Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package scap-security-guide for openSUSE:Factory checked in at 2022-06-28 15:22:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/scap-security-guide (Old) and /work/SRC/openSUSE:Factory/.scap-security-guide.new.1548 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "scap-security-guide" Tue Jun 28 15:22:59 2022 rev:17 rq:985543 version:0.1.62 Changes: -------- --- /work/SRC/openSUSE:Factory/scap-security-guide/scap-security-guide.changes 2022-06-10 15:58:02.816857868 +0200 +++ /work/SRC/openSUSE:Factory/.scap-security-guide.new.1548/scap-security-guide.changes 2022-06-28 15:23:19.894028303 +0200 @@ -1,0 +2,6 @@ +Mon Jun 27 12:59:21 UTC 2022 - Marcus Meissner <meiss...@suse.com> + +- fix-bash-template.patch: convert one bash emitter to new jinja method. + (bsc#1200163) + +------------------------------------------------------------------- New: ---- fix-bash-template.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ scap-security-guide.spec ++++++ --- /var/tmp/diff_new_pack.qCsvvS/_old 2022-06-28 15:23:20.902029807 +0200 +++ /var/tmp/diff_new_pack.qCsvvS/_new 2022-06-28 15:23:20.906029814 +0200 @@ -53,6 +53,8 @@ %endif Source: https://github.com/ComplianceAsCode/content/archive/v%{version}.tar.gz Patch0: scap-security-guide-UnicodeEncodeError-character-fix.patch +# upstream d9aa7a49d135be60e1a6f9d2ce4e29560482b3d0 and 3485c8298957b24d97a563079fd648004a92822b +Patch1: fix-bash-template.patch BuildRequires: cmake %if "%{_vendor}" == "debbuild" @@ -178,6 +180,7 @@ %prep %setup -n content-%version %patch0 -p0 +%patch1 -p1 %build cd build ++++++ fix-bash-template.patch ++++++ diff --git a/shared/templates/audit_rules_syscall_events/bash.template b/shared/templates/audit_rules_syscall_events/bash.template index 6532554875..bd5bb94cb9 100644 --- a/shared/templates/audit_rules_syscall_events/bash.template +++ b/shared/templates/audit_rules_syscall_events/bash.template @@ -1,19 +1,20 @@ # platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -# Include source function library. -. /usr/share/scap-security-guide/remediation_functions - # First perform the remediation of the syscall rule # Retrieve hardware architecture of the underlying system [ "$(getconf LONG_BIT)" = "32" ] && RULE_ARCHS=("b32") || RULE_ARCHS=("b32" "b64") for ARCH in "${RULE_ARCHS[@]}" do - PATTERN="-a always,exit -F arch=$ARCH -S {{{ ATTR }}}.*" - GROUP="perm_mod" - FULL_RULE="-a always,exit -F arch=$ARCH -S {{{ ATTR }}} -F auid>={{{ auid }}} -F auid!=4294967295 -F key=perm_mod" + # FULL_RULE="-a always,exit -F arch=$ARCH -S {{{ ATTR }}} -F auid>={{{ auid }}} -F auid!=4294967295 -F key=perm_mod" + ACTION_ARCH_FILTERS="-a always,exit -F arch=$ARCH" + SYSCALL="{{{ ATTR }}}" + SYSCALL_GROUPING="{{{ ATTR }}}" + AUID_FILTERS="-F auid>={{{ auid }}} -F auid!=4294967295" + KEY="perm_mod" + OTHER_FILTERS="" # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' - fix_audit_syscall_rule "augenrules" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE" - fix_audit_syscall_rule "auditctl" "$PATTERN" "$GROUP" "$ARCH" "$FULL_RULE" + {{{ bash_fix_audit_syscall_rule("augenrules","$ACTION_ARCH_FILTERS", "$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") }}} + {{{ bash_fix_audit_syscall_rule("auditctl", "$ACTION_ARCH_FILTERS", "$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") }}} done