From cdb777a21d597945269c855f4d40c867749e0ab9 Mon Sep 17 00:00:00 2001 From: Jan Lieskovsky <[email protected]> Date: Tue, 17 Sep 2013 16:20:23 +0200 Subject: [PATCH 1/8] Add FEDORA Makefile, README, and scap-security-guide.spec files.
Signed-off-by: Jan Lieskovsky <[email protected]> --- FEDORA/Makefile | 58 +++++++++++++++++++++++++++++++++++++++++ FEDORA/README | 30 +++++++++++++++++++++ FEDORA/scap-security-guide.spec | 53 +++++++++++++++++++++++++++++++++++++ 3 files changed, 141 insertions(+) create mode 100644 FEDORA/Makefile create mode 100644 FEDORA/README create mode 100644 FEDORA/scap-security-guide.spec diff --git a/FEDORA/Makefile b/FEDORA/Makefile new file mode 100644 index 0000000..be0086d --- /dev/null +++ b/FEDORA/Makefile @@ -0,0 +1,58 @@ +IN = input +OUT = output +TRANS = transforms +UTILS = utils +DIST = dist + +ID = fedora-19 + +all: shorthand2xccdf guide content dist + +shorthand-guide: + xsltproc -o $(OUT)/$(ID)-shorthand.xml $(IN)/guide.xslt $(IN)/guide.xml + xmllint --format --output $(OUT)/$(ID)-shorthand.xml $(OUT)/$(ID)-shorthand.xml + +shorthand2xccdf: shorthand-guide + xsltproc -o $(OUT)/unlinked-unresolved-fedora-xccdf.xml $(TRANS)/shorthand2xccdf.xslt $(OUT)/$(ID)-shorthand.xml + oscap xccdf resolve -o $(OUT)/unlinked-fedora-xccdf.xml $(OUT)/unlinked-unresolved-fedora-xccdf.xml + +checks: + xmlwf $(IN)/checks/*.xml + $(TRANS)/combinechecks.py $(IN)/checks > $(OUT)/unlinked-fedora-oval.xml + xmllint --format --output $(OUT)/unlinked-fedora-oval.xml $(OUT)/unlinked-fedora-oval.xml + +guide: shorthand2xccdf +# remove auxiliary Groups which are only for use in tables, and not guide output. +# specifying a nonexistent profile, "allrules," to make oscap print all Rules + xsltproc -o $(OUT)/unlinked-fedora-xccdf-guide.xml $(TRANS)/xccdf-removeaux.xslt $(OUT)/unlinked-fedora-xccdf.xml + xsltproc -o $(OUT)/unlinked-notest-fedora-xccdf-guide.xml $(TRANS)/xccdf-removetested.xslt $(OUT)/unlinked-fedora-xccdf.xml + oscap xccdf generate guide --profile allrules $(OUT)/unlinked-notest-fedora-xccdf-guide.xml > $(OUT)/$(ID)-guide.html + +content: shorthand2xccdf guide checks + $(TRANS)/cpe_generate.py $(OUT)/unlinked-fedora-oval.xml $(IN)/checks/platform/fedora-cpe-dictionary.xml $(ID) + $(TRANS)/relabelids.py unlinked-fedora-xccdf.xml $(ID) + +validate-xml: + oscap xccdf validate-xml $(OUT)/$(ID)-xccdf.xml + oscap oval validate-xml $(OUT)/$(ID)-oval.xml + oscap oval validate-xml $(OUT)/$(ID)-cpe-oval.xml + +validate: validate-xml + cd $(OUT); ../$(UTILS)/verify-references.py --rules-with-invalid-checks --ovaldefs-unused $(ID)-xccdf.xml + oscap oval validate-xml --schematron $(OUT)/$(ID)-oval.xml + +# items in dist are expected for distribution in an rpm +dist: guide content + mkdir -p $(DIST)/guide $(DIST)/content + cp $(OUT)/*-guide.html $(DIST)/guide + cp $(OUT)/$(ID)-xccdf.xml $(DIST)/content + cp $(OUT)/$(ID)-oval.xml $(DIST)/content + cp $(OUT)/$(ID)-cpe-dictionary.xml $(DIST)/content + cp $(OUT)/$(ID)-cpe-oval.xml $(DIST)/content + +eval-common: content + oscap xccdf eval --profile common $(OUT)/$(ID)-xccdf.xml + +clean: + rm -f $(OUT)/*.xml $(OUT)/*.html $(OUT)/*.xhtml $(OUT)/*.pdf $(OUT)/*.spec $(OUT)/*.tar $(OUT)/*.gz $(OUT)/*.ini $(OUT)/*.csv + rm -rf $(DIST)/content $(DIST)/guide diff --git a/FEDORA/README b/FEDORA/README new file mode 100644 index 0000000..c3c94db --- /dev/null +++ b/FEDORA/README @@ -0,0 +1,30 @@ +Directory Structure of scap-security-guide +------------------------------------------ + +The input directory contains source files that generate SCAP content, such as +XCCDF and OVAL. Since a single large XML file is an impractical format for +multiple authors to collaborate on editing SCAP content, efforts are made to +keep logically related guidance and checking content in individual files. + +The transforms directory contains resources that enable the files inside the +input directory (or output directory) to be combined and reformatted into +valid SCAP formats or human-readable formats. + +The output directory is used as a storage area for items generated by the files +in the inputs directory. It should be empty in the repository, and built on +users' individual systems (and rely on its .gitignore file to keep such files +out). The output directory contains transitional output (which may only exist +in order to be further transformed) as well as final output. + +The references directory should contain documents which are specified as +references from within the SCAP content, or documents that are "seeds," viz. +documents whose prose will be translated into SCAP formats, as well as other +examples of SCAP content. + +The utils directory contains helper scripts and other items that are useful to +developers but are not essential to producing the project's output. + +The dist directory contains final outputs, which could be shipped in an RPM for +consumption by end-users. Updating the Makefile to copy an item from the +outputs directory to the dist directory indicates that an item is considered a +final output. diff --git a/FEDORA/scap-security-guide.spec b/FEDORA/scap-security-guide.spec new file mode 100644 index 0000000..6042ba6 --- /dev/null +++ b/FEDORA/scap-security-guide.spec @@ -0,0 +1,53 @@ + +# IMPORTANT NOTE: This spec file is solely dedicated to make changes to the +# Fedora's scap-security-guide package. If you want to apply changes against +# the main RHEL-6 scap-security-guide RPM content, use scap-security-guide.spec +# file one level up - in the main scap-security-guide directory (instead of +# this one). + +Name: scap-security-guide +Version: 0.1 +Release: 1.fc19 +Summary: Security guidance and baselines in SCAP formats +Group: Applications/System +License: Public Domain +URL: https://fedorahosted.org/scap-security-guide/ +Source0: http://fedorapeople.org/~jlieskov/%{name}-%{version}.tar.gz +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +BuildArch: noarch +BuildRequires: coreutils, libxslt, expat, python, openscap-utils >= 0.9.1, python-lxml +Requires: filesystem, openscap-utils >= 0.9.1 + +%description +The scap-security-guide project provides security configuration guidance in +formats of the Security Content Automation Protocol (SCAP). It provides a +catalog of practical hardening advice and links it to government requirements +where applicable. The project bridges the gap between generalized policy +requirements and specific implementation guidance. +%prep +%setup -q + + +%build +cd FEDORA && make dist + + +%install +rm -rf $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT/usr/share/xml/scap/ssg/fedora/19 + +# Add in core content (SCAP, guide) +cp -r FEDORA/dist/* $RPM_BUILD_ROOT/usr/share/xml/scap/ssg/fedora/19 + + +%clean +rm -rf $RPM_BUILD_ROOT + + +%files +%defattr(-,root,root,-) +/usr/share/xml/scap/ssg/fedora/19/* + +%changelog +* Tue Sep 17 2013 Jan iankko Lieskovsky <[email protected]> 0.1-1 +- Initial Fedora SSG RPM. -- 1.7.11.7
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
