import scap-security-guide-0.1.57-4.el8
This commit is contained in:
parent
01490d5abd
commit
c228ce9aaf
@ -0,0 +1,39 @@
|
|||||||
|
From bd790153e02c1d1725f59f5d88c65c77eb1421e9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Gabriel Becker <ggasparb@redhat.com>
|
||||||
|
Date: Tue, 24 Aug 2021 12:48:46 +0200
|
||||||
|
Subject: [PATCH] Add a new selector for var_system_crypto_policy and use it
|
||||||
|
RHEL8 CIS.
|
||||||
|
|
||||||
|
This new selector is used to select explicit DEFAULT value in RHEL8 CIS
|
||||||
|
L1 profiles. The "default" selector cannot be selected and it causes
|
||||||
|
errors if used.
|
||||||
|
---
|
||||||
|
controls/cis_rhel8.yml | 2 +-
|
||||||
|
.../software/integrity/crypto/var_system_crypto_policy.var | 1 +
|
||||||
|
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
|
||||||
|
index 29d972427cf..c0d3f5f40de 100644
|
||||||
|
--- a/controls/cis_rhel8.yml
|
||||||
|
+++ b/controls/cis_rhel8.yml
|
||||||
|
@@ -553,7 +553,7 @@ controls:
|
||||||
|
automated: yes
|
||||||
|
rules:
|
||||||
|
- configure_crypto_policy
|
||||||
|
- - var_system_crypto_policy=default
|
||||||
|
+ - var_system_crypto_policy=default_policy
|
||||||
|
|
||||||
|
# This rule works in conjunction with the configure_crypto_policy above.
|
||||||
|
# If a system is remediated to CIS Level 1, just the rule above will apply
|
||||||
|
diff --git a/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var b/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
|
||||||
|
index ce301154a39..8b89848d122 100644
|
||||||
|
--- a/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
|
||||||
|
+++ b/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
|
||||||
|
@@ -13,6 +13,7 @@ interactive: false
|
||||||
|
|
||||||
|
options:
|
||||||
|
default: DEFAULT
|
||||||
|
+ default_policy: DEFAULT
|
||||||
|
default_nosha1: "DEFAULT:NO-SHA1"
|
||||||
|
fips: FIPS
|
||||||
|
fips_ospp: "FIPS:OSPP"
|
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
Name: scap-security-guide
|
Name: scap-security-guide
|
||||||
Version: 0.1.57
|
Version: 0.1.57
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
Summary: Security guidance and baselines in SCAP formats
|
Summary: Security guidance and baselines in SCAP formats
|
||||||
License: BSD-3-Clause
|
License: BSD-3-Clause
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
@ -72,6 +72,7 @@ Patch51: scap-security-guide-0.1.58-fix_audit_file_permissions-PR_7440.patch
|
|||||||
Patch52: scap-security-guide-0.1.58-mark_rule_as_machine_only-PR_7442.patch
|
Patch52: scap-security-guide-0.1.58-mark_rule_as_machine_only-PR_7442.patch
|
||||||
Patch53: scap-security-guide-0.1.58-fix_rhel7_doc_link-PR_7443.patch
|
Patch53: scap-security-guide-0.1.58-fix_rhel7_doc_link-PR_7443.patch
|
||||||
Patch54: scap-security-guide-0.1.58-disable_ctrlaltdel_reboot_fix_test_scenario-PR_7444.patch
|
Patch54: scap-security-guide-0.1.58-disable_ctrlaltdel_reboot_fix_test_scenario-PR_7444.patch
|
||||||
|
Patch55: scap-security-guide-0.1.58-fix_cis_value_selector-PR_7452.patch
|
||||||
|
|
||||||
BuildRequires: libxslt
|
BuildRequires: libxslt
|
||||||
BuildRequires: expat
|
BuildRequires: expat
|
||||||
@ -175,6 +176,9 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Aug 24 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-4
|
||||||
|
- Fix a value selector in RHEL8 CIS L1 profiles (RHBZ#1993197)
|
||||||
|
|
||||||
* Mon Aug 23 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-3
|
* Mon Aug 23 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-3
|
||||||
- Fix remaining audit rules file permissions (RHBZ#1993056)
|
- Fix remaining audit rules file permissions (RHBZ#1993056)
|
||||||
- Mark a STIG service rule as machine only (RHBZ#1993056)
|
- Mark a STIG service rule as machine only (RHBZ#1993056)
|
||||||
|
Loading…
Reference in New Issue
Block a user