rpms/openscap
7
0
Fork 0
Code Issues Pull Requests Releases Activity

upgrade

Browse Source
This commit is contained in:
Peter Vrabec 2012-02-22 20:37:04 +01:00
parent ae335e19ec
commit 0f47b046ee
4 changed files with 19 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -11,3 +11,4 @@ openscap-0.6.0.tar.gz
/openscap-0.7.3.tar.gz /openscap-0.7.3.tar.gz
/openscap-0.7.4.tar.gz /openscap-0.7.4.tar.gz
/openscap-0.8.0.tar.gz /openscap-0.8.0.tar.gz
/openscap-0.8.1.tar.gz

70
openscap-0.8.0-example.patch
View File

@ -1,70 +0,0 @@
diff --git a/dist/fedora/scap-fedora14-xccdf.xml b/dist/fedora/scap-fedora14-xccdf.xml
index 91080aa..ee63a51 100644
--- a/dist/fedora/scap-fedora14-xccdf.xml
+++ b/dist/fedora/scap-fedora14-xccdf.xml
@@ -11,10 +11,11 @@
resolved="1"
id="scap-fedora14-xccdf.xml"
xml:lang="en">
- <status date="2010-09-11">draft</status>
- <title>Guide to the Secure Configuration of Fedora Linux</title>
- <description>This guide has been created to assist IT professionals, in effectively securing systems with Fedora Linux.</description>
- <version>0.6.3</version>
+ <status date="2011-10-12">draft</status>
+ <title>Example of SCAP Security Guidance</title>
+ <description>This example security guidance has been created to demonstrate SCAP functionality
+on Linux.</description>
+ <version>0.1</version>
<model system="urn:xccdf:scoring:default" />
<model system="urn:xccdf:scoring:flat" />
<!-- ==================================================================================================== -->
@@ -25,9 +26,11 @@
<!-- Each defines the set of XCCDF rules that are applicable for that guidance as well as specific values -->
<!-- to be used when determining complinace. -->
<!-- -->
- <Profile id="F14-Desktop" abstract="false">
- <title xml:lang="en">Fedora 14 desktop settings</title>
- <description xml:lang="en">This profile selects security controls that conform to default Fedora 14 configuration.</description>
+ <Profile id="F14-Default" abstract="false">
+ <title xml:lang="en">Default install settings</title>
+ <description xml:lang="en">This profile is an example policy that simply checks if some of Fedora 14 default
+install settings have been modified. It is not comprehensive nor checks security hardening. It is just for testing
+purposes.</description>
<select idref="rule-2.1.1.1.1.a" selected="false" /> <!-- DONE --> <!-- Separate Partition or Logical Volume for /tmp -->
<select idref="rule-2.1.1.1.1.b" selected="false"/> <!-- DONE --> <!-- Minimum size of /tmp -->
<select idref="rule-2.1.1.1.2.a" selected="false" /> <!-- DONE --> <!-- Separate Partition or Logical Volume for /var -->
diff --git a/dist/rhel6/scap-rhel6-xccdf.xml b/dist/rhel6/scap-rhel6-xccdf.xml
index 272edb2..82180f7 100644
--- a/dist/rhel6/scap-rhel6-xccdf.xml
+++ b/dist/rhel6/scap-rhel6-xccdf.xml
@@ -1,22 +1,18 @@
<?xml version="1.0" encoding="UTF-8"?>
<Benchmark xmlns="http://checklists.nist.gov/xccdf/1.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="RHEL-6" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 xccdf-1.1.4.xsd" resolved="0" xml:lang="en-US">
- <status date="2011-04-13">draft</status>
- <title xml:lang="en-US">Guidance for Securing Red Hat Enterprise Linux 6</title>
- <description xml:lang="en-US">This guide has been created to assist IT professionals in effectively securing
- systems running Red Hat Enterprise Linux</description>
+ <status date="2011-10-12">draft</status>
+ <title xml:lang="en-US">Example of SCAP Security Guidance</title>
+ <description xml:lang="en-US">This example security guidance has been created to demonstrate SCAP functionality
+on Linux.</description>
<platform idref="cpe:/o:redhat:enterprise_linux:6"/>
<version>0.2</version>
<model system="urn:xccdf:scoring:default"/>
<model system="urn:xccdf:scoring:flat"/>
<Profile id="RHEL6-Default">
- <title xml:lang="en-US">RHEL 6 Profile For Default Installation</title>
- <description xml:lang="en-US">XCCDF profile for evaluation of RHEL 6 updates.
- This profile is designed for evaluation of default configuration of a
- fresh installation of RHEL 6 system. It should be executed for every
- RHEL 6 update. Additional security hardening of the system should be
- done prior to deploying it in a production environment.
- All enabled XCCDF rules should pass.
- </description>
+ <title xml:lang="en-US">Default install settings</title>
+ <description xml:lang="en-US">This profile is an example policy that simply checks if some of RHEL6 default
+install settings have been modified. It is not comprehensive nor checks security hardening. It is just for testing
+purposes.</description>
<select idref="rule-1005" selected="true"/>
<select idref="rule-1007" selected="true"/>
<select idref="rule-1008" selected="true"/>

41
openscap.spec
View File

@ -2,15 +2,14 @@
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
Name: openscap Name: openscap
Version: 0.8.0 Version: 0.8.1
Release: 3%{?dist} Release: 1%{?dist}
Summary: Set of open source libraries enabling integration of the SCAP line of standards Summary: Set of open source libraries enabling integration of the SCAP line of standards
Group: System Environment/Libraries Group: System Environment/Libraries
License: LGPLv2+ License: LGPLv2+
URL: http://www.open-scap.org/ URL: http://www.open-scap.org/
Source0: http://www.open-scap.org/download/%{name}-%{version}.tar.gz Source0: http://www.open-scap.org/download/%{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Patch1: openscap-0.8.0-example.patch
BuildRequires: swig libxml2-devel libxslt-devel perl-XML-Parser BuildRequires: swig libxml2-devel libxslt-devel perl-XML-Parser
BuildRequires: rpm-devel BuildRequires: rpm-devel
BuildRequires: libgcrypt-devel BuildRequires: libgcrypt-devel
@ -65,8 +64,6 @@ libraries can be used by perl.
Summary: Openscap utilities Summary: Openscap utilities
Group: Applications/System Group: Applications/System
Requires: %{name} = %{version}-%{release} Requires: %{name} = %{version}-%{release}
Requires(post): chkconfig
Requires(preun): chkconfig initscripts
%description utils %description utils
The %{name}-utils package contains various utilities based on %{name} library. The %{name}-utils package contains various utilities based on %{name} library.
@ -81,6 +78,13 @@ Requires: %{name} = %{version}-%{release}
Example of SCAP content for Fedora. Please note that this content Example of SCAP content for Fedora. Please note that this content
is for testing purposes only. is for testing purposes only.
%package content-sectool
Summary: Sectool content
Group: Applications/System
Requires: %{name} = %{version}-%{release}
%description content-sectool
SCAP/SCE content that conforms to sectool checks.
%package extra-probes %package extra-probes
Summary: SCAP probes Summary: SCAP probes
@ -97,7 +101,6 @@ commonly used and require additional dependencies.
%prep %prep
%setup -q %setup -q
%patch1 -p1 -b .example
%build %build
%ifarch sparc64 %ifarch sparc64
@ -109,7 +112,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpie"
export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
%endif %endif
%configure %configure --enable-sce
make %{?_smp_mflags} make %{?_smp_mflags}
# Remove shebang from bash-completion script # Remove shebang from bash-completion script
@ -126,11 +129,6 @@ rm -rf $RPM_BUILD_ROOT
make install INSTALL='install -p' DESTDIR=$RPM_BUILD_ROOT make install INSTALL='install -p' DESTDIR=$RPM_BUILD_ROOT
install -d -m 755 $RPM_BUILD_ROOT%{_initrddir}
install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
install -p -m 755 dist/fedora/oscap-scan.init $RPM_BUILD_ROOT%{_initrddir}/oscap-scan
install -p -m 644 dist/fedora/oscap-scan.sys $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/oscap-scan
# create symlinks to default content # create symlinks to default content
ln -s %{_datadir}/openscap/scap-fedora14-oval.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-oval.xml ln -s %{_datadir}/openscap/scap-fedora14-oval.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-oval.xml
ln -s %{_datadir}/openscap/scap-fedora14-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-xccdf.xml ln -s %{_datadir}/openscap/scap-fedora14-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-xccdf.xml
@ -153,16 +151,6 @@ rm -rf $RPM_BUILD_ROOT
%postun -p /sbin/ldconfig %postun -p /sbin/ldconfig
%post utils
/sbin/chkconfig --add oscap-scan
%preun utils
if [ $1 -eq 0 ]; then
/sbin/service oscap-scan stop > /dev/null 2>&1
/sbin/chkconfig --del oscap-scan
fi
%files %files
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc AUTHORS COPYING ChangeLog NEWS README %doc AUTHORS COPYING ChangeLog NEWS README
@ -221,9 +209,7 @@ fi
%files utils %files utils
%defattr(-,root,root,-) %defattr(-,root,root,-)
%config(noreplace) %{_sysconfdir}/sysconfig/oscap-scan
%doc docs/oscap-scan.cron %doc docs/oscap-scan.cron
%{_initrddir}/oscap-scan
%{_mandir}/man8/* %{_mandir}/man8/*
%{_bindir}/* %{_bindir}/*
%{_sysconfdir}/bash_completion.d %{_sysconfdir}/bash_completion.d
@ -235,11 +221,18 @@ fi
%{_datadir}/openscap/scap-fedora14-oval.xml %{_datadir}/openscap/scap-fedora14-oval.xml
%{_datadir}/openscap/scap-fedora14-xccdf.xml %{_datadir}/openscap/scap-fedora14-xccdf.xml
%files content-sectool
%defattr(-,root,root,-)
%{_datadir}/openscap/sectool-sce
%files extra-probes %files extra-probes
%{_libexecdir}/openscap/probe_ldap57 %{_libexecdir}/openscap/probe_ldap57
%{_libexecdir}/openscap/probe_gconf %{_libexecdir}/openscap/probe_gconf
%changelog %changelog
* Tue Feb 21 2012 Peter Vrabec <pvrabec@redhat.com> 0.8.1-1
- upgrade
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 0.8.0-3 * Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 0.8.0-3
- Rebuild against PCRE 8.30 - Rebuild against PCRE 8.30

2
sources
View File

@ -1 +1 @@
7d98c3afb062804849fa8ba7e040e3f9 openscap-0.8.0.tar.gz e2c5565959a87b8d66da2b80c5c0ac40 openscap-0.8.1.tar.gz