content

content copied to clipboard

Rule descriptions not up-to-date with the latest STIG

1

#### Description of problem: The rule descriptions are not up-to-date with the latest STIG. For example, after the update of the [RHEL 9 STIG](https://github.com/ComplianceAsCode/content/commit/cefcc10d5a9b855f1ae8c2029b890bb416dd49b0), the [policy/stig/shared.yml](https://github.com/ComplianceAsCode/content/blob/e7644a0bf5d3993fd229ff6965c758881ea85e83/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/policy/stig/shared.yml) description of the `sysctl_kernel_yama_ptrace_scope`...

0intro

Multiple formats used in NIST 800-53 control ID references

6

#### Share the context Analysis of NIST rev5 control ID references in OpenEmbedded expanded profile revealed some discrepancies when trying to map references to the OSCAL profiles from NIST. ####...

sarnold

Fixes debian

4

#### Description: - update debian12 profiles - update a chronyd rule to handle debian /etc sub-directories organization. - fix a regex in sysctl template

a-skr

Adjust how `add_kubernetes_rule.py` determines template filepath

7

#### Description: - Adjust how `utils/add_kubernetes_rule.py` determines the resouces `filepath`. - Let's use the last GET attempt instead of the first one. In some cases `oc` makes multiple requests. ```...

yuumasato

remove logind_session_timeout from stig_gui profiles

3

#### Description: - deselect the rule in stig_gui profiles for rhel8, rhel9m, rhel10 products - add explaining comment - remove rhel8 stigid from the rule as it is static ####...

vojtapolasek

#### Description of problem: The regex in macro sysctl_match from sysctl template captures whitespaces too. This leads to errors like: ``` I: oscap: Item '1012276' compared to state 'oval:ssg-state_static_sysctld_sysctl_net_ipv6_conf_all_disable_ipv6:ste:1' with...

a-skr

Playbook stops at TASK [Ensure NetworkManager is installed]

2

#### Description of problem: Ansible Playbook for CIS Ubuntu 22.04 Level 1 Server Benchmark stops at `TASK [Ensure NetworkManager is installed] ` #### SCAP Security Guide Version: Profile ID: xccdf_org.ssgproject.content_profile_cis_level1_server...

PiRomant

Add skeleton for product support SLE Micro OS

3

#### Description: - Add support for SUSE Linux Enterprise Micro OS product #### Rationale: - Add required definitions to support slemicro product

teacup-on-rockingchair

CMP-2400: exclusion of the namespace for `resource-requests-quota-per-project`

9

We have excluded RHACS from the default namespace check. We don't want to relax our rule too much for the optional operators, as it might increase security risk, instead, the...

Vincent056

Review PCI-DSS requirements and rules for RHEL 10

4

#### Description: RHEL 10 product is not yet available, but this review intended to check probable changes in packages, modules or configurations that could impact PCI-DSS profile in the future....

marcusburghardt