3 files changed, 241 insertions, 2 deletions
diff --git a/recipes-compliance/scap-security-guide/files/0001-standard.profile-expand-checks.patch b/recipes-compliance/scap-security-guide/files/0001-standard.profile-expand-checks.patch
new file mode 100644
index 0000000..0621360
--- /dev/null
+++ b/recipes-compliance/scap-security-guide/files/0001-standard.profile-expand-checks.patch
@@ -0,0 +1,228 @@
+From 7af2da3bbe1d5b4cba89c6dae9ea267717b865ea Mon Sep 17 00:00:00 2001
+From: Armin Kuster <akuster808@gmail.com>
+Date: Wed, 21 Jun 2023 07:46:38 -0400
+Subject: [PATCH] standard.profile: expand checks
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+---
+ .../openembedded/profiles/standard.profile    | 206 ++++++++++++++++++
+ 1 file changed, 206 insertions(+)
+diff --git a/products/openembedded/profiles/standard.profile b/products/openembedded/profiles/standard.profile
+index 44339d716c..877d1a3971 100644
+--- a/products/openembedded/profiles/standard.profile
+++ b/products/openembedded/profiles/standard.profile
+@@ -9,4 +9,210 @@ description: |-
+ selections:
+     - file_owner_etc_passwd
+     - file_groupowner_etc_passwd
+    - service_crond_enabled
+    - file_groupowner_crontab
+    - file_owner_crontab
+    - file_permissions_crontab
+    - file_groupowner_cron_hourly
+    - file_owner_cron_hourly
+    - file_permissions_cron_hourly
+    - file_groupowner_cron_daily
+    - file_owner_cron_daily
+    - file_permissions_cron_daily
+    - file_groupowner_cron_weekly
+    - file_owner_cron_weekly
+    - file_permissions_cron_weekly
+    - file_groupowner_cron_monthly
+    - file_owner_cron_monthly
+    - file_permissions_cron_monthly
+    - file_groupowner_cron_d
+    - file_owner_cron_d
+    - file_permissions_cron_d
+    - file_groupowner_cron_allow
+    - file_owner_cron_allow
+    - file_cron_deny_not_exist
+    - file_groupowner_at_allow
+    - file_owner_at_allow
+    - file_at_deny_not_exist
+    - file_permissions_at_allow
+    - file_permissions_cron_allow
+    - file_groupowner_sshd_config
+    - file_owner_sshd_config
+    - file_permissions_sshd_config
+    - file_permissions_sshd_private_key
+    - file_permissions_sshd_pub_key
+    - sshd_set_loglevel_verbose
+    - sshd_set_loglevel_info
+    - sshd_max_auth_tries_value=4
+    - sshd_set_max_auth_tries
+    - sshd_disable_rhosts
+    - disable_host_auth
+    - sshd_disable_root_login
+    - sshd_disable_empty_passwords
+    - sshd_do_not_permit_user_env
+    - sshd_idle_timeout_value=15_minutes
+    - sshd_set_idle_timeout
+    - sshd_set_keepalive
+    - var_sshd_set_keepalive=0
+    - sshd_set_login_grace_time
+    - var_sshd_set_login_grace_time=60
+    - sshd_enable_warning_banner
+    - sshd_enable_pam
+    - sshd_set_maxstartups
+    - var_sshd_set_maxstartups=10:30:60
+    - sshd_set_max_sessions
+    - var_sshd_max_sessions=10
+    - accounts_password_pam_minclass
+    - accounts_password_pam_minlen
+    - accounts_password_pam_retry
+    - var_password_pam_minclass=4
+    - var_password_pam_minlen=14
+    - locking_out_password_attempts
+    - accounts_password_pam_pwhistory_remember_password_auth
+    - accounts_password_pam_pwhistory_remember_system_auth
+    - var_password_pam_remember_control_flag=required
+    - var_password_pam_remember=5
+    - set_password_hashing_algorithm_systemauth
+    - accounts_maximum_age_login_defs
+    - var_accounts_maximum_age_login_defs=365
+    - accounts_password_set_max_life_existing
+    - accounts_minimum_age_login_defs
+    - var_accounts_minimum_age_login_defs=7
+    - accounts_password_set_min_life_existing
+    - accounts_password_warn_age_login_defs
+    - var_accounts_password_warn_age_login_defs=7
+    - account_disable_post_pw_expiration
+    - var_account_disable_post_pw_expiration=30
+    - no_shelllogin_for_systemaccounts
+    - accounts_tmout
+    - var_accounts_tmout=15_min
+    - accounts_root_gid_zero
+    - accounts_umask_etc_bashrc
+    - accounts_umask_etc_login_defs
+    - use_pam_wheel_for_su
+    - sshd_allow_only_protocol2
+    - journald_forward_to_syslog
+    - journald_compress
+    - journald_storage
+    - service_auditd_enabled
+    - service_httpd_disabled
+    - service_vsftpd_disabled
+    - service_named_disabled
+    - service_nfs_disabled
+    - service_rpcbind_disabled
+    - service_slapd_disabled
+    - service_dhcpd_disabled
+    - service_cups_disabled
+    - service_ypserv_disabled
+    - service_rsyncd_disabled
+    - service_avahi-daemon_disabled
+    - service_snmpd_disabled
+    - service_squid_disabled
+    - service_smb_disabled
+    - service_dovecot_disabled
+    - banner_etc_motd
+    - login_banner_text=cis_banners
+    - banner_etc_issue
+    - login_banner_text=cis_banners
+    - file_groupowner_etc_motd
+    - file_owner_etc_motd
+    - file_permissions_etc_motd
+    - file_groupowner_etc_issue
+    - file_owner_etc_issue
+    - file_permissions_etc_issue
+    - ensure_gpgcheck_globally_activated
+    - package_aide_installed
+    - aide_periodic_cron_checking
+    - grub2_password
+    - file_groupowner_grub2_cfg
+    - file_owner_grub2_cfg
+    - file_permissions_grub2_cfg
+    - require_singleuser_auth
+    - require_emergency_target_auth
+    - disable_users_coredumps
+    - coredump_disable_backtraces
+    - coredump_disable_storage
+    - configure_crypto_policy
+    - var_system_crypto_policy=default_policy
+    - dir_perms_world_writable_sticky_bits
+     - file_permissions_etc_passwd
+    - file_owner_etc_shadow
+    - file_groupowner_etc_shadow
+    - file_groupowner_etc_group
+    - file_owner_etc_group
+    - file_permissions_etc_group
+    - file_groupowner_etc_gshadow
+    - file_owner_etc_gshadow
+    - file_groupowner_backup_etc_passwd
+    - file_owner_backup_etc_passwd
+    - file_permissions_backup_etc_passwd
+    - file_groupowner_backup_etc_shadow
+    - file_owner_backup_etc_shadow
+    - file_permissions_backup_etc_shadow
+    - file_groupowner_backup_etc_group
+    - file_owner_backup_etc_group
+    - file_permissions_backup_etc_group
+    - file_groupowner_backup_etc_gshadow
+    - file_owner_backup_etc_gshadow
+    - file_permissions_backup_etc_gshadow
+    - file_permissions_unauthorized_world_writable
+    - file_permissions_ungroupowned
+    - accounts_root_path_dirs_no_write
+    - root_path_no_dot
+    - accounts_no_uid_except_zero
+    - file_ownership_home_directories
+    - file_groupownership_home_directories
+    - no_netrc_files
+    - no_rsh_trust_files
+    - account_unique_id
+    - group_unique_id
+    - group_unique_name
+    - kernel_module_sctp_disabled
+    - kernel_module_dccp_disabled
+    - wireless_disable_interfaces
+    - sysctl_net_ipv4_ip_forward
+    - sysctl_net_ipv6_conf_all_forwarding
+    - sysctl_net_ipv6_conf_all_forwarding_value=disabled
+    - sysctl_net_ipv4_conf_all_send_redirects
+    - sysctl_net_ipv4_conf_default_send_redirects
+    - sysctl_net_ipv4_conf_all_accept_source_route
+    - sysctl_net_ipv4_conf_all_accept_source_route_value=disabled
+    - sysctl_net_ipv4_conf_default_accept_source_route
+    - sysctl_net_ipv4_conf_default_accept_source_route_value=disabled
+    - sysctl_net_ipv6_conf_all_accept_source_route
+    - sysctl_net_ipv6_conf_all_accept_source_route_value=disabled
+    - sysctl_net_ipv6_conf_default_accept_source_route
+    - sysctl_net_ipv6_conf_default_accept_source_route_value=disabled
+    - sysctl_net_ipv4_conf_all_accept_redirects
+    - sysctl_net_ipv4_conf_all_accept_redirects_value=disabled
+    - sysctl_net_ipv4_conf_default_accept_redirects
+    - sysctl_net_ipv4_conf_default_accept_redirects_value=disabled
+    - sysctl_net_ipv6_conf_all_accept_redirects
+    - sysctl_net_ipv6_conf_all_accept_redirects_value=disabled
+    - sysctl_net_ipv6_conf_default_accept_redirects
+    - sysctl_net_ipv6_conf_default_accept_redirects_value=disabled
+    - sysctl_net_ipv4_conf_all_secure_redirects
+    - sysctl_net_ipv4_conf_all_secure_redirects_value=disabled
+    - sysctl_net_ipv4_conf_default_secure_redirects
+    - sysctl_net_ipv4_conf_default_secure_redirects_value=disabled
+    - sysctl_net_ipv4_conf_all_log_martians
+    - sysctl_net_ipv4_conf_all_log_martians_value=enabled
+    - sysctl_net_ipv4_conf_default_log_martians
+    - sysctl_net_ipv4_conf_default_log_martians_value=enabled
+    - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
+    - sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value=enabled
+    - sysctl_net_ipv4_icmp_ignore_bogus_error_responses
+    - sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled
+    - sysctl_net_ipv4_conf_all_rp_filter
+    - sysctl_net_ipv4_conf_all_rp_filter_value=enabled
+    - sysctl_net_ipv4_conf_default_rp_filter
+    - sysctl_net_ipv4_conf_default_rp_filter_value=enabled
+    - sysctl_net_ipv4_tcp_syncookies
+    - sysctl_net_ipv4_tcp_syncookies_value=enabled
+    - sysctl_net_ipv6_conf_all_accept_ra
+    - sysctl_net_ipv6_conf_all_accept_ra_value=disabled
+    - sysctl_net_ipv6_conf_default_accept_ra
+    - sysctl_net_ipv6_conf_default_accept_ra_value=disabled
+    - package_firewalld_installed
+    - service_firewalld_enabled
+    - package_iptables_installed
+-- 
+2.34.1
diff --git a/recipes-compliance/scap-security-guide/files/run_eval.sh b/recipes-compliance/scap-security-guide/files/run_eval.sh
new file mode 100644
index 0000000..cc79bac
--- /dev/null
+++ b/recipes-compliance/scap-security-guide/files/run_eval.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+oscap xccdf eval --results results.xml --report report.html --profile xccdf_org.ssgproject.content_profile_standard /usr/share/xml/scap/ssg/content/ssg-openembedded-ds.xml
diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb
index 420a6d8..a9023ec 100644
--- a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb
+++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb
@@ -8,7 +8,10 @@ LICENSE = "BSD-3-Clause"
 SRCREV = "dad85502ce8da722a6afc391346c41cee61e90a9"
 SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=master;protocol=https \
-           file://0001-scap-security-guide-add-openembedded.patch "
+           file://0001-scap-security-guide-add-openembedded.patch \
+           file://0001-standard.profile-expand-checks.patch \
+           file://run_eval.sh \
+           "
 DEPENDS = "openscap-native python3-pyyaml-native python3-jinja2-native libxml2-native expat-native coreutils-native"
@@ -29,6 +32,11 @@ do_configure:prepend () {
    sed -i -e 's:NAMES\ grep:NAMES\ ${HOSTTOOLS_DIR}/grep:g' ${S}/CMakeLists.txt
 }
-FILES:${PN} += "${datadir}/xml"
+do_install:append() {
+    install -d ${D}${datadir}/openscap
+    install  ${WORKDIR}/run_eval.sh ${D}${datadir}/openscap/.
+}
+FILES:${PN} += "${datadir}/xml ${datadir}/openscap"
 RDEPENDS:${PN} = "openscap"

diff --git a/recipes-compliance/scap-security-guide/files/0001-standard.profile-expand-checks.patch b/recipes-compliance/scap-security-guide/files/0001-standard.profile-expand-checks.patch new file mode 100644 index 0000000..0621360 --- /dev/null +++ b/recipes-compliance/scap-security-guide/files/0001-standard.profile-expand-checks.patch
@@ -0,0 +1,228 @@
		1	From 7af2da3bbe1d5b4cba89c6dae9ea267717b865ea Mon Sep 17 00:00:00 2001
		2	From: Armin Kuster <akuster808@gmail.com>
		3	Date: Wed, 21 Jun 2023 07:46:38 -0400
		4	Subject: [PATCH] standard.profile: expand checks
		5
		6	Signed-off-by: Armin Kuster <akuster808@gmail.com>
		7	---
		8	.../openembedded/profiles/standard.profile \| 206 ++++++++++++++++++
		9	1 file changed, 206 insertions(+)
		10
		11	diff --git a/products/openembedded/profiles/standard.profile b/products/openembedded/profiles/standard.profile
		12	index 44339d716c..877d1a3971 100644
		13	--- a/products/openembedded/profiles/standard.profile
		14	+++ b/products/openembedded/profiles/standard.profile
		15	@@ -9,4 +9,210 @@ description: \|-
		16	selections:
		17	- file_owner_etc_passwd
		18	- file_groupowner_etc_passwd
		19	+ - service_crond_enabled
		20	+ - file_groupowner_crontab
		21	+ - file_owner_crontab
		22	+ - file_permissions_crontab
		23	+ - file_groupowner_cron_hourly
		24	+ - file_owner_cron_hourly
		25	+ - file_permissions_cron_hourly
		26	+ - file_groupowner_cron_daily
		27	+ - file_owner_cron_daily
		28	+ - file_permissions_cron_daily
		29	+ - file_groupowner_cron_weekly
		30	+ - file_owner_cron_weekly
		31	+ - file_permissions_cron_weekly
		32	+ - file_groupowner_cron_monthly
		33	+ - file_owner_cron_monthly
		34	+ - file_permissions_cron_monthly
		35	+ - file_groupowner_cron_d
		36	+ - file_owner_cron_d
		37	+ - file_permissions_cron_d
		38	+ - file_groupowner_cron_allow
		39	+ - file_owner_cron_allow
		40	+ - file_cron_deny_not_exist
		41	+ - file_groupowner_at_allow
		42	+ - file_owner_at_allow
		43	+ - file_at_deny_not_exist
		44	+ - file_permissions_at_allow
		45	+ - file_permissions_cron_allow
		46	+ - file_groupowner_sshd_config
		47	+ - file_owner_sshd_config
		48	+ - file_permissions_sshd_config
		49	+ - file_permissions_sshd_private_key
		50	+ - file_permissions_sshd_pub_key
		51	+ - sshd_set_loglevel_verbose
		52	+ - sshd_set_loglevel_info
		53	+ - sshd_max_auth_tries_value=4
		54	+ - sshd_set_max_auth_tries
		55	+ - sshd_disable_rhosts
		56	+ - disable_host_auth
		57	+ - sshd_disable_root_login
		58	+ - sshd_disable_empty_passwords
		59	+ - sshd_do_not_permit_user_env
		60	+ - sshd_idle_timeout_value=15_minutes
		61	+ - sshd_set_idle_timeout
		62	+ - sshd_set_keepalive
		63	+ - var_sshd_set_keepalive=0
		64	+ - sshd_set_login_grace_time
		65	+ - var_sshd_set_login_grace_time=60
		66	+ - sshd_enable_warning_banner
		67	+ - sshd_enable_pam
		68	+ - sshd_set_maxstartups
		69	+ - var_sshd_set_maxstartups=10:30:60
		70	+ - sshd_set_max_sessions
		71	+ - var_sshd_max_sessions=10
		72	+ - accounts_password_pam_minclass
		73	+ - accounts_password_pam_minlen
		74	+ - accounts_password_pam_retry
		75	+ - var_password_pam_minclass=4
		76	+ - var_password_pam_minlen=14
		77	+ - locking_out_password_attempts
		78	+ - accounts_password_pam_pwhistory_remember_password_auth
		79	+ - accounts_password_pam_pwhistory_remember_system_auth
		80	+ - var_password_pam_remember_control_flag=required
		81	+ - var_password_pam_remember=5
		82	+ - set_password_hashing_algorithm_systemauth
		83	+ - accounts_maximum_age_login_defs
		84	+ - var_accounts_maximum_age_login_defs=365
		85	+ - accounts_password_set_max_life_existing
		86	+ - accounts_minimum_age_login_defs
		87	+ - var_accounts_minimum_age_login_defs=7
		88	+ - accounts_password_set_min_life_existing
		89	+ - accounts_password_warn_age_login_defs
		90	+ - var_accounts_password_warn_age_login_defs=7
		91	+ - account_disable_post_pw_expiration
		92	+ - var_account_disable_post_pw_expiration=30
		93	+ - no_shelllogin_for_systemaccounts
		94	+ - accounts_tmout
		95	+ - var_accounts_tmout=15_min
		96	+ - accounts_root_gid_zero
		97	+ - accounts_umask_etc_bashrc
		98	+ - accounts_umask_etc_login_defs
		99	+ - use_pam_wheel_for_su
		100	+ - sshd_allow_only_protocol2
		101	+ - journald_forward_to_syslog
		102	+ - journald_compress
		103	+ - journald_storage
		104	+ - service_auditd_enabled
		105	+ - service_httpd_disabled
		106	+ - service_vsftpd_disabled
		107	+ - service_named_disabled
		108	+ - service_nfs_disabled
		109	+ - service_rpcbind_disabled
		110	+ - service_slapd_disabled
		111	+ - service_dhcpd_disabled
		112	+ - service_cups_disabled
		113	+ - service_ypserv_disabled
		114	+ - service_rsyncd_disabled
		115	+ - service_avahi-daemon_disabled
		116	+ - service_snmpd_disabled
		117	+ - service_squid_disabled
		118	+ - service_smb_disabled
		119	+ - service_dovecot_disabled
		120	+ - banner_etc_motd
		121	+ - login_banner_text=cis_banners
		122	+ - banner_etc_issue
		123	+ - login_banner_text=cis_banners
		124	+ - file_groupowner_etc_motd
		125	+ - file_owner_etc_motd
		126	+ - file_permissions_etc_motd
		127	+ - file_groupowner_etc_issue
		128	+ - file_owner_etc_issue
		129	+ - file_permissions_etc_issue
		130	+ - ensure_gpgcheck_globally_activated
		131	+ - package_aide_installed
		132	+ - aide_periodic_cron_checking
		133	+ - grub2_password
		134	+ - file_groupowner_grub2_cfg
		135	+ - file_owner_grub2_cfg
		136	+ - file_permissions_grub2_cfg
		137	+ - require_singleuser_auth
		138	+ - require_emergency_target_auth
		139	+ - disable_users_coredumps
		140	+ - coredump_disable_backtraces
		141	+ - coredump_disable_storage
		142	+ - configure_crypto_policy
		143	+ - var_system_crypto_policy=default_policy
		144	+ - dir_perms_world_writable_sticky_bits
		145	- file_permissions_etc_passwd
		146	+ - file_owner_etc_shadow
		147	+ - file_groupowner_etc_shadow
		148	+ - file_groupowner_etc_group
		149	+ - file_owner_etc_group
		150	+ - file_permissions_etc_group
		151	+ - file_groupowner_etc_gshadow
		152	+ - file_owner_etc_gshadow
		153	+ - file_groupowner_backup_etc_passwd
		154	+ - file_owner_backup_etc_passwd
		155	+ - file_permissions_backup_etc_passwd
		156	+ - file_groupowner_backup_etc_shadow
		157	+ - file_owner_backup_etc_shadow
		158	+ - file_permissions_backup_etc_shadow
		159	+ - file_groupowner_backup_etc_group
		160	+ - file_owner_backup_etc_group
		161	+ - file_permissions_backup_etc_group
		162	+ - file_groupowner_backup_etc_gshadow
		163	+ - file_owner_backup_etc_gshadow
		164	+ - file_permissions_backup_etc_gshadow
		165	+ - file_permissions_unauthorized_world_writable
		166	+ - file_permissions_ungroupowned
		167	+ - accounts_root_path_dirs_no_write
		168	+ - root_path_no_dot
		169	+ - accounts_no_uid_except_zero
		170	+ - file_ownership_home_directories
		171	+ - file_groupownership_home_directories
		172	+ - no_netrc_files
		173	+ - no_rsh_trust_files
		174	+ - account_unique_id
		175	+ - group_unique_id
		176	+ - group_unique_name
		177	+ - kernel_module_sctp_disabled
		178	+ - kernel_module_dccp_disabled
		179	+ - wireless_disable_interfaces
		180	+ - sysctl_net_ipv4_ip_forward
		181	+ - sysctl_net_ipv6_conf_all_forwarding
		182	+ - sysctl_net_ipv6_conf_all_forwarding_value=disabled
		183	+ - sysctl_net_ipv4_conf_all_send_redirects
		184	+ - sysctl_net_ipv4_conf_default_send_redirects
		185	+ - sysctl_net_ipv4_conf_all_accept_source_route
		186	+ - sysctl_net_ipv4_conf_all_accept_source_route_value=disabled
		187	+ - sysctl_net_ipv4_conf_default_accept_source_route
		188	+ - sysctl_net_ipv4_conf_default_accept_source_route_value=disabled
		189	+ - sysctl_net_ipv6_conf_all_accept_source_route
		190	+ - sysctl_net_ipv6_conf_all_accept_source_route_value=disabled
		191	+ - sysctl_net_ipv6_conf_default_accept_source_route
		192	+ - sysctl_net_ipv6_conf_default_accept_source_route_value=disabled
		193	+ - sysctl_net_ipv4_conf_all_accept_redirects
		194	+ - sysctl_net_ipv4_conf_all_accept_redirects_value=disabled
		195	+ - sysctl_net_ipv4_conf_default_accept_redirects
		196	+ - sysctl_net_ipv4_conf_default_accept_redirects_value=disabled
		197	+ - sysctl_net_ipv6_conf_all_accept_redirects
		198	+ - sysctl_net_ipv6_conf_all_accept_redirects_value=disabled
		199	+ - sysctl_net_ipv6_conf_default_accept_redirects
		200	+ - sysctl_net_ipv6_conf_default_accept_redirects_value=disabled
		201	+ - sysctl_net_ipv4_conf_all_secure_redirects
		202	+ - sysctl_net_ipv4_conf_all_secure_redirects_value=disabled
		203	+ - sysctl_net_ipv4_conf_default_secure_redirects
		204	+ - sysctl_net_ipv4_conf_default_secure_redirects_value=disabled
		205	+ - sysctl_net_ipv4_conf_all_log_martians
		206	+ - sysctl_net_ipv4_conf_all_log_martians_value=enabled
		207	+ - sysctl_net_ipv4_conf_default_log_martians
		208	+ - sysctl_net_ipv4_conf_default_log_martians_value=enabled
		209	+ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
		210	+ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value=enabled
		211	+ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses
		212	+ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled
		213	+ - sysctl_net_ipv4_conf_all_rp_filter
		214	+ - sysctl_net_ipv4_conf_all_rp_filter_value=enabled
		215	+ - sysctl_net_ipv4_conf_default_rp_filter
		216	+ - sysctl_net_ipv4_conf_default_rp_filter_value=enabled
		217	+ - sysctl_net_ipv4_tcp_syncookies
		218	+ - sysctl_net_ipv4_tcp_syncookies_value=enabled
		219	+ - sysctl_net_ipv6_conf_all_accept_ra
		220	+ - sysctl_net_ipv6_conf_all_accept_ra_value=disabled
		221	+ - sysctl_net_ipv6_conf_default_accept_ra
		222	+ - sysctl_net_ipv6_conf_default_accept_ra_value=disabled
		223	+ - package_firewalld_installed
		224	+ - service_firewalld_enabled
		225	+ - package_iptables_installed
		226	--
		227	2.34.1
		228


diff --git a/recipes-compliance/scap-security-guide/files/run_eval.sh b/recipes-compliance/scap-security-guide/files/run_eval.sh new file mode 100644 index 0000000..cc79bac --- /dev/null +++ b/recipes-compliance/scap-security-guide/files/run_eval.sh
@@ -0,0 +1,3 @@
		1	#!/bin/sh
		2
		3	oscap xccdf eval --results results.xml --report report.html --profile xccdf_org.ssgproject.content_profile_standard /usr/share/xml/scap/ssg/content/ssg-openembedded-ds.xml


diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb index 420a6d8..a9023ec 100644 --- a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb +++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.67.bb
@@ -8,7 +8,10 @@ LICENSE = "BSD-3-Clause"
8		8
9	SRCREV = "dad85502ce8da722a6afc391346c41cee61e90a9"	9	SRCREV = "dad85502ce8da722a6afc391346c41cee61e90a9"
10	SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=master;protocol=https \	10	SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=master;protocol=https \
11	file://0001-scap-security-guide-add-openembedded.patch "	11	file://0001-scap-security-guide-add-openembedded.patch \
		12	file://0001-standard.profile-expand-checks.patch \
		13	file://run_eval.sh \
		14	"
12		15
13		16
14	DEPENDS = "openscap-native python3-pyyaml-native python3-jinja2-native libxml2-native expat-native coreutils-native"	17	DEPENDS = "openscap-native python3-pyyaml-native python3-jinja2-native libxml2-native expat-native coreutils-native"
@@ -29,6 +32,11 @@ do_configure:prepend () {
29	sed -i -e 's:NAMES\ grep:NAMES\ ${HOSTTOOLS_DIR}/grep:g' ${S}/CMakeLists.txt	32	sed -i -e 's:NAMES\ grep:NAMES\ ${HOSTTOOLS_DIR}/grep:g' ${S}/CMakeLists.txt
30	}	33	}
31		34
32	FILES:${PN} += "${datadir}/xml"	35	do_install:append() {
		36	install -d ${D}${datadir}/openscap
		37	install ${WORKDIR}/run_eval.sh ${D}${datadir}/openscap/.
		38	}
		39
		40	FILES:${PN} += "${datadir}/xml ${datadir}/openscap"
33		41
34	RDEPENDS:${PN} = "openscap"	42	RDEPENDS:${PN} = "openscap"