Accepting request 992448 from security

- updated to 0.1.63 (jsc#ECO-3319) - multiple bugfixes in SUSE profiles - Expand project guidelines - Add Draft OCP4 STIG profile - Add anssi_bp28_intermediary profile - add products/uos20 to support UnionTech OS Server 20 - products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles - Remove WRLinux Products - Update CIS RHEL8 Benchmark for v2.0.0 - removed fix-bash-template.patch: fixed upstream - Fixed: stig: /etc/shadow group owner should not be root but shadow (bsc#1200149) - Fixed: sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163) - Fixed: SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122) OBS-URL: https://build.opensuse.org/request/show/992448 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=20
2022-08-03 19:16:33 +00:00 · 2022-08-03 19:16:33 +00:00 · a6f694089d
commit a6f694089d
parent 13dd971c22 7493083014
5 changed files with 24 additions and 40 deletions
--- a/fix-bash-template.patch
+++ b/fix-bash-template.patch
@ -1,33 +0,0 @@
-diff --git a/shared/templates/audit_rules_syscall_events/bash.template b/shared/templates/audit_rules_syscall_events/bash.template
-index 6532554875..bd5bb94cb9 100644
--- a/shared/templates/audit_rules_syscall_events/bash.template
-+++ b/shared/templates/audit_rules_syscall_events/bash.template
-@@ -1,19 +1,20 @@
- # platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- 
-# Include source function library.
-. /usr/share/scap-security-guide/remediation_functions
-
- # First perform the remediation of the syscall rule
- # Retrieve hardware architecture of the underlying system
- [ "$(getconf LONG_BIT)" = "32" ] && RULE_ARCHS=("b32") || RULE_ARCHS=("b32" "b64")
- 
- for ARCH in "${RULE_ARCHS[@]}"
- do
-	PATTERN="-a always,exit -F arch=$ARCH -S {{{ ATTR }}}.*"
-	GROUP="perm_mod"
-	FULL_RULE="-a always,exit -F arch=$ARCH -S {{{ ATTR }}} -F auid>={{{ auid }}} -F auid!=4294967295 -F key=perm_mod"
-+	# FULL_RULE="-a always,exit -F arch=$ARCH -S {{{ ATTR }}} -F auid>={{{ auid }}} -F auid!=4294967295 -F key=perm_mod"
-+	ACTION_ARCH_FILTERS="-a always,exit -F arch=$ARCH"
-+	SYSCALL="{{{ ATTR }}}"
-+	SYSCALL_GROUPING="{{{ ATTR }}}"
-+	AUID_FILTERS="-F auid>={{{ auid }}} -F auid!=4294967295"
-+	KEY="perm_mod"
-+	OTHER_FILTERS=""
- 
- 	# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
-	fix_audit_syscall_rule "augenrules" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE"
-	fix_audit_syscall_rule "auditctl" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE"
-+	{{{ bash_fix_audit_syscall_rule("augenrules","$ACTION_ARCH_FILTERS", "$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") }}}
-+	{{{ bash_fix_audit_syscall_rule("auditctl",  "$ACTION_ARCH_FILTERS", "$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") }}}
- done
--- a/scap-security-guide.changes
+++ b/scap-security-guide.changes
@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Sat Jul 30 13:59:29 UTC 2022 - Marcus Meissner <meissner@suse.com>
+
+- updated to 0.1.63 (jsc#ECO-3319)
+   - multiple bugfixes in SUSE profiles
+   - Expand project guidelines 
+   - Add Draft OCP4 STIG profile 
+   - Add anssi_bp28_intermediary profile 
+   - add products/uos20 to support UnionTech OS Server 20
+   - products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles
+   - Remove WRLinux Products
+   - Update CIS RHEL8 Benchmark for v2.0.0
+- removed fix-bash-template.patch: fixed upstream
+- Fixed: stig: /etc/shadow group owner should not be root but shadow (bsc#1200149)
+- Fixed: sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163)
+- Fixed: SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122)
+
 -------------------------------------------------------------------
 Fri Jul 15 11:57:43 UTC 2022 - Julio González Gil <jgonzalez@suse.com>

--- a/scap-security-guide.spec
+++ b/scap-security-guide.spec
@ -42,7 +42,7 @@
 %endif

 Name:           scap-security-guide
-Version:        0.1.62
+Version:        0.1.63
 Release:        0
 Summary:        XCCDF files for SUSE Linux and openSUSE
 License:        BSD-3-Clause
@ -53,8 +53,6 @@ Packager:       SUSE Security Team <security@suse.de>
 %endif
 Source:         https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz
 Patch0:         scap-security-guide-UnicodeEncodeError-character-fix.patch
-# upstream d9aa7a49d135be60e1a6f9d2ce4e29560482b3d0 and 3485c8298957b24d97a563079fd648004a92822b
-Patch1:         fix-bash-template.patch
 BuildRequires:  cmake

 %if "%{_vendor}" == "debbuild"
@ -184,13 +182,14 @@ Note that the included profiles are community supplied and not officially suppor
 %prep
 %setup -n content-%version
 %patch0 -p0
-%patch1 -p1

 %build
 cd build
 cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \
      -DCMAKE_INSTALL_MANDIR=%{_mandir} \
      -DSSG_PRODUCT_CHROMIUM=OFF \
+	 -DSSG_PRODUCT_ALINUX2=OFF \
+	 -DSSG_PRODUCT_ALINUX3=OFF \
 	 -DSSG_PRODUCT_DEBIAN9=ON \
 	 -DSSG_PRODUCT_DEBIAN10=ON \
 	 -DSSG_PRODUCT_DEFAULT=ON \
@ -216,6 +215,7 @@ cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \
 	 -DSSG_PRODUCT_UBUNTU1604=ON \
 	 -DSSG_PRODUCT_UBUNTU1804=ON \
 	 -DSSG_PRODUCT_UBUNTU2004=ON \
+	 -DSSG_PRODUCT_UOS20=OFF \
         -DSSG_PRODUCT_VSEL=OFF \
         -DSSG_PRODUCT_EKS=OFF \
         -DSSG_PRODUCT_WRLINUX8=OFF \
--- a/v0.1.62.tar.gz
+++ b/v0.1.62.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d8e855040dfe23ccce380543a48e3a2a8c172b48e6d9eb292f575b51ea970e0d
-size 5244135
--- a/v0.1.63.tar.gz
+++ b/v0.1.63.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f028a5959bdb279ec2072aa6fc951223a1f63963a6055fdc4c27744055da55bd
+size 5382366