import scap-security-guide-0.1.57-4.el8

This commit is contained in:
CentOS Sources 2021-08-25 04:18:17 +00:00 committed by Andrew Lukoshko
parent 01490d5abd
commit c228ce9aaf
2 changed files with 44 additions and 1 deletions

View File

@ -0,0 +1,39 @@
From bd790153e02c1d1725f59f5d88c65c77eb1421e9 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Tue, 24 Aug 2021 12:48:46 +0200
Subject: [PATCH] Add a new selector for var_system_crypto_policy and use it
RHEL8 CIS.
This new selector is used to select explicit DEFAULT value in RHEL8 CIS
L1 profiles. The "default" selector cannot be selected and it causes
errors if used.
---
controls/cis_rhel8.yml | 2 +-
.../software/integrity/crypto/var_system_crypto_policy.var | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
index 29d972427cf..c0d3f5f40de 100644
--- a/controls/cis_rhel8.yml
+++ b/controls/cis_rhel8.yml
@@ -553,7 +553,7 @@ controls:
automated: yes
rules:
- configure_crypto_policy
- - var_system_crypto_policy=default
+ - var_system_crypto_policy=default_policy
# This rule works in conjunction with the configure_crypto_policy above.
# If a system is remediated to CIS Level 1, just the rule above will apply
diff --git a/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var b/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
index ce301154a39..8b89848d122 100644
--- a/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
+++ b/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
@@ -13,6 +13,7 @@ interactive: false
options:
default: DEFAULT
+ default_policy: DEFAULT
default_nosha1: "DEFAULT:NO-SHA1"
fips: FIPS
fips_ospp: "FIPS:OSPP"

View File

@ -5,7 +5,7 @@
Name: scap-security-guide Name: scap-security-guide
Version: 0.1.57 Version: 0.1.57
Release: 3%{?dist} Release: 4%{?dist}
Summary: Security guidance and baselines in SCAP formats Summary: Security guidance and baselines in SCAP formats
License: BSD-3-Clause License: BSD-3-Clause
Group: Applications/System Group: Applications/System
@ -72,6 +72,7 @@ Patch51: scap-security-guide-0.1.58-fix_audit_file_permissions-PR_7440.patch
Patch52: scap-security-guide-0.1.58-mark_rule_as_machine_only-PR_7442.patch Patch52: scap-security-guide-0.1.58-mark_rule_as_machine_only-PR_7442.patch
Patch53: scap-security-guide-0.1.58-fix_rhel7_doc_link-PR_7443.patch Patch53: scap-security-guide-0.1.58-fix_rhel7_doc_link-PR_7443.patch
Patch54: scap-security-guide-0.1.58-disable_ctrlaltdel_reboot_fix_test_scenario-PR_7444.patch Patch54: scap-security-guide-0.1.58-disable_ctrlaltdel_reboot_fix_test_scenario-PR_7444.patch
Patch55: scap-security-guide-0.1.58-fix_cis_value_selector-PR_7452.patch
BuildRequires: libxslt BuildRequires: libxslt
BuildRequires: expat BuildRequires: expat
@ -175,6 +176,9 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name
%endif %endif
%changelog %changelog
* Tue Aug 24 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-4
- Fix a value selector in RHEL8 CIS L1 profiles (RHBZ#1993197)
* Mon Aug 23 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-3 * Mon Aug 23 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-3
- Fix remaining audit rules file permissions (RHBZ#1993056) - Fix remaining audit rules file permissions (RHBZ#1993056)
- Mark a STIG service rule as machine only (RHBZ#1993056) - Mark a STIG service rule as machine only (RHBZ#1993056)