Add rsyslog rainer support and rebase fixes

Resolves: rhbz#2169443 Resolves: rhbz#2169441 Resolves: rhbz#2169445
2023-02-13 17:52:36 +01:00 · 2023-02-13 17:52:36 +01:00 · 5e6a5eeb83
parent b734798dc6
commit 5e6a5eeb83
6 changed files with 5487 additions and 0 deletions
--- a/scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch
+++ b/scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch
@ -0,0 +1,106 @@
+From a8cea205d5f9f975ca03ef39e79d18698236cfe2 Mon Sep 17 00:00:00 2001
+From: Watson Sato <wsato@redhat.com>
+Date: Mon, 13 Feb 2023 17:49:14 +0100
+Subject: [PATCH 3/5] Change custom zones check in firewalld_sshd_port_enabled
+
+Patch-name: scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch
+Patch-status: Change custom zones check in firewalld_sshd_port_enabled
+---
+ .../oval/shared.xml                           | 68 +++++++++++++++----
+ 1 file changed, 54 insertions(+), 14 deletions(-)
+
+diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/oval/shared.xml
+index 4adef2e53f..d7c96665b4 100644
+--- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/oval/shared.xml
+++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/oval/shared.xml
+@@ -133,9 +133,10 @@
+          OVAL resources in order to detect and assess only active zone, which are zones with at
+          least one NIC assigned to it. Since it was possible to easily have the list of active
+          zones, it was cumbersome to use that list in other OVAL objects without introduce a high
+-         level of complexity to make sure environments with multiple NICs and multiple zones are
+-         in use. So, in favor of simplicity and readbility it was decided to work with a static
+-         list. It means that, in the future, it is possible this list needs to be updated. -->
+         level of complexity to ensure proper assessment in environments where multiple NICs and
+         multiple zones are in use. So, in favor of simplicity and readbility it was decided to
+         work with a static list. It means that, in the future, it is possible this list needs to
+         be updated. -->
+     <local_variable id="var_firewalld_sshd_port_enabled_default_zones" version="1"
+         datatype="string"
+         comment="Regex containing the list of zones files delivered in the firewalld package">
+@@ -145,23 +146,62 @@
+     <!-- If any default zone is modified by the administrator, the respective zone file is placed
+          in the /etc/firewalld/zones dir in order to override the default zone settings. The same
+          directory is applicable for new zones created by the administrator. Therefore, all files
+-         in this directory should also allow SSH. -->
+-    <ind:xmlfilecontent_test id="test_firewalld_sshd_port_enabled_zone_ssh_enabled_etc"
+         in this directory should also allow SSH.
+         This test was updated in a reaction to https://github.com/OpenSCAP/openscap/issues/1923,
+         which changed the behaviour of xmlfilecontent probe in OpenSCAP 1.3.7. Currently, a
+         variable test is the simplest way to check if all custom zones are allowing ssh, but have
+         an impact in transparency since the objects are not shown in reports. The transparency
+         impact can be workarounded by using other OVAL objects, but this would impact in
+         readability and would increase complexity. This solution is in favor of simplicity. -->
+    <ind:variable_test id="test_firewalld_sshd_port_enabled_zone_ssh_enabled_etc"
+         check="all" check_existence="at_least_one_exists" version="1"
+         comment="SSH service is defined in all zones created or modified by the administrator">
+-      <ind:object object_ref="object_firewalld_sshd_port_enabled_zone_files_etc"/>
+-      <ind:state state_ref="state_firewalld_sshd_port_enabled_zone_files_etc"/>
+-    </ind:xmlfilecontent_test>
+        <ind:object
+            object_ref="object_firewalld_sshd_port_enabled_custom_zone_files_with_ssh_count"/>
+        <ind:state state_ref="state_firewalld_sshd_port_enabled_custom_zone_files_count"/>
+    </ind:variable_test>
+
+    <ind:variable_object id="object_firewalld_sshd_port_enabled_custom_zone_files_with_ssh_count"
+        version="1">
+      <ind:var_ref>var_firewalld_sshd_port_enabled_custom_zone_files_with_ssh_count</ind:var_ref>
+    </ind:variable_object>
+
+    <local_variable id="var_firewalld_sshd_port_enabled_custom_zone_files_with_ssh_count"
+        datatype="int" version="1"
+        comment="Variable including number of custom zone files allowing ssh">
+        <count>
+            <object_component item_field="filepath"
+                object_ref="object_firewalld_sshd_port_enabled_zone_files_etc"/>
+        </count>
+    </local_variable>
+ 
+     <ind:xmlfilecontent_object id="object_firewalld_sshd_port_enabled_zone_files_etc" version="1">
+-      <ind:path>/etc/firewalld/zones</ind:path>
+-      <ind:filename operation="pattern match">^.*\.xml$</ind:filename>
+-      <ind:xpath>/zone/service[@name='ssh']</ind:xpath>
+        <ind:path>/etc/firewalld/zones</ind:path>
+        <ind:filename operation="pattern match">^.*\.xml$</ind:filename>
+        <ind:xpath>/zone/service[@name='ssh']</ind:xpath>
+     </ind:xmlfilecontent_object>
+ 
+-    <ind:xmlfilecontent_state id="state_firewalld_sshd_port_enabled_zone_files_etc" version="1">
+-      <ind:xpath>/zone/service[@name='ssh']</ind:xpath>
+-    </ind:xmlfilecontent_state>
+    <ind:variable_state id="state_firewalld_sshd_port_enabled_custom_zone_files_count"
+        version="1">
+        <ind:value datatype="int" operation="equals" var_check="at least one"
+            var_ref="var_firewalld_sshd_port_enabled_custom_zone_files_count"/>
+    </ind:variable_state>
+
+    <local_variable id="var_firewalld_sshd_port_enabled_custom_zone_files_count"
+        datatype="int" version="1"
+        comment="Variable including number of custom zone files present in /etc/firewalld/zones">
+        <count>
+            <object_component item_field="filepath"
+                object_ref="object_firewalld_sshd_port_enabled_custom_zone_files"/>
+        </count>
+    </local_variable>
+
+    <unix:file_object id="object_firewalld_sshd_port_enabled_custom_zone_files" version="1">
+        <unix:behaviors recurse="directories" recurse_direction="down" max_depth="1"
+            recurse_file_system="local"/>
+        <unix:path>/etc/firewalld/zones</unix:path>
+        <unix:filename operation="pattern match">^.*\.xml$</unix:filename>
+    </unix:file_object>
+ 
+     <!-- SSH service is configured as expected -->
+     <!-- The firewalld package brings many services already defined out-of-box, including SSH.
+-- 
+2.39.1
+
--- a/scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch
+++ b/scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch
@ -0,0 +1,122 @@
+From 25216f8eb9caa6e783322158967b689e8bd784e7 Mon Sep 17 00:00:00 2001
+From: Watson Sato <wsato@redhat.com>
+Date: Mon, 13 Feb 2023 17:49:14 +0100
+Subject: [PATCH 4/5] Accept required and requisite control flag for
+ pam_pwhistory
+
+Patch-name: scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch
+Patch-status: Accept required and requisite control flag for pam_pwhistory
+---
+ controls/cis_rhel8.yml                                        | 2 +-
+ controls/cis_rhel9.yml                                        | 2 +-
+ controls/srg_gpos/SRG-OS-000077-GPOS-00045.yml                | 2 +-
+ .../rule.yml                                                  | 4 ++++
+ .../var_password_pam_remember_control_flag.var                | 1 +
+ products/rhel8/profiles/stig.profile                          | 2 +-
+ tests/data/profile_stability/rhel8/stig.profile               | 2 +-
+ tests/data/profile_stability/rhel8/stig_gui.profile           | 2 +-
+ 8 files changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
+index c0406f97b8..efc53d03fd 100644
+--- a/controls/cis_rhel8.yml
+++ b/controls/cis_rhel8.yml
+@@ -2267,7 +2267,7 @@ controls:
+     rules:
+       - accounts_password_pam_pwhistory_remember_password_auth
+       - accounts_password_pam_pwhistory_remember_system_auth
+-      - var_password_pam_remember_control_flag=requisite
+      - var_password_pam_remember_control_flag=requisite_or_required
+       - var_password_pam_remember=5
+ 
+   - id: 5.5.4
+diff --git a/controls/cis_rhel9.yml b/controls/cis_rhel9.yml
+index 7299a39528..30f7e8d182 100644
+--- a/controls/cis_rhel9.yml
+++ b/controls/cis_rhel9.yml
+@@ -2112,7 +2112,7 @@ controls:
+     rules:
+       - accounts_password_pam_pwhistory_remember_password_auth
+       - accounts_password_pam_pwhistory_remember_system_auth
+-      - var_password_pam_remember_control_flag=requisite
+      - var_password_pam_remember_control_flag=requisite_or_required
+       - var_password_pam_remember=5
+ 
+   - id: 5.5.4
+diff --git a/controls/srg_gpos/SRG-OS-000077-GPOS-00045.yml b/controls/srg_gpos/SRG-OS-000077-GPOS-00045.yml
+index 1e8286a4a4..b02b7da419 100644
+--- a/controls/srg_gpos/SRG-OS-000077-GPOS-00045.yml
+++ b/controls/srg_gpos/SRG-OS-000077-GPOS-00045.yml
+@@ -5,7 +5,7 @@ controls:
+         title: {{{ full_name }}} must prohibit password reuse for a minimum of five generations.
+         rules:
+             - var_password_pam_remember=5
+-            - var_password_pam_remember_control_flag=requisite
+            - var_password_pam_remember_control_flag=requisite_or_required
+             - accounts_password_pam_pwhistory_remember_password_auth
+             - accounts_password_pam_pwhistory_remember_system_auth
+         status: automated
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
+index c549de2e96..d2b220ef9f 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
+@@ -129,3 +129,7 @@ warnings:
+        Newer versions of <tt>authselect</tt> contain an authselect feature to easily and properly
+        enable <tt>pam_pwhistory.so</tt> module. If this feature is not yet available in your
+        system, an authselect custom profile must be used to avoid integrity issues in PAM files.
+       If a custom profile was created and used in the system before this authselect feature was
+       available, the new feature can't be used with this custom profile and the
+       remediation will fail. In this case, the custom profile should be recreated or manually
+       updated.
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/var_password_pam_remember_control_flag.var b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/var_password_pam_remember_control_flag.var
+index 8f01007550..1959936c04 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/var_password_pam_remember_control_flag.var
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/var_password_pam_remember_control_flag.var
+@@ -20,4 +20,5 @@ options:
+     "sufficient": "sufficient"
+     "binding": "binding"
+     "ol8": "required,requisite"
+    "requisite_or_required": "requisite,required"
+     default: "requisite"
+diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
+index 8c64868619..a3f7dc9720 100644
+--- a/products/rhel8/profiles/stig.profile
+++ b/products/rhel8/profiles/stig.profile
+@@ -37,7 +37,7 @@ selections:
+     - var_accounts_minimum_age_login_defs=1
+     - var_accounts_max_concurrent_login_sessions=10
+     - var_password_pam_remember=5
+-    - var_password_pam_remember_control_flag=requisite
+    - var_password_pam_remember_control_flag=requisite_or_required
+     - var_selinux_state=enforcing
+     - var_selinux_policy_name=targeted
+     - var_password_pam_unix_rounds=5000
+diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
+index 6970a32b4f..5d694c6ae1 100644
+--- a/tests/data/profile_stability/rhel8/stig.profile
+++ b/tests/data/profile_stability/rhel8/stig.profile
+@@ -433,7 +433,7 @@ selections:
+ - var_accounts_minimum_age_login_defs=1
+ - var_accounts_max_concurrent_login_sessions=10
+ - var_password_pam_remember=5
+-- var_password_pam_remember_control_flag=requisite
+- var_password_pam_remember_control_flag=requisite_or_required
+ - var_selinux_state=enforcing
+ - var_selinux_policy_name=targeted
+ - var_password_pam_unix_rounds=5000
+diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
+index 314f14e4f6..e165525b90 100644
+--- a/tests/data/profile_stability/rhel8/stig_gui.profile
+++ b/tests/data/profile_stability/rhel8/stig_gui.profile
+@@ -441,7 +441,7 @@ selections:
+ - var_accounts_minimum_age_login_defs=1
+ - var_accounts_max_concurrent_login_sessions=10
+ - var_password_pam_remember=5
+-- var_password_pam_remember_control_flag=requisite
+- var_password_pam_remember_control_flag=requisite_or_required
+ - var_selinux_state=enforcing
+ - var_selinux_policy_name=targeted
+ - var_password_pam_unix_rounds=5000
+-- 
+2.39.1
+
--- a/scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch
+++ b/scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch
@ -0,0 +1,147 @@
+From 2bfdf9fa7e8309b079e657460671818e77b9a233 Mon Sep 17 00:00:00 2001
+From: Watson Sato <wsato@redhat.com>
+Date: Mon, 13 Feb 2023 17:49:15 +0100
+Subject: [PATCH 5/5] remove rule logind_session_timeout and associated
+ variable from profiles
+
+Patch-name: scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch
+Patch-status: remove rule logind_session_timeout and associated variable from profiles
+---
+ controls/anssi.yml                                 | 2 --
+ products/rhel8/profiles/cjis.profile               | 2 --
+ products/rhel8/profiles/ospp.profile               | 2 --
+ products/rhel8/profiles/pci-dss.profile            | 2 --
+ products/rhel8/profiles/rht-ccp.profile            | 2 --
+ tests/data/profile_stability/rhel8/ospp.profile    | 2 --
+ tests/data/profile_stability/rhel8/pci-dss.profile | 2 --
+ 7 files changed, 14 deletions(-)
+
+diff --git a/controls/anssi.yml b/controls/anssi.yml
+index 607ce976ef..9e631d1de4 100644
+--- a/controls/anssi.yml
+++ b/controls/anssi.yml
+@@ -676,8 +676,6 @@ controls:
+     - var_accounts_tmout=10_min
+     - sshd_set_idle_timeout
+     - sshd_idle_timeout_value=10_minutes
+-    - logind_session_timeout
+-    - var_logind_session_timeout=10_minutes
+     - sshd_set_keepalive
+ 
+   - id: R30
+diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile
+index 22ae5aac72..30843b692e 100644
+--- a/products/rhel8/profiles/cjis.profile
+++ b/products/rhel8/profiles/cjis.profile
+@@ -104,7 +104,6 @@ selections:
+     - sshd_allow_only_protocol2
+     - sshd_set_idle_timeout
+     - var_sshd_set_keepalive=0
+-    - logind_session_timeout
+     - sshd_set_keepalive_0
+     - disable_host_auth
+     - sshd_disable_root_login
+@@ -120,7 +119,6 @@ selections:
+     - set_firewalld_default_zone
+     - firewalld_sshd_port_enabled
+     - sshd_idle_timeout_value=30_minutes
+-    - var_logind_session_timeout=30_minutes
+     - inactivity_timeout_value=30_minutes
+     - sysctl_net_ipv4_conf_default_accept_source_route
+     - sysctl_net_ipv4_tcp_syncookies
+diff --git a/products/rhel8/profiles/ospp.profile b/products/rhel8/profiles/ospp.profile
+index 0fe17b2085..fb46ab4c0c 100644
+--- a/products/rhel8/profiles/ospp.profile
+++ b/products/rhel8/profiles/ospp.profile
+@@ -300,8 +300,6 @@ selections:
+     ## We deliberately set sshd timeout to 1 minute before tmux lock timeout
+     - sshd_idle_timeout_value=14_minutes
+     - sshd_set_idle_timeout
+-    - logind_session_timeout
+-    - var_logind_session_timeout=14_minutes
+ 
+     ## Disable Unauthenticated Login (such as Guest Accounts)
+     ## FIA_UAU.1
+diff --git a/products/rhel8/profiles/pci-dss.profile b/products/rhel8/profiles/pci-dss.profile
+index c63c5f4a07..c0c9b12773 100644
+--- a/products/rhel8/profiles/pci-dss.profile
+++ b/products/rhel8/profiles/pci-dss.profile
+@@ -17,7 +17,6 @@ selections:
+     - var_accounts_passwords_pam_faillock_deny=6
+     - var_accounts_passwords_pam_faillock_unlock_time=1800
+     - sshd_idle_timeout_value=15_minutes
+-    - var_logind_session_timeout=15_minutes
+     - var_password_pam_minlen=7
+     - var_password_pam_minclass=2
+     - var_accounts_maximum_age_login_defs=90
+@@ -110,7 +109,6 @@ selections:
+     - dconf_gnome_screensaver_lock_enabled
+     - dconf_gnome_screensaver_mode_blank
+     - sshd_set_idle_timeout
+-    - logind_session_timeout
+     - var_sshd_set_keepalive=0
+     - sshd_set_keepalive_0
+     - accounts_password_pam_minlen
+diff --git a/products/rhel8/profiles/rht-ccp.profile b/products/rhel8/profiles/rht-ccp.profile
+index 6856951bff..01133a9bde 100644
+--- a/products/rhel8/profiles/rht-ccp.profile
+++ b/products/rhel8/profiles/rht-ccp.profile
+@@ -12,7 +12,6 @@ selections:
+     - var_selinux_state=enforcing
+     - var_selinux_policy_name=targeted
+     - sshd_idle_timeout_value=5_minutes
+-    - var_logind_session_timeout=5_minutes
+     - var_accounts_minimum_age_login_defs=7
+     - var_accounts_passwords_pam_faillock_deny=5
+     - var_accounts_password_warn_age_login_defs=7
+@@ -89,7 +88,6 @@ selections:
+     - package_telnet_removed
+     - sshd_allow_only_protocol2
+     - sshd_set_idle_timeout
+-    - logind_session_timeout
+     - var_sshd_set_keepalive=0
+     - sshd_set_keepalive_0
+     - disable_host_auth
+diff --git a/tests/data/profile_stability/rhel8/ospp.profile b/tests/data/profile_stability/rhel8/ospp.profile
+index a31f3245d8..267b66a4f8 100644
+--- a/tests/data/profile_stability/rhel8/ospp.profile
+++ b/tests/data/profile_stability/rhel8/ospp.profile
+@@ -104,7 +104,6 @@ selections:
+ - kernel_module_firewire-core_disabled
+ - kernel_module_sctp_disabled
+ - kernel_module_tipc_disabled
+-- logind_session_timeout
+ - mount_option_boot_nodev
+ - mount_option_boot_nosuid
+ - mount_option_dev_shm_nodev
+@@ -254,7 +253,6 @@ selections:
+ - var_password_pam_ucredit=1
+ - var_password_pam_lcredit=1
+ - sshd_idle_timeout_value=14_minutes
+-- var_logind_session_timeout=14_minutes
+ - var_accounts_passwords_pam_faillock_deny=3
+ - var_accounts_passwords_pam_faillock_fail_interval=900
+ - var_accounts_passwords_pam_faillock_unlock_time=never
+diff --git a/tests/data/profile_stability/rhel8/pci-dss.profile b/tests/data/profile_stability/rhel8/pci-dss.profile
+index 5c77ea6a85..902d0084fc 100644
+--- a/tests/data/profile_stability/rhel8/pci-dss.profile
+++ b/tests/data/profile_stability/rhel8/pci-dss.profile
+@@ -109,7 +109,6 @@ selections:
+ - gid_passwd_group_same
+ - grub2_audit_argument
+ - install_hids
+-- logind_session_timeout
+ - no_empty_passwords
+ - package_aide_installed
+ - package_audispd-plugins_installed
+@@ -137,7 +136,6 @@ selections:
+ - var_accounts_passwords_pam_faillock_deny=6
+ - var_accounts_passwords_pam_faillock_unlock_time=1800
+ - sshd_idle_timeout_value=15_minutes
+-- var_logind_session_timeout=15_minutes
+ - var_password_pam_minlen=7
+ - var_password_pam_minclass=2
+ - var_accounts_maximum_age_login_defs=90
+-- 
+2.39.1
+
--- a/scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch
+++ b/scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch
--- a/scap-security-guide-0.1.67-rsyslog_files_rules_remediations-PR_9789.patch
+++ b/scap-security-guide-0.1.67-rsyslog_files_rules_remediations-PR_9789.patch
--- a/scap-security-guide.spec
+++ b/scap-security-guide.spec
@ -11,6 +11,16 @@ Summary:	Security guidance and baselines in SCAP formats
 License:	BSD-3-Clause
 URL:		https://github.com/ComplianceAsCode/content/
 Source0:	https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2
+# Rsyslog files rules remediations
+Patch1:	 scap-security-guide-0.1.67-rsyslog_files_rules_remediations-PR_9789.patch
+# Extends rsyslog_logfiles_attributes_modify template for permissions
+Patch2:	 scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch
+# Change custom zones check in firewalld_sshd_port_enabled
+Patch3:	 scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch
+# Accept required and requisite control flag for pam_pwhistory
+Patch4:	 scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch
+# remove rule logind_session_timeout and associated variable from profiles
+Patch5:	 scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch
 BuildArch:	noarch

 BuildRequires:	libxslt
@ -101,6 +111,10 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
 * Mon Feb 13 2023 Watson Sato <wsato@redhat.com> - 0.1.66-1
 - Rebase to a new upstream release 0.1.66 (RHBZ#2169443)
 - Fix remediation of audit watch rules (RHBZ#2169441)
+- Fix check firewalld_sshd_port_enabled (RHBZ#2169443)
+- Fix accepted control flags for pam_pwhistory (RHBZ#2169443)
+- Unselect rule logind_session_timeout (RHBZ#2169443)
+- Add support rainer scripts in rsyslog rules (RHBZ#2169445)

 * Thu Aug 25 2022 Gabriel Becker <ggasparb@redhat.com> - 0.1.63-5
 - OSPP: fix rule related to coredump (RHBZ#2081688)