed with Bastille, will be selected.

    The user may select an alternate response. When the user

    has completed the sequence of menus Bastille saves the

    responses to the configuration file.

    The command:

    bastille -l lists the configuration files that Bastille

    is able to locate.

    The other functionality which Bastille is intended to provide

    is actually unavailable. This is not due to errors in poky

    installation or configuration of the application. The Bastille

    distribution is no longer supported. Significant modifications

    would be required to make it possible to make use of the

    functionality which is currently unavailable.

Additional information about Bastille can be found in the package

README file and other documentation.

Alternatives to Bastille include buck-security and checksecurity,

described elsewhere in this file.

== checksecurity ==

checksecurity is a simple package which will scan your system for several simple security holes.

It uses a simple collection of plugins, all of which are shell scripts which are configured by environmental variables.

    usage : To start checksecurity simply write in the terminal :

        checksecurity

More detailed usage can be found in the man pages and README file of the package.

please help.

thanks for advance!

[quentonh]

@hudini87 It appears that this issue lacks any specific ties to Vitis AI. Potential paths to obtain support for the questions that you have asked might include the user forums, your local FAE, or opening a case with worldwide technical support. This repository is for Vitis AI specific issues and not for general technical support.

I hope that you find solutions to this challenge.

--Quenton