Blame SPECS/scap-security-guide.spec

df3ea4
%global		redhatssgversion	36
df3ea4
df3ea4
# Somehow, _pkgdocdir is already defined and points to unversioned docs dir
df3ea4
# RHEL 7.X uses versioned docs dir, hence the definition below
df3ea4
%global _pkgdocdir %{_docdir}/%{name}-%{version}
df3ea4
df3ea4
Name:		scap-security-guide
df3ea4
Version:	0.1.%{redhatssgversion}
5b3ad7
Release:	10%{?dist}
df3ea4
Summary:	Security guidance and baselines in SCAP formats
df3ea4
df3ea4
Group:		System Environment/Base
df3ea4
License:	Public Domain
df3ea4
URL:		https://github.com/OpenSCAP/scap-security-guide
df3ea4
Source0:	%{name}-%{version}.tar.bz2
df3ea4
Patch1:		scap-security-guide-0.1.33-update-upstream-manual-page.patch
df3ea4
Patch2:		scap-security-guide-0.1.37-add-disa-stig-rule-id.patch
df3ea4
Patch3:     scap-security-guide-0.1.37-disable-check-libexec_ownership.patch
df3ea4
Patch4:     scap-security-guide-0.1.37-fix-title.patch
df3ea4
Patch5:     scap-security-guide-0.1.37-Deprecate-RhostsRSAAuthentication.patch
df3ea4
Patch6:     scap-security-guide-0.1.37-fix-umask_for_daemons.patch
df3ea4
Patch7:     scap-security-guide-0.1.37-fix-sshd_required-unset.patch
df3ea4
Patch8:     scap-security-guide-0.1.37-fix-missing-bash-remediation-include.patch
df3ea4
Patch9:     scap-security-guide-0.1.37-fix-srg-table-empty-column.path
df3ea4
Patch10:    scap-security-guide-0.1.38-fix-reference-to-pam-config-manual.patch
71d622
Patch11:    scap-security-guide-0.1.38-aide-scan-email-notification.patch
71d622
Patch12:    scap-security-guide-0.1.39-fix-failing-rules-for-PCI-DSS-DISA-UGSCB.patch
71d622
Patch13:    scap-security-guide-0.1.38-audit-kernel-module-loading.patch
71d622
Patch14:    scap-security-guide-0.1.37-fix-aide-scan-email-notification-remediation.patch
5b3ad7
Patch15:    scap-security-guide-0.1.37-fix-local_d_typos.patch
5b3ad7
Patch16:    scap-security-guide-0.1.37-fix-rhel7-ansible-role.patch
5b3ad7
Patch17:    scap-security-guide-0.1.40-fix-login_d_umask.patch
5b3ad7
Patch18:    scap-security-guide-0.1.40-fix-login_d_umask-2.patch
df3ea4
BuildArch:	noarch
df3ea4
df3ea4
BuildRequires:	libxslt, expat, python, openscap-scanner >= 1.2.5, python-lxml, cmake >= 2.8
df3ea4
Requires:	xml-common, openscap-scanner >= 1.2.5
df3ea4
df3ea4
%description
df3ea4
The scap-security-guide project provides a guide for configuration of the
df3ea4
system from the final system's security point of view. The guidance is
df3ea4
specified in the Security Content Automation Protocol (SCAP) format and
df3ea4
constitutes a catalog of practical hardening advice, linked to government
df3ea4
requirements where applicable. The project bridges the gap between generalized
df3ea4
policy requirements and specific implementation guidelines. The Red Hat
df3ea4
Enterprise Linux 7 system administrator can use the oscap command-line tool
df3ea4
from the openscap-utils package to verify that the system conforms to provided
df3ea4
guideline. Refer to scap-security-guide(8) manual page for further information.
df3ea4
df3ea4
%package	doc
df3ea4
Summary:	HTML formatted documents containing security guides generated from XCCDF benchmarks.
df3ea4
Group:		System Environment/Base
df3ea4
Requires:	%{name} = %{version}-%{release}
df3ea4
df3ea4
%description	doc
df3ea4
The %{name}-doc package contains HTML formatted documents containing security guides that have
df3ea4
been generated from XCCDF benchmarks present in %{name} package.
df3ea4
df3ea4
%prep
df3ea4
%setup -q -n %{name}-%{version}
df3ea4
# Update manual page to drop the part dedicated to Fedora content
df3ea4
%patch1 -p1 -b .man_page_update
df3ea4
%patch2 -p1 -b .add_disa_stig_rule_id
df3ea4
# patch2 introduces a script that build system needs to execute
df3ea4
chmod u+x shared/utils/add_stig_references.py
df3ea4
mkdir build
df3ea4
# Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1523809
df3ea4
# Taken from https://github.com/OpenSCAP/scap-security-guide/pull/2479
df3ea4
%patch3 -p1 -b .libexec_ownership
df3ea4
# Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1521081
df3ea4
# Taken from https://github.com/OpenSCAP/scap-security-guide/pull/2481
df3ea4
%patch4 -p1 -b .title
df3ea4
# Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1523827
df3ea4
# Taken from https://github.com/OpenSCAP/scap-security-guide/pull/2480
df3ea4
%patch5 -p1 -b .RhostsRSAAuthentication
df3ea4
# Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1520493
df3ea4
# Taken from https://github.com/OpenSCAP/scap-security-guide/pull/2476
df3ea4
%patch6 -p1 -b .umask_for_daemons
df3ea4
%patch7 -p1 -b .sshd_required_unset
df3ea4
%patch8 -p1 -b .bash_remediation_include
df3ea4
%patch9 -p1 -b .srg_table_column_empty
df3ea4
%patch10 -p1 -b .reference_pam_config
71d622
# Fix from https://github.com/OpenSCAP/scap-security-guide/pull/2599
71d622
%patch11 -p1 -b .aide_email_notification
71d622
%patch12 -p1 -b .fix_failing_rules
71d622
%patch13 -p1 -b .audit_kernel_module
71d622
%patch14 -p1 -b .aide_notification_remediation
5b3ad7
# Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1592887
5b3ad7
%patch15 -p1 -b .ansible_local_d_typos
5b3ad7
# Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1592970
5b3ad7
%patch16 -p1 -b .ansible_roles_patch
5b3ad7
# Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1592957
5b3ad7
%patch17 -p1 -b .ansible_login_defs_umask_patch
5b3ad7
%patch18 -p1 -b .ansible_login_defs_umask_patch-2
df3ea4
df3ea4
%build
5b3ad7
5b3ad7
# chmod is because of patches 17, 18 that strip the executable permission of this file.
5b3ad7
chmod a+x shared/utils/combine-remediations.py
df3ea4
cd build
df3ea4
%cmake -D CMAKE_INSTALL_DOCDIR=%{_pkgdocdir} \
df3ea4
-DSSG_PRODUCT_CHROMIUM:BOOL=OFF \
df3ea4
-DSSG_PRODUCT_DEBIAN8:BOOL=OFF \
df3ea4
-DSSG_PRODUCT_FEDORA:BOOL=OFF \
df3ea4
-DSSG_PRODUCT_JBOSS_EAP6:BOOL=OFF \
df3ea4
-DSSG_PRODUCT_JBOSS_FUSE6:BOOL=OFF \
df3ea4
-DSSG_PRODUCT_OCP3:BOOL=OFF \
df3ea4
-DSSG_PRODUCT_OPENSUSE:BOOL=OFF \
df3ea4
-DSSG_PRODUCT_OSP7:BOOL=OFF \
df3ea4
-DSSG_PRODUCT_RHEV3:BOOL=OFF \
df3ea4
-DSSG_PRODUCT_SUSE11:BOOL=OFF \
df3ea4
-DSSG_PRODUCT_SUSE12:BOOL=OFF \
df3ea4
-DSSG_PRODUCT_UBUNTU14:BOOL=OFF \
df3ea4
-DSSG_PRODUCT_UBUNTU16:BOOL=OFF \
df3ea4
-DSSG_PRODUCT_WRLINUX:BOOL=OFF \
df3ea4
-DSSG_PRODUCT_WEBMIN:BOOL=OFF \
df3ea4
-DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF \
df3ea4
-DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF ../
df3ea4
make %{?_smp_mflags}
df3ea4
df3ea4
%install
df3ea4
cd build
df3ea4
%make_install
df3ea4
df3ea4
%files
df3ea4
%defattr(-,root,root,-)
df3ea4
%{_datadir}/xml/scap
df3ea4
%{_datadir}/%{name}
df3ea4
%lang(en) %{_mandir}/man8/scap-security-guide.8.gz
df3ea4
%doc LICENSE
df3ea4
%doc Contributors.md
df3ea4
%doc README.md
df3ea4
%doc DISCLAIMER
df3ea4
# All files installed by cmake are automatically include in main package
df3ea4
# We exclude the guides to here add them in doc package
df3ea4
%exclude %{_pkgdocdir}/guides/
df3ea4
df3ea4
%files doc
df3ea4
%defattr(-,root,root,-)
df3ea4
%doc build/guides/ssg-*-guide-*.html
df3ea4
df3ea4
%changelog
5b3ad7
* Wed Jun 27 2018 Matěj Týč <matyc@redhat.com> - 0.1.36-10
5b3ad7
- Fix local/d typos in Ansible remediation (RHBZ#1592887)
5b3ad7
- Fix Ansible remediation of SELinux policies (RHBZ#1592970)
5b3ad7
- Fix Ansible remediation of login.defs umask (RHBZ#1592957)
5b3ad7
71d622
* Fri Apr 27 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.36-9
71d622
- Fix remediation of AIDE notification (RHBZ#1571315)
71d622
71d622
* Wed Apr 25 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.36-8
71d622
- Allow AIDE to notify other emails than only root (RHBZ#1571315)
71d622
- Fix some failing rules from profiles PCI-DSS, DISA STIG and USGCB (RHBZ#1571312)
71d622
- Fix kernel module loading rules (RHBZ#1571319)
71d622
df3ea4
* Mon Jan 08 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.36-7
df3ea4
- Fix sshd_required unset (RHBZ#1522956)
df3ea4
- Fix missing bash remediation functions include (RHBZ#1524738)
df3ea4
- Fix empty columns in SRG HTML Table (RHBZ#1531105)
df3ea4
- Fix reference to oudated PAM config manual (RHBZ#1447760)
df3ea4
df3ea4
* Tue Dec 12 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.1.36-6
df3ea4
- Rebuild with OpenSCAP 1.2.16
df3ea4
df3ea4
* Mon Dec 11 2017 Matěj Týč <matyc@redhat.com> - 0.1.36-5
df3ea4
- Patched not to check library ownership in libexec.
df3ea4
- Patched to fix title of DISA STIG profile.
df3ea4
- Patched to deprecate RhostsRSAAuthentication.
df3ea4
- Patched to fix umask_for_daemons.
df3ea4
df3ea4
* Thu Nov 16 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.1.36-4
df3ea4
- Rebuild with OpenSCAP 1.2.16
df3ea4
df3ea4
* Tue Nov 14 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.1.36-3
df3ea4
- Add DISA STIG Rule IDs to XCCDF Rules with STIGID
df3ea4
df3ea4
* Fri Nov 03 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.1.36-2
df3ea4
- Fix configuration to not build new products introduced in upstream
df3ea4
df3ea4
* Fri Nov 03 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.1.36-1
df3ea4
- Update to upstream release 0.1.36
df3ea4
- Introduction of SCAP Security Guide Test Suite
df3ea4
- Better alignment of RHEL6 and RHEL7 with DISA STIG
df3ea4
- Remove JBoss EAP5 content due to being End-of-Life
df3ea4
- New STIG Profile for JBOSS EAP 6
df3ea4
- Updates in C2S Profile for RHEL 7
df3ea4
- Variables can be directly tailored in Ansible roles
df3ea4
- Content presents less false positives in containers
df3ea4
- Changes in directory layout
df3ea4
df3ea4
* Wed Sep 20 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.1.35-2
df3ea4
- Do not build content for JBOSS EAP6
df3ea4
df3ea4
* Wed Sep 20 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.1.35-1
df3ea4
- Update to upstream release 0.1.35
df3ea4
- Remove Red Hat Enterprise Linux 5 content due to being End-of-Life March 31, 2017
df3ea4
- Added several templates for OVAL checks
df3ea4
- Many optimizations in build process
df3ea4
- Different title for PCI-DSS Benchmark variants
df3ea4
- Remediation roles moved to /usr/share/scap-security
df3ea4
- Fix duplicated roles and guides (RHBZ#1465691)
df3ea4
df3ea4
* Tue Sep 19 2017 Watson Sato <wsato@redhat.com> 0.1.33-6
df3ea4
- Dropped remediation that makes system not accessible by SSH (RHBZ#1478414)
df3ea4
df3ea4
* Wed Jun 14 2017 Watson Sato <wsato@redhat.com> 0.1.33-5
df3ea4
- Fix Anaconda Smartcard auth remediation (RHBZ#1461330)
df3ea4
df3ea4
* Fri May 19 2017 Watson Sato <wsato@redhat.com> 0.1.33-4
df3ea4
- Fix specfile to not include tables twice
df3ea4
df3ea4
* Fri May 19 2017 Watson Sato <wsato@redhat.com> 0.1.33-3
df3ea4
- Fix malformed title of profile nist-800-171-cui
df3ea4
df3ea4
* Fri May 19 2017 Watson Sato <wsato@redhat.com> 0.1.33-2
df3ea4
- Fix emtpy ospp-rhel7 table
df3ea4
- Fix Anaconda remediation templates (RHBZ#1450731)
df3ea4
df3ea4
* Mon May 01 2017 Watson Sato <wsato@redhat.com> 0.1.33-1
df3ea4
- Update to upstream version 0.1.33
df3ea4
- DISA RHEL7 STIG profile alignment improved
df3ea4
- Introduction of remediation roles
df3ea4
- RPM and DEB test packages are built by CMake with CPack
df3ea4
- Lots of remediation fixes
df3ea4
df3ea4
* Tue Mar 28 2017 Watson Sato <wsato@redhat.com> 0.1.32-1
df3ea4
- Update to upstream version 0.1.32
df3ea4
- New CMake build system
df3ea4
- Improved NIST 800-171 profile
df3ea4
- Initial RHVH profile
df3ea4
- New CPE to identify systems like machines (bare-metal and VM) and containers (image and container)
df3ea4
- Template clean up in lots of remediations
df3ea4
df3ea4
* Fri Mar 10 2017 Watson Sato <wsato@redhat.com> 0.1.30-6
df3ea4
- Ship separate OCIL definitions for Red Hat Enterprise Linux 7 (RHBZ#1428144)
df3ea4
df3ea4
* Tue Feb 14 2017 Watson Sato <wsato@redhat.com> 0.1.30-5
df3ea4
- Fix template remediation function used by SSHD remediation
df3ea4
- Reduce scope of patch that fixes SSHD remediation (RH BZ#1415152)
df3ea4
df3ea4
* Tue Jan 31 2017 Watson Sato <wsato@redhat.com> 0.1.30-4
df3ea4
- Correct remediation for SSHD which caused it not to start (RH BZ#1415152)
df3ea4
df3ea4
* Wed Aug 10 2016 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.30-3
df3ea4
- Correct the remediation script for 'Enable Smart Card Login' rule
df3ea4
  for Red Hat Enterprise Linux 7 (RH BZ#1357019)
df3ea4
df3ea4
* Thu Jul 14 2016 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.30-2
df3ea4
- Fix issue of two STIG profiles for Red Hat Enterprise Linux 6 benchmark
df3ea4
  having the identical title (RH BZ#1351541)
df3ea4
- Enhance the shared OVAL check for 'Set Deny For Failed Password Attempts'
df3ea4
  rule and also Red Hat Enterprise Linux 7 OVAL check for 'Configure the root
df3ea4
  Account for Failed Password Attempts' rule to report correct system status
df3ea4
  WRT to these requirements also in the case the SSSD daemon is used
df3ea4
  (RH BZ#1344581)
df3ea4
- Include currently available kickstart files and produced HTML tables for
df3ea4
  Red Hat Enterprise Linux 6 and 7 products into the produced RPM package
df3ea4
  (RH BZ#1351751)
df3ea4
df3ea4
* Wed Jun 22 2016 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.30-1
df3ea4
- Update to upstream's 0.1.30 release:
df3ea4
  https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.30
df3ea4
  (RH BZ#1289533)
df3ea4
- Drop remediation functions library since starting from 0.1.30 release
df3ea4
  remediation scripts are part of the benchmarks directly
df3ea4
- Drop three patches that have been accepted upstream in the meantime
df3ea4
- Update drop-rpm-verify-permissions-rule patch to work properly against
df3ea4
  0.1.30 release
df3ea4
df3ea4
* Fri Oct 02 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.25-3
df3ea4
- Drop "Verify and Correct File Permissions with RPM" rule from the PCI-DSS
df3ea4
  profile for Red Hat Enterprise Linux 7 (RH BZ#1267861)
df3ea4
df3ea4
* Wed Sep 09 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.25-2
df3ea4
- Update R and BR for the openscap-scanner package to 1.2.5 per RHBZ#1202762#c7
df3ea4
df3ea4
* Wed Aug 19 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.25-1
df3ea4
- Rebase to upstream 0.1.25 release
df3ea4
df3ea4
* Tue Aug 04 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.24-4
df3ea4
- Fix false-positive in OVAL check for 'accounts_passwords_pam_faillock_deny'
df3ea4
  rule
df3ea4
df3ea4
* Mon Aug 03 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.24-3
df3ea4
- Add remediation script for 'accounts_passwords_pam_faillock_unlock_time' rule
df3ea4
  for Red Hat Enterprise Linux 7 product
df3ea4
- Override title and description for all existing profiles for Red Hat
df3ea4
  Enterprise Linux 6 product that are extending another SCAP profile
df3ea4
  (RHBZ#1246529)
df3ea4
- Correct various issues in the included Oscap Anaconda Addon PCI-DSS profile
df3ea4
  kickstart file for Red Hat Enterprise Linux 7 product
df3ea4
- Add remediation script for 'audit_rules_time_clock_settime' rule for
df3ea4
  Red Hat Enterprise Linux 7 product
df3ea4
- Add remediation scripts for 'audit_rules_time_adjtimex',
df3ea4
  'audit_rules_time_settimeofday', and 'audit_rules_time_stime' rules for
df3ea4
  Red Hat Enterprise Linux 7 product
df3ea4
- Tag current PCI-DSS profile for Red Hat Enterprise Linux 7 product with
df3ea4
  "Draft" label
df3ea4
- Disable the following rules in the PCI-DSS profile for the Red Hat Enterprise
df3ea4
  Linux 7 product:
df3ea4
  * dconf_gnome_screensaver_idle_delay -- missing remediation script,
df3ea4
  * dconf_gnome_screensaver_idle_activation -- missing remediation script,
df3ea4
  * dconf_gnome_screensaver_lock_enabled -- missing remediation script,
df3ea4
  * audit_rules_login_events -- incorrect OVAL check (upstream issue #607),
df3ea4
  * audit_rules_privileged_commands -- missing remediation script, and
df3ea4
  * audit_rules_immutable -- missing remediation script.
df3ea4
df3ea4
* Mon Aug 03 2015 Martin Preisler <mpreisle@redhat.com> 0.1.24-2
df3ea4
- Break-down firewalld rule description for Red Hat Enterprise Linux 7 product
df3ea4
  into multiple lines, prevents HTML guide UX issues
df3ea4
df3ea4
* Tue Jul 07 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.24-1
df3ea4
- Rebase to upstream scap-security-guide-0.1.24 version
df3ea4
- Start producing the -doc subpackage to provide the HTML formatted
df3ea4
  documents containing security guides generated from shipped XCCDF benchmarks
df3ea4
df3ea4
* Mon Jun 22 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.23-1
df3ea4
- Rebase to upstream scap-security-guide-0.1.23 version
df3ea4
- Update upstream tarball source URL to GitHub archive location
df3ea4
- Drop the following patches that have been accepted upstream:
df3ea4
  * scap-security-guide-0.1.19-rhel7-include-only-rht-ccp-profile.patch
df3ea4
  * scap-security-guide-0.1.19-rhel7-drop-restorecond-since-in-optional.patch
df3ea4
  * scap-security-guide-0.1.19-update-man-page-for-rhel7-content.patch
df3ea4
  * scap-security-guide-0.1.19-rhel7-update-pam-XCCDF-to-use-pam_pwquality.patch
df3ea4
  * scap-security-guide-0.1.20-rhel7-shared-fix-limit-password-reuse-remediation.patch
df3ea4
  * scap-security-guide-0.1.20-rhel6-rhel7-PR#280-set-deny-prerequisite-#1.patch
df3ea4
  * scap-security-guide-0.1.20-rhel6-rhel7-set-deny-prerequisite-#2.patch
df3ea4
  * scap-security-guide-0.1.20-shared-fix-set-deny-for-failed-password-attempts-remediation.patch
df3ea4
  * scap-security-guide-0.1.20-rhel7-specify-exact-profile-name-when-generating-guide.patch
df3ea4
- Include the datastream versions of Firefox and Java Runtime Environment (JRE) benchmarks
df3ea4
- Include USGCB and DISA STIG profile kickstart files for Red Hat Enterprise Linux 6
df3ea4
df3ea4
* Tue Oct 21 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.19-2
df3ea4
- Fix Limit Password Reuse remediation script error
df3ea4
- Fix Set Deny For Failed Password Attempts remediation script error
df3ea4
- Use RHT-CCP profile name when generating HTML guide
df3ea4
- Describe RHT-CCP profile in the manual page
df3ea4
df3ea4
* Mon Sep 29 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.19-1
df3ea4
- Include RHEL-7 content (RHT-CCP profile only)
df3ea4
- Drop RHEL-7 restorecond XCCDF rule since policycoreutils-restorecond in Optional channel
df3ea4
- Drop RHEL-7 cpuspeed XCCDF rule since obsoleted by cpupower from kernel-tools
df3ea4
- Update manual page to be more appropriate for RHEL-7
df3ea4
- Drop RHEL-6 C2S profile update patch since merged upstream
df3ea4
df3ea4
* Tue Sep 02 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.18-4
df3ea4
- Initial build for Red Hat Enterprise Linux 7
df3ea4
df3ea4
* Thu Aug 28 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.18-3
df3ea4
- Update C2S profile <description> per request from CIS
df3ea4
df3ea4
* Thu Jun 26 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.18-2
df3ea4
- Include the upstream STIG for RHEL 6 Server profile disclaimer file too
df3ea4
df3ea4
* Sun Jun 22 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.18-1
df3ea4
- Make new 0.1.18 release
df3ea4
df3ea4
* Wed May 14 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.17-2
df3ea4
- Drop vendor line from the spec file. Let the build system to provide it.
df3ea4
df3ea4
* Fri May 09 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.17-1
df3ea4
- Upgrade to upstream 0.1.17 version
df3ea4
df3ea4
* Mon May 05 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.16-2
df3ea4
- Initial RPM for RHEL base channels
df3ea4
df3ea4
* Mon May 05 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.16-1
df3ea4
- Change naming scheme (0.1-16 => 0.1.16-1)
df3ea4
df3ea4
* Fri Feb 21 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-16
df3ea4
- Include datastream file into RHEL6 RPM package too
df3ea4
- Bump version
df3ea4
df3ea4
* Tue Dec 24 2013 Shawn Wells <shawn@redhat.com> 0.1-16.rc2
df3ea4
+ RHEL6 stig-rhel6-server XCCDF profile renamed to stig-rhel6-server-upstream
df3ea4
df3ea4
* Mon Dec 23 2013 Shawn Wells <shawn@redhat.com> 0.1-16.rc1
df3ea4
- [bugfix] RHEL6 no_empty_passwords remediation script overwrote
df3ea4
  system-auth symlink. Added --follow-symlink to sed command.
df3ea4
df3ea4
* Fri Nov 01 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-15
df3ea4
- Version bump
df3ea4
df3ea4
* Sat Oct 26 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-15.rc5
df3ea4
- Point the spec's source to proper remote tarball location
df3ea4
- Modify the main Makefile to use remote tarball when building RHEL/6's SRPM
df3ea4
df3ea4
* Sat Oct 26 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-15.rc4
df3ea4
- Don't include the table html files two times
df3ea4
- Remove makewhatis
df3ea4
df3ea4
* Fri Oct 25 2013 Shawn Wells <shawn@redhat.com> 0.1-15.rc3
df3ea4
- [bugfix] Updated rsyslog_remote_loghost to scan /etc/rsyslog.conf and /etc/rsyslog.d/*
df3ea4
- Numberous XCCDF->OVAL naming schema updates
df3ea4
- All rules now have CCE
df3ea4
df3ea4
* Fri Oct 25 2013 Shawn Wells <shawn@redhat.com> 0.1-15.rc2
df3ea4
- RHEL/6 HTML table naming bugfixes (table-rhel6-*, not table-*-rhel6)
df3ea4
df3ea4
* Fri Oct 25 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-15.rc1
df3ea4
- Apply spec file changes required by review request (RH BZ#1018905)
df3ea4
df3ea4
* Thu Oct 24 2013 Shawn Wells <shawn@redhat.com> 0.1-14
df3ea4
- Formal RPM release
df3ea4
- Inclusion of rht-ccp profile
df3ea4
- OVAL unit testing patches
df3ea4
- Bash remediation patches
df3ea4
- Bugfixes
df3ea4
df3ea4
* Mon Oct 07 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-14.rc1
df3ea4
- Change RPM versioning scheme to include release into tarball
df3ea4
df3ea4
* Sat Sep 28 2013 Shawn Wells <shawn@redhat.com> 0.1-13
df3ea4
- Updated RPM spec file to fix rpmlint warnings
df3ea4
df3ea4
* Wed Jun 26 2013 Shawn Wells <shawn@redhat.com> 0.1-12
df3ea4
- Updated RPM version to 0.1-12
df3ea4
df3ea4
* Fri Apr 26 2013 Shawn Wells <shawn@redhat.com> 0.1-11
df3ea4
- Significant amount of OVAL bugfixes
df3ea4
- Incorporation of Draft RHEL/6 STIG feedback
df3ea4
df3ea4
* Sat Feb 16 2013 Shawn Wells <shawn@redhat.com> 0.1-10
df3ea4
- `man scap-security-guide`
df3ea4
- OVAL bug fixes
df3ea4
- NIST 800-53 mappings update
df3ea4
df3ea4
* Wed Nov 28 2012 Shawn Wells <shawn@redhat.com> 0.1-9
df3ea4
- Updated BuildRequires to reflect python-lxml (thank you, Ray S.!)
df3ea4
- Reverting to noarch RPM
df3ea4
df3ea4
* Tue Nov 27 2012 Shawn Wells <shawn@redhat.com> 0.1-8
df3ea4
- Significant copy editing to XCCDF rules per community
df3ea4
  feedback on the DISA RHEL/6 STIG Initial Draft
df3ea4
df3ea4
* Thu Nov 1 2012 Shawn Wells <shawn@redhat.com> 0.1-7
df3ea4
- Corrected XCCDF content errors
df3ea4
- OpenSCAP now supports CPE dictionaries, important to
df3ea4
  utilize --cpe-dict when scanning machines with OpenSCAP,
df3ea4
  e.g.:
df3ea4
  $ oscap xccdf eval --profile stig-server \
df3ea4
   --cpe-dict ssg-rhel6-cpe-dictionary.xml ssg-rhel6-xccdf.xml
df3ea4
df3ea4
* Mon Oct 22 2012 Shawn Wells <shawn@redhat.com> 0.1-6
df3ea4
- Corrected RPM versioning, we're on 0.1 release 6 (not version 1 release 6)
df3ea4
- Updated RPM includes feedback received from DoD Consensus meetings
df3ea4
df3ea4
* Fri Oct 5  2012 Jeffrey Blank <blank@eclipse.ncsc.mil> 1.0-5
df3ea4
- Adjusted installation directory to /usr/share/xml/scap.
df3ea4
df3ea4
* Tue Aug 28  2012 Spencer Shimko <sshimko@tresys.com> 1.0-4
df3ea4
- Fix BuildRequires and Requires.
df3ea4
df3ea4
* Tue Jul 3 2012 Jeffrey Blank <blank@eclipse.ncsc.mil> 1.0-3
df3ea4
- Modified install section, made description more concise.
df3ea4
df3ea4
* Thu Apr 19 2012 Spencer Shimko <sshimko@tresys.com> 1.0-2
df3ea4
- Minor updates to pass some variables in from build system.
df3ea4
df3ea4
* Mon Apr 02 2012 Shawn Wells <shawn@redhat.com> 1.0-1
df3ea4
- First attempt at SSG RPM. May ${deity} help us...