upgrade
This commit is contained in:
Peter Vrabec
parent
ae335e19ec
commit
0f47b046ee
1
.gitignore
vendored
1
.gitignore
vendored
@ -11,3 +11,4 @@ openscap-0.6.0.tar.gz
|
||||
/openscap-0.7.3.tar.gz
|
||||
/openscap-0.7.4.tar.gz
|
||||
/openscap-0.8.0.tar.gz
|
||||
/openscap-0.8.1.tar.gz
|
||||
|
||||
@ -1,70 +0,0 @@
|
||||
diff --git a/dist/fedora/scap-fedora14-xccdf.xml b/dist/fedora/scap-fedora14-xccdf.xml
|
||||
index 91080aa..ee63a51 100644
|
||||
--- a/dist/fedora/scap-fedora14-xccdf.xml
|
||||
+++ b/dist/fedora/scap-fedora14-xccdf.xml
|
||||
@@ -11,10 +11,11 @@
|
||||
resolved="1"
|
||||
id="scap-fedora14-xccdf.xml"
|
||||
xml:lang="en">
|
||||
- <status date="2010-09-11">draft</status>
|
||||
- <title>Guide to the Secure Configuration of Fedora Linux</title>
|
||||
- <description>This guide has been created to assist IT professionals, in effectively securing systems with Fedora Linux.</description>
|
||||
- <version>0.6.3</version>
|
||||
+ <status date="2011-10-12">draft</status>
|
||||
+ <title>Example of SCAP Security Guidance</title>
|
||||
+ <description>This example security guidance has been created to demonstrate SCAP functionality
|
||||
+on Linux.</description>
|
||||
+ <version>0.1</version>
|
||||
<model system="urn:xccdf:scoring:default" />
|
||||
<model system="urn:xccdf:scoring:flat" />
|
||||
<!-- ==================================================================================================== -->
|
||||
@@ -25,9 +26,11 @@
|
||||
<!-- Each defines the set of XCCDF rules that are applicable for that guidance as well as specific values -->
|
||||
<!-- to be used when determining complinace. -->
|
||||
<!-- -->
|
||||
- <Profile id="F14-Desktop" abstract="false">
|
||||
- <title xml:lang="en">Fedora 14 desktop settings</title>
|
||||
- <description xml:lang="en">This profile selects security controls that conform to default Fedora 14 configuration.</description>
|
||||
+ <Profile id="F14-Default" abstract="false">
|
||||
+ <title xml:lang="en">Default install settings</title>
|
||||
+ <description xml:lang="en">This profile is an example policy that simply checks if some of Fedora 14 default
|
||||
+install settings have been modified. It is not comprehensive nor checks security hardening. It is just for testing
|
||||
+purposes.</description>
|
||||
<select idref="rule-2.1.1.1.1.a" selected="false" /> <!-- DONE --> <!-- Separate Partition or Logical Volume for /tmp -->
|
||||
<select idref="rule-2.1.1.1.1.b" selected="false"/> <!-- DONE --> <!-- Minimum size of /tmp -->
|
||||
<select idref="rule-2.1.1.1.2.a" selected="false" /> <!-- DONE --> <!-- Separate Partition or Logical Volume for /var -->
|
||||
diff --git a/dist/rhel6/scap-rhel6-xccdf.xml b/dist/rhel6/scap-rhel6-xccdf.xml
|
||||
index 272edb2..82180f7 100644
|
||||
--- a/dist/rhel6/scap-rhel6-xccdf.xml
|
||||
+++ b/dist/rhel6/scap-rhel6-xccdf.xml
|
||||
@@ -1,22 +1,18 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<Benchmark xmlns="http://checklists.nist.gov/xccdf/1.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="RHEL-6" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 xccdf-1.1.4.xsd" resolved="0" xml:lang="en-US">
|
||||
- <status date="2011-04-13">draft</status>
|
||||
- <title xml:lang="en-US">Guidance for Securing Red Hat Enterprise Linux 6</title>
|
||||
- <description xml:lang="en-US">This guide has been created to assist IT professionals in effectively securing
|
||||
- systems running Red Hat Enterprise Linux</description>
|
||||
+ <status date="2011-10-12">draft</status>
|
||||
+ <title xml:lang="en-US">Example of SCAP Security Guidance</title>
|
||||
+ <description xml:lang="en-US">This example security guidance has been created to demonstrate SCAP functionality
|
||||
+on Linux.</description>
|
||||
<platform idref="cpe:/o:redhat:enterprise_linux:6"/>
|
||||
<version>0.2</version>
|
||||
<model system="urn:xccdf:scoring:default"/>
|
||||
<model system="urn:xccdf:scoring:flat"/>
|
||||
<Profile id="RHEL6-Default">
|
||||
- <title xml:lang="en-US">RHEL 6 Profile For Default Installation</title>
|
||||
- <description xml:lang="en-US">XCCDF profile for evaluation of RHEL 6 updates.
|
||||
- This profile is designed for evaluation of default configuration of a
|
||||
- fresh installation of RHEL 6 system. It should be executed for every
|
||||
- RHEL 6 update. Additional security hardening of the system should be
|
||||
- done prior to deploying it in a production environment.
|
||||
- All enabled XCCDF rules should pass.
|
||||
- </description>
|
||||
+ <title xml:lang="en-US">Default install settings</title>
|
||||
+ <description xml:lang="en-US">This profile is an example policy that simply checks if some of RHEL6 default
|
||||
+install settings have been modified. It is not comprehensive nor checks security hardening. It is just for testing
|
||||
+purposes.</description>
|
||||
<select idref="rule-1005" selected="true"/>
|
||||
<select idref="rule-1007" selected="true"/>
|
||||
<select idref="rule-1008" selected="true"/>
|
||||
@ -2,15 +2,14 @@
|
||||
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
|
||||
|
||||
Name: openscap
|
||||
Version: 0.8.0
|
||||
Release: 3%{?dist}
|
||||
Version: 0.8.1
|
||||
Release: 1%{?dist}
|
||||
Summary: Set of open source libraries enabling integration of the SCAP line of standards
|
||||
Group: System Environment/Libraries
|
||||
License: LGPLv2+
|
||||
URL: http://www.open-scap.org/
|
||||
Source0: http://www.open-scap.org/download/%{name}-%{version}.tar.gz
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
Patch1: openscap-0.8.0-example.patch
|
||||
BuildRequires: swig libxml2-devel libxslt-devel perl-XML-Parser
|
||||
BuildRequires: rpm-devel
|
||||
BuildRequires: libgcrypt-devel
|
||||
@ -65,8 +64,6 @@ libraries can be used by perl.
|
||||
Summary: Openscap utilities
|
||||
Group: Applications/System
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Requires(post): chkconfig
|
||||
Requires(preun): chkconfig initscripts
|
||||
|
||||
%description utils
|
||||
The %{name}-utils package contains various utilities based on %{name} library.
|
||||
@ -81,6 +78,13 @@ Requires: %{name} = %{version}-%{release}
|
||||
Example of SCAP content for Fedora. Please note that this content
|
||||
is for testing purposes only.
|
||||
|
||||
%package content-sectool
|
||||
Summary: Sectool content
|
||||
Group: Applications/System
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
|
||||
%description content-sectool
|
||||
SCAP/SCE content that conforms to sectool checks.
|
||||
|
||||
%package extra-probes
|
||||
Summary: SCAP probes
|
||||
@ -97,7 +101,6 @@ commonly used and require additional dependencies.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch1 -p1 -b .example
|
||||
|
||||
%build
|
||||
%ifarch sparc64
|
||||
@ -109,7 +112,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpie"
|
||||
export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
|
||||
%endif
|
||||
|
||||
%configure
|
||||
%configure --enable-sce
|
||||
|
||||
make %{?_smp_mflags}
|
||||
# Remove shebang from bash-completion script
|
||||
@ -126,11 +129,6 @@ rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
make install INSTALL='install -p' DESTDIR=$RPM_BUILD_ROOT
|
||||
|
||||
install -d -m 755 $RPM_BUILD_ROOT%{_initrddir}
|
||||
install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
|
||||
install -p -m 755 dist/fedora/oscap-scan.init $RPM_BUILD_ROOT%{_initrddir}/oscap-scan
|
||||
install -p -m 644 dist/fedora/oscap-scan.sys $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/oscap-scan
|
||||
|
||||
# create symlinks to default content
|
||||
ln -s %{_datadir}/openscap/scap-fedora14-oval.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-oval.xml
|
||||
ln -s %{_datadir}/openscap/scap-fedora14-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-xccdf.xml
|
||||
@ -153,16 +151,6 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
|
||||
%post utils
|
||||
/sbin/chkconfig --add oscap-scan
|
||||
|
||||
%preun utils
|
||||
if [ $1 -eq 0 ]; then
|
||||
/sbin/service oscap-scan stop > /dev/null 2>&1
|
||||
/sbin/chkconfig --del oscap-scan
|
||||
fi
|
||||
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
%doc AUTHORS COPYING ChangeLog NEWS README
|
||||
@ -221,9 +209,7 @@ fi
|
||||
|
||||
%files utils
|
||||
%defattr(-,root,root,-)
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/oscap-scan
|
||||
%doc docs/oscap-scan.cron
|
||||
%{_initrddir}/oscap-scan
|
||||
%{_mandir}/man8/*
|
||||
%{_bindir}/*
|
||||
%{_sysconfdir}/bash_completion.d
|
||||
@ -235,11 +221,18 @@ fi
|
||||
%{_datadir}/openscap/scap-fedora14-oval.xml
|
||||
%{_datadir}/openscap/scap-fedora14-xccdf.xml
|
||||
|
||||
%files content-sectool
|
||||
%defattr(-,root,root,-)
|
||||
%{_datadir}/openscap/sectool-sce
|
||||
|
||||
%files extra-probes
|
||||
%{_libexecdir}/openscap/probe_ldap57
|
||||
%{_libexecdir}/openscap/probe_gconf
|
||||
|
||||
%changelog
|
||||
* Tue Feb 21 2012 Peter Vrabec <pvrabec@redhat.com> 0.8.1-1
|
||||
- upgrade
|
||||
|
||||
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 0.8.0-3
|
||||
- Rebuild against PCRE 8.30
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user