content

content copied to clipboard

Discrepency between rule description and rule check, remediation snippet/script in Debian 12 guide anssi bp28 high and enhanced

2

#### Description of problem: Rule descriptions in "Ensure That the sudo Binary Has the Correct Permissions" for guide bp28 enhanced and high of debian 12 differ from the rule checked...

gitols

Why is configure_crypto_policy checking for existence of /etc/crypto-policies/back-ends/nss.config?

1

#### Description of problem: The `configure_crypto_policy` rule checks for the [existence](https://github.com/ComplianceAsCode/content/blob/cbfa007df7f249a2823f11c0a701d030d8502995/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/oval/shared.xml#L89) of the `/etc/crypto-policies/back-ends/nss.config` file, without reading its content nor verifying if it's a symlink. #### SCAP Security Guide Version:...

0intro

banner_etc_issue test scenario is using wrong variable

4

#### Description of problem: During our productization, per-rule test /per-rule/oscap/2/banner_etc_issue/banner_etc_issue_disa_dod_short.pass fails. I think there might be problem in the variable which is used in the test scenario. This PR introduced...

vojtapolasek

Hello, It appears that the regex used in ssg-object_no_runas_spec may incorrectly trigger a failure for the 'sudoers_no_root_target' rule by matching Defaults lines in the /etc/sudoers file, which are not user...

LH-Lawliet

Rule no_invalid_shell_accounts_unlocked is failing due to regular user

1

#### Description of problem: Rule no_invalid_shell_accounts_unlocked is failing on Ubuntu 24.04 from the regular user. #### SCAP Security Guide Version: Package: ssg-debderived Version: 0.1.76-1 #### Operating System Version: 24.04.2 LTS...

pietro028

fix noschedule rules for hcp

2

#### Description: This PR rewrites the master_taint_noschedule test in a way that is compatible with Hypershift. #### Rationale: When running the bsi-profile on a hosted cluster in hypershift, the api-checks...

sluetze

#### Description of problem: These rules got improved in https://github.com/ComplianceAsCode/content/pull/13665. They now support dropin files, but DISA STIG mandates that the configuration is in /etc/systemd/coredump.conf only. #### Details: This content...

vojtapolasek

#### Description of problem: In `controls/stig_rhel9.yml`, var_multiple_time_servers is defined but there is no rule actually check this variable. According to my finding, rule `chronyd_configure_pool_and_server` should be added. stig_rhel8 has the...

alanmcanonical

Kubernetes content is specific to OpenShift

2

#### Description of problem: OpenShift was the first kubernetes distribution with content in this repository. As a result, many of the rules and rule groups in `applications/openshift` are OpenShift-specific. Now...

rhmdnd

SSH Client Alive Count Max and Interval not updated on default sshd_config

1

#### Description of problem: After running the playbook, following 2 values are not set in /etc/ssh/sshd_config on a new install RHEL 8.8 machine: ClientAliveInterval 900 ClientAliveCountMax 0 **** #### SCAP...

stwongst