rpms/scap-security-guide
7
0
Fork 0
Code Issues Pull Requests Releases Activity

remove sysctl_fs_protected_* rules from rhel9 ospp

Browse Source 
Resolves: rhbz#2081719
This commit is contained in:
Vojtech Polasek 2022-07-18 10:29:51 +02:00
parent 2ffa1e068f
commit e82ed5a624
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
scap-security-guide-0.1.63-remove_sysctl_proteced_fs_rules-PR_9081.patch Normal file
View File

@ -0,0 +1,30 @@
From 5b0ff05c2377a8a8a5ef13d34fc71ce0587ed6df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Fri, 1 Jul 2022 13:04:48 +0200
Subject: [PATCH] Remove sysctl_fs_protected_* rules from RHEL 9 OSPP
The sysctl_fs_protected_hardlinks and sysctl_fs_protected_symlinks rules
reenforce the RHEL 9 default value. While that protection is useful,
there is no specific OSPP SFR or other reason for the SCAP rules in the
OSPP profile.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2081719
---
products/rhel9/profiles/ospp.profile | 4 ----
1 file changed, 4 deletions(-)
diff --git a/products/rhel9/profiles/ospp.profile b/products/rhel9/profiles/ospp.profile
index 1fad0031749..5536dd7b2b6 100644
--- a/products/rhel9/profiles/ospp.profile
+++ b/products/rhel9/profiles/ospp.profile
@@ -141,10 +141,6 @@ selections:
- sysctl_net_core_bpf_jit_harden
- service_kdump_disabled
- ## File System Settings
- - sysctl_fs_protected_hardlinks
- - sysctl_fs_protected_symlinks
-
### Audit
- service_auditd_enabled
- var_auditd_flush=incremental_async

7
scap-security-guide.spec
View File

@ -6,7 +6,7 @@
Name: scap-security-guide
Version: 0.1.62
Release: 1%{?dist}
Release: 2%{?dist}
Summary: Security guidance and baselines in SCAP formats
License: BSD-3-Clause
URL: https://github.com/ComplianceAsCode/content/
@ -24,6 +24,8 @@ BuildRequires: python%{python3_pkgversion}-jinja2
BuildRequires: python%{python3_pkgversion}-PyYAML
Requires: xml-common, openscap-scanner >= 1.2.5
Patch0: scap-security-guide-0.1.63-remove_sysctl_proteced_fs_rules-PR_9081.patch
%description
The scap-security-guide project provides a guide for configuration of the
system from the final system's security point of view. The guidance is specified
@ -98,6 +100,9 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
%endif
%changelog
* Mon Jul 18 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.62-2
- Remove sysctl_fs_protected_* rules from RHEL9 OSPP (RHBZ#2081719)
* Wed Jun 01 2022 Matej Tyc <matyc@redhat.com> - 0.1.62-1
- Rebase to a new upstream release (RHBZ#2070563)