content

content copied to clipboard

Rule `account_password_selinux_faillock_dir` is failing in `anaconda-ostree` and `bootc-image-builder` tests

3

#### Description of problem: The rule is failing in Image Mode #### SCAP Security Guide Version: 95222edc12b4689c6d72115ddc748281427e895e #### Operating System Version: RHEL10, RHEL9 #### Steps to Reproduce: 1. Run productization...

evgenyz

#### Description of problem: The content is misaligned with an external (third party) content that targets the same policy - typically, this means that a system hardened by our content...

crmoore

Build SCE by Default

1

Based on the comment below. We should explore building SCE by default. > Why not instead get rid of the option completely and always build SCEs? > > Is there...

Mab879

Rule `set_password_hashing_yescrypt_cost_factor_logindefs` fails SCAP validation (SRC-38-1)

3

#### Description of problem: Valid SCAP content must correctly coerce XCCDF and OVAL datatypes for external variables. The variable `var_password_yescrypt_cost_factor_login_defs` is defined as `number` but imported in the `set_password_hashing_yescrypt_cost_factor_logindefs` as...

evgenyz

Create SLE Micro 5 General profile

2

#### Description: - _Create SLE Micro 5 General profile_ #### Rationale: - _This profile contains configuration checks that align to the General System Security Profile for SUSE Linux Enterprise Micro...

svet-se

Private Vulnerability Disclosure not Enabled

5

#### Description of problem: We have vulnerability disclosure and we would like to use GitHub's private vulnerability disclosure feature, can you please enable it on the repo ? Or otherwise...

fproulx-boostsecurity

Implement mount_option_tmp_noexec for slmicro5 platform

2

#### Description: - Implement mount_option_tmp_noexec for slmicro5 platform #### Rationale: - Make sure that for slmicro5 platform we do check that noexec option is set for the tmp partition -...

teacup-on-rockingchair

Enable audit configure rules for slmicro5

2

#### Description: - Enable audit configure rules for slmicro5 #### Rationale: - Enable slmicro5 platform for audit_rules_immutable and audit_rules_session_events rules

teacup-on-rockingchair

Slmicro5 disable ipv6 rules

2

#### Description: - Patches related to disable ipv6 rules for SL Mirco 5 platforms #### Rationale: - Make sure sysctl ipv6 is applicable on platform basis - Make sure that...

teacup-on-rockingchair

Add CCE for rsyncd disabled rule to slmicro5

2

#### Description: - Make sure rsyncd service disabled rule has valid CCE for slmicro5 #### Rationale: - Add slmicro5 CCE to the rule and drop it from the available list

teacup-on-rockingchair