rpms/scap-security-guide
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import scap-security-guide-0.1.57-4.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-08-25 04:18:17 +00:00 committed by Andrew Lukoshko
parent 01490d5abd
commit c228ce9aaf
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
SOURCES/scap-security-guide-0.1.58-fix_cis_value_selector-PR_7452.patch Normal file
View File

@ -0,0 +1,39 @@
From bd790153e02c1d1725f59f5d88c65c77eb1421e9 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Tue, 24 Aug 2021 12:48:46 +0200
Subject: [PATCH] Add a new selector for var_system_crypto_policy and use it
RHEL8 CIS.
This new selector is used to select explicit DEFAULT value in RHEL8 CIS
L1 profiles. The "default" selector cannot be selected and it causes
errors if used.
---
controls/cis_rhel8.yml | 2 +-
.../software/integrity/crypto/var_system_crypto_policy.var | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
index 29d972427cf..c0d3f5f40de 100644
--- a/controls/cis_rhel8.yml
+++ b/controls/cis_rhel8.yml
@@ -553,7 +553,7 @@ controls:
automated: yes
rules:
- configure_crypto_policy
- - var_system_crypto_policy=default
+ - var_system_crypto_policy=default_policy
# This rule works in conjunction with the configure_crypto_policy above.
# If a system is remediated to CIS Level 1, just the rule above will apply
diff --git a/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var b/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
index ce301154a39..8b89848d122 100644
--- a/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
+++ b/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
@@ -13,6 +13,7 @@ interactive: false
options:
default: DEFAULT
+ default_policy: DEFAULT
default_nosha1: "DEFAULT:NO-SHA1"
fips: FIPS
fips_ospp: "FIPS:OSPP"

6
SPECS/scap-security-guide.spec
View File

@ -5,7 +5,7 @@
Name: scap-security-guide
Version: 0.1.57
Release: 3%{?dist}
Release: 4%{?dist}
Summary: Security guidance and baselines in SCAP formats
License: BSD-3-Clause
Group: Applications/System
@ -72,6 +72,7 @@ Patch51: scap-security-guide-0.1.58-fix_audit_file_permissions-PR_7440.patch
Patch52: scap-security-guide-0.1.58-mark_rule_as_machine_only-PR_7442.patch
Patch53: scap-security-guide-0.1.58-fix_rhel7_doc_link-PR_7443.patch
Patch54: scap-security-guide-0.1.58-disable_ctrlaltdel_reboot_fix_test_scenario-PR_7444.patch
Patch55: scap-security-guide-0.1.58-fix_cis_value_selector-PR_7452.patch
BuildRequires: libxslt
BuildRequires: expat
@ -175,6 +176,9 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name
%endif
%changelog
* Tue Aug 24 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-4
- Fix a value selector in RHEL8 CIS L1 profiles (RHBZ#1993197)
* Mon Aug 23 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-3
- Fix remaining audit rules file permissions (RHBZ#1993056)
- Mark a STIG service rule as machine only (RHBZ#1993056)