rpms
/
scap-security-guide
7
0
Fork 0
Code Issues Pull Requests Releases Activity
53 Commits 11 Branches 82 Tags 6.7 MiB
Commit Graph

53 Commits

Author SHA1 Message Date
Watson Sato 5e6a5eeb83 Add rsyslog rainer support and rebase fixes 
Resolves: rhbz#2169443
Resolves: rhbz#2169441
Resolves: rhbz#2169445
 2023-02-13 17:52:36 +01:00
Watson Sato b734798dc6 Rebase to a new upstream version 0.1.66 
Resolves: rhbz#2169443
Resolves: rhbz#2169441
 2023-02-13 17:45:04 +01:00
Gabriel Becker fabf824399 OSPP: fix rule related to coredump. 
Resolves: RHBZ#2081688
 2022-08-25 17:28:44 +02:00
Vojtech Polasek 3453b75d6f use sysctl_kernel_core_pattern instead of sysctl_kernel_core_pattern_empty_strin in RHEL9 OSPP 
Resolves: rhbz#2081688
 2022-08-23 17:10:35 +02:00
Matej Tyc 037ebbc98f Readd rules to the benchmark 
to be compatible across all minor versions of RHEL9

Resolves: rhbz#2117669
 2022-08-11 17:19:26 +02:00
Vojtech Polasek 34b3a0af53 apply updates related to RHEL9 OSPP profile 
Resolves: rhbz#1998583
Resolves: rhbz#2081688
Resolves: rhbz#2081728
Resolves: rhbz#2092799
Resolves: rhbz#2108569
Resolves: rhbz#2114979
 2022-08-10 14:39:57 +02:00
Vojtech Polasek 14378e5ed6 rebase to upstream version 0.1.63 
Resolves: rhbz#2070563
    Resolves: rhbz#2108158
    Resolves: rhbz#2108167
    Resolves: rhbz#2108173
    Resolves: rhbz#2108224
    Resolves: rhbz#2108226
    Resolves: rhbz#2109984
    Resolves: rhbz#2109992
    Resolves: rhbz#2109994
    Resolves: rhbz#2110347
    Resolves: rhbz#2110350
 2022-08-01 11:25:54 +02:00
Vojtech Polasek 17023b428c make rule stricter when checking for fips crypto-policies 
Resolves: rhbz#2057082
 2022-07-18 15:27:25 +02:00
Vojtech Polasek 5d949040cc remove rules related to NIS services 
Resolves: rhbz#2096602
 2022-07-18 15:27:25 +02:00
Vojtech Polasek 7856efa997 remove sshd_enable_strictmodes from ospp 
Resolves: rhbz#2105278
 2022-07-18 15:27:25 +02:00
Vojtech Polasek e5303b05ff remove rules related to remote logging from RHEL9 OSPP 
Resolves: rhbz#2105016
 2022-07-18 15:27:25 +02:00
Vojtech Polasek 38ee77d936 remove rule accounts_password_minlen_login_defs from all profiles 
Resolves: rhbz#2073040
 2022-07-18 15:27:25 +02:00
Vojtech Polasek 11b3fb7bd6 add rules to check that systemd.debug-shell argument is absent from boot command line 
Resolves: rhbz#2092840
 2022-07-18 15:27:25 +02:00
Vojtech Polasek 2838eb99d0 add new rule to check only for grub2 recovery disabled to RHEL9 OSPP 
Resolves: rhbz#2092809
 2022-07-18 15:27:25 +02:00
Vojtech Polasek 71a4d79910 remove network-related sysctl rules from rhel9 ospp 
Resolves:rhbz#2081708
 2022-07-18 15:27:25 +02:00
Vojtech Polasek 3c0a847089 make sysctl_user_max_user_namespaces enforcing in RHEL9 OSPP 
Resolves: rhbz#2083716
 2022-07-18 15:27:25 +02:00
Vojtech Polasek ac5b9ee8a7 drop zipl_vsyscall_argument from OSPP profiles 
Resolves: rhbz#2060049
 2022-07-18 15:27:25 +02:00
Vojtech Polasek b76ea12151 make audit_access_success unenforcing for rhel9 ospp 
Resolves: rhbz#2058154
 2022-07-18 15:27:04 +02:00
Vojtech Polasek e82ed5a624 remove sysctl_fs_protected_* rules from rhel9 ospp 
Resolves: rhbz#2081719
 2022-07-18 10:29:51 +02:00
Matej Tyc 2ffa1e068f Rebase to 0.1.62 
Resolves: rhbz#2070563
 2022-06-01 11:36:32 +02:00
Gabriel Becker 71131794a9 Update rule enable_fips_mode to check only for technical state. 
Resolves: rhbz#2057457
 2022-02-23 14:49:52 +01:00
Gabriel Becker 517528cda1 Fix issue with getting STIG items in create_scap_delta_tailoring.py. 
Resolves: rhbz#2014561
 2022-02-23 14:49:49 +01:00
Gabriel Becker 3afe98eab5 Remove tmux process runinng check in configure_bashrc_exec_tmux. 
Resolves: rhbz#2056847
 2022-02-23 14:49:09 +01:00
Watson Sato 1dd162f258 Add page_aloc.shuffle rules for OSPP profile 
Resolves: rhbz#2055118
 2022-02-16 16:42:13 +01:00
Watson Sato fb47aa3e38 Update description of OSPP profile 
Resolves: rhbz#2045386
 2022-02-16 12:39:50 +01:00
Watson Sato 5145dcab43 Fix fatal errors on Anible service disabled tasks 
Resolves: rhbz#2014561
 2022-02-15 19:10:19 +01:00
Gabriel Becker cd3b90bce2 Updates to RHEL-9.0.0 content 
Update sudoers rules in RHEL8 STIG V1R5
Add missing SRG references in RHEL8 STIG V1R5 rules
Update chronyd_or_ntpd_set_maxpoll to disregard server and poll directives
Fix GRUB2 rule template to configure the module correctly on RHEL8
Update GRUB2 rule descriptions
Make package_rear_installed not applicable on AARCH64

Resolves: rhbz#2045403
Resolves: rhbz#2014561
Resolves: rhbz#2020623
 2022-02-14 19:24:32 +01:00
Watson Sato 9887c6a84e Update OSPP Profile 
Resolves: rhbz#2016038
Resolves: rhbz#2043036
Resolves: rhbz#2020670
Resolves: rhbz#2046289
 2022-02-11 22:37:28 +01:00
Watson Sato a44269807e Rebase to the 0.1.60 upstream version 
Resolves: rhbz#2014561
 2022-01-27 17:21:52 +01:00
Gabriel Becker 21b368fa76 Enable Centos Stream 9 content 
Resolves: rhbz#2021284
 2021-12-15 14:31:02 +01:00
Gabriel Becker 24b45263d8 Rebase to the 0.1.59 upstream version 
Resolves: rhbz#2014561
 2021-12-15 14:29:01 +01:00
Matej Tyc 8449267905 Rebase to the 0.1.58 upstream version 
Resolves: rhbz#2014561
 2021-11-08 11:14:49 +01:00
Matej Tyc 30760905b3 Fix remediations applicability of zipl rules 
Resolves: rhbz#1996847
 2021-08-25 14:24:09 +02:00
Matej Tyc bd64402d52 Fix a broken HTTP link, add CIS profile based on RHEL8 CIS, fix its Crypto Policy usage 
Resolves: rhbz#1962564
 2021-08-24 17:14:29 +02:00
Matej Tyc c9032c1d61 Deliver numerous RHEL9 fixes to rules 
Deliver ISM kickstarts

Resolves: rhbz#1987227
Resolves: rhbz#1987226
Resolves: rhbz#1987231
Resolves: rhbz#1988289
Resolves: rhbz#1978290
 2021-08-20 09:41:48 +02:00
Matej Tyc cae8e44f84 Use SSHD directory configuration 
Resolves: rhbz#1962564
 2021-08-19 16:40:55 +02:00
Mohan Boddu 1f83058625 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags 
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-08-10 00:47:35 +00:00
Matej Tyc dac4498bd5 Rebase to a new upstream release 
Resolves: rhbz#1962564
 2021-07-29 18:03:43 +02:00
Matus Marhefka dfed54b246 Remove gating.yml (proper file needs to be named gating.yaml) 
Resolves: rhbz#1962564
 2021-07-19 09:37:43 +02:00
Matus Marhefka d304e27197 Add kickstarts in %files section 
Kickstarts are already available in the upstream
and we need them in `%files` section in order to
create a test build from upstream.

Resolves: rhbz#1962564
 2021-07-19 09:30:39 +02:00
Matej Tyc ffdbed0b4e Fix earlier omissions 
Fix cmake options listing - all options have to have trailing backslashes except the last one.
Port a PR that implements support for per-rule playbooks.

Resolves: rhbz#1962564
 2021-07-09 12:19:13 +02:00
Matej Tyc a300600b35 >Port 8.5 changes to the package to RHEL9 
Also deal with missing CCE issues.

Resolves: rhbz#1962564
 2021-07-09 11:23:22 +02:00
Matej Tyc 5f5226d27a Ported more rules and profiles to RHEL9 
Resolves: rhbz#1962564
 2021-07-02 10:47:13 +02:00
Jan Černý 449d853fce First release of SSG for RHEL9 
- rebase the package to the latest upstream release (0.1.56)
- remove README.md and Contributors.md
- remove SCAP component files
- remove SCAP 1.2 source data streams
- remove HTML guides for the virtual “(default)” profile
- remove profile Bash remediation scripts
- build only RHEL9 content
- remove other products
- use autosetup in %prep phase

Resolves: rhbz#1962564
 2021-06-03 10:58:04 +02:00
Matus Marhefka 6ea5d216b0 gating.yaml: update for RHEL9 2021-05-17 10:33:37 +02:00
Mohan Boddu c48b2c6da0 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-04-16 05:33:22 +00:00
DistroBaker d6d729cb9f Merged update from upstream sources 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/scap-security-guide.git#21f968f5122fa835fd6f720c7086eb99a350453c
 2021-02-12 10:00:24 +00:00
Matus Marhefka 7eff8e155c Define _vpath_builddir macro as `build` 
SSG build system and tests count with build directory name build.
For more details see:
https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
 2021-02-11 15:57:54 +01:00
DistroBaker 1024ac71df Merged update from upstream sources 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/scap-security-guide.git#87cd1708755523e6873fb08ed6b27c21c4489f7f
 2021-02-05 19:59:06 +00:00
DistroBaker 33b97685b8 Merged update from upstream sources 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/scap-security-guide.git#439bd0b93151d9ae2886cb0af3f4371f132fa513
 2021-02-05 07:15:22 +01:00