4 changed files with 20957 additions and 372 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1 @@
 SOURCES/scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2
 SOURCES/scap-security-guide-0.1.73.tar.bz2
--- a/.scap-security-guide.metadata
+++ b/.scap-security-guide.metadata
@ -1,2 +1 @@
 b22b45d29ad5a97020516230a6ef3140a91d050a SOURCES/scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2
 de6e660b1e837d2b2b99487bf377fa259b027b49 SOURCES/scap-security-guide-0.1.73.tar.bz2
--- a/SOURCES/scap-security-guide-0.1.73-add-almalinux9-product.patch
+++ b/SOURCES/scap-security-guide-0.1.73-add-almalinux9-product.patch
--- a/SPECS/scap-security-guide.spec
+++ b/SPECS/scap-security-guide.spec
@ -1,33 +1,30 @@
-# Base name of static rhel6 content tarball
+# SSG build system and tests count with build directory name `build`.
-%global _static_rhel6_content %{name}-0.1.52-2.el7_9-rhel6
+# For more details see:
 # https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
 %global _vpath_builddir build
 # global _default_patch_fuzz 2  # Normally shouldn't be needed as patches should apply cleanly
 Name:		scap-security-guide
 Version:	0.1.73
-Release:	1%{?dist}
+Release:	1%{?dist}.alma.1
 Summary:	Security guidance and baselines in SCAP formats
 License:	BSD-3-Clause
 Group:		Applications/System
 URL:		https://github.com/ComplianceAsCode/content/
 Source0:	https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2
 # Include tarball with last released rhel6 content
 Source1:	%{_static_rhel6_content}.tar.bz2
 BuildArch:	noarch
 # AlmaLinux 9
 Patch1000:      scap-security-guide-0.1.73-add-almalinux9-product.patch
 BuildRequires:	libxslt
 BuildRequires:	expat
 BuildRequires:	openscap-scanner >= 1.2.5
 BuildRequires:	cmake >= 2.8
-BuildRequires:	python3-devel
+BuildRequires:	python%{python3_pkgversion}-devel
 BuildRequires:	python%{python3_pkgversion}
 BuildRequires:	python%{python3_pkgversion}-jinja2
 BuildRequires:	python%{python3_pkgversion}-PyYAML
 Requires:	xml-common, openscap-scanner >= 1.2.5
 Obsoletes:	openscap-content < 0:0.9.13
 Provides:	openscap-content
 %description
 The scap-security-guide project provides a guide for configuration of the
@ -43,7 +40,6 @@ further information.
 %package	doc
 Summary:	HTML formatted security guides generated from XCCDF benchmarks
 Group:		System Environment/Base
 Requires:	%{name} = %{version}-%{release}
 %description	doc
@ -51,7 +47,7 @@ The %{name}-doc package contains HTML formatted documents containing
 hardening guidances that have been generated from XCCDF benchmarks
 present in %{name} package.
-%if ( %{defined rhel} && (! %{defined centos}) )
+%if %{defined rhel}
 %package	rule-playbooks
 Summary:	Ansible playbooks per each rule.
 Group:		System Environment/Base
@ -62,48 +58,36 @@ The %{name}-rule-playbooks package contains individual ansible playbooks per rul
 %endif
 %prep
-%autosetup -p1 -b1
+%autosetup -p1
 %define cmake_defines_common -DSSG_SEPARATE_SCAP_FILES_ENABLED=OFF -DSSG_BASH_SCRIPTS_ENABLED=OFF -DSSG_BUILD_SCAP_12_DS=OFF
 %define cmake_defines_specific %{nil}
 %if 0%{?rhel}
 %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{rhel}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON
 %endif
 %if 0%{?centos}
 %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON
 %endif
 %if 0%{?almalinux}
 %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_ALMALINUX%{almalinux}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON
 %endif
 %build
 mkdir -p build
-cd build
+%build
-%cmake \
+%cmake %{cmake_defines_common} %{cmake_defines_specific}
 -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE \
 -DSSG_PRODUCT_RHEL7:BOOLEAN=TRUE \
 -DSSG_PRODUCT_RHEL8:BOOLEAN=TRUE \
 -DSSG_PRODUCT_FIREFOX:BOOLEAN=TRUE \
 -DSSG_PRODUCT_JRE:BOOLEAN=TRUE \
 %if %{defined centos}
 -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON \
 %else
 -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF \
 %endif
 -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF \
 %if ( %{defined rhel} && (! %{defined centos}) )
 -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON \
 %endif
 ../
 %cmake_build
 %install
 cd build
 %cmake_install
-
+rm %{buildroot}/%{_docdir}/%{name}/README.md
-# Manually install pre-built rhel6 content
+rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
 cp -r %{_builddir}/%{_static_rhel6_content}/usr %{buildroot}
 cp -r %{_builddir}/%{_static_rhel6_content}/tables %{buildroot}%{_docdir}/%{name}
 cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name}
 %files
 %{_datadir}/xml/scap/ssg/content
 %{_datadir}/%{name}/kickstart
-%{_datadir}/%{name}/ansible
+%{_datadir}/%{name}/ansible/*.yml
 %{_datadir}/%{name}/bash
 %{_datadir}/%{name}/tailoring
 %lang(en) %{_mandir}/man8/scap-security-guide.8.*
 %doc %{_docdir}/%{name}/LICENSE
 %doc %{_docdir}/%{name}/README.md
 %doc %{_docdir}/%{name}/Contributors.md
 %if ( %{defined rhel} && (! %{defined centos}) )
 %exclude %{_datadir}/%{name}/ansible/rule_playbooks
 %endif
@ -112,408 +96,290 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name
 %doc %{_docdir}/%{name}/guides/*.html
 %doc %{_docdir}/%{name}/tables/*.html
-%if ( %{defined rhel} && (! %{defined centos}) )
+%if %{defined rhel}
 %files rule-playbooks
 %defattr(-,root,root,-)
 %{_datadir}/%{name}/ansible/rule_playbooks
 %endif
 %changelog
-* Tue May 21 2024 Jan Černý <jcerny@redhat.com> - 0.1.73-1
+* Fri Jun 07 2024 Andrew Lukoshko <alukoshko@almalinux.org> - 0.1.73-1.alma.1
- Rebase scap-security-guide package to version 0.1.73 (RHEL-36733)
+- Add AlmaLinux 9 support
 - Change crypto policy used in the CUI profile to FIPS (RHEL-30346)
 - Fix file path identification in Rsyslog configuration (RHEL-17202)
 - Use a correct chrony server address in STIG profile (RHEL-1814)
 - Don't BuildRequire /usr/bin/python3 (RHEL-2244)
-* Fri Feb 16 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-2
+* Mon May 20 2024 Vojtech Polasek <vpolasek@redhat.com> - 0.1.73-1
- Unlist profiles no longer maintained in RHEL8.
+- Rebase to a new upstream release 0.1.73 (RHEL-36663)
 - Correctly parse sudo options even if they are not quoted (RHEL-31976)
 - Ensure that web links within kickstart files are valid (RHEL-30735)
 - Align set of allowed SSH ciphers with STIG requirement (RHEL-29684)
 - Add audit rules on /etc/sysconfig/network-scripts (RHEL-29308)
 - Remove rule restricting user namespaces from stig_gui profile (RHEL-10416)
 - Add rule which enables auditing of files within /etc/sysconfig/network-scripts (RHEL-1093)
-* Wed Feb 14 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-1
+* Tue Feb 13 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-1
- Rebase to a new upstream release 0.1.72 (RHEL-25250)
+- Rebase to a new upstream release 0.1.72 (RHEL-21425)
- Increase CIS standards coverage regarding SSH and cron (RHEL-1314)
+- Check dropin files in /etc/systemd/journald.conf.d/ (RHEL-14484)
- Increase compatibility of accounts_tmout rule for ksh (RHEL-16896 and RHEL-1811)
+- Fix remediation to not update comments (RHEL-1484)
- Align Ansible and Bash remediation in sssd_certificate_verification rule (RHEL-1313)
+- Fix package check on SCAP tests for dnf settings (RHEL-17417)
- Add a warning to rule service_rngd_enabled about rule applicability (RHEL-1819)
+- Update description for audit_rules_kernel_module_loading (RHEL-1489)
- Add rule to terminate idle user sessions after defined time (RHEL-1801)
+- Disable remediation for /dev/shm options in offline mode (RHEL-16801)
- Allow spaces around equal sign in /etc/sudoers (RHEL-1904)
+- Include explanatory comment in the remediation of CCE-83871-4 (RHEL-17418)
- Add remediation for rule fapolicy_default_deny (RHEL-1817)
+* Tue Dec 05 2023 Jan Černý <jcerny@redhat.com> - 0.1.69-3
- Fix invalid syntax in file /usr/share/scap-security-guide/ansible/rhel8-playbook-ospp.yml (RHEL-19127)
+- Align STIG profile with official DISA STIG for RHEL 9 (RHEL-1807)
 - Refactor ensure_pam_wheel_group_empty (RHEL-1905)
 - Prevent remediation of display_login_attempts rule from creating redundant configuration entries (RHEL-1809)
 - Update PCI-DSS to v4 (RHEL-1808)
 - Fix regex in Ansible remediation of configure_ssh_crypto_policy (RHEL-1820)
-* Thu Aug 17 2023 Vojtech Polasek <vpolasek@redhat.com> - 0.1.69-2
+* Thu Aug 17 2023 Jan Černý <jcerny@redhat.com> - 0.1.69-2
- remove problematic rule from ANSSI High profile (RHBZ#2221695)
+- Remove OpenSSH crypto policy hardening rules from STIG profile (RHBZ#2221697)
 - Fix ANSSI High profile with secure boot (RHBZ#2221697)
-* Thu Aug 10 2023 Jan Černý <jcerny@redhat.com> - 0.1.69-1
+* Wed Aug 09 2023 Jan Černý <jcerny@redhat.com> - 0.1.69-1
- Rebase to a new upstream release 0.1.69 (RHBZ#2221695)
+- Rebase to a new upstream release 0.1.69 (RHBZ#2221697)
- Fixed CCE link URL (RHBZ#2178516)
+- Improve CIS benchmark rules related to auditing of kernel module related events (RHBZ#2209657)
- align remediations with rule description for rule configuring OpenSSL cryptopolicy (RHBZ#2192893)
+- SSSD configuration files are now created with correct permissions whenever remediating SSSD related rules (RHBZ#2211511)
- Add rule audit_rules_login_events_faillock to STIG profile (RHBZ#2167999)
+- add warning about migration of network configuration files when upgrading from RHEL 8 to RHEL 9 (RHBZ#2172555)
- Fixed rules related to AIDE configuration (RHBZ#2175684)
+- Correct URL used to download CVE checks. (RHBZ#2223178)
- Allow default permissions for files stored on EFI FAT partitions (RHBZ#2184487)
+- update ANSSI BP-028 profiles to be aligned with version 2.0 (RHBZ#2155790)
- Add appropriate STIGID to accounts_passwords_pam_faillock_interval rule (RHBZ#2209073)
+- Fixed excess quotes in journald configuration files (RHBZ#2193169)
- improved and unified OVAL checks checking for interactive users (RHBZ#2157877)
+- Change rules checking home directories to apply only to local users (RHBZ#2203791)
- update ANSSI BP-028 profiles to be aligned with version 2.0 (RHBZ#2155789)
+- Change rules checking password age to apply only to local users (RHBZ#2213958)
- unify OVAL checks to correctly identify interactive users (RHBZ#2178740)
+- Updated man page (RHBZ#2060028)
 - make rule checking for Postfix unrestricted relay accept more variants of valid configuration syntax (RHBZ#2170530)
 - Fixed excess quotes in journald configuration files (RHBZ#2169857)
 - rules related to polyinstantiated directories are not applied when building images for Image Builder (RHBZ#2130182)
 - evaluation and remediation of rules related to mount points have been enhanced for Image Builder (RHBZ#2130185)
 - do not enable FIPS mode when creating hardened images for Image Builder (RHBZ#2130181)
 - Correct URL used to download CVE checks (RHBZ#2222583)
 - mention exact required configuration value in description of some PAM related rules (RHBZ#2175882)
 - make mount point related rules not applicable when no such mount points exist (RHBZ#2176008)
 - improve checks determining if FIPS mode is enabled (RHBZ#2129100)
-* Mon Feb 13 2023 Watson Sato <wsato@redhat.com> - 0.1.66-2
+* Mon Feb 13 2023 Watson Sato <wsato@redhat.com> - 0.1.66-1
- Unselect rule logind_session_timeout (RHBZ#2158404)
+- Rebase to a new upstream release 0.1.66 (RHBZ#2169443)
 - Fix remediation of audit watch rules (RHBZ#2169441)
 - Fix check firewalld_sshd_port_enabled (RHBZ#2169443)
 - Fix accepted control flags for pam_pwhistory (RHBZ#2169443)
 - Unselect rule logind_session_timeout (RHBZ#2169443)
 - Add support rainer scripts in rsyslog rules (RHBZ#2169445)
-* Mon Feb 06 2023 Watson Sato <wsato@redhat.com> - 0.1.66-1
+* Thu Aug 25 2022 Gabriel Becker <ggasparb@redhat.com> - 0.1.63-5
- Rebase to a new upstream release 0.1.66 (RHBZ#2158404)
+- OSPP: fix rule related to coredump (RHBZ#2081688)
 - Update RHEL8 STIG profile to V1R9 (RHBZ#2152658)
 - Fix levels of CIS rules (RHBZ#2162803)
 - Remove unused RHEL8 STIG control file (RHBZ#2156192)
 - Fix accounts_password_pam_unix_remember's check and remediations (RHBZ#2153547)
 - Fix handling of space in sudo_require_reauthentication (RHBZ#2152208)
 - Add rule for audit immutable login uids (RHBZ#2151553)
 - Fix remediation of audit watch rules (RHBZ#2119356)
 - Align file_permissions_sshd_private_key with DISA Benchmark (RHBZ#2115343)
 - Fix applicability of kerberos rules (RHBZ#2099394)
 - Add support rainer scripts in rsyslog rules (RHBZ#2072444)
-* Tue Jan 10 2023 Watson Sato <wsato@redhat.com> - 0.1.63-5
+* Tue Aug 23 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-4
- Update RHEL8 STIG profile to V1R8 (RHBZ#2148446)
+- use sysctl_kernel_core_pattern rule again in RHEL9 OSPP (RHBZ#2081688)
 - Add rule warning for sysctl IPv4 forwarding config (RHBZ#2118758)
 - Fix remediation for firewalld_sshd_port_enabled (RHBZ#2116474)
 - Fix compatibility with Ansible 2.14
-* Wed Aug 17 2022 Watson Sato <wsato@redhat.com> - 0.1.63-4
+* Thu Aug 11 2022 Matej Tyc <matyc@redhat.com> - 0.1.63-3
- Fix check of enable_fips_mode on s390x (RHBZ#2070564)
+- Readd rules to the benchmark to be compatible across all minor versions of RHEL9 (RHBZ#2117669)
 * Mon Aug 15 2022 Watson Sato <wsato@redhat.com> - 0.1.63-3
 - Fix Ansible partition conditional (RHBZ#2032403)
 * Wed Aug 10 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-2
- aligning with the latest STIG update (RHBZ#2112937)
+- OSPP: utilize different audit rule set for different hardware platforms (RHBZ#1998583)
- OSPP: use Authselect minimal profile (RHBZ#2117192)
+- OSPP: update rules related to coredumps (RHBZ#2081688)
- OSPP: change rules for protecting of boot (RHBZ#2116440)
+- OSPP: update rules related to BPF (RHBZ#2081728)
- add warning about configuring of TCP queues to rsyslog_remote_loghost (RHBZ#2078974)
+- fix description of require_singleuser_mode (RHBZ#2092799)
- fix handling of Defaults clause in sudoers (RHBZ#2083109)
+- fix remediation of OpenSSL cryptopolicy (RHBZ#2108569)
- make rules checking for mount options of /tmp and /var/tmp applicable only when the partition really exists (RHBZ#2032403)
+- OSPP: use minimal Authselect profile(RHBZ#2114979)
 - fix handling of Rsyslog include directives (RHBZ#2075384)
 * Mon Aug 01 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-1
- Rebase to a new upstream release 0.1.63 (RHBZ#2070564)
+- Rebase to a new upstream release 0.1.63 (RHBZ#2070563)
 * Mon Jul 18 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.62-2
 - Remove sysctl_fs_protected_* rules from RHEL9 OSPP (RHBZ#2081719)
 - Make rule audit_access_success_ unenforcing in RHEL9 OSPP (RHBZ#2058154)
 - Drop zipl_vsyscall_argument rule from RHEL9 OSPP profile (RHBZ#2060049)
 - make sysctl_user_max_user_namespaces in RHEL9 OSPP (RHBZ#2083716)
 - Remove some sysctl rules  related to network from RHEL9 OSPP (RHBZ#2081708)
 - Add rule to check if Grub2 recovery is disabled to RHEL9 OSPP (RHBZ#2092809)
 - Add rule grub2_systemd_debug-shell_argument_absent (RHBZ#2092840)
 - Remove rule accounts_password_minlen_login_defs from all profiles (RHBZ#2073040)
 - Remove rules related to remove logging from RHEL9 OSPP (RHBZ#2105016)
 - Remove sshd_enable_strictmodes from OSPP (RHBZ#2105278)
 - Remove rules related to NIS services (RHBZ#2096602)
 - Make rule stricter when checking for FIPS crypto-policies (RHBZ#2057082)
 * Wed Jun 01 2022 Matej Tyc <matyc@redhat.com> - 0.1.62-1
- Rebase to a new upstream release (RHBZ#2070564)
+- Rebase to a new upstream release (RHBZ#2070563)
 * Tue May 17 2022 Watson Sato <wsato@redhat.com> - 0.1.60-9
 - Fix validation of OVAL 5.10 content (RHBZ#2079241)
 - Fix Ansible sysctl remediation (RHBZ#2079241)
 * Tue May 03 2022 Watson Sato <wsato@redhat.com> - 0.1.60-8
 - Update to ensure a sysctl option is not defined in multiple files (RHBZ#2079241)
 - Update RHEL8 STIG profile to V1R6 (RHBZ#2079241)
 * Thu Feb 24 2022 Watson Sato <wsato@redhat.com> - 0.1.60-7
 - Resize ANSSI kickstart partitions to accommodate GUI installs (RHBZ#2058033)
 * Wed Feb 23 2022 Matthew Burket <mburket@redhat.com> - 0.1.60-6
 - Fix another issue with getting STIG items in create_scap_delta_tailoring.py (RHBZ#2014485)
 * Mon Feb 21 2022 Gabriel Becker <ggasparb@redhat.com> - 0.1.60-5
- Remove tmux process runinng check in configure_bashrc_exec_tmux (RHBZ#2055860)
+- Remove tmux process runinng check in configure_bashrc_exec_tmux (RHBZ#2056847)
- Fix issue with getting STIG items in create_scap_delta_tailoring.py (RHBZ#2014485)
+- Fix issue with getting STIG items in create_scap_delta_tailoring.py (RHBZ#2014561)
- Update rule enable_fips_mode to check only for technical state (RHBZ#2014485)
+- Update rule enable_fips_mode to check only for technical state (RHBZ#2057457)
-* Wed Feb 16 2022 Watson Sato <wsato@redhat.com> - 0.1.60-4
+* Tue Feb 15 2022 Watson Sato <wsato@redhat.com> - 0.1.60-4
- Fix Ansible service disabled tasks (RHBZ#2014485)
+- Fix Ansible service disabled tasks (RHBZ#2014561)
- Set rule package_krb5-workstation_removed as not applicable on RHV (RHBZ#2055149)
+- Update description of OSPP profile (RHBZ#2045386)
 - Add page_aloc.shuffle rules for OSPP profile (RHBZ#2055118)
 * Mon Feb 14 2022 Gabriel Becker <ggasparb@redhat.com> - 0.1.60-3
- Update sudoers rules in RHEL8 STIG V1R5 (RHBZ#2049555)
+- Update sudoers rules in RHEL8 STIG V1R5 (RHBZ#2045403)
- Add missing SRG references in RHEL8 STIG V1R5 rules (RHBZ#2049555)
+- Add missing SRG references in RHEL8 STIG V1R5 rules (RHBZ#2045403)
- Update chronyd_or_ntpd_set_maxpoll to disregard server and poll directives (RHBZ#2026301)
+- Update chronyd_or_ntpd_set_maxpoll to disregard server and poll directives (RHBZ#2045403)
- Fix GRUB2 rule template to configure the module correctly on RHEL8 (RHBZ#2030966)
+- Fix GRUB2 rule template to configure the module correctly on RHEL8 (RHBZ#2014561)
- Update GRUB2 rule descriptions (RHBZ#2014485)
+- Update GRUB2 rule descriptions (RHBZ#2020623)
- Make package_rear_installed not applicable on AARCH64 (RHBZ#2014485)
+- Make package_rear_installed not applicable on AARCH64 (RHBZ#2014561)
 * Fri Feb 11 2022 Watson Sato <wsato@redhat.com> - 0.1.60-2
- Update RHEL8 STIG profile to V1R5 (RHBZ#2049555)
+- Update OSPP profile (RHBZ#2016038, RHBZ#2043036, RHBZ#2020670, RHBZ#2046289)
 - Align audit rules for OSPP profile (RHBZ#2000264)
 - Fix rule selection in ANSSI Enhanced profile (RHBZ#2053587)
 * Thu Jan 27 2022 Watson Sato <wsato@redhat.com> - 0.1.60-1
- Rebase to a new upstream release (RHBZ#2014485)
+- Rebase to a new upstream release (RHBZ#2014561)
-* Wed Dec 01 2021 Watson Sato <wsato@redhat.com> - 0.1.59-1
+* Wed Dec 08 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.59-1
- Rebase to a new upstream release (RHBZ#2014485)
+- Rebase to a new upstream release (RHBZ#2014561)
 - Enable Centos Stream 9 content (RHBZ#2021284)
 * Fri Oct 15 2021 Matej Tyc <matyc@redhat.com> - 0.1.58-1
- Rebase to a new upstream release. (RHBZ#2014485)
+- Rebase to a new upstream release (RHBZ#2014561)
 - Disable profiles that we disable in RHEL8
 - Add a VM wait handling to fix issues with tests.
-* Tue Aug 24 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-4
+* Wed Aug 25 2021 Matej Tyc <matyc@redhat.com> - 0.1.57-5
- Fix a value selector in RHEL8 CIS L1 profiles (RHBZ#1993197)
+- Fix remediations applicability of zipl rules
  Resolves: rhbz#1996847
-* Mon Aug 23 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-3
+* Tue Aug 24 2021 Matej Tyc <matyc@redhat.com> - 0.1.57-4
- Fix remaining audit rules file permissions (RHBZ#1993056)
+- Fix a broken HTTP link
- Mark a STIG service rule as machine only (RHBZ#1993056)
+  Add CIS profile based on RHEL8 CIS, fix its Crypto Policy usage
- Fix a remaining broken RHEL7 documentation link. (RHBZ#1966577)
+  Resolves: rhbz#1962564
-* Fri Aug 20 2021 Marcus Burghardt <maburgha@redhat.com> - 0.1.57-2
+* Tue Aug 17 2021 Matej Tyc <matyc@redhat.com> - 0.1.57-3
- Update Ansible login banner fixes to avoid unnecessary updates (RHBZ#1857179)
+- Use SSHD directory-based configuration.
- Include tests for Ansible Playbooks that remove and reintroduce files.
+  Resolves: rhbz#1962564
- Update RHEL8 STIG profile to V1R3 (RHBZ#1993056) 
+- Introduce ISM kickstarts
- Improve Audit Rules remediation to group similar syscalls (RHBZ#1876483)
+  Resolves: rhbz#1978290
- Reestructure RHEL7 and RHEL8 CIS profiles according to the policy (RHBZ#1993197)
+- Deliver numerous RHEL9 fixes to rules - see related BZs for details.
- Add Kickstart files for ISM profile (RHBZ#1955373)
+  TLDR: Enable remediations by means of platform metadata,
- Fix broken RHEL7 documentation links (RHBZ#1966577)
+  enable the RHEL9 GPG rule, introduce the s390x platform,
  fix the ctrl-alt-del reboot disable, fix grub2 UEFI config file location,
  address the subscription-manager package merge, and
  enable and select more rules applicable to RHEL9.
  Resolves: rhbz#1987227
  Resolves: rhbz#1987226
  Resolves: rhbz#1987231
  Resolves: rhbz#1988289
-* Fri Jul 30 2021 Matej Tyc <matyc@redhat.com> - 0.1.57-1
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.1.57-2
- Update to the latest upstream release (RHBZ#1966577)
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
- Enable the ISM profile.
+  Related: rhbz#1991688
-* Tue Jun 8 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.56-2
+* Wed Jul 28 2021 Matej Tyc <matyc@redhat.com> - 0.1.57-1
- Create subpackage to hold ansible playbooks per rule (RHBZ#1966604)
+- Upgrade to the latest upstream release
 - Introduce more complete RHEL9 content in terms of rules, profiles and kickstarts.
-* Tue Jun 01 2021 Watson Sato <wsato@redhat.com> - 0.1.56-1
+* Wed Jul 07 2021 Matej Tyc <matyc@redhat.com> - 0.1.56-3
- Update to the latest upstream release (RHBZ#1966577)
+- Introduced the playbooks subpackage.
- Add ANSSI High Profile (RHBZ#1955183)
+- Enabled CentOS content on CentOS systems.
 - Solved missing CCEs problem by unselecting problematic rules by means of editing patches or by porting PRs that unselect them.
-* Wed Feb 17 2021 Watson Sato <wsato@redhat.com> - 0.1.54-5
+* Mon Jun 28 2021 Matej Tyc <matyc@redhat.com> - 0.1.56-2
- Remove Kickstart for not shipped profile (RHBZ#1778188)
+- Enable more RHEL9 rules and introduce RHEL9 profile stubs
-* Tue Feb 16 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.54-4
+* Wed May 19 2021 Jan Černý <jcerny@redhat.com> - 0.1.56-1
- Remove auditd_data_retention_space_left from RHEL8 STIG profile (RHBZ#1918742)
+- Upgrade to the latest upstream release
 - remove README.md and Contributors.md
 - remove SCAP component files
 - remove SCAP 1.2 source data streams
 - remove HTML guides for the virtual “(default)” profile
 - remove profile Bash remediation scripts
 - build only RHEL9 content
 - remove other products
 - use autosetup in %prep phase
-* Tue Feb 16 2021 Vojtech Polasek <vpolasek@redhat.com> - 0.1.54-3
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.1.54-3
- drop kernel_module_vfat_disabled from CIS profiles (RHBZ#1927019)
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
-* Fri Feb 12 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.54-2
+* Fri Feb 12 2021 Vojtech Polasek <vpolasek@redhat.com> - 0.1.54-2
- Add initial RHEL8 STIG V1R1 profile (RHBZ#1918742)
+- fix definition of build directory
-* Thu Feb 04 2021 Watson Sato <wsato@redhat.com> - 0.1.54-1
+* Fri Feb 05 2021 Vojtech Polasek <vpolasek@redhat.com> - 0.1.54-1
- Update to the latest upstream release (RHBZ#1889344)
+- Update to latest upstream SCAP-Security-Guide-0.1.54 release:
- Add Minimal, Intermediary and Enhanced ANSSI Profiles (RHBZ#1778188)
+  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.54
-* Fri Jan 08 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.53-4
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.53-2
- Fix description of rule installed_OS_is_vendor_supported (RHBZ#1914193)
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 - Fix RHEL6 CPE dictionary (RHBZ#1899059)
 - Fix SRG mapping references for ssh_client_rekey_limit and use_pam_wheel_for_su (RHBZ#1914853)
-* Tue Dec 15 2020 Gabriel Becker <ggasparb@redhat.com> - 0.1.53-3
+* Mon Nov 16 2020 Vojtech Polasek <vpolasek@redhat.com> - 0.1.53-1
- Enforce pam_wheel for "su" in the OSPP profile (RHBZ#1884062)
+- Update to latest upstream SCAP-Security-Guide-0.1.53 release:
- Fix case insensitive checking in rsyslog_remote_tls (RHBZ#1899032)
+  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.53
 - Exclude kernel_trust_cpu_rng related rules on s390x (RHBZ#1899041)
 - Create a SSH_USE_STRONG_RNG rule for SSH client and select it in OSPP profile (RHBZ#1884067)
 - Disable usbguard rules on s390x architecture (RHBZ#1899059)
-* Thu Dec 03 2020 Watson Sato <wsato@redhat.com> - 0.1.53-2
+* Wed Sep 23 2020 Vojtech Polasek <vpolasek@redhat.com> - 0.1.52-3
- Update list of profiles built (RHBZ#1889344)
+- revert previous rework, it did not solve the problem
-* Wed Nov 25 2020 Vojtech Polasek <vpolasek@redhat.com> - 0.1.53-1
+* Wed Sep 23 2020 Vojtech Polasek <vpolasek@redhat.com> - 0.1.52-2
- Update to the latest upstream release (RHBZ#1889344)
+- rewrite solution for CMake out of source builds
-* Wed Sep 02 2020 Matěj Týč <matyc@redhat.com> - 0.1.50-14
+* Mon Sep 21 2020 Vojtech Polasek <vpolasek@redhat.com> - 0.1.52-1
- Added a kickstart for the RHEL-8 CUI Profile (RHBZ#1762962)
+- Update to latest upstream SCAP-Security-Guide-0.1.52 release:
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.52
-* Tue Aug 25 2020 Watson Sato <wsato@redhat.com> - 0.1.50-13
+* Tue Aug 04 2020 Jan Černý <jcerny@redhat.com> - 0.1.51-4
- Enable build of RHEL-8 CUI Profile (RHBZ#1762962)
+- Update for new CMake out of source builds
  https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
 - Fix FTBS in Rawhide/F33 (RHBZ#1863741)
-* Fri Aug 21 2020 Matěj Týč <matyc@redhat.com> - 0.1.50-12
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.51-3
- remove rationale from rules that contain defective links (rhbz#1854854)
+- Second attempt - Rebuilt for
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-* Thu Aug 20 2020 Matěj Týč <matyc@redhat.com> - 0.1.50-11
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.51-2
- fixed link in a grub2 rule description (rhbz#1854854)
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 - fixed selinux_all_devicefiles_labeled rule (rhbz#1852367)
 - fixed no_shelllogin_for_systemaccounts on ubi8 (rhbz#1836873)
-* Mon Aug 17 2020 Matěj Týč <matyc@redhat.com> - 0.1.50-10
+* Fri Jul 17 2020 Vojtech Polasek <vpolasek@redhat.com> - 0.1.51-1
- Update the scapval invocation (RHBZ#1815007)
+- Update to latest upstream SCAP-Security-Guide-0.1.51 release:
- Re-added the SSH Crypto Policy rule to OSPP, and added an SRG to the rule (RHBZ#1815007)
+  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.51
 - Change the spec file macro invocation from patch to Patch
 - Fix the rekey limit in ssh/sshd rules (RHBZ#1813066)
-* Wed Aug 05 2020 Vojtech Polasek <vpolasek@redhat.com> - 0.1.50-9
+* Mon Mar 23 2020 Watson Sato <wsato@redhat.com> - 0.1.49-1
- fix description of HIPAA profile (RHBZ#1867559)
+- Update to latest upstream SCAP-Security-Guide-0.1.49 release:
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.49
-* Fri Jul 17 2020 Watson Sato <wsato@redhat.com> - 0.1.50-8
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.48-2
- Add rule to harden OpenSSL crypto-policy (RHBZ#1852928)
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
  - Remove CCM from TLS Ciphersuites
-* Mon Jun 29 2020 Matěj Týč <matyc@redhat.com> - 0.1.50-7
+* Thu Jan 16 2020 Watson Sato <wsato@redhat.com> - 0.1.48-1
- Fix the OpenSSL Crypto Policy rule (RHBZ#1850543)
+- Update to latest upstream SCAP-Security-Guide-0.1.48 release:
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.48
-* Mon Jun 22 2020 Gabriel Becker <ggasparb@redhat.com> - 0.1.50-6
+* Mon Dec 09 2019 Matěj Týč <matyc@redhat.com> - 0.1.47-2
- Fix rsyslog permissions/ownership rules (RHBZ#1781606)
+- Hotfix of the XML parsing fix.
-* Thu May 28 2020 Gabriel Becker <ggasparb@redhat.com> - 0.1.50-5
+* Mon Dec 09 2019 Matěj Týč <matyc@redhat.com> - 0.1.47-1
- Fix SELinux remediation to detect properly current configuration. (RHBZ#1750526)
+- Update to latest upstream SCAP-Security-Guide-0.1.47 release:
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.47
 - Fixed XML parsing of remediation functions.
-* Tue May 26 2020 Watson Sato <wsato@redhat.com> - 0.1.50-4
+* Mon Jul 29 2019 Watson Sato <wsato@redhat.com> - 0.1.45-1
- CIS Ansible fixes (RHBZ#1760734)
+- Update to latest upstream SCAP-Security-Guide-0.1.45 release:
- HIPAA Ansible fixes (RHBZ#1832760)
+  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.45
-* Mon May 25 2020 Watson Sato <wsato@redhat.com> - 0.1.50-3
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.44-2
- - HIPAA Profile (RHBZ#1832760)
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
  - Enable build of RHEL8 HIPAA Profile
  - Add kickstarts for HIPAA
 - CIS Profile (RHBZ#1760734)
  - Add Ansible fix for sshd_set_max_sessions
  - Add CIS Profile content attribution to Center for Internet Security
-* Fri May 22 2020 Watson Sato <wsato@redhat.com> - 0.1.50-2
+* Mon May 06 2019 Watson Yuuma Sato <wsato@redhat.com> - 0.1.44-1
- Fix Ansible for no_direct_root_logins
+- Update to latest upstream SCAP-Security-Guide-0.1.44 release:
- Fix Ansible template for SELinux booleans
+  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.44
 - Add CCEs to rules in RHEL8 CIS Profile (RHBZ#1760734)
-* Wed May 20 2020 Watson Sato <wsato@redhat.com> - 0.1.50-2
+* Fri Feb 22 2019 Watson Yuuma Sato <wsato@redhat.com> - 0.1.43-1
- Update selections in RHEL8 CIS Profile (RHBZ#1760734)
+- Update to latest upstream SCAP-Security-Guide-0.1.43 release:
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.43
 - Update URL and source URL
-* Tue May 19 2020 Watson Sato <wsato@redhat.com> - 0.1.50-1
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.42-2
- Update to the latest upstream release (RHBZ#1815007)
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-* Thu Mar 19 2020 Gabriel Becker <ggasparb@redhat.com> - 0.1.49-1
+* Wed Dec 12 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.42-1
 - Update to the latest upstream release (RHBZ#1815007)
 * Tue Feb 11 2020 Watson Sato <wsato@redhat.com> - 0.1.48-7
 - Update baseline package list of OSPP profile
 * Thu Feb 06 2020 Watson Sato <wsato@redhat.com> - 0.1.48-6
 - Rebuilt with correct spec file
 * Thu Feb 06 2020 Watson Sato <wsato@redhat.com> - 0.1.48-5
 - Add SRG references to STIG rules (RHBZ#1755447)
 * Mon Feb 03 2020 Vojtech Polasek <vpolasek@redhat.com> - 0.1.48-4
 - Drop rsyslog rules from OSPP profile
 - Update COBIT URI
 - Add rules for strong source of RNG entropy
 - Enable build of RHEL8 STIG Profile (RHBZ#1755447)
 - STIG profile: added rsyslog rules and updated SRG mappings
 - Split audit rules according to audit component (RHBZ#1791312)
 * Tue Jan 21 2020 Watson Sato <wsato@redhat.com> - 0.1.48-3
 - Update crypto-policy test scenarios
 - Update max-path-len test to skip tests/logs directory
 * Fri Jan 17 2020 Watson Sato <wsato@redhat.com> - 0.1.48-2
 - Fix list of tables that are generated for RHEL8
 * Fri Jan 17 2020 Watson Sato <wsato@redhat.com> - 0.1.48-1
 - Update to latest upstream SCAP-Security-Guide-0.1.48 release
 * Tue Nov 26 2019 Matěj Týč <matyc@redhat.com> - 0.1.47-2
 - Improved the e8 profile (RHBZ#1755194)
 * Mon Nov 11 2019 Vojtech Polasek <vpolasek@redhat.com> - 0.1.47-1
 - Update to latest upstream SCAP-Security-Guide-0.1.47 release (RHBZ#1757762)
 * Wed Oct 16 2019 Gabriel Becker <ggasparb@redhat.com> - 0.1.46-3
 - Align SSHD crypto policy algorithms to Common Criteria Requirements. (RHBZ#1762821)
 * Wed Oct 09 2019 Watson Sato <wsato@redhat.com> - 0.1.46-2
 - Fix evaluaton and remediation of audit rules in PCI-DSS profile (RHBZ#1754919)
 * Mon Sep 02 2019 Watson Sato <wsato@redhat.com> - 0.1.46-1
 - Update to latest upstream SCAP-Security-Guide-0.1.46 release
 - Align OSPP Profile with Common Criteria Requirements (RHBZ#1714798)
 * Wed Aug 07 2019 Milan Lysonek <mlysonek@redhat.com> - 0.1.45-2
 - Use crypto-policy rules in OSPP profile.
 - Re-enable FIREFOX and JRE product in build.
 - Change test suite logging message about missing profile from ERROR to WARNING.
 - Build only one version of SCAP content at a time.
 * Tue Aug 06 2019 Milan Lysonek <mlysonek@redhat.com> - 0.1.45-1
 - Update to latest upstream SCAP-Security-Guide-0.1.45 release
 * Mon Jun 17 2019 Matěj Týč <matyc@redhat.com> - 0.1.44-2
 - Ported changelog from late 8.0 builds.
 - Disabled build of the OL8 product, updated other components of the cmake invocation.
 * Fri Jun 14 2019 Matěj Týč <matyc@redhat.com> - 0.1.44-1
 - Update to latest upstream SCAP-Security-Guide-0.1.44 release
 * Mon Mar 11 2019 Gabriel Becker <ggasparb@redhat.com> - 0.1.42-11
 - Assign CCE to rules from OSPP profile which were missing the identifier.
 - Fix regular expression for Audit rules ordering
 - Account for Audit rules flags parameter position within syscall
 - Add remediations for Audit rules file path
 - Add Audit rules for modification of /etc/shadow and /etc/gshadow
 - Add Ansible and Bash remediations for directory_access_var_log_audit rule
 - Add a Bash remediation for Audit rules that require ordering
 * Thu Mar 07 2019 Gabriel Becker <ggasparb@redhat.com> - 0.1.42-10
 - Assign CCE identifier to rules used by RHEL8 profiles.
 * Thu Feb 14 2019 Matěj Týč <matyc@redhat.com> - 0.1.42-9
 - Fixed Crypto Policy OVAL for NSS
 - Got rid of rules requiring packages dropped in RHEL8.
 - Profile descriptions fixes.
 * Tue Jan 22 2019 Jan Černý <jcerny@redhat.com> - 0.1.42-8
 - Update applicable platforms in crypto policy tests
 * Mon Jan 21 2019 Jan Černý <jcerny@redhat.com> - 0.1.42-7
 - Introduce Podman backend for SSG Test suite
 - Update bind and libreswan crypto policy test scenarios
 * Fri Jan 11 2019 Matěj Týč <matyc@redhat.com> - 0.1.42-6
 - Further fix of profiles descriptions, so they don't contain literal '\'.
 - Removed obsolete sshd rule from the OSPP profile.
 * Tue Jan 08 2019 Matěj Týč <matyc@redhat.com> - 0.1.42-5
 - Fixed profiles descriptions, so they don't contain literal '\n'.
 - Made the configure_kerberos_crypto_policy OVAL more robust.
 - Made OVAL for libreswan and bind work as expected when those packages are not installed.
 * Wed Jan 02 2019 Matěj Týč <matyc@redhat.com> - 0.1.42-4
 - Fixed the regression of enable_fips_mode missing OVAL due to renamed OVAL defs.
 * Tue Dec 18 2018 Matěj Týč <matyc@redhat.com> - 0.1.42-3
 - Added FIPS mode rule for the OSPP profile.
 - Split the installed_OS_is certified rule.
 - Explicitly disabled OSP13, RHV4 and Example products.
 * Mon Dec 17 2018 Gabriel Becker <ggasparb@redhat.com> - 0.1.42-2
 - Add missing kickstart files for RHEL8
 - Disable profiles that are not in good shape for RHEL8
 * Wed Dec 12 2018 Matěj Týč <matyc@redhat.com> - 0.1.42-1
 - Update to latest upstream SCAP-Security-Guide-0.1.42 release:
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.42
- System-wide crypto policies are introduced for RHEL8
+- Fix man page build dependency on derivative content
 - Patches introduced the RHEL8 product were dropped, as it has been upstreamed.
-* Wed Oct 10 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.41-2
+* Mon Oct 01 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.41-1
 - Fix man page and package description
 * Mon Oct 08 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.41-1
 - Update to latest upstream SCAP-Security-Guide-0.1.41 release:
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.41
- Add RHEL8 Product with OSPP4.2 and PCI-DSS Profiles
+- Fix Licence of this package
-* Mon Aug 13 2018 Watson Sato <wsato@redhat.com> - 0.1.40-3
+* Wed Jul 25 2018 Matěj Týč <matyc@redhat.com> - 0.1.40-1
- Use explicit path BuildRequires to get /usr/bin/python3 inside the buildroot
+- Update to latest upstream SCAP-Security-Guide-0.1.40 release:
- Only build content for rhel8 products
+  https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.40
 - Update to use Python3 for build.
-* Fri Aug 10 2018 Watson Sato <wsato@redhat.com> - 0.1.40-2
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.39-3
- Update build of rhel8 content
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-* Fri Aug 10 2018 Watson Sato <wsato@redhat.com> - 0.1.40-1
+* Fri May 04 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.39-2
- Enable build of rhel8 content
+- Add python version to python2-jinja2 package
-* Fri May 18 2018 Jan Černý <jcerny@redhat.com> - 0.1.39-1
+* Fri May 04 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.39-1
 - Update to latest upstream SCAP-Security-Guide-0.1.39 release:
  https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.39
- Fix spec file to build using Python 3
+
- Fix License because upstream changed to BSD-3
+* Mon Mar 05 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.38-2
 - Add python version to python package prefixes
 * Mon Mar 05 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.38-1
 - Update to latest upstream SCAP-Security-Guide-0.1.38 release:
@ -683,7 +549,7 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name
 * Tue Oct 22 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-3
 - Add .gitignore for Fedora output directory
 - Set up Fedora release name and CPE based on build system properties
- Use correct file paths in scap-security-guide(8) manual page
+- Use correct file paths in scap-security-guide(8) manual page 
  (RH BZ#1018905, c#10)
 - Apply further changes motivated by scap-security-guide Fedora RPM review
  request (RH BZ#1018905, c#8):
`@ -1,2 +1 @@`
	`SOURCES/scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2`
	`SOURCES/scap-security-guide-0.1.73.tar.bz2`	`SOURCES/scap-security-guide-0.1.73.tar.bz2`
`@ -1,2 +1 @@`
	`b22b45d29ad5a97020516230a6ef3140a91d050a SOURCES/scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2`
	`de6e660b1e837d2b2b99487bf377fa259b027b49 SOURCES/scap-security-guide-0.1.73.tar.bz2`	`de6e660b1e837d2b2b99487bf377fa259b027b49 SOURCES/scap-security-guide-0.1.73.tar.bz2`