Package scap-security-guide-0.1.72-2.el8_9.noarch
| Name | scap-security-guide |
|---|---|
| Epoch | 0 |
| Version | 0.1.72 |
| Release | 2.el8_9 |
| Architecture | noarch |
| Website/URL | https://github.com/ComplianceAsCode/content/ |
| License | BSD-3-Clause |
| Build Time | 2024-03-13 16:44:52 |
| Build Host | builder-x86-09.inferitos.ru |
| Summary | Security guidance and baselines in SCAP formats |
| Repositories | AppStream |
| Description | The scap-security-guide project provides a guide for configuration of the system from the final system's security point of view. The guidance is specified in the Security Content Automation Protocol (SCAP) format and constitutes a catalog of practical hardening advice, linked to government requirements where applicable. The project bridges the gap between generalized policy requirements and specific implementation guidelines. The system administrator can use the oscap CLI tool from openscap-scanner package, or the scap-workbench GUI tool from scap-workbench package to verify that the system conforms to provided guideline. Refer to scap-security-guide(8) manual page for further information. |
| Errata | — |
| Size | 14174 KiB |
| Source Project | scap-security-guide-0.1.72-2.el8_9 |
| SHA-256 checksum | 081eb60242bbd85de2bfe20fc0ed409a2708230e7e3503f2b0637e2fe6f3107e |
×
![Full screenshot]()
* Fri Feb 16 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-2 - Unlist profiles no longer maintained in RHEL8. * Wed Feb 14 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-1 - Rebase to a new upstream release 0.1.72 (RHEL-25250) - Increase CIS standards coverage regarding SSH and cron (RHEL-1314) - Increase compatibility of accounts_tmout rule for ksh (RHEL-16896 and RHEL-1811) - Align Ansible and Bash remediation in sssd_certificate_verification rule (RHEL-1313) - Add a warning to rule service_rngd_enabled about rule applicability (RHEL-1819) - Add rule to terminate idle user sessions after defined time (RHEL-1801) - Allow spaces around equal sign in /etc/sudoers (RHEL-1904) - Add remediation for rule fapolicy_default_deny (RHEL-1817) - Fix invalid syntax in file /usr/share/scap-security-guide/ansible/rhel8-playbook-ospp.yml (RHEL-19127) - Refactor ensure_pam_wheel_group_empty (RHEL-1905) - Prevent remediation of display_login_attempts rule from creating redundant configuration entries (RHEL-1809) - Update PCI-DSS to v4 (RHEL-1808) - Fix regex in Ansible remediation of configure_ssh_crypto_policy (RHEL-1820) * Thu Aug 17 2023 Vojtech Polasek <vpolasek@redhat.com> - 0.1.69-2 - remove problematic rule from ANSSI High profile (RHBZ#2221695) * Thu Aug 10 2023 Jan Černý <jcerny@redhat.com> - 0.1.69-1 - Rebase to a new upstream release 0.1.69 (RHBZ#2221695) - Fixed CCE link URL (RHBZ#2178516) - align remediations with rule description for rule configuring OpenSSL cryptopolicy (RHBZ#2192893) - Add rule audit_rules_login_events_faillock to STIG profile (RHBZ#2167999) - Fixed rules related to AIDE configuration (RHBZ#2175684) - Allow default permissions for files stored on EFI FAT partitions (RHBZ#2184487) - Add appropriate STIGID to accounts_passwords_pam_faillock_interval rule (RHBZ#2209073) - improved and unified OVAL checks checking for interactive users (RHBZ#2157877) - update ANSSI BP-028 profiles to be aligned with version 2.0 (RHBZ#2155789) - unify OVAL checks to correctly identify interactive users (RHBZ#2178740) - make rule checking for Postfix unrestricted relay accept more variants of valid configuration syntax (RHBZ#2170530) - Fixed excess quotes in journald configuration files (RHBZ#2169857) - rules related to polyinstantiated directories are not applied when building images for Image Builder (RHBZ#2130182) - evaluation and remediation of rules related to mount points have been enhanced for Image Builder (RHBZ#2130185) - do not enable FIPS mode when creating hardened images for Image Builder (RHBZ#2130181) - Correct URL used to download CVE checks (RHBZ#2222583) - mention exact required configuration value in description of some PAM related rules (RHBZ#2175882) - make mount point related rules not applicable when no such mount points exist (RHBZ#2176008) - improve checks determining if FIPS mode is enabled (RHBZ#2129100) * Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 0.1.66-2 - Rebuilt for MSVSphere 8.8 * Mon Feb 13 2023 Watson Sato <wsato@redhat.com> - 0.1.66-2 - Unselect rule logind_session_timeout (RHBZ#2158404) * Mon Feb 06 2023 Watson Sato <wsato@redhat.com> - 0.1.66-1 - Rebase to a new upstream release 0.1.66 (RHBZ#2158404) - Update RHEL8 STIG profile to V1R9 (RHBZ#2152658) - Fix levels of CIS rules (RHBZ#2162803) - Remove unused RHEL8 STIG control file (RHBZ#2156192) - Fix accounts_password_pam_unix_remember's check and remediations (RHBZ#2153547) - Fix handling of space in sudo_require_reauthentication (RHBZ#2152208) - Add rule for audit immutable login uids (RHBZ#2151553) - Fix remediation of audit watch rules (RHBZ#2119356) - Align file_permissions_sshd_private_key with DISA Benchmark (RHBZ#2115343) - Fix applicability of kerberos rules (RHBZ#2099394) - Add support rainer scripts in rsyslog rules (RHBZ#2072444) * Tue Jan 10 2023 Watson Sato <wsato@redhat.com> - 0.1.63-5 - Update RHEL8 STIG profile to V1R8 (RHBZ#2148446) - Add rule warning for sysctl IPv4 forwarding config (RHBZ#2118758) - Fix remediation for firewalld_sshd_port_enabled (RHBZ#2116474) - Fix compatibility with Ansible 2.14 * Wed Aug 17 2022 Watson Sato <wsato@redhat.com> - 0.1.63-4 - Fix check of enable_fips_mode on s390x (RHBZ#2070564) * Mon Aug 15 2022 Watson Sato <wsato@redhat.com> - 0.1.63-3 - Fix Ansible partition conditional (RHBZ#2032403)