rpm/openscap
SHA256
1
0
Fork 0
forked from pool/openscap
Code Pull Requests Activity

Accepting request 583006 from security

Browse Source 
- Replace old $RPM_* shell vars. (forwarded request 583005 from jengelh)

OBS-URL: https://build.opensuse.org/request/show/583006
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openscap?expand=0&rev=55
This commit is contained in:
Dominique Leuenberger 2018-03-07 09:35:14 +00:00 committed by Git OBS Bridge
commit ee5ae20257
5 changed files with 75 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
openscap.changes
View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Mon Mar 5 15:11:19 UTC 2018 - jengelh@inai.de
- Replace old $RPM_* shell vars.
-------------------------------------------------------------------
Mon Mar 5 12:39:51 UTC 2018 - meissner@suse.com
- replace oscap-scan.init by oscap-scan.service, add a /usr/bin/oscap-scan
helper tool for this. (bsc#1083115)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Feb 22 13:41:36 UTC 2018 - meissner@suse.com Thu Feb 22 13:41:36 UTC 2018 - meissner@suse.com

42
openscap.spec
View File

@ -28,13 +28,14 @@ Name: openscap
Version: 1.2.16 Version: 1.2.16
Release: 1.0 Release: 1.0
Source: https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz Source: https://github.com/OpenSCAP/openscap/archive/%{version}.tar.gz
Source1: oscap-scan.init
Source2: sysconfig.oscap-scan Source2: sysconfig.oscap-scan
# SUSE specific profile, based on yast2-security # SUSE specific profile, based on yast2-security
# checks. # checks.
# Generated from http://gitorious.org/test-suite/scap # Generated from http://gitorious.org/test-suite/scap
Source3: scap-yast2sec-xccdf.xml Source3: scap-yast2sec-xccdf.xml
Source4: scap-yast2sec-oval.xml Source4: scap-yast2sec-oval.xml
Source5: oscap-scan.service
Source6: oscap-scan.sh
Url: http://www.open-scap.org/ Url: http://www.open-scap.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: doxygen BuildRequires: doxygen
@ -62,8 +63,9 @@ BuildRequires: rpm-devel
BuildRequires: swig BuildRequires: swig
BuildRequires: unixODBC-devel BuildRequires: unixODBC-devel
Summary: A Set of Libraries for Integration with SCAP Summary: A Set of Libraries for Integration with SCAP
License: LGPL-2.1+ License: LGPL-2.1-or-later
Group: Development/Tools/Other Group: Development/Tools/Other
BuildRequires: systemd-rpm-macros
%description %description
OpenSCAP is a set of open source libraries providing an easier path for OpenSCAP is a set of open source libraries providing an easier path for
@ -142,7 +144,8 @@ The OpenSCAP Perl Library for easy integration with SCAP.
Summary: Openscap utilities Summary: Openscap utilities
Group: System/Monitoring Group: System/Monitoring
Requires: %{name} = %{version}-%{release} Requires: %{name} = %{version}-%{release}
PreReq: %insserv_prereq %fillup_prereq PreReq: %fillup_prereq
%systemd_requires
%description utils %description utils
The %{name}-utils package contains various utilities based on %{name} library. The %{name}-utils package contains various utilities based on %{name} library.
@ -195,17 +198,20 @@ find %{buildroot} -name "*.la" -delete
# last python2 user in oscap-utils ... needs porting to python3 # last python2 user in oscap-utils ... needs porting to python3
rm %{buildroot}/usr/bin/scap-as-rpm rm %{buildroot}/usr/bin/scap-as-rpm
mkdir -p $RPM_BUILD_ROOT%{_fillupdir} mkdir -p %{buildroot}/%{_fillupdir}
install -d -m 755 $RPM_BUILD_ROOT%{_initrddir} install -m 644 %{SOURCE2} %{buildroot}/%{_fillupdir}
install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_initrddir}/oscap-scan
install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_fillupdir}
install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/%{_datadir}/openscap install -m 644 %{SOURCE3} %{buildroot}/%{_datadir}/openscap
install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_datadir}/openscap install -m 644 %{SOURCE4} %{buildroot}/%{_datadir}/openscap
# specific local scan during boot script
mkdir -p %{buildroot}/%{_unitdir}
install -m 644 %{SOURCE5} %{buildroot}/%{_unitdir}/oscap-scan.service
install -m 755 %{SOURCE6} %{buildroot}/%{_bindir}/oscap-scan
# create symlinks to default content # create symlinks to default content
ln -s %{_datadir}/openscap/scap-yast2sec-oval.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-oval.xml ln -s %{_datadir}/openscap/scap-yast2sec-oval.xml %{buildroot}/%{_datadir}/openscap/scap-oval.xml
ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-xccdf.xml ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml %{buildroot}/%{_datadir}/openscap/scap-xccdf.xml
%post -n libopenscap%{sover} -p /sbin/ldconfig %post -n libopenscap%{sover} -p /sbin/ldconfig
%post -n libopenscap_sce%{sover} -p /sbin/ldconfig %post -n libopenscap_sce%{sover} -p /sbin/ldconfig
@ -214,14 +220,17 @@ ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/
%postun -n libopenscap_sce%{sover} -p /sbin/ldconfig %postun -n libopenscap_sce%{sover} -p /sbin/ldconfig
%preun utils %preun utils
%{stop_on_removal oscap-scan} %service_del_preun oscap-scan.service
%post utils %post utils
%{fillup_and_insserv -n oscap-scan} %service_add_post oscap-scan.service
%{fillup_only -n oscap-scan}
%postun utils %postun utils
%{restart_on_update oscap-scan} %service_del_postun oscap-scan.service
%{insserv_cleanup}
%pre utils
%service_add_pre oscap-scan.service
%files %files
%defattr(-, root, root) %defattr(-, root, root)
@ -300,10 +309,11 @@ ln -s %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/
%defattr(-,root,root,-) %defattr(-,root,root,-)
%{_fillupdir}/sysconfig.oscap-scan %{_fillupdir}/sysconfig.oscap-scan
%doc docs/oscap-scan.cron %doc docs/oscap-scan.cron
%{_initrddir}/oscap-scan
%{_mandir}/man8/* %{_mandir}/man8/*
%{_unitdir}/oscap-scan.service
%{_bindir}/oscap %{_bindir}/oscap
%{_bindir}/oscap-vm %{_bindir}/oscap-vm
%{_bindir}/oscap-scan
%{_bindir}/oscap-ssh %{_bindir}/oscap-ssh
%{_bindir}/oscap-chroot %{_bindir}/oscap-chroot
# currently not shipped as it is still python2 # currently not shipped as it is still python2

106
oscap-scan.init
View File

@ -1,106 +0,0 @@
#!/bin/sh
#
# oscap-scan: OpenSCAP security scanner
#
# chkconfig: - 96 99
# description: This service runs OpenSCAP security scanner to check the \
# system settings. The program does not stay resident, \
# but rather runs once. The results of security audit are
# stored in /var/log/oscap-scan.xml.log
#
# processname: /usr/bin/oscap
# config: /etc/sysconfig/oscap-scan
#
# Return values according to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
### BEGIN INIT INFO
# Provides: oscap-scan
# Required-Start: $syslog $local_fs $network $remote_fs
# Required-Stop: $syslog $local_fs $network $remote_fs
# Should-Start:
# Should-Stop:
# Default-Start: 3 5
# Default-Stop: 0 1 6
# Short-Description: OpenSCAP security scanner
# Description: This service runs OpenSCAP security scanner to check the
# system settings. The program does not stay resident,
# but rather runs once. The results of security audit are
# stored in /var/log/oscap-scan.xml.log
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
prog="oscap"
# Source function library.
. /etc/rc.status
# Allow anyone to run status
if [ "$1" = "status" ] ; then
exit 3
fi
# Check that we are root ... so non-root users stop here
test $EUID = 0 || exit 4
# Check config
test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan
RETVAL=0
start() {
test -x /usr/bin/oscap || exit 5
# Now check that the sysconfig is found and has important things
# configured
test -f /etc/sysconfig/oscap-scan || exit 6
test x"$OPTIONS" != "x" || exit 6
echo -n $"Starting $prog: "
$prog $OPTIONS
rc_status -v
ERR=$?
if [ $ERR -eq 0 ] ; then
sleep 1
logger "OpenSCAP security scan: PASS"
elif [ $ERR -eq 1 ] ; then
sleep 1
logger "OpenSCAP security scan: ERROR. Run oscap scan from command line."
else
sleep 1
logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log"
fi
}
# See how we were called.
case "$1" in
start)
start
;;
restart)
start
;;
stop)
RETVAL=0;
;;
condrestart)
RETVAL=0;
;;
try-restart)
RETVAL=0;
;;
reload)
RETVAL=0;
;;
*)
echo $"Usage: $0 {start}"
RETVAL=2
;;
esac
exit $RETVAL

12
oscap-scan.service Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=OpenSCAP security scanner
Wants=local-fs.target
After=local-fs.target
[Service]
Type=forking
EnvironmentFile=-/etc/sysconfig/oscap-scan
ExecStart=/usr/bin/oscap $OPTIONS
[Install]
WantedBy=multi-user.target

26
oscap-scan.sh Normal file
View File

@ -0,0 +1,26 @@
#!/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
prog="oscap"
# Check config
test -f /etc/sysconfig/oscap-scan && . /etc/sysconfig/oscap-scan
RETVAL=0
test -f /etc/sysconfig/oscap-scan || exit 6
test x"$OPTIONS" != "x" || exit 6
$prog $OPTIONS
ERR=$?
if [ $ERR -eq 0 ] ; then
logger "OpenSCAP security scan: PASS"
elif [ $ERR -eq 1 ] ; then
logger "OpenSCAP security scan: ERROR. Run oscap scan from command line."
else
logger "OpenSCAP security scan: FAILED. See results in /var/log/oscap-scan.xml.log"
fi
exit 0