pool/scap-security-guide
SHA256
17
0
Fork 1
Code Issues 1 Pull Requests Activity

Compare commits

merge into: pool:slfo-1.2
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main
...
pull from: pool:factory
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main

6 Commits
slfo-1.2 ... factory

Author SHA256 Message Date
Ana Guerrero
090ec82d6f Accepting request 1323117 from security 
- updated to 0.1.79 (jsc#ECO-3319)
    - Add rhcos4 Profile for BSI Grundschutz
    - Create SLE15 general profile
    - Fix crypto policy settings in RHEL CIS profiles
    - Remove deprecated CIS OpenShift 1.4.0 and 1.5.0 profiles
    - Remove OCP STIG V1R1
    - Remove OCP STIG V2R1
    - Various updates for SLE 12/15 (forwarded request 1323114 from boychev)

OBS-URL: https://build.opensuse.org/request/show/1323117
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=46
 2025-12-16 16:22:43 +00:00
Marcus Meissner
6e18502485 - updated to 0.1.79 (jsc#ECO-3319) 
- Add rhcos4 Profile for BSI Grundschutz
    - Create SLE15 general profile
    - Fix crypto policy settings in RHEL CIS profiles
    - Remove deprecated CIS OpenShift 1.4.0 and 1.5.0 profiles
    - Remove OCP STIG V1R1
    - Remove OCP STIG V2R1
    - Various updates for SLE 12/15

OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=146
 2025-12-16 13:12:41 +00:00
Ana Guerrero
3e5300eb2b Accepting request 1308157 from security 
- updated to 0.1.78 (jsc#ECO-3319)
    - Enable SCE content for problematic rules that can traverse the whole filesystem
    - Remove unnecessary Jinja2 macros in control files
    - Update RHEL 8 STIG to V2R4 and RHEL 9 STIG to V2R5
    - Add Debian 13 profile for ANSSI BP 28 (enhanced)
    - Create SLEM5 General profile
    - Create SL Micro 6 product and general profile
    - Update SLE15 STIG version to V2R5
    - Update SLE12 STIG version to V3R3
    - Update SLEM5 STIG version to V1R2
- Remove the cis profiles from all products

OBS-URL: https://build.opensuse.org/request/show/1308157
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=45
 2025-09-30 15:43:04 +00:00
Marcus Meissner
784fe717a1 - updated to 0.1.78 (jsc#ECO-3319) 
- Enable SCE content for problematic rules that can traverse the whole filesystem
    - Remove unnecessary Jinja2 macros in control files
    - Update RHEL 8 STIG to V2R4 and RHEL 9 STIG to V2R5
    - Add Debian 13 profile for ANSSI BP 28 (enhanced)
    - Create SLEM5 General profile
    - Create SL Micro 6 product and general profile
    - Update SLE15 STIG version to V2R5
    - Update SLE12 STIG version to V3R3
    - Update SLEM5 STIG version to V1R2
- Remove the cis profiles from all products

OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=144
 2025-09-30 07:06:21 +00:00
Ana Guerrero
4339011892 Accepting request 1300811 from security 
- Remove the cis profiles from the tarball 

- Remove ssg-remove-cis.patch: tarball
- Add check if cis profiles exists in the tarball

OBS-URL: https://build.opensuse.org/request/show/1300811
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/scap-security-guide?expand=0&rev=44
 2025-08-21 18:32:37 +00:00
Alexander Bergmann
b26b572e72 - Remove the cis profiles from the tarball 
- Remove ssg-remove-cis.patch: tarball
- Add check if cis profiles exists in the tarball

OBS-URL: https://build.opensuse.org/package/show/security/scap-security-guide?expand=0&rev=142
 2025-08-21 13:36:28 +00:00
5 changed files with 101 additions and 5089 deletions
Expand all files Collapse all files

38
scap-security-guide.changes
View File

@@ -1,3 +1,41 @@
-------------------------------------------------------------------
Tue Dec 16 11:25:18 UTC 2025 - Boychev <svetlin.boychev@suse.com>
- updated to 0.1.79 (jsc#ECO-3319)
- Add rhcos4 Profile for BSI Grundschutz
- Create SLE15 general profile
- Fix crypto policy settings in RHEL CIS profiles
- Remove deprecated CIS OpenShift 1.4.0 and 1.5.0 profiles
- Remove OCP STIG V1R1
- Remove OCP STIG V2R1
- Various updates for SLE 12/15
-------------------------------------------------------------------
Mon Sep 29 11:36:05 UTC 2025 - Boychev <svetlin.boychev@suse.com>
- updated to 0.1.78 (jsc#ECO-3319)
- Enable SCE content for problematic rules that can traverse the whole filesystem
- Remove unnecessary Jinja2 macros in control files
- Update RHEL 8 STIG to V2R4 and RHEL 9 STIG to V2R5
- Add Debian 13 profile for ANSSI BP 28 (enhanced)
- Create SLEM5 General profile
- Create SL Micro 6 product and general profile
- Update SLE15 STIG version to V2R5
- Update SLE12 STIG version to V3R3
- Update SLEM5 STIG version to V1R2
- Remove the cis profiles from all products
-------------------------------------------------------------------
Thu Aug 21 08:24:36 UTC 2025 - Boychev <svetlin.boychev@suse.com>
- Remove the cis profiles from the tarball
-------------------------------------------------------------------
Thu Aug 21 07:26:39 UTC 2025 - Boychev <svetlin.boychev@suse.com>
- Remove ssg-remove-cis.patch: tarball
- Add check if cis profiles exists in the tarball
-------------------------------------------------------------------
Wed Jul 30 07:41:26 UTC 2025 - Boychev <svetlin.boychev@suse.com>

111
scap-security-guide.spec
View File

@@ -42,7 +42,7 @@
%endif
Name: scap-security-guide
Version: 0.1.77
Version: 0.1.79
Release: 0
Summary: XCCDF files for SUSE Linux and openSUSE
License: BSD-3-Clause
@@ -51,7 +51,6 @@ URL: https://github.com/ComplianceAsCode/content
Packager: SUSE Security Team <security@suse.de>
%endif
Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz
Patch0: ssg-remove-cis.patch
# explicit require what is needed by the detection logic in the scripts
Requires: coreutils
@@ -159,7 +158,7 @@ Security Content Automation Protocol (SCAP) Security Guide for SUSE Linux.
This package contains XCCDF (Extensible Configuration Checklist
Description Format), OVAL (Open Vulnerability and Assessment
Language), CPE (Common Platform Enumeration) and DS (Data Stream)
files to run a compliance test on SLE12, SLE15, SLEM5 and openSUSE
files to run a compliance test on SLE12, SLE15, SLEM5, SLEM6 and openSUSE
SUSE supported in this version of scap-security-guide:
@@ -218,57 +217,67 @@ Note that the included profiles are community supplied and not officially suppor
%prep
%setup -q -n content-%version
%patch -P 0
# Remove CIS profiles
find products -type f -name 'cis*.profile' -delete
# Fail if any cis*.profile exists in under products/
if find products -type f -name 'cis*.profile' | grep -q .; then
echo "ERROR: CIS profiles found under products/:"
find products -type f -name 'cis*.profile'
exit 1
fi
%build
cd build
cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \
-DCMAKE_INSTALL_MANDIR=%{_mandir} \
-DSSG_PRODUCT_CHROMIUM=OFF \
-DSSG_PRODUCT_ALINUX2=OFF \
-DSSG_PRODUCT_ALINUX3=OFF \
-DSSG_PRODUCT_ALMALINUX9=ON \
-DSSG_PRODUCT_AL2023=OFF \
-DSSG_PRODUCT_DEBIAN9=ON \
-DSSG_PRODUCT_DEBIAN10=ON \
-DSSG_PRODUCT_DEFAULT=ON \
-DSSG_PRODUCT_EXAMPLE=OFF \
-DSSG_PRODUCT_FEDORA=ON \
-DSSG_PRODUCT_FIREFOX=OFF \
-DSSG_PRODUCT_FUSE6=OFF \
-DSSG_PRODUCT_JRE=OFF \
-DSSG_PRODUCT_MACOS1015=OFF \
-DSSG_PRODUCT_OCP4=OFF \
-DSSG_PRODUCT_KYLINSERVER10=OFF \
-DSSG_PRODUCT_OL7=ON \
-DSSG_PRODUCT_OL8=ON \
-DSSG_PRODUCT_OL9=ON \
-DSSG_PRODUCT_OPENSUSE=ON \
-DSSG_PRODUCT_OPENEMBEDDED=OFF \
-DSSG_PRODUCT_RHCOS4=ON \
-DSSG_PRODUCT_RHEL8=ON \
-DSSG_PRODUCT_RHEL9=ON \
-DSSG_PRODUCT_RHEL10=ON \
-DSSG_PRODUCT_CS10=ON \
-DSSG_PRODUCT_RHOSP10=ON \
-DSSG_PRODUCT_RHOSP13=ON \
-DSSG_PRODUCT_RHV4=ON \
-DSSG_PRODUCT_TENCENTOS4=ON \
-DSSG_PRODUCT_SLE12=ON \
-DSSG_PRODUCT_SLE15=ON \
-DSSG_PRODUCT_SLMICRO5=ON \
-DSSG_PRODUCT_UBUNTU1604=ON \
-DSSG_PRODUCT_UBUNTU1804=ON \
-DSSG_PRODUCT_UBUNTU2004=ON \
-DSSG_PRODUCT_UBUNTU2204=ON \
-DSSG_PRODUCT_UOS20=OFF \
-DSSG_PRODUCT_VSEL=OFF \
-DSSG_PRODUCT_EKS=OFF \
-DSSG_PRODUCT_WRLINUX8=OFF \
-DSSG_PRODUCT_WRLINUX1019=OFF \
-DSSG_PRODUCT_ANOLIS8=OFF \
-DSSG_PRODUCT_ANOLIS23=OFF \
../
cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} \
-DCMAKE_INSTALL_MANDIR=%{_mandir} \
-DSSG_PRODUCT_CHROMIUM=OFF \
-DSSG_PRODUCT_ALINUX2=OFF \
-DSSG_PRODUCT_ALINUX3=OFF \
-DSSG_PRODUCT_ALMALINUX9=ON \
-DSSG_PRODUCT_AL2023=OFF \
-DSSG_PRODUCT_DEBIAN9=ON \
-DSSG_PRODUCT_DEBIAN10=ON \
-DSSG_PRODUCT_DEFAULT=ON \
-DSSG_PRODUCT_EXAMPLE=OFF \
-DSSG_PRODUCT_FEDORA=ON \
-DSSG_PRODUCT_FIREFOX=OFF \
-DSSG_PRODUCT_FUSE6=OFF \
-DSSG_PRODUCT_JRE=OFF \
-DSSG_PRODUCT_MACOS1015=OFF \
-DSSG_PRODUCT_OCP4=OFF \
-DSSG_PRODUCT_KYLINSERVER10=OFF \
-DSSG_PRODUCT_OL7=ON \
-DSSG_PRODUCT_OL8=ON \
-DSSG_PRODUCT_OL9=ON \
-DSSG_PRODUCT_OPENSUSE=ON \
-DSSG_PRODUCT_OPENEMBEDDED=OFF \
-DSSG_PRODUCT_RHCOS4=ON \
-DSSG_PRODUCT_RHEL8=ON \
-DSSG_PRODUCT_RHEL9=ON \
-DSSG_PRODUCT_RHEL10=ON \
-DSSG_PRODUCT_CS10=ON \
-DSSG_PRODUCT_RHOSP10=ON \
-DSSG_PRODUCT_RHOSP13=ON \
-DSSG_PRODUCT_RHV4=ON \
-DSSG_PRODUCT_TENCENTOS4=ON \
-DSSG_PRODUCT_SLE12=ON \
-DSSG_PRODUCT_SLE15=ON \
-DSSG_PRODUCT_SLMICRO5=ON \
-DSSG_PRODUCT_SLMICRO6=ON \
-DSSG_PRODUCT_UBUNTU1604=ON \
-DSSG_PRODUCT_UBUNTU1804=ON \
-DSSG_PRODUCT_UBUNTU2004=ON \
-DSSG_PRODUCT_UBUNTU2204=ON \
-DSSG_PRODUCT_UOS20=OFF \
-DSSG_PRODUCT_VSEL=OFF \
-DSSG_PRODUCT_EKS=OFF \
-DSSG_PRODUCT_WRLINUX8=OFF \
-DSSG_PRODUCT_WRLINUX1019=OFF \
-DSSG_PRODUCT_ANOLIS8=OFF \
-DSSG_PRODUCT_ANOLIS23=OFF \
../
make
%install

5035
ssg-remove-cis.patch
View File

File diff suppressed because it is too large Load Diff

BIN
v0.1.77.tar.gz LFS
View File

Binary file not shown.

BIN
v0.1.79.tar.gz LFS Normal file
View File

Binary file not shown.