diff --git a/scap-security-guide-0.1.64-readd_rules-PR_9334.patch b/scap-security-guide-0.1.64-readd_rules-PR_9334.patch new file mode 100644 index 0000000..9651d1d --- /dev/null +++ b/scap-security-guide-0.1.64-readd_rules-PR_9334.patch @@ -0,0 +1,60 @@ +From be2aba89ab61767fd301ee1ac4f4e64bf5a66887 Mon Sep 17 00:00:00 2001 +From: Vojtech Polasek +Date: Thu, 11 Aug 2022 16:53:48 +0200 +Subject: [PATCH] add 4 rules back to RHEL9 datastream + +--- + .../services/kerberos/package_krb5-server_removed/rule.yml | 2 +- + .../guide/services/obsolete/nis/package_ypbind_removed/rule.yml | 2 +- + .../guide/services/obsolete/nis/package_ypserv_removed/rule.yml | 2 +- + .../system-tools/package_krb5-workstation_removed/rule.yml | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml +index 78577046409..17d742d9692 100644 +--- a/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml ++++ b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9 + + title: 'Remove the Kerberos Server Package' + +diff --git a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +index d8a3910ff4d..9be95ffed5c 100644 +--- a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Remove NIS Client' + +diff --git a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +index ee7ccb2d8da..0f7ad7c0431 100644 +--- a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Uninstall ypserv Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml +index 7a02459825d..4750fd6b266 100644 +--- a/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9 + + title: 'Uninstall krb5-workstation Package' + diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 8e138bd..8189a73 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -6,7 +6,7 @@ Name: scap-security-guide Version: 0.1.63 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Security guidance and baselines in SCAP formats License: BSD-3-Clause URL: https://github.com/ComplianceAsCode/content/ @@ -19,6 +19,7 @@ Patch2: scap-security-guide-0.1.64-sysctl_template_extension_and_bpf_rules-PR_9 Patch3: scap-security-guide-0.1.64-fix_require_single_user_description-PR_9256.patch Patch4: scap-security-guide-0.1.64-authselect_minimal_for_ospp-PR_9298.patch Patch5: scap-security-guide-0.1.64-coredump_rules_for_ospp-PR_9285.patch +Patch6: scap-security-guide-0.1.64-readd_rules-PR_9334.patch BuildRequires: libxslt BuildRequires: expat @@ -105,6 +106,9 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md %endif %changelog +* Thu Aug 11 2022 Matej Tyc - 0.1.63-3 +- Readd rules to the benchmark to be compatible across all minor versions of RHEL9 (RHBZ#2117669) + * Wed Aug 10 2022 Vojtech Polasek - 0.1.63-2 - OSPP: utilize different audit rule set for different hardware platforms (RHBZ#1998583) - OSPP: update rules related to coredumps (RHBZ#2081688)