rpms/openscap
7
0
Fork 0
Code Issues Pull Requests Releases Activity

upgrade

Browse Source
This commit is contained in:
Peter Vrabec 2011-10-13 10:16:21 +02:00
parent 1fda365ded
commit 78059aac3b
4 changed files with 95 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -10,3 +10,4 @@ openscap-0.6.0.tar.gz
/openscap-0.7.2.tar.gz
/openscap-0.7.3.tar.gz
/openscap-0.7.4.tar.gz
/openscap-0.8.0.tar.gz

70
openscap-0.8.0-example.patch Normal file
View File

@ -0,0 +1,70 @@
diff --git a/dist/fedora/scap-fedora14-xccdf.xml b/dist/fedora/scap-fedora14-xccdf.xml
index 91080aa..ee63a51 100644
--- a/dist/fedora/scap-fedora14-xccdf.xml
+++ b/dist/fedora/scap-fedora14-xccdf.xml
@@ -11,10 +11,11 @@
resolved="1"
id="scap-fedora14-xccdf.xml"
xml:lang="en">
- <status date="2010-09-11">draft</status>
- <title>Guide to the Secure Configuration of Fedora Linux</title>
- <description>This guide has been created to assist IT professionals, in effectively securing systems with Fedora Linux.</description>
- <version>0.6.3</version>
+ <status date="2011-10-12">draft</status>
+ <title>Example of SCAP Security Guidance</title>
+ <description>This example security guidance has been created to demonstrate SCAP functionality
+on Linux.</description>
+ <version>0.1</version>
<model system="urn:xccdf:scoring:default" />
<model system="urn:xccdf:scoring:flat" />
<!-- ==================================================================================================== -->
@@ -25,9 +26,11 @@
<!-- Each defines the set of XCCDF rules that are applicable for that guidance as well as specific values -->
<!-- to be used when determining complinace. -->
<!-- -->
- <Profile id="F14-Desktop" abstract="false">
- <title xml:lang="en">Fedora 14 desktop settings</title>
- <description xml:lang="en">This profile selects security controls that conform to default Fedora 14 configuration.</description>
+ <Profile id="F14-Default" abstract="false">
+ <title xml:lang="en">Default install settings</title>
+ <description xml:lang="en">This profile is an example policy that simply checks if some of Fedora 14 default
+install settings have been modified. It is not comprehensive nor checks security hardening. It is just for testing
+purposes.</description>
<select idref="rule-2.1.1.1.1.a" selected="false" /> <!-- DONE --> <!-- Separate Partition or Logical Volume for /tmp -->
<select idref="rule-2.1.1.1.1.b" selected="false"/> <!-- DONE --> <!-- Minimum size of /tmp -->
<select idref="rule-2.1.1.1.2.a" selected="false" /> <!-- DONE --> <!-- Separate Partition or Logical Volume for /var -->
diff --git a/dist/rhel6/scap-rhel6-xccdf.xml b/dist/rhel6/scap-rhel6-xccdf.xml
index 272edb2..82180f7 100644
--- a/dist/rhel6/scap-rhel6-xccdf.xml
+++ b/dist/rhel6/scap-rhel6-xccdf.xml
@@ -1,22 +1,18 @@
<?xml version="1.0" encoding="UTF-8"?>
<Benchmark xmlns="http://checklists.nist.gov/xccdf/1.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="RHEL-6" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 xccdf-1.1.4.xsd" resolved="0" xml:lang="en-US">
- <status date="2011-04-13">draft</status>
- <title xml:lang="en-US">Guidance for Securing Red Hat Enterprise Linux 6</title>
- <description xml:lang="en-US">This guide has been created to assist IT professionals in effectively securing
- systems running Red Hat Enterprise Linux</description>
+ <status date="2011-10-12">draft</status>
+ <title xml:lang="en-US">Example of SCAP Security Guidance</title>
+ <description xml:lang="en-US">This example security guidance has been created to demonstrate SCAP functionality
+on Linux.</description>
<platform idref="cpe:/o:redhat:enterprise_linux:6"/>
<version>0.2</version>
<model system="urn:xccdf:scoring:default"/>
<model system="urn:xccdf:scoring:flat"/>
<Profile id="RHEL6-Default">
- <title xml:lang="en-US">RHEL 6 Profile For Default Installation</title>
- <description xml:lang="en-US">XCCDF profile for evaluation of RHEL 6 updates.
- This profile is designed for evaluation of default configuration of a
- fresh installation of RHEL 6 system. It should be executed for every
- RHEL 6 update. Additional security hardening of the system should be
- done prior to deploying it in a production environment.
- All enabled XCCDF rules should pass.
- </description>
+ <title xml:lang="en-US">Default install settings</title>
+ <description xml:lang="en-US">This profile is an example policy that simply checks if some of RHEL6 default
+install settings have been modified. It is not comprehensive nor checks security hardening. It is just for testing
+purposes.</description>
<select idref="rule-1005" selected="true"/>
<select idref="rule-1007" selected="true"/>
<select idref="rule-1008" selected="true"/>

26
openscap.spec
View File

@ -2,7 +2,7 @@
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
Name: openscap
Version: 0.7.4
Version: 0.8.0
Release: 1%{?dist}
Summary: Set of open source libraries enabling integration of the SCAP line of standards
Group: System Environment/Libraries
@ -10,13 +10,15 @@ License: LGPLv2+
URL: http://www.open-scap.org/
Source0: http://www.open-scap.org/download/%{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Patch1: openscap-0.8.0-example.patch
BuildRequires: swig libxml2-devel libxslt-devel perl-XML-Parser
BuildRequires: rpm-devel
BuildRequires: libgcrypt-devel
BuildRequires: pcre-devel
BuildRequires: libacl-devel
BuildRequires: libselinux-devel
BuildRequires: libselinux-devel libcap-devel
BuildRequires: libblkid-devel
BuildRequires: libnl-devel
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
@ -76,7 +78,8 @@ Group: Applications/System
Requires: %{name} = %{version}-%{release}
%description content
SCAP content for Fedora delivered by Open-SCAP project.
Example of SCAP content for Fedora. Please note that this content
is for testing purposes only.
%package extra-probes
@ -84,6 +87,7 @@ Summary: SCAP probes
Group: Applications/System
Requires: %{name} = %{version}-%{release}
BuildRequires: openldap-devel
BuildRequires: GConf2-devel
#BuildRequires: opendbx - for sql
%description extra-probes
@ -93,6 +97,7 @@ commonly used and require additional dependencies.
%prep
%setup -q
%patch1 -p1 -b .example
%build
%ifarch sparc64
@ -110,6 +115,11 @@ make %{?_smp_mflags}
# Remove shebang from bash-completion script
sed -i '/^#!.*bin/,+1 d' dist/bash_completion.d/oscap
%check
#to run make check use "--with check"
%if %{?_with_check:1}%{!?_with_check:0}
make check
%endif
%install
rm -rf $RPM_BUILD_ROOT
@ -162,16 +172,22 @@ fi
%{_libexecdir}/openscap/probe_environmentvariable58
%{_libexecdir}/openscap/probe_family
%{_libexecdir}/openscap/probe_file
%{_libexecdir}/openscap/probe_fileextendedattribute
%{_libexecdir}/openscap/probe_filehash
%{_libexecdir}/openscap/probe_filehash58
%{_libexecdir}/openscap/probe_iflisteners
%{_libexecdir}/openscap/probe_inetlisteningservers
%{_libexecdir}/openscap/probe_interface
%{_libexecdir}/openscap/probe_partition
%{_libexecdir}/openscap/probe_password
%{_libexecdir}/openscap/probe_process
%{_libexecdir}/openscap/probe_process58
%{_libexecdir}/openscap/probe_routingtable
%{_libexecdir}/openscap/probe_rpminfo
%{_libexecdir}/openscap/probe_rpmverify
%{_libexecdir}/openscap/probe_runlevel
%{_libexecdir}/openscap/probe_selinuxboolean
%{_libexecdir}/openscap/probe_selinuxsecuritycontext
%{_libexecdir}/openscap/probe_shadow
%{_libexecdir}/openscap/probe_sysctl
%{_libexecdir}/openscap/probe_system_info
@ -221,8 +237,12 @@ fi
%files extra-probes
%{_libexecdir}/openscap/probe_ldap57
%{_libexecdir}/openscap/probe_gconf
%changelog
* Tue Oct 11 2011 Peter Vrabec <pvrabec@redhat.com> 0.8.0-1
- upgrade
* Mon Jul 25 2011 Peter Vrabec <pvrabec@redhat.com> 0.7.4-1
- upgrade

2
sources
View File

@ -1 +1 @@
7bd74ac9358e5ec3f858d3a082e9eb41 openscap-0.7.4.tar.gz
7d98c3afb062804849fa8ba7e040e3f9 openscap-0.8.0.tar.gz