Please have a look at the patch. On Fri, Feb 3, 2017 at 1:52 AM Johnny Hughes <johnny at centos.org> wrote: > On 02/01/2017 10:15 AM, Michał Jankowski wrote: > > Hello, > > > > I have noticed that pci-dss profile, ssg-centos7-xccdf.xml will always > fail > > on test and remediation for disable_prelink rule. That seem to be caused > by > > insufficient CentOS RPM customization of upstream code. Specifically > this: > > > https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/disable_prelink.xml#L24-L35 > > < > https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/disable_prelink.xml > > > > > > That condition will always fail on CentOS because it misses: > > <extend_definition comment="Installed OS is CentOS7" definition_ref=" > > installed_OS_is_centos7" /> > > > > I was thinking about raising a bug on https://bugs.centos.org or > committing > > a fix in https://git.centos.org/summary/rpms!scap-security-guide but I > am > > unsure as to what action should I take. > > You can clone that git project from git.centos.org, then checkout the > 'c7' branch and fix the issue on your branch .. then use the git > --format-patch option as explained here: > > https://ariejan.net/2009/10/26/how-to-create-and-apply-a-patch-with-git/ > > Then you can send your patch (attached to an email) to the CentOS-Devel > mailing list (https://lists.centos.org/mailman/listinfo/centos-devel) > and I will import it into the git repo and fix the package. > > <snip> > > Thanks, > Johnny Hughes > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >