remove sysctl_fs_protected_* rules from rhel9 ospp
Resolves: rhbz#2081719
This commit is contained in:
Vojtech Polasek
parent
2ffa1e068f
commit
e82ed5a624
@ -0,0 +1,30 @@
|
|||||||
|
From 5b0ff05c2377a8a8a5ef13d34fc71ce0587ed6df Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
||||||
|
Date: Fri, 1 Jul 2022 13:04:48 +0200
|
||||||
|
Subject: [PATCH] Remove sysctl_fs_protected_* rules from RHEL 9 OSPP
|
||||||
|
|
||||||
|
The sysctl_fs_protected_hardlinks and sysctl_fs_protected_symlinks rules
|
||||||
|
reenforce the RHEL 9 default value. While that protection is useful,
|
||||||
|
there is no specific OSPP SFR or other reason for the SCAP rules in the
|
||||||
|
OSPP profile.
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2081719
|
||||||
|
---
|
||||||
|
products/rhel9/profiles/ospp.profile | 4 ----
|
||||||
|
1 file changed, 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/products/rhel9/profiles/ospp.profile b/products/rhel9/profiles/ospp.profile
|
||||||
|
index 1fad0031749..5536dd7b2b6 100644
|
||||||
|
--- a/products/rhel9/profiles/ospp.profile
|
||||||
|
+++ b/products/rhel9/profiles/ospp.profile
|
||||||
|
@@ -141,10 +141,6 @@ selections:
|
||||||
|
- sysctl_net_core_bpf_jit_harden
|
||||||
|
- service_kdump_disabled
|
||||||
|
|
||||||
|
- ## File System Settings
|
||||||
|
- - sysctl_fs_protected_hardlinks
|
||||||
|
- - sysctl_fs_protected_symlinks
|
||||||
|
-
|
||||||
|
### Audit
|
||||||
|
- service_auditd_enabled
|
||||||
|
- var_auditd_flush=incremental_async
|
||||||
@ -6,7 +6,7 @@
|
|||||||
|
|
||||||
Name: scap-security-guide
|
Name: scap-security-guide
|
||||||
Version: 0.1.62
|
Version: 0.1.62
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Summary: Security guidance and baselines in SCAP formats
|
Summary: Security guidance and baselines in SCAP formats
|
||||||
License: BSD-3-Clause
|
License: BSD-3-Clause
|
||||||
URL: https://github.com/ComplianceAsCode/content/
|
URL: https://github.com/ComplianceAsCode/content/
|
||||||
@ -24,6 +24,8 @@ BuildRequires: python%{python3_pkgversion}-jinja2
|
|||||||
BuildRequires: python%{python3_pkgversion}-PyYAML
|
BuildRequires: python%{python3_pkgversion}-PyYAML
|
||||||
Requires: xml-common, openscap-scanner >= 1.2.5
|
Requires: xml-common, openscap-scanner >= 1.2.5
|
||||||
|
|
||||||
|
Patch0: scap-security-guide-0.1.63-remove_sysctl_proteced_fs_rules-PR_9081.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The scap-security-guide project provides a guide for configuration of the
|
The scap-security-guide project provides a guide for configuration of the
|
||||||
system from the final system's security point of view. The guidance is specified
|
system from the final system's security point of view. The guidance is specified
|
||||||
@ -98,6 +100,9 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jul 18 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.62-2
|
||||||
|
- Remove sysctl_fs_protected_* rules from RHEL9 OSPP (RHBZ#2081719)
|
||||||
|
|
||||||
* Wed Jun 01 2022 Matej Tyc <matyc@redhat.com> - 0.1.62-1
|
* Wed Jun 01 2022 Matej Tyc <matyc@redhat.com> - 0.1.62-1
|
||||||
- Rebase to a new upstream release (RHBZ#2070563)
|
- Rebase to a new upstream release (RHBZ#2070563)
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user