Commit Graph

124 Commits

Author SHA256 Message Date
Ana Guerrero
57a435bb5e Accepting request 1198901 from security
- updated to 0.1.74 (jsc#ECO-3319)
  - Add Amazon Linux 2023 product (#12006)
  - Introduce new remediation type Kickstart (#12144)
  - Make PAM macros more flexible to variables (#12133)
  - Remove Debian 10 Product (#12205)
  - Remove Red Hat Enterprise Linux 7 product (#12093)
  - Update CIS RHEL9 control file to v2.0.0 (#12067)

OBS-URL: https://build.opensuse.org/request/show/1198901
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=36
2024-09-05 13:47:27 +00:00
02ce1f4c8f OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=117 2024-09-05 07:31:47 +00:00
6f03042088 OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=116 2024-09-04 16:27:10 +00:00
21c22859a7 OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=115 2024-09-04 13:13:45 +00:00
39b38338e7 OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=114 2024-09-04 12:09:03 +00:00
7444a1e3cb OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=113 2024-09-04 08:59:26 +00:00
af74b29b13 Accepting request 1198315 from home:rchikov
- updated to 0.1.74 (jsc#ECO-3319)
  - Add Amazon Linux 2023 product (#12006)
  - Introduce new remediation type Kickstart (#12144)
  - Make PAM macros more flexible to variables (#12133)
  - Remove Debian 10 Product (#12205)
  - Remove Red Hat Enterprise Linux 7 product (#12093)
  - Update CIS RHEL9 control file to v2.0.0 (#12067)

OBS-URL: https://build.opensuse.org/request/show/1198315
OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=112
2024-09-02 14:26:03 +00:00
Ana Guerrero
14348c30db Accepting request 1178138 from security
- updated to 0.1.73 (jsc#ECO-3319)
  - CMP 2417: Implement PCI-DSS v4.0 outline for OpenShift (#11651)
  - Update all RHEL ANSSI BP028 profiles to be aligned with configuration recommendations version 2.0
  - Generate rule references from control files (#11540)
  - Initial implementation of STIG V1R1 profile for Ubuntu 22.04 LTS (#11820)

OBS-URL: https://build.opensuse.org/request/show/1178138
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=35
2024-06-03 15:43:27 +00:00
a93fba771c OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=110 2024-06-02 10:03:19 +00:00
30b35efdf7 Accepting request 1177884 from home:rchikov
- updated to 0.1.73 (jsc#ECO-3319)
  - CMP 2417: Implement PCI-DSS v4.0 outline for OpenShift (#11651)
  - Update all RHEL ANSSI BP028 profiles to be aligned with configuration recommendations version 2.0
  - Generate rule references from control files (#11540)
  - Initial implementation of STIG V1R1 profile for Ubuntu 22.04 LTS (#11820)

OBS-URL: https://build.opensuse.org/request/show/1177884
OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=109
2024-06-02 10:02:34 +00:00
Ana Guerrero
96d81ca268 Accepting request 1146536 from security
- updated to 0.1.72 (jsc#ECO-3319)
  - ANSSI BP 028 profile for debian12 (#11368)
  - Building on Windows (#11406)
  - Control for BSI APP.4.4 (#11342)
  - update to CIS RHEL 7 and RHEL 8 profiles aligning them with the latest benchmarks
  - various fixes to SLE profiles
- add openeuler to -redhat package
- removed ssg-fix-journald.patch: fixed upstream

OBS-URL: https://build.opensuse.org/request/show/1146536
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=34
2024-02-14 22:19:01 +00:00
3ac2c23c44 - add openeuler to -redhat package
OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=107
2024-02-14 09:47:53 +00:00
6e0ee3582a - add openeuler to -redhat package
OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=106
2024-02-14 08:05:30 +00:00
731e806bbf Accepting request 1146455 from home:msmeissn:branches:security
- updated to 0.1.72 (jsc#ECO-3319)
  - ANSSI BP 028 profile for debian12 (#11368)
  - Building on Windows (#11406)
  - Control for BSI APP.4.4 (#11342)
  - update to CIS RHEL 7 and RHEL 8 profiles aligning them with the latest benchmarks
  - various fixes to SLE profiles
- removed ssg-fix-journald.patch: fixed upstream

OBS-URL: https://build.opensuse.org/request/show/1146455
OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=105
2024-02-13 16:29:31 +00:00
Ana Guerrero
f268fcef31 Accepting request 1137951 from security
- removed left over file
  0001-Revert-fix-aide-remediations-add-crontabs.patch upstreamed in 0.1.69

OBS-URL: https://build.opensuse.org/request/show/1137951
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=33
2024-01-10 20:53:20 +00:00
d5a14ad98e OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=103 2024-01-10 14:20:40 +00:00
b89892b2dc - removed left over file
0001-Revert-fix-aide-remediations-add-crontabs.patch upstreamed in 0.1.69

OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=102
2024-01-10 14:20:21 +00:00
5afc6518e1 OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=101 2024-01-10 14:19:45 +00:00
841be0f343 - dropped 0001-Revert-fix-aide-remediations-add-crontabs.patch (upstreamed)
OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=100
2024-01-10 14:18:37 +00:00
Ana Guerrero
7653dd5e26 Accepting request 1134450 from security
- ssg-fix-journald.patch: switch buggy journald plugindir remediation
  to write into journald.conf. (bsc#1217832)

OBS-URL: https://build.opensuse.org/request/show/1134450
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=32
2023-12-21 22:39:19 +00:00
b48927e9fb OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=98 2023-12-21 10:11:21 +00:00
6bb5d929b4 - ssg-fix-journald.patch: switch buggy journald plugindir remediation
to write into journald.conf. (bsc#1217832)

OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=97
2023-12-21 10:10:58 +00:00
Ana Guerrero
cf012656a0 Accepting request 1134063 from security
- updated to 0.1.71 (jsc#ECO-3319)
  - Add RHEL 9 STIG
  - Add support for Debian 12
  - Update PCI-DSS profile for RHEL
  - lots of bugfixes and improvements for SLE (forwarded request 1134022 from msmeissn)

OBS-URL: https://build.opensuse.org/request/show/1134063
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=31
2023-12-20 20:01:26 +00:00
3a8b8dfaa1 Accepting request 1134022 from home:msmeissn:branches:security
- updated to 0.1.71 (jsc#ECO-3319)
  - Add RHEL 9 STIG
  - Add support for Debian 12
  - Update PCI-DSS profile for RHEL
  - lots of bugfixes and improvements for SLE

OBS-URL: https://build.opensuse.org/request/show/1134022
OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=95
2023-12-19 16:20:16 +00:00
Ana Guerrero
5bb27d27df Accepting request 1118850 from security
OBS-URL: https://build.opensuse.org/request/show/1118850
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=30
2023-10-19 20:49:44 +00:00
f4711ab17b Accepting request 1118523 from home:msmeissn:branches:security
- updated to 0.1.70 (jsc#ECO-3319)
  - Add openembedded distro support (#10793)
  - Remove DRAFT wording for OpenShift STIG (#11100)
  - Remove test-function-check_playbook_file_removed_and_added test (#10982)
  - scap-security-guide: Add Poky support (#11046)

OBS-URL: https://build.opensuse.org/request/show/1118523
OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=93
2023-10-19 08:30:13 +00:00
444ae4eb5a OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=92 2023-08-05 07:14:19 +00:00
Dominique Leuenberger
8d1c72803e Accepting request 1102115 from security
- updated to 0.1.69 (jsc#ECO-3319)
  - Introduce a JSON build manifest (#10761)
  - Introduce a script to compare ComplianceAsCode versions (#10768)
  - Introduce CCN profiles for RHEL9 (#10860)
  - Map rules to components (#10609)
  - products/anolis23: supports Anolis OS 23 (#10548)
  - Render components to HTML (#10709)
  - Store rendered control files (#10656)
  - Test and use rules to components mapping (#10693)
  - Use distributed product properties (#10554)
- 0001-Revert-fix-aide-remediations-add-crontabs.patch: removed, upstream

OBS-URL: https://build.opensuse.org/request/show/1102115
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=29
2023-08-03 15:30:31 +00:00
6dab979f4d Accepting request 1102114 from home:msmeissn:branches:security
- updated to 0.1.69 (jsc#ECO-3319)
  - Introduce a JSON build manifest (#10761)
  - Introduce a script to compare ComplianceAsCode versions (#10768)
  - Introduce CCN profiles for RHEL9 (#10860)
  - Map rules to components (#10609)
  - products/anolis23: supports Anolis OS 23 (#10548)
  - Render components to HTML (#10709)
  - Store rendered control files (#10656)
  - Test and use rules to components mapping (#10693)
  - Use distributed product properties (#10554)
- 0001-Revert-fix-aide-remediations-add-crontabs.patch: removed, upstream

OBS-URL: https://build.opensuse.org/request/show/1102114
OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=90
2023-08-03 07:00:46 +00:00
Ana Guerrero
e48956f964 Accepting request 1101012 from security
- 0001-Revert-fix-aide-remediations-add-crontabs.patch:
  revert patch that breaks the SLE hardening (bsc#1213691)

OBS-URL: https://build.opensuse.org/request/show/1101012
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=28
2023-07-27 14:53:01 +00:00
7e51c57c29 OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=88 2023-07-27 07:00:40 +00:00
4e2af1cbe5 - 0001-Revert-fix-aide-remediations-add-crontabs.patch:
revert patch that breaks the SLE hardening (bsc#1213691)

OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=87
2023-07-27 07:00:24 +00:00
Dominique Leuenberger
40ddaa0315 Accepting request 1093441 from security
- updated to 0.1.68 (jsc#ECO-3319)
  - Bump OL8 STIG version to V1R6
  - Introduce a Product class, make the project work with it
  - Introduce Fedora and Firefox CaC profiles for common workstation users
  - OL7 DISA STIG v2r11 update
  - Publish rendered policy artifacts
  - Update ANSSI BP-028 to version 2.0
- updated to 0.1.67 (jsc#ECO-3319)
  - Add utils/controlrefcheck.py
  - RHEL 9 STIG Update Q1 2023
  - Include warning for NetworkManager keyfiles in RHEL9
  - OL7 stig v2r10 update
  - Bump version of OL8 STIG to V1R5
- various enhancements to SLE profiles
- scap-security-guide-UnicodeEncodeError-character-fix.patch: fixed upstream (forwarded request 1093440 from msmeissn)

OBS-URL: https://build.opensuse.org/request/show/1093441
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=27
2023-06-16 14:55:37 +00:00
4b93898ab2 Accepting request 1093440 from home:msmeissn:branches:security
- updated to 0.1.68 (jsc#ECO-3319)
  - Bump OL8 STIG version to V1R6
  - Introduce a Product class, make the project work with it
  - Introduce Fedora and Firefox CaC profiles for common workstation users
  - OL7 DISA STIG v2r11 update
  - Publish rendered policy artifacts
  - Update ANSSI BP-028 to version 2.0
- updated to 0.1.67 (jsc#ECO-3319)
  - Add utils/controlrefcheck.py
  - RHEL 9 STIG Update Q1 2023
  - Include warning for NetworkManager keyfiles in RHEL9
  - OL7 stig v2r10 update
  - Bump version of OL8 STIG to V1R5
- various enhancements to SLE profiles
- scap-security-guide-UnicodeEncodeError-character-fix.patch: fixed upstream

OBS-URL: https://build.opensuse.org/request/show/1093440
OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=85
2023-06-16 07:16:01 +00:00
Dominique Leuenberger
820a5074ee Accepting request 1063457 from security
- updated to 0.1.66 (jsc#ECO-3319)
  - Ubuntu 22.04 CIS
  - OL7 stig v2r9 update
  - Bump OL8 STIG version to V1R4
  - Update RHEL7 STIG to V3R10
  - Update RHEL8 STIG to V1R9
  - Introduce CIS RHEL9 profiles
- also various SUSE profile fixes were done

OBS-URL: https://build.opensuse.org/request/show/1063457
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=26
2023-02-07 17:48:50 +00:00
1da4c878e8 - updated to 0.1.66 (jsc#ECO-3319)
- Ubuntu 22.04 CIS
  - OL7 stig v2r9 update
  - Bump OL8 STIG version to V1R4
  - Update RHEL7 STIG to V3R10
  - Update RHEL8 STIG to V1R9
  - Introduce CIS RHEL9 profiles
- also various SUSE profile fixes were done

OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=83
2023-02-06 15:04:42 +00:00
Dominique Leuenberger
81ce935701 Accepting request 1042353 from security
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1042353
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=25
2022-12-12 16:40:08 +00:00
dce8ee0fe9 Accepting request 1040265 from home:msmeissn:branches:security
- updated to 0.1.65 (jsc#ECO-3319)
   - Introduce cui profile for OL9
   - Remove Support for OVAL 5.10
   - Rename account_passwords_pam_faillock_audit
   - CI ansible hardening and rename of existing Bash hardening
   - Update contributors list for v0.1.65 release
   - various SUSE profile specific fixes

OBS-URL: https://build.opensuse.org/request/show/1040265
OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=81
2022-12-05 12:44:01 +00:00
Dominique Leuenberger
90e86c6f2f Accepting request 1039608 from security
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1039608
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=24
2022-12-03 09:03:34 +00:00
aa97eceaa7 - require sudo, as remediations touch sudo config or use sudo.
OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=79
2022-11-25 13:16:57 +00:00
Richard Brown
80234036dd Accepting request 1008181 from security
- enable ubuntu 2204 build

OBS-URL: https://build.opensuse.org/request/show/1008181
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=23
2022-10-06 05:42:23 +00:00
8f4f076e71 - enable ubuntu 2204 build
OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=77
2022-10-05 09:22:16 +00:00
Richard Brown
93a6073d11 Accepting request 1007411 from security
- updated to 0.1.64 (jsc#ECO-3319)
   - Introduce ol9 stig profile
   - Introduce Ol9 anssi profiles
   - Update RHEL8 STIG to V1R7
   - Introduce e8 profile for OL9
   - Update RHEL7 STIG to V3R8
   - some SUSE profile fixes

OBS-URL: https://build.opensuse.org/request/show/1007411
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=22
2022-10-01 15:44:00 +00:00
b7a0ce2ed7 - updated to 0.1.64 (jsc#ECO-3319)
- Introduce ol9 stig profile
   - Introduce Ol9 anssi profiles
   - Update RHEL8 STIG to V1R7
   - Introduce e8 profile for OL9
   - Update RHEL7 STIG to V3R8
   - some SUSE profile fixes

OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=75
2022-10-01 09:00:13 +00:00
Dominique Leuenberger
ebd25dc3b1 Accepting request 1005139 from security
- Added several RPM requires that are needed by the SUSE remediation
  scripts. (e.g. awk is not necessary installed)

OBS-URL: https://build.opensuse.org/request/show/1005139
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=21
2022-09-21 12:43:08 +00:00
779881f7d7 - Added several RPM requires that are needed by the SUSE remediation
scripts. (e.g. awk is not necessary installed)

OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=73
2022-09-21 08:25:12 +00:00
Dominique Leuenberger
a6f694089d Accepting request 992448 from security
- updated to 0.1.63 (jsc#ECO-3319)
   - multiple bugfixes in SUSE profiles
   - Expand project guidelines 
   - Add Draft OCP4 STIG profile 
   - Add anssi_bp28_intermediary profile 
   - add products/uos20 to support UnionTech OS Server 20
   - products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles
   - Remove WRLinux Products
   - Update CIS RHEL8 Benchmark for v2.0.0
- removed fix-bash-template.patch: fixed upstream
- Fixed: stig: /etc/shadow group owner should not be root but shadow (bsc#1200149)
- Fixed: sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163)
- Fixed: SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122)

OBS-URL: https://build.opensuse.org/request/show/992448
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=20
2022-08-03 19:16:33 +00:00
7493083014 OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=71 2022-08-02 12:46:34 +00:00
9d790ae2f3 OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=70 2022-08-02 11:56:04 +00:00
14e6352898 disable alibaba linux for now
OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=69
2022-08-02 10:50:33 +00:00