- replace oscap-scan.init by oscap-scan.service, add a /usr/bin/oscap-scan

helper tool for this. (bsc#1083115) OBS-URL: https://build.opensuse.org/package/show/security/openscap?expand=0&rev=203
2018-03-05 12:41:14 +00:00 · 2018-03-05 12:41:14 +00:00 · b6d47735b2
commit b6d47735b2
parent 078a8851d4
5 changed files with 55 additions and 111 deletions
--- a/openscap.changes
+++ b/openscap.changes
@ -1,3 +1,9 @@
 -------------------------------------------------------------------
 Mon Mar  5 12:39:51 UTC 2018 - meissner@suse.com
 - replace oscap-scan.init by oscap-scan.service, add a /usr/bin/oscap-scan
  helper tool for this. (bsc#1083115)
 -------------------------------------------------------------------
 Thu Feb 22 13:41:36 UTC 2018 - meissner@suse.com
--- a/openscap.spec
+++ b/openscap.spec
@ -28,13 +28,14 @@ Name:           openscap
 Version:        1.2.16
 Release:        1.0
 Source:         https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz
 Source1:        oscap-scan.init
 Source2:        sysconfig.oscap-scan
 # SUSE specific profile, based on yast2-security
 # checks.
 # Generated from http://gitorious.org/test-suite/scap
 Source3:        scap-yast2sec-xccdf.xml
 Source4:        scap-yast2sec-oval.xml
 Source5:        oscap-scan.service
 Source6:        oscap-scan.sh
 Url:            http://www.open-scap.org/
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  doxygen
@ -64,6 +65,7 @@ BuildRequires:  unixODBC-devel
 Summary:        A Set of Libraries for Integration with SCAP
 License:        LGPL-2.1+
 Group:          Development/Tools/Other
 BuildRequires:  systemd-rpm-macros
 %description
 OpenSCAP is a set of open source libraries providing an easier path for
@ -142,7 +144,8 @@ The OpenSCAP Perl Library for easy integration with SCAP.
 Summary:        Openscap utilities
 Group:          System/Monitoring
 Requires:       %{name} = %{version}-%{release}
-PreReq:         %insserv_prereq %fillup_prereq
+PreReq:         %fillup_prereq
 %systemd_requires
 %description    utils
 The %{name}-utils package contains various utilities based on %{name} library.
@ -196,13 +199,15 @@ find %{buildroot} -name "*.la" -delete
 rm %{buildroot}/usr/bin/scap-as-rpm
 mkdir -p $RPM_BUILD_ROOT%{_fillupdir}
 install -d -m 755 $RPM_BUILD_ROOT%{_initrddir}
 install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_initrddir}/oscap-scan
 install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_fillupdir}
 install -m 644 %{SOURCE3}  $RPM_BUILD_ROOT/%{_datadir}/openscap
 install -m 644 %{SOURCE4}  $RPM_BUILD_ROOT/%{_datadir}/openscap
 # specific local scan during boot script
 install -m 644 %{SOURCE5}  $RPM_BUILD_ROOT/%{_unitdir}/oscap-scan.service
 install -m 755 %{SOURCE6}  $RPM_BUILD_ROOT/%{_datadir}/oscap-scan
 # create symlinks to default content
 ln -s  %{_datadir}/openscap/scap-yast2sec-oval.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-oval.xml
 ln -s  %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-xccdf.xml
@ -300,10 +305,11 @@ ln -s  %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/
 %defattr(-,root,root,-)
 %{_fillupdir}/sysconfig.oscap-scan
 %doc docs/oscap-scan.cron
 %{_initrddir}/oscap-scan
 %{_mandir}/man8/*
 %{_unitdir}/oscap-scan.service
 %{_bindir}/oscap
 %{_bindir}/oscap-vm
 %{_bindir}/oscap-scan
 %{_bindir}/oscap-ssh
 %{_bindir}/oscap-chroot
 # currently not shipped as it is still python2
--- a/oscap-scan.init
+++ b/oscap-scan.init
@ -1,106 +0,0 @@
 #!/bin/sh
 #
 # oscap-scan:		OpenSCAP security scanner
 #
 # chkconfig: - 96 99
 # description:  This service runs OpenSCAP security scanner to check the \
 #		system settings. The program does not stay resident, \
 #		but rather runs once. The results of security audit are 
 #		stored in /var/log/oscap-scan.xml.log
 #
 # processname: /usr/bin/oscap
 # config: /etc/sysconfig/oscap-scan
 #
 # Return values according to LSB for all commands but status:
 # 0 - success
 # 1 - generic or unspecified error
 # 2 - invalid or excess argument(s)
 # 3 - unimplemented feature (e.g. "reload")
 # 4 - insufficient privilege
 # 5 - program is not installed
 # 6 - program is not configured
 # 7 - program is not running
 ### BEGIN INIT INFO
 # Provides: oscap-scan
 # Required-Start: $syslog $local_fs $network $remote_fs
 # Required-Stop: $syslog $local_fs $network $remote_fs
 # Should-Start:
 # Should-Stop:
 # Default-Start:  3 5
 # Default-Stop: 0 1 6
 # Short-Description: OpenSCAP security scanner
 # Description:       This service runs OpenSCAP security scanner to check the
 #	system settings. The program does not stay resident,
 #	but rather runs once. The results of security audit are
 #	stored in /var/log/oscap-scan.xml.log
 ### END INIT INFO
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
 prog="oscap"
 # Source function library.
 . /etc/rc.status
 # Allow anyone to run status
 if [ "$1" = "status" ] ; then
 	exit 3
 fi
 # Check that we are root ... so non-root users stop here
 test $EUID = 0  ||  exit 4
 # Check config
 test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan
 RETVAL=0
 start() {
 	test -x /usr/bin/oscap  || exit 5
 	# Now check that the sysconfig is found and has important things
 	# configured
 	test -f /etc/sysconfig/oscap-scan || exit 6
 	test x"$OPTIONS" != "x" || exit 6
 	echo  -n $"Starting $prog: "
 	$prog $OPTIONS
 	rc_status -v
 	ERR=$?
 	if [ $ERR -eq 0 ] ; then
 		sleep 1
 		logger "OpenSCAP security scan: PASS"
 	elif [ $ERR -eq 1 ] ; then
 		sleep 1
 		logger "OpenSCAP security scan: ERROR. Run oscap scan from command line."
 	else
 		sleep 1
 		logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log"
 	fi
 }
 # See how we were called.
 case "$1" in
    start)
 	start
 	;;
    restart)
 	start
 	;;
    stop)
 	RETVAL=0;
 	;;
    condrestart)
 	RETVAL=0;
 	;;
    try-restart)
 	RETVAL=0;
 	;;
    reload)
 	RETVAL=0;
 	;;
    *)
 	echo $"Usage: $0 {start}"
 	RETVAL=2
 	;;
 esac
 exit $RETVAL
--- a/oscap-scan.service
+++ b/oscap-scan.service
@ -0,0 +1,12 @@
 [Unit]
 Description=OpenSCAP security scanner
 Wants=local-fs.target
 After=local-fs.target
 [Service]
 Type=forking
 EnvironmentFile=-/etc/sysconfig/oscap-scan
 ExecStart=/usr/bin/oscap $OPTIONS
 [Install]
 WantedBy=multi-user.target
--- a/oscap-scan.sh
+++ b/oscap-scan.sh
@ -0,0 +1,26 @@
 #!/bin/bash
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
 prog="oscap"
 # Check config
 test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan
 RETVAL=0
 test -f /etc/sysconfig/oscap-scan || exit 6
 test x"$OPTIONS" != "x" || exit 6
 $prog $OPTIONS
 ERR=$?
 if [ $ERR -eq 0 ] ; then
 	logger "OpenSCAP security scan: PASS"
 elif [ $ERR -eq 1 ] ; then
 	logger "OpenSCAP security scan: ERROR. Run oscap scan from command line."
 else
 	logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log"
 fi
 exit 0