rpms/scap-security-guide
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import scap-security-guide-0.1.57-5.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-09-17 17:45:36 +00:00 committed by Stepan Oksanichenko
parent c228ce9aaf
commit 0fe9f1c481
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
SOURCES/scap-security-guide-0.1.58-ism_usb_hid-PR_7493.patch Normal file
View File

@ -0,0 +1,36 @@
From 7189a9f4aa319b823e241ca11a798762bd62515f Mon Sep 17 00:00:00 2001
From: Matej Tyc <matyc@redhat.com>
Date: Tue, 31 Aug 2021 13:58:00 +0200
Subject: [PATCH] Allow HID USB in the ISM profile
The usbguard is too strict without this rule,
and its default setting blocks keyboard and mouse.
---
products/rhel8/profiles/ism_o.profile | 1 +
products/rhel9/profiles/ism_o.profile | 1 +
2 files changed, 2 insertions(+)
diff --git a/products/rhel8/profiles/ism_o.profile b/products/rhel8/profiles/ism_o.profile
index 95cdfc4ede..2e78dc8776 100644
--- a/products/rhel8/profiles/ism_o.profile
+++ b/products/rhel8/profiles/ism_o.profile
@@ -52,6 +52,7 @@ selections:
## Identifiers 1418
- package_usbguard_installed
- service_usbguard_enabled
+ - usbguard_allow_hid_and_hub
## Authentication hardening
## Identifiers 1546 / 0974 / 1173 / 1504 / 1505 / 1401 / 1559 / 1560
diff --git a/products/rhel9/profiles/ism_o.profile b/products/rhel9/profiles/ism_o.profile
index 6fc919da12..b395b0e9cb 100644
--- a/products/rhel9/profiles/ism_o.profile
+++ b/products/rhel9/profiles/ism_o.profile
@@ -52,6 +52,7 @@ selections:
## Identifiers 1418
- package_usbguard_installed
- service_usbguard_enabled
+ - usbguard_allow_hid_and_hub
## Authentication hardening
## Identifiers 1546 / 0974 / 1173 / 1504 / 1505 / 1401 / 1559 / 1560

6
SPECS/scap-security-guide.spec
View File

@ -5,7 +5,7 @@
Name: scap-security-guide
Version: 0.1.57
Release: 4%{?dist}
Release: 5%{?dist}
Summary: Security guidance and baselines in SCAP formats
License: BSD-3-Clause
Group: Applications/System
@ -73,6 +73,7 @@ Patch52: scap-security-guide-0.1.58-mark_rule_as_machine_only-PR_7442.patch
Patch53: scap-security-guide-0.1.58-fix_rhel7_doc_link-PR_7443.patch
Patch54: scap-security-guide-0.1.58-disable_ctrlaltdel_reboot_fix_test_scenario-PR_7444.patch
Patch55: scap-security-guide-0.1.58-fix_cis_value_selector-PR_7452.patch
Patch56: scap-security-guide-0.1.58-ism_usb_hid-PR_7493.patch
BuildRequires: libxslt
BuildRequires: expat
@ -176,6 +177,9 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name
%endif
%changelog
* Thu Sep 02 2021 Matej Tyc <matyc@redhat.com> - 0.1.57-5
- Add USB HID rules to the ISM profile, so it is usable after the installation (RHBZ#1999423).
* Tue Aug 24 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-4
- Fix a value selector in RHEL8 CIS L1 profiles (RHBZ#1993197)