From 168a1d06ba993df9e57f7ccc2e25eee413d1d003 Mon Sep 17 00:00:00 2001 From: Marcus Burghardt Date: Fri, 16 Feb 2024 10:33:34 +0100 Subject: [PATCH] Hide profiles not in good shape for RHEL There are some profiles introduced long time ago but no longer maintained. For compatibility purposes they are not removed from datastream but are now hidden for RHEL8 to prevent people from using them. Resolves: RHEL-25250 --- disable-not-in-good-shape-profiles.patch | 61 ------------------- ...-profiles-not-in-good-shape-for-RHEL.patch | 54 ++++++++++++++++ scap-security-guide.spec | 9 ++- 3 files changed, 60 insertions(+), 64 deletions(-) delete mode 100644 disable-not-in-good-shape-profiles.patch create mode 100644 hide-profiles-not-in-good-shape-for-RHEL.patch diff --git a/disable-not-in-good-shape-profiles.patch b/disable-not-in-good-shape-profiles.patch deleted file mode 100644 index f883e6a..0000000 --- a/disable-not-in-good-shape-profiles.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 746381a4070fc561651ad65ec0fe9610e8590781 Mon Sep 17 00:00:00 2001 -From: Watson Sato -Date: Mon, 6 Feb 2023 14:44:17 +0100 -Subject: [PATCH] Disable profiles not in good shape - -Patch-name: disable-not-in-good-shape-profiles.patch -Patch-id: 0 -Patch-status: | - Patch prevents cjis, rht-ccp and standard profiles in RHEL8 datastream ---- - products/rhel8/CMakeLists.txt | 1 - - products/rhel8/profiles/cjis.profile | 2 +- - products/rhel8/profiles/rht-ccp.profile | 2 +- - products/rhel8/profiles/standard.profile | 2 +- - 4 files changed, 3 insertions(+), 4 deletions(-) - -diff --git a/products/rhel8/CMakeLists.txt b/products/rhel8/CMakeLists.txt -index 9c044b68ab..8f6ca03de8 100644 ---- a/products/rhel8/CMakeLists.txt -+++ b/products/rhel8/CMakeLists.txt -@@ -10,7 +10,6 @@ ssg_build_product(${PRODUCT}) - ssg_build_html_ref_tables("${PRODUCT}" "table-${PRODUCT}-{ref_id}refs" "anssi;cis;cui;nist;pcidss") - - ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-ospp" "${PRODUCT}" "ospp" "nist") --ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-standard" "${PRODUCT}" "standard" "nist") - ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-stig" "${PRODUCT}" "stig" "nist") - - ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_minimal" "${PRODUCT}" "anssi_bp28_minimal" "anssi") -diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile -index 22ae5aac72..f60b65bc06 100644 ---- a/products/rhel8/profiles/cjis.profile -+++ b/products/rhel8/profiles/cjis.profile -@@ -1,4 +1,4 @@ --documentation_complete: true -+documentation_complete: false - - metadata: - version: 5.4 -diff --git a/products/rhel8/profiles/rht-ccp.profile b/products/rhel8/profiles/rht-ccp.profile -index b192461f95..ae1e7d5a15 100644 ---- a/products/rhel8/profiles/rht-ccp.profile -+++ b/products/rhel8/profiles/rht-ccp.profile -@@ -1,4 +1,4 @@ --documentation_complete: true -+documentation_complete: false - - title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)' - -diff --git a/products/rhel8/profiles/standard.profile b/products/rhel8/profiles/standard.profile -index a63ae2cf32..da669bb843 100644 ---- a/products/rhel8/profiles/standard.profile -+++ b/products/rhel8/profiles/standard.profile -@@ -1,4 +1,4 @@ --documentation_complete: true -+documentation_complete: false - - title: 'Standard System Security Profile for Red Hat Enterprise Linux 8' - --- -2.39.1 - diff --git a/hide-profiles-not-in-good-shape-for-RHEL.patch b/hide-profiles-not-in-good-shape-for-RHEL.patch new file mode 100644 index 0000000..40a7a28 --- /dev/null +++ b/hide-profiles-not-in-good-shape-for-RHEL.patch @@ -0,0 +1,54 @@ +From e0f62e3828b9deda102f247b3789f68aeb4e518d Mon Sep 17 00:00:00 2001 +From: Marcus Burghardt +Date: Fri, 16 Feb 2024 12:07:36 +0100 +Subject: [PATCH] Hide profiles not in good shape for RHEL + +There are some profiles introduced long time ago but no longer +maintained. For compatibility purposes they are not removed from +datastream but are now hidden for RHEL8 to prevent people from +using them. +--- + products/rhel8/profiles/cjis.profile | 2 ++ + products/rhel8/profiles/rht-ccp.profile | 2 ++ + products/rhel8/profiles/standard.profile | 2 ++ + 3 files changed, 6 insertions(+) + +diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile +index 30843b692e..c44c63516f 100644 +--- a/products/rhel8/profiles/cjis.profile ++++ b/products/rhel8/profiles/cjis.profile +@@ -1,5 +1,7 @@ + documentation_complete: true + ++hidden: true ++ + metadata: + version: 5.4 + SMEs: +diff --git a/products/rhel8/profiles/rht-ccp.profile b/products/rhel8/profiles/rht-ccp.profile +index 01133a9bde..3f6cb751c9 100644 +--- a/products/rhel8/profiles/rht-ccp.profile ++++ b/products/rhel8/profiles/rht-ccp.profile +@@ -1,5 +1,7 @@ + documentation_complete: true + ++hidden: true ++ + title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)' + + description: |- +diff --git a/products/rhel8/profiles/standard.profile b/products/rhel8/profiles/standard.profile +index 11d72da2d9..79b491113a 100644 +--- a/products/rhel8/profiles/standard.profile ++++ b/products/rhel8/profiles/standard.profile +@@ -1,5 +1,7 @@ + documentation_complete: true + ++hidden: true ++ + title: 'Standard System Security Profile for Red Hat Enterprise Linux 8' + + description: |- +-- +2.43.1 + diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 4cbf02e..138ce60 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -6,7 +6,7 @@ Name: scap-security-guide Version: 0.1.72 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Security guidance and baselines in SCAP formats License: BSD-3-Clause Group: Applications/System @@ -14,8 +14,8 @@ URL: https://github.com/ComplianceAsCode/content/ Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2 # Include tarball with last released rhel6 content Source1: %{_static_rhel6_content}.tar.bz2 -# Patch prevents cjis, rht-ccp and standard profiles in RHEL8 datastream -Patch0: disable-not-in-good-shape-profiles.patch +# Patch hides cjis, rht-ccp and standard profiles for RHEL8 +Patch0: hide-profiles-not-in-good-shape-for-RHEL.patch BuildArch: noarch @@ -122,6 +122,9 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name %endif %changelog +* Fri Feb 16 2024 Marcus Burghardt - 0.1.72-2 +- Unlist profiles no longer maintained in RHEL8. + * Wed Feb 14 2024 Marcus Burghardt - 0.1.72-1 - Rebase to a new upstream release 0.1.72 (RHEL-25250) - Increase CIS standards coverage regarding SSH and cron (RHEL-1314)