Auto sync2gitlab import of scap-security-guide-0.1.63-4.el8.src.rpm

This commit is contained in:
CentOS Sources 2022-08-19 18:19:28 +00:00
parent ce244d29b1
commit e56ff90225
2 changed files with 38 additions and 1 deletions

View File

@ -0,0 +1,33 @@
From 61ff9fd6f455ee49608cab2c851a3819c180c30a Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Tue, 16 Aug 2022 18:53:02 +0200
Subject: [PATCH] Don't fail rule if /etc/grubenv missing on s390x
There is no need to check /etc/grubenv for fips=1 on s390x systems, it
uses zIPL.
---
.../integrity/fips/enable_fips_mode/oval/shared.xml | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
index 65056a654c6..7af675de0d3 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
@@ -7,9 +7,16 @@
<extend_definition comment="Dracut FIPS module is enabled" definition_ref="enable_dracut_fips_module" />
<extend_definition comment="system cryptography policy is configured" definition_ref="configure_crypto_policy" />
<criterion comment="check if system crypto policy selection in var_system_crypto_policy in the profile is set to FIPS" test_ref="test_system_crypto_policy_value" />
- {{% if product in ["ol8","rhel8"] %}}
+ {{% if product in ["ol8"] %}}
<criterion comment="check if the kernel boot parameter is configured for FIPS mode"
test_ref="test_grubenv_fips_mode" />
+ {{% elif product in ["rhel8"] %}}
+ <criteria operator="OR">
+ <extend_definition comment="Generic test for s390x architecture"
+ definition_ref="system_info_architecture_s390_64" />
+ <criterion comment="check if the kernel boot parameter is configured for FIPS mode"
+ test_ref="test_grubenv_fips_mode" />
+ </criteria>
{{% endif %}}
</criteria>
</definition>

View File

@ -6,7 +6,7 @@
Name: scap-security-guide
Version: 0.1.63
Release: 3%{?dist}
Release: 4%{?dist}
Summary: Security guidance and baselines in SCAP formats
License: BSD-3-Clause
Group: Applications/System
@ -34,6 +34,7 @@ Patch12: scap-security-guide-0.1.64-add_platform_for_partition_existence-PR_920
Patch13: scap-security-guide-0.1.64-apply_partition_platform_to_rules-PR_9324.patch
Patch14: scap-security-guide-0.1.64-improve_handling_of_rsyslog_includes-PR_9326.patch
Patch15: scap-security-guide-0.1.64-fix_ansible_partition_conditional-PR_9339.patch
Patch16: scap-security-guide-0.1.64-fix_enable_fips_mode_s390x-PR_9355.patch
BuildRequires: libxslt
BuildRequires: expat
@ -138,6 +139,9 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name
%endif
%changelog
* Wed Aug 17 2022 Watson Sato <wsato@redhat.com> - 0.1.63-4
- Fix check of enable_fips_mode on s390x (RHBZ#2070564)
* Mon Aug 15 2022 Watson Sato <wsato@redhat.com> - 0.1.63-3
- Fix Ansible partition conditional (RHBZ#2032403)