content

content copied to clipboard

Update the profile STIG for OL9

5

#### Description: STIG profiles for OL9 are updated based on preliminary DISA requirements #### Rationale: This is a draft set variables and rules within the profile to better align with...

mrkanon

Fixing rule title for CMP-2485

7

#### Description: Rule `route_ip_whitelist` had an incorrect title and it is pointing to `routes_rate_limit`. #### Rationale: Fixes [CMP-2485](https://issues.redhat.com/browse/CMP-2485) #### Review Hints: Both the rules `ocp4-route-ip-whitelist` and `ocp4-routes-rate-limit` in compliance operator...

rutvik23

Clean Up Tests Due to RHEL 7 Removal

3

#### Description: Clean Up Tests Due to RHEL 7 Removal #### Rationale: Ensure tests are in a good state after RHEL 7 removal.

Mab879

Pin GitHub actions using Frizbee

3

Hey 👋🏻 ! #### Description: This commit pins actions to their commit hash. If this is of interest to CaC, I can also open another PR with [an action](https://github.com/stacklok/frizbee-action) that...

jhrozek

Update status for CIS 1.2.31

4

We implemented support for checking aesgcm encryption ciphers in https://github.com/ComplianceAsCode/content/pull/10974 but never removed the comment or updated the status in the control file. This commit updates the status since it's...

rhmdnd

align template systemd_dropin_configuration

5

#### Description: - correct and simplify the bash remediation for the template - modify test scenarios #### Rationale: - the Bash remediation was creating invalid configuration files because they were...

vojtapolasek

`socket_systemd-journal-remote_disabled` fails for CIS profiles after Anaconda installation

2

#### Description of problem: `socket_systemd-journal-remote_disabled` rule fails for all variants of CIS profile after Anaconda installation. According to final HTML report, the socket is not masked: Test that the property...

mildas

Fix for 'xccdf_org.ssgproject.content_rule_accounts_password_pam_retry' breaks `passwd`

6

#### Description of problem: Fix for 'xccdf_org.ssgproject.content_rule_accounts_password_pam_retry' breaks `passwd` #### SCAP Security Guide Version: Benchmark Version: 0.1.73 #### Operating System Version: Ubuntu 22.04.4 LTS #### Steps to Reproduce: Execute Bash...

PiRomant

Add Amazon Linux 2 support

8

#### Description: This PR adds [Amazon Linux 2](https://aws.amazon.com/fr/amazon-linux-2) support. This series of changes is based on the Amazon Linux 2 support, available as part of the `scap-security-guide-0.1.40-12.amzn2.0.1.1.src.rpm` package (2019-04-19), distributed...

0intro

`sshd_use_approved_ciphers` fails for all CIS profiles in all test cases

1

#### Description of problem: `sshd_use_approved_ciphers` fails to remediate (`error` during remediation) resulting to `fail` during final test scan. The problem is in CIS Server L1, CIS Server L2, CIS Workstation...

mildas