commit scap-security-guide for openSUSE:Factory

Source-Sync Thu, 27 Jul 2023 07:53:24 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package scap-security-guide for 
openSUSE:Factory checked in at 2023-07-27 16:53:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old)
 and      /work/SRC/openSUSE:Factory/.scap-security-guide.new.32662 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "scap-security-guide"

Thu Jul 27 16:53:01 2023 rev:28 rq:1101012 version:0.1.68

Changes:
--------
--- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes  
2023-06-16 16:56:37.854339857 +0200
+++ 
/work/SRC/openSUSE:Factory/.scap-security-guide.new.32662/scap-security-guide.changes
       2023-07-27 16:53:17.118653912 +0200
@@ -1,0 +2,6 @@
+Thu Jul 27 06:58:41 UTC 2023 - Marcus Meissner <[email protected]>
+
+- 0001-Revert-fix-aide-remediations-add-crontabs.patch:
+  revert patch that breaks the SLE hardening (bsc#1213691)
+
+-------------------------------------------------------------------

New:
----
  0001-Revert-fix-aide-remediations-add-crontabs.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ scap-security-guide.spec ++++++
--- /var/tmp/diff_new_pack.ayDZct/_old  2023-07-27 16:53:17.762657551 +0200
+++ /var/tmp/diff_new_pack.ayDZct/_new  2023-07-27 16:53:17.770657596 +0200
@@ -52,6 +52,8 @@
 Packager:       SUSE Security Team <[email protected]>
 %endif
 Source:         
https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz
+# upstream fix, will be in 0.69
+Patch1:         0001-Revert-fix-aide-remediations-add-crontabs.patch
 
 # explicit require what is needed by the detection logic in the scripts
 Requires:       coreutils
@@ -190,6 +192,7 @@
 
 %prep
 %setup -q -n content-%version
+%autopatch -p1
 
 %build
 cd build

++++++ 0001-Revert-fix-aide-remediations-add-crontabs.patch ++++++
>From 8f31dae05cc55de178f3038587ca0d6ff5d12b69 Mon Sep 17 00:00:00 2001
From: Eduardo Barretto <[email protected]>
Date: Thu, 29 Jun 2023 12:14:35 +0200
Subject: [PATCH] Revert "fix: aide/remediations: add crontabs"

This reverts commit ac8389e3ddab599f6f5bf7465636817fb8dbbf3e.
Fixes #10725
---
 .../aide/aide_periodic_cron_checking/ansible/shared.yml     | 6 +++---
 .../aide/aide_periodic_cron_checking/bash/shared.sh         | 1 -
 .../aide/aide_periodic_cron_checking/bash/ubuntu.sh         | 1 -
 .../aide/aide_scan_notification/ansible/shared.yml          | 6 +++---
 .../aide/aide_scan_notification/bash/shared.sh              | 1 -
 5 files changed, 6 insertions(+), 9 deletions(-)

diff --git 
a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/ansible/shared.yml
 
b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/ansible/shared.yml
index 7d4063bda2..d60c2e5464 100644
--- 
a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/ansible/shared.yml
+++ 
b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/ansible/shared.yml
@@ -5,10 +5,10 @@
 # disruption = low
 - name: "Ensure AIDE is installed"
   package:
-    name:
-      - aide
-      - crontabs
+    name: "{{ item }}"
     state: present
+  with_items:
+    - aide
 
 - name: Set cron package name - RedHat
   set_fact:
diff --git 
a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
 
b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
index a4dac78100..dfa5c1b6c8 100644
--- 
a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
+++ 
b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
@@ -1,7 +1,6 @@
 # platform = Red Hat Virtualization 
4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
 
 {{{ bash_package_install("aide") }}}
-{{{ bash_package_install("crontabs") }}}
 
 if ! grep -q "{{{ aide_bin_path }}} --check" /etc/crontab ; then
     echo "05 4 * * * root {{{ aide_bin_path }}} --check" >> /etc/crontab
diff --git 
a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/ubuntu.sh
 
b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/ubuntu.sh
index 00bd493ac7..719fd764af 100644
--- 
a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/ubuntu.sh
+++ 
b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/ubuntu.sh
@@ -1,7 +1,6 @@
 # platform = multi_platform_ubuntu
 
 {{{ bash_package_install("aide") }}}
-{{{ bash_package_install("crontabs") }}}
 
 # AiDE usually adds its own cron jobs to /etc/cron.daily. If script is there, 
this rule is
 # compliant. Otherwise, we copy the script to the /etc/cron.weekly
diff --git 
a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
 
b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
index 45db52bf23..2f734940a6 100644
--- 
a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
+++ 
b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
@@ -7,10 +7,10 @@
 
 - name: "Ensure AIDE is installed"
   package:
-    name:
-      - aide
-      - crontabs
+    name: "{{ item }}"
     state: present
+  with_items:
+    - aide
 
 - name: "{{{ rule_title }}}"
   cron:
diff --git 
a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh
 
b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh
index b71b1ec967..f2b7d62a0b 100644
--- 
a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh
+++ 
b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh
@@ -1,7 +1,6 @@
 # platform = multi_platform_all
 
 {{{ bash_package_install("aide") }}}
-{{{ bash_package_install("crontabs") }}}
 {{{ bash_instantiate_variables("var_aide_scan_notification_email") }}}
 
 CRONTAB=/etc/crontab
-- 
2.35.3

commit scap-security-guide for openSUSE:Factory

Reply via email to