[ol8_appstream] scap-security-guide-0.1.69-2.0.1.el8_8.noarch

Name:	scap-security-guide
Version:	0.1.69
Release:	2.0.1.el8_8
Architecture:	noarch
Group:	Applications/System
Size:	161818137
License:	BSD-3-Clause
RPM:	scap-security-guide-0.1.69-2.0.1.el8_8.noarch.rpm
Source RPM:	scap-security-guide-0.1.69-2.0.1.el8_8.src.rpm
Build Date:	Fri Oct 06 2023
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://github.com/ComplianceAsCode/content/
Summary:	Security guidance and baselines in SCAP formats
Description:	The scap-security-guide project provides a guide for configuration of the system from the final system's security point of view. The guidance is specified in the Security Content Automation Protocol (SCAP) format and constitutes a catalog of practical hardening advice, linked to government requirements where applicable. The project bridges the gap between generalized policy requirements and specific implementation guidelines. The system administrator can use the oscap CLI tool from openscap-scanner package, or the scap-workbench GUI tool from scap-workbench package to verify that the system conforms to provided guideline. Refer to scap-security-guide(8) manual page for further information.

Changelog (Show File list) (Show related packages)

Fri Sep 22 2023 Federico Ramírez <federico.r.ramirez@oracle.com> - 0.1.69-2.0.1

- Update STIG rule selection [Orabug: 35663552]
- Update ssh MACs and Ciphers allowed by STIG profile [Orabug: 35663552]
- Update references to reflect STIG V1R7 compliance [Orabug: 35663552]
- Fix unreachable code in sssd_enable_smartcards bash remediation [Orabug: 35663552]
- Update regex to better find included files in sshd_config [Orabug: 35663552]
- Fix false-negatives in sshd_use_approved_kex_ordered_stig OVAL [Orabug: 35876286]
- Update regex in ansible for sshd_lineinfile template to take into account
  leading blank space [Orabug: 35875779]
- Fix regex in remediation content for accounts_umask rules [Orabug: 35875779]

Thu Aug 17 2023 Vojtech Polasek <vpolasek@redhat.com> - 0.1.69-2

- remove problematic rule from ANSSI High profile (RHBZ#2221695)

Thu Aug 10 2023 Jan Černý <jcerny@redhat.com> - 0.1.69-1

- Rebase to a new upstream release 0.1.69 (RHBZ#2221695)
- Fixed CCE link URL (RHBZ#2178516)
- align remediations with rule description for rule configuring OpenSSL cryptopolicy (RHBZ#2192893)
- Add rule audit_rules_login_events_faillock to STIG profile (RHBZ#2167999)
- Fixed rules related to AIDE configuration (RHBZ#2175684)
- Allow default permissions for files stored on EFI FAT partitions (RHBZ#2184487)
- Add appropriate STIGID to accounts_passwords_pam_faillock_interval rule (RHBZ#2209073)
- improved and unified OVAL checks checking for interactive users (RHBZ#2157877)
- update ANSSI BP-028 profiles to be aligned with version 2.0 (RHBZ#2155789)
- unify OVAL checks to correctly identify interactive users (RHBZ#2178740)
- make rule checking for Postfix unrestricted relay accept more variants of valid configuration syntax (RHBZ#2170530)
- Fixed excess quotes in journald configuration files (RHBZ#2169857)
- rules related to polyinstantiated directories are not applied when building images for Image Builder (RHBZ#2130182)
- evaluation and remediation of rules related to mount points have been enhanced for Image Builder (RHBZ#2130185)
- do not enable FIPS mode when creating hardened images for Image Builder (RHBZ#2130181)
- Correct URL used to download CVE checks (RHBZ#2222583)
- mention exact required configuration value in description of some PAM related rules (RHBZ#2175882)
- make mount point related rules not applicable when no such mount points exist (RHBZ#2176008)
- improve checks determining if FIPS mode is enabled (RHBZ#2129100)

Mon Feb 13 2023 Watson Sato <wsato@redhat.com> - 0.1.66-2
```
- Unselect rule logind_session_timeout (RHBZ#2158404)
```

Mon Feb 06 2023 Watson Sato <wsato@redhat.com> - 0.1.66-1

- Rebase to a new upstream release 0.1.66 (RHBZ#2158404)
- Update RHEL8 STIG profile to V1R9 (RHBZ#2152658)
- Fix levels of CIS rules (RHBZ#2162803)
- Remove unused RHEL8 STIG control file (RHBZ#2156192)
- Fix accounts_password_pam_unix_remember's check and remediations (RHBZ#2153547)
- Fix handling of space in sudo_require_reauthentication (RHBZ#2152208)
- Add rule for audit immutable login uids (RHBZ#2151553)
- Fix remediation of audit watch rules (RHBZ#2119356)
- Align file_permissions_sshd_private_key with DISA Benchmark (RHBZ#2115343)
- Fix applicability of kerberos rules (RHBZ#2099394)
- Add support rainer scripts in rsyslog rules (RHBZ#2072444)

Tue Jan 10 2023 Watson Sato <wsato@redhat.com> - 0.1.63-5

- Update RHEL8 STIG profile to V1R8 (RHBZ#2148446)
- Add rule warning for sysctl IPv4 forwarding config (RHBZ#2118758)
- Fix remediation for firewalld_sshd_port_enabled (RHBZ#2116474)
- Fix compatibility with Ansible 2.14

Wed Aug 17 2022 Watson Sato <wsato@redhat.com> - 0.1.63-4
```
- Fix check of enable_fips_mode on s390x (RHBZ#2070564)
```
Mon Aug 15 2022 Watson Sato <wsato@redhat.com> - 0.1.63-3
```
- Fix Ansible partition conditional (RHBZ#2032403)
```

Wed Aug 10 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-2

- aligning with the latest STIG update (RHBZ#2112937)
- OSPP: use Authselect minimal profile (RHBZ#2117192)
- OSPP: change rules for protecting of boot (RHBZ#2116440)
- add warning about configuring of TCP queues to rsyslog_remote_loghost (RHBZ#2078974)
- fix handling of Defaults clause in sudoers (RHBZ#2083109)
- make rules checking for mount options of /tmp and /var/tmp applicable only when the partition really exists (RHBZ#2032403)
- fix handling of Rsyslog include directives (RHBZ#2075384)

Mon Aug 01 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-1
```
- Rebase to a new upstream release 0.1.63 (RHBZ#2070564)
```