scap-security-guide/scap-security-guide.spec

347 lines
15 KiB
RPMSpec
Raw Normal View History

2013-10-22 14:09:50 +00:00
Name: scap-security-guide
2020-07-17 10:21:29 +00:00
Version: 0.1.51
Release: 4%{?dist}
2013-10-22 14:09:50 +00:00
Summary: Security guidance and baselines in SCAP formats
License: BSD-3-Clause
2019-02-22 10:30:32 +00:00
URL: https://github.com/ComplianceAsCode/content/
Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2
2013-10-22 14:09:50 +00:00
BuildArch: noarch
2017-03-31 02:39:41 +00:00
BuildRequires: libxslt
BuildRequires: expat
BuildRequires: openscap-scanner >= 1.2.5
BuildRequires: cmake >= 2.8
BuildRequires: python%{python3_pkgversion}
BuildRequires: python%{python3_pkgversion}-jinja2
BuildRequires: python%{python3_pkgversion}-PyYAML
2017-03-31 02:39:41 +00:00
Requires: xml-common, openscap-scanner >= 1.2.5
2013-12-20 18:01:21 +00:00
Obsoletes: openscap-content < 0:0.9.13
Provides: openscap-content
2013-10-22 14:09:50 +00:00
%description
The scap-security-guide project provides a guide for configuration of the
system from the final system's security point of view. The guidance is specified
in the Security Content Automation Protocol (SCAP) format and constitutes
a catalog of practical hardening advice, linked to government requirements
where applicable. The project bridges the gap between generalized policy
requirements and specific implementation guidelines. The Fedora system
administrator can use the oscap CLI tool from openscap-scanner package, or the
2013-10-22 14:09:50 +00:00
scap-workbench GUI tool from scap-workbench package to verify that the system
conforms to provided guideline. Refer to scap-security-guide(8) manual page for
further information.
2015-06-24 08:14:23 +00:00
%package doc
Summary: HTML formatted security guides generated from XCCDF benchmarks
2015-06-24 08:14:23 +00:00
Requires: %{name} = %{version}-%{release}
%description doc
The %{name}-doc package contains HTML formatted documents containing
hardening guidances that have been generated from XCCDF benchmarks
present in %{name} package.
2013-10-22 14:09:50 +00:00
%prep
2016-11-28 17:05:27 +00:00
%setup -q
2013-10-22 14:09:50 +00:00
%build
%cmake
%cmake_build
2013-10-22 14:09:50 +00:00
%install
%cmake_install
2015-06-24 08:14:23 +00:00
2013-10-22 14:09:50 +00:00
%files
2017-03-31 02:39:41 +00:00
%{_datadir}/xml/scap/ssg/content
%{_datadir}/%{name}/kickstart
2017-07-03 13:46:00 +00:00
%{_datadir}/%{name}/ansible
%{_datadir}/%{name}/bash
2017-03-31 02:39:41 +00:00
%lang(en) %{_mandir}/man8/scap-security-guide.8.*
2015-06-24 08:14:23 +00:00
%doc %{_docdir}/%{name}/LICENSE
%doc %{_docdir}/%{name}/README.md
2017-03-31 02:39:41 +00:00
%doc %{_docdir}/%{name}/Contributors.md
2013-10-22 14:09:50 +00:00
2015-06-24 08:14:23 +00:00
%files doc
%doc %{_docdir}/%{name}/guides/*.html
%doc %{_docdir}/%{name}/tables/*.html
2013-12-20 18:01:21 +00:00
2013-10-22 14:09:50 +00:00
%changelog
* Tue Aug 04 2020 Jan Černý <jcerny@redhat.com> - 0.1.51-4
- Update for new CMake out of source builds
https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
- Fix FTBS in Rawhide/F33 (RHBZ#1863741)
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.51-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.51-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
2020-07-17 10:21:29 +00:00
* Fri Jul 17 2020 Vojtech Polasek <vpolasek@redhat.com> - 0.1.51-1
- Update to latest upstream SCAP-Security-Guide-0.1.51 release:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.51
2020-03-23 13:11:47 +00:00
* Mon Mar 23 2020 Watson Sato <wsato@redhat.com> - 0.1.49-1
- Update to latest upstream SCAP-Security-Guide-0.1.49 release:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.49
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.48-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
2020-01-16 12:32:11 +00:00
* Thu Jan 16 2020 Watson Sato <wsato@redhat.com> - 0.1.48-1
- Update to latest upstream SCAP-Security-Guide-0.1.48 release:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.48
2019-12-09 14:21:26 +00:00
* Mon Dec 09 2019 Matěj Týč <matyc@redhat.com> - 0.1.47-2
- Hotfix of the XML parsing fix.
* Mon Dec 09 2019 Matěj Týč <matyc@redhat.com> - 0.1.47-1
- Update to latest upstream SCAP-Security-Guide-0.1.47 release:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.47
- Fixed XML parsing of remediation functions.
2019-07-29 10:27:29 +00:00
* Mon Jul 29 2019 Watson Sato <wsato@redhat.com> - 0.1.45-1
- Update to latest upstream SCAP-Security-Guide-0.1.45 release:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.45
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.44-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
2019-05-06 09:09:40 +00:00
* Mon May 06 2019 Watson Yuuma Sato <wsato@redhat.com> - 0.1.44-1
- Update to latest upstream SCAP-Security-Guide-0.1.44 release:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.44
2019-02-22 10:30:32 +00:00
* Fri Feb 22 2019 Watson Yuuma Sato <wsato@redhat.com> - 0.1.43-1
- Update to latest upstream SCAP-Security-Guide-0.1.43 release:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.43
- Update URL and source URL
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.42-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
2018-12-12 12:32:00 +00:00
* Wed Dec 12 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.42-1
- Update to latest upstream SCAP-Security-Guide-0.1.42 release:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.42
- Fix man page build dependency on derivative content
2018-12-12 12:32:00 +00:00
* Mon Oct 01 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.41-1
- Update to latest upstream SCAP-Security-Guide-0.1.41 release:
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.41
2018-10-01 14:04:14 +00:00
- Fix Licence of this package
* Wed Jul 25 2018 Matěj Týč <matyc@redhat.com> - 0.1.40-1
- Update to latest upstream SCAP-Security-Guide-0.1.40 release:
https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.40
- Update to use Python3 for build.
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.39-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri May 04 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.39-2
- Add python version to python2-jinja2 package
2018-05-04 09:18:59 +00:00
* Fri May 04 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.39-1
- Update to latest upstream SCAP-Security-Guide-0.1.39 release:
https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.39
2018-03-06 08:22:33 +00:00
* Mon Mar 05 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.38-2
- Add python version to python package prefixes
2018-03-05 09:38:01 +00:00
* Mon Mar 05 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.38-1
- Update to latest upstream SCAP-Security-Guide-0.1.38 release:
https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.38
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.37-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
2018-01-04 16:45:23 +00:00
* Thu Jan 04 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.37-1
- Update to latest upstream SCAP-Security-Guide-0.1.37 release:
https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.37
* Wed Nov 01 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.1.36-1
- Update to latest upstream SCAP-Security-Guide-0.1.36 release:
https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.36
2017-08-29 16:56:31 +00:00
* Tue Aug 29 2017 Watson Sato <wsato@redhat.com> - 0.1.35-1
- Update to latest upstream SCAP-Security-Guide-0.1.35 release:
https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.35
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.34-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-03 13:46:00 +00:00
* Mon Jul 03 2017 Watson Sato <wsato@redhat.com> - 0.1.34-1
- updated to latest upstream release
2017-05-01 15:00:00 +00:00
* Mon May 01 2017 Martin Preisler <mpreisle@redhat.com> - 0.1.33-1
- updated to latest upstream release
2017-03-31 02:39:41 +00:00
* Thu Mar 30 2017 Martin Preisler <mpreisle@redhat.com> - 0.1.32-1
- updated to latest upstream release
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.31-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Mon Nov 28 2016 Martin Preisler <mpreisle@redhat.com> - 0.1.31-2
- use make_build and make_install RPM macros
2016-11-28 17:05:27 +00:00
* Mon Nov 28 2016 Martin Preisler <mpreisle@redhat.com> - 0.1.31-1
- update to the latest upstream release
- new default location for content /usr/share/scap/ssg
- install HTML tables in the doc subpackage
* Mon Jun 27 2016 Jan iankko Lieskovsky <jlieskov@redhat.com> - 0.1.30-2
- Correct currently failing parallel SCAP Security Guide build
* Mon Jun 27 2016 Jan iankko Lieskovsky <jlieskov@redhat.com> - 0.1.30-1
- Update to latest upstream SCAP-Security-Guide-0.1.30 release:
https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.30
- Drop shell library for remediation functions since it is not required
starting from 0.1.30 release any more
* Thu May 05 2016 Jan iankko Lieskovsky <jlieskov@redhat.com> - 0.1.29-1
- Update to latest upstream SCAP-Security-Guide-0.1.29 release:
https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.29
- Do not ship Firefox/DISCLAIMER documentation file since it has been removed
in 0.1.29 upstream release
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.28-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-01-20 07:13:19 +00:00
* Wed Jan 20 2016 Šimon Lukašík <slukasik@redhat.com> - 0.1.28-1
- upgrade to the latest upstream release
2015-12-11 20:23:18 +00:00
* Fri Dec 11 2015 Šimon Lukašík <slukasik@redhat.com> - 0.1.27-1
- update to the latest upstream release
2015-10-20 06:49:45 +00:00
* Tue Oct 20 2015 Šimon Lukašík <slukasik@redhat.com> - 0.1.26-1
- update to the latest upstream release
2015-09-05 17:25:38 +00:00
* Sat Sep 05 2015 Šimon Lukašík <slukasik@redhat.com> - 0.1.25-1
- update to the latest upstream release
2015-06-24 08:14:23 +00:00
* Thu Jul 09 2015 Šimon Lukašík <slukasik@redhat.com> - 0.1.24-1
- update to the latest upstream release
- created doc sub-package to ship all the guides
- start distributing centos and scientific linux content
- rename java content to jre
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1.22-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-05-05 13:33:30 +00:00
* Tue May 05 2015 Šimon Lukašík <slukasik@redhat.com> - 0.1.22-1
- update to the latest upstream release
- only DataStream file is now available for Fedora
- start distributing security baseline for Firefox
- start distributing security baseline for Java RunTime deployments
2015-05-05 13:33:30 +00:00
2015-03-04 14:32:08 +00:00
* Wed Mar 04 2015 Šimon Lukašík <slukasik@redhat.com> - 0.1.21-1
- update to the latest upstream release
- move content to /usr/share/scap/ssg/content
2015-03-04 14:32:08 +00:00
* Thu Oct 02 2014 Šimon Lukašík <slukasik@redhat.com> - 0.1.19-1
- update to the latest upstream release
* Mon Jul 14 2014 Šimon Lukašík <slukasik@redhat.com> - 0.1.5-4
- require only openscap-scanner, not whole openscap-utils package
* Tue Jul 01 2014 Šimon Lukašík <slukasik@redhat.com> - 0.1.5-3
- Rebase the RHEL part of SSG to the latest upstream version (0.1.18)
- Add STIG DISCLAIMER to the shipped documentation
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-02-27 17:14:50 +00:00
* Thu Feb 27 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.5-1
- Fix fedora-srpm and fedora-rpm Make targets to work again
- Include RHEL-6 and RHEL-7 datastream files to support remote RHEL system scans
- EOL for Fedora 18 support
- Include Fedora datastream file for remote Fedora system scans
* Mon Jan 06 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.4-2
- Drop -compat package, provide openscap-content directly (RH BZ#1040335#c14)
2013-12-20 18:01:21 +00:00
* Fri Dec 20 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.4-1
- Fix remediation for sshd set keepalive (ClientAliveCountMax) and move
it to /shared
- Add shared remediations for sshd disable empty passwords and
sshd set idle timeout
- Shared remediation for sshd disable root login
- Add empty -compat subpackage to ensure backward-compatibility with
openscap-content and firstaidkit-plugin-openscap packages (RH BZ#1040335)
- OVAL check for sshd disable root login
- Fix typo in OVAL check for sshd disable empty passwords
- OVAL check for sshd disable empty passwords
- Unselect no shelllogin for systemaccounts rule from being run by default
- Rename XCCDF rules
- Revert Set up Fedora release name and CPE based on build system properties
- Shared OVAL check for Verify that Shared Library Files Have Root Ownership
- Shared OVAL check for Verify that System Executables Have Restrictive Permissions
- Shared OVAL check for Verify that System Executables Have Root Ownership
- Shared OVAL check for Verify that Shared Library Files Have Restrictive
Permissions
- Fix remediation for Disable Prelinking rule
- OVAL check and remediation for sshd's ClientAliveCountMax rule
- OVAL check for sshd's ClientAliveInterval rule
- Include descriptions for permissions section, and rules for checking
permissions and ownership of shared library files and system executables
- Disable selected rules by default
- Add remediation for Disable Prelinking rule
- Adjust service-enable-macro, service-disable-macro XSLT transforms
definition to evaluate to proper systemd syntax
- Fix service_ntpd_enabled OVAL check make validate to pass again
- Include patch from Šimon Lukašík to obsolete openscap-content
package (RH BZ#1028706)
- Add OVAL check to test if there's is remote NTP server configured for
time data
- Add system settings section for the guide (to track system wide
hardening configurations)
- Include disable prelink rule and OVAL check for it
- Initial OVAL check if ntpd service is enabled. Add package_installed
OVAL templating directory structure and functionality.
- Include services section, and XCCDF description for selected ntpd's
sshd's service rules
- Include remediations for login.defs' based password minimum, maximum and
warning age rules
- Include directory structure to support remediations
- Add SCAP "replace or append pattern value in text file based on variable"
remediation script generator
- Add remediation for "Set Password Minimum Length in login.defs" rule
* Mon Nov 18 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.3-1
- Update versioning scheme - move fedorassgrelease to be part of
upstream version. Rename it to fedorassgversion to avoid name collision
with Fedora package release.
2013-10-22 14:09:50 +00:00
* Tue Oct 22 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-3
- Add .gitignore for Fedora output directory
- Set up Fedora release name and CPE based on build system properties
- Use correct file paths in scap-security-guide(8) manual page
(RH BZ#1018905, c#10)
- Apply further changes motivated by scap-security-guide Fedora RPM review
request (RH BZ#1018905, c#8):
* update package description,
* make content files to be owned by the scap-security-guide package,
* remove Fedora release number from generated content files,
* move HTML form of the guide under the doc directory (together
with that drop fedora/content subdir and place the content
directly under fedora/ subdir).
- Fixes for scap-security-guide Fedora RPM review request (RH BZ#1018905):
* drop Fedora release from package provided files' final path (c#5),
* drop BuildRoot, selected Requires:, clean section, drop chcon for
manual page, don't gzip man page (c#4),
* change package's description (c#4),
* include PD license text (#c4).
* Mon Oct 14 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-2
- Provide manual page for scap-security-guide
- Remove percent sign from spec's changelog to silence rpmlint warning
- Convert RHEL6 'Restrict Root Logins' section's rules to Fedora
- Convert RHEL6 'Set Password Expiration Parameter' rules to Fedora
- Introduce 'Account and Access Control' section
- Convert RHEL6 'Verify Proper Storage and Existence of Password Hashes' section's
rules to Fedora
- Set proper name of the build directory in the spec's setup macro.
- Replace hard-coded paths with macros. Preserve attributes when copying files.
* Tue Sep 17 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-1
- Initial Fedora SSG RPM.