From af74b29b13bed74f28aaac449d2f63ecfe8fbc7cadb43307f8bc640048f58782 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 2 Sep 2024 14:26:03 +0000 Subject: [PATCH 1/6] Accepting request 1198315 from home:rchikov - updated to 0.1.74 (jsc#ECO-3319) - Add Amazon Linux 2023 product (#12006) - Introduce new remediation type Kickstart (#12144) - Make PAM macros more flexible to variables (#12133) - Remove Debian 10 Product (#12205) - Remove Red Hat Enterprise Linux 7 product (#12093) - Update CIS RHEL9 control file to v2.0.0 (#12067) OBS-URL: https://build.opensuse.org/request/show/1198315 OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=112 --- .gitattributes | 23 +++ .gitignore | 1 + _constraints | 7 + scap-security-guide.changes | 342 +++++++++++++++++++++++++++++++++++ scap-security-guide.spec | 348 ++++++++++++++++++++++++++++++++++++ v0.1.73.tar.gz | 3 + v0.1.74.tar.gz | 3 + 7 files changed, 727 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 _constraints create mode 100644 scap-security-guide.changes create mode 100644 scap-security-guide.spec create mode 100644 v0.1.73.tar.gz create mode 100644 v0.1.74.tar.gz diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_constraints b/_constraints new file mode 100644 index 0000000..26a20ce --- /dev/null +++ b/_constraints @@ -0,0 +1,7 @@ + + + + 7 + + + diff --git a/scap-security-guide.changes b/scap-security-guide.changes new file mode 100644 index 0000000..05de06d --- /dev/null +++ b/scap-security-guide.changes @@ -0,0 +1,342 @@ +------------------------------------------------------------------- +Mon Sep 2 13:58:50 UTC 2024 - Rumen Chikov + +- updated to 0.1.74 (jsc#ECO-3319) + - Add Amazon Linux 2023 product (#12006) + - Introduce new remediation type Kickstart (#12144) + - Make PAM macros more flexible to variables (#12133) + - Remove Debian 10 Product (#12205) + - Remove Red Hat Enterprise Linux 7 product (#12093) + - Update CIS RHEL9 control file to v2.0.0 (#12067) + +------------------------------------------------------------------- +Fri May 31 07:52:33 UTC 2024 - Rumen Chikov + +- updated to 0.1.73 (jsc#ECO-3319) + - CMP 2417: Implement PCI-DSS v4.0 outline for OpenShift (#11651) + - Update all RHEL ANSSI BP028 profiles to be aligned with configuration recommendations version 2.0 + - Generate rule references from control files (#11540) + - Initial implementation of STIG V1R1 profile for Ubuntu 22.04 LTS (#11820) + +------------------------------------------------------------------- +Tue Feb 13 16:02:47 UTC 2024 - Marcus Meissner + +- updated to 0.1.72 (jsc#ECO-3319) + - ANSSI BP 028 profile for debian12 (#11368) + - Building on Windows (#11406) + - Control for BSI APP.4.4 (#11342) + - update to CIS RHEL 7 and RHEL 8 profiles aligning them with the latest benchmarks + - various fixes to SLE profiles +- add openeuler to -redhat package +- removed ssg-fix-journald.patch: fixed upstream + +------------------------------------------------------------------- +Tue Dec 19 11:04:09 UTC 2023 - Marcus Meissner + +- updated to 0.1.71 (jsc#ECO-3319) + - Add RHEL 9 STIG + - Add support for Debian 12 + - Update PCI-DSS profile for RHEL + - lots of bugfixes and improvements for SLE +- removed left over file + 0001-Revert-fix-aide-remediations-add-crontabs.patch upstreamed in 0.1.69 + +------------------------------------------------------------------- +Wed Dec 6 12:21:53 UTC 2023 - Marcus Meissner + +- ssg-fix-journald.patch: switch buggy journald plugindir remediation + to write into journald.conf. (bsc#1217832) + +------------------------------------------------------------------- +Tue Oct 17 14:44:03 UTC 2023 - Marcus Meissner + +- updated to 0.1.70 (jsc#ECO-3319) + - Add openembedded distro support (#10793) + - Remove DRAFT wording for OpenShift STIG (#11100) + - Remove test-function-check_playbook_file_removed_and_added test (#10982) + - scap-security-guide: Add Poky support (#11046) + +------------------------------------------------------------------- +Wed Aug 2 13:49:20 UTC 2023 - Marcus Meissner + +- updated to 0.1.69 (jsc#ECO-3319) + - Introduce a JSON build manifest (#10761) + - Introduce a script to compare ComplianceAsCode versions (#10768) + - Introduce CCN profiles for RHEL9 (#10860) + - Map rules to components (#10609) + - products/anolis23: supports Anolis OS 23 (#10548) + - Render components to HTML (#10709) + - Store rendered control files (#10656) + - Test and use rules to components mapping (#10693) + - Use distributed product properties (#10554) +- 0001-Revert-fix-aide-remediations-add-crontabs.patch: removed, upstream + +------------------------------------------------------------------- +Thu Jul 27 06:58:41 UTC 2023 - Marcus Meissner + +- 0001-Revert-fix-aide-remediations-add-crontabs.patch: + revert patch that breaks the SLE hardening (bsc#1213691) + +------------------------------------------------------------------- +Thu Jun 15 15:40:16 UTC 2023 - Marcus Meissner + +- updated to 0.1.68 (jsc#ECO-3319) + - Bump OL8 STIG version to V1R6 + - Introduce a Product class, make the project work with it + - Introduce Fedora and Firefox CaC profiles for common workstation users + - OL7 DISA STIG v2r11 update + - Publish rendered policy artifacts + - Update ANSSI BP-028 to version 2.0 +- updated to 0.1.67 (jsc#ECO-3319) + - Add utils/controlrefcheck.py + - RHEL 9 STIG Update Q1 2023 + - Include warning for NetworkManager keyfiles in RHEL9 + - OL7 stig v2r10 update + - Bump version of OL8 STIG to V1R5 +- various enhancements to SLE profiles +- scap-security-guide-UnicodeEncodeError-character-fix.patch: fixed upstream + +------------------------------------------------------------------- +Mon Feb 6 15:03:31 UTC 2023 - Marcus Meissner + +- updated to 0.1.66 (jsc#ECO-3319) +  - Ubuntu 22.04 CIS +  - OL7 stig v2r9 update +  - Bump OL8 STIG version to V1R4 +  - Update RHEL7 STIG to V3R10 +  - Update RHEL8 STIG to V1R9 +  - Introduce CIS RHEL9 profiles +- also various SUSE profile fixes were done + +------------------------------------------------------------------- +Mon Dec 5 10:44:15 UTC 2022 - Marcus Meissner + +- updated to 0.1.65 (jsc#ECO-3319) + - Introduce cui profile for OL9 + - Remove Support for OVAL 5.10 + - Rename account_passwords_pam_faillock_audit + - CI ansible hardening and rename of existing Bash hardening + - Update contributors list for v0.1.65 release + - various SUSE profile specific fixes + +------------------------------------------------------------------- +Fri Nov 25 13:16:15 UTC 2022 - Marcus Meissner + +- require sudo, as remediations touch sudo config or use sudo. + +------------------------------------------------------------------- +Wed Oct 5 09:21:53 UTC 2022 - Marcus Meissner + +- enable ubuntu 2204 build + +------------------------------------------------------------------- +Sat Oct 1 08:56:49 UTC 2022 - Marcus Meissner + +- updated to 0.1.64 (jsc#ECO-3319) + - Introduce ol9 stig profile + - Introduce Ol9 anssi profiles + - Update RHEL8 STIG to V1R7 + - Introduce e8 profile for OL9 + - Update RHEL7 STIG to V3R8 + - some SUSE profile fixes + +------------------------------------------------------------------- +Wed Sep 21 08:24:30 UTC 2022 - Marcus Meissner + +- Added several RPM requires that are needed by the SUSE remediation + scripts. (e.g. awk is not necessary installed) + +------------------------------------------------------------------- +Sat Jul 30 13:59:29 UTC 2022 - Marcus Meissner + +- updated to 0.1.63 (jsc#ECO-3319) + - multiple bugfixes in SUSE profiles + - Expand project guidelines + - Add Draft OCP4 STIG profile + - Add anssi_bp28_intermediary profile + - add products/uos20 to support UnionTech OS Server 20 + - products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles + - Remove WRLinux Products + - Update CIS RHEL8 Benchmark for v2.0.0 +- removed fix-bash-template.patch: fixed upstream +- Fixed: stig: /etc/shadow group owner should not be root but shadow (bsc#1200149) +- Fixed: sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163) +- Fixed: SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122) + +------------------------------------------------------------------- +Fri Jul 15 11:57:43 UTC 2022 - Julio González Gil + +- Fix the build for RHEL 7 and clones (python-setuptools is used) + +------------------------------------------------------------------- +Wed Jul 6 09:26:15 UTC 2022 - Julio González Gil + +- Fix the build for RHEL 9 and clones + +------------------------------------------------------------------- +Mon Jun 27 12:59:21 UTC 2022 - Marcus Meissner + +- fix-bash-template.patch: convert one bash emitter to new jinja method. + (bsc#1200163) + +------------------------------------------------------------------- +Thu Jun 9 15:31:50 UTC 2022 - Marcus Meissner + +- add python3-setuptools for all builds (so it is also used on debian + and centos flavors) + +------------------------------------------------------------------- +Mon May 30 12:48:54 UTC 2022 - Marcus Meissner + +- updated to 0.1.62 (jsc#ECO-3319) + - Update rhel8 stig to v1r6 + - OL7 STIG v2r7 update + - Initial definition of ANSSI BP28 minmal profile for SLE + +------------------------------------------------------------------- +Mon Apr 4 08:40:40 UTC 2022 - Marcus Meissner + +- updated to 0.1.61 (jsc#ECO-3319) + - Stop building PCI-DSS-centric XCCDF benchmark for RHEL 7 + - Introduce OL9 product + - Implement handling of logical expressions in platform definitions + +------------------------------------------------------------------- +Tue Feb 22 15:19:07 UTC 2022 - Marcus Meissner + +- bump disk size constraints to 7gb to avoid occasional disk fulls failures. + +------------------------------------------------------------------- +Thu Jan 27 13:43:18 UTC 2022 - Marcus Meissner + +- updated to 0.1.60 (jsc#ECO-3319) + - New draft stig profile v1r1 for OL8 + - New product Amazon EKS platform and initial CIS profiles + - New product CentOS Stream 9, as a derivative from RHEL9 product + +------------------------------------------------------------------- +Sat Nov 27 15:39:12 UTC 2021 - Marcus Meissner + +- updated to 0.1.59 release (jsc#ECO-3319) + - Support for Debian 11 + - NERC CIP profiles for OCP4 and RHCOS + - HIPAA profile for SLE15 + - Delta Tailoring Files for STIG profiles + +------------------------------------------------------------------- +Wed Oct 6 09:00:15 UTC 2021 - Alexander Bergmann + +- Fix SLE-12 build issue caused by '\xb0' character (bsc#1191431). + - Add scap-security-guide-UnicodeEncodeError-character-fix.patch + +------------------------------------------------------------------- +Fri Sep 24 15:16:30 UTC 2021 - Marcus Meissner + +- updated to 0.1.58 release (jsc#ECO-3319) +- Support for Script Checking Engine (SCE) +- Split RHEL 8 CIS profile using new controls file format +- CIS Profiles for SLE12 +- Initial Ubuntu 20.04 STIG Profiles +- Addition of an automated CCE adder + +------------------------------------------------------------------- +Tue Jul 13 14:41:16 UTC 2021 - Marcus Meissner + +- updated to 0.1.57 release (jsc#ECO-3319) + - CIS profile for RHEL 7 is updated + - initial CIS profiles for Ubuntu 20.04 + - Major improvement of RHEL 9 content + - new release process implemented using Github actions + +------------------------------------------------------------------- +Wed Jun 2 15:03:42 UTC 2021 - Julio González Gil + +- Specify the maintainer, for deb packages. + +------------------------------------------------------------------- +Wed May 26 15:19:40 UTC 2021 - Marcus Meissner + +- updated to 0.1.56 release (jsc#ECO-3319) + - Align ism_o profile with latest ISM SSP (#6878) + - Align RHEL 7 STIG profile with DISA STIG V3R3 + - Creating new RHEL 7 STIG GUI profile (#6863) + - Creating new RHEL 8 STIG GUI profile (#6862) + - Add the RHEL9 product (#6801) + - Initial support for SUSE SLE-15 (#6666) + - add support for osbuild blueprint remediations (#6970) + +------------------------------------------------------------------- +Wed Mar 24 13:25:26 UTC 2021 - Marcus Meissner + +- updated to a intermediate GIT snapshot of 20210323 (jsc#ECO-3319) + - initial SLES15 STIG added + - more SLES 12 STIG work + - correct tables and cross references for SLES 12 and 15 STIG + +------------------------------------------------------------------- +Fri Mar 19 15:08:35 UTC 2021 - Marcus Meissner + +- updated to 0.1.55 release (jsc#ECO-3319) + - big update of rules used in SLES-12 STIG profile + - Render policy to HTML (#6532) + - Add variable support to yamlfile_value template (#6563) + - Introduce new template for dconf configuration files (#6118) +- avoid some non sles12 sp2 available macros. + +------------------------------------------------------------------- +Fri Mar 12 14:14:10 UTC 2021 - Julio González Gil + +- Add the redhat conflict for packages built on redhat clones + or Fedora + +------------------------------------------------------------------- +Fri Feb 26 08:45:24 UTC 2021 - Marcus Meissner + +- remove redhat conflict. + +------------------------------------------------------------------- +Sun Feb 7 10:42:34 UTC 2021 - Marcus Meissner + +- added Redhat, Debian, Ubuntu products, split off into seperate + packages for size. + +------------------------------------------------------------------- +Wed Feb 3 23:55:30 UTC 2021 - Jan Engelhardt + +- Update descriptions, modernize specfile constructs. + +------------------------------------------------------------------- +Wed Feb 3 14:07:22 UTC 2021 - Marcus Meissner + +- updated to 0.1.54 version + +------------------------------------------------------------------- +Wed Feb 3 10:23:50 UTC 2021 - Marcus Meissner + +- updated to 0.1.53 version, adjusted some things. + +------------------------------------------------------------------- +Tue May 14 11:55:47 UTC 2019 - Brice DEKANY + +- New specfile +- build for openSUSE + Backport + +------------------------------------------------------------------- +Tue May 14 11:27:26 UTC 2019 - Brice DEKANY + +- Switch to new formating from ComplianceAsCode +- Project is now hosted by github.com/openSUSE + +------------------------------------------------------------------- +Fri Mar 16 12:12:56 UTC 2018 - brice.dekany@suse.com + +- Add a first batch of SEVERITY CAT II Rules +------------------------------------------------------------------- +Wed Jan 17 10:14:09 UTC 2018 - brice.dekany@suse.com + +- Add fixes for SEVERITY CAT I + +------------------------------------------------------------------- +Thu Jan 4 21:05:16 UTC 2018 - brice.dekany@suse.com + +- Initial version of xccdf for Severty CAT I diff --git a/scap-security-guide.spec b/scap-security-guide.spec new file mode 100644 index 0000000..bfe5e7a --- /dev/null +++ b/scap-security-guide.spec @@ -0,0 +1,348 @@ +# +# spec file for package scap-security-guide +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%if ! (0%{?fedora} || 0%{?rhel} > 5) +%if "%{_vendor}" == "debbuild" +%global __python /usr/bin/python3 +%endif +%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")} +%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} +%endif + +%if 0%{?fedora} || 0%{?rhel} >= 8 +%{!?pylint_check: %global pylint_check 0} +%endif + +%if 0%{?fedora} || 0%{?suse_version} > 1320 || 0%{?rhel} >= 8 || "%{_vendor}" == "debbuild" +%global build_py3 1 +%if "%{_vendor}" != "debbuild" +%global python_sitelib %{python3_sitelib} +%endif +%endif + +%if 0%{?fedora} || 0%{?rhel} >= 8 +%global python2prefix python2 +%else +%global python2prefix python +%endif + +Name: scap-security-guide +Version: 0.1.74 +Release: 0 +Summary: XCCDF files for SUSE Linux and openSUSE +License: BSD-3-Clause +Group: Productivity/Security +URL: https://github.com/ComplianceAsCode/content +%if "%{_vendor}" == "debbuild" +Packager: SUSE Security Team +%endif +Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz + +# explicit require what is needed by the detection logic in the scripts +Requires: coreutils +Requires: findutils +Requires: gawk +Requires: grep +Requires: sed +Requires: sudo +Requires: zypper + +BuildRequires: cmake + +%if "%{_vendor}" == "debbuild" +%{!?_licensedir:%global license %%doc} +BuildRequires: libopenscap8 +BuildRequires: libxml2-utils +BuildRequires: libxslt1.1 +BuildRequires: xsltproc +%else +BuildRequires: libxslt +BuildRequires: openscap-utils +%endif + +%if 0%{?rhel} == 7 +BuildRequires: python-setuptools +%else +BuildRequires: python3-setuptools +%endif + +%if 0%{?rhel} == 8 +BuildRequires: python3 +%endif + +%if 0%{?suse_version} +BuildRequires: python3-xml +%endif + +%if 0%{?rhel} == 7 +BuildRequires: PyYAML +%else +%if 0%{?rhel} == 8 +BuildRequires: python3-pyyaml +%else +%if "%{_vendor}" == "debbuild" +BuildRequires: python3-yaml +%else +BuildRequires: python3-PyYAML +%endif +%endif +%endif + +%if 0%{?rhel} == 7 +BuildRequires: python-jinja2 +%else +%if 0%{?rhel} >= 8 +BuildRequires: python3-jinja2 +%else +%if "%{_vendor}" == "debbuild" +BuildRequires: python3-jinja2 +%else +BuildRequires: python3-Jinja2 +%endif +%endif +%endif + +BuildRequires: expat +BuildRequires: libxml2 +# not on SLES currently +%if 0%{?is_opensuse} || 0%{?fedora} || "%{_vendor}" == "debbuild" +BuildRequires: ansible +%endif +BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildArch: noarch + +%description +Security Content Automation Protocol (SCAP) Security Guide for SUSE Linux. + +This package contains XCCDF (Extensible Configuration Checklist +Description Format), OVAL (Open Vulnerability and Assessment +Language), CPE (Common Platform Enumeration) and DS (Data Stream) +files to run a compliance test on SLE12, SLE15 and openSUSE + +SUSE supported in this version of scap-security-guide: + +- DISA STIG profile for SUSE Linux Enterprise Server 12 and 15 +- ANSSI-BP-028 profile for SUSE Linux Enterprise Server 12 and 15 +- PCI-DSS profile for SUSE Linux Enterprise Server 12 and 15 +- HIPAA profile for SUSE Linux Enterprise Server 12 and 15 +- CIS profile for SUSE Linux Enterprise Server 12 and 15 +- Hardening for Public Cloud Image of SUSE Linux Enterprise Server for SAP Applications 15 +- Public Cloud Hardening for SUSE Linux Enterprise 15 + +Other profiles, like the Standard System Security Profile for SUSE Linux Enterprise 12 and 15, +are community supplied and not officially supported by SUSE. + +%package redhat +Summary: XCCDF files for RHEL, CentOS, Fedora and ScientificLinux +Group: Productivity/Security +%if 0%{?fedora} || 0%{?rhel} +Conflicts: scap-security-guide +%endif + +%description redhat +Security Content Automation Protocol (SCAP) Security Guide for Redhat/Fedora/CentOS/OracleLinux/ScientificLinux. + +This package contains XCCDF (Extensible Configuration Checklist +Description Format), OVAL (Open Vulnerability and Assessment +Language), CPE (Common Platform Enumeration) and DS (Data Stream) +files to run a compliance test on various Redhat products, CentOS, Oracle Linux, Fedora and ScientificLinux. + +Note that the included profiles are community supplied and not officially supported by SUSE.. + +%package debian +Summary: XCCDF files for Debian +Group: Productivity/Security + +%description debian +Security Content Automation Protocol (SCAP) Security Guide for Debian. + +This package contains XCCDF (Extensible Configuration Checklist +Description Format), OVAL (Open Vulnerability and Assessment +Language), CPE (Common Platform Enumeration) and DS (Data Stream) +files to run a compliance test on Debian. + +Note that the included profiles are community supplied and not officially supported by SUSE.. + +%package ubuntu +Summary: XCCDF files for Ubuntu +Group: Productivity/Security + +%description ubuntu +Security Content Automation Protocol (SCAP) Security Guide for Ubuntu. + +This package contains XCCDF (Extensible Configuration Checklist +Description Format), OVAL (Open Vulnerability and Assessment +Language), CPE (Common Platform Enumeration) and DS (Data Stream) +files to run a compliance test on Ubuntu. + +Note that the included profiles are community supplied and not officially supported by SUSE.. + +%prep +%setup -q -n content-%version + +%build +cd build +cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \ + -DCMAKE_INSTALL_MANDIR=%{_mandir} \ + -DSSG_PRODUCT_CHROMIUM=OFF \ + -DSSG_PRODUCT_ALINUX2=OFF \ + -DSSG_PRODUCT_ALINUX3=OFF \ + -DSSG_PRODUCT_DEBIAN9=ON \ + -DSSG_PRODUCT_DEBIAN10=ON \ + -DSSG_PRODUCT_DEFAULT=ON \ + -DSSG_PRODUCT_EXAMPLE=OFF \ + -DSSG_PRODUCT_FEDORA=ON \ + -DSSG_PRODUCT_FIREFOX=OFF \ + -DSSG_PRODUCT_FUSE6=OFF \ + -DSSG_PRODUCT_JRE=OFF \ + -DSSG_PRODUCT_MACOS1015=OFF \ + -DSSG_PRODUCT_OCP4=OFF \ + -DSSG_PRODUCT_OL7=ON \ + -DSSG_PRODUCT_OL8=ON \ + -DSSG_PRODUCT_OL9=ON \ + -DSSG_PRODUCT_OPENSUSE=ON \ + -DSSG_PRODUCT_OPENEMBEDDED=OFF \ + -DSSG_PRODUCT_RHCOS4=ON \ + -DSSG_PRODUCT_RHEL7=ON \ + -DSSG_PRODUCT_RHEL8=ON \ + -DSSG_PRODUCT_RHEL9=ON \ + -DSSG_PRODUCT_RHOSP10=ON \ + -DSSG_PRODUCT_RHOSP13=ON \ + -DSSG_PRODUCT_RHV4=ON \ + -DSSG_PRODUCT_SLE12=ON \ + -DSSG_PRODUCT_SLE15=ON \ + -DSSG_PRODUCT_UBUNTU1604=ON \ + -DSSG_PRODUCT_UBUNTU1804=ON \ + -DSSG_PRODUCT_UBUNTU2004=ON \ + -DSSG_PRODUCT_UBUNTU2204=ON \ + -DSSG_PRODUCT_UOS20=OFF \ + -DSSG_PRODUCT_VSEL=OFF \ + -DSSG_PRODUCT_EKS=OFF \ + -DSSG_PRODUCT_WRLINUX8=OFF \ + -DSSG_PRODUCT_WRLINUX1019=OFF \ + -DSSG_PRODUCT_ANOLIS8=OFF \ + -DSSG_PRODUCT_ANOLIS23=OFF \ + ../ +make + +%install +cd build/ +make install DESTDIR=%buildroot + +%files +%if "%{_vendor}" != "debbuild" +%license LICENSE +%endif +%dir %{_datadir}/doc/scap-security-guide/ +%{_datadir}/doc/scap-security-guide/Contributors.md +%{_datadir}/doc/scap-security-guide/README.md +%{_datadir}/doc/scap-security-guide/LICENSE +%dir %{_datadir}/doc/scap-security-guide/guides/ +%doc %{_datadir}/doc/scap-security-guide/guides/ssg-sle* +%doc %{_datadir}/doc/scap-security-guide/guides/ssg-opensuse* +%dir %{_datadir}/doc/scap-security-guide/tables/ +%doc %{_datadir}/doc/scap-security-guide/tables/table-sle* +%doc %{_mandir}/man8/scap-security-guide.8.gz +%dir %{_datadir}/scap-security-guide/ +%dir %{_datadir}/scap-security-guide/ansible/ +%dir %{_datadir}/scap-security-guide/bash/ +%dir %{_datadir}/scap-security-guide/kickstart/ +%{_datadir}/scap-security-guide/*/opensuse* +%{_datadir}/scap-security-guide/*/sle* +%dir %{_datadir}/xml/scap/ +%dir %{_datadir}/xml/scap/ssg/ +%dir %{_datadir}/xml/scap/ssg/content/ +%{_datadir}/xml/scap/ssg/content/*-sle* +%{_datadir}/xml/scap/ssg/content/*-opensuse* + +%files redhat +%if "%{_vendor}" != "debbuild" +%license LICENSE +%endif +%dir %{_datadir}/doc/scap-security-guide/guides/ +%doc %{_datadir}/doc/scap-security-guide/guides/ssg-centos* +%doc %{_datadir}/doc/scap-security-guide/guides/ssg-cs9* +%doc %{_datadir}/doc/scap-security-guide/guides/ssg-fedora* +%doc %{_datadir}/doc/scap-security-guide/guides/ssg-ol* +%doc %{_datadir}/doc/scap-security-guide/guides/ssg-openeuler* +%doc %{_datadir}/doc/scap-security-guide/guides/ssg-rh* +%doc %{_datadir}/doc/scap-security-guide/guides/ssg-sl7* +%dir %{_datadir}/doc/scap-security-guide/tables/ +%doc %{_datadir}/doc/scap-security-guide/tables/table-ol* +%doc %{_datadir}/doc/scap-security-guide/tables/table-rh* +%dir %{_datadir}/doc/scap-security-guide/ +%dir %{_datadir}/scap-security-guide/ +%dir %{_datadir}/scap-security-guide/ansible/ +%dir %{_datadir}/scap-security-guide/tailoring/ +%dir %{_datadir}/scap-security-guide/bash/ +%dir %{_datadir}/scap-security-guide/kickstart/ +%{_datadir}/scap-security-guide/*/*centos* +%{_datadir}/scap-security-guide/*/*cs9* +%{_datadir}/scap-security-guide/*/*fedora* +%{_datadir}/scap-security-guide/*/*ol* +%{_datadir}/scap-security-guide/*/*openeuler* +%{_datadir}/scap-security-guide/*/*rh* +%{_datadir}/scap-security-guide/*/*sl7* +%dir %{_datadir}/xml/scap/ +%dir %{_datadir}/xml/scap/ssg/ +%dir %{_datadir}/xml/scap/ssg/content/ +%{_datadir}/xml/scap/ssg/content/*-centos* +%{_datadir}/xml/scap/ssg/content/*-cs9* +%{_datadir}/xml/scap/ssg/content/*-fedora* +%{_datadir}/xml/scap/ssg/content/*-ol* +%{_datadir}/xml/scap/ssg/content/*-openeuler* +%{_datadir}/xml/scap/ssg/content/*-rh* +%{_datadir}/xml/scap/ssg/content/*-sl7* + +%files debian +%if "%{_vendor}" != "debbuild" +%license LICENSE +%endif +%dir %{_datadir}/doc/scap-security-guide/guides/ +%doc %{_datadir}/doc/scap-security-guide/guides/ssg-debian* +%dir %{_datadir}/doc/scap-security-guide/tables/ +%dir %{_datadir}/doc/scap-security-guide/ +%dir %{_datadir}/scap-security-guide/ +%dir %{_datadir}/scap-security-guide/ansible/ +%dir %{_datadir}/scap-security-guide/bash/ +%dir %{_datadir}/scap-security-guide/kickstart/ +%{_datadir}/scap-security-guide/*/*debian* +%dir %{_datadir}/xml/scap/ +%dir %{_datadir}/xml/scap/ssg/ +%dir %{_datadir}/xml/scap/ssg/content/ +%{_datadir}/xml/scap/ssg/content/*-debian* + +%files ubuntu +%if "%{_vendor}" != "debbuild" +%license LICENSE +%endif +%dir %{_datadir}/doc/scap-security-guide/guides/ +%doc %{_datadir}/doc/scap-security-guide/guides/ssg-ubuntu* +%dir %{_datadir}/doc/scap-security-guide/tables/ +%dir %{_datadir}/doc/scap-security-guide/ +%dir %{_datadir}/scap-security-guide/ +%dir %{_datadir}/scap-security-guide/ansible/ +%dir %{_datadir}/scap-security-guide/bash/ +%dir %{_datadir}/scap-security-guide/kickstart/ +%{_datadir}/scap-security-guide/*/*ubuntu* +%dir %{_datadir}/xml/scap/ +%dir %{_datadir}/xml/scap/ssg/ +%dir %{_datadir}/xml/scap/ssg/content/ +%{_datadir}/xml/scap/ssg/content/*-ubuntu* + +%changelog diff --git a/v0.1.73.tar.gz b/v0.1.73.tar.gz new file mode 100644 index 0000000..8316a27 --- /dev/null +++ b/v0.1.73.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4775f07e279f52e069bf2bc152c28d915a36f0d6ade7c01b498a85f96c285fa4 +size 10550630 diff --git a/v0.1.74.tar.gz b/v0.1.74.tar.gz new file mode 100644 index 0000000..df1a822 --- /dev/null +++ b/v0.1.74.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a88612e3f7b609fae910f4bce0c6362df80aa396ec533aab868f5c155f86239b +size 10518768 From 7444a1e3cb93282e3bf65fe8b7d99076fb14b0c873033a12c9a7daf8ac5cf1be Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 4 Sep 2024 08:59:26 +0000 Subject: [PATCH 2/6] OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=113 --- scap-security-guide.spec | 3 --- 1 file changed, 3 deletions(-) diff --git a/scap-security-guide.spec b/scap-security-guide.spec index bfe5e7a..0a03cc5 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -281,7 +281,6 @@ make install DESTDIR=%buildroot %doc %{_datadir}/doc/scap-security-guide/guides/ssg-ol* %doc %{_datadir}/doc/scap-security-guide/guides/ssg-openeuler* %doc %{_datadir}/doc/scap-security-guide/guides/ssg-rh* -%doc %{_datadir}/doc/scap-security-guide/guides/ssg-sl7* %dir %{_datadir}/doc/scap-security-guide/tables/ %doc %{_datadir}/doc/scap-security-guide/tables/table-ol* %doc %{_datadir}/doc/scap-security-guide/tables/table-rh* @@ -297,7 +296,6 @@ make install DESTDIR=%buildroot %{_datadir}/scap-security-guide/*/*ol* %{_datadir}/scap-security-guide/*/*openeuler* %{_datadir}/scap-security-guide/*/*rh* -%{_datadir}/scap-security-guide/*/*sl7* %dir %{_datadir}/xml/scap/ %dir %{_datadir}/xml/scap/ssg/ %dir %{_datadir}/xml/scap/ssg/content/ @@ -307,7 +305,6 @@ make install DESTDIR=%buildroot %{_datadir}/xml/scap/ssg/content/*-ol* %{_datadir}/xml/scap/ssg/content/*-openeuler* %{_datadir}/xml/scap/ssg/content/*-rh* -%{_datadir}/xml/scap/ssg/content/*-sl7* %files debian %if "%{_vendor}" != "debbuild" From 39b38338e7d93aa5cbc559936f9054a1f849c594c563122441eb84e2aadda7e8 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 4 Sep 2024 12:09:03 +0000 Subject: [PATCH 3/6] OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=114 --- scap-security-guide.spec | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 0a03cc5..f9b4278 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -202,6 +202,7 @@ cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DSSG_PRODUCT_CHROMIUM=OFF \ -DSSG_PRODUCT_ALINUX2=OFF \ -DSSG_PRODUCT_ALINUX3=OFF \ + -DSSG_PRODUCT_ALINUX2003=OFF \ -DSSG_PRODUCT_DEBIAN9=ON \ -DSSG_PRODUCT_DEBIAN10=ON \ -DSSG_PRODUCT_DEFAULT=ON \ @@ -221,6 +222,8 @@ cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DSSG_PRODUCT_RHEL7=ON \ -DSSG_PRODUCT_RHEL8=ON \ -DSSG_PRODUCT_RHEL9=ON \ + -DSSG_PRODUCT_RHEL10=ON \ + -DSSG_PRODUCT_CS10=ON \ -DSSG_PRODUCT_RHOSP10=ON \ -DSSG_PRODUCT_RHOSP13=ON \ -DSSG_PRODUCT_RHV4=ON \ @@ -254,6 +257,7 @@ make install DESTDIR=%buildroot %{_datadir}/doc/scap-security-guide/LICENSE %dir %{_datadir}/doc/scap-security-guide/guides/ %doc %{_datadir}/doc/scap-security-guide/guides/ssg-sle* +%doc %{_datadir}/doc/scap-security-guide/guides/ssg-slmicro* %doc %{_datadir}/doc/scap-security-guide/guides/ssg-opensuse* %dir %{_datadir}/doc/scap-security-guide/tables/ %doc %{_datadir}/doc/scap-security-guide/tables/table-sle* @@ -264,10 +268,12 @@ make install DESTDIR=%buildroot %dir %{_datadir}/scap-security-guide/kickstart/ %{_datadir}/scap-security-guide/*/opensuse* %{_datadir}/scap-security-guide/*/sle* +%{_datadir}/scap-security-guide/*/slmicro* %dir %{_datadir}/xml/scap/ %dir %{_datadir}/xml/scap/ssg/ %dir %{_datadir}/xml/scap/ssg/content/ %{_datadir}/xml/scap/ssg/content/*-sle* +%{_datadir}/xml/scap/ssg/content/*-slmicro* %{_datadir}/xml/scap/ssg/content/*-opensuse* %files redhat @@ -277,6 +283,7 @@ make install DESTDIR=%buildroot %dir %{_datadir}/doc/scap-security-guide/guides/ %doc %{_datadir}/doc/scap-security-guide/guides/ssg-centos* %doc %{_datadir}/doc/scap-security-guide/guides/ssg-cs9* +%doc %{_datadir}/doc/scap-security-guide/guides/ssg-cs10* %doc %{_datadir}/doc/scap-security-guide/guides/ssg-fedora* %doc %{_datadir}/doc/scap-security-guide/guides/ssg-ol* %doc %{_datadir}/doc/scap-security-guide/guides/ssg-openeuler* @@ -292,6 +299,7 @@ make install DESTDIR=%buildroot %dir %{_datadir}/scap-security-guide/kickstart/ %{_datadir}/scap-security-guide/*/*centos* %{_datadir}/scap-security-guide/*/*cs9* +%{_datadir}/scap-security-guide/*/*cs10* %{_datadir}/scap-security-guide/*/*fedora* %{_datadir}/scap-security-guide/*/*ol* %{_datadir}/scap-security-guide/*/*openeuler* @@ -301,6 +309,7 @@ make install DESTDIR=%buildroot %dir %{_datadir}/xml/scap/ssg/content/ %{_datadir}/xml/scap/ssg/content/*-centos* %{_datadir}/xml/scap/ssg/content/*-cs9* +%{_datadir}/xml/scap/ssg/content/*-cs10* %{_datadir}/xml/scap/ssg/content/*-fedora* %{_datadir}/xml/scap/ssg/content/*-ol* %{_datadir}/xml/scap/ssg/content/*-openeuler* From 21c22859a7815e81b5b6bb21e92dfc2d8d24639c115e9480aedfc65c7905f684 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 4 Sep 2024 13:13:45 +0000 Subject: [PATCH 4/6] OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=115 --- scap-security-guide.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scap-security-guide.spec b/scap-security-guide.spec index f9b4278..0f1c764 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -202,7 +202,7 @@ cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DSSG_PRODUCT_CHROMIUM=OFF \ -DSSG_PRODUCT_ALINUX2=OFF \ -DSSG_PRODUCT_ALINUX3=OFF \ - -DSSG_PRODUCT_ALINUX2003=OFF \ + -DSSG_PRODUCT_AL2003=OFF \ -DSSG_PRODUCT_DEBIAN9=ON \ -DSSG_PRODUCT_DEBIAN10=ON \ -DSSG_PRODUCT_DEFAULT=ON \ From 6f030420885a8afc0dd9f22c07716c48e2560215c98683eae25c5af1333bf339 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 4 Sep 2024 16:27:10 +0000 Subject: [PATCH 5/6] OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=116 --- scap-security-guide.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 0f1c764..0cb9a9b 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -202,7 +202,7 @@ cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DSSG_PRODUCT_CHROMIUM=OFF \ -DSSG_PRODUCT_ALINUX2=OFF \ -DSSG_PRODUCT_ALINUX3=OFF \ - -DSSG_PRODUCT_AL2003=OFF \ + -DSSG_PRODUCT_AL2023=OFF \ -DSSG_PRODUCT_DEBIAN9=ON \ -DSSG_PRODUCT_DEBIAN10=ON \ -DSSG_PRODUCT_DEFAULT=ON \ From 02ce1f4c8fd7310e21fb9587ffd82d1ec5ca4b6d636fe1f4576f056b61c12c8a Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Thu, 5 Sep 2024 07:31:47 +0000 Subject: [PATCH 6/6] OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=117 --- scap-security-guide.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 0cb9a9b..74275b0 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -261,6 +261,7 @@ make install DESTDIR=%buildroot %doc %{_datadir}/doc/scap-security-guide/guides/ssg-opensuse* %dir %{_datadir}/doc/scap-security-guide/tables/ %doc %{_datadir}/doc/scap-security-guide/tables/table-sle* +%doc %{_datadir}/doc/scap-security-guide/tables/table-slmicro* %doc %{_mandir}/man8/scap-security-guide.8.gz %dir %{_datadir}/scap-security-guide/ %dir %{_datadir}/scap-security-guide/ansible/