Blame SPECS/scap-security-guide.spec

38a2c0
# SSG build system and tests count with build directory name `build`.
38a2c0
# For more details see:
38a2c0
# https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
38a2c0
%global _vpath_builddir build
1e383a
# global _default_patch_fuzz 2  # Normally shouldn't be needed as patches should apply cleanly
38a2c0
38a2c0
Name:		scap-security-guide
1d4e8f
Version:	0.1.73
825e43
Release:	1%{?dist}
38a2c0
Summary:	Security guidance and baselines in SCAP formats
38a2c0
License:	BSD-3-Clause
38a2c0
URL:		https://github.com/ComplianceAsCode/content/
38a2c0
Source0:	https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2
38a2c0
BuildArch:	noarch
38a2c0
38a2c0
BuildRequires:	libxslt
38a2c0
BuildRequires:	expat
38a2c0
BuildRequires:	openscap-scanner >= 1.2.5
38a2c0
BuildRequires:	cmake >= 2.8
1d4e8f
BuildRequires:	python%{python3_pkgversion}-devel
38a2c0
BuildRequires:	python%{python3_pkgversion}
38a2c0
BuildRequires:	python%{python3_pkgversion}-jinja2
38a2c0
BuildRequires:	python%{python3_pkgversion}-PyYAML
38a2c0
Requires:	xml-common, openscap-scanner >= 1.2.5
38a2c0
38a2c0
%description
38a2c0
The scap-security-guide project provides a guide for configuration of the
38a2c0
system from the final system's security point of view. The guidance is specified
38a2c0
in the Security Content Automation Protocol (SCAP) format and constitutes
38a2c0
a catalog of practical hardening advice, linked to government requirements
38a2c0
where applicable. The project bridges the gap between generalized policy
38a2c0
requirements and specific implementation guidelines. The system
38a2c0
administrator can use the oscap CLI tool from openscap-scanner package, or the
38a2c0
scap-workbench GUI tool from scap-workbench package to verify that the system
38a2c0
conforms to provided guideline. Refer to scap-security-guide(8) manual page for
38a2c0
further information.
38a2c0
38a2c0
%package	doc
38a2c0
Summary:	HTML formatted security guides generated from XCCDF benchmarks
38a2c0
Requires:	%{name} = %{version}-%{release}
38a2c0
38a2c0
%description	doc
38a2c0
The %{name}-doc package contains HTML formatted documents containing
38a2c0
hardening guidances that have been generated from XCCDF benchmarks
38a2c0
present in %{name} package.
38a2c0
38a2c0
%if ( %{defined rhel} && (! %{defined centos}) )
38a2c0
%package	rule-playbooks
38a2c0
Summary:	Ansible playbooks per each rule.
38a2c0
Group:		System Environment/Base
38a2c0
Requires:	%{name} = %{version}-%{release}
38a2c0
38a2c0
%description	rule-playbooks
38a2c0
The %{name}-rule-playbooks package contains individual ansible playbooks per rule.
38a2c0
%endif
38a2c0
38a2c0
%prep
38a2c0
%autosetup -p1
38a2c0
38a2c0
%define cmake_defines_common -DSSG_SEPARATE_SCAP_FILES_ENABLED=OFF -DSSG_BASH_SCRIPTS_ENABLED=OFF -DSSG_BUILD_SCAP_12_DS=OFF
38a2c0
%define cmake_defines_specific %{nil}
38a2c0
%if 0%{?rhel}
38a2c0
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{rhel}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON
38a2c0
%endif
38a2c0
%if 0%{?centos}
38a2c0
%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON
38a2c0
%endif
38a2c0
38a2c0
mkdir -p build
38a2c0
%build
38a2c0
%cmake %{cmake_defines_common} %{cmake_defines_specific}
38a2c0
%cmake_build
38a2c0
38a2c0
%install
38a2c0
%cmake_install
38a2c0
rm %{buildroot}/%{_docdir}/%{name}/README.md
38a2c0
rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
38a2c0
38a2c0
%files
38a2c0
%{_datadir}/xml/scap/ssg/content
38a2c0
%{_datadir}/%{name}/kickstart
38a2c0
%{_datadir}/%{name}/ansible/*.yml
38a2c0
%lang(en) %{_mandir}/man8/scap-security-guide.8.*
38a2c0
%doc %{_docdir}/%{name}/LICENSE
38a2c0
%if ( %{defined rhel} && (! %{defined centos}) )
38a2c0
%exclude %{_datadir}/%{name}/ansible/rule_playbooks
38a2c0
%endif
38a2c0
38a2c0
%files doc
38a2c0
%doc %{_docdir}/%{name}/guides/*.html
38a2c0
%doc %{_docdir}/%{name}/tables/*.html
38a2c0
38a2c0
%if ( %{defined rhel} && (! %{defined centos}) )
38a2c0
%files rule-playbooks
38a2c0
%defattr(-,root,root,-)
38a2c0
%{_datadir}/%{name}/ansible/rule_playbooks
38a2c0
%endif
38a2c0
38a2c0
%changelog
1d4e8f
* Mon May 20 2024 Vojtech Polasek <vpolasek@redhat.com> - 0.1.73-1
1d4e8f
- Rebase to a new upstream release 0.1.73 (RHEL-36663)
1d4e8f
- Correctly parse sudo options even if they are not quoted (RHEL-31976)
1d4e8f
- Ensure that web links within kickstart files are valid (RHEL-30735)
1d4e8f
- Align set of allowed SSH ciphers with STIG requirement (RHEL-29684)
1d4e8f
- Add audit rules on /etc/sysconfig/network-scripts (RHEL-29308)
1d4e8f
- Remove rule restricting user namespaces from stig_gui profile (RHEL-10416)
1d4e8f
- Add rule which enables auditing of files within /etc/sysconfig/network-scripts (RHEL-1093)
1d4e8f
43be8e
* Tue Feb 13 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-1
43be8e
- Rebase to a new upstream release 0.1.72 (RHEL-21425)
43be8e
- Check dropin files in /etc/systemd/journald.conf.d/ (RHEL-14484)
43be8e
- Fix remediation to not update comments (RHEL-1484)
43be8e
- Fix package check on SCAP tests for dnf settings (RHEL-17417)
43be8e
- Update description for audit_rules_kernel_module_loading (RHEL-1489)
43be8e
- Disable remediation for /dev/shm options in offline mode (RHEL-16801)
43be8e
- Include explanatory comment in the remediation of CCE-83871-4 (RHEL-17418)
43be8e
43be8e
* Tue Dec 05 2023 Jan Černý <jcerny@redhat.com> - 0.1.69-3
43be8e
- Align STIG profile with official DISA STIG for RHEL 9 (RHEL-1807)
43be8e
43be8e
* Thu Aug 17 2023 Jan Černý <jcerny@redhat.com> - 0.1.69-2
43be8e
- Remove OpenSSH crypto policy hardening rules from STIG profile (RHBZ#2221697)
43be8e
- Fix ANSSI High profile with secure boot (RHBZ#2221697)
43be8e
43be8e
* Wed Aug 09 2023 Jan Černý <jcerny@redhat.com> - 0.1.69-1
43be8e
- Rebase to a new upstream release 0.1.69 (RHBZ#2221697)
43be8e
- Improve CIS benchmark rules related to auditing of kernel module related events (RHBZ#2209657)
43be8e
- SSSD configuration files are now created with correct permissions whenever remediating SSSD related rules (RHBZ#2211511)
43be8e
- add warning about migration of network configuration files when upgrading from RHEL 8 to RHEL 9 (RHBZ#2172555)
43be8e
- Correct URL used to download CVE checks. (RHBZ#2223178)
43be8e
- update ANSSI BP-028 profiles to be aligned with version 2.0 (RHBZ#2155790)
43be8e
- Fixed excess quotes in journald configuration files (RHBZ#2193169)
43be8e
- Change rules checking home directories to apply only to local users (RHBZ#2203791)
43be8e
- Change rules checking password age to apply only to local users (RHBZ#2213958)
43be8e
- Updated man page (RHBZ#2060028)
43be8e
825e43
* Mon Feb 13 2023 Watson Sato <wsato@redhat.com> - 0.1.66-1
825e43
- Rebase to a new upstream release 0.1.66 (RHBZ#2169443)
825e43
- Fix remediation of audit watch rules (RHBZ#2169441)
825e43
- Fix check firewalld_sshd_port_enabled (RHBZ#2169443)
825e43
- Fix accepted control flags for pam_pwhistory (RHBZ#2169443)
825e43
- Unselect rule logind_session_timeout (RHBZ#2169443)
825e43
- Add support rainer scripts in rsyslog rules (RHBZ#2169445)
825e43
1e383a
* Thu Aug 25 2022 Gabriel Becker <ggasparb@redhat.com> - 0.1.63-5
1e383a
- OSPP: fix rule related to coredump (RHBZ#2081688)
1e383a
1e383a
* Tue Aug 23 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-4
1e383a
- use sysctl_kernel_core_pattern rule again in RHEL9 OSPP (RHBZ#2081688)
1e383a
1e383a
* Thu Aug 11 2022 Matej Tyc <matyc@redhat.com> - 0.1.63-3
1e383a
- Readd rules to the benchmark to be compatible across all minor versions of RHEL9 (RHBZ#2117669)
1e383a
1e383a
* Wed Aug 10 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-2
1e383a
- OSPP: utilize different audit rule set for different hardware platforms (RHBZ#1998583)
1e383a
- OSPP: update rules related to coredumps (RHBZ#2081688)
1e383a
- OSPP: update rules related to BPF (RHBZ#2081728)
1e383a
- fix description of require_singleuser_mode (RHBZ#2092799)
1e383a
- fix remediation of OpenSSL cryptopolicy (RHBZ#2108569)
1e383a
- OSPP: use minimal Authselect profile(RHBZ#2114979)
1e383a
1e383a
* Mon Aug 01 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-1
1e383a
- Rebase to a new upstream release 0.1.63 (RHBZ#2070563)
1e383a
1e383a
* Mon Jul 18 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.62-2
1e383a
- Remove sysctl_fs_protected_* rules from RHEL9 OSPP (RHBZ#2081719)
1e383a
- Make rule audit_access_success_ unenforcing in RHEL9 OSPP (RHBZ#2058154)
1e383a
- Drop zipl_vsyscall_argument rule from RHEL9 OSPP profile (RHBZ#2060049)
1e383a
- make sysctl_user_max_user_namespaces in RHEL9 OSPP (RHBZ#2083716)
1e383a
- Remove some sysctl rules  related to network from RHEL9 OSPP (RHBZ#2081708)
1e383a
- Add rule to check if Grub2 recovery is disabled to RHEL9 OSPP (RHBZ#2092809)
1e383a
- Add rule grub2_systemd_debug-shell_argument_absent (RHBZ#2092840)
1e383a
- Remove rule accounts_password_minlen_login_defs from all profiles (RHBZ#2073040)
1e383a
- Remove rules related to remove logging from RHEL9 OSPP (RHBZ#2105016)
1e383a
- Remove sshd_enable_strictmodes from OSPP (RHBZ#2105278)
1e383a
- Remove rules related to NIS services (RHBZ#2096602)
1e383a
- Make rule stricter when checking for FIPS crypto-policies (RHBZ#2057082)
1e383a
1e383a
* Wed Jun 01 2022 Matej Tyc <matyc@redhat.com> - 0.1.62-1
1e383a
- Rebase to a new upstream release (RHBZ#2070563)
38a2c0
38a2c0
* Mon Feb 21 2022 Gabriel Becker <ggasparb@redhat.com> - 0.1.60-5
38a2c0
- Remove tmux process runinng check in configure_bashrc_exec_tmux (RHBZ#2056847)
38a2c0
- Fix issue with getting STIG items in create_scap_delta_tailoring.py (RHBZ#2014561)
38a2c0
- Update rule enable_fips_mode to check only for technical state (RHBZ#2057457)
38a2c0
38a2c0
* Tue Feb 15 2022 Watson Sato <wsato@redhat.com> - 0.1.60-4
38a2c0
- Fix Ansible service disabled tasks (RHBZ#2014561)
38a2c0
- Update description of OSPP profile (RHBZ#2045386)
38a2c0
- Add page_aloc.shuffle rules for OSPP profile (RHBZ#2055118)
38a2c0
38a2c0
* Mon Feb 14 2022 Gabriel Becker <ggasparb@redhat.com> - 0.1.60-3
38a2c0
- Update sudoers rules in RHEL8 STIG V1R5 (RHBZ#2045403)
38a2c0
- Add missing SRG references in RHEL8 STIG V1R5 rules (RHBZ#2045403)
38a2c0
- Update chronyd_or_ntpd_set_maxpoll to disregard server and poll directives (RHBZ#2045403)
38a2c0
- Fix GRUB2 rule template to configure the module correctly on RHEL8 (RHBZ#2014561)
38a2c0
- Update GRUB2 rule descriptions (RHBZ#2020623)
38a2c0
- Make package_rear_installed not applicable on AARCH64 (RHBZ#2014561)
38a2c0
38a2c0
* Fri Feb 11 2022 Watson Sato <wsato@redhat.com> - 0.1.60-2
38a2c0
- Update OSPP profile (RHBZ#2016038, RHBZ#2043036, RHBZ#2020670, RHBZ#2046289)
38a2c0
38a2c0
* Thu Jan 27 2022 Watson Sato <wsato@redhat.com> - 0.1.60-1
38a2c0
- Rebase to a new upstream release (RHBZ#2014561)
38a2c0
38a2c0
* Wed Dec 08 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.59-1
38a2c0
- Rebase to a new upstream release (RHBZ#2014561)
38a2c0
- Enable Centos Stream 9 content (RHBZ#2021284)
38a2c0
38a2c0
* Fri Oct 15 2021 Matej Tyc <matyc@redhat.com> - 0.1.58-1
38a2c0
- Rebase to a new upstream release (RHBZ#2014561)
38a2c0
- Disable profiles that we disable in RHEL8
38a2c0
- Add a VM wait handling to fix issues with tests.
38a2c0
38a2c0
* Wed Aug 25 2021 Matej Tyc <matyc@redhat.com> - 0.1.57-5
38a2c0
- Fix remediations applicability of zipl rules
38a2c0
  Resolves: rhbz#1996847
38a2c0
38a2c0
* Tue Aug 24 2021 Matej Tyc <matyc@redhat.com> - 0.1.57-4
38a2c0
- Fix a broken HTTP link
38a2c0
  Add CIS profile based on RHEL8 CIS, fix its Crypto Policy usage
38a2c0
  Resolves: rhbz#1962564
38a2c0
38a2c0
* Tue Aug 17 2021 Matej Tyc <matyc@redhat.com> - 0.1.57-3
38a2c0
- Use SSHD directory-based configuration.
38a2c0
  Resolves: rhbz#1962564
38a2c0
- Introduce ISM kickstarts
38a2c0
  Resolves: rhbz#1978290
38a2c0
- Deliver numerous RHEL9 fixes to rules - see related BZs for details.
38a2c0
  TLDR: Enable remediations by means of platform metadata,
38a2c0
  enable the RHEL9 GPG rule, introduce the s390x platform,
38a2c0
  fix the ctrl-alt-del reboot disable, fix grub2 UEFI config file location,
38a2c0
  address the subscription-manager package merge, and
38a2c0
  enable and select more rules applicable to RHEL9.
38a2c0
  Resolves: rhbz#1987227
38a2c0
  Resolves: rhbz#1987226
38a2c0
  Resolves: rhbz#1987231
38a2c0
  Resolves: rhbz#1988289
38a2c0
38a2c0
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.1.57-2
38a2c0
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
38a2c0
  Related: rhbz#1991688
38a2c0
38a2c0
* Wed Jul 28 2021 Matej Tyc <matyc@redhat.com> - 0.1.57-1
38a2c0
- Upgrade to the latest upstream release
38a2c0
- Introduce more complete RHEL9 content in terms of rules, profiles and kickstarts.
38a2c0
38a2c0
* Wed Jul 07 2021 Matej Tyc <matyc@redhat.com> - 0.1.56-3
38a2c0
- Introduced the playbooks subpackage.
38a2c0
- Enabled CentOS content on CentOS systems.
38a2c0
- Solved missing CCEs problem by unselecting problematic rules by means of editing patches or by porting PRs that unselect them.
38a2c0
38a2c0
* Mon Jun 28 2021 Matej Tyc <matyc@redhat.com> - 0.1.56-2
38a2c0
- Enable more RHEL9 rules and introduce RHEL9 profile stubs
38a2c0
38a2c0
* Wed May 19 2021 Jan Černý <jcerny@redhat.com> - 0.1.56-1
38a2c0
- Upgrade to the latest upstream release
38a2c0
- remove README.md and Contributors.md
38a2c0
- remove SCAP component files
38a2c0
- remove SCAP 1.2 source data streams
38a2c0
- remove HTML guides for the virtual “(default)” profile
38a2c0
- remove profile Bash remediation scripts
38a2c0
- build only RHEL9 content
38a2c0
- remove other products
38a2c0
- use autosetup in %prep phase
38a2c0
38a2c0
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.1.54-3
38a2c0
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
38a2c0
38a2c0
* Fri Feb 12 2021 Vojtech Polasek <vpolasek@redhat.com> - 0.1.54-2
38a2c0
- fix definition of build directory
38a2c0
38a2c0
* Fri Feb 05 2021 Vojtech Polasek <vpolasek@redhat.com> - 0.1.54-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.54 release:
38a2c0
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.54
38a2c0
38a2c0
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.53-2
38a2c0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
38a2c0
38a2c0
* Mon Nov 16 2020 Vojtech Polasek <vpolasek@redhat.com> - 0.1.53-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.53 release:
38a2c0
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.53
38a2c0
38a2c0
* Wed Sep 23 2020 Vojtech Polasek <vpolasek@redhat.com> - 0.1.52-3
38a2c0
- revert previous rework, it did not solve the problem
38a2c0
38a2c0
* Wed Sep 23 2020 Vojtech Polasek <vpolasek@redhat.com> - 0.1.52-2
38a2c0
- rewrite solution for CMake out of source builds
38a2c0
38a2c0
* Mon Sep 21 2020 Vojtech Polasek <vpolasek@redhat.com> - 0.1.52-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.52 release:
38a2c0
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.52
38a2c0
38a2c0
* Tue Aug 04 2020 Jan Černý <jcerny@redhat.com> - 0.1.51-4
38a2c0
- Update for new CMake out of source builds
38a2c0
  https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
38a2c0
- Fix FTBS in Rawhide/F33 (RHBZ#1863741)
38a2c0
38a2c0
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.51-3
38a2c0
- Second attempt - Rebuilt for
38a2c0
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
38a2c0
38a2c0
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.51-2
38a2c0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
38a2c0
38a2c0
* Fri Jul 17 2020 Vojtech Polasek <vpolasek@redhat.com> - 0.1.51-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.51 release:
38a2c0
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.51
38a2c0
38a2c0
* Mon Mar 23 2020 Watson Sato <wsato@redhat.com> - 0.1.49-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.49 release:
38a2c0
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.49
38a2c0
38a2c0
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.48-2
38a2c0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
38a2c0
38a2c0
* Thu Jan 16 2020 Watson Sato <wsato@redhat.com> - 0.1.48-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.48 release:
38a2c0
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.48
38a2c0
38a2c0
* Mon Dec 09 2019 Matěj Týč <matyc@redhat.com> - 0.1.47-2
38a2c0
- Hotfix of the XML parsing fix.
38a2c0
38a2c0
* Mon Dec 09 2019 Matěj Týč <matyc@redhat.com> - 0.1.47-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.47 release:
38a2c0
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.47
38a2c0
- Fixed XML parsing of remediation functions.
38a2c0
38a2c0
* Mon Jul 29 2019 Watson Sato <wsato@redhat.com> - 0.1.45-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.45 release:
38a2c0
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.45
38a2c0
38a2c0
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.44-2
38a2c0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
38a2c0
38a2c0
* Mon May 06 2019 Watson Yuuma Sato <wsato@redhat.com> - 0.1.44-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.44 release:
38a2c0
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.44
38a2c0
38a2c0
* Fri Feb 22 2019 Watson Yuuma Sato <wsato@redhat.com> - 0.1.43-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.43 release:
38a2c0
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.43
38a2c0
- Update URL and source URL
38a2c0
38a2c0
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.42-2
38a2c0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
38a2c0
38a2c0
* Wed Dec 12 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.42-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.42 release:
38a2c0
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.42
38a2c0
- Fix man page build dependency on derivative content
38a2c0
38a2c0
* Mon Oct 01 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.41-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.41 release:
38a2c0
  https://github.com/ComplianceAsCode/content/releases/tag/v0.1.41
38a2c0
- Fix Licence of this package
38a2c0
38a2c0
* Wed Jul 25 2018 Matěj Týč <matyc@redhat.com> - 0.1.40-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.40 release:
38a2c0
  https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.40
38a2c0
- Update to use Python3 for build.
38a2c0
38a2c0
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.39-3
38a2c0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
38a2c0
38a2c0
* Fri May 04 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.39-2
38a2c0
- Add python version to python2-jinja2 package
38a2c0
38a2c0
* Fri May 04 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.39-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.39 release:
38a2c0
  https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.39
38a2c0
38a2c0
* Mon Mar 05 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.38-2
38a2c0
- Add python version to python package prefixes
38a2c0
38a2c0
* Mon Mar 05 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.38-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.38 release:
38a2c0
  https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.38
38a2c0
38a2c0
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.37-2
38a2c0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
38a2c0
38a2c0
* Thu Jan 04 2018 Watson Yuuma Sato <wsato@redhat.com> - 0.1.37-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.37 release:
38a2c0
  https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.37
38a2c0
38a2c0
* Wed Nov 01 2017 Watson Yuuma Sato <wsato@redhat.com> - 0.1.36-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.36 release:
38a2c0
  https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.36
38a2c0
38a2c0
* Tue Aug 29 2017 Watson Sato <wsato@redhat.com> - 0.1.35-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.35 release:
38a2c0
  https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.35
38a2c0
38a2c0
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.34-2
38a2c0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
38a2c0
38a2c0
* Mon Jul 03 2017 Watson Sato <wsato@redhat.com> - 0.1.34-1
38a2c0
- updated to latest upstream release
38a2c0
38a2c0
* Mon May 01 2017 Martin Preisler <mpreisle@redhat.com> - 0.1.33-1
38a2c0
- updated to latest upstream release
38a2c0
38a2c0
* Thu Mar 30 2017 Martin Preisler <mpreisle@redhat.com> - 0.1.32-1
38a2c0
- updated to latest upstream release
38a2c0
38a2c0
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.31-3
38a2c0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
38a2c0
38a2c0
* Mon Nov 28 2016 Martin Preisler <mpreisle@redhat.com> - 0.1.31-2
38a2c0
- use make_build and make_install RPM macros
38a2c0
38a2c0
* Mon Nov 28 2016 Martin Preisler <mpreisle@redhat.com> - 0.1.31-1
38a2c0
- update to the latest upstream release
38a2c0
- new default location for content /usr/share/scap/ssg
38a2c0
- install HTML tables in the doc subpackage
38a2c0
38a2c0
* Mon Jun 27 2016 Jan iankko Lieskovsky <jlieskov@redhat.com> - 0.1.30-2
38a2c0
- Correct currently failing parallel SCAP Security Guide build
38a2c0
38a2c0
* Mon Jun 27 2016 Jan iankko Lieskovsky <jlieskov@redhat.com> - 0.1.30-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.30 release:
38a2c0
  https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.30
38a2c0
- Drop shell library for remediation functions since it is not required
38a2c0
  starting from 0.1.30 release any more
38a2c0
38a2c0
* Thu May 05 2016 Jan iankko Lieskovsky <jlieskov@redhat.com> - 0.1.29-1
38a2c0
- Update to latest upstream SCAP-Security-Guide-0.1.29 release:
38a2c0
  https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.29
38a2c0
- Do not ship Firefox/DISCLAIMER documentation file since it has been removed
38a2c0
  in 0.1.29 upstream release
38a2c0
38a2c0
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.28-2
38a2c0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
38a2c0
38a2c0
* Wed Jan 20 2016 Šimon Lukašík <slukasik@redhat.com> - 0.1.28-1
38a2c0
- upgrade to the latest upstream release
38a2c0
38a2c0
* Fri Dec 11 2015 Šimon Lukašík <slukasik@redhat.com> - 0.1.27-1
38a2c0
- update to the latest upstream release
38a2c0
38a2c0
* Tue Oct 20 2015 Šimon Lukašík <slukasik@redhat.com> - 0.1.26-1
38a2c0
- update to the latest upstream release
38a2c0
38a2c0
* Sat Sep 05 2015 Šimon Lukašík <slukasik@redhat.com> - 0.1.25-1
38a2c0
- update to the latest upstream release
38a2c0
38a2c0
* Thu Jul 09 2015 Šimon Lukašík <slukasik@redhat.com> - 0.1.24-1
38a2c0
- update to the latest upstream release
38a2c0
- created doc sub-package to ship all the guides
38a2c0
- start distributing centos and scientific linux content
38a2c0
- rename java content to jre
38a2c0
38a2c0
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1.22-2
38a2c0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
38a2c0
38a2c0
* Tue May 05 2015 Šimon Lukašík <slukasik@redhat.com> - 0.1.22-1
38a2c0
- update to the latest upstream release
38a2c0
- only DataStream file is now available for Fedora
38a2c0
- start distributing security baseline for Firefox
38a2c0
- start distributing security baseline for Java RunTime deployments
38a2c0
38a2c0
* Wed Mar 04 2015 Šimon Lukašík <slukasik@redhat.com> - 0.1.21-1
38a2c0
- update to the latest upstream release
38a2c0
- move content to /usr/share/scap/ssg/content
38a2c0
38a2c0
* Thu Oct 02 2014 Šimon Lukašík <slukasik@redhat.com> - 0.1.19-1
38a2c0
- update to the latest upstream release
38a2c0
38a2c0
* Mon Jul 14 2014 Šimon Lukašík <slukasik@redhat.com> - 0.1.5-4
38a2c0
- require only openscap-scanner, not whole openscap-utils package
38a2c0
38a2c0
* Tue Jul 01 2014 Šimon Lukašík <slukasik@redhat.com> - 0.1.5-3
38a2c0
- Rebase the RHEL part of SSG to the latest upstream version (0.1.18)
38a2c0
- Add STIG DISCLAIMER to the shipped documentation
38a2c0
38a2c0
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1.5-2
38a2c0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
38a2c0
38a2c0
* Thu Feb 27 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.5-1
38a2c0
- Fix fedora-srpm and fedora-rpm Make targets to work again
38a2c0
- Include RHEL-6 and RHEL-7 datastream files to support remote RHEL system scans
38a2c0
- EOL for Fedora 18 support
38a2c0
- Include Fedora datastream file for remote Fedora system scans
38a2c0
38a2c0
* Mon Jan 06 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.4-2
38a2c0
- Drop -compat package, provide openscap-content directly (RH BZ#1040335#c14)
38a2c0
38a2c0
* Fri Dec 20 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.4-1
38a2c0
- Fix remediation for sshd set keepalive (ClientAliveCountMax) and move
38a2c0
  it to /shared
38a2c0
- Add shared remediations for sshd disable empty passwords and
38a2c0
  sshd set idle timeout
38a2c0
- Shared remediation for sshd disable root login
38a2c0
- Add empty -compat subpackage to ensure backward-compatibility with
38a2c0
  openscap-content and firstaidkit-plugin-openscap packages (RH BZ#1040335)
38a2c0
- OVAL check for sshd disable root login
38a2c0
- Fix typo in OVAL check for sshd disable empty passwords
38a2c0
- OVAL check for sshd disable empty passwords
38a2c0
- Unselect no shelllogin for systemaccounts rule from being run by default
38a2c0
- Rename XCCDF rules
38a2c0
- Revert Set up Fedora release name and CPE based on build system properties
38a2c0
- Shared OVAL check for Verify that Shared Library Files Have Root Ownership
38a2c0
- Shared OVAL check for Verify that System Executables Have Restrictive Permissions
38a2c0
- Shared OVAL check for Verify that System Executables Have Root Ownership
38a2c0
- Shared OVAL check for Verify that Shared Library Files Have Restrictive
38a2c0
  Permissions
38a2c0
- Fix remediation for Disable Prelinking rule
38a2c0
- OVAL check and remediation for sshd's ClientAliveCountMax rule
38a2c0
- OVAL check for sshd's ClientAliveInterval rule
38a2c0
- Include descriptions for permissions section, and rules for checking
38a2c0
  permissions and ownership of shared library files and system executables
38a2c0
- Disable selected rules by default
38a2c0
- Add remediation for Disable Prelinking rule
38a2c0
- Adjust service-enable-macro, service-disable-macro XSLT transforms
38a2c0
  definition to evaluate to proper systemd syntax
38a2c0
- Fix service_ntpd_enabled OVAL check make validate to pass again
38a2c0
- Include patch from Šimon Lukašík to obsolete openscap-content
38a2c0
  package (RH BZ#1028706)
38a2c0
- Add OVAL check to test if there's is remote NTP server configured for
38a2c0
  time data
38a2c0
- Add system settings section for the guide (to track system wide
38a2c0
  hardening configurations)
38a2c0
- Include disable prelink rule and OVAL check for it
38a2c0
- Initial OVAL check if ntpd service is enabled. Add package_installed
38a2c0
  OVAL templating directory structure and functionality.
38a2c0
- Include services section, and XCCDF description for selected ntpd's
38a2c0
  sshd's service rules
38a2c0
- Include remediations for login.defs' based password minimum, maximum and
38a2c0
  warning age rules
38a2c0
- Include directory structure to support remediations
38a2c0
- Add SCAP "replace or append pattern value in text file based on variable"
38a2c0
  remediation script generator
38a2c0
- Add remediation for "Set Password Minimum Length in login.defs" rule
38a2c0
38a2c0
* Mon Nov 18 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.3-1
38a2c0
- Update versioning scheme - move fedorassgrelease to be part of
38a2c0
  upstream version. Rename it to fedorassgversion to avoid name collision
38a2c0
  with Fedora package release.
38a2c0
38a2c0
* Tue Oct 22 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-3
38a2c0
- Add .gitignore for Fedora output directory
38a2c0
- Set up Fedora release name and CPE based on build system properties
38a2c0
- Use correct file paths in scap-security-guide(8) manual page 
38a2c0
  (RH BZ#1018905, c#10)
38a2c0
- Apply further changes motivated by scap-security-guide Fedora RPM review
38a2c0
  request (RH BZ#1018905, c#8):
38a2c0
  * update package description,
38a2c0
  * make content files to be owned by the scap-security-guide package,
38a2c0
  * remove Fedora release number from generated content files,
38a2c0
  * move HTML form of the guide under the doc directory (together
38a2c0
    with that drop fedora/content subdir and place the content
38a2c0
    directly under fedora/ subdir).
38a2c0
- Fixes for scap-security-guide Fedora RPM review request (RH BZ#1018905):
38a2c0
  * drop Fedora release from package provided files' final path (c#5),
38a2c0
  * drop BuildRoot, selected Requires:, clean section, drop chcon for
38a2c0
    manual page, don't gzip man page (c#4),
38a2c0
  * change package's description (c#4),
38a2c0
  * include PD license text (#c4).
38a2c0
38a2c0
* Mon Oct 14 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-2
38a2c0
- Provide manual page for scap-security-guide
38a2c0
- Remove percent sign from spec's changelog to silence rpmlint warning
38a2c0
- Convert RHEL6 'Restrict Root Logins' section's rules to Fedora
38a2c0
- Convert RHEL6 'Set Password Expiration Parameter' rules to Fedora
38a2c0
- Introduce 'Account and Access Control' section
38a2c0
- Convert RHEL6 'Verify Proper Storage and Existence of Password Hashes' section's
38a2c0
  rules to Fedora
38a2c0
- Set proper name of the build directory in the spec's setup macro.
38a2c0
- Replace hard-coded paths with macros. Preserve attributes when copying files.
38a2c0
38a2c0
* Tue Sep 17 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-1
38a2c0
- Initial Fedora SSG RPM.