content

content copied to clipboard

SUSE fix file_groupownership_home_directories

9

The oval check in file_groupownership_home_directories fails for SLE12 and SLE12. The rule.yml has followins check, which returns the following on my test system. ec2-user@ip-10-0-0-226:~> ls -ld $(awk -F: '($3>=1000)&&($7 !~...

brett060102

Improve handling of rsyslog files permissions fix wildcard path

5

#### Description: - Resubmitting #8726 with: - 2 more test scenarios for hidden and missing config files. - A small change in OVAL to ignore hidden config files. #### Rationale:...

yuumasato

Implement DISA check for auditing create_module for RHEL7

3

#### Description: Implements an auditd rule for create_module, which is checked for by DISA STIG. #### Rationale: - Upstream DISA check satisfying CCI-000172

lenox-joseph

Rule sysctl_net_ipv4_conf_all_forwarding fails after Ansible remediation

9

#### Description of problem: Rule sysctl_net_ipv4_conf_all_forwarding fails after Ansible remediation in the xccdf_org.ssgproject.content_profile_stig_gui profile Ansible remediation test. #### SCAP Security Guide Version: current upstream as of 2022-08-06 as of HEAD...

jan-cerny

OCP4: Look at rendered-config-xyz when checking FIPS, consolidate two rules

10

#### Description: We used to have two rules that were checking for the cluster being installed in FIPS mode, one was checking for an MC called 99-master-fips and was used...

jhrozek

Fix sysctl OVAL 5.10 build

6

#### Description: - Fix sysctl OVAL 5.10 build

ggbecker

Generate per profile testinfo tables from XCCDF 1.2

2

#### Description: This commit changes the `table-${PRODUCT}-${STIG_PROFILE}-testinfo.html` files generator to use the `ssg-${PRODUCT}-xccdf-1.2.xml` instead of `ssg-${PRODUCT}-xccdf.xml` as an input. #### Rationale: This reduces our dependency on XCCDF 1.1 so it...

jan-cerny

Test missing references in a data stream

7

#### Description: Update `profile_tool.py` to support also SCAP source data streams and change upstream test `missing-references` to consume data stream. For more details, please read commit message of every commit....

jan-cerny

Add mount_option rules to ANSSI SLE intermediary profile

3

#### Description: - Enable SLE12,SLE15 platforms for mount_option_opt_nosuid/noexec,mount_option_var_log_nosuid/noexec,mount_option_var_noexec/nosuid rules - Enable SLE12 platform for mount_option_boot_nosuid,mount_option_home_noexec,mount_option_nodev_nonroot_local_partitions,mount_option_boot_noexec - Add SLES CCE ids for mount_option_tmp and mount_option_var_tm

teacup-on-rockingchair

Use XCCDF 1.2 to generate STIG HTML table

2

#### Description: We will use `ssg-${PRODUCT}-xccdf-1.2.xml` to generate `table-${PRODUCT}-stig.html`. Note that the `stig_overlay.xml` file remains in the XCCDF 1.1 namespace, but the temporary internal file `unlinked-stig-xccdf.xml` will now be in...

jan-cerny