diff --git a/.gitignore b/.gitignore index 49960ed..e0e820e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /scap-security-guide-0.1-3.tar.gz +/scap-security-guide-0.1.4.tar.gz diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 4a31a5c..0fd2e21 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -5,20 +5,20 @@ # file one level up - in the main scap-security-guide directory (instead of # this one). -%global fedorassgrelease 3 +%global fedorassgversion 4 Name: scap-security-guide -Version: 0.1 -Release: %{fedorassgrelease}.1%{?dist} +Version: 0.1.%{fedorassgversion} +Release: 1%{?dist} Summary: Security guidance and baselines in SCAP formats Group: Applications/System License: Public Domain URL: https://fedorahosted.org/scap-security-guide/ -Source0: http://fedorapeople.org/~jlieskov/%{name}-%{version}-%{fedorassgrelease}.tar.gz +Source0: http://fedorapeople.org/~jlieskov/%{name}-%{version}.tar.gz BuildArch: noarch BuildRequires: libxslt, expat, python, openscap-utils >= 0.9.1, python-lxml Requires: xml-common, openscap-utils >= 0.9.1 -Obsoletes: openscap-content < 0:0.9.13 +Obsoletes: openscap-content < 0:0.9.13 %description The scap-security-guide project provides a guide for configuration of the @@ -32,8 +32,20 @@ scap-workbench GUI tool from scap-workbench package to verify that the system conforms to provided guideline. Refer to scap-security-guide(8) manual page for further information. +%package compat +Summary: Extra package to ensure compatibility with firstaidkit-plugin-openscap +License: Public Domain +BuildArch: noarch +Requires: xml-common, openscap-utils >= 0.9.1 +Provides: openscap-content, firstaidkit-plugin-openscap + +%description compat +This package corrects Provides requirements needed to maintain +backward-compatibility with openscap-content and firstaidkit-plugin-openscap +packages. + %prep -%setup -q -n %{name}-%{version}-%{fedorassgrelease} +%setup -q -n %{name}-%{version} %build cd Fedora && make dist @@ -53,9 +65,60 @@ cp -a Fedora/input/auxiliary/scap-security-guide.8 %{buildroot}%{_mandir}/en/man %lang(en) %{_mandir}/en/man8/scap-security-guide.8.* %doc Fedora/LICENSE Fedora/output/ssg-fedora-guide.html +%files compat + %changelog -* Fri Nov 15 2013 Šimon Lukašík - 0.1-3.1 -- Rebuild to obsolete openscap-content package (#1028706) +* Fri Dec 20 2013 Jan iankko Lieskovsky 0.1.4-1 +- Fix remediation for sshd set keepalive (ClientAliveCountMax) and move + it to /shared +- Add shared remediations for sshd disable empty passwords and + sshd set idle timeout +- Shared remediation for sshd disable root login +- Add empty -compat subpackage to ensure backward-compatibility with + openscap-content and firstaidkit-plugin-openscap packages (RH BZ#1040335) +- OVAL check for sshd disable root login +- Fix typo in OVAL check for sshd disable empty passwords +- OVAL check for sshd disable empty passwords +- Unselect no shelllogin for systemaccounts rule from being run by default +- Rename XCCDF rules +- Revert Set up Fedora release name and CPE based on build system properties +- Shared OVAL check for Verify that Shared Library Files Have Root Ownership +- Shared OVAL check for Verify that System Executables Have Restrictive Permissions +- Shared OVAL check for Verify that System Executables Have Root Ownership +- Shared OVAL check for Verify that Shared Library Files Have Restrictive + Permissions +- Fix remediation for Disable Prelinking rule +- OVAL check and remediation for sshd's ClientAliveCountMax rule +- OVAL check for sshd's ClientAliveInterval rule +- Include descriptions for permissions section, and rules for checking + permissions and ownership of shared library files and system executables +- Disable selected rules by default +- Add remediation for Disable Prelinking rule +- Adjust service-enable-macro, service-disable-macro XSLT transforms + definition to evaluate to proper systemd syntax +- Fix service_ntpd_enabled OVAL check make validate to pass again +- Include patch from Šimon Lukašík to obsolete openscap-content + package (RH BZ#1028706) +- Add OVAL check to test if there's is remote NTP server configured for + time data +- Add system settings section for the guide (to track system wide + hardening configurations) +- Include disable prelink rule and OVAL check for it +- Initial OVAL check if ntpd service is enabled. Add package_installed + OVAL templating directory structure and functionality. +- Include services section, and XCCDF description for selected ntpd's + sshd's service rules +- Include remediations for login.defs' based password minimum, maximum and + warning age rules +- Include directory structure to support remediations +- Add SCAP "replace or append pattern value in text file based on variable" + remediation script generator +- Add remediation for "Set Password Minimum Length in login.defs" rule + +* Mon Nov 18 2013 Jan iankko Lieskovsky 0.1.3-1 +- Update versioning scheme - move fedorassgrelease to be part of + upstream version. Rename it to fedorassgversion to avoid name collision + with Fedora package release. * Tue Oct 22 2013 Jan iankko Lieskovsky 0.1-3 - Add .gitignore for Fedora output directory diff --git a/sources b/sources index 101d26c..873584b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -93e71669058b2cb6958dc4946042552d scap-security-guide-0.1-3.tar.gz +265b20ec271bc0eb31112d2ce2d07ea0 scap-security-guide-0.1.4.tar.gz