forked from pool/openscap
- replace oscap-scan.init by oscap-scan.service, add a /usr/bin/oscap-scan
helper tool for this. (bsc#1083115) OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=203
This commit is contained in:
Git OBS Bridge
parent
078a8851d4
commit
b6d47735b2
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 5 12:39:51 UTC 2018 - meissner@suse.com
|
||||
|
||||
- replace oscap-scan.init by oscap-scan.service, add a /usr/bin/oscap-scan
|
||||
helper tool for this. (bsc#1083115)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 22 13:41:36 UTC 2018 - meissner@suse.com
|
||||
|
||||
|
||||
@ -28,13 +28,14 @@ Name: openscap
|
||||
Version: 1.2.16
|
||||
Release: 1.0
|
||||
Source: https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz
|
||||
Source1: oscap-scan.init
|
||||
Source2: sysconfig.oscap-scan
|
||||
# SUSE specific profile, based on yast2-security
|
||||
# checks.
|
||||
# Generated from http://gitorious.org/test-suite/scap
|
||||
Source3: scap-yast2sec-xccdf.xml
|
||||
Source4: scap-yast2sec-oval.xml
|
||||
Source5: oscap-scan.service
|
||||
Source6: oscap-scan.sh
|
||||
Url: http://www.open-scap.org/
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: doxygen
|
||||
@ -64,6 +65,7 @@ BuildRequires: unixODBC-devel
|
||||
Summary: A Set of Libraries for Integration with SCAP
|
||||
License: LGPL-2.1+
|
||||
Group: Development/Tools/Other
|
||||
BuildRequires: systemd-rpm-macros
|
||||
|
||||
%description
|
||||
OpenSCAP is a set of open source libraries providing an easier path for
|
||||
@ -142,7 +144,8 @@ The OpenSCAP Perl Library for easy integration with SCAP.
|
||||
Summary: Openscap utilities
|
||||
Group: System/Monitoring
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
PreReq: %insserv_prereq %fillup_prereq
|
||||
PreReq: %fillup_prereq
|
||||
%systemd_requires
|
||||
|
||||
%description utils
|
||||
The %{name}-utils package contains various utilities based on %{name} library.
|
||||
@ -196,13 +199,15 @@ find %{buildroot} -name "*.la" -delete
|
||||
rm %{buildroot}/usr/bin/scap-as-rpm
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT%{_fillupdir}
|
||||
install -d -m 755 $RPM_BUILD_ROOT%{_initrddir}
|
||||
install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_initrddir}/oscap-scan
|
||||
install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_fillupdir}
|
||||
|
||||
install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/%{_datadir}/openscap
|
||||
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_datadir}/openscap
|
||||
|
||||
# specific local scan during boot script
|
||||
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/%{_unitdir}/oscap-scan.service
|
||||
install -m 755 %{SOURCE6} $RPM_BUILD_ROOT/%{_datadir}/oscap-scan
|
||||
|
||||
# create symlinks to default content
|
||||
ln -s %{_datadir}/openscap/scap-yast2sec-oval.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-oval.xml
|
||||
ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-xccdf.xml
|
||||
@ -300,10 +305,11 @@ ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/
|
||||
%defattr(-,root,root,-)
|
||||
%{_fillupdir}/sysconfig.oscap-scan
|
||||
%doc docs/oscap-scan.cron
|
||||
%{_initrddir}/oscap-scan
|
||||
%{_mandir}/man8/*
|
||||
%{_unitdir}/oscap-scan.service
|
||||
%{_bindir}/oscap
|
||||
%{_bindir}/oscap-vm
|
||||
%{_bindir}/oscap-scan
|
||||
%{_bindir}/oscap-ssh
|
||||
%{_bindir}/oscap-chroot
|
||||
# currently not shipped as it is still python2
|
||||
|
||||
106
oscap-scan.init
106
oscap-scan.init
@ -1,106 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# oscap-scan: OpenSCAP security scanner
|
||||
#
|
||||
# chkconfig: - 96 99
|
||||
# description: This service runs OpenSCAP security scanner to check the \
|
||||
# system settings. The program does not stay resident, \
|
||||
# but rather runs once. The results of security audit are
|
||||
# stored in /var/log/oscap-scan.xml.log
|
||||
#
|
||||
# processname: /usr/bin/oscap
|
||||
# config: /etc/sysconfig/oscap-scan
|
||||
#
|
||||
# Return values according to LSB for all commands but status:
|
||||
# 0 - success
|
||||
# 1 - generic or unspecified error
|
||||
# 2 - invalid or excess argument(s)
|
||||
# 3 - unimplemented feature (e.g. "reload")
|
||||
# 4 - insufficient privilege
|
||||
# 5 - program is not installed
|
||||
# 6 - program is not configured
|
||||
# 7 - program is not running
|
||||
### BEGIN INIT INFO
|
||||
# Provides: oscap-scan
|
||||
# Required-Start: $syslog $local_fs $network $remote_fs
|
||||
# Required-Stop: $syslog $local_fs $network $remote_fs
|
||||
# Should-Start:
|
||||
# Should-Stop:
|
||||
# Default-Start: 3 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: OpenSCAP security scanner
|
||||
# Description: This service runs OpenSCAP security scanner to check the
|
||||
# system settings. The program does not stay resident,
|
||||
# but rather runs once. The results of security audit are
|
||||
# stored in /var/log/oscap-scan.xml.log
|
||||
### END INIT INFO
|
||||
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||
prog="oscap"
|
||||
|
||||
# Source function library.
|
||||
. /etc/rc.status
|
||||
|
||||
# Allow anyone to run status
|
||||
if [ "$1" = "status" ] ; then
|
||||
exit 3
|
||||
fi
|
||||
|
||||
# Check that we are root ... so non-root users stop here
|
||||
test $EUID = 0 || exit 4
|
||||
|
||||
# Check config
|
||||
test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan
|
||||
|
||||
RETVAL=0
|
||||
|
||||
start() {
|
||||
test -x /usr/bin/oscap || exit 5
|
||||
# Now check that the sysconfig is found and has important things
|
||||
# configured
|
||||
test -f /etc/sysconfig/oscap-scan || exit 6
|
||||
test x"$OPTIONS" != "x" || exit 6
|
||||
echo -n $"Starting $prog: "
|
||||
$prog $OPTIONS
|
||||
rc_status -v
|
||||
ERR=$?
|
||||
if [ $ERR -eq 0 ] ; then
|
||||
sleep 1
|
||||
logger "OpenSCAP security scan: PASS"
|
||||
elif [ $ERR -eq 1 ] ; then
|
||||
sleep 1
|
||||
logger "OpenSCAP security scan: ERROR. Run oscap scan from command line."
|
||||
else
|
||||
sleep 1
|
||||
logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
# See how we were called.
|
||||
case "$1" in
|
||||
start)
|
||||
start
|
||||
;;
|
||||
restart)
|
||||
start
|
||||
;;
|
||||
stop)
|
||||
RETVAL=0;
|
||||
;;
|
||||
condrestart)
|
||||
RETVAL=0;
|
||||
;;
|
||||
try-restart)
|
||||
RETVAL=0;
|
||||
;;
|
||||
reload)
|
||||
RETVAL=0;
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $0 {start}"
|
||||
RETVAL=2
|
||||
;;
|
||||
esac
|
||||
exit $RETVAL
|
||||
|
||||
12
oscap-scan.service
Normal file
12
oscap-scan.service
Normal file
@ -0,0 +1,12 @@
|
||||
[Unit]
|
||||
Description=OpenSCAP security scanner
|
||||
Wants=local-fs.target
|
||||
After=local-fs.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
EnvironmentFile=-/etc/sysconfig/oscap-scan
|
||||
ExecStart=/usr/bin/oscap $OPTIONS
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
26
oscap-scan.sh
Normal file
26
oscap-scan.sh
Normal file
@ -0,0 +1,26 @@
|
||||
#!/bin/bash
|
||||
|
||||
PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||
prog="oscap"
|
||||
|
||||
# Check config
|
||||
test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan
|
||||
|
||||
RETVAL=0
|
||||
|
||||
test -f /etc/sysconfig/oscap-scan || exit 6
|
||||
|
||||
test x"$OPTIONS" != "x" || exit 6
|
||||
|
||||
$prog $OPTIONS
|
||||
|
||||
ERR=$?
|
||||
if [ $ERR -eq 0 ] ; then
|
||||
logger "OpenSCAP security scan: PASS"
|
||||
elif [ $ERR -eq 1 ] ; then
|
||||
logger "OpenSCAP security scan: ERROR. Run oscap scan from command line."
|
||||
else
|
||||
logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log"
|
||||
fi
|
||||
|
||||
exit 0
|
||||
Loading…
Reference in New Issue
Block a user