[CentOS] CentOS 7.3.1611 scap-security-guide issue
Johnny Hughes
johnny at centos.org
Fri Feb 3 09:51:34 UTC 2017
On 02/01/2017 10:15 AM, Michał Jankowski wrote:
> Hello,
>
> I have noticed that pci-dss profile, ssg-centos7-xccdf.xml will always fail
> on test and remediation for disable_prelink rule. That seem to be caused by
> insufficient CentOS RPM customization of upstream code. Specifically this:
> https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/disable_prelink.xml#L24-L35
> <https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/disable_prelink.xml>
>
> That condition will always fail on CentOS because it misses:
> <extend_definition comment="Installed OS is CentOS7" definition_ref="
> installed_OS_is_centos7" />
>
> I was thinking about raising a bug on https://bugs.centos.org or committing
> a fix in https://git.centos.org/summary/rpms!scap-security-guide but I am
> unsure as to what action should I take.
You can clone that git project from git.centos.org, then checkout the
'c7' branch and fix the issue on your branch .. then use the git
--format-patch option as explained here:
https://ariejan.net/2009/10/26/how-to-create-and-apply-a-patch-with-git/
Then you can send your patch (attached to an email) to the CentOS-Devel
mailing list (https://lists.centos.org/mailman/listinfo/centos-devel)
and I will import it into the git repo and fix the package.
<snip>
Thanks,
Johnny Hughes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20170203/b8024d6b/attachment.sig>
More information about the CentOS
mailing list