content

content copied to clipboard

#### Description of problem: RHEL uses the negated form of KexAlgorithm for `sshd_strong_kex` values, e.g. https://github.com/ComplianceAsCode/content/blob/ffe714f9387f75542aeaef31f24a16860f0b168a/linux_os/guide/services/ssh/sshd_strong_kex.var#L16 This is not compatible with the OVAL logic in rule `sshd_use_strong_kex`, which checks that...

mpurg

OCPBUGS-52862: Do not unselect rules from RHCOS4 STIG profile

2

#### Description: - Do not unselect valid and applicable rules from RHCOS4 STIG profile #### Rationale: - At some point these rules didn't have the appropriate prodytpe and were not...

yuumasato

OCPBUGS-47485: Only list CLO output urls when they exist

6

#### Description: - This changes the jq filter to grab on the maps that have a url key. #### Rationale: - When the output had more than one map, it...

yuumasato

False Positive finding with `harden_sshd_ciphers_openssh_conf_crypto_policy` on Gitlab UBI 9 container

1

#### Description of problem: - The check `xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy` in STIG mode presents a false positive finding when ran on our minimized UBI 9 containers. - I have not identified the...

awilmo8

False Positive finding with `configure_openssl_tls_crypto_policy` on UBI 9 container

1

#### Description of problem: - The check `xccdf_org.ssgproject.content_rule_configure_openssl_tls_crypto_policy` in STIG mode presents a false positive finding if ran on a minimized redhat UBI container that does not have the `sudo`...

awilmo8

`harden_sshd_ciphers_openssh_conf_crypto_policy` and `harden_sshd_macs_openssh_conf_crypto_policy` fail to remediate in the RHEL 8 STIG

2

#### Description of problem: The `harden_sshd_ciphers_openssh_conf_crypto_policy` and `harden_sshd_macs_openssh_conf_crypto_policy` rules fail to remiedate #### SCAP Security Guide Version: d803e82797c78a12666ce1b9e23f73693225de86 #### Operating System Version: RHEL 8 #### Steps to Reproduce: 1. Run...

Mab879

`logind_session_timeout` is misaligned with DISA

1

#### Description of problem: The content is misaligned with an external (third party) content that targets the same policy - typically, this means that a system hardened by our content...

comps

Add rhcos4 Profile for BSI Grundschutz

10

#### Description: This PR adds two control files, enhances a profile profile and adds a rule. #### Rationale: Customers were asking for a OpenShift Compliance Operator Profile for BSI. Our...

sluetze

Retire old TLS Cipher Checks and homogenize the active ones

5

#### Description: Removing `kubelet_configure_tls_cipher_suites_openshiftapiserver_operator` and `kubelet_configure_tls_cipher_suites_kubeapiserver_operator` and renaming `kubelet_configure_tls_cipher_suites_ingresscontroller` to create a more concise structure this is part of a larger effort to make all TLS Cipher Suites and their...

sluetze

grub2 argument rules are misaligned with DISA

2

#### Description of problem: On 2025-02-12 the daily productization run showed that the following rules failed tests `/scanning/disa-alignment/anaconda`, `/scanning/disa-alignment/ansible` and `/scanning/disa-alignment/oscap` on RHEL 8.10: - grub2_pti_argument - grub2_vsyscall_argument - grub2_page_poison_argument...

jan-cerny