[scap-security-guide/f19] Rebase to 0.1.4.
Jan Lieskovsky
jlieskov at fedoraproject.org
Fri Dec 20 17:32:56 UTC 2013
commit 605622f4e7d8c1670837ef067d2f4402a2d7908f
Author: Jan Lieskovsky <jlieskov at redhat.com>
Date: Fri Dec 20 18:31:46 2013 +0100
Rebase to 0.1.4.
.gitignore | 1 +
scap-security-guide.spec | 79 +++++++++++++++++++++++++++++++++++++++++-----
sources | 2 +-
3 files changed, 73 insertions(+), 9 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 49960ed..e0e820e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
/scap-security-guide-0.1-3.tar.gz
+/scap-security-guide-0.1.4.tar.gz
diff --git a/scap-security-guide.spec b/scap-security-guide.spec
index 4a31a5c..0fd2e21 100644
--- a/scap-security-guide.spec
+++ b/scap-security-guide.spec
@@ -5,20 +5,20 @@
# file one level up - in the main scap-security-guide directory (instead of
# this one).
-%global fedorassgrelease 3
+%global fedorassgversion 4
Name: scap-security-guide
-Version: 0.1
-Release: %{fedorassgrelease}.1%{?dist}
+Version: 0.1.%{fedorassgversion}
+Release: 1%{?dist}
Summary: Security guidance and baselines in SCAP formats
Group: Applications/System
License: Public Domain
URL: https://fedorahosted.org/scap-security-guide/
-Source0: http://fedorapeople.org/~jlieskov/%{name}-%{version}-%{fedorassgrelease}.tar.gz
+Source0: http://fedorapeople.org/~jlieskov/%{name}-%{version}.tar.gz
BuildArch: noarch
BuildRequires: libxslt, expat, python, openscap-utils >= 0.9.1, python-lxml
Requires: xml-common, openscap-utils >= 0.9.1
-Obsoletes: openscap-content < 0:0.9.13
+Obsoletes: openscap-content < 0:0.9.13
%description
The scap-security-guide project provides a guide for configuration of the
@@ -32,8 +32,20 @@ scap-workbench GUI tool from scap-workbench package to verify that the system
conforms to provided guideline. Refer to scap-security-guide(8) manual page for
further information.
+%package compat
+Summary: Extra package to ensure compatibility with firstaidkit-plugin-openscap
+License: Public Domain
+BuildArch: noarch
+Requires: xml-common, openscap-utils >= 0.9.1
+Provides: openscap-content, firstaidkit-plugin-openscap
+
+%description compat
+This package corrects Provides requirements needed to maintain
+backward-compatibility with openscap-content and firstaidkit-plugin-openscap
+packages.
+
%prep
-%setup -q -n %{name}-%{version}-%{fedorassgrelease}
+%setup -q -n %{name}-%{version}
%build
cd Fedora && make dist
@@ -53,9 +65,60 @@ cp -a Fedora/input/auxiliary/scap-security-guide.8 %{buildroot}%{_mandir}/en/man
%lang(en) %{_mandir}/en/man8/scap-security-guide.8.*
%doc Fedora/LICENSE Fedora/output/ssg-fedora-guide.html
+%files compat
+
%changelog
-* Fri Nov 15 2013 Šimon Lukašík <slukasik at redhat.com> - 0.1-3.1
-- Rebuild to obsolete openscap-content package (#1028706)
+* Fri Dec 20 2013 Jan iankko Lieskovsky <jlieskov at redhat.com> 0.1.4-1
+- Fix remediation for sshd set keepalive (ClientAliveCountMax) and move
+ it to /shared
+- Add shared remediations for sshd disable empty passwords and
+ sshd set idle timeout
+- Shared remediation for sshd disable root login
+- Add empty -compat subpackage to ensure backward-compatibility with
+ openscap-content and firstaidkit-plugin-openscap packages (RH BZ#1040335)
+- OVAL check for sshd disable root login
+- Fix typo in OVAL check for sshd disable empty passwords
+- OVAL check for sshd disable empty passwords
+- Unselect no shelllogin for systemaccounts rule from being run by default
+- Rename XCCDF rules
+- Revert Set up Fedora release name and CPE based on build system properties
+- Shared OVAL check for Verify that Shared Library Files Have Root Ownership
+- Shared OVAL check for Verify that System Executables Have Restrictive Permissions
+- Shared OVAL check for Verify that System Executables Have Root Ownership
+- Shared OVAL check for Verify that Shared Library Files Have Restrictive
+ Permissions
+- Fix remediation for Disable Prelinking rule
+- OVAL check and remediation for sshd's ClientAliveCountMax rule
+- OVAL check for sshd's ClientAliveInterval rule
+- Include descriptions for permissions section, and rules for checking
+ permissions and ownership of shared library files and system executables
+- Disable selected rules by default
+- Add remediation for Disable Prelinking rule
+- Adjust service-enable-macro, service-disable-macro XSLT transforms
+ definition to evaluate to proper systemd syntax
+- Fix service_ntpd_enabled OVAL check make validate to pass again
+- Include patch from Šimon Lukašík to obsolete openscap-content
+ package (RH BZ#1028706)
+- Add OVAL check to test if there's is remote NTP server configured for
+ time data
+- Add system settings section for the guide (to track system wide
+ hardening configurations)
+- Include disable prelink rule and OVAL check for it
+- Initial OVAL check if ntpd service is enabled. Add package_installed
+ OVAL templating directory structure and functionality.
+- Include services section, and XCCDF description for selected ntpd's
+ sshd's service rules
+- Include remediations for login.defs' based password minimum, maximum and
+ warning age rules
+- Include directory structure to support remediations
+- Add SCAP "replace or append pattern value in text file based on variable"
+ remediation script generator
+- Add remediation for "Set Password Minimum Length in login.defs" rule
+
+* Mon Nov 18 2013 Jan iankko Lieskovsky <jlieskov at redhat.com> 0.1.3-1
+- Update versioning scheme - move fedorassgrelease to be part of
+ upstream version. Rename it to fedorassgversion to avoid name collision
+ with Fedora package release.
* Tue Oct 22 2013 Jan iankko Lieskovsky <jlieskov at redhat.com> 0.1-3
- Add .gitignore for Fedora output directory
diff --git a/sources b/sources
index 101d26c..873584b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-93e71669058b2cb6958dc4946042552d scap-security-guide-0.1-3.tar.gz
+265b20ec271bc0eb31112d2ce2d07ea0 scap-security-guide-0.1.4.tar.gz
More information about the scm-commits
mailing list