Add RHEL 10 Product
This commit is contained in:
parent
0e2a008939
commit
0d5213e1d4
779
01-Add-RHEL10.patch
Normal file
779
01-Add-RHEL10.patch
Normal file
@ -0,0 +1,779 @@
|
||||
From 2227b85575b5b5c049308fbe07b100f38da7cc98 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Burket <mburket@redhat.com>
|
||||
Date: Mon, 26 Feb 2024 14:48:53 -0600
|
||||
Subject: [PATCH 1/3] Add RHEL 10 Product
|
||||
|
||||
---
|
||||
CMakeLists.txt | 5 +
|
||||
build-scripts/enable_derivatives.py | 2 +-
|
||||
build_product | 1 +
|
||||
.../sudo/package_sudo_installed/rule.yml | 1 +
|
||||
products/rhel10/CMakeLists.txt | 26 +++
|
||||
products/rhel10/overlays/srg_support.xml | 173 ++++++++++++++++++
|
||||
products/rhel10/product.yml | 57 ++++++
|
||||
products/rhel10/transforms/constants.xslt | 13 ++
|
||||
products/rhel10/transforms/table-style.xslt | 5 +
|
||||
.../transforms/xccdf-apply-overlay-stig.xslt | 8 +
|
||||
.../rhel10/transforms/xccdf2table-cce.xslt | 9 +
|
||||
.../xccdf2table-profileccirefs.xslt | 9 +
|
||||
shared/applicability/cs10.yml | 3 +
|
||||
.../checks/oval/installed_OS_is_centos10.xml | 47 +++++
|
||||
shared/checks/oval/installed_OS_is_rhel10.xml | 59 ++++++
|
||||
shared/references/cce-redhat-avail.txt | 1 -
|
||||
ssg/constants.py | 7 +-
|
||||
tests/CMakeLists.txt | 16 ++
|
||||
18 files changed, 438 insertions(+), 4 deletions(-)
|
||||
create mode 100644 products/rhel10/CMakeLists.txt
|
||||
create mode 100644 products/rhel10/overlays/srg_support.xml
|
||||
create mode 100644 products/rhel10/product.yml
|
||||
create mode 100644 products/rhel10/transforms/constants.xslt
|
||||
create mode 100644 products/rhel10/transforms/table-style.xslt
|
||||
create mode 100644 products/rhel10/transforms/xccdf-apply-overlay-stig.xslt
|
||||
create mode 100644 products/rhel10/transforms/xccdf2table-cce.xslt
|
||||
create mode 100644 products/rhel10/transforms/xccdf2table-profileccirefs.xslt
|
||||
create mode 100644 shared/applicability/cs10.yml
|
||||
create mode 100644 shared/checks/oval/installed_OS_is_centos10.xml
|
||||
create mode 100644 shared/checks/oval/installed_OS_is_rhel10.xml
|
||||
|
||||
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
||||
index aef21154f2..21f5f5201b 100644
|
||||
--- a/CMakeLists.txt
|
||||
+++ b/CMakeLists.txt
|
||||
@@ -97,6 +97,7 @@ option(SSG_PRODUCT_OPENSUSE "If enabled, the openSUSE SCAP content will be built
|
||||
option(SSG_PRODUCT_RHEL7 "If enabled, the RHEL7 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
|
||||
option(SSG_PRODUCT_RHEL8 "If enabled, the RHEL8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
|
||||
option(SSG_PRODUCT_RHEL9 "If enabled, the RHEL9 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
|
||||
+option(SSG_PRODUCT_RHEL10 "If enabled, the RHEL10 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
|
||||
option(SSG_PRODUCT_RHV4 "If enabled, the RHV4 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
|
||||
option(SSG_PRODUCT_SLE12 "If enabled, the SLE12 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
|
||||
option(SSG_PRODUCT_SLE15 "If enabled, the SLE15 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
|
||||
@@ -323,6 +324,7 @@ message(STATUS "openSUSE: ${SSG_PRODUCT_OPENSUSE}")
|
||||
message(STATUS "RHEL 7: ${SSG_PRODUCT_RHEL7}")
|
||||
message(STATUS "RHEL 8: ${SSG_PRODUCT_RHEL8}")
|
||||
message(STATUS "RHEL 9: ${SSG_PRODUCT_RHEL9}")
|
||||
+message(STATUS "RHEL 10: ${SSG_PRODUCT_RHEL10}")
|
||||
message(STATUS "RHV 4: ${SSG_PRODUCT_RHV4}")
|
||||
message(STATUS "SUSE 12: ${SSG_PRODUCT_SLE12}")
|
||||
message(STATUS "SUSE 15: ${SSG_PRODUCT_SLE15}")
|
||||
@@ -435,6 +437,9 @@ endif()
|
||||
if(SSG_PRODUCT_RHEL9)
|
||||
add_subdirectory("products/rhel9" "rhel9")
|
||||
endif()
|
||||
+if(SSG_PRODUCT_RHEL10)
|
||||
+ add_subdirectory("products/rhel10" "rhel10")
|
||||
+endif()
|
||||
if(SSG_PRODUCT_RHV4)
|
||||
add_subdirectory("products/rhv4" "rhv4")
|
||||
endif()
|
||||
diff --git a/build-scripts/enable_derivatives.py b/build-scripts/enable_derivatives.py
|
||||
index bcc6ed3845..53e5eae1d0 100755
|
||||
--- a/build-scripts/enable_derivatives.py
|
||||
+++ b/build-scripts/enable_derivatives.py
|
||||
@@ -94,7 +94,7 @@ def main():
|
||||
raise RuntimeError("No Benchmark found!")
|
||||
|
||||
for namespace, benchmark in benchmarks:
|
||||
- if args[1] != "cs9" and not args[1].startswith("centos"):
|
||||
+ if args[1] not in ("cs9", "cs10") and not args[1].startswith("centos"):
|
||||
# In all CentOS and CentOS Streams, profiles are kept because they are systems
|
||||
# intended to test content that will get into RHEL
|
||||
ssg.build_derivatives.profile_handling(benchmark, namespace)
|
||||
diff --git a/build_product b/build_product
|
||||
index 34c74f12ae..72e95aa7cb 100755
|
||||
--- a/build_product
|
||||
+++ b/build_product
|
||||
@@ -340,6 +340,7 @@ all_cmake_products=(
|
||||
RHEL7
|
||||
RHEL8
|
||||
RHEL9
|
||||
+ RHEL10
|
||||
RHV4
|
||||
SLE12
|
||||
SLE15
|
||||
diff --git a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
|
||||
index f2c8729c47..15731a7471 100644
|
||||
--- a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
|
||||
+++ b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
|
||||
@@ -19,6 +19,7 @@ identifiers:
|
||||
cce@rhel7: CCE-82213-0
|
||||
cce@rhel8: CCE-82214-8
|
||||
cce@rhel9: CCE-83523-1
|
||||
+ cce@rhel10: CCE-87100-4
|
||||
cce@sle12: CCE-91491-1
|
||||
cce@sle15: CCE-91183-4
|
||||
|
||||
diff --git a/products/rhel10/CMakeLists.txt b/products/rhel10/CMakeLists.txt
|
||||
new file mode 100644
|
||||
index 0000000000..782fee524a
|
||||
--- /dev/null
|
||||
+++ b/products/rhel10/CMakeLists.txt
|
||||
@@ -0,0 +1,26 @@
|
||||
+# Sometimes our users will try to do: "cd rhel10; cmake ." That needs to error in a nice way.
|
||||
+if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}")
|
||||
+ message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!")
|
||||
+endif()
|
||||
+
|
||||
+set(PRODUCT "rhel10")
|
||||
+
|
||||
+ssg_build_product(${PRODUCT})
|
||||
+
|
||||
+ssg_build_html_cce_table(${PRODUCT})
|
||||
+
|
||||
+ssg_build_html_srgmap_tables(${PRODUCT})
|
||||
+
|
||||
+if(SSG_SRG_XLSX_EXPORT)
|
||||
+ ssg_build_xlsx_srg_export(${PRODUCT} "srg_gpos")
|
||||
+endif()
|
||||
+
|
||||
+#ssg_build_html_stig_tables(${PRODUCT})
|
||||
+#ssg_build_html_stig_tables_per_profile(${PRODUCT} "stig")
|
||||
+#ssg_build_html_stig_tables_per_profile(${PRODUCT} "stig_gui")
|
||||
+
|
||||
+#ssg_build_html_stig_tables(${PRODUCT} "ospp")
|
||||
+
|
||||
+if(SSG_CENTOS_DERIVATIVES_ENABLED)
|
||||
+ ssg_build_derivative_product(${PRODUCT} "centos" "cs10")
|
||||
+endif()
|
||||
diff --git a/products/rhel10/overlays/srg_support.xml b/products/rhel10/overlays/srg_support.xml
|
||||
new file mode 100644
|
||||
index 0000000000..c75c701825
|
||||
--- /dev/null
|
||||
+++ b/products/rhel10/overlays/srg_support.xml
|
||||
@@ -0,0 +1,173 @@
|
||||
+<Group id="srg_support" hidden="true">
|
||||
+<title>Documentation to Support DISA OS SRG Mapping</title>
|
||||
+<description>These groups exist to document how the Red Hat Enterprise Linux
|
||||
+product meets (or does not meet) requirements listed in the DISA OS SRG, for
|
||||
+those cases where Groups or Rules elsewhere in scap-security-guide do
|
||||
+not clearly relate.
|
||||
+</description>
|
||||
+
|
||||
+
|
||||
+<!-- The CCI/SRG items referenced here are:
|
||||
+ - satisfied (through design and implementation)
|
||||
+ - selected in DoD baseline (per CNSS 1253) -->
|
||||
+<Rule id="met_inherently_generic">
|
||||
+<title>Product Meets this Requirement</title>
|
||||
+<rationale>
|
||||
+Red Hat Enterprise Linux meets this requirement through design and implementation.
|
||||
+</rationale>
|
||||
+<ocil>RHEL10 supports this requirement and cannot be configured to be out of
|
||||
+compliance. This is a permanent not a finding.
|
||||
+</ocil>
|
||||
+<description>
|
||||
+This requirement is a permanent not a finding. No fix is required.
|
||||
+</description>
|
||||
+<!-- Note: This XCCDF rule is used to group DISA requirements. As such,
|
||||
+ it should not have CCE association -->
|
||||
+<ref disa="15,42,56,206,1084,66,85,86,185,223,171,172,1694,770,804,162,163,164,345,346,1096,1111,1291,386,156,186,1083,1082,1090,804,1127,1128,1129,1248,1265,1314,1362,1368,1310,1311,1328,1399,1400,1404,1405,1427,1499,1632,1693,1665,1674" />
|
||||
+</Rule>
|
||||
+
|
||||
+
|
||||
+<!-- The CCI/SRG items referenced here relate to auditing, and are:
|
||||
+ - satisfied (through design and implementation)
|
||||
+ - selected in DoD baseline (per CNSS 1253) -->
|
||||
+<Rule id="met_inherently_auditing">
|
||||
+<title>Product Meets this Requirement</title>
|
||||
+<rationale>
|
||||
+The Red Hat Enterprise Linux audit system meets this requirement through design and implementation.
|
||||
+</rationale>
|
||||
+<ocil>The RHEL10 auditing system supports this requirement and cannot be configured to be out of
|
||||
+compliance. Every audit record in RHEL includes a timestamp, the operation attempted,
|
||||
+success or failure of the operation, the subject involved (executable/process),
|
||||
+the object involved (file/path), and security labels for the subject and object.
|
||||
+It also includes the ability to label events with custom key labels. The auditing system
|
||||
+centralizes the recording of audit events for the entire system and includes
|
||||
+reduction (<tt>ausearch</tt>), reporting (<tt>aureport</tt>), and real-time
|
||||
+response (<tt>audispd</tt>) facilities.
|
||||
+This is a permanent not a finding.
|
||||
+</ocil>
|
||||
+<description>
|
||||
+This requirement is a permanent not a finding. No fix is required.
|
||||
+</description>
|
||||
+<!-- Note: This XCCDF rule is used to group DISA requirements. As such,
|
||||
+ it should not have CCE association -->
|
||||
+<ref disa="130,157,131,132,133,134,135,159,174" />
|
||||
+</Rule>
|
||||
+
|
||||
+
|
||||
+<!-- The CCI/SRG item referenced here are:
|
||||
+ - satisfied (through design and implementation)
|
||||
+ - not selected in a DoD baseline -->
|
||||
+<Rule id="met_inherently_nonselected">
|
||||
+<title>Product Meets this Requirement</title>
|
||||
+<rationale>
|
||||
+Red Hat Enterprise Linux meets this requirement through design and implementation.
|
||||
+</rationale>
|
||||
+<ocil>RHEL10 supports this requirement and cannot be configured to be out of
|
||||
+compliance. This is a permanent not a finding.
|
||||
+</ocil>
|
||||
+<description>
|
||||
+This requirement is a permanent not a finding. No fix is required.
|
||||
+</description>
|
||||
+<!-- Note: This XCCDF rule is used to group DISA requirements. As such,
|
||||
+ it should not have CCE association -->
|
||||
+<ref disa="34,35,99,154,226,802,872,1086,1087,1089,1091,1424,1426,1428,1209,1214,1237,1269,1338,1425,1670" />
|
||||
+</Rule>
|
||||
+
|
||||
+
|
||||
+<!-- The CCI/SRG item listed here are:
|
||||
+ - satisfied (by Rules in the guidance, which include the reference)
|
||||
+ - not selected in DoD baseline -->
|
||||
+<!-- disa="26,32,771,772,831,884,888,1095,1115,1117,1250,1348,1353,1464,1496" -->
|
||||
+
|
||||
+
|
||||
+<!-- The CCI/SRG item referenced here are:
|
||||
+ - not satisfied
|
||||
+ - not selected in a DoD baseline
|
||||
+ - considered out of scope -->
|
||||
+<Rule id="unmet_nonfinding_nonselected_scope">
|
||||
+<title>Guidance Does Not Meet this Requirement Due to Impracticality or Scope</title>
|
||||
+<rationale>
|
||||
+The guidance does not meet this requirement.
|
||||
+The requirement is impractical or out of scope.
|
||||
+</rationale>
|
||||
+<ocil>
|
||||
+RHEL10 cannot support this requirement without assistance from an external
|
||||
+application, policy, or service. This requirement is NA.
|
||||
+</ocil>
|
||||
+<description>
|
||||
+This requirement is NA. No fix is required.
|
||||
+</description>
|
||||
+<!-- Note: This XCCDF rule is used to group DISA requirements. As such,
|
||||
+ it should not have CCE association -->
|
||||
+<ref disa="21,25,28,29,30,165,221,354,553,779,780,781,1009,1094,1123,1124,1125,1132,1135,1140,1141,1142,1143,1145,1147,1148,1166,1339,1340,1341,1350,1356,1373,1374,1383,1391,1392,1395,1662" />
|
||||
+</Rule>
|
||||
+
|
||||
+
|
||||
+<!-- The CCI/SRG items referenced here are:
|
||||
+ - not satisfied
|
||||
+ - not selected in a DoD baseline
|
||||
+ - considered permanent findings -->
|
||||
+<Rule id="unmet_finding_nonselected">
|
||||
+<title>Implementation of the Requirement is Not Supported</title>
|
||||
+<rationale>
|
||||
+RHEL10 does not support this requirement.
|
||||
+</rationale>
|
||||
+<ocil>
|
||||
+This is a permanent finding.
|
||||
+</ocil>
|
||||
+<description>
|
||||
+This requirement is a permanent finding and cannot be fixed. An appropriate
|
||||
+mitigation for the system must be implemented but this finding cannot be
|
||||
+considered fixed.
|
||||
+</description>
|
||||
+<ref disa="20,31,52,144,1158,1294,1295,1500" />
|
||||
+<!-- Note: CCI 52 supported for text login, but not graphical -->
|
||||
+</Rule>
|
||||
+
|
||||
+
|
||||
+<!-- The CCI/SRG items referenced here are:
|
||||
+ - not satisfied
|
||||
+ - selected in a DoD baseline
|
||||
+ - considered NA -->
|
||||
+<Rule id="unmet_nonfinding_scope">
|
||||
+<title>Guidance Does Not Meet this Requirement Due to Impracticality or Scope</title>
|
||||
+<rationale>
|
||||
+The guidance does not meet this requirement.
|
||||
+The requirement is impractical or out of scope.
|
||||
+</rationale>
|
||||
+<ocil>
|
||||
+RHEL10 cannot support this requirement without assistance from an external
|
||||
+application, policy, or service. This requirement is NA.
|
||||
+</ocil>
|
||||
+<description>
|
||||
+This requirement is NA. No fix is required.
|
||||
+</description>
|
||||
+<!-- Note: This XCCDF rule is used to group DISA requirements. As such,
|
||||
+ it should not have CCE association -->
|
||||
+<ref disa="27,218,219,371,372,535,537,539,1682,370,37,24,1112,1126,1143,1149,1157,1159,1210,1211,1274,1372,1376,1377,1352,1401,1555,1556,1150" />
|
||||
+</Rule>
|
||||
+
|
||||
+<Rule id="update_process">
|
||||
+<title>A process for prompt installation of OS updates must exist.</title>
|
||||
+<rationale>
|
||||
+This is a manual inquiry about update procedure.
|
||||
+</rationale>
|
||||
+<ocil>
|
||||
+Ask an administrator if a process exists to promptly and automatically apply OS
|
||||
+software updates. If such a process does not exist, this is a finding.
|
||||
+<br /><br />
|
||||
+If the OS update process limits automatic updates of software packages, where
|
||||
+such updates would impede normal system operation, to scheduled maintenance
|
||||
+windows, but still within IAVM-dictated timeframes, this is not a finding.
|
||||
+</ocil>
|
||||
+<description>
|
||||
+Procedures to promptly apply software updates must be established and
|
||||
+executed. The Red Hat operating system provides support for automating such a
|
||||
+process, by running the yum program through a cron job or by managing the
|
||||
+system and its packages through the Red Hat Network or a Satellite Server.
|
||||
+</description>
|
||||
+<ref disa="1232" />
|
||||
+<!-- Note: This is a process, as such, will not receive a CCE -->
|
||||
+</Rule>
|
||||
+
|
||||
+</Group>
|
||||
diff --git a/products/rhel10/product.yml b/products/rhel10/product.yml
|
||||
new file mode 100644
|
||||
index 0000000000..468cda56f5
|
||||
--- /dev/null
|
||||
+++ b/products/rhel10/product.yml
|
||||
@@ -0,0 +1,57 @@
|
||||
+product: rhel10
|
||||
+full_name: Red Hat Enterprise Linux 10
|
||||
+type: platform
|
||||
+
|
||||
+families:
|
||||
+ - rhel
|
||||
+ - rhel-like
|
||||
+
|
||||
+major_version_ordinal: 10
|
||||
+
|
||||
+benchmark_id: RHEL-10
|
||||
+benchmark_root: "../../linux_os/guide"
|
||||
+components_root: "../../components"
|
||||
+
|
||||
+profiles_root: "./profiles"
|
||||
+
|
||||
+pkg_manager: "dnf"
|
||||
+
|
||||
+init_system: "systemd"
|
||||
+
|
||||
+# EFI and non-EFI configs are stored in same path, see https://fedoraproject.org/wiki/Changes/UnifyGrubConfig
|
||||
+
|
||||
+groups:
|
||||
+ dedicated_ssh_keyowner:
|
||||
+ name: ssh_keys
|
||||
+
|
||||
+sshd_distributed_config: "true"
|
||||
+
|
||||
+dconf_gdm_dir: "distro.d"
|
||||
+
|
||||
+faillock_path: "/var/log/faillock"
|
||||
+
|
||||
+# The fingerprints below are retrieved from https://access.redhat.com/security/team/key
|
||||
+pkg_release: ""
|
||||
+pkg_version: ""
|
||||
+aux_pkg_release: ""
|
||||
+aux_pkg_version: ""
|
||||
+
|
||||
+release_key_fingerprint: ""
|
||||
+auxiliary_key_fingerprint: ""
|
||||
+
|
||||
+cpes_root: "../../shared/applicability"
|
||||
+cpes:
|
||||
+ - rhel10:
|
||||
+ name: "cpe:/o:redhat:enterprise_linux:10"
|
||||
+ title: "Red Hat Enterprise Linux 10"
|
||||
+ check_id: installed_OS_is_rhel10
|
||||
+
|
||||
+# Mapping of CPE platform to package
|
||||
+platform_package_overrides:
|
||||
+ login_defs: "shadow-utils"
|
||||
+
|
||||
+reference_uris:
|
||||
+ cis: 'https://www.cisecurity.org/benchmark/red_hat_linux/'
|
||||
+
|
||||
+
|
||||
+journald_conf_dir_path: /etc/systemd/journald.conf.d
|
||||
diff --git a/products/rhel10/transforms/constants.xslt b/products/rhel10/transforms/constants.xslt
|
||||
new file mode 100644
|
||||
index 0000000000..a37664d11f
|
||||
--- /dev/null
|
||||
+++ b/products/rhel10/transforms/constants.xslt
|
||||
@@ -0,0 +1,13 @@
|
||||
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
|
||||
+
|
||||
+<xsl:include href="../../../shared/transforms/shared_constants.xslt"/>
|
||||
+
|
||||
+<xsl:variable name="product_long_name">Red Hat Enterprise Linux 10</xsl:variable>
|
||||
+<xsl:variable name="product_short_name">RHEL 10</xsl:variable>
|
||||
+<xsl:variable name="product_stig_id_name">RHEL_10_STIG</xsl:variable>
|
||||
+<xsl:variable name="prod_type">rhel10</xsl:variable>
|
||||
+
|
||||
+<xsl:variable name="cisuri">https://www.cisecurity.org/benchmark/red_hat_linux/</xsl:variable>
|
||||
+<xsl:variable name="disa-srguri" select="$disa-ossrguri"/>
|
||||
+
|
||||
+</xsl:stylesheet>
|
||||
diff --git a/products/rhel10/transforms/table-style.xslt b/products/rhel10/transforms/table-style.xslt
|
||||
new file mode 100644
|
||||
index 0000000000..8b6caeab8c
|
||||
--- /dev/null
|
||||
+++ b/products/rhel10/transforms/table-style.xslt
|
||||
@@ -0,0 +1,5 @@
|
||||
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
|
||||
+
|
||||
+<xsl:import href="../../../shared/transforms/shared_table-style.xslt"/>
|
||||
+
|
||||
+</xsl:stylesheet>
|
||||
diff --git a/products/rhel10/transforms/xccdf-apply-overlay-stig.xslt b/products/rhel10/transforms/xccdf-apply-overlay-stig.xslt
|
||||
new file mode 100644
|
||||
index 0000000000..4789419b80
|
||||
--- /dev/null
|
||||
+++ b/products/rhel10/transforms/xccdf-apply-overlay-stig.xslt
|
||||
@@ -0,0 +1,8 @@
|
||||
+<?xml version="1.0"?>
|
||||
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://checklists.nist.gov/xccdf/1.1" xmlns:xccdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml" exclude-result-prefixes="xccdf">
|
||||
+
|
||||
+<xsl:include href="../../../shared/transforms/shared_xccdf-apply-overlay-stig.xslt"/>
|
||||
+<xsl:include href="constants.xslt"/>
|
||||
+<xsl:variable name="overlays" select="document($overlay)/xccdf:overlays" />
|
||||
+
|
||||
+</xsl:stylesheet>
|
||||
diff --git a/products/rhel10/transforms/xccdf2table-cce.xslt b/products/rhel10/transforms/xccdf2table-cce.xslt
|
||||
new file mode 100644
|
||||
index 0000000000..f156a66956
|
||||
--- /dev/null
|
||||
+++ b/products/rhel10/transforms/xccdf2table-cce.xslt
|
||||
@@ -0,0 +1,9 @@
|
||||
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:cce="http://cce.mitre.org" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml">
|
||||
+
|
||||
+<xsl:import href="../../../shared/transforms/shared_xccdf2table-cce.xslt"/>
|
||||
+
|
||||
+<xsl:include href="constants.xslt"/>
|
||||
+<xsl:include href="table-style.xslt"/>
|
||||
+
|
||||
+</xsl:stylesheet>
|
||||
diff --git a/products/rhel10/transforms/xccdf2table-profileccirefs.xslt b/products/rhel10/transforms/xccdf2table-profileccirefs.xslt
|
||||
new file mode 100644
|
||||
index 0000000000..30419e92b2
|
||||
--- /dev/null
|
||||
+++ b/products/rhel10/transforms/xccdf2table-profileccirefs.xslt
|
||||
@@ -0,0 +1,9 @@
|
||||
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:cci="https://public.cyber.mil/stigs/cci" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:ovalns="http://oval.mitre.org/XMLSchema/oval-definitions-5">
|
||||
+
|
||||
+<xsl:import href="../../../shared/transforms/shared_xccdf2table-profileccirefs.xslt"/>
|
||||
+
|
||||
+<xsl:include href="constants.xslt"/>
|
||||
+<xsl:include href="table-style.xslt"/>
|
||||
+
|
||||
+</xsl:stylesheet>
|
||||
diff --git a/shared/applicability/cs10.yml b/shared/applicability/cs10.yml
|
||||
new file mode 100644
|
||||
index 0000000000..a8dd98a90c
|
||||
--- /dev/null
|
||||
+++ b/shared/applicability/cs10.yml
|
||||
@@ -0,0 +1,3 @@
|
||||
+name: cpe:/o:centos:centos:10
|
||||
+title: CentOS Stream 10
|
||||
+check_id: installed_OS_is_centos10
|
||||
diff --git a/shared/checks/oval/installed_OS_is_centos10.xml b/shared/checks/oval/installed_OS_is_centos10.xml
|
||||
new file mode 100644
|
||||
index 0000000000..fc85513e15
|
||||
--- /dev/null
|
||||
+++ b/shared/checks/oval/installed_OS_is_centos10.xml
|
||||
@@ -0,0 +1,47 @@
|
||||
+<def-group>
|
||||
+ <definition class="inventory"
|
||||
+ id="installed_OS_is_centos10" version="2">
|
||||
+ <metadata>
|
||||
+ <title>CentOS Stream 10</title>
|
||||
+ <affected family="unix">
|
||||
+ <platform>multi_platform_all</platform>
|
||||
+ </affected>
|
||||
+ <reference ref_id="cpe:/o:centos:centos:10"
|
||||
+ source="CPE" />
|
||||
+ <description>The operating system installed on the system is
|
||||
+ CentOS Stream 10</description>
|
||||
+ </metadata>
|
||||
+ <criteria operator="AND">
|
||||
+ <extend_definition comment="Installed OS is part of the Unix family"
|
||||
+ definition_ref="installed_OS_is_part_of_Unix_family" />
|
||||
+ <criterion comment="OS is CentOS Stream" test_ref="test_centos10_name" />
|
||||
+ <criterion comment="OS version is 10" test_ref="test_centos10_version" />
|
||||
+ </criteria>
|
||||
+ </definition>
|
||||
+
|
||||
+ <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Check os-release ID" id="test_centos10_name" version="1">
|
||||
+ <ind:object object_ref="obj_name_centos10" />
|
||||
+ <ind:state state_ref="state_name_centos10" />
|
||||
+ </ind:textfilecontent54_test>
|
||||
+ <ind:textfilecontent54_object id="obj_name_centos10" version="1" comment="Check os-release ID">
|
||||
+ <ind:filepath>/etc/os-release</ind:filepath>
|
||||
+ <ind:pattern operation="pattern match">^ID="(\w+)"$</ind:pattern>
|
||||
+ <ind:instance datatype="int">1</ind:instance>
|
||||
+ </ind:textfilecontent54_object>
|
||||
+ <ind:textfilecontent54_state id="state_name_centos10" version="1">
|
||||
+ <ind:subexpression>centos</ind:subexpression>
|
||||
+ </ind:textfilecontent54_state>
|
||||
+
|
||||
+ <ind:textfilecontent54_test check="all" comment="Check os-release VERSION_ID" id="test_centos10_version" version="1">
|
||||
+ <ind:object object_ref="obj_version_centos10" />
|
||||
+ <ind:state state_ref="state_version_centos10" />
|
||||
+ </ind:textfilecontent54_test>
|
||||
+ <ind:textfilecontent54_object id="obj_version_centos10" version="1" comment="Check os-release VERSION_ID">
|
||||
+ <ind:filepath>/etc/os-release</ind:filepath>
|
||||
+ <ind:pattern operation="pattern match">^VERSION_ID="(\d)"$</ind:pattern>
|
||||
+ <ind:instance datatype="int">1</ind:instance>
|
||||
+ </ind:textfilecontent54_object>
|
||||
+ <ind:textfilecontent54_state id="state_version_centos10" version="1">
|
||||
+ <ind:subexpression>10</ind:subexpression>
|
||||
+ </ind:textfilecontent54_state>
|
||||
+</def-group>
|
||||
diff --git a/shared/checks/oval/installed_OS_is_rhel10.xml b/shared/checks/oval/installed_OS_is_rhel10.xml
|
||||
new file mode 100644
|
||||
index 0000000000..2a3736abb6
|
||||
--- /dev/null
|
||||
+++ b/shared/checks/oval/installed_OS_is_rhel10.xml
|
||||
@@ -0,0 +1,59 @@
|
||||
+<def-group>
|
||||
+ <definition class="inventory"
|
||||
+ id="installed_OS_is_rhel10" version="1">
|
||||
+ <metadata>
|
||||
+ <title>Red Hat Enterprise Linux 10</title>
|
||||
+ <affected family="unix">
|
||||
+ <platform>multi_platform_all</platform>
|
||||
+ </affected>
|
||||
+ <reference ref_id="cpe:/o:redhat:enterprise_linux:10"
|
||||
+ source="CPE" />
|
||||
+ <description>The operating system installed on the system is
|
||||
+ Red Hat Enterprise Linux 10</description>
|
||||
+ </metadata>
|
||||
+ <criteria>
|
||||
+ <criterion comment="Installed operating system is part of the unix family"
|
||||
+ test_ref="test_rhel10_unix_family" />
|
||||
+ <criteria operator="OR">
|
||||
+ <criterion comment="RHEL 10 is installed" test_ref="test_rhel10" />
|
||||
+ <criteria operator="AND" comment="Red Hat Enterprise Virtualization Host is installed">
|
||||
+ <criterion comment="Red Hat Virtualization Host (RHVH)" test_ref="test_rhvh4_version" />
|
||||
+ <criterion comment="Red Hat Enterprise Virtualization Host is based on RHEL 10" test_ref="test_rhevh_rhel10_version" />
|
||||
+ </criteria>
|
||||
+ </criteria>
|
||||
+ </criteria>
|
||||
+ </definition>
|
||||
+
|
||||
+ <ind:family_test check="all" check_existence="at_least_one_exists" comment="installed OS part of unix family" id="test_rhel10_unix_family" version="1">
|
||||
+ <ind:object object_ref="obj_rhel10_unix_family" />
|
||||
+ <ind:state state_ref="state_rhel10_unix_family" />
|
||||
+ </ind:family_test>
|
||||
+ <ind:family_state id="state_rhel10_unix_family" version="1">
|
||||
+ <ind:family>unix</ind:family>
|
||||
+ </ind:family_state>
|
||||
+ <ind:family_object id="obj_rhel10_unix_family" version="1" />
|
||||
+
|
||||
+ <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="redhat-release is version 10" id="test_rhel10" version="1">
|
||||
+ <linux:object object_ref="obj_rhel10" />
|
||||
+ <linux:state state_ref="state_rhel10" />
|
||||
+ </linux:rpminfo_test>
|
||||
+ <linux:rpminfo_state id="state_rhel10" version="1">
|
||||
+ <linux:version operation="pattern match">^10.*$</linux:version>
|
||||
+ </linux:rpminfo_state>
|
||||
+ <linux:rpminfo_object id="obj_rhel10" version="1">
|
||||
+ <linux:name>redhat-release</linux:name>
|
||||
+ </linux:rpminfo_object>
|
||||
+
|
||||
+ <ind:textfilecontent54_test check="all" comment="RHEVH base RHEL is version 10" id="test_rhevh_rhel10_version" version="1">
|
||||
+ <ind:object object_ref="obj_rhevh_rhel10_version" />
|
||||
+ <ind:state state_ref="state_rhevh_rhel10_version" />
|
||||
+ </ind:textfilecontent54_test>
|
||||
+ <ind:textfilecontent54_object id="obj_rhevh_rhel10_version" version="1">
|
||||
+ <ind:filepath>/etc/redhat-release</ind:filepath>
|
||||
+ <ind:pattern operation="pattern match">^Red Hat Enterprise Linux release (\d)\.\d+$</ind:pattern>
|
||||
+ <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
|
||||
+ </ind:textfilecontent54_object>
|
||||
+ <ind:textfilecontent54_state id="state_rhevh_rhel10_version" version="1">
|
||||
+ <ind:subexpression operation="pattern match">10</ind:subexpression>
|
||||
+ </ind:textfilecontent54_state>
|
||||
+</def-group>
|
||||
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
|
||||
index 80c5472525..351fc605c3 100644
|
||||
--- a/shared/references/cce-redhat-avail.txt
|
||||
+++ b/shared/references/cce-redhat-avail.txt
|
||||
@@ -634,7 +634,6 @@ CCE-87093-1
|
||||
CCE-87094-9
|
||||
CCE-87095-6
|
||||
CCE-87099-8
|
||||
-CCE-87100-4
|
||||
CCE-87110-3
|
||||
CCE-87111-1
|
||||
CCE-87112-9
|
||||
diff --git a/ssg/constants.py b/ssg/constants.py
|
||||
index 18fbf39d38..6d4128080f 100644
|
||||
--- a/ssg/constants.py
|
||||
+++ b/ssg/constants.py
|
||||
@@ -55,7 +55,7 @@ product_directories = [
|
||||
'openeuler2203',
|
||||
'opensuse',
|
||||
'openembedded',
|
||||
- 'rhel7', 'rhel8', 'rhel9',
|
||||
+ 'rhel7', 'rhel8', 'rhel9', 'rhel10',
|
||||
'rhv4',
|
||||
'sle12', 'sle15',
|
||||
'ubuntu1604', 'ubuntu1804', 'ubuntu2004', 'ubuntu2204',
|
||||
@@ -218,6 +218,7 @@ FULL_NAME_TO_PRODUCT_MAPPING = {
|
||||
"Red Hat Enterprise Linux 7": "rhel7",
|
||||
"Red Hat Enterprise Linux 8": "rhel8",
|
||||
"Red Hat Enterprise Linux 9": "rhel9",
|
||||
+ "Red Hat Enterprise Linux 10": "rhel10",
|
||||
"Red Hat Virtualization 4": "rhv4",
|
||||
"SUSE Linux Enterprise 12": "sle12",
|
||||
"SUSE Linux Enterprise 15": "sle15",
|
||||
@@ -293,7 +294,7 @@ MULTI_PLATFORM_MAPPING = {
|
||||
"multi_platform_ol": ["ol7", "ol8", "ol9"],
|
||||
"multi_platform_ocp": ["ocp4"],
|
||||
"multi_platform_rhcos": ["rhcos4"],
|
||||
- "multi_platform_rhel": ["rhel7", "rhel8", "rhel9"],
|
||||
+ "multi_platform_rhel": ["rhel7", "rhel8", "rhel9", "rhel10"],
|
||||
"multi_platform_rhv": ["rhv4"],
|
||||
"multi_platform_sle": ["sle12", "sle15"],
|
||||
"multi_platform_ubuntu": ["ubuntu1604", "ubuntu1804", "ubuntu2004", "ubuntu2204"],
|
||||
@@ -305,6 +306,7 @@ RHEL_CENTOS_CPE_MAPPING = {
|
||||
"cpe:/o:redhat:enterprise_linux:7": "cpe:/o:centos:centos:7",
|
||||
"cpe:/o:redhat:enterprise_linux:8": "cpe:/o:centos:centos:8",
|
||||
"cpe:/o:redhat:enterprise_linux:9": "cpe:/o:centos:centos:9",
|
||||
+ "cpe:/o:redhat:enterprise_linux:10": "cpe:/o:centos:centos:10",
|
||||
}
|
||||
|
||||
RHEL_SL_CPE_MAPPING = {
|
||||
@@ -511,6 +513,7 @@ DERIVATIVES_PRODUCT_MAPPING = {
|
||||
"centos7": "rhel7",
|
||||
"centos8": "rhel8",
|
||||
"cs9": "rhel9",
|
||||
+ "cs10": "rhel10",
|
||||
"sl7": "rhel7"
|
||||
}
|
||||
|
||||
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
|
||||
index c4d43508b6..41880e1b6e 100644
|
||||
--- a/tests/CMakeLists.txt
|
||||
+++ b/tests/CMakeLists.txt
|
||||
@@ -338,3 +338,19 @@ add_test(
|
||||
COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_CURRENT_SOURCE_DIR}/test_components.py" --build-dir "${CMAKE_BINARY_DIR}" --source-dir "${CMAKE_SOURCE_DIR}" --product "rhel9"
|
||||
)
|
||||
endif()
|
||||
+
|
||||
+macro(cce_avail_check TEST_NAME_SUFFIX PRODUCTS CCE_LIST_PATH)
|
||||
+ if(PYTHON_VERSION_MAJOR GREATER 2)
|
||||
+ add_test(
|
||||
+ NAME "cce_avail_check-${TEST_NAME_SUFFIX}"
|
||||
+ COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_CURRENT_SOURCE_DIR}/cces-removed.py" --root "${CMAKE_SOURCE_DIR}" --json "${CMAKE_SOURCE_DIR}/build/rule_dirs.json" --products "${PRODUCTS}" --cce-list "${CCE_LIST_PATH}"
|
||||
+ )
|
||||
+ set_tests_properties("cce_avail_check-${TEST_NAME_SUFFIX}" PROPERTIES FIXTURES_REQUIRED "rule-dir-json")
|
||||
+ set_tests_properties("cce_avail_check-${TEST_NAME_SUFFIX}" PROPERTIES DEPENDS "test-rule-dir-json")
|
||||
+ set_tests_properties("cce_avail_check-${TEST_NAME_SUFFIX}" PROPERTIES LABELS quick)
|
||||
+ endif()
|
||||
+endmacro()
|
||||
+
|
||||
+cce_avail_check("rhel-all" "rhel7,rhel8,rhel9,rhel10" "${CMAKE_SOURCE_DIR}/shared/references/cce-redhat-avail.txt")
|
||||
+cce_avail_check("sle12" "sle12" "${CMAKE_SOURCE_DIR}/shared/references/cce-sle12-avail.txt")
|
||||
+cce_avail_check("sle15" "sle15" "${CMAKE_SOURCE_DIR}/shared/references/cce-sle15-avail.txt")
|
||||
--
|
||||
2.44.0
|
||||
|
||||
From 17bb8bfe511a9d7b0debcb75e3b3ed6dfa51c6de Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Burket <mburket@redhat.com>
|
||||
Date: Thu, 22 Feb 2024 16:15:03 -0600
|
||||
Subject: [PATCH 2/3] Human sort the sections in fix_rules
|
||||
|
||||
---
|
||||
utils/fix_rules.py | 11 +++++++++--
|
||||
1 file changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/utils/fix_rules.py b/utils/fix_rules.py
|
||||
index f6cf095c3d..42a863a563 100755
|
||||
--- a/utils/fix_rules.py
|
||||
+++ b/utils/fix_rules.py
|
||||
@@ -110,9 +110,16 @@ def has_duplicated_subkeys(rule_path, rule, rule_lines):
|
||||
return ssg.rule_yaml.has_duplicated_subkeys(rule_path, rule_lines, TO_SORT)
|
||||
|
||||
|
||||
+def _human_sort(line):
|
||||
+ # Based on: https://blog.codinghorror.com/sorting-for-humans-natural-sort-order/
|
||||
+ def convert(text): return int(text) if text.isdigit() else text
|
||||
+ return [convert(text) for text in re.split(r'(\d+)', line)]
|
||||
+
|
||||
+
|
||||
def has_unordered_sections(rule_path, rule, rule_lines):
|
||||
if 'references' in rule or 'identifiers' in rule:
|
||||
- new_lines = ssg.rule_yaml.sort_section_keys(rule_path, rule_lines, TO_SORT)
|
||||
+ new_lines = ssg.rule_yaml.sort_section_keys(rule_path, rule_lines, TO_SORT,
|
||||
+ sort_func=_human_sort)
|
||||
|
||||
# Compare string representations to avoid issues with references being
|
||||
# different.
|
||||
@@ -696,7 +703,7 @@ def find_int_references(args, product_yaml):
|
||||
product_yaml = result[2]
|
||||
|
||||
if args.dry_run:
|
||||
- print(rule_path + " has one or more unsorted references")
|
||||
+ print(rule_path + " has one or more unsorted integer references")
|
||||
continue
|
||||
|
||||
fix_file_prompt(rule_path, product_yaml, fix_int_reference, args)
|
||||
--
|
||||
2.44.0
|
||||
|
||||
From 1051a6f33a8e8dce68d4805f18f1d5801f913c14 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Burket <mburket@redhat.com>
|
||||
Date: Thu, 22 Feb 2024 11:12:30 -0600
|
||||
Subject: [PATCH 3/3] Add Base STIG Profile for RHEL 10
|
||||
|
||||
Adding a base profile to be updated later.
|
||||
---
|
||||
products/rhel10/profiles/stig.profile | 22 ++++++++++++++++++++++
|
||||
products/rhel10/profiles/stig_gui.profile | 22 ++++++++++++++++++++++
|
||||
2 files changed, 44 insertions(+)
|
||||
create mode 100644 products/rhel10/profiles/stig.profile
|
||||
create mode 100644 products/rhel10/profiles/stig_gui.profile
|
||||
|
||||
diff --git a/products/rhel10/profiles/stig.profile b/products/rhel10/profiles/stig.profile
|
||||
new file mode 100644
|
||||
index 0000000000..51f006bd2c
|
||||
--- /dev/null
|
||||
+++ b/products/rhel10/profiles/stig.profile
|
||||
@@ -0,0 +1,22 @@
|
||||
+documentation_complete: true
|
||||
+
|
||||
+metadata:
|
||||
+ SMEs:
|
||||
+ - mab879
|
||||
+
|
||||
+
|
||||
+reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
|
||||
+
|
||||
+title: 'DRAFT - DISA STIG for Red Hat Enterprise Linux 10'
|
||||
+
|
||||
+description: |-
|
||||
+ This is a draft profile for experimental purposes.
|
||||
+ It is not based on the DISA STIG for RHEL 10, because this one was not available at time of
|
||||
+ the release.
|
||||
+
|
||||
+ In addition to being applicable to Red Hat Enterprise Linux 10, DISA recognizes this
|
||||
+ configuration baseline as applicable to the operating system tier of
|
||||
+ Red Hat technologies that are based on Red Hat Enterprise Linux 10.
|
||||
+
|
||||
+selections:
|
||||
+ - package_sudo_installed
|
||||
diff --git a/products/rhel10/profiles/stig_gui.profile b/products/rhel10/profiles/stig_gui.profile
|
||||
new file mode 100644
|
||||
index 0000000000..51f006bd2c
|
||||
--- /dev/null
|
||||
+++ b/products/rhel10/profiles/stig_gui.profile
|
||||
@@ -0,0 +1,22 @@
|
||||
+documentation_complete: true
|
||||
+
|
||||
+metadata:
|
||||
+ SMEs:
|
||||
+ - mab879
|
||||
+
|
||||
+
|
||||
+reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
|
||||
+
|
||||
+title: 'DRAFT - DISA STIG for Red Hat Enterprise Linux 10'
|
||||
+
|
||||
+description: |-
|
||||
+ This is a draft profile for experimental purposes.
|
||||
+ It is not based on the DISA STIG for RHEL 10, because this one was not available at time of
|
||||
+ the release.
|
||||
+
|
||||
+ In addition to being applicable to Red Hat Enterprise Linux 10, DISA recognizes this
|
||||
+ configuration baseline as applicable to the operating system tier of
|
||||
+ Red Hat technologies that are based on Red Hat Enterprise Linux 10.
|
||||
+
|
||||
+selections:
|
||||
+ - package_sudo_installed
|
||||
--
|
||||
2.44.0
|
||||
|
@ -5,11 +5,12 @@
|
||||
|
||||
Name: scap-security-guide
|
||||
Version: 0.1.72
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: Security guidance and baselines in SCAP formats
|
||||
License: BSD-3-Clause
|
||||
URL: https://github.com/ComplianceAsCode/content/
|
||||
Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2
|
||||
Patch0: 01-Add-RHEL10.patch
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: libxslt
|
||||
@ -78,10 +79,9 @@ rm %{buildroot}/%{_docdir}/%{name}/README.md
|
||||
rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
|
||||
|
||||
%files
|
||||
# To Enabled once the content for RHEL 10
|
||||
%{_datadir}/xml/scap/ssg/content
|
||||
%{_datadir}/%{name}/kickstart
|
||||
%{_datadir}/%{name}/ansible/*.yml
|
||||
%{_datadir}/%{name}/tailoring
|
||||
%lang(en) %{_mandir}/man8/scap-security-guide.8.*
|
||||
%doc %{_docdir}/%{name}/LICENSE
|
||||
%if ( %{defined rhel} && (! %{defined centos}) && (! %{defined eln}) )
|
||||
@ -99,6 +99,9 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Mar 27 2024 Matthew Burket <mburket@redhat.com> - 0.1.72-2
|
||||
- Add RHEL10 Product
|
||||
|
||||
* Fri Feb 09 2024 Vojtech Polasek <vpolasek@redhat.com> - 0.1.72-1
|
||||
- Update to latest upstream SCAP-Security-Guide-0.1.72 release:
|
||||
https://github.com/ComplianceAsCode/content/releases/tag/v0.1.72
|
||||
|
Loading…
Reference in New Issue
Block a user