commit scap-security-guide for openSUSE:Factory

Tue, 28 Jun 2022 06:23:30 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package scap-security-guide for 
openSUSE:Factory checked in at 2022-06-28 15:22:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old)
 and      /work/SRC/openSUSE:Factory/.scap-security-guide.new.1548 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "scap-security-guide"

Tue Jun 28 15:22:59 2022 rev:17 rq:985543 version:0.1.62

Changes:
--------
--- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes  
2022-06-10 15:58:02.816857868 +0200
+++ 
/work/SRC/openSUSE:Factory/.scap-security-guide.new.1548/scap-security-guide.changes
        2022-06-28 15:23:19.894028303 +0200
@@ -1,0 +2,6 @@
+Mon Jun 27 12:59:21 UTC 2022 - Marcus Meissner <meiss...@suse.com>
+
+- fix-bash-template.patch: convert one bash emitter to new jinja method.
+  (bsc#1200163)
+
+-------------------------------------------------------------------

New:
----
  fix-bash-template.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ scap-security-guide.spec ++++++
--- /var/tmp/diff_new_pack.qCsvvS/_old  2022-06-28 15:23:20.902029807 +0200
+++ /var/tmp/diff_new_pack.qCsvvS/_new  2022-06-28 15:23:20.906029814 +0200
@@ -53,6 +53,8 @@
 %endif
 Source:         
https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz
 Patch0:         scap-security-guide-UnicodeEncodeError-character-fix.patch
+# upstream d9aa7a49d135be60e1a6f9d2ce4e29560482b3d0 and 
3485c8298957b24d97a563079fd648004a92822b
+Patch1:         fix-bash-template.patch
 BuildRequires:  cmake
 
 %if "%{_vendor}" == "debbuild"
@@ -178,6 +180,7 @@
 %prep
 %setup -n content-%version
 %patch0 -p0
+%patch1 -p1
 
 %build
 cd build

++++++ fix-bash-template.patch ++++++
diff --git a/shared/templates/audit_rules_syscall_events/bash.template 
b/shared/templates/audit_rules_syscall_events/bash.template
index 6532554875..bd5bb94cb9 100644
--- a/shared/templates/audit_rules_syscall_events/bash.template
+++ b/shared/templates/audit_rules_syscall_events/bash.template
@@ -1,19 +1,20 @@
 # platform = 
multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
 
-# Include source function library.
-. /usr/share/scap-security-guide/remediation_functions
-
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system
 [ "$(getconf LONG_BIT)" = "32" ] && RULE_ARCHS=("b32") || RULE_ARCHS=("b32" 
"b64")
 
 for ARCH in "${RULE_ARCHS[@]}"
 do
-       PATTERN="-a always,exit -F arch=$ARCH -S {{{ ATTR }}}.*"
-       GROUP="perm_mod"
-       FULL_RULE="-a always,exit -F arch=$ARCH -S {{{ ATTR }}} -F auid>={{{ 
auid }}} -F auid!=4294967295 -F key=perm_mod"
+       # FULL_RULE="-a always,exit -F arch=$ARCH -S {{{ ATTR }}} -F auid>={{{ 
auid }}} -F auid!=4294967295 -F key=perm_mod"
+       ACTION_ARCH_FILTERS="-a always,exit -F arch=$ARCH"
+       SYSCALL="{{{ ATTR }}}"
+       SYSCALL_GROUPING="{{{ ATTR }}}"
+       AUID_FILTERS="-F auid>={{{ auid }}} -F auid!=4294967295"
+       KEY="perm_mod"
+       OTHER_FILTERS=""
 
        # Perform the remediation for both possible tools: 'auditctl' and 
'augenrules'
-       fix_audit_syscall_rule "augenrules" "$PATTERN" "$GROUP" "$ARCH" 
"$FULL_RULE"
-       fix_audit_syscall_rule "auditctl" "$PATTERN" "$GROUP" "$ARCH" 
"$FULL_RULE"
+       {{{ bash_fix_audit_syscall_rule("augenrules","$ACTION_ARCH_FILTERS", 
"$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") }}}
+       {{{ bash_fix_audit_syscall_rule("auditctl",  "$ACTION_ARCH_FILTERS", 
"$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") }}}
 done

Reply via email to