|
|
f04235 |
%global redhatssgversion 30
|
|
|
2b7b16 |
|
|
|
2b7b16 |
Name: scap-security-guide
|
|
|
2b7b16 |
Version: 0.1.%{redhatssgversion}
|
|
|
7a35c8 |
Release: 5%{?dist}
|
|
|
2b7b16 |
Summary: Security guidance and baselines in SCAP formats
|
|
|
2b7b16 |
|
|
|
2b7b16 |
Group: System Environment/Base
|
|
|
2b7b16 |
License: Public Domain
|
|
|
fa25b6 |
URL: https://github.com/OpenSCAP/scap-security-guide
|
|
|
fa25b6 |
Source0: %{name}-%{version}.tar.gz
|
|
|
f04235 |
Patch1: scap-security-guide-0.1.25-update-upstream-manual-page.patch
|
|
|
f04235 |
Patch2: scap-security-guide-0.1.30-downstream-rhel7-pci-dss-drop-rpm-verify-permissions-rule.patch
|
|
|
f04235 |
Patch3: scap-security-guide-0.1.30-rhbz#1351541.patch
|
|
|
f04235 |
Patch4: scap-security-guide-0.1.30-rhbz#1344581.patch
|
|
|
f04235 |
Patch5: scap-security-guide-0.1.30-rhbz#1351751.patch
|
|
|
f04235 |
Patch6: scap-security-guide-0.1.30-downstream-rhbz#1357019.patch
|
|
|
7a35c8 |
Patch7: scap-security-guide-0.1.30-zstream-rhbz#1415152.patch
|
|
|
2b7b16 |
BuildArch: noarch
|
|
|
2b7b16 |
|
|
|
fa25b6 |
BuildRequires: libxslt, expat, python, openscap-scanner >= 1.2.5, python-lxml
|
|
|
fa25b6 |
Requires: xml-common, openscap-scanner >= 1.2.5
|
|
|
2b7b16 |
|
|
|
2b7b16 |
%description
|
|
|
2b7b16 |
The scap-security-guide project provides a guide for configuration of the
|
|
|
2b7b16 |
system from the final system's security point of view. The guidance is
|
|
|
2b7b16 |
specified in the Security Content Automation Protocol (SCAP) format and
|
|
|
2b7b16 |
constitutes a catalog of practical hardening advice, linked to government
|
|
|
2b7b16 |
requirements where applicable. The project bridges the gap between generalized
|
|
|
2b7b16 |
policy requirements and specific implementation guidelines. The Red Hat
|
|
|
2b7b16 |
Enterprise Linux 7 system administrator can use the oscap command-line tool
|
|
|
2b7b16 |
from the openscap-utils package to verify that the system conforms to provided
|
|
|
2b7b16 |
guideline. Refer to scap-security-guide(8) manual page for further information.
|
|
|
2b7b16 |
|
|
|
fa25b6 |
%package doc
|
|
|
fa25b6 |
Summary: HTML formatted documents containing security guides generated from XCCDF benchmarks.
|
|
|
fa25b6 |
Group: System Environment/Base
|
|
|
fa25b6 |
Requires: %{name} = %{version}-%{release}
|
|
|
fa25b6 |
|
|
|
fa25b6 |
%description doc
|
|
|
fa25b6 |
The %{name}-doc package contains HTML formatted documents containing security guides that have
|
|
|
fa25b6 |
been generated from XCCDF benchmarks present in %{name} package.
|
|
|
fa25b6 |
|
|
|
2b7b16 |
%prep
|
|
|
2b7b16 |
%setup -q -n %{name}-%{version}
|
|
|
fa25b6 |
# Update manual page to drop the part dedicated to Fedora content
|
|
|
f04235 |
%patch1 -p1 -b .man_page_update
|
|
|
fa25b6 |
# Temporarily drop "Verify and Correct File Permissions with RPM"
|
|
|
fa25b6 |
# rule from RHEL-7's PCI-DSS profile (RH BZ#1267861)
|
|
|
f04235 |
%patch2 -p1 -b .rhel7_pcidss_drop_rpm_verify_permissions_rule
|
|
|
f04235 |
# Fix for RHBZ#1351541
|
|
|
f04235 |
%patch3 -p1 -b .rhbz#1351541
|
|
|
f04235 |
# Fix for RHBZ#1344581
|
|
|
f04235 |
%patch4 -p1 -b .rhbz#1344581
|
|
|
f04235 |
# Fix for RHBZ#1351751
|
|
|
f04235 |
%patch5 -p1 -b .rhbz#1351751
|
|
|
f04235 |
# Downstream fix for RHBZ#1357019 (slightly differs from upstream
|
|
|
f04235 |
# https://patch-diff.githubusercontent.com/raw/OpenSCAP/scap-security-guide/pull/1388.patch
|
|
|
f04235 |
# version because 'smartcard-auth.sh' remediation in upstream got moved
|
|
|
f04235 |
# to different location already). The rest of the change (except the path)
|
|
|
f04235 |
# is identical with upstream form
|
|
|
f04235 |
%patch6 -p1 -b .rhbz#1357019
|
|
|
7a35c8 |
# Z-stream fix for RHBZ#1415152
|
|
|
7a35c8 |
# Patch consists of upstream
|
|
|
7a35c8 |
# https://patch-diff.githubusercontent.com/raw/OpenSCAP/scap-security-guide/pull/1555.diff
|
|
|
7a35c8 |
# and modified version of upstream
|
|
|
7a35c8 |
# https://patch-diff.githubusercontent.com/raw/OpenSCAP/scap-security-guide/pull/1471.diff
|
|
|
7a35c8 |
# Patch for PR 1471 was modified to remove unrelated changes, and remediations files got
|
|
|
7a35c8 |
# moved to different location. Also, changes in 'sshd_use_approved_macs.sh' are slightly
|
|
|
7a35c8 |
# different due to commit c6730b867f6760b94ec193e95484a16054b27f48a).
|
|
|
7a35c8 |
%patch7 -p1 -b .rhbz#1415152
|
|
|
ee8600 |
|
|
|
2b7b16 |
%build
|
|
|
2b7b16 |
(cd RHEL/7 && make dist)
|
|
|
fa25b6 |
(cd RHEL/6 && make dist)
|
|
|
fa25b6 |
(cd Firefox && make dist)
|
|
|
fa25b6 |
(cd JRE && make dist)
|
|
|
2b7b16 |
|
|
|
2b7b16 |
%install
|
|
|
2b7b16 |
|
|
|
2b7b16 |
mkdir -p %{buildroot}%{_datadir}/xml/scap/ssg/content
|
|
|
2b7b16 |
mkdir -p %{buildroot}%{_mandir}/en/man8/
|
|
|
2b7b16 |
|
|
|
2b7b16 |
# Add in RHEL-7 core content (SCAP)
|
|
|
fa25b6 |
cp -a RHEL/7/dist/content/ssg-rhel7-cpe-dictionary.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/
|
|
|
fa25b6 |
cp -a RHEL/7/dist/content/ssg-rhel7-cpe-oval.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/
|
|
|
7a35c8 |
cp -a RHEL/7/dist/content/ssg-rhel7-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/
|
|
|
fa25b6 |
cp -a RHEL/7/dist/content/ssg-rhel7-oval.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/
|
|
|
7a35c8 |
cp -a RHEL/7/dist/content/ssg-rhel7-xccdf.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/
|
|
|
2b7b16 |
|
|
|
2b7b16 |
# Add in RHEL-6 datastream (SCAP)
|
|
|
7a35c8 |
cp -a RHEL/6/dist/content/ssg-rhel6-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content
|
|
|
2b7b16 |
|
|
|
fa25b6 |
# Add in Firefox datastream (SCAP)
|
|
|
fa25b6 |
cp -a Firefox/dist/content/ssg-firefox-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content
|
|
|
fa25b6 |
|
|
|
fa25b6 |
# Add in Java Runtime Environment (JRE) datastream (SCAP)
|
|
|
fa25b6 |
cp -a JRE/dist/content/ssg-jre-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content
|
|
|
fa25b6 |
|
|
|
f04235 |
# Add in currently available kickstart files
|
|
|
fa25b6 |
mkdir -p %{buildroot}%{_datadir}/%{name}/kickstart
|
|
|
f04235 |
cp -a RHEL/6/kickstart/*-ks.cfg %{buildroot}%{_datadir}/%{name}/kickstart
|
|
|
f04235 |
cp -a RHEL/7/kickstart/*-ks.cfg %{buildroot}%{_datadir}/%{name}/kickstart
|
|
|
fa25b6 |
|
|
|
2b7b16 |
# Add in manpage
|
|
|
fa25b6 |
cp -a docs/scap-security-guide.8 %{buildroot}%{_mandir}/en/man8/scap-security-guide.8
|
|
|
2b7b16 |
|
|
|
2b7b16 |
%files
|
|
|
2b7b16 |
%defattr(-,root,root,-)
|
|
|
2b7b16 |
%{_datadir}/xml/scap
|
|
|
fa25b6 |
%{_datadir}/%{name}
|
|
|
2b7b16 |
%lang(en) %{_mandir}/en/man8/scap-security-guide.8.gz
|
|
|
f04235 |
%doc RHEL/6/dist/tables/*.html
|
|
|
f04235 |
%doc RHEL/6/dist/tables/*.xhtml
|
|
|
f04235 |
%doc RHEL/7/dist/tables/*.html
|
|
|
f04235 |
%doc RHEL/7/dist/tables/*.xhtml
|
|
|
f04235 |
%doc ./LICENSE
|
|
|
f04235 |
%doc RHEL/6/input/auxiliary/DISCLAIMER
|
|
|
fa25b6 |
|
|
|
fa25b6 |
%files doc
|
|
|
fa25b6 |
%defattr(-,root,root,-)
|
|
|
7a35c8 |
%doc RHEL/6/output/ssg-rhel6-guide-*.html
|
|
|
7a35c8 |
%doc RHEL/7/output/ssg-rhel7-guide-*.html
|
|
|
f04235 |
%doc JRE/output/ssg-jre-guide-*.html
|
|
|
f04235 |
%doc Firefox/output/ssg-firefox-guide-*.html
|
|
|
2b7b16 |
|
|
|
2b7b16 |
%changelog
|
|
|
7a35c8 |
* Tue Feb 14 2017 Watson Sato <wsato@redhat.com> 0.1.30-5
|
|
|
7a35c8 |
- Fix template remediation function used by SSHD remediation
|
|
|
7a35c8 |
- Reduce scope of patch that fixes SSHD remediation (RH BZ#1415152)
|
|
|
ee8600 |
|
|
|
7a35c8 |
* Tue Jan 31 2017 Jan Watson Sato <wsato@redhat.com> 0.1.30-4
|
|
|
7a35c8 |
- Correct remediation for SSHD which caused it not to start (RH BZ#1415152)
|
|
|
ee8600 |
|
|
|
f04235 |
* Wed Aug 10 2016 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.30-3
|
|
|
f04235 |
- Correct the remediation script for 'Enable Smart Card Login' rule
|
|
|
f04235 |
for Red Hat Enterprise Linux 7 (RH BZ#1357019)
|
|
|
f04235 |
|
|
|
f04235 |
* Thu Jul 14 2016 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.30-2
|
|
|
f04235 |
- Fix issue of two STIG profiles for Red Hat Enterprise Linux 6 benchmark
|
|
|
f04235 |
having the identical title (RH BZ#1351541)
|
|
|
f04235 |
- Enhance the shared OVAL check for 'Set Deny For Failed Password Attempts'
|
|
|
f04235 |
rule and also Red Hat Enterprise Linux 7 OVAL check for 'Configure the root
|
|
|
f04235 |
Account for Failed Password Attempts' rule to report correct system status
|
|
|
f04235 |
WRT to these requirements also in the case the SSSD daemon is used
|
|
|
f04235 |
(RH BZ#1344581)
|
|
|
f04235 |
- Include currently available kickstart files and produced HTML tables for
|
|
|
f04235 |
Red Hat Enterprise Linux 6 and 7 products into the produced RPM package
|
|
|
f04235 |
(RH BZ#1351751)
|
|
|
f04235 |
|
|
|
f04235 |
* Wed Jun 22 2016 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.30-1
|
|
|
f04235 |
- Update to upstream's 0.1.30 release:
|
|
|
f04235 |
https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.30
|
|
|
f04235 |
(RH BZ#1289533)
|
|
|
f04235 |
- Drop remediation functions library since starting from 0.1.30 release
|
|
|
f04235 |
remediation scripts are part of the benchmarks directly
|
|
|
f04235 |
- Drop three patches that have been accepted upstream in the meantime
|
|
|
f04235 |
- Update drop-rpm-verify-permissions-rule patch to work properly against
|
|
|
f04235 |
0.1.30 release
|
|
|
6c1a7a |
|
|
|
fa25b6 |
* Fri Oct 02 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.25-3
|
|
|
fa25b6 |
- Drop "Verify and Correct File Permissions with RPM" rule from the PCI-DSS
|
|
|
fa25b6 |
profile for Red Hat Enterprise Linux 7 (RH BZ#1267861)
|
|
|
fa25b6 |
|
|
|
fa25b6 |
* Wed Sep 09 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.25-2
|
|
|
fa25b6 |
- Update R and BR for the openscap-scanner package to 1.2.5 per RHBZ#1202762#c7
|
|
|
fa25b6 |
|
|
|
fa25b6 |
* Wed Aug 19 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.25-1
|
|
|
fa25b6 |
- Rebase to upstream 0.1.25 release
|
|
|
fa25b6 |
|
|
|
fa25b6 |
* Tue Aug 04 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.24-4
|
|
|
fa25b6 |
- Fix false-positive in OVAL check for 'accounts_passwords_pam_faillock_deny'
|
|
|
fa25b6 |
rule
|
|
|
fa25b6 |
|
|
|
fa25b6 |
* Mon Aug 03 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.24-3
|
|
|
fa25b6 |
- Add remediation script for 'accounts_passwords_pam_faillock_unlock_time' rule
|
|
|
fa25b6 |
for Red Hat Enterprise Linux 7 product
|
|
|
fa25b6 |
- Override title and description for all existing profiles for Red Hat
|
|
|
fa25b6 |
Enterprise Linux 6 product that are extending another SCAP profile
|
|
|
fa25b6 |
(RHBZ#1246529)
|
|
|
fa25b6 |
- Correct various issues in the included Oscap Anaconda Addon PCI-DSS profile
|
|
|
fa25b6 |
kickstart file for Red Hat Enterprise Linux 7 product
|
|
|
fa25b6 |
- Add remediation script for 'audit_rules_time_clock_settime' rule for
|
|
|
fa25b6 |
Red Hat Enterprise Linux 7 product
|
|
|
fa25b6 |
- Add remediation scripts for 'audit_rules_time_adjtimex',
|
|
|
fa25b6 |
'audit_rules_time_settimeofday', and 'audit_rules_time_stime' rules for
|
|
|
fa25b6 |
Red Hat Enterprise Linux 7 product
|
|
|
fa25b6 |
- Tag current PCI-DSS profile for Red Hat Enterprise Linux 7 product with
|
|
|
fa25b6 |
"Draft" label
|
|
|
fa25b6 |
- Disable the following rules in the PCI-DSS profile for the Red Hat Enterprise
|
|
|
fa25b6 |
Linux 7 product:
|
|
|
fa25b6 |
* dconf_gnome_screensaver_idle_delay -- missing remediation script,
|
|
|
fa25b6 |
* dconf_gnome_screensaver_idle_activation -- missing remediation script,
|
|
|
fa25b6 |
* dconf_gnome_screensaver_lock_enabled -- missing remediation script,
|
|
|
fa25b6 |
* audit_rules_login_events -- incorrect OVAL check (upstream issue #607),
|
|
|
fa25b6 |
* audit_rules_privileged_commands -- missing remediation script, and
|
|
|
fa25b6 |
* audit_rules_immutable -- missing remediation script.
|
|
|
fa25b6 |
|
|
|
fa25b6 |
* Mon Aug 03 2015 Martin Preisler <mpreisle@redhat.com> 0.1.24-2
|
|
|
fa25b6 |
- Break-down firewalld rule description for Red Hat Enterprise Linux 7 product
|
|
|
fa25b6 |
into multiple lines, prevents HTML guide UX issues
|
|
|
fa25b6 |
|
|
|
fa25b6 |
* Tue Jul 07 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.24-1
|
|
|
fa25b6 |
- Rebase to upstream scap-security-guide-0.1.24 version
|
|
|
fa25b6 |
- Start producing the -doc subpackage to provide the HTML formatted
|
|
|
fa25b6 |
documents containing security guides generated from shipped XCCDF benchmarks
|
|
|
fa25b6 |
|
|
|
fa25b6 |
* Mon Jun 22 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.23-1
|
|
|
fa25b6 |
- Rebase to upstream scap-security-guide-0.1.23 version
|
|
|
fa25b6 |
- Update upstream tarball source URL to GitHub archive location
|
|
|
fa25b6 |
- Drop the following patches that have been accepted upstream:
|
|
|
fa25b6 |
* scap-security-guide-0.1.19-rhel7-include-only-rht-ccp-profile.patch
|
|
|
fa25b6 |
* scap-security-guide-0.1.19-rhel7-drop-restorecond-since-in-optional.patch
|
|
|
fa25b6 |
* scap-security-guide-0.1.19-update-man-page-for-rhel7-content.patch
|
|
|
fa25b6 |
* scap-security-guide-0.1.19-rhel7-update-pam-XCCDF-to-use-pam_pwquality.patch
|
|
|
fa25b6 |
* scap-security-guide-0.1.20-rhel7-shared-fix-limit-password-reuse-remediation.patch
|
|
|
fa25b6 |
* scap-security-guide-0.1.20-rhel6-rhel7-PR#280-set-deny-prerequisite-#1.patch
|
|
|
fa25b6 |
* scap-security-guide-0.1.20-rhel6-rhel7-set-deny-prerequisite-#2.patch
|
|
|
fa25b6 |
* scap-security-guide-0.1.20-shared-fix-set-deny-for-failed-password-attempts-remediation.patch
|
|
|
fa25b6 |
* scap-security-guide-0.1.20-rhel7-specify-exact-profile-name-when-generating-guide.patch
|
|
|
fa25b6 |
- Include the datastream versions of Firefox and Java Runtime Environment (JRE) benchmarks
|
|
|
fa25b6 |
- Include USGCB and DISA STIG profile kickstart files for Red Hat Enterprise Linux 6
|
|
|
fa25b6 |
|
|
|
2b7b16 |
* Tue Oct 21 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.19-2
|
|
|
2b7b16 |
- Fix Limit Password Reuse remediation script error
|
|
|
2b7b16 |
- Fix Set Deny For Failed Password Attempts remediation script error
|
|
|
2b7b16 |
- Use RHT-CCP profile name when generating HTML guide
|
|
|
2b7b16 |
- Describe RHT-CCP profile in the manual page
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Mon Sep 29 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.19-1
|
|
|
2b7b16 |
- Include RHEL-7 content (RHT-CCP profile only)
|
|
|
2b7b16 |
- Drop RHEL-7 restorecond XCCDF rule since policycoreutils-restorecond in Optional channel
|
|
|
2b7b16 |
- Drop RHEL-7 cpuspeed XCCDF rule since obsoleted by cpupower from kernel-tools
|
|
|
2b7b16 |
- Update manual page to be more appropriate for RHEL-7
|
|
|
2b7b16 |
- Drop RHEL-6 C2S profile update patch since merged upstream
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Tue Sep 02 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.18-4
|
|
|
2b7b16 |
- Initial build for Red Hat Enterprise Linux 7
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Thu Aug 28 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.18-3
|
|
|
2b7b16 |
- Update C2S profile <description> per request from CIS
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Thu Jun 26 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.18-2
|
|
|
2b7b16 |
- Include the upstream STIG for RHEL 6 Server profile disclaimer file too
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Sun Jun 22 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.18-1
|
|
|
2b7b16 |
- Make new 0.1.18 release
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Wed May 14 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.17-2
|
|
|
2b7b16 |
- Drop vendor line from the spec file. Let the build system to provide it.
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Fri May 09 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.17-1
|
|
|
2b7b16 |
- Upgrade to upstream 0.1.17 version
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Mon May 05 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.16-2
|
|
|
2b7b16 |
- Initial RPM for RHEL base channels
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Mon May 05 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.16-1
|
|
|
2b7b16 |
- Change naming scheme (0.1-16 => 0.1.16-1)
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Fri Feb 21 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-16
|
|
|
2b7b16 |
- Include datastream file into RHEL6 RPM package too
|
|
|
2b7b16 |
- Bump version
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Tue Dec 24 2013 Shawn Wells <shawn@redhat.com> 0.1-16.rc2
|
|
|
2b7b16 |
+ RHEL6 stig-rhel6-server XCCDF profile renamed to stig-rhel6-server-upstream
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Mon Dec 23 2013 Shawn Wells <shawn@redhat.com> 0.1-16.rc1
|
|
|
2b7b16 |
- [bugfix] RHEL6 no_empty_passwords remediation script overwrote
|
|
|
2b7b16 |
system-auth symlink. Added --follow-symlink to sed command.
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Fri Nov 01 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-15
|
|
|
2b7b16 |
- Version bump
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Sat Oct 26 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-15.rc5
|
|
|
2b7b16 |
- Point the spec's source to proper remote tarball location
|
|
|
2b7b16 |
- Modify the main Makefile to use remote tarball when building RHEL/6's SRPM
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Sat Oct 26 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-15.rc4
|
|
|
2b7b16 |
- Don't include the table html files two times
|
|
|
2b7b16 |
- Remove makewhatis
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Fri Oct 25 2013 Shawn Wells <shawn@redhat.com> 0.1-15.rc3
|
|
|
2b7b16 |
- [bugfix] Updated rsyslog_remote_loghost to scan /etc/rsyslog.conf and /etc/rsyslog.d/*
|
|
|
2b7b16 |
- Numberous XCCDF->OVAL naming schema updates
|
|
|
2b7b16 |
- All rules now have CCE
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Fri Oct 25 2013 Shawn Wells <shawn@redhat.com> 0.1-15.rc2
|
|
|
2b7b16 |
- RHEL/6 HTML table naming bugfixes (table-rhel6-*, not table-*-rhel6)
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Fri Oct 25 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-15.rc1
|
|
|
2b7b16 |
- Apply spec file changes required by review request (RH BZ#1018905)
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Thu Oct 24 2013 Shawn Wells <shawn@redhat.com> 0.1-14
|
|
|
2b7b16 |
- Formal RPM release
|
|
|
2b7b16 |
- Inclusion of rht-ccp profile
|
|
|
2b7b16 |
- OVAL unit testing patches
|
|
|
2b7b16 |
- Bash remediation patches
|
|
|
2b7b16 |
- Bugfixes
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Mon Oct 07 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-14.rc1
|
|
|
2b7b16 |
- Change RPM versioning scheme to include release into tarball
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Sat Sep 28 2013 Shawn Wells <shawn@redhat.com> 0.1-13
|
|
|
2b7b16 |
- Updated RPM spec file to fix rpmlint warnings
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Wed Jun 26 2013 Shawn Wells <shawn@redhat.com> 0.1-12
|
|
|
2b7b16 |
- Updated RPM version to 0.1-12
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Fri Apr 26 2013 Shawn Wells <shawn@redhat.com> 0.1-11
|
|
|
2b7b16 |
- Significant amount of OVAL bugfixes
|
|
|
2b7b16 |
- Incorporation of Draft RHEL/6 STIG feedback
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Sat Feb 16 2013 Shawn Wells <shawn@redhat.com> 0.1-10
|
|
|
2b7b16 |
- `man scap-security-guide`
|
|
|
2b7b16 |
- OVAL bug fixes
|
|
|
2b7b16 |
- NIST 800-53 mappings update
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Wed Nov 28 2012 Shawn Wells <shawn@redhat.com> 0.1-9
|
|
|
2b7b16 |
- Updated BuildRequires to reflect python-lxml (thank you, Ray S.!)
|
|
|
2b7b16 |
- Reverting to noarch RPM
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Tue Nov 27 2012 Shawn Wells <shawn@redhat.com> 0.1-8
|
|
|
2b7b16 |
- Significant copy editing to XCCDF rules per community
|
|
|
2b7b16 |
feedback on the DISA RHEL/6 STIG Initial Draft
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Thu Nov 1 2012 Shawn Wells <shawn@redhat.com> 0.1-7
|
|
|
2b7b16 |
- Corrected XCCDF content errors
|
|
|
2b7b16 |
- OpenSCAP now supports CPE dictionaries, important to
|
|
|
2b7b16 |
utilize --cpe-dict when scanning machines with OpenSCAP,
|
|
|
2b7b16 |
e.g.:
|
|
|
2b7b16 |
$ oscap xccdf eval --profile stig-server \
|
|
|
2b7b16 |
--cpe-dict ssg-rhel6-cpe-dictionary.xml ssg-rhel6-xccdf.xml
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Mon Oct 22 2012 Shawn Wells <shawn@redhat.com> 0.1-6
|
|
|
2b7b16 |
- Corrected RPM versioning, we're on 0.1 release 6 (not version 1 release 6)
|
|
|
2b7b16 |
- Updated RPM includes feedback received from DoD Consensus meetings
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Fri Oct 5 2012 Jeffrey Blank <blank@eclipse.ncsc.mil> 1.0-5
|
|
|
2b7b16 |
- Adjusted installation directory to /usr/share/xml/scap.
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Tue Aug 28 2012 Spencer Shimko <sshimko@tresys.com> 1.0-4
|
|
|
2b7b16 |
- Fix BuildRequires and Requires.
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Tue Jul 3 2012 Jeffrey Blank <blank@eclipse.ncsc.mil> 1.0-3
|
|
|
2b7b16 |
- Modified install section, made description more concise.
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Thu Apr 19 2012 Spencer Shimko <sshimko@tresys.com> 1.0-2
|
|
|
2b7b16 |
- Minor updates to pass some variables in from build system.
|
|
|
2b7b16 |
|
|
|
2b7b16 |
* Mon Apr 02 2012 Shawn Wells <shawn@redhat.com> 1.0-1
|
|
|
2b7b16 |
- First attempt at SSG RPM. May ${deity} help us...
|