Rebase to 0.1.4.
This commit is contained in:
Jan Lieskovsky
parent
d36bf15274
commit
fda0ca86ef
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
||||
/scap-security-guide-0.1-3.tar.gz
|
||||
/scap-security-guide-0.1.4.tar.gz
|
||||
|
||||
@ -5,20 +5,20 @@
|
||||
# file one level up - in the main scap-security-guide directory (instead of
|
||||
# this one).
|
||||
|
||||
%global fedorassgrelease 3
|
||||
%global fedorassgversion 4
|
||||
|
||||
Name: scap-security-guide
|
||||
Version: 0.1
|
||||
Release: %{fedorassgrelease}.1%{?dist}
|
||||
Version: 0.1.%{fedorassgversion}
|
||||
Release: 1%{?dist}
|
||||
Summary: Security guidance and baselines in SCAP formats
|
||||
Group: Applications/System
|
||||
License: Public Domain
|
||||
URL: https://fedorahosted.org/scap-security-guide/
|
||||
Source0: http://fedorapeople.org/~jlieskov/%{name}-%{version}-%{fedorassgrelease}.tar.gz
|
||||
Source0: http://fedorapeople.org/~jlieskov/%{name}-%{version}.tar.gz
|
||||
BuildArch: noarch
|
||||
BuildRequires: libxslt, expat, python, openscap-utils >= 0.9.1, python-lxml
|
||||
Requires: xml-common, openscap-utils >= 0.9.1
|
||||
Obsoletes: openscap-content < 0:0.9.13
|
||||
Obsoletes: openscap-content < 0:0.9.13
|
||||
|
||||
%description
|
||||
The scap-security-guide project provides a guide for configuration of the
|
||||
@ -32,8 +32,20 @@ scap-workbench GUI tool from scap-workbench package to verify that the system
|
||||
conforms to provided guideline. Refer to scap-security-guide(8) manual page for
|
||||
further information.
|
||||
|
||||
%package compat
|
||||
Summary: Extra package to ensure compatibility with firstaidkit-plugin-openscap
|
||||
License: Public Domain
|
||||
BuildArch: noarch
|
||||
Requires: xml-common, openscap-utils >= 0.9.1
|
||||
Provides: openscap-content, firstaidkit-plugin-openscap
|
||||
|
||||
%description compat
|
||||
This package corrects Provides requirements needed to maintain
|
||||
backward-compatibility with openscap-content and firstaidkit-plugin-openscap
|
||||
packages.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}-%{fedorassgrelease}
|
||||
%setup -q -n %{name}-%{version}
|
||||
|
||||
%build
|
||||
cd Fedora && make dist
|
||||
@ -53,9 +65,60 @@ cp -a Fedora/input/auxiliary/scap-security-guide.8 %{buildroot}%{_mandir}/en/man
|
||||
%lang(en) %{_mandir}/en/man8/scap-security-guide.8.*
|
||||
%doc Fedora/LICENSE Fedora/output/ssg-fedora-guide.html
|
||||
|
||||
%files compat
|
||||
|
||||
%changelog
|
||||
* Fri Nov 15 2013 Šimon Lukašík <slukasik@redhat.com> - 0.1-3.1
|
||||
- Rebuild to obsolete openscap-content package (#1028706)
|
||||
* Fri Dec 20 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.4-1
|
||||
- Fix remediation for sshd set keepalive (ClientAliveCountMax) and move
|
||||
it to /shared
|
||||
- Add shared remediations for sshd disable empty passwords and
|
||||
sshd set idle timeout
|
||||
- Shared remediation for sshd disable root login
|
||||
- Add empty -compat subpackage to ensure backward-compatibility with
|
||||
openscap-content and firstaidkit-plugin-openscap packages (RH BZ#1040335)
|
||||
- OVAL check for sshd disable root login
|
||||
- Fix typo in OVAL check for sshd disable empty passwords
|
||||
- OVAL check for sshd disable empty passwords
|
||||
- Unselect no shelllogin for systemaccounts rule from being run by default
|
||||
- Rename XCCDF rules
|
||||
- Revert Set up Fedora release name and CPE based on build system properties
|
||||
- Shared OVAL check for Verify that Shared Library Files Have Root Ownership
|
||||
- Shared OVAL check for Verify that System Executables Have Restrictive Permissions
|
||||
- Shared OVAL check for Verify that System Executables Have Root Ownership
|
||||
- Shared OVAL check for Verify that Shared Library Files Have Restrictive
|
||||
Permissions
|
||||
- Fix remediation for Disable Prelinking rule
|
||||
- OVAL check and remediation for sshd's ClientAliveCountMax rule
|
||||
- OVAL check for sshd's ClientAliveInterval rule
|
||||
- Include descriptions for permissions section, and rules for checking
|
||||
permissions and ownership of shared library files and system executables
|
||||
- Disable selected rules by default
|
||||
- Add remediation for Disable Prelinking rule
|
||||
- Adjust service-enable-macro, service-disable-macro XSLT transforms
|
||||
definition to evaluate to proper systemd syntax
|
||||
- Fix service_ntpd_enabled OVAL check make validate to pass again
|
||||
- Include patch from Šimon Lukašík to obsolete openscap-content
|
||||
package (RH BZ#1028706)
|
||||
- Add OVAL check to test if there's is remote NTP server configured for
|
||||
time data
|
||||
- Add system settings section for the guide (to track system wide
|
||||
hardening configurations)
|
||||
- Include disable prelink rule and OVAL check for it
|
||||
- Initial OVAL check if ntpd service is enabled. Add package_installed
|
||||
OVAL templating directory structure and functionality.
|
||||
- Include services section, and XCCDF description for selected ntpd's
|
||||
sshd's service rules
|
||||
- Include remediations for login.defs' based password minimum, maximum and
|
||||
warning age rules
|
||||
- Include directory structure to support remediations
|
||||
- Add SCAP "replace or append pattern value in text file based on variable"
|
||||
remediation script generator
|
||||
- Add remediation for "Set Password Minimum Length in login.defs" rule
|
||||
|
||||
* Mon Nov 18 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.3-1
|
||||
- Update versioning scheme - move fedorassgrelease to be part of
|
||||
upstream version. Rename it to fedorassgversion to avoid name collision
|
||||
with Fedora package release.
|
||||
|
||||
* Tue Oct 22 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-3
|
||||
- Add .gitignore for Fedora output directory
|
||||
|
||||
Loading…
Reference in New Issue
Block a user