Accepting request 1198315 from home:rchikov
- updated to 0.1.74 (jsc#ECO-3319) - Add Amazon Linux 2023 product (#12006) - Introduce new remediation type Kickstart (#12144) - Make PAM macros more flexible to variables (#12133) - Remove Debian 10 Product (#12205) - Remove Red Hat Enterprise Linux 7 product (#12093) - Update CIS RHEL9 control file to v2.0.0 (#12067) OBS-URL: https://build.opensuse.org/request/show/1198315 OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=112
This commit is contained in:
commit
af74b29b13
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
.osc
|
7
_constraints
Normal file
7
_constraints
Normal file
@ -0,0 +1,7 @@
|
||||
<constraints>
|
||||
<hardware>
|
||||
<disk>
|
||||
<size unit="G">7</size>
|
||||
</disk>
|
||||
</hardware>
|
||||
</constraints>
|
342
scap-security-guide.changes
Normal file
342
scap-security-guide.changes
Normal file
@ -0,0 +1,342 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 2 13:58:50 UTC 2024 - Rumen Chikov <rumen.chikov@suse.com>
|
||||
|
||||
- updated to 0.1.74 (jsc#ECO-3319)
|
||||
- Add Amazon Linux 2023 product (#12006)
|
||||
- Introduce new remediation type Kickstart (#12144)
|
||||
- Make PAM macros more flexible to variables (#12133)
|
||||
- Remove Debian 10 Product (#12205)
|
||||
- Remove Red Hat Enterprise Linux 7 product (#12093)
|
||||
- Update CIS RHEL9 control file to v2.0.0 (#12067)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 31 07:52:33 UTC 2024 - Rumen Chikov <rumen.chikov@suse.com>
|
||||
|
||||
- updated to 0.1.73 (jsc#ECO-3319)
|
||||
- CMP 2417: Implement PCI-DSS v4.0 outline for OpenShift (#11651)
|
||||
- Update all RHEL ANSSI BP028 profiles to be aligned with configuration recommendations version 2.0
|
||||
- Generate rule references from control files (#11540)
|
||||
- Initial implementation of STIG V1R1 profile for Ubuntu 22.04 LTS (#11820)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 13 16:02:47 UTC 2024 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.72 (jsc#ECO-3319)
|
||||
- ANSSI BP 028 profile for debian12 (#11368)
|
||||
- Building on Windows (#11406)
|
||||
- Control for BSI APP.4.4 (#11342)
|
||||
- update to CIS RHEL 7 and RHEL 8 profiles aligning them with the latest benchmarks
|
||||
- various fixes to SLE profiles
|
||||
- add openeuler to -redhat package
|
||||
- removed ssg-fix-journald.patch: fixed upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 19 11:04:09 UTC 2023 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.71 (jsc#ECO-3319)
|
||||
- Add RHEL 9 STIG
|
||||
- Add support for Debian 12
|
||||
- Update PCI-DSS profile for RHEL
|
||||
- lots of bugfixes and improvements for SLE
|
||||
- removed left over file
|
||||
0001-Revert-fix-aide-remediations-add-crontabs.patch upstreamed in 0.1.69
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 6 12:21:53 UTC 2023 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- ssg-fix-journald.patch: switch buggy journald plugindir remediation
|
||||
to write into journald.conf. (bsc#1217832)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 17 14:44:03 UTC 2023 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.70 (jsc#ECO-3319)
|
||||
- Add openembedded distro support (#10793)
|
||||
- Remove DRAFT wording for OpenShift STIG (#11100)
|
||||
- Remove test-function-check_playbook_file_removed_and_added test (#10982)
|
||||
- scap-security-guide: Add Poky support (#11046)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 2 13:49:20 UTC 2023 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.69 (jsc#ECO-3319)
|
||||
- Introduce a JSON build manifest (#10761)
|
||||
- Introduce a script to compare ComplianceAsCode versions (#10768)
|
||||
- Introduce CCN profiles for RHEL9 (#10860)
|
||||
- Map rules to components (#10609)
|
||||
- products/anolis23: supports Anolis OS 23 (#10548)
|
||||
- Render components to HTML (#10709)
|
||||
- Store rendered control files (#10656)
|
||||
- Test and use rules to components mapping (#10693)
|
||||
- Use distributed product properties (#10554)
|
||||
- 0001-Revert-fix-aide-remediations-add-crontabs.patch: removed, upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 27 06:58:41 UTC 2023 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- 0001-Revert-fix-aide-remediations-add-crontabs.patch:
|
||||
revert patch that breaks the SLE hardening (bsc#1213691)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 15 15:40:16 UTC 2023 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.68 (jsc#ECO-3319)
|
||||
- Bump OL8 STIG version to V1R6
|
||||
- Introduce a Product class, make the project work with it
|
||||
- Introduce Fedora and Firefox CaC profiles for common workstation users
|
||||
- OL7 DISA STIG v2r11 update
|
||||
- Publish rendered policy artifacts
|
||||
- Update ANSSI BP-028 to version 2.0
|
||||
- updated to 0.1.67 (jsc#ECO-3319)
|
||||
- Add utils/controlrefcheck.py
|
||||
- RHEL 9 STIG Update Q1 2023
|
||||
- Include warning for NetworkManager keyfiles in RHEL9
|
||||
- OL7 stig v2r10 update
|
||||
- Bump version of OL8 STIG to V1R5
|
||||
- various enhancements to SLE profiles
|
||||
- scap-security-guide-UnicodeEncodeError-character-fix.patch: fixed upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 6 15:03:31 UTC 2023 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.66 (jsc#ECO-3319)
|
||||
- Ubuntu 22.04 CIS
|
||||
- OL7 stig v2r9 update
|
||||
- Bump OL8 STIG version to V1R4
|
||||
- Update RHEL7 STIG to V3R10
|
||||
- Update RHEL8 STIG to V1R9
|
||||
- Introduce CIS RHEL9 profiles
|
||||
- also various SUSE profile fixes were done
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 5 10:44:15 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.65 (jsc#ECO-3319)
|
||||
- Introduce cui profile for OL9
|
||||
- Remove Support for OVAL 5.10
|
||||
- Rename account_passwords_pam_faillock_audit
|
||||
- CI ansible hardening and rename of existing Bash hardening
|
||||
- Update contributors list for v0.1.65 release
|
||||
- various SUSE profile specific fixes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 25 13:16:15 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- require sudo, as remediations touch sudo config or use sudo.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 5 09:21:53 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- enable ubuntu 2204 build
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Oct 1 08:56:49 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.64 (jsc#ECO-3319)
|
||||
- Introduce ol9 stig profile
|
||||
- Introduce Ol9 anssi profiles
|
||||
- Update RHEL8 STIG to V1R7
|
||||
- Introduce e8 profile for OL9
|
||||
- Update RHEL7 STIG to V3R8
|
||||
- some SUSE profile fixes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 21 08:24:30 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- Added several RPM requires that are needed by the SUSE remediation
|
||||
scripts. (e.g. awk is not necessary installed)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Jul 30 13:59:29 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.63 (jsc#ECO-3319)
|
||||
- multiple bugfixes in SUSE profiles
|
||||
- Expand project guidelines
|
||||
- Add Draft OCP4 STIG profile
|
||||
- Add anssi_bp28_intermediary profile
|
||||
- add products/uos20 to support UnionTech OS Server 20
|
||||
- products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles
|
||||
- Remove WRLinux Products
|
||||
- Update CIS RHEL8 Benchmark for v2.0.0
|
||||
- removed fix-bash-template.patch: fixed upstream
|
||||
- Fixed: stig: /etc/shadow group owner should not be root but shadow (bsc#1200149)
|
||||
- Fixed: sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163)
|
||||
- Fixed: SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 15 11:57:43 UTC 2022 - Julio González Gil <jgonzalez@suse.com>
|
||||
|
||||
- Fix the build for RHEL 7 and clones (python-setuptools is used)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 6 09:26:15 UTC 2022 - Julio González Gil <jgonzalez@suse.com>
|
||||
|
||||
- Fix the build for RHEL 9 and clones
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 27 12:59:21 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- fix-bash-template.patch: convert one bash emitter to new jinja method.
|
||||
(bsc#1200163)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 9 15:31:50 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- add python3-setuptools for all builds (so it is also used on debian
|
||||
and centos flavors)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 30 12:48:54 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.62 (jsc#ECO-3319)
|
||||
- Update rhel8 stig to v1r6
|
||||
- OL7 STIG v2r7 update
|
||||
- Initial definition of ANSSI BP28 minmal profile for SLE
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 4 08:40:40 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.61 (jsc#ECO-3319)
|
||||
- Stop building PCI-DSS-centric XCCDF benchmark for RHEL 7
|
||||
- Introduce OL9 product
|
||||
- Implement handling of logical expressions in platform definitions
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 22 15:19:07 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- bump disk size constraints to 7gb to avoid occasional disk fulls failures.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 27 13:43:18 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.60 (jsc#ECO-3319)
|
||||
- New draft stig profile v1r1 for OL8
|
||||
- New product Amazon EKS platform and initial CIS profiles
|
||||
- New product CentOS Stream 9, as a derivative from RHEL9 product
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Nov 27 15:39:12 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.59 release (jsc#ECO-3319)
|
||||
- Support for Debian 11
|
||||
- NERC CIP profiles for OCP4 and RHCOS
|
||||
- HIPAA profile for SLE15
|
||||
- Delta Tailoring Files for STIG profiles
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 6 09:00:15 UTC 2021 - Alexander Bergmann <abergmann@suse.com>
|
||||
|
||||
- Fix SLE-12 build issue caused by '\xb0' character (bsc#1191431).
|
||||
- Add scap-security-guide-UnicodeEncodeError-character-fix.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 24 15:16:30 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.58 release (jsc#ECO-3319)
|
||||
- Support for Script Checking Engine (SCE)
|
||||
- Split RHEL 8 CIS profile using new controls file format
|
||||
- CIS Profiles for SLE12
|
||||
- Initial Ubuntu 20.04 STIG Profiles
|
||||
- Addition of an automated CCE adder
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 13 14:41:16 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.57 release (jsc#ECO-3319)
|
||||
- CIS profile for RHEL 7 is updated
|
||||
- initial CIS profiles for Ubuntu 20.04
|
||||
- Major improvement of RHEL 9 content
|
||||
- new release process implemented using Github actions
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 2 15:03:42 UTC 2021 - Julio González Gil <jgonzalez@suse.com>
|
||||
|
||||
- Specify the maintainer, for deb packages.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 26 15:19:40 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.56 release (jsc#ECO-3319)
|
||||
- Align ism_o profile with latest ISM SSP (#6878)
|
||||
- Align RHEL 7 STIG profile with DISA STIG V3R3
|
||||
- Creating new RHEL 7 STIG GUI profile (#6863)
|
||||
- Creating new RHEL 8 STIG GUI profile (#6862)
|
||||
- Add the RHEL9 product (#6801)
|
||||
- Initial support for SUSE SLE-15 (#6666)
|
||||
- add support for osbuild blueprint remediations (#6970)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 24 13:25:26 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to a intermediate GIT snapshot of 20210323 (jsc#ECO-3319)
|
||||
- initial SLES15 STIG added
|
||||
- more SLES 12 STIG work
|
||||
- correct tables and cross references for SLES 12 and 15 STIG
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 19 15:08:35 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.55 release (jsc#ECO-3319)
|
||||
- big update of rules used in SLES-12 STIG profile
|
||||
- Render policy to HTML (#6532)
|
||||
- Add variable support to yamlfile_value template (#6563)
|
||||
- Introduce new template for dconf configuration files (#6118)
|
||||
- avoid some non sles12 sp2 available macros.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 12 14:14:10 UTC 2021 - Julio González Gil <jgonzalez@suse.com>
|
||||
|
||||
- Add the redhat conflict for packages built on redhat clones
|
||||
or Fedora
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 26 08:45:24 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- remove redhat conflict.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Feb 7 10:42:34 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- added Redhat, Debian, Ubuntu products, split off into seperate
|
||||
packages for size.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 3 23:55:30 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- Update descriptions, modernize specfile constructs.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 3 14:07:22 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.54 version
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 3 10:23:50 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||||
|
||||
- updated to 0.1.53 version, adjusted some things.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 14 11:55:47 UTC 2019 - Brice DEKANY <brice.dekany@suse.com>
|
||||
|
||||
- New specfile
|
||||
- build for openSUSE + Backport
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 14 11:27:26 UTC 2019 - Brice DEKANY <brice.dekany@suse.com>
|
||||
|
||||
- Switch to new formating from ComplianceAsCode
|
||||
- Project is now hosted by github.com/openSUSE
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 16 12:12:56 UTC 2018 - brice.dekany@suse.com
|
||||
|
||||
- Add a first batch of SEVERITY CAT II Rules
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 17 10:14:09 UTC 2018 - brice.dekany@suse.com
|
||||
|
||||
- Add fixes for SEVERITY CAT I
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 21:05:16 UTC 2018 - brice.dekany@suse.com
|
||||
|
||||
- Initial version of xccdf for Severty CAT I
|
348
scap-security-guide.spec
Normal file
348
scap-security-guide.spec
Normal file
@ -0,0 +1,348 @@
|
||||
#
|
||||
# spec file for package scap-security-guide
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%if ! (0%{?fedora} || 0%{?rhel} > 5)
|
||||
%if "%{_vendor}" == "debbuild"
|
||||
%global __python /usr/bin/python3
|
||||
%endif
|
||||
%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")}
|
||||
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora} || 0%{?rhel} >= 8
|
||||
%{!?pylint_check: %global pylint_check 0}
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora} || 0%{?suse_version} > 1320 || 0%{?rhel} >= 8 || "%{_vendor}" == "debbuild"
|
||||
%global build_py3 1
|
||||
%if "%{_vendor}" != "debbuild"
|
||||
%global python_sitelib %{python3_sitelib}
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora} || 0%{?rhel} >= 8
|
||||
%global python2prefix python2
|
||||
%else
|
||||
%global python2prefix python
|
||||
%endif
|
||||
|
||||
Name: scap-security-guide
|
||||
Version: 0.1.74
|
||||
Release: 0
|
||||
Summary: XCCDF files for SUSE Linux and openSUSE
|
||||
License: BSD-3-Clause
|
||||
Group: Productivity/Security
|
||||
URL: https://github.com/ComplianceAsCode/content
|
||||
%if "%{_vendor}" == "debbuild"
|
||||
Packager: SUSE Security Team <security@suse.de>
|
||||
%endif
|
||||
Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz
|
||||
|
||||
# explicit require what is needed by the detection logic in the scripts
|
||||
Requires: coreutils
|
||||
Requires: findutils
|
||||
Requires: gawk
|
||||
Requires: grep
|
||||
Requires: sed
|
||||
Requires: sudo
|
||||
Requires: zypper
|
||||
|
||||
BuildRequires: cmake
|
||||
|
||||
%if "%{_vendor}" == "debbuild"
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
BuildRequires: libopenscap8
|
||||
BuildRequires: libxml2-utils
|
||||
BuildRequires: libxslt1.1
|
||||
BuildRequires: xsltproc
|
||||
%else
|
||||
BuildRequires: libxslt
|
||||
BuildRequires: openscap-utils
|
||||
%endif
|
||||
|
||||
%if 0%{?rhel} == 7
|
||||
BuildRequires: python-setuptools
|
||||
%else
|
||||
BuildRequires: python3-setuptools
|
||||
%endif
|
||||
|
||||
%if 0%{?rhel} == 8
|
||||
BuildRequires: python3
|
||||
%endif
|
||||
|
||||
%if 0%{?suse_version}
|
||||
BuildRequires: python3-xml
|
||||
%endif
|
||||
|
||||
%if 0%{?rhel} == 7
|
||||
BuildRequires: PyYAML
|
||||
%else
|
||||
%if 0%{?rhel} == 8
|
||||
BuildRequires: python3-pyyaml
|
||||
%else
|
||||
%if "%{_vendor}" == "debbuild"
|
||||
BuildRequires: python3-yaml
|
||||
%else
|
||||
BuildRequires: python3-PyYAML
|
||||
%endif
|
||||
%endif
|
||||
%endif
|
||||
|
||||
%if 0%{?rhel} == 7
|
||||
BuildRequires: python-jinja2
|
||||
%else
|
||||
%if 0%{?rhel} >= 8
|
||||
BuildRequires: python3-jinja2
|
||||
%else
|
||||
%if "%{_vendor}" == "debbuild"
|
||||
BuildRequires: python3-jinja2
|
||||
%else
|
||||
BuildRequires: python3-Jinja2
|
||||
%endif
|
||||
%endif
|
||||
%endif
|
||||
|
||||
BuildRequires: expat
|
||||
BuildRequires: libxml2
|
||||
# not on SLES currently
|
||||
%if 0%{?is_opensuse} || 0%{?fedora} || "%{_vendor}" == "debbuild"
|
||||
BuildRequires: ansible
|
||||
%endif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildArch: noarch
|
||||
|
||||
%description
|
||||
Security Content Automation Protocol (SCAP) Security Guide for SUSE Linux.
|
||||
|
||||
This package contains XCCDF (Extensible Configuration Checklist
|
||||
Description Format), OVAL (Open Vulnerability and Assessment
|
||||
Language), CPE (Common Platform Enumeration) and DS (Data Stream)
|
||||
files to run a compliance test on SLE12, SLE15 and openSUSE
|
||||
|
||||
SUSE supported in this version of scap-security-guide:
|
||||
|
||||
- DISA STIG profile for SUSE Linux Enterprise Server 12 and 15
|
||||
- ANSSI-BP-028 profile for SUSE Linux Enterprise Server 12 and 15
|
||||
- PCI-DSS profile for SUSE Linux Enterprise Server 12 and 15
|
||||
- HIPAA profile for SUSE Linux Enterprise Server 12 and 15
|
||||
- CIS profile for SUSE Linux Enterprise Server 12 and 15
|
||||
- Hardening for Public Cloud Image of SUSE Linux Enterprise Server for SAP Applications 15
|
||||
- Public Cloud Hardening for SUSE Linux Enterprise 15
|
||||
|
||||
Other profiles, like the Standard System Security Profile for SUSE Linux Enterprise 12 and 15,
|
||||
are community supplied and not officially supported by SUSE.
|
||||
|
||||
%package redhat
|
||||
Summary: XCCDF files for RHEL, CentOS, Fedora and ScientificLinux
|
||||
Group: Productivity/Security
|
||||
%if 0%{?fedora} || 0%{?rhel}
|
||||
Conflicts: scap-security-guide
|
||||
%endif
|
||||
|
||||
%description redhat
|
||||
Security Content Automation Protocol (SCAP) Security Guide for Redhat/Fedora/CentOS/OracleLinux/ScientificLinux.
|
||||
|
||||
This package contains XCCDF (Extensible Configuration Checklist
|
||||
Description Format), OVAL (Open Vulnerability and Assessment
|
||||
Language), CPE (Common Platform Enumeration) and DS (Data Stream)
|
||||
files to run a compliance test on various Redhat products, CentOS, Oracle Linux, Fedora and ScientificLinux.
|
||||
|
||||
Note that the included profiles are community supplied and not officially supported by SUSE..
|
||||
|
||||
%package debian
|
||||
Summary: XCCDF files for Debian
|
||||
Group: Productivity/Security
|
||||
|
||||
%description debian
|
||||
Security Content Automation Protocol (SCAP) Security Guide for Debian.
|
||||
|
||||
This package contains XCCDF (Extensible Configuration Checklist
|
||||
Description Format), OVAL (Open Vulnerability and Assessment
|
||||
Language), CPE (Common Platform Enumeration) and DS (Data Stream)
|
||||
files to run a compliance test on Debian.
|
||||
|
||||
Note that the included profiles are community supplied and not officially supported by SUSE..
|
||||
|
||||
%package ubuntu
|
||||
Summary: XCCDF files for Ubuntu
|
||||
Group: Productivity/Security
|
||||
|
||||
%description ubuntu
|
||||
Security Content Automation Protocol (SCAP) Security Guide for Ubuntu.
|
||||
|
||||
This package contains XCCDF (Extensible Configuration Checklist
|
||||
Description Format), OVAL (Open Vulnerability and Assessment
|
||||
Language), CPE (Common Platform Enumeration) and DS (Data Stream)
|
||||
files to run a compliance test on Ubuntu.
|
||||
|
||||
Note that the included profiles are community supplied and not officially supported by SUSE..
|
||||
|
||||
%prep
|
||||
%setup -q -n content-%version
|
||||
|
||||
%build
|
||||
cd build
|
||||
cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \
|
||||
-DCMAKE_INSTALL_MANDIR=%{_mandir} \
|
||||
-DSSG_PRODUCT_CHROMIUM=OFF \
|
||||
-DSSG_PRODUCT_ALINUX2=OFF \
|
||||
-DSSG_PRODUCT_ALINUX3=OFF \
|
||||
-DSSG_PRODUCT_DEBIAN9=ON \
|
||||
-DSSG_PRODUCT_DEBIAN10=ON \
|
||||
-DSSG_PRODUCT_DEFAULT=ON \
|
||||
-DSSG_PRODUCT_EXAMPLE=OFF \
|
||||
-DSSG_PRODUCT_FEDORA=ON \
|
||||
-DSSG_PRODUCT_FIREFOX=OFF \
|
||||
-DSSG_PRODUCT_FUSE6=OFF \
|
||||
-DSSG_PRODUCT_JRE=OFF \
|
||||
-DSSG_PRODUCT_MACOS1015=OFF \
|
||||
-DSSG_PRODUCT_OCP4=OFF \
|
||||
-DSSG_PRODUCT_OL7=ON \
|
||||
-DSSG_PRODUCT_OL8=ON \
|
||||
-DSSG_PRODUCT_OL9=ON \
|
||||
-DSSG_PRODUCT_OPENSUSE=ON \
|
||||
-DSSG_PRODUCT_OPENEMBEDDED=OFF \
|
||||
-DSSG_PRODUCT_RHCOS4=ON \
|
||||
-DSSG_PRODUCT_RHEL7=ON \
|
||||
-DSSG_PRODUCT_RHEL8=ON \
|
||||
-DSSG_PRODUCT_RHEL9=ON \
|
||||
-DSSG_PRODUCT_RHOSP10=ON \
|
||||
-DSSG_PRODUCT_RHOSP13=ON \
|
||||
-DSSG_PRODUCT_RHV4=ON \
|
||||
-DSSG_PRODUCT_SLE12=ON \
|
||||
-DSSG_PRODUCT_SLE15=ON \
|
||||
-DSSG_PRODUCT_UBUNTU1604=ON \
|
||||
-DSSG_PRODUCT_UBUNTU1804=ON \
|
||||
-DSSG_PRODUCT_UBUNTU2004=ON \
|
||||
-DSSG_PRODUCT_UBUNTU2204=ON \
|
||||
-DSSG_PRODUCT_UOS20=OFF \
|
||||
-DSSG_PRODUCT_VSEL=OFF \
|
||||
-DSSG_PRODUCT_EKS=OFF \
|
||||
-DSSG_PRODUCT_WRLINUX8=OFF \
|
||||
-DSSG_PRODUCT_WRLINUX1019=OFF \
|
||||
-DSSG_PRODUCT_ANOLIS8=OFF \
|
||||
-DSSG_PRODUCT_ANOLIS23=OFF \
|
||||
../
|
||||
make
|
||||
|
||||
%install
|
||||
cd build/
|
||||
make install DESTDIR=%buildroot
|
||||
|
||||
%files
|
||||
%if "%{_vendor}" != "debbuild"
|
||||
%license LICENSE
|
||||
%endif
|
||||
%dir %{_datadir}/doc/scap-security-guide/
|
||||
%{_datadir}/doc/scap-security-guide/Contributors.md
|
||||
%{_datadir}/doc/scap-security-guide/README.md
|
||||
%{_datadir}/doc/scap-security-guide/LICENSE
|
||||
%dir %{_datadir}/doc/scap-security-guide/guides/
|
||||
%doc %{_datadir}/doc/scap-security-guide/guides/ssg-sle*
|
||||
%doc %{_datadir}/doc/scap-security-guide/guides/ssg-opensuse*
|
||||
%dir %{_datadir}/doc/scap-security-guide/tables/
|
||||
%doc %{_datadir}/doc/scap-security-guide/tables/table-sle*
|
||||
%doc %{_mandir}/man8/scap-security-guide.8.gz
|
||||
%dir %{_datadir}/scap-security-guide/
|
||||
%dir %{_datadir}/scap-security-guide/ansible/
|
||||
%dir %{_datadir}/scap-security-guide/bash/
|
||||
%dir %{_datadir}/scap-security-guide/kickstart/
|
||||
%{_datadir}/scap-security-guide/*/opensuse*
|
||||
%{_datadir}/scap-security-guide/*/sle*
|
||||
%dir %{_datadir}/xml/scap/
|
||||
%dir %{_datadir}/xml/scap/ssg/
|
||||
%dir %{_datadir}/xml/scap/ssg/content/
|
||||
%{_datadir}/xml/scap/ssg/content/*-sle*
|
||||
%{_datadir}/xml/scap/ssg/content/*-opensuse*
|
||||
|
||||
%files redhat
|
||||
%if "%{_vendor}" != "debbuild"
|
||||
%license LICENSE
|
||||
%endif
|
||||
%dir %{_datadir}/doc/scap-security-guide/guides/
|
||||
%doc %{_datadir}/doc/scap-security-guide/guides/ssg-centos*
|
||||
%doc %{_datadir}/doc/scap-security-guide/guides/ssg-cs9*
|
||||
%doc %{_datadir}/doc/scap-security-guide/guides/ssg-fedora*
|
||||
%doc %{_datadir}/doc/scap-security-guide/guides/ssg-ol*
|
||||
%doc %{_datadir}/doc/scap-security-guide/guides/ssg-openeuler*
|
||||
%doc %{_datadir}/doc/scap-security-guide/guides/ssg-rh*
|
||||
%doc %{_datadir}/doc/scap-security-guide/guides/ssg-sl7*
|
||||
%dir %{_datadir}/doc/scap-security-guide/tables/
|
||||
%doc %{_datadir}/doc/scap-security-guide/tables/table-ol*
|
||||
%doc %{_datadir}/doc/scap-security-guide/tables/table-rh*
|
||||
%dir %{_datadir}/doc/scap-security-guide/
|
||||
%dir %{_datadir}/scap-security-guide/
|
||||
%dir %{_datadir}/scap-security-guide/ansible/
|
||||
%dir %{_datadir}/scap-security-guide/tailoring/
|
||||
%dir %{_datadir}/scap-security-guide/bash/
|
||||
%dir %{_datadir}/scap-security-guide/kickstart/
|
||||
%{_datadir}/scap-security-guide/*/*centos*
|
||||
%{_datadir}/scap-security-guide/*/*cs9*
|
||||
%{_datadir}/scap-security-guide/*/*fedora*
|
||||
%{_datadir}/scap-security-guide/*/*ol*
|
||||
%{_datadir}/scap-security-guide/*/*openeuler*
|
||||
%{_datadir}/scap-security-guide/*/*rh*
|
||||
%{_datadir}/scap-security-guide/*/*sl7*
|
||||
%dir %{_datadir}/xml/scap/
|
||||
%dir %{_datadir}/xml/scap/ssg/
|
||||
%dir %{_datadir}/xml/scap/ssg/content/
|
||||
%{_datadir}/xml/scap/ssg/content/*-centos*
|
||||
%{_datadir}/xml/scap/ssg/content/*-cs9*
|
||||
%{_datadir}/xml/scap/ssg/content/*-fedora*
|
||||
%{_datadir}/xml/scap/ssg/content/*-ol*
|
||||
%{_datadir}/xml/scap/ssg/content/*-openeuler*
|
||||
%{_datadir}/xml/scap/ssg/content/*-rh*
|
||||
%{_datadir}/xml/scap/ssg/content/*-sl7*
|
||||
|
||||
%files debian
|
||||
%if "%{_vendor}" != "debbuild"
|
||||
%license LICENSE
|
||||
%endif
|
||||
%dir %{_datadir}/doc/scap-security-guide/guides/
|
||||
%doc %{_datadir}/doc/scap-security-guide/guides/ssg-debian*
|
||||
%dir %{_datadir}/doc/scap-security-guide/tables/
|
||||
%dir %{_datadir}/doc/scap-security-guide/
|
||||
%dir %{_datadir}/scap-security-guide/
|
||||
%dir %{_datadir}/scap-security-guide/ansible/
|
||||
%dir %{_datadir}/scap-security-guide/bash/
|
||||
%dir %{_datadir}/scap-security-guide/kickstart/
|
||||
%{_datadir}/scap-security-guide/*/*debian*
|
||||
%dir %{_datadir}/xml/scap/
|
||||
%dir %{_datadir}/xml/scap/ssg/
|
||||
%dir %{_datadir}/xml/scap/ssg/content/
|
||||
%{_datadir}/xml/scap/ssg/content/*-debian*
|
||||
|
||||
%files ubuntu
|
||||
%if "%{_vendor}" != "debbuild"
|
||||
%license LICENSE
|
||||
%endif
|
||||
%dir %{_datadir}/doc/scap-security-guide/guides/
|
||||
%doc %{_datadir}/doc/scap-security-guide/guides/ssg-ubuntu*
|
||||
%dir %{_datadir}/doc/scap-security-guide/tables/
|
||||
%dir %{_datadir}/doc/scap-security-guide/
|
||||
%dir %{_datadir}/scap-security-guide/
|
||||
%dir %{_datadir}/scap-security-guide/ansible/
|
||||
%dir %{_datadir}/scap-security-guide/bash/
|
||||
%dir %{_datadir}/scap-security-guide/kickstart/
|
||||
%{_datadir}/scap-security-guide/*/*ubuntu*
|
||||
%dir %{_datadir}/xml/scap/
|
||||
%dir %{_datadir}/xml/scap/ssg/
|
||||
%dir %{_datadir}/xml/scap/ssg/content/
|
||||
%{_datadir}/xml/scap/ssg/content/*-ubuntu*
|
||||
|
||||
%changelog
|
3
v0.1.73.tar.gz
Normal file
3
v0.1.73.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:4775f07e279f52e069bf2bc152c28d915a36f0d6ade7c01b498a85f96c285fa4
|
||||
size 10550630
|
3
v0.1.74.tar.gz
Normal file
3
v0.1.74.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a88612e3f7b609fae910f4bce0c6362df80aa396ec533aab868f5c155f86239b
|
||||
size 10518768
|
Loading…
Reference in New Issue
Block a user