Jan Černý
70a32329b3
Update STIG and ANSSI for RHEL 9.3
...
- Remove OpenSSH crypto policy hardening rules from STIG profile
- Fix ANSSI High profile with secure boot
Resolves: rhbz#2221697
2023-08-17 13:38:26 +02:00
Jan Černý
611c1d3d69
Rebase to new upstream version 0.1.69
...
Resolves: rhbz#2221697
Resolves: rhbz#2209657
Resolves: rhbz#2211511
Resolves: rhbz#2172555
Resolves: rhbz#2223178
Resolves: rhbz#2155790
Resolves: rhbz#2193169
Resolves: rhbz#2203791
Resolves: rhbz#2213958
Resolves: rhbz#2060028
2023-08-10 10:43:42 +02:00
Watson Sato
5e6a5eeb83
Add rsyslog rainer support and rebase fixes
...
Resolves: rhbz#2169443
Resolves: rhbz#2169441
Resolves: rhbz#2169445
2023-02-13 17:52:36 +01:00
Watson Sato
b734798dc6
Rebase to a new upstream version 0.1.66
...
Resolves: rhbz#2169443
Resolves: rhbz#2169441
2023-02-13 17:45:04 +01:00
Gabriel Becker
fabf824399
OSPP: fix rule related to coredump.
...
Resolves: RHBZ#2081688
2022-08-25 17:28:44 +02:00
Vojtech Polasek
3453b75d6f
use sysctl_kernel_core_pattern instead of sysctl_kernel_core_pattern_empty_strin in RHEL9 OSPP
...
Resolves: rhbz#2081688
2022-08-23 17:10:35 +02:00
Matej Tyc
037ebbc98f
Readd rules to the benchmark
...
to be compatible across all minor versions of RHEL9
Resolves: rhbz#2117669
2022-08-11 17:19:26 +02:00
Vojtech Polasek
34b3a0af53
apply updates related to RHEL9 OSPP profile
...
Resolves: rhbz#1998583
Resolves: rhbz#2081688
Resolves: rhbz#2081728
Resolves: rhbz#2092799
Resolves: rhbz#2108569
Resolves: rhbz#2114979
2022-08-10 14:39:57 +02:00
Vojtech Polasek
14378e5ed6
rebase to upstream version 0.1.63
...
Resolves: rhbz#2070563
Resolves: rhbz#2108158
Resolves: rhbz#2108167
Resolves: rhbz#2108173
Resolves: rhbz#2108224
Resolves: rhbz#2108226
Resolves: rhbz#2109984
Resolves: rhbz#2109992
Resolves: rhbz#2109994
Resolves: rhbz#2110347
Resolves: rhbz#2110350
2022-08-01 11:25:54 +02:00
Vojtech Polasek
17023b428c
make rule stricter when checking for fips crypto-policies
...
Resolves: rhbz#2057082
2022-07-18 15:27:25 +02:00
Vojtech Polasek
5d949040cc
remove rules related to NIS services
...
Resolves: rhbz#2096602
2022-07-18 15:27:25 +02:00
Vojtech Polasek
7856efa997
remove sshd_enable_strictmodes from ospp
...
Resolves: rhbz#2105278
2022-07-18 15:27:25 +02:00
Vojtech Polasek
e5303b05ff
remove rules related to remote logging from RHEL9 OSPP
...
Resolves: rhbz#2105016
2022-07-18 15:27:25 +02:00
Vojtech Polasek
38ee77d936
remove rule accounts_password_minlen_login_defs from all profiles
...
Resolves: rhbz#2073040
2022-07-18 15:27:25 +02:00
Vojtech Polasek
11b3fb7bd6
add rules to check that systemd.debug-shell argument is absent from boot command line
...
Resolves: rhbz#2092840
2022-07-18 15:27:25 +02:00
Vojtech Polasek
2838eb99d0
add new rule to check only for grub2 recovery disabled to RHEL9 OSPP
...
Resolves: rhbz#2092809
2022-07-18 15:27:25 +02:00
Vojtech Polasek
71a4d79910
remove network-related sysctl rules from rhel9 ospp
...
Resolves:rhbz#2081708
2022-07-18 15:27:25 +02:00
Vojtech Polasek
3c0a847089
make sysctl_user_max_user_namespaces enforcing in RHEL9 OSPP
...
Resolves: rhbz#2083716
2022-07-18 15:27:25 +02:00
Vojtech Polasek
ac5b9ee8a7
drop zipl_vsyscall_argument from OSPP profiles
...
Resolves: rhbz#2060049
2022-07-18 15:27:25 +02:00
Vojtech Polasek
b76ea12151
make audit_access_success unenforcing for rhel9 ospp
...
Resolves: rhbz#2058154
2022-07-18 15:27:04 +02:00
Vojtech Polasek
e82ed5a624
remove sysctl_fs_protected_* rules from rhel9 ospp
...
Resolves: rhbz#2081719
2022-07-18 10:29:51 +02:00
Matej Tyc
2ffa1e068f
Rebase to 0.1.62
...
Resolves: rhbz#2070563
2022-06-01 11:36:32 +02:00
Gabriel Becker
71131794a9
Update rule enable_fips_mode to check only for technical state.
...
Resolves: rhbz#2057457
2022-02-23 14:49:52 +01:00
Gabriel Becker
517528cda1
Fix issue with getting STIG items in create_scap_delta_tailoring.py.
...
Resolves: rhbz#2014561
2022-02-23 14:49:49 +01:00
Gabriel Becker
3afe98eab5
Remove tmux process runinng check in configure_bashrc_exec_tmux.
...
Resolves: rhbz#2056847
2022-02-23 14:49:09 +01:00
Watson Sato
1dd162f258
Add page_aloc.shuffle rules for OSPP profile
...
Resolves: rhbz#2055118
2022-02-16 16:42:13 +01:00
Watson Sato
fb47aa3e38
Update description of OSPP profile
...
Resolves: rhbz#2045386
2022-02-16 12:39:50 +01:00
Watson Sato
5145dcab43
Fix fatal errors on Anible service disabled tasks
...
Resolves: rhbz#2014561
2022-02-15 19:10:19 +01:00
Gabriel Becker
cd3b90bce2
Updates to RHEL-9.0.0 content
...
Update sudoers rules in RHEL8 STIG V1R5
Add missing SRG references in RHEL8 STIG V1R5 rules
Update chronyd_or_ntpd_set_maxpoll to disregard server and poll directives
Fix GRUB2 rule template to configure the module correctly on RHEL8
Update GRUB2 rule descriptions
Make package_rear_installed not applicable on AARCH64
Resolves: rhbz#2045403
Resolves: rhbz#2014561
Resolves: rhbz#2020623
2022-02-14 19:24:32 +01:00
Watson Sato
9887c6a84e
Update OSPP Profile
...
Resolves: rhbz#2016038
Resolves: rhbz#2043036
Resolves: rhbz#2020670
Resolves: rhbz#2046289
2022-02-11 22:37:28 +01:00
Watson Sato
a44269807e
Rebase to the 0.1.60 upstream version
...
Resolves: rhbz#2014561
2022-01-27 17:21:52 +01:00
Gabriel Becker
21b368fa76
Enable Centos Stream 9 content
...
Resolves: rhbz#2021284
2021-12-15 14:31:02 +01:00
Gabriel Becker
24b45263d8
Rebase to the 0.1.59 upstream version
...
Resolves: rhbz#2014561
2021-12-15 14:29:01 +01:00
Matej Tyc
8449267905
Rebase to the 0.1.58 upstream version
...
Resolves: rhbz#2014561
2021-11-08 11:14:49 +01:00
Matej Tyc
30760905b3
Fix remediations applicability of zipl rules
...
Resolves: rhbz#1996847
2021-08-25 14:24:09 +02:00
Matej Tyc
bd64402d52
Fix a broken HTTP link, add CIS profile based on RHEL8 CIS, fix its Crypto Policy usage
...
Resolves: rhbz#1962564
2021-08-24 17:14:29 +02:00
Matej Tyc
c9032c1d61
Deliver numerous RHEL9 fixes to rules
...
Deliver ISM kickstarts
Resolves: rhbz#1987227
Resolves: rhbz#1987226
Resolves: rhbz#1987231
Resolves: rhbz#1988289
Resolves: rhbz#1978290
2021-08-20 09:41:48 +02:00
Matej Tyc
cae8e44f84
Use SSHD directory configuration
...
Resolves: rhbz#1962564
2021-08-19 16:40:55 +02:00
Mohan Boddu
1f83058625
Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
...
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-10 00:47:35 +00:00
Matej Tyc
dac4498bd5
Rebase to a new upstream release
...
Resolves: rhbz#1962564
2021-07-29 18:03:43 +02:00
Matus Marhefka
d304e27197
Add kickstarts in %files section
...
Kickstarts are already available in the upstream
and we need them in `%files` section in order to
create a test build from upstream.
Resolves: rhbz#1962564
2021-07-19 09:30:39 +02:00
Matej Tyc
ffdbed0b4e
Fix earlier omissions
...
Fix cmake options listing - all options have to have trailing backslashes except the last one.
Port a PR that implements support for per-rule playbooks.
Resolves: rhbz#1962564
2021-07-09 12:19:13 +02:00
Matej Tyc
a300600b35
>Port 8.5 changes to the package to RHEL9
...
Also deal with missing CCE issues.
Resolves: rhbz#1962564
2021-07-09 11:23:22 +02:00
Matej Tyc
5f5226d27a
Ported more rules and profiles to RHEL9
...
Resolves: rhbz#1962564
2021-07-02 10:47:13 +02:00
Jan Černý
449d853fce
First release of SSG for RHEL9
...
- rebase the package to the latest upstream release (0.1.56)
- remove README.md and Contributors.md
- remove SCAP component files
- remove SCAP 1.2 source data streams
- remove HTML guides for the virtual “(default)” profile
- remove profile Bash remediation scripts
- build only RHEL9 content
- remove other products
- use autosetup in %prep phase
Resolves: rhbz#1962564
2021-06-03 10:58:04 +02:00
Mohan Boddu
c48b2c6da0
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
...
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 05:33:22 +00:00
DistroBaker
d6d729cb9f
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/scap-security-guide.git#21f968f5122fa835fd6f720c7086eb99a350453c
2021-02-12 10:00:24 +00:00
Matus Marhefka
7eff8e155c
Define _vpath_builddir macro as build
...
SSG build system and tests count with build directory name build.
For more details see:
https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
2021-02-11 15:57:54 +01:00
DistroBaker
1024ac71df
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/scap-security-guide.git#87cd1708755523e6873fb08ed6b27c21c4489f7f
2021-02-05 19:59:06 +00:00
DistroBaker
33b97685b8
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/scap-security-guide.git#439bd0b93151d9ae2886cb0af3f4371f132fa513
2021-02-05 07:15:22 +01:00