Commit Graph

57 Commits

Author SHA1 Message Date
Matthew Burket
cbf0b04050
Update to scap-security-guide 0.1.74
Resolves: RHEL-53865
Resolves: RHEL-39383
Resolves: RHEL-47129
Resolves: RHEL-38531
Resolves: RHEL-23852
Resolves: RHEL-44983
2024-08-13 11:26:52 -05:00
Milan Lysonek
dcfdb6fd68 Switch gating to tmt
Resolves: RHEL-43243
2024-08-07 10:18:44 +02:00
Vojtech Polasek
c733f9d076 Rebase to new upstream version 0.1.73
Resolves: RHEL-36663
Resolves: RHEL-31976
Resolves: RHEL-30735
Resolves: RHEL-29684
Resolves: RHEL-29308
Resolves: RHEL-10416
Resolves: RHEL-1093
2024-05-21 11:17:56 +02:00
Marcus Burghardt
c171f5d9dd Rebase to new upstream version 0.1.72
Resolves: RHEL-21425
Resolves: RHEL-14484
Resolves: RHEL-1484
Resolves: RHEL-17417
Resolves: RHEL-1489
Resolves: RHEL-16801
Resolves: RHEL-17418
2024-02-13 13:11:57 +01:00
Jan Černý
047fb57760 Align STIG profile with official DISA STIG for RHEL 9
Resolves: RHEL-1807
2023-12-06 10:38:09 +01:00
Jan Černý
70a32329b3 Update STIG and ANSSI for RHEL 9.3
- Remove OpenSSH crypto policy hardening rules from STIG profile
- Fix ANSSI High profile with secure boot

Resolves: rhbz#2221697
2023-08-17 13:38:26 +02:00
Jan Černý
611c1d3d69 Rebase to new upstream version 0.1.69
Resolves: rhbz#2221697
Resolves: rhbz#2209657
Resolves: rhbz#2211511
Resolves: rhbz#2172555
Resolves: rhbz#2223178
Resolves: rhbz#2155790
Resolves: rhbz#2193169
Resolves: rhbz#2203791
Resolves: rhbz#2213958
Resolves: rhbz#2060028
2023-08-10 10:43:42 +02:00
Watson Sato
5e6a5eeb83 Add rsyslog rainer support and rebase fixes
Resolves: rhbz#2169443
Resolves: rhbz#2169441
Resolves: rhbz#2169445
2023-02-13 17:52:36 +01:00
Watson Sato
b734798dc6 Rebase to a new upstream version 0.1.66
Resolves: rhbz#2169443
Resolves: rhbz#2169441
2023-02-13 17:45:04 +01:00
Gabriel Becker
fabf824399 OSPP: fix rule related to coredump.
Resolves: RHBZ#2081688
2022-08-25 17:28:44 +02:00
Vojtech Polasek
3453b75d6f use sysctl_kernel_core_pattern instead of sysctl_kernel_core_pattern_empty_strin in RHEL9 OSPP
Resolves: rhbz#2081688
2022-08-23 17:10:35 +02:00
Matej Tyc
037ebbc98f Readd rules to the benchmark
to be compatible across all minor versions of RHEL9

Resolves: rhbz#2117669
2022-08-11 17:19:26 +02:00
Vojtech Polasek
34b3a0af53 apply updates related to RHEL9 OSPP profile
Resolves: rhbz#1998583
Resolves: rhbz#2081688
Resolves: rhbz#2081728
Resolves: rhbz#2092799
Resolves: rhbz#2108569
Resolves: rhbz#2114979
2022-08-10 14:39:57 +02:00
Vojtech Polasek
14378e5ed6 rebase to upstream version 0.1.63
Resolves: rhbz#2070563
    Resolves: rhbz#2108158
    Resolves: rhbz#2108167
    Resolves: rhbz#2108173
    Resolves: rhbz#2108224
    Resolves: rhbz#2108226
    Resolves: rhbz#2109984
    Resolves: rhbz#2109992
    Resolves: rhbz#2109994
    Resolves: rhbz#2110347
    Resolves: rhbz#2110350
2022-08-01 11:25:54 +02:00
Vojtech Polasek
17023b428c make rule stricter when checking for fips crypto-policies
Resolves: rhbz#2057082
2022-07-18 15:27:25 +02:00
Vojtech Polasek
5d949040cc remove rules related to NIS services
Resolves: rhbz#2096602
2022-07-18 15:27:25 +02:00
Vojtech Polasek
7856efa997 remove sshd_enable_strictmodes from ospp
Resolves: rhbz#2105278
2022-07-18 15:27:25 +02:00
Vojtech Polasek
e5303b05ff remove rules related to remote logging from RHEL9 OSPP
Resolves: rhbz#2105016
2022-07-18 15:27:25 +02:00
Vojtech Polasek
38ee77d936 remove rule accounts_password_minlen_login_defs from all profiles
Resolves: rhbz#2073040
2022-07-18 15:27:25 +02:00
Vojtech Polasek
11b3fb7bd6 add rules to check that systemd.debug-shell argument is absent from boot command line
Resolves: rhbz#2092840
2022-07-18 15:27:25 +02:00
Vojtech Polasek
2838eb99d0 add new rule to check only for grub2 recovery disabled to RHEL9 OSPP
Resolves: rhbz#2092809
2022-07-18 15:27:25 +02:00
Vojtech Polasek
71a4d79910 remove network-related sysctl rules from rhel9 ospp
Resolves:rhbz#2081708
2022-07-18 15:27:25 +02:00
Vojtech Polasek
3c0a847089 make sysctl_user_max_user_namespaces enforcing in RHEL9 OSPP
Resolves: rhbz#2083716
2022-07-18 15:27:25 +02:00
Vojtech Polasek
ac5b9ee8a7 drop zipl_vsyscall_argument from OSPP profiles
Resolves: rhbz#2060049
2022-07-18 15:27:25 +02:00
Vojtech Polasek
b76ea12151 make audit_access_success unenforcing for rhel9 ospp
Resolves: rhbz#2058154
2022-07-18 15:27:04 +02:00
Vojtech Polasek
e82ed5a624 remove sysctl_fs_protected_* rules from rhel9 ospp
Resolves: rhbz#2081719
2022-07-18 10:29:51 +02:00
Matej Tyc
2ffa1e068f Rebase to 0.1.62
Resolves: rhbz#2070563
2022-06-01 11:36:32 +02:00
Gabriel Becker
71131794a9 Update rule enable_fips_mode to check only for technical state.
Resolves: rhbz#2057457
2022-02-23 14:49:52 +01:00
Gabriel Becker
517528cda1 Fix issue with getting STIG items in create_scap_delta_tailoring.py.
Resolves: rhbz#2014561
2022-02-23 14:49:49 +01:00
Gabriel Becker
3afe98eab5 Remove tmux process runinng check in configure_bashrc_exec_tmux.
Resolves: rhbz#2056847
2022-02-23 14:49:09 +01:00
Watson Sato
1dd162f258 Add page_aloc.shuffle rules for OSPP profile
Resolves: rhbz#2055118
2022-02-16 16:42:13 +01:00
Watson Sato
fb47aa3e38 Update description of OSPP profile
Resolves: rhbz#2045386
2022-02-16 12:39:50 +01:00
Watson Sato
5145dcab43 Fix fatal errors on Anible service disabled tasks
Resolves: rhbz#2014561
2022-02-15 19:10:19 +01:00
Gabriel Becker
cd3b90bce2 Updates to RHEL-9.0.0 content
Update sudoers rules in RHEL8 STIG V1R5
Add missing SRG references in RHEL8 STIG V1R5 rules
Update chronyd_or_ntpd_set_maxpoll to disregard server and poll directives
Fix GRUB2 rule template to configure the module correctly on RHEL8
Update GRUB2 rule descriptions
Make package_rear_installed not applicable on AARCH64

Resolves: rhbz#2045403
Resolves: rhbz#2014561
Resolves: rhbz#2020623
2022-02-14 19:24:32 +01:00
Watson Sato
9887c6a84e Update OSPP Profile
Resolves: rhbz#2016038
Resolves: rhbz#2043036
Resolves: rhbz#2020670
Resolves: rhbz#2046289
2022-02-11 22:37:28 +01:00
Watson Sato
a44269807e Rebase to the 0.1.60 upstream version
Resolves: rhbz#2014561
2022-01-27 17:21:52 +01:00
Gabriel Becker
21b368fa76 Enable Centos Stream 9 content
Resolves: rhbz#2021284
2021-12-15 14:31:02 +01:00
Gabriel Becker
24b45263d8 Rebase to the 0.1.59 upstream version
Resolves: rhbz#2014561
2021-12-15 14:29:01 +01:00
Matej Tyc
8449267905 Rebase to the 0.1.58 upstream version
Resolves: rhbz#2014561
2021-11-08 11:14:49 +01:00
Matej Tyc
30760905b3 Fix remediations applicability of zipl rules
Resolves: rhbz#1996847
2021-08-25 14:24:09 +02:00
Matej Tyc
bd64402d52 Fix a broken HTTP link, add CIS profile based on RHEL8 CIS, fix its Crypto Policy usage
Resolves: rhbz#1962564
2021-08-24 17:14:29 +02:00
Matej Tyc
c9032c1d61 Deliver numerous RHEL9 fixes to rules
Deliver ISM kickstarts

Resolves: rhbz#1987227
Resolves: rhbz#1987226
Resolves: rhbz#1987231
Resolves: rhbz#1988289
Resolves: rhbz#1978290
2021-08-20 09:41:48 +02:00
Matej Tyc
cae8e44f84 Use SSHD directory configuration
Resolves: rhbz#1962564
2021-08-19 16:40:55 +02:00
Mohan Boddu
1f83058625 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-10 00:47:35 +00:00
Matej Tyc
dac4498bd5 Rebase to a new upstream release
Resolves: rhbz#1962564
2021-07-29 18:03:43 +02:00
Matus Marhefka
d304e27197 Add kickstarts in %files section
Kickstarts are already available in the upstream
and we need them in `%files` section in order to
create a test build from upstream.

Resolves: rhbz#1962564
2021-07-19 09:30:39 +02:00
Matej Tyc
ffdbed0b4e Fix earlier omissions
Fix cmake options listing - all options have to have trailing backslashes except the last one.
Port a PR that implements support for per-rule playbooks.

Resolves: rhbz#1962564
2021-07-09 12:19:13 +02:00
Matej Tyc
a300600b35 >Port 8.5 changes to the package to RHEL9
Also deal with missing CCE issues.

Resolves: rhbz#1962564
2021-07-09 11:23:22 +02:00
Matej Tyc
5f5226d27a Ported more rules and profiles to RHEL9
Resolves: rhbz#1962564
2021-07-02 10:47:13 +02:00
Jan Černý
449d853fce First release of SSG for RHEL9
- rebase the package to the latest upstream release (0.1.56)
- remove README.md and Contributors.md
- remove SCAP component files
- remove SCAP 1.2 source data streams
- remove HTML guides for the virtual “(default)” profile
- remove profile Bash remediation scripts
- build only RHEL9 content
- remove other products
- use autosetup in %prep phase

Resolves: rhbz#1962564
2021-06-03 10:58:04 +02:00