diff --git a/SOURCES/scap-security-guide-0.1.51-remove_grub_doc_links-PR_5851.patch b/SOURCES/scap-security-guide-0.1.51-remove_grub_doc_links-PR_5851.patch new file mode 100644 index 0000000..d80f19e --- /dev/null +++ b/SOURCES/scap-security-guide-0.1.51-remove_grub_doc_links-PR_5851.patch @@ -0,0 +1,65 @@ +From 713bc3b17929d0c73b7898f42fe7935806a3bfff Mon Sep 17 00:00:00 2001 +From: Gabe +Date: Tue, 16 Jun 2020 16:04:10 -0600 +Subject: [PATCH] Remove grub documentation links from RHEL7 rationale + +--- + .../system/bootloader-grub2/grub2_admin_username/rule.yml | 7 ------- + .../guide/system/bootloader-grub2/grub2_password/rule.yml | 7 ------- + .../system/bootloader-grub2/grub2_uefi_password/rule.yml | 7 ------- + 3 files changed, 21 deletions(-) + +diff --git a/linux_os/guide/system/bootloader-grub2/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_admin_username/rule.yml +index 2042a17806..63a6a7a83c 100644 +--- a/linux_os/guide/system/bootloader-grub2/grub2_admin_username/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/grub2_admin_username/rule.yml +@@ -24,13 +24,6 @@ description: |- + + rationale: |- + Having a non-default grub superuser username makes password-guessing attacks less effective. +- {{% if product == "rhel7" %}} +- For more information on how to configure the grub2 superuser account and password, +- please refer to +- +- {{% endif %}} + + severity: low + +diff --git a/linux_os/guide/system/bootloader-grub2/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_password/rule.yml +index 00cec58c77..985b8727d7 100644 +--- a/linux_os/guide/system/bootloader-grub2/grub2_password/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/grub2_password/rule.yml +@@ -23,13 +23,6 @@ rationale: |- + users with physical access cannot trivially alter + important bootloader settings. These include which kernel to use, + and whether to enter single-user mode. +- {{% if product == "rhel7" %}} +- For more information on how to configure the grub2 superuser account and password, +- please refer to +- +- {{% endif %}} + + severity: high + +diff --git a/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml +index 954d6f21d0..3ce5a2df13 100644 +--- a/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml +@@ -23,13 +23,6 @@ rationale: |- + users with physical access cannot trivially alter + important bootloader settings. These include which kernel to use, + and whether to enter single-user mode. +- {{% if product == "rhel7" %}} +- For more information on how to configure the grub2 superuser account and password, +- please refer to +- +- {{% endif %}} + + severity: medium + diff --git a/SPECS/scap-security-guide.spec b/SPECS/scap-security-guide.spec index bbd63c3..eb6eb3a 100644 --- a/SPECS/scap-security-guide.spec +++ b/SPECS/scap-security-guide.spec @@ -1,6 +1,6 @@ Name: scap-security-guide Version: 0.1.50 -Release: 11%{?dist} +Release: 12%{?dist} Summary: Security guidance and baselines in SCAP formats Group: Applications/System License: BSD @@ -33,6 +33,7 @@ Patch21: scap-security-guide-0.1.51-parametrize-ssh-PR5788.patch Patch22: scap-security-guide-0.1.52-selinux_all_devicefiles_labeled_fix-PR_5911.patch Patch23: scap-security-guide-0.1.51-no_shelllogin_for_systemaccounts_ubi8-PR_5810.patch Patch24: scap-security-guide-0.1.51-grub2_doc_fix-PR_5890.patch +Patch25: scap-security-guide-0.1.51-remove_grub_doc_links-PR_5851.patch BuildArch: noarch @@ -92,6 +93,7 @@ present in %{name} package. %patch22 -p1 %patch23 -p1 %patch24 -p1 +%patch25 -p1 mkdir build %build @@ -126,6 +128,9 @@ cd build %doc %{_docdir}/%{name}/tables/*.html %changelog +* Fri Aug 21 2020 Matěj Týč - 0.1.50-12 +- remove rationale from rules that contain defective links (rhbz#1854854) + * Thu Aug 20 2020 Matěj Týč - 0.1.50-11 - fixed link in a grub2 rule description (rhbz#1854854) - fixed selinux_all_devicefiles_labeled rule (rhbz#1852367)