Auto sync2gitlab import of scap-security-guide-0.1.63-4.el8.src.rpm
This commit is contained in:
parent
ce244d29b1
commit
e56ff90225
@ -0,0 +1,33 @@
|
||||
From 61ff9fd6f455ee49608cab2c851a3819c180c30a Mon Sep 17 00:00:00 2001
|
||||
From: Watson Sato <wsato@redhat.com>
|
||||
Date: Tue, 16 Aug 2022 18:53:02 +0200
|
||||
Subject: [PATCH] Don't fail rule if /etc/grubenv missing on s390x
|
||||
|
||||
There is no need to check /etc/grubenv for fips=1 on s390x systems, it
|
||||
uses zIPL.
|
||||
---
|
||||
.../integrity/fips/enable_fips_mode/oval/shared.xml | 9 ++++++++-
|
||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
|
||||
index 65056a654c6..7af675de0d3 100644
|
||||
--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
|
||||
+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
|
||||
@@ -7,9 +7,16 @@
|
||||
<extend_definition comment="Dracut FIPS module is enabled" definition_ref="enable_dracut_fips_module" />
|
||||
<extend_definition comment="system cryptography policy is configured" definition_ref="configure_crypto_policy" />
|
||||
<criterion comment="check if system crypto policy selection in var_system_crypto_policy in the profile is set to FIPS" test_ref="test_system_crypto_policy_value" />
|
||||
- {{% if product in ["ol8","rhel8"] %}}
|
||||
+ {{% if product in ["ol8"] %}}
|
||||
<criterion comment="check if the kernel boot parameter is configured for FIPS mode"
|
||||
test_ref="test_grubenv_fips_mode" />
|
||||
+ {{% elif product in ["rhel8"] %}}
|
||||
+ <criteria operator="OR">
|
||||
+ <extend_definition comment="Generic test for s390x architecture"
|
||||
+ definition_ref="system_info_architecture_s390_64" />
|
||||
+ <criterion comment="check if the kernel boot parameter is configured for FIPS mode"
|
||||
+ test_ref="test_grubenv_fips_mode" />
|
||||
+ </criteria>
|
||||
{{% endif %}}
|
||||
</criteria>
|
||||
</definition>
|
@ -6,7 +6,7 @@
|
||||
|
||||
Name: scap-security-guide
|
||||
Version: 0.1.63
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Summary: Security guidance and baselines in SCAP formats
|
||||
License: BSD-3-Clause
|
||||
Group: Applications/System
|
||||
@ -34,6 +34,7 @@ Patch12: scap-security-guide-0.1.64-add_platform_for_partition_existence-PR_920
|
||||
Patch13: scap-security-guide-0.1.64-apply_partition_platform_to_rules-PR_9324.patch
|
||||
Patch14: scap-security-guide-0.1.64-improve_handling_of_rsyslog_includes-PR_9326.patch
|
||||
Patch15: scap-security-guide-0.1.64-fix_ansible_partition_conditional-PR_9339.patch
|
||||
Patch16: scap-security-guide-0.1.64-fix_enable_fips_mode_s390x-PR_9355.patch
|
||||
|
||||
BuildRequires: libxslt
|
||||
BuildRequires: expat
|
||||
@ -138,6 +139,9 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Aug 17 2022 Watson Sato <wsato@redhat.com> - 0.1.63-4
|
||||
- Fix check of enable_fips_mode on s390x (RHBZ#2070564)
|
||||
|
||||
* Mon Aug 15 2022 Watson Sato <wsato@redhat.com> - 0.1.63-3
|
||||
- Fix Ansible partition conditional (RHBZ#2032403)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user