Accepting request 992448 from security
- updated to 0.1.63 (jsc#ECO-3319) - multiple bugfixes in SUSE profiles - Expand project guidelines - Add Draft OCP4 STIG profile - Add anssi_bp28_intermediary profile - add products/uos20 to support UnionTech OS Server 20 - products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles - Remove WRLinux Products - Update CIS RHEL8 Benchmark for v2.0.0 - removed fix-bash-template.patch: fixed upstream - Fixed: stig: /etc/shadow group owner should not be root but shadow (bsc#1200149) - Fixed: sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163) - Fixed: SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122) OBS-URL: https://build.opensuse.org/request/show/992448 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=20
This commit is contained in:
commit
a6f694089d
@ -1,33 +0,0 @@
|
|||||||
diff --git a/shared/templates/audit_rules_syscall_events/bash.template b/shared/templates/audit_rules_syscall_events/bash.template
|
|
||||||
index 6532554875..bd5bb94cb9 100644
|
|
||||||
--- a/shared/templates/audit_rules_syscall_events/bash.template
|
|
||||||
+++ b/shared/templates/audit_rules_syscall_events/bash.template
|
|
||||||
@@ -1,19 +1,20 @@
|
|
||||||
# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
|
|
||||||
|
|
||||||
-# Include source function library.
|
|
||||||
-. /usr/share/scap-security-guide/remediation_functions
|
|
||||||
-
|
|
||||||
# First perform the remediation of the syscall rule
|
|
||||||
# Retrieve hardware architecture of the underlying system
|
|
||||||
[ "$(getconf LONG_BIT)" = "32" ] && RULE_ARCHS=("b32") || RULE_ARCHS=("b32" "b64")
|
|
||||||
|
|
||||||
for ARCH in "${RULE_ARCHS[@]}"
|
|
||||||
do
|
|
||||||
- PATTERN="-a always,exit -F arch=$ARCH -S {{{ ATTR }}}.*"
|
|
||||||
- GROUP="perm_mod"
|
|
||||||
- FULL_RULE="-a always,exit -F arch=$ARCH -S {{{ ATTR }}} -F auid>={{{ auid }}} -F auid!=4294967295 -F key=perm_mod"
|
|
||||||
+ # FULL_RULE="-a always,exit -F arch=$ARCH -S {{{ ATTR }}} -F auid>={{{ auid }}} -F auid!=4294967295 -F key=perm_mod"
|
|
||||||
+ ACTION_ARCH_FILTERS="-a always,exit -F arch=$ARCH"
|
|
||||||
+ SYSCALL="{{{ ATTR }}}"
|
|
||||||
+ SYSCALL_GROUPING="{{{ ATTR }}}"
|
|
||||||
+ AUID_FILTERS="-F auid>={{{ auid }}} -F auid!=4294967295"
|
|
||||||
+ KEY="perm_mod"
|
|
||||||
+ OTHER_FILTERS=""
|
|
||||||
|
|
||||||
# Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
|
|
||||||
- fix_audit_syscall_rule "augenrules" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE"
|
|
||||||
- fix_audit_syscall_rule "auditctl" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE"
|
|
||||||
+ {{{ bash_fix_audit_syscall_rule("augenrules","$ACTION_ARCH_FILTERS", "$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") }}}
|
|
||||||
+ {{{ bash_fix_audit_syscall_rule("auditctl", "$ACTION_ARCH_FILTERS", "$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") }}}
|
|
||||||
done
|
|
@ -1,3 +1,20 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Jul 30 13:59:29 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||||
|
|
||||||
|
- updated to 0.1.63 (jsc#ECO-3319)
|
||||||
|
- multiple bugfixes in SUSE profiles
|
||||||
|
- Expand project guidelines
|
||||||
|
- Add Draft OCP4 STIG profile
|
||||||
|
- Add anssi_bp28_intermediary profile
|
||||||
|
- add products/uos20 to support UnionTech OS Server 20
|
||||||
|
- products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles
|
||||||
|
- Remove WRLinux Products
|
||||||
|
- Update CIS RHEL8 Benchmark for v2.0.0
|
||||||
|
- removed fix-bash-template.patch: fixed upstream
|
||||||
|
- Fixed: stig: /etc/shadow group owner should not be root but shadow (bsc#1200149)
|
||||||
|
- Fixed: sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163)
|
||||||
|
- Fixed: SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jul 15 11:57:43 UTC 2022 - Julio González Gil <jgonzalez@suse.com>
|
Fri Jul 15 11:57:43 UTC 2022 - Julio González Gil <jgonzalez@suse.com>
|
||||||
|
|
||||||
|
@ -42,7 +42,7 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
Name: scap-security-guide
|
Name: scap-security-guide
|
||||||
Version: 0.1.62
|
Version: 0.1.63
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: XCCDF files for SUSE Linux and openSUSE
|
Summary: XCCDF files for SUSE Linux and openSUSE
|
||||||
License: BSD-3-Clause
|
License: BSD-3-Clause
|
||||||
@ -53,8 +53,6 @@ Packager: SUSE Security Team <security@suse.de>
|
|||||||
%endif
|
%endif
|
||||||
Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz
|
Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz
|
||||||
Patch0: scap-security-guide-UnicodeEncodeError-character-fix.patch
|
Patch0: scap-security-guide-UnicodeEncodeError-character-fix.patch
|
||||||
# upstream d9aa7a49d135be60e1a6f9d2ce4e29560482b3d0 and 3485c8298957b24d97a563079fd648004a92822b
|
|
||||||
Patch1: fix-bash-template.patch
|
|
||||||
BuildRequires: cmake
|
BuildRequires: cmake
|
||||||
|
|
||||||
%if "%{_vendor}" == "debbuild"
|
%if "%{_vendor}" == "debbuild"
|
||||||
@ -184,13 +182,14 @@ Note that the included profiles are community supplied and not officially suppor
|
|||||||
%prep
|
%prep
|
||||||
%setup -n content-%version
|
%setup -n content-%version
|
||||||
%patch0 -p0
|
%patch0 -p0
|
||||||
%patch1 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
cd build
|
cd build
|
||||||
cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \
|
cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \
|
||||||
-DCMAKE_INSTALL_MANDIR=%{_mandir} \
|
-DCMAKE_INSTALL_MANDIR=%{_mandir} \
|
||||||
-DSSG_PRODUCT_CHROMIUM=OFF \
|
-DSSG_PRODUCT_CHROMIUM=OFF \
|
||||||
|
-DSSG_PRODUCT_ALINUX2=OFF \
|
||||||
|
-DSSG_PRODUCT_ALINUX3=OFF \
|
||||||
-DSSG_PRODUCT_DEBIAN9=ON \
|
-DSSG_PRODUCT_DEBIAN9=ON \
|
||||||
-DSSG_PRODUCT_DEBIAN10=ON \
|
-DSSG_PRODUCT_DEBIAN10=ON \
|
||||||
-DSSG_PRODUCT_DEFAULT=ON \
|
-DSSG_PRODUCT_DEFAULT=ON \
|
||||||
@ -216,6 +215,7 @@ cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \
|
|||||||
-DSSG_PRODUCT_UBUNTU1604=ON \
|
-DSSG_PRODUCT_UBUNTU1604=ON \
|
||||||
-DSSG_PRODUCT_UBUNTU1804=ON \
|
-DSSG_PRODUCT_UBUNTU1804=ON \
|
||||||
-DSSG_PRODUCT_UBUNTU2004=ON \
|
-DSSG_PRODUCT_UBUNTU2004=ON \
|
||||||
|
-DSSG_PRODUCT_UOS20=OFF \
|
||||||
-DSSG_PRODUCT_VSEL=OFF \
|
-DSSG_PRODUCT_VSEL=OFF \
|
||||||
-DSSG_PRODUCT_EKS=OFF \
|
-DSSG_PRODUCT_EKS=OFF \
|
||||||
-DSSG_PRODUCT_WRLINUX8=OFF \
|
-DSSG_PRODUCT_WRLINUX8=OFF \
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:d8e855040dfe23ccce380543a48e3a2a8c172b48e6d9eb292f575b51ea970e0d
|
|
||||||
size 5244135
|
|
3
v0.1.63.tar.gz
Normal file
3
v0.1.63.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:f028a5959bdb279ec2072aa6fc951223a1f63963a6055fdc4c27744055da55bd
|
||||||
|
size 5382366
|
Loading…
Reference in New Issue
Block a user