Blame SPECS/scap-security-guide.spec

9c64d1
# Somehow, _pkgdocdir is already defined and points to unversioned docs dir
9c64d1
# RHEL 7.X uses versioned docs dir, hence the definition below
9c64d1
%global _pkgdocdir %{_docdir}/%{name}-%{version}
2b7b16
d10e36
# Base name of static rhel6 content tarball
d10e36
%global _static_rhel6_content %{name}-0.1.52-2.el7_9-rhel6
d10e36
2b7b16
Name:		scap-security-guide
000939
Version:	0.1.73
000939
Release:	1%{?dist}
2b7b16
Summary:	Security guidance and baselines in SCAP formats
2b7b16
2b7b16
Group:		System Environment/Base
7629ac
License:	BSD-3-Clause
0d5c10
URL:		https://github.com/ComplianceAsCode/content
9c64d1
Source0:	%{name}-%{version}.tar.bz2
d10e36
# Include tarball with last shipped rhel6 content
d10e36
Source1:	%{_static_rhel6_content}.tar.bz2
0f521b
2b7b16
BuildArch:	noarch
2b7b16
bd46b7
BuildRequires:	libxslt, expat, python, openscap-scanner >= 1.2.16, python-jinja2, python-setuptools, cmake >= 2.8, PyYAML
fa25b6
Requires:	xml-common, openscap-scanner >= 1.2.5
2b7b16
2b7b16
%description
2b7b16
The scap-security-guide project provides a guide for configuration of the
2b7b16
system from the final system's security point of view. The guidance is
2b7b16
specified in the Security Content Automation Protocol (SCAP) format and
2b7b16
constitutes a catalog of practical hardening advice, linked to government
2b7b16
requirements where applicable. The project bridges the gap between generalized
2b7b16
policy requirements and specific implementation guidelines. The Red Hat
2b7b16
Enterprise Linux 7 system administrator can use the oscap command-line tool
2b7b16
from the openscap-utils package to verify that the system conforms to provided
2b7b16
guideline. Refer to scap-security-guide(8) manual page for further information.
2b7b16
fa25b6
%package	doc
fa25b6
Summary:	HTML formatted documents containing security guides generated from XCCDF benchmarks.
fa25b6
Group:		System Environment/Base
fa25b6
Requires:	%{name} = %{version}-%{release}
fa25b6
fa25b6
%description	doc
fa25b6
The %{name}-doc package contains HTML formatted documents containing security guides that have
fa25b6
been generated from XCCDF benchmarks present in %{name} package.
fa25b6
a8c580
%if %{defined rhel}
a8c580
%package	rule-playbooks
a8c580
Summary:	Ansible playbooks per each rule.
a8c580
Group:		System Environment/Base
a8c580
Requires:	%{name} = %{version}-%{release}
a8c580
a8c580
%description	rule-playbooks
a8c580
The %{name}-rule-playbooks package contains individual ansible playbooks per rule.
a8c580
%endif
a8c580
2b7b16
%prep
9be3b2
%autosetup -p1 -b1
0f521b
44eea6
# Workaround to remove Python byte cache files from the upstream sources
44eea6
# See https://github.com/ComplianceAsCode/content/issues/4042
44eea6
find . -name '*.pyc' -exec rm -f {} ';'
44eea6
mkdir build
ee8600
2b7b16
%build
7629ac
mkdir -p build && cd build
9c64d1
%cmake -D CMAKE_INSTALL_DOCDIR=%{_pkgdocdir} \
44eea6
-DSSG_PRODUCT_DEFAULT:BOOL=OFF \
0d5c10
-DSSG_PRODUCT_FIREFOX:BOOL=ON \
44eea6
-DSSG_PRODUCT_JRE:BOOL=ON \
0d5c10
-DSSG_PRODUCT_RHEL7:BOOL=ON \
44eea6
-DSSG_PRODUCT_RHEL8:BOOL=ON \
a8c580
%if %{defined centos}
a8c580
-DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON \
a8c580
%else
dac76a
-DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF \
a8c580
%endif
7629ac
-DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF \
a8c580
%if %{defined rhel}
a8c580
-DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON \
a8c580
%endif
7629ac
../
9c64d1
make %{?_smp_mflags}
2b7b16
2b7b16
%install
0950b5
cd build
7a1abb
%make_install
d10e36
# Manually install pre-built rhel6 content
d10e36
cp -r %{_builddir}/%{_static_rhel6_content}/usr %{buildroot}
d10e36
cp -r %{_builddir}/%{_static_rhel6_content}/tables %{buildroot}%{_docdir}/%{name}-%{version}
d10e36
# The guide files need to be put in the build system directory for the files section below
d10e36
cp -r %{_builddir}/%{_static_rhel6_content}/guides %{_builddir}/%{name}-%{version}/build
8ecd84
2b7b16
%files
2b7b16
%defattr(-,root,root,-)
2b7b16
%{_datadir}/xml/scap
fa25b6
%{_datadir}/%{name}
9c64d1
%lang(en) %{_mandir}/man8/scap-security-guide.8.gz
9c64d1
%doc LICENSE
9c64d1
%doc Contributors.md
9c64d1
%doc README.md
0950b5
%doc DISCLAIMER
0950b5
# All files installed by cmake are automatically include in main package
0950b5
# We exclude the guides to here add them in doc package
0950b5
%exclude %{_pkgdocdir}/guides/
a8c580
%if %{defined rhel}
a8c580
%exclude %{_datadir}/%{name}/ansible/rule_playbooks
a8c580
%endif
fa25b6
fa25b6
%files doc
fa25b6
%defattr(-,root,root,-)
d10e36
# Installing guide files from cmake install doens't work because of versioned docs
d10e36
# So we take them from the build directory
0950b5
%doc build/guides/ssg-*-guide-*.html
2b7b16
a8c580
%if %{defined rhel}
a8c580
%files rule-playbooks
a8c580
%defattr(-,root,root,-)
a8c580
%{_datadir}/%{name}/ansible/rule_playbooks
a8c580
%endif
a8c580
2b7b16
%changelog
000939
* Tue May 21 2024 Jan Černý <jcerny@redhat.com> - 0.1.73-1
000939
- Rebase scap-security-guide package to version 0.1.73 (RHEL-36739)
000939
4647e3
* Fri Feb 16 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-2
4647e3
- Unlist profiles no longer maintained in RHEL8.
4647e3
4647e3
* Wed Feb 14 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-1
4647e3
- Rebase to a new upstream release 0.1.72 (RHEL-25251)
4647e3
- Include filter to dracut files in audit_rules_privileged_commands rule (RHEL-11938)
4647e3
5633cc
* Fri Aug 04 2023 Jan Černý <jcerny@redhat.com> - 0.1.69-1
5633cc
- Rebase to the latest upstream release (RHBZ#2221694)
5633cc
- Make IPv6 related rules applicable only in case IPv6 is actually enabled. (RHBZ#2210276)
5633cc
- update ANSSI BP-028 profiles to be aligned with version 2.0 (RHBZ#2155793)
5633cc
- Correct URL used to download CVE checks. (RHBZ#2223817)
5633cc
e71555
* Tue Feb 14 2023 Watson Sato <wsato@redhat.com> - 0.1.66-1
e71555
- Rebase to a new upstream release 0.1.66 (RHBZ#2158410)
e71555
- Update RHEL7 STIG profile to V3R10 (RHBZ#2152657)
e71555
- Align file_permissions_sshd_private_key with DISA Benchmark (RHBZ#2123284)
e71555
- Fix remediation of audit watch rules (RHBZ#2123367)
e71555
- Fix check firewalld_sshd_port_enabled (RHBZ#2158410)
e71555
- Fix accepted control flags for pam_pwhistory (RHBZ#2158410)
e71555
- Unselect rule logind_session_timeout (RHBZ#2158410)
e71555
- Add support rainer scripts in rsyslog rules (RHBZ#2170038)
e71555
bd46b7
* Tue Aug 09 2022 Watson Sato <wsato@redhat.com> - 0.1.63-1
bd46b7
- Update to the latest upstream release (RHBZ#2116359)
bd46b7
- Fix SSH Key permissions (RHBZ#2021258)
bd46b7
- Remove PCI-DSS Benchmark(RHBZ2038165)
bd46b7
- Updated source of CVE data feed(RHBZ#2028432)
bd46b7
- Improved alignment with DISA's RHEL7 STIG(RHBZ#1967950)
bd46b7
- Update RHEL7 STIG profile to v3r8 (RHBZ#2112939)
bd46b7
- Add warning how to override audit buffer (RHBZ#1993822)
bd46b7
- Fix smartcard_auth rule for systems installed without authconfig (RHBZ#2116359)
bd46b7
- Fix check of enable_fips_mode on s390x (RHBZ#2116359)
bd46b7
- Fix applicability of pam_pkcs11 and grub2 rules on s390x (RHBZ#2116359)
bd46b7
e3b048
* Tue May 03 2022 Watson Sato <wsato@redhat.com> - 0.1.57-8
e3b048
- Remove warning how to override audit buffer (RHBZ#1993822)
e3b048
e3b048
* Wed Apr 27 2022 Watson Sato <wsato@redhat.com> - 0.1.57-7
e3b048
- Add warning how to override audit buffer (RHBZ#1993822)
e3b048
- Fix name of antivirus package in STIG profile (RHBZ#2066321)
e3b048
- Update RHEL7 DISA STIG profile to v3r7 (RHBZ#2079217)
e3b048
0c1482
* Fri Feb 25 2022 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-6
0c1482
- Fix bash remediation of sudo_require_reauthentication (RHBZ#2049532)
0c1482
0c1482
* Thu Feb 17 2022 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-5
0c1482
- Update RHEL7 DISA STIG profile to v3r6 (RHBZ#2049532)
0c1482
9be3b2
* Tue Nov 02 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-4
9be3b2
- Update RHEL7 DISA STIG profile to v3r5 (RHBZ#1996678)
9be3b2
9be3b2
* Thu Oct 21 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-3
9be3b2
- Fix broken SELinux documentation links (RHBZ#1996678)
9be3b2
9be3b2
* Wed Oct 20 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-2
9be3b2
- Fix auditd_overflow_action configuration path for RHEL7 (RHBZ#1996678)
9be3b2
9be3b2
* Thu Oct 7 2021 Jan Černý <jcerny@redhat.com> - 0.1.57-1
9be3b2
- Rebase to the 0.1.57 upstream release
9be3b2
- Update RHEL7 DISA STIG profile to v3r4 (RHBZ#1996678)
9be3b2
- Split CIS profile (RHBZ#1953787)
9be3b2
a8c580
* Wed Jun 30 2021 Vojtech Polasek <vpolasek@redhat.com> - 0.1.54-7
a8c580
- Generate HTML STIG reference tables also for stig_gui profile (RHBZ#1958789)
a8c580
a8c580
* Fri Jun 11 2021 Vojtech Polasek <vpolasek@redhat.com> - 0.1.54-6
a8c580
- Add kickstart files for RHEL 7 stig and stig_gui profiles (RHBZ#1958789)
a8c580
a8c580
* Tue Jun 8 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.54-5
a8c580
- Create subpackage to hold ansible playbooks per rule (RHBZ#1966589)
a8c580
- Fix Bash remediation of dconf_gnome_login_retries (RHBZ#1967566)
a8c580
a8c580
* Mon May 10 2021 Vojtech Polasek <vpolasek@redhat.com> - 0.1.54-4
a8c580
- Update RHEL 7 STIG profile to V3R3 (RHBZ#1958789)
a8c580
- Update ANSSI High Profile (RHBZ#1955180)
a8c580
d10e36
* Wed Feb 24 2021 Watson Sato <wsato@redhat.com> - 0.1.54-3
d10e36
- Realign PCI-DSS rules selection to v0.1.54 (RHBZ#1497415)
d10e36
d10e36
* Wed Feb 17 2021 Watson Sato <wsato@redhat.com> - 0.1.54-2
d10e36
- Remove Kickstart for not shipped profile (RHBZ#1497415)
d10e36
- Fix STIG id reference format for sshd_x11_use_localhost (RHBZ#1921643)
d10e36
d10e36
* Wed Feb 03 2021 Watson Sato <wsato@redhat.com> - 0.1.54-1
d10e36
- Rebase to incorporate ANSSI Profile (RHBZ#1497415)
d10e36
- Update RHEL7 STIG profile to V3R2 (RHBZ#1921643)
d10e36
- Add Minimal, Intermediary and Enhanced ANSSI Profiles (RHBZ#1497415)
d10e36
fe0dde
* Fri Nov 27 2020 Gabriel Becker <ggasparb@redhat.com> - 0.1.52-2
fe0dde
- Update RHEL7 DISA STIG to V3R1 (RHBZ#1665233)
fe0dde
fe0dde
* Thu Oct 08 2020 Gabriel Becker <ggasparb@redhat.com> - 0.1.52-1
fe0dde
- Update to the latest upstream release (RHBZ#1665233)
fe0dde
- Update RHEL7 DISA STIG to V2R8 (RHBZ#1665233)
fe0dde
dac76a
* Tue May 26 2020 Watson Sato <wsato@redhat.com> - 0.1.49-13
dac76a
- Add example kickstart for RHEL7 HIPAA (RHBZ#1513087)
dac76a
- Fix Test Suite to run on Python3
dac76a
dac76a
* Thu May 21 2020 Watson Sato <wsato@redhat.com> - 0.1.49-12
dac76a
- CIS Profile (RHBZ#1821633)
dac76a
  - Make sure boot target is multi-user.target when xorg package is removed
dac76a
  - Add CIS Profile content attribution to Center for Internet Security
dac76a
dac76a
* Wed May 20 2020 Watson Sato <wsato@redhat.com> - 0.1.49-11
dac76a
- HIPAA Profile improvement (RHBZ#1513087)
dac76a
  - Add Ansible remediation for audit_rules_system_shutdown
dac76a
dac76a
* Tue May 19 2020 Watson Sato <wsato@redhat.com> - 0.1.49-10
dac76a
- CIS Profile fixes (RHBZ#1821633)
dac76a
  - Fix Ansible mount_option template
dac76a
  - Re-order rpm_verify_permissions to avoid file permission conflicts
dac76a
dac76a
* Tue May 12 2020 Watson Sato <wsato@redhat.com> - 0.1.49-9
dac76a
- CIS Profile fixes (RHBZ#1821633)
dac76a
  - Fix Ansible mount_option template
dac76a
  - Add Ansible for ensure_logrotate_activated
dac76a
  - Add warnings to rpm_verify_permissions and ownership about findindings that may need further inspection
dac76a
dac76a
* Mon May 11 2020 Watson Sato <wsato@redhat.com> - 0.1.49-8
dac76a
- Fix specfile to apply patch (RHBZ#1691877)
dac76a
dac76a
* Mon May 04 2020 Watson Sato <wsato@redhat.com> - 0.1.49-7
dac76a
- Bug fixes on CIS profile (RHBZ#1821633)
dac76a
  Added Ansible remediations
dac76a
  Fixed CIS references
dac76a
  Fixed integration issues with CIS profile
dac76a
dac76a
* Mon May 04 2020 Vojtech Polasek <vpolasek@redhat.com> - 0.1.49-6
dac76a
- Added a patch fixing audit_rules_privileged_commands (RHBZ#1691877)
dac76a
dac76a
* Thu Apr 30 2020 Matěj Týč <matyc@redhat.com> - 0.1.49-5
dac76a
- Added a patch fix for sshd_allow_protocol_2 (RHBZ#1823576)
dac76a
dac76a
* Mon Apr 27 2020 Matěj Týč <matyc@redhat.com> - 0.1.49-5
dac76a
- Added a patch warning about non-local users/groups are not considered by some rules (RHBZ#1721439, RHBZ#1544765, RHBZ#1829743)
dac76a
dac76a
* Thu Apr 23 2020 Jan Černý <jcerny@redhat.com> - 0.1.49-4
dac76a
- Fix removable media options rules (RHBZ#1691579)
dac76a
dac76a
* Mon Apr 06 2020 Watson Sato <wsato@redhat.com> - 0.1.49-3
dac76a
- Add new rules and references for RHEL7 CIS (RHBZ#1821633)
dac76a
dac76a
* Tue Mar 31 2020 Watson Sato <wsato@redhat.com> - 0.1.49-2
dac76a
- Fix remediation of dconf_gnome_login_banner_text (RHBZ#1776780)
dac76a
- Fix misleading sysctl rules description (RHBZ#1494606)
dac76a
- Update STIG FIPS approved SSHD ciphers (RHBZ#1781244)
dac76a
dac76a
* Thu Mar 19 2020 Gabriel Becker <ggasparb@redhat.com> - 0.1.49-1
dac76a
- Update to the latest upstream release (RHBZ#1815008)
dac76a
44eea6
* Thu Nov 28 2019 Jan Černý <jcerny@redhat.com> - 0.1.46-11
44eea6
- Ship RHEL 8 content (RHBZ#1777862)
44eea6
44eea6
* Wed Nov 20 2019 Vojtech Polasek <vpolasek@redhat.com> - 0.1.46-10
44eea6
- Added missing CCE for rule sudo_require_authentication. (RHBZ#1755192)
44eea6
- fix check and remediation for rule aide_periodic_cron_checking (RHBZ#1658036)
44eea6
44eea6
* Mon Nov 18 2019 Gabriel Becker <ggasparb@redhat.com> - 0.1.46-9
44eea6
- Fixed missing CCE for OSPP, E8 and STIG profiles. (RHBZ#1726698)
44eea6
- Added kickstart file for the Essential Eight (e8) profile. (RHBZ#1755192)
44eea6
44eea6
* Fri Nov 15 2019 Gabriel Becker <ggasparb@redhat.com> - 0.1.46-8
44eea6
- Fix an omission on backporting the patch which fixes krb_sec rule. (RHBZ#1726698)
44eea6
44eea6
* Fri Nov 15 2019 Matěj Týč <matyc@redhat.com> - 0.1.46-7
44eea6
- Added support for the Essential Eight (e8) profile. (RHBZ#1755192)
44eea6
- Fixed issues with sshd rules used in the e8 profile. (RHBZ#1755192)
44eea6
44eea6
* Wed Nov 13 2019 Gabriel Becker <ggasparb@redhat.com> - 0.1.46-6
44eea6
- Updated ansible playbooks to use modules in favor of shell. (RHBZ#1726698)
44eea6
- Removed rule directory_access_var_log_audit from OSPP profile. (RHBZ#1726698)
44eea6
- Fixed ansible playbooks failing when running in --check mode. (RHBZ#1726698)
44eea6
44eea6
* Mon Nov 11 2019 Gabriel Becker <ggasparb@redhat.com> - 0.1.46-5
44eea6
- Fixed grub2_enable_fips_mode rule when installing RHEL on machines with AES-enabled processors. (RHBZ#1754532)
44eea6
44eea6
* Wed Nov 06 2019 Jan Černý <jcerny@redhat.com> - 0.1.46-4
44eea6
- Fix evaluation and remediation of audit rules in PCI-DSS profile (RHBZ#1754550)
44eea6
- Fixed mtab handling of remediation of /dev/shm/noexec (RHBZ#1754553)
44eea6
44eea6
* Tue Nov 05 2019 Matěj Týč <matyc@redhat.com> - 0.1.46-3
44eea6
- Made the cmake product selection future-proof. (RHBZ#1726698)
44eea6
44eea6
* Tue Nov 05 2019 Jan Černý <jcerny@redhat.com> - 0.1.46-2
44eea6
- Fix rules file_permissions_unauthorized_suid and sgid (RHBZ#1693026)
44eea6
44eea6
* Mon Sep 02 2019 Watson Sato <wsato@redhat.com> - 0.1.46-1
44eea6
- Update to the latest upstream release 0.1.46 (RHBZ#1726698)
44eea6
44eea6
* Fri Aug 09 2019 Matěj Týč <matyc@redhat.com> - 0.1.45-2
44eea6
- Added a patch not to build SCAP 1.2 datastreams, only SCAP 1.3 (RHBZ#1726698)
44eea6
44eea6
* Tue Aug 06 2019 Watson Sato <wsato@redhat.com> - 0.1.45-1
44eea6
- Update to the latest upstream release (RHBZ#1726698)
44eea6
0d5c10
* Wed Jun 12 2019 Matěj Týč <matyc@redhat.com> - 0.1.43-13
0d5c10
- Fixed the shared dconf bash remediation (RHBZ#1631378)
0d5c10
0d5c10
* Mon Jun 03 2019 Jan Černý <jcerny@redhat.com> - 0.1.43-12
0d5c10
- Make aide and smart card rules not applicable to containers (RHBZ#1711893)
0d5c10
- Added rule dconf_db_up_to_date to ensure dconf databases are up-to-date (RHBZ#1631378)
0d5c10
0d5c10
* Fri May 24 2019 Gabriel Becker <ggasparb@redhat.com> - 0.1.43-11
0d5c10
- Remove faulty dconf_use_text_backend rule from all profiles (Reverts RHBZ#1631378)
0d5c10
0d5c10
* Thu May 23 2019 Gabriel Becker <ggasparb@redhat.com> - 0.1.43-10
0d5c10
- Fixed Ansible remediation for sssd_ssh_known_hosts_timeout (RHBZ#1599179)
0d5c10
0d5c10
* Mon May 20 2019 Jan Černý <jcerny@redhat.com> - 0.1.43-9
0d5c10
- Fixed missing Ansible tags and platform checks (RHBZ#1685950)
0d5c10
0d5c10
* Fri May 17 2019 Gabriel Becker <ggasparb@redhat.com> - 0.1.43-8
0d5c10
- Fixed OVAL check for sssd_ssh_known_hosts_timeout and added bash remediation (RHBZ#1599179)
0d5c10
0d5c10
* Fri May 10 2019 Watson Yuuma Sato <wsato@redhat.com> - 0.1.43-7
0d5c10
- Fix handling of package CPE during generation of Ansible playbooks (RHBZ#1647189)
0d5c10
0d5c10
* Fri May 10 2019 Watson Yuuma Sato <wsato@redhat.com> - 0.1.43-6
0d5c10
- Deduplicated more CCEs assigned to rules (RHBZ#1703092)
0d5c10
0d5c10
* Thu Apr 25 2019 Gabriel Becker <ggasparb@redhat.com> - 0.1.43-5
0d5c10
- Remove ensure_gpgcheck_repo_metadata rule from profiles (RHBZ#1703010)
0d5c10
- Deduplicate CCE assigned to rules (RHBZ#1703092)
0d5c10
0d5c10
* Tue Apr 23 2019 Gabriel Becker <ggasparb@redhat.com> - 0.1.43-4
0d5c10
- Mark SELinux rules as machine only (RHBZ#1630739)
0d5c10
- Mark service disabled rules as machine only (RHBZ#1630739)
0d5c10
0d5c10
* Mon Apr 08 2019 Gabriel Becker <ggasparb@redhat.com> - 0.1.43-3
0d5c10
- Mark rules which were not applicable for containers as machine only (RHBZ#1630739)
0d5c10
- Fix content support for UBI-Minimal (RHBZ#1695213)
0d5c10
0d5c10
* Mon Mar 25 2019 Watson Yuuma Sato <wsato@redhat.com> - 0.1.43-2
0d5c10
- Fixes for smooth Ansible playbooks run (RHBZ#1647189)
0d5c10
- Fix Ansible template for file permissions (RHBZ#1686007)
0d5c10
- Fix remediation of rule rpm_verify_permissions (RHBZ#1686005)
0d5c10
- Fix remediation of audit rules for privileged commands (RHBZ#1687826)
877cb5
0d5c10
* Fri Mar 01 2019 Jan Černý <jcerny@redhat.com> - 0.1.43-1
0d5c10
- Update to the latest upstream release (RHBZ#1684545)
94594a
7629ac
* Tue Sep 25 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.40-12
7629ac
- Fix malformed patch for removal of abrt and sendmail (RHBZ#1619689)
7629ac
7629ac
* Tue Sep 25 2018 Matěj Týč <matyc@redhat.com> - 0.1.40-11
7629ac
- Fixes for RHBZ#1619689:
7629ac
- Added support for kernel parameters yama.ptrace_scope, kptr_restrict, dmesg_restrict and kexec_load_disabled.
7629ac
- Added support for boot parameters audit_backlog_limit=8192, slub_debug=P, page_poison=1 and vsyscall=none.
7629ac
- Added support for proper /dev/shm handling (noexec,nosuid,nodev,mode=1777)
7629ac
- Added support for checking that sendmail and abrt are not installed.
7629ac
- Introduced OSPP to the OSPP profile title.
7629ac
- Disabled linkcheck tests during the build.
7629ac
7629ac
* Sun Sep 23 2018 Marek Haičman <mhaicman@redhat.com> - 0.1.40-10
7629ac
- Fix regression in file ownership and group OVAL. (RHBZ#1570802)
7629ac
7629ac
* Fri Sep 21 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.40-9
7629ac
- Fix malformed patch for Audit Rules (RHBZ#1619689)
7629ac
7629ac
* Fri Sep 21 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.40-8
7629ac
- Add Bash remediation for rule grub2_audit_arguments (RHBZ#1619689)
7629ac
- Allow remediation for rule dconf_gnome_screensaver_lock_delay to fix commented settings (RHBZ#1609122)
7629ac
- Select missing audit rules for privileged commands for OSPP4.2 Profile (RHBZ#1619689)
7629ac
7629ac
* Wed Sep 19 2018 Matěj Týč <matyc@redhat.com> - 0.1.40-7
7629ac
- Fixed previously applied patches for OSPP 4.2 (RHBZ#1619689)
7629ac
7629ac
* Mon Sep 17 2018 Matěj Týč <matyc@redhat.com> - 0.1.40-6
7629ac
- Applied a batch of patches that improve OSPP 4.2 profile support for RHEL7 (RHBZ#1619689)
7629ac
- Fixed the xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled check (RHBZ#1609122)
7629ac
7629ac
* Fri Sep 14 2018 Marek Haičman <mhaicman@redhat.com> - 0.1.40-5
7629ac
- Re-fix FIPS patch. (RHBZ#1587911)
7629ac
7629ac
* Wed Sep 12 2018 Matěj Týč <matyc@redhat.com> - 0.1.40-4
7629ac
- Applied a batch of patches that improve OSPP 4.2 profile support for RHEL7 (RHBZ#1619689)
7629ac
7629ac
* Tue Sep 11 2018 Matěj Týč <matyc@redhat.com> - 0.1.40-3
7629ac
- Don't generate remediations for Anaconda for /dev/cdrom mount point (RHBZ#1618840)
7629ac
- Install dracut-fips when fips mode is enabled in the profile (RHBZ#1587911)
7629ac
7629ac
* Wed Aug 01 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.40-2
7629ac
- Don't generate remediations for Anaconda for /dev/shm mount point (RHBZ#1570956)
7629ac
7629ac
* Wed Jul 25 2018 Matěj Týč <matyc@redhat.com> - 0.1.40-1
7629ac
- Update to upstream release 0.1.40
7629ac
- Underlying code has been deduplicated and unified, which fixes countless subtle bugs.
7629ac
- Updated Ansible playbooks, so they don't use deprecated constructs.
7629ac
- Service disable family of rules take the corresponding socket deactivation into account if applicable in check and in remediations.
7629ac
7629ac
* Thu Jul 19 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.39-2
7629ac
- Fix configuration to not build new products introduced in upstream
7629ac
- Test package with ctest
7629ac
7629ac
* Fri Jul 13 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.39-1
7629ac
- Update to upstream release 0.1.39
7629ac
- Profile IDs simplified
7629ac
- Common Profile removed in favor of Standard Profile
7629ac
- RHEL7 STIG reference updated to V1R4
7629ac
- RHEL6 STIG reference updated to V1R18
7629ac
- New License - BSD-3 Clause
7629ac
- Several remediation fixes
7629ac
- Better content support for DISA STIG Viewer (#2418)
1c7659
0950b5
* Mon Jan 08 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.36-7
0950b5
- Fix sshd_required unset (RHBZ#1522956)
0950b5
- Fix missing bash remediation functions include (RHBZ#1524738)
0950b5
- Fix empty columns in SRG HTML Table (RHBZ#1531105)
0950b5
- Fix reference to oudated PAM config manual (RHBZ#1447760)
0950b5
0950b5
* Tue Dec 12 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.1.36-6
0950b5
- Rebuild with OpenSCAP 1.2.16
0950b5
0950b5
* Mon Dec 11 2017 Matěj Týč <matyc@redhat.com> - 0.1.36-5
0950b5
- Patched not to check library ownership in libexec.
0950b5
- Patched to fix title of DISA STIG profile.
0950b5
- Patched to deprecate RhostsRSAAuthentication.
0950b5
- Patched to fix umask_for_daemons.
0950b5
0950b5
* Thu Nov 16 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.1.36-4
0950b5
- Rebuild with OpenSCAP 1.2.16
0950b5
0950b5
* Tue Nov 14 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.1.36-3
0950b5
- Add DISA STIG Rule IDs to XCCDF Rules with STIGID
0950b5
0950b5
* Fri Nov 03 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.1.36-2
0950b5
- Fix configuration to not build new products introduced in upstream
0950b5
0950b5
* Fri Nov 03 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.1.36-1
0950b5
- Update to upstream release 0.1.36
0950b5
- Introduction of SCAP Security Guide Test Suite
0950b5
- Better alignment of RHEL6 and RHEL7 with DISA STIG
0950b5
- Remove JBoss EAP5 content due to being End-of-Life
0950b5
- New STIG Profile for JBOSS EAP 6
0950b5
- Updates in C2S Profile for RHEL 7
0950b5
- Variables can be directly tailored in Ansible roles
0950b5
- Content presents less false positives in containers
0950b5
- Changes in directory layout
0950b5
0950b5
* Wed Sep 20 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.1.35-2
0950b5
- Do not build content for JBOSS EAP6
0950b5
0950b5
* Wed Sep 20 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.1.35-1
0950b5
- Update to upstream release 0.1.35
0950b5
- Remove Red Hat Enterprise Linux 5 content due to being End-of-Life March 31, 2017
0950b5
- Added several templates for OVAL checks
0950b5
- Many optimizations in build process
0950b5
- Different title for PCI-DSS Benchmark variants
0950b5
- Remediation roles moved to /usr/share/scap-security
0950b5
- Fix duplicated roles and guides (RHBZ#1465691)
650d98
1e6968
* Tue Sep 19 2017 Watson Sato <wsato@redhat.com> 0.1.33-6
1e6968
- Dropped remediation that makes system not accessible by SSH (RHBZ#1478414)
1e6968
9c64d1
* Wed Jun 14 2017 Watson Sato <wsato@redhat.com> 0.1.33-5
9c64d1
- Fix Anaconda Smartcard auth remediation (RHBZ#1461330)
9c64d1
9c64d1
* Fri May 19 2017 Watson Sato <wsato@redhat.com> 0.1.33-4
9c64d1
- Fix specfile to not include tables twice
9c64d1
9c64d1
* Fri May 19 2017 Watson Sato <wsato@redhat.com> 0.1.33-3
9c64d1
- Fix malformed title of profile nist-800-171-cui
9c64d1
9c64d1
* Fri May 19 2017 Watson Sato <wsato@redhat.com> 0.1.33-2
9c64d1
- Fix emtpy ospp-rhel7 table
9c64d1
- Fix Anaconda remediation templates (RHBZ#1450731)
9c64d1
9c64d1
* Mon May 01 2017 Watson Sato <wsato@redhat.com> 0.1.33-1
9c64d1
- Update to upstream version 0.1.33
9c64d1
- DISA RHEL7 STIG profile alignment improved
9c64d1
- Introduction of remediation roles
9c64d1
- RPM and DEB test packages are built by CMake with CPack
9c64d1
- Lots of remediation fixes
9c64d1
9c64d1
* Tue Mar 28 2017 Watson Sato <wsato@redhat.com> 0.1.32-1
9c64d1
- Update to upstream version 0.1.32
9c64d1
- New CMake build system
9c64d1
- Improved NIST 800-171 profile
9c64d1
- Initial RHVH profile
9c64d1
- New CPE to identify systems like machines (bare-metal and VM) and containers (image and container)
9c64d1
- Template clean up in lots of remediations
9c64d1
9c64d1
* Fri Mar 10 2017 Watson Sato <wsato@redhat.com> 0.1.30-6
9c64d1
- Ship separate OCIL definitions for Red Hat Enterprise Linux 7 (RHBZ#1428144)
721d24
7a35c8
* Tue Feb 14 2017 Watson Sato <wsato@redhat.com> 0.1.30-5
7a35c8
- Fix template remediation function used by SSHD remediation
7a35c8
- Reduce scope of patch that fixes SSHD remediation (RH BZ#1415152)
ee8600
9c64d1
* Tue Jan 31 2017 Watson Sato <wsato@redhat.com> 0.1.30-4
7a35c8
- Correct remediation for SSHD which caused it not to start (RH BZ#1415152)
ee8600
f04235
* Wed Aug 10 2016 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.30-3
f04235
- Correct the remediation script for 'Enable Smart Card Login' rule
f04235
  for Red Hat Enterprise Linux 7 (RH BZ#1357019)
f04235
f04235
* Thu Jul 14 2016 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.30-2
f04235
- Fix issue of two STIG profiles for Red Hat Enterprise Linux 6 benchmark
f04235
  having the identical title (RH BZ#1351541)
f04235
- Enhance the shared OVAL check for 'Set Deny For Failed Password Attempts'
f04235
  rule and also Red Hat Enterprise Linux 7 OVAL check for 'Configure the root
f04235
  Account for Failed Password Attempts' rule to report correct system status
f04235
  WRT to these requirements also in the case the SSSD daemon is used
f04235
  (RH BZ#1344581)
f04235
- Include currently available kickstart files and produced HTML tables for
f04235
  Red Hat Enterprise Linux 6 and 7 products into the produced RPM package
f04235
  (RH BZ#1351751)
f04235
f04235
* Wed Jun 22 2016 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.30-1
f04235
- Update to upstream's 0.1.30 release:
f04235
  https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.30
f04235
  (RH BZ#1289533)
f04235
- Drop remediation functions library since starting from 0.1.30 release
f04235
  remediation scripts are part of the benchmarks directly
f04235
- Drop three patches that have been accepted upstream in the meantime
f04235
- Update drop-rpm-verify-permissions-rule patch to work properly against
f04235
  0.1.30 release
6c1a7a
fa25b6
* Fri Oct 02 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.25-3
fa25b6
- Drop "Verify and Correct File Permissions with RPM" rule from the PCI-DSS
fa25b6
  profile for Red Hat Enterprise Linux 7 (RH BZ#1267861)
fa25b6
fa25b6
* Wed Sep 09 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.25-2
fa25b6
- Update R and BR for the openscap-scanner package to 1.2.5 per RHBZ#1202762#c7
fa25b6
fa25b6
* Wed Aug 19 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.25-1
fa25b6
- Rebase to upstream 0.1.25 release
fa25b6
fa25b6
* Tue Aug 04 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.24-4
fa25b6
- Fix false-positive in OVAL check for 'accounts_passwords_pam_faillock_deny'
fa25b6
  rule
fa25b6
fa25b6
* Mon Aug 03 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.24-3
fa25b6
- Add remediation script for 'accounts_passwords_pam_faillock_unlock_time' rule
fa25b6
  for Red Hat Enterprise Linux 7 product
fa25b6
- Override title and description for all existing profiles for Red Hat
fa25b6
  Enterprise Linux 6 product that are extending another SCAP profile
fa25b6
  (RHBZ#1246529)
fa25b6
- Correct various issues in the included Oscap Anaconda Addon PCI-DSS profile
fa25b6
  kickstart file for Red Hat Enterprise Linux 7 product
fa25b6
- Add remediation script for 'audit_rules_time_clock_settime' rule for
fa25b6
  Red Hat Enterprise Linux 7 product
fa25b6
- Add remediation scripts for 'audit_rules_time_adjtimex',
fa25b6
  'audit_rules_time_settimeofday', and 'audit_rules_time_stime' rules for
fa25b6
  Red Hat Enterprise Linux 7 product
fa25b6
- Tag current PCI-DSS profile for Red Hat Enterprise Linux 7 product with
fa25b6
  "Draft" label
fa25b6
- Disable the following rules in the PCI-DSS profile for the Red Hat Enterprise
fa25b6
  Linux 7 product:
fa25b6
  * dconf_gnome_screensaver_idle_delay -- missing remediation script,
fa25b6
  * dconf_gnome_screensaver_idle_activation -- missing remediation script,
fa25b6
  * dconf_gnome_screensaver_lock_enabled -- missing remediation script,
fa25b6
  * audit_rules_login_events -- incorrect OVAL check (upstream issue #607),
fa25b6
  * audit_rules_privileged_commands -- missing remediation script, and
fa25b6
  * audit_rules_immutable -- missing remediation script.
fa25b6
fa25b6
* Mon Aug 03 2015 Martin Preisler <mpreisle@redhat.com> 0.1.24-2
fa25b6
- Break-down firewalld rule description for Red Hat Enterprise Linux 7 product
fa25b6
  into multiple lines, prevents HTML guide UX issues
fa25b6
fa25b6
* Tue Jul 07 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.24-1
fa25b6
- Rebase to upstream scap-security-guide-0.1.24 version
fa25b6
- Start producing the -doc subpackage to provide the HTML formatted
fa25b6
  documents containing security guides generated from shipped XCCDF benchmarks
fa25b6
fa25b6
* Mon Jun 22 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.23-1
fa25b6
- Rebase to upstream scap-security-guide-0.1.23 version
fa25b6
- Update upstream tarball source URL to GitHub archive location
fa25b6
- Drop the following patches that have been accepted upstream:
fa25b6
  * scap-security-guide-0.1.19-rhel7-include-only-rht-ccp-profile.patch
fa25b6
  * scap-security-guide-0.1.19-rhel7-drop-restorecond-since-in-optional.patch
fa25b6
  * scap-security-guide-0.1.19-update-man-page-for-rhel7-content.patch
fa25b6
  * scap-security-guide-0.1.19-rhel7-update-pam-XCCDF-to-use-pam_pwquality.patch
fa25b6
  * scap-security-guide-0.1.20-rhel7-shared-fix-limit-password-reuse-remediation.patch
fa25b6
  * scap-security-guide-0.1.20-rhel6-rhel7-PR#280-set-deny-prerequisite-#1.patch
fa25b6
  * scap-security-guide-0.1.20-rhel6-rhel7-set-deny-prerequisite-#2.patch
fa25b6
  * scap-security-guide-0.1.20-shared-fix-set-deny-for-failed-password-attempts-remediation.patch
fa25b6
  * scap-security-guide-0.1.20-rhel7-specify-exact-profile-name-when-generating-guide.patch
fa25b6
- Include the datastream versions of Firefox and Java Runtime Environment (JRE) benchmarks
fa25b6
- Include USGCB and DISA STIG profile kickstart files for Red Hat Enterprise Linux 6
fa25b6
2b7b16
* Tue Oct 21 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.19-2
2b7b16
- Fix Limit Password Reuse remediation script error
2b7b16
- Fix Set Deny For Failed Password Attempts remediation script error
2b7b16
- Use RHT-CCP profile name when generating HTML guide
2b7b16
- Describe RHT-CCP profile in the manual page
2b7b16
2b7b16
* Mon Sep 29 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.19-1
2b7b16
- Include RHEL-7 content (RHT-CCP profile only)
2b7b16
- Drop RHEL-7 restorecond XCCDF rule since policycoreutils-restorecond in Optional channel
2b7b16
- Drop RHEL-7 cpuspeed XCCDF rule since obsoleted by cpupower from kernel-tools
2b7b16
- Update manual page to be more appropriate for RHEL-7
2b7b16
- Drop RHEL-6 C2S profile update patch since merged upstream
2b7b16
2b7b16
* Tue Sep 02 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.18-4
2b7b16
- Initial build for Red Hat Enterprise Linux 7
2b7b16
2b7b16
* Thu Aug 28 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.18-3
2b7b16
- Update C2S profile <description> per request from CIS
2b7b16
2b7b16
* Thu Jun 26 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.18-2
2b7b16
- Include the upstream STIG for RHEL 6 Server profile disclaimer file too
2b7b16
2b7b16
* Sun Jun 22 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.18-1
2b7b16
- Make new 0.1.18 release
2b7b16
2b7b16
* Wed May 14 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.17-2
2b7b16
- Drop vendor line from the spec file. Let the build system to provide it.
2b7b16
2b7b16
* Fri May 09 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.17-1
2b7b16
- Upgrade to upstream 0.1.17 version
2b7b16
2b7b16
* Mon May 05 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.16-2
2b7b16
- Initial RPM for RHEL base channels
2b7b16
2b7b16
* Mon May 05 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.16-1
2b7b16
- Change naming scheme (0.1-16 => 0.1.16-1)
2b7b16
2b7b16
* Fri Feb 21 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-16
2b7b16
- Include datastream file into RHEL6 RPM package too
2b7b16
- Bump version
2b7b16
2b7b16
* Tue Dec 24 2013 Shawn Wells <shawn@redhat.com> 0.1-16.rc2
2b7b16
+ RHEL6 stig-rhel6-server XCCDF profile renamed to stig-rhel6-server-upstream
2b7b16
2b7b16
* Mon Dec 23 2013 Shawn Wells <shawn@redhat.com> 0.1-16.rc1
2b7b16
- [bugfix] RHEL6 no_empty_passwords remediation script overwrote
2b7b16
  system-auth symlink. Added --follow-symlink to sed command.
2b7b16
2b7b16
* Fri Nov 01 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-15
2b7b16
- Version bump
2b7b16
2b7b16
* Sat Oct 26 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-15.rc5
2b7b16
- Point the spec's source to proper remote tarball location
2b7b16
- Modify the main Makefile to use remote tarball when building RHEL/6's SRPM
2b7b16
2b7b16
* Sat Oct 26 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-15.rc4
2b7b16
- Don't include the table html files two times
2b7b16
- Remove makewhatis
2b7b16
2b7b16
* Fri Oct 25 2013 Shawn Wells <shawn@redhat.com> 0.1-15.rc3
2b7b16
- [bugfix] Updated rsyslog_remote_loghost to scan /etc/rsyslog.conf and /etc/rsyslog.d/*
2b7b16
- Numberous XCCDF->OVAL naming schema updates
2b7b16
- All rules now have CCE
2b7b16
2b7b16
* Fri Oct 25 2013 Shawn Wells <shawn@redhat.com> 0.1-15.rc2
2b7b16
- RHEL/6 HTML table naming bugfixes (table-rhel6-*, not table-*-rhel6)
2b7b16
2b7b16
* Fri Oct 25 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-15.rc1
2b7b16
- Apply spec file changes required by review request (RH BZ#1018905)
2b7b16
2b7b16
* Thu Oct 24 2013 Shawn Wells <shawn@redhat.com> 0.1-14
2b7b16
- Formal RPM release
2b7b16
- Inclusion of rht-ccp profile
2b7b16
- OVAL unit testing patches
2b7b16
- Bash remediation patches
2b7b16
- Bugfixes
2b7b16
2b7b16
* Mon Oct 07 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-14.rc1
2b7b16
- Change RPM versioning scheme to include release into tarball
2b7b16
2b7b16
* Sat Sep 28 2013 Shawn Wells <shawn@redhat.com> 0.1-13
2b7b16
- Updated RPM spec file to fix rpmlint warnings
2b7b16
2b7b16
* Wed Jun 26 2013 Shawn Wells <shawn@redhat.com> 0.1-12
2b7b16
- Updated RPM version to 0.1-12
2b7b16
2b7b16
* Fri Apr 26 2013 Shawn Wells <shawn@redhat.com> 0.1-11
2b7b16
- Significant amount of OVAL bugfixes
2b7b16
- Incorporation of Draft RHEL/6 STIG feedback
2b7b16
2b7b16
* Sat Feb 16 2013 Shawn Wells <shawn@redhat.com> 0.1-10
2b7b16
- `man scap-security-guide`
2b7b16
- OVAL bug fixes
2b7b16
- NIST 800-53 mappings update
2b7b16
2b7b16
* Wed Nov 28 2012 Shawn Wells <shawn@redhat.com> 0.1-9
2b7b16
- Updated BuildRequires to reflect python-lxml (thank you, Ray S.!)
2b7b16
- Reverting to noarch RPM
2b7b16
2b7b16
* Tue Nov 27 2012 Shawn Wells <shawn@redhat.com> 0.1-8
2b7b16
- Significant copy editing to XCCDF rules per community
2b7b16
  feedback on the DISA RHEL/6 STIG Initial Draft
2b7b16
2b7b16
* Thu Nov 1 2012 Shawn Wells <shawn@redhat.com> 0.1-7
2b7b16
- Corrected XCCDF content errors
2b7b16
- OpenSCAP now supports CPE dictionaries, important to
2b7b16
  utilize --cpe-dict when scanning machines with OpenSCAP,
2b7b16
  e.g.:
2b7b16
  $ oscap xccdf eval --profile stig-server \
2b7b16
   --cpe-dict ssg-rhel6-cpe-dictionary.xml ssg-rhel6-xccdf.xml
2b7b16
2b7b16
* Mon Oct 22 2012 Shawn Wells <shawn@redhat.com> 0.1-6
2b7b16
- Corrected RPM versioning, we're on 0.1 release 6 (not version 1 release 6)
2b7b16
- Updated RPM includes feedback received from DoD Consensus meetings
2b7b16
2b7b16
* Fri Oct 5  2012 Jeffrey Blank <blank@eclipse.ncsc.mil> 1.0-5
2b7b16
- Adjusted installation directory to /usr/share/xml/scap.
2b7b16
2b7b16
* Tue Aug 28  2012 Spencer Shimko <sshimko@tresys.com> 1.0-4
2b7b16
- Fix BuildRequires and Requires.
2b7b16
2b7b16
* Tue Jul 3 2012 Jeffrey Blank <blank@eclipse.ncsc.mil> 1.0-3
2b7b16
- Modified install section, made description more concise.
2b7b16
2b7b16
* Thu Apr 19 2012 Spencer Shimko <sshimko@tresys.com> 1.0-2
2b7b16
- Minor updates to pass some variables in from build system.
2b7b16
2b7b16
* Mon Apr 02 2012 Shawn Wells <shawn@redhat.com> 1.0-1
2b7b16
- First attempt at SSG RPM. May ${deity} help us...