[ol8_appstream] scap-security-guide-0.1.63-4.0.2.el8.noarch

Name:	scap-security-guide
Version:	0.1.63
Release:	4.0.2.el8
Architecture:	noarch
Group:	Applications/System
Size:	144981215
License:	BSD-3-Clause
RPM:	scap-security-guide-0.1.63-4.0.2.el8.noarch.rpm
Source RPM:	scap-security-guide-0.1.63-4.0.2.el8.src.rpm
Build Date:	Mon Dec 19 2022
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://github.com/ComplianceAsCode/content/
Summary:	Security guidance and baselines in SCAP formats
Description:	The scap-security-guide project provides a guide for configuration of the system from the final system's security point of view. The guidance is specified in the Security Content Automation Protocol (SCAP) format and constitutes a catalog of practical hardening advice, linked to government requirements where applicable. The project bridges the gap between generalized policy requirements and specific implementation guidelines. The system administrator can use the oscap CLI tool from openscap-scanner package, or the scap-workbench GUI tool from scap-workbench package to verify that the system conforms to provided guideline. Refer to scap-security-guide(8) manual page for further information.

Changelog (Show File list) (Show related packages)

Wed Dec 14 2022 Edgar Aguilar <edgar.aguilar@oracle.com> - 0.1.63-4.0.2

- Update rules that modify pwquality.conf to delete confs in pwquality.conf.d
 so it ensures no wrong confs exist [Orabug: 34893225]
- Allow several non-conflicting entries of the timestamp_timeout config entry
 in sudoers files [Orabug: 34893225]
- Update fapolicy_default_deny to look into compiled.rules [Orabug: 34893225]
- Align OL08-00-020352 better by ignoring .bash_history file, and OL08-00-010120
 by better detect locked passwords [Orabug: 34893225]
- Update rules dealing with sshd_config to look into files added to the include
 keyword [Orabug: 34893225]
- Update remediations in two rules which wasn't letting the system boot when
 running anssi-high profile [Orabug: 34893225]
- Update STIG version to V1R4 [Orabug: 34893225]
- Update  rules accounts_password_set_min_life_existing and
 accounts_password_set_max_life_existing to ignore non-interactive users
 [Orabug: 34905591]

Mon Oct 03 2022 Edgar Aguilar <edgar.aguilar@oracle.com> - 0.1.63-4.0.1

- Update rules related to pam pwhistory remember module to allow both
 requisite and required control values [Orabug: 34660199]
- Update accounts_password_pam_retry rule to align it with DISA requirements
 OL08-00-020102, OL08-00-020103, and OL08-00-020104 [Orabug: 34660199]
- Create mount_option_home and use it in OL8 [Orabug: 34660199]
- Update rule no_empty_passwords to include the password-auth file in
 OVAL check and rule wording [Orabug: 34660199]
- Introduce the rule accounts_passwords_pam_faillock_dir to cover
 DISA requirements OL08-00-020016 and OL08-00-020017 [Orabug: 34660199]
- Introduce rule account_disable_inactivity_system_auth to cover
 DISA requirement OL08-00-020260 [Orabug: 34660199]
- Add automation content to rule accounts_passwords_pam_faillock_audit and include
 it in the OL8 stig profile [Orabug: 34660199]
- Add OVAL content to rule fapolicy_default_deny and include it on the
 OL8 stig profile [Orabug: 34660199]
- Add automation content to rule rule account_password_selinux_faillock_dir
 and include it on the OL8 stig profile [Orabug: 34660199]
- Create rule to cover DISA requirements OL08-00-020018 and OL08-00-020019 [Orabug: 34660199]
- Update sysctl template OVAL [Orabug: 34660199]
- Update accounts_password template OVAL [Orabug: 34660199]

Wed Aug 17 2022 Watson Sato <wsato@redhat.com> - 0.1.63-4
```
- Fix check of enable_fips_mode on s390x (RHBZ#2070564)
```
Mon Aug 15 2022 Watson Sato <wsato@redhat.com> - 0.1.63-3
```
- Fix Ansible partition conditional (RHBZ#2032403)
```

Wed Aug 10 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-2

- aligning with the latest STIG update (RHBZ#2112937)
- OSPP: use Authselect minimal profile (RHBZ#2117192)
- OSPP: change rules for protecting of boot (RHBZ#2116440)
- add warning about configuring of TCP queues to rsyslog_remote_loghost (RHBZ#2078974)
- fix handling of Defaults clause in sudoers (RHBZ#2083109)
- make rules checking for mount options of /tmp and /var/tmp applicable only when the partition really exists (RHBZ#2032403)
- fix handling of Rsyslog include directives (RHBZ#2075384)

Mon Aug 01 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-1
```
- Rebase to a new upstream release 0.1.63 (RHBZ#2070564)
```
Wed Jun 01 2022 Matej Tyc <matyc@redhat.com> - 0.1.62-1
```
- Rebase to a new upstream release (RHBZ#2070564)
```

Tue May 17 2022 Watson Sato <wsato@redhat.com> - 0.1.60-9

- Fix validation of OVAL 5.10 content (RHBZ#2079241)
- Fix Ansible sysctl remediation (RHBZ#2079241)

Tue May 03 2022 Watson Sato <wsato@redhat.com> - 0.1.60-8

- Update to ensure a sysctl option is not defined in multiple files (RHBZ#2079241)
- Update RHEL8 STIG profile to V1R6 (RHBZ#2079241)

Thu Feb 24 2022 Watson Sato <wsato@redhat.com> - 0.1.60-7

- Resize ANSSI kickstart partitions to accommodate GUI installs (RHBZ#2058033)