[ol8_appstream] scap-security-guide-0.1.66-2.0.4.el8.noarch

Name:	scap-security-guide
Version:	0.1.66
Release:	2.0.4.el8
Architecture:	noarch
Group:	Applications/System
Size:	154586091
License:	BSD-3-Clause
RPM:	scap-security-guide-0.1.66-2.0.4.el8.noarch.rpm
Source RPM:	scap-security-guide-0.1.66-2.0.4.el8.src.rpm
Build Date:	Wed May 17 2023
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://github.com/ComplianceAsCode/content/
Summary:	Security guidance and baselines in SCAP formats
Description:	The scap-security-guide project provides a guide for configuration of the system from the final system's security point of view. The guidance is specified in the Security Content Automation Protocol (SCAP) format and constitutes a catalog of practical hardening advice, linked to government requirements where applicable. The project bridges the gap between generalized policy requirements and specific implementation guidelines. The system administrator can use the oscap CLI tool from openscap-scanner package, or the scap-workbench GUI tool from scap-workbench package to verify that the system conforms to provided guideline. Refer to scap-security-guide(8) manual page for further information.

Changelog (Show File list) (Show related packages)

Tue May 16 2023 Federico Ramírez <federico.r.ramirez@oracle.com> - 0.1.66-2.0.4
```
- Bump release version so it is not the same as for OL8.7 [JIRA: OLDIS-23758]
```

Tue May 16 2023 Federico Ramírez <federico.r.ramirez@oracle.com> - 0.1.66-2.0.3

- Fix ansible to content to manage correctly binary dirs when they have hardlinks. And
  manage correctly fstab entries where the mount point has a blank space in mount
  point [Orabug: 35338979]
- Update OVAL content to allow spaces in postfix configuration. And recognize locked
  accounts with hashed password in /etc/passwd [Orabug: 35338979]
- Add rule package_mailx_installed and ensure_oracle_gpgkey_installed to stig profile
  to cover new STIG ids OL08-00-010358 and OL08-00-010019 [Orabug: 35338979]
- Update references to reflect STIG V1R6 compliance [Orabug: 35338979]
- Update bash condition to recognize uefi applicability [Orabug: 35338979]

Fri Mar 31 2023 Federico Ramírez <federico.r.ramirez@oracle.com> - 0.1.66-2.0.2

- Introduce a new OVAL macro to consistently identify interactive users [Orabug: 35214522]
- Update accounts_user_dot_no_world_writable_programs rule to look for
 initialization files on the user's homedirs only and to prevent the search for
 world-writables to descend to other file systems [Orabug: 35214522]

Mon Feb 27 2023 Edgar Aguilar <edgar.aguilar@oracle.com> - 0.1.66-2.0.1

- Update rules dealing with sshd_config to look into files added to the include
 keyword [Orabug: 34893225]
- Update remediation in sebool_secure_mode_insmod which wasn't letting the system boot when
 running anssi-high profile [Orabug: 34893225]
- Update OL stig profile rule selection remove sshd_disable_compression [Orabug: 35017186]
- Introduce new rules, sshd_use_approved_kex_ordered_stig, configure_bashrc_tmux,
 configure_tmux_lock_keybinding [Orabug: 35017186]
- Update rules modifying pam files to handle /etc/pam.d/system-auth precedence over
 other configuration files [Orabug: 35017186]
- Update version of stig profiles to V1R5 [Orabug: 35017186]

Mon Feb 13 2023 Watson Sato <wsato@redhat.com> - 0.1.66-2
```
- Unselect rule logind_session_timeout (RHBZ#2158404)
```

Mon Feb 06 2023 Watson Sato <wsato@redhat.com> - 0.1.66-1

- Rebase to a new upstream release 0.1.66 (RHBZ#2158404)
- Update RHEL8 STIG profile to V1R9 (RHBZ#2152658)
- Fix levels of CIS rules (RHBZ#2162803)
- Remove unused RHEL8 STIG control file (RHBZ#2156192)
- Fix accounts_password_pam_unix_remember's check and remediations (RHBZ#2153547)
- Fix handling of space in sudo_require_reauthentication (RHBZ#2152208)
- Add rule for audit immutable login uids (RHBZ#2151553)
- Fix remediation of audit watch rules (RHBZ#2119356)
- Align file_permissions_sshd_private_key with DISA Benchmark (RHBZ#2115343)
- Fix applicability of kerberos rules (RHBZ#2099394)
- Add support rainer scripts in rsyslog rules (RHBZ#2072444)

Tue Jan 10 2023 Watson Sato <wsato@redhat.com> - 0.1.63-5

- Update RHEL8 STIG profile to V1R8 (RHBZ#2148446)
- Add rule warning for sysctl IPv4 forwarding config (RHBZ#2118758)
- Fix remediation for firewalld_sshd_port_enabled (RHBZ#2116474)
- Fix compatibility with Ansible 2.14

Wed Aug 17 2022 Watson Sato <wsato@redhat.com> - 0.1.63-4
```
- Fix check of enable_fips_mode on s390x (RHBZ#2070564)
```
Mon Aug 15 2022 Watson Sato <wsato@redhat.com> - 0.1.63-3
```
- Fix Ansible partition conditional (RHBZ#2032403)
```

Wed Aug 10 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-2

- aligning with the latest STIG update (RHBZ#2112937)
- OSPP: use Authselect minimal profile (RHBZ#2117192)
- OSPP: change rules for protecting of boot (RHBZ#2116440)
- add warning about configuring of TCP queues to rsyslog_remote_loghost (RHBZ#2078974)
- fix handling of Defaults clause in sudoers (RHBZ#2083109)
- make rules checking for mount options of /tmp and /var/tmp applicable only when the partition really exists (RHBZ#2032403)
- fix handling of Rsyslog include directives (RHBZ#2075384)