c733f9d076
Rebase to new upstream version 0.1.73
...
Resolves: RHEL-36663
Resolves: RHEL-31976
Resolves: RHEL-30735
Resolves: RHEL-29684
Resolves: RHEL-29308
Resolves: RHEL-10416
Resolves: RHEL-1093
2024-05-21 11:17:56 +02:00
c171f5d9dd
Rebase to new upstream version 0.1.72
...
Resolves: RHEL-21425
Resolves: RHEL-14484
Resolves: RHEL-1484
Resolves: RHEL-17417
Resolves: RHEL-1489
Resolves: RHEL-16801
Resolves: RHEL-17418
2024-02-13 13:11:57 +01:00
047fb57760
Align STIG profile with official DISA STIG for RHEL 9
...
Resolves: RHEL-1807
2023-12-06 10:38:09 +01:00
70a32329b3
Update STIG and ANSSI for RHEL 9.3
...
- Remove OpenSSH crypto policy hardening rules from STIG profile
- Fix ANSSI High profile with secure boot
Resolves: rhbz#2221697
2023-08-17 13:38:26 +02:00
611c1d3d69
Rebase to new upstream version 0.1.69
...
Resolves: rhbz#2221697
Resolves: rhbz#2209657
Resolves: rhbz#2211511
Resolves: rhbz#2172555
Resolves: rhbz#2223178
Resolves: rhbz#2155790
Resolves: rhbz#2193169
Resolves: rhbz#2203791
Resolves: rhbz#2213958
Resolves: rhbz#2060028
2023-08-10 10:43:42 +02:00
5e6a5eeb83
Add rsyslog rainer support and rebase fixes
...
Resolves: rhbz#2169443
Resolves: rhbz#2169441
Resolves: rhbz#2169445
2023-02-13 17:52:36 +01:00
b734798dc6
Rebase to a new upstream version 0.1.66
...
Resolves: rhbz#2169443
Resolves: rhbz#2169441
2023-02-13 17:45:04 +01:00
fabf824399
OSPP: fix rule related to coredump.
...
Resolves: RHBZ#2081688
2022-08-25 17:28:44 +02:00
3453b75d6f
use sysctl_kernel_core_pattern instead of sysctl_kernel_core_pattern_empty_strin in RHEL9 OSPP
...
Resolves: rhbz#2081688
2022-08-23 17:10:35 +02:00
037ebbc98f
Readd rules to the benchmark
...
to be compatible across all minor versions of RHEL9
Resolves: rhbz#2117669
2022-08-11 17:19:26 +02:00
34b3a0af53
apply updates related to RHEL9 OSPP profile
...
Resolves: rhbz#1998583
Resolves: rhbz#2081688
Resolves: rhbz#2081728
Resolves: rhbz#2092799
Resolves: rhbz#2108569
Resolves: rhbz#2114979
2022-08-10 14:39:57 +02:00
14378e5ed6
rebase to upstream version 0.1.63
...
Resolves: rhbz#2070563
Resolves: rhbz#2108158
Resolves: rhbz#2108167
Resolves: rhbz#2108173
Resolves: rhbz#2108224
Resolves: rhbz#2108226
Resolves: rhbz#2109984
Resolves: rhbz#2109992
Resolves: rhbz#2109994
Resolves: rhbz#2110347
Resolves: rhbz#2110350
2022-08-01 11:25:54 +02:00
17023b428c
make rule stricter when checking for fips crypto-policies
...
Resolves: rhbz#2057082
2022-07-18 15:27:25 +02:00
5d949040cc
remove rules related to NIS services
...
Resolves: rhbz#2096602
2022-07-18 15:27:25 +02:00
7856efa997
remove sshd_enable_strictmodes from ospp
...
Resolves: rhbz#2105278
2022-07-18 15:27:25 +02:00
e5303b05ff
remove rules related to remote logging from RHEL9 OSPP
...
Resolves: rhbz#2105016
2022-07-18 15:27:25 +02:00
38ee77d936
remove rule accounts_password_minlen_login_defs from all profiles
...
Resolves: rhbz#2073040
2022-07-18 15:27:25 +02:00
11b3fb7bd6
add rules to check that systemd.debug-shell argument is absent from boot command line
...
Resolves: rhbz#2092840
2022-07-18 15:27:25 +02:00
2838eb99d0
add new rule to check only for grub2 recovery disabled to RHEL9 OSPP
...
Resolves: rhbz#2092809
2022-07-18 15:27:25 +02:00
71a4d79910
remove network-related sysctl rules from rhel9 ospp
...
Resolves:rhbz#2081708
2022-07-18 15:27:25 +02:00
3c0a847089
make sysctl_user_max_user_namespaces enforcing in RHEL9 OSPP
...
Resolves: rhbz#2083716
2022-07-18 15:27:25 +02:00
ac5b9ee8a7
drop zipl_vsyscall_argument from OSPP profiles
...
Resolves: rhbz#2060049
2022-07-18 15:27:25 +02:00
b76ea12151
make audit_access_success unenforcing for rhel9 ospp
...
Resolves: rhbz#2058154
2022-07-18 15:27:04 +02:00
e82ed5a624
remove sysctl_fs_protected_* rules from rhel9 ospp
...
Resolves: rhbz#2081719
2022-07-18 10:29:51 +02:00
2ffa1e068f
Rebase to 0.1.62
...
Resolves: rhbz#2070563
2022-06-01 11:36:32 +02:00
71131794a9
Update rule enable_fips_mode to check only for technical state.
...
Resolves: rhbz#2057457
2022-02-23 14:49:52 +01:00
517528cda1
Fix issue with getting STIG items in create_scap_delta_tailoring.py.
...
Resolves: rhbz#2014561
2022-02-23 14:49:49 +01:00
3afe98eab5
Remove tmux process runinng check in configure_bashrc_exec_tmux.
...
Resolves: rhbz#2056847
2022-02-23 14:49:09 +01:00
1dd162f258
Add page_aloc.shuffle rules for OSPP profile
...
Resolves: rhbz#2055118
2022-02-16 16:42:13 +01:00
fb47aa3e38
Update description of OSPP profile
...
Resolves: rhbz#2045386
2022-02-16 12:39:50 +01:00
5145dcab43
Fix fatal errors on Anible service disabled tasks
...
Resolves: rhbz#2014561
2022-02-15 19:10:19 +01:00
cd3b90bce2
Updates to RHEL-9.0.0 content
...
Update sudoers rules in RHEL8 STIG V1R5
Add missing SRG references in RHEL8 STIG V1R5 rules
Update chronyd_or_ntpd_set_maxpoll to disregard server and poll directives
Fix GRUB2 rule template to configure the module correctly on RHEL8
Update GRUB2 rule descriptions
Make package_rear_installed not applicable on AARCH64
Resolves: rhbz#2045403
Resolves: rhbz#2014561
Resolves: rhbz#2020623
2022-02-14 19:24:32 +01:00
9887c6a84e
Update OSPP Profile
...
Resolves: rhbz#2016038
Resolves: rhbz#2043036
Resolves: rhbz#2020670
Resolves: rhbz#2046289
2022-02-11 22:37:28 +01:00
a44269807e
Rebase to the 0.1.60 upstream version
...
Resolves: rhbz#2014561
2022-01-27 17:21:52 +01:00
21b368fa76
Enable Centos Stream 9 content
...
Resolves: rhbz#2021284
2021-12-15 14:31:02 +01:00
24b45263d8
Rebase to the 0.1.59 upstream version
...
Resolves: rhbz#2014561
2021-12-15 14:29:01 +01:00
8449267905
Rebase to the 0.1.58 upstream version
...
Resolves: rhbz#2014561
2021-11-08 11:14:49 +01:00
30760905b3
Fix remediations applicability of zipl rules
...
Resolves: rhbz#1996847
2021-08-25 14:24:09 +02:00
bd64402d52
Fix a broken HTTP link, add CIS profile based on RHEL8 CIS, fix its Crypto Policy usage
...
Resolves: rhbz#1962564
2021-08-24 17:14:29 +02:00
c9032c1d61
Deliver numerous RHEL9 fixes to rules
...
Deliver ISM kickstarts
Resolves: rhbz#1987227
Resolves: rhbz#1987226
Resolves: rhbz#1987231
Resolves: rhbz#1988289
Resolves: rhbz#1978290
2021-08-20 09:41:48 +02:00
cae8e44f84
Use SSHD directory configuration
...
Resolves: rhbz#1962564
2021-08-19 16:40:55 +02:00
1f83058625
Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
...
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-10 00:47:35 +00:00
dac4498bd5
Rebase to a new upstream release
...
Resolves: rhbz#1962564
2021-07-29 18:03:43 +02:00
dfed54b246
Remove gating.yml (proper file needs to be named gating.yaml)
...
Resolves: rhbz#1962564
2021-07-19 09:37:43 +02:00
d304e27197
Add kickstarts in %files section
...
Kickstarts are already available in the upstream
and we need them in `%files` section in order to
create a test build from upstream.
Resolves: rhbz#1962564
2021-07-19 09:30:39 +02:00
ffdbed0b4e
Fix earlier omissions
...
Fix cmake options listing - all options have to have trailing backslashes except the last one.
Port a PR that implements support for per-rule playbooks.
Resolves: rhbz#1962564
2021-07-09 12:19:13 +02:00
a300600b35
>Port 8.5 changes to the package to RHEL9
...
Also deal with missing CCE issues.
Resolves: rhbz#1962564
2021-07-09 11:23:22 +02:00
5f5226d27a
Ported more rules and profiles to RHEL9
...
Resolves: rhbz#1962564
2021-07-02 10:47:13 +02:00
449d853fce
First release of SSG for RHEL9
...
- rebase the package to the latest upstream release (0.1.56)
- remove README.md and Contributors.md
- remove SCAP component files
- remove SCAP 1.2 source data streams
- remove HTML guides for the virtual “(default)” profile
- remove profile Bash remediation scripts
- build only RHEL9 content
- remove other products
- use autosetup in %prep phase
Resolves: rhbz#1962564
2021-06-03 10:58:04 +02:00
6ea5d216b0
gating.yaml: update for RHEL9
2021-05-17 10:33:37 +02:00
Vojtech Polasek
Marcus Burghardt
Jan Černý
Watson Sato
Gabriel Becker
Matej Tyc
Mohan Boddu
Matus Marhefka