content

content copied to clipboard

Add SCE check to socket_disabled template

2

During the build of bootable container images we can't use OVAL check in rules from the socket_disabled template because the OVAL tests depend on dbus which isn't available in that...

jan-cerny

Fix inventory_test_kernel_installed for SLE

3

#### Description: - _Fix inventory_test_kernel_installed for SLE_ #### Rationale: - _The SLE package is kernel-default_

svet-se

Introduce bootc remediation type

3

This PR introduces support for new remediation type "bootc". Remediations of this type will be generated only internally by the future `oscap-bootc` script. They aren't supposed to be generated by...

jan-cerny

#### Description of problem: Automatus tests fail with "Environment failed to prepare" when rules, which are not applicable to containers (e.g. platform is machine,system_with_kernel,systemd,...), are tested in a container environment,...

mpurg

DEB822 format not supported in ssg-debian12 .

1

#### Description of problem: The regex's for `oval:ssg-apt_sources_list_official:def:1` do not support [DEB822 format](https://manpages.debian.org/bookworm/dpkg-dev/deb822.5.en.html) and therefore return a false positive. ``` ^/etc/apt/sources(.d\/[a-zA-Z0-9]+){0,1}.list$ ^deb[\s]+http://[a-z\.]+\.debian\.org/debian[/]?[\s]+bookworm[\s]+main 1 ^/etc/apt/sources(.d\/[a-zA-Z0-9]+){0,1}.list$ ^deb[\s]+http://security\.debian\.org/debian-security[/]?[\s]+bookworm-security[\s]+main 1 ``` #### SCAP Security...

jwsapienza

Support for Ubuntu 24.04 Noble

1

#### Description of problem: Trying to understand why the 'ssg-debderived' package contains configurations up to 22.04, but not for 24.04 (a.k.a. Noble), even though it's been out for six months...

rossigee

Add rules to support remote offload of journal logs

8

#### Description: - Add rules to support remote offload of journal logs to Slmicro5 STIG #### Rationale: - Add rules and remediations to configure remote url, tls certificate and key...

teacup-on-rockingchair

#### Description of problem: Remediating ie. `stig` using OSBuild (Image Builder) via an oscap-generated Blueprint, which contains ``` [customizations.openscap] profile_id = "xccdf_org.ssgproject.content_profile_stig" ... ``` on a Secure Boot (UEFI) virtual...

comps

Load all the profile if not loaded for Ubuntu

7

#### Description: - Load all the profile if not loaded for Ubuntu without change the mode of loaded profiles #### Rationale: - We change the default mode to enforce for...

alanmcanonical

Check whether all the profiles already parsed and loaded into the kernel

3

#### Description: - Check whether all the profiles already parsed and loaded into the kernel #### Rationale: - Make sure the apparmor is aware of all the profiles under /etc/apparmor.d/...

alanmcanonical