From 4647e34739e3611ff8e237a0b70d0824222529ef Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Feb 26 2024 13:19:02 +0000 Subject: import scap-security-guide-0.1.72-2.el7_9 --- diff --git a/.gitignore b/.gitignore index 10b380a..6078794 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2 -SOURCES/scap-security-guide-0.1.69.tar.bz2 +SOURCES/scap-security-guide-0.1.72.tar.bz2 diff --git a/.scap-security-guide.metadata b/.scap-security-guide.metadata index 64c981b..bcf37b6 100644 --- a/.scap-security-guide.metadata +++ b/.scap-security-guide.metadata @@ -1,2 +1,2 @@ b22b45d29ad5a97020516230a6ef3140a91d050a SOURCES/scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2 -60f885bdfa51fa2fa707d0c2fd32e0b1f9ee9589 SOURCES/scap-security-guide-0.1.69.tar.bz2 +e10feed870a3553b75798fbee88c27c95b84c7c2 SOURCES/scap-security-guide-0.1.72.tar.bz2 diff --git a/SOURCES/disable-not-in-good-shape-profiles.patch b/SOURCES/disable-not-in-good-shape-profiles.patch deleted file mode 100644 index f883e6a..0000000 --- a/SOURCES/disable-not-in-good-shape-profiles.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 746381a4070fc561651ad65ec0fe9610e8590781 Mon Sep 17 00:00:00 2001 -From: Watson Sato -Date: Mon, 6 Feb 2023 14:44:17 +0100 -Subject: [PATCH] Disable profiles not in good shape - -Patch-name: disable-not-in-good-shape-profiles.patch -Patch-id: 0 -Patch-status: | - Patch prevents cjis, rht-ccp and standard profiles in RHEL8 datastream ---- - products/rhel8/CMakeLists.txt | 1 - - products/rhel8/profiles/cjis.profile | 2 +- - products/rhel8/profiles/rht-ccp.profile | 2 +- - products/rhel8/profiles/standard.profile | 2 +- - 4 files changed, 3 insertions(+), 4 deletions(-) - -diff --git a/products/rhel8/CMakeLists.txt b/products/rhel8/CMakeLists.txt -index 9c044b68ab..8f6ca03de8 100644 ---- a/products/rhel8/CMakeLists.txt -+++ b/products/rhel8/CMakeLists.txt -@@ -10,7 +10,6 @@ ssg_build_product(${PRODUCT}) - ssg_build_html_ref_tables("${PRODUCT}" "table-${PRODUCT}-{ref_id}refs" "anssi;cis;cui;nist;pcidss") - - ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-ospp" "${PRODUCT}" "ospp" "nist") --ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-standard" "${PRODUCT}" "standard" "nist") - ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-stig" "${PRODUCT}" "stig" "nist") - - ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_minimal" "${PRODUCT}" "anssi_bp28_minimal" "anssi") -diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile -index 22ae5aac72..f60b65bc06 100644 ---- a/products/rhel8/profiles/cjis.profile -+++ b/products/rhel8/profiles/cjis.profile -@@ -1,4 +1,4 @@ --documentation_complete: true -+documentation_complete: false - - metadata: - version: 5.4 -diff --git a/products/rhel8/profiles/rht-ccp.profile b/products/rhel8/profiles/rht-ccp.profile -index b192461f95..ae1e7d5a15 100644 ---- a/products/rhel8/profiles/rht-ccp.profile -+++ b/products/rhel8/profiles/rht-ccp.profile -@@ -1,4 +1,4 @@ --documentation_complete: true -+documentation_complete: false - - title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)' - -diff --git a/products/rhel8/profiles/standard.profile b/products/rhel8/profiles/standard.profile -index a63ae2cf32..da669bb843 100644 ---- a/products/rhel8/profiles/standard.profile -+++ b/products/rhel8/profiles/standard.profile -@@ -1,4 +1,4 @@ --documentation_complete: true -+documentation_complete: false - - title: 'Standard System Security Profile for Red Hat Enterprise Linux 8' - --- -2.39.1 - diff --git a/SOURCES/hide-profiles-not-in-good-shape-for-RHEL.patch b/SOURCES/hide-profiles-not-in-good-shape-for-RHEL.patch new file mode 100644 index 0000000..40a7a28 --- /dev/null +++ b/SOURCES/hide-profiles-not-in-good-shape-for-RHEL.patch @@ -0,0 +1,54 @@ +From e0f62e3828b9deda102f247b3789f68aeb4e518d Mon Sep 17 00:00:00 2001 +From: Marcus Burghardt +Date: Fri, 16 Feb 2024 12:07:36 +0100 +Subject: [PATCH] Hide profiles not in good shape for RHEL + +There are some profiles introduced long time ago but no longer +maintained. For compatibility purposes they are not removed from +datastream but are now hidden for RHEL8 to prevent people from +using them. +--- + products/rhel8/profiles/cjis.profile | 2 ++ + products/rhel8/profiles/rht-ccp.profile | 2 ++ + products/rhel8/profiles/standard.profile | 2 ++ + 3 files changed, 6 insertions(+) + +diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile +index 30843b692e..c44c63516f 100644 +--- a/products/rhel8/profiles/cjis.profile ++++ b/products/rhel8/profiles/cjis.profile +@@ -1,5 +1,7 @@ + documentation_complete: true + ++hidden: true ++ + metadata: + version: 5.4 + SMEs: +diff --git a/products/rhel8/profiles/rht-ccp.profile b/products/rhel8/profiles/rht-ccp.profile +index 01133a9bde..3f6cb751c9 100644 +--- a/products/rhel8/profiles/rht-ccp.profile ++++ b/products/rhel8/profiles/rht-ccp.profile +@@ -1,5 +1,7 @@ + documentation_complete: true + ++hidden: true ++ + title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)' + + description: |- +diff --git a/products/rhel8/profiles/standard.profile b/products/rhel8/profiles/standard.profile +index 11d72da2d9..79b491113a 100644 +--- a/products/rhel8/profiles/standard.profile ++++ b/products/rhel8/profiles/standard.profile +@@ -1,5 +1,7 @@ + documentation_complete: true + ++hidden: true ++ + title: 'Standard System Security Profile for Red Hat Enterprise Linux 8' + + description: |- +-- +2.43.1 + diff --git a/SPECS/scap-security-guide.spec b/SPECS/scap-security-guide.spec index 3170fd5..903d607 100644 --- a/SPECS/scap-security-guide.spec +++ b/SPECS/scap-security-guide.spec @@ -6,8 +6,8 @@ %global _static_rhel6_content %{name}-0.1.52-2.el7_9-rhel6 Name: scap-security-guide -Version: 0.1.69 -Release: 1%{?dist} +Version: 0.1.72 +Release: 2%{?dist} Summary: Security guidance and baselines in SCAP formats Group: System Environment/Base @@ -16,9 +16,8 @@ URL: https://github.com/ComplianceAsCode/content Source0: %{name}-%{version}.tar.bz2 # Include tarball with last shipped rhel6 content Source1: %{_static_rhel6_content}.tar.bz2 -# Disable profiles not in good shape -# rhel8 - cjis rht-ccp standard -Patch0: disable-not-in-good-shape-profiles.patch +# Patch hides cjis, rht-ccp and standard profiles for RHEL8 +Patch0: hide-profiles-not-in-good-shape-for-RHEL.patch BuildArch: noarch @@ -121,6 +120,13 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{_builddir}/%{name}-%{versio %endif %changelog +* Fri Feb 16 2024 Marcus Burghardt - 0.1.72-2 +- Unlist profiles no longer maintained in RHEL8. + +* Wed Feb 14 2024 Marcus Burghardt - 0.1.72-1 +- Rebase to a new upstream release 0.1.72 (RHEL-25251) +- Include filter to dracut files in audit_rules_privileged_commands rule (RHEL-11938) + * Fri Aug 04 2023 Jan Černý - 0.1.69-1 - Rebase to the latest upstream release (RHBZ#2221694) - Make IPv6 related rules applicable only in case IPv6 is actually enabled. (RHBZ#2210276)