content issues

Defined notes and Rules for BSI APP.4.4.A6-7

4

#### Description: Notes / Rules for BSI APP4.4.A6 - APP4.4.A7 added. #### Rationale: As we have multiple customers asking for a BSI profile to be included in the compliance-operator, we...

sluetze

do-not-merge/work-in-progress

needs-ok-to-test

BSI

Scap Security Guide for Amazon Linux 2/ 2023 versions

4

### Discussed in https://github.com/ComplianceAsCode/content/discussions/10999 Originally posted by **prasannakumarkn** August 16, 2023 I have fetched the latest release for SSG - scap-security-guide-0.1.69 and however I am not seeing AmazonLinux2 SSG, can...

hipponix

Rule accounts_password_pam_pwhistory_remember_password_auth is misaligned with DISA

2

#### Description of problem: SSG content passes, but DISA content fails. DISA content checks only for `/etc/pam.d/password-auth: pam_pwhistory.so has remember set to 5 or greater` Filepath | Pattern | Instance...

mildas

productization-issue

RHEL9

RHEL8

STIG

blocked

triaged

PCI-DSS generated blueprint missing `firewalld` package

#### Description of problem: The image builder blueprint generated content requires the `firewalld` service to be running but the package is not included in the list of packages to be...

kingsleyzissou

Blueprint

RHEL8

pci-dss

compare_results.py: show rule ID in case one of results is "not applicable"

#### Share the context This was discovered when comparing results gained from scans with our content versus scans with DISA provided SCAP. #### Description of problem: In case where one...

vojtapolasek

enhancement

Defined notes and rules for control BSI APP.4.4.A5

14

#### Description: To check against BSI APP4.4.A5 this commit adds two rules 1. etcd backup rule (manual) 2. a check for CRDs of known backup solutions #### Rationale: - _Rationale...

sluetze

OpenShift

needs-ok-to-test

do-not-merge/hold

BSI

RHEL-08-010162 removing krb5-workstation despite being version-compliant

#### Description of problem: https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2023-09-11/finding/V-230239 The above STIG states that the krb5-workstation package must not be installed on RHEL 8. However, it states in the check text: > If the...

GitYukari

RHEL

STIG

RHEL-08-010130 not mitigated in STIG Ansible playbook

#### Description of problem: The rhel8-playbook-stig.yml Ansible playbook includes checks and fixes for the STIG: https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2023-09-11/finding/V-230233 The STIG requires `SHA_CRYPT_MIN_ROUNDS` to be present in the file and set to `5000`...

GitYukari

RHEL

STIG

RHEL-08-010671 and RHEL-08-040282 missing paths per STIG

#### Description of problem: The DISA STIG for RHEL-08-010671 (RHEL 8 must disable the kernel.core_pattern) is here: https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2023-09-11/finding/V-230311 The DISA STIG for RHEL-08-040282 (RHEL 8 must restrict usage of ptrace...

GitYukari

RHEL

STIG

UX Improvments for ./utils/gen_rendered_policies_index.py

#### Share the context The script will works on built policies as of #11667 and if there is no content It will just build an empty index. #### Proposed change:...

Mab879

enhancement

content
content copied to clipboard

Metadata

Defined notes and Rules for BSI APP.4.4.A6-7

Scap Security Guide for Amazon Linux 2/ 2023 versions

Rule accounts_password_pam_pwhistory_remember_password_auth is misaligned with DISA

PCI-DSS generated blueprint missing `firewalld` package

compare_results.py: show rule ID in case one of results is "not applicable"

Defined notes and rules for control BSI APP.4.4.A5

RHEL-08-010162 removing krb5-workstation despite being version-compliant

RHEL-08-010130 not mitigated in STIG Ansible playbook

RHEL-08-010671 and RHEL-08-040282 missing paths per STIG

UX Improvments for ./utils/gen_rendered_policies_index.py

← Metadata

Owner

Metadata

content content copied to clipboard

Metadata

← Metadata

Owner

Metadata

content
content copied to clipboard