Gabriel Becker
Gabriel Becker
How to reproduce `./build_product rhel9 --debug --datastream-only` `python build-scripts/profile_tool.py sub --profile2 build/rhel9/profiles/srg_gpos.profile --profile1 build/rhel9/profiles/stig.profile --ssg-root . --product rhel9 --build-config-yaml build/build_config.yml`
It's probably a good idea to remove the rules from the SLE15 profiles as well: ``` 13 results - 4 files products/sle15/profiles/hipaa.profile: 100 - audit_rules_kernel_module_loading_init 101: - audit_rules_login_events_faillock 102 -...
The change in the DISA content should be the target. The community has also asked for this change and I've also asked DISA to update the verbiage to include the...
I envision creating a rule that contains only the text part and rationale since we cannot detect which account usernames are intentional or not, it's up to the System Administrator...
> `Accounts such as "games" and "gopher" are not authorized accounts as they do not support authorized system functions.` > > So, we can do all of the items. >...
this got fixed by: https://github.com/ComplianceAsCode/content/pull/7484
> The script used to create the files could be changed change the title. Also, we can double check the changelog for the GPOS SRG V2R2 as well to see...
this makes me think that the whole process should be dynamic which generates all the required files during the build system. Otherwise we can endup with outdated files when a...
If I'm not mistaken there was an issue on DISA's SCAP content: ``` /etc/profile.d \.sh$ ^\s*if\s+\[\s*"\$PS1"\s*\];\s+then\s+parent=\$\(ps\s+-o\s+ppid=\s+-p\s+\$\$\)\s+name=\$\(ps\s+-o\s+comm=\s+-p\s+\$parent\)\s+case\s+"\$name"\s+in\s+\(sshd\|login\)\s+exec\s+tmux\s+;;\s+esac\s+fi\s*$ 1 ``` ```diff --git a/shared/references/disa-stig-rhel8-v1r5-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v1r5-xccdf-scap.xml index 1bd2fb7b65..98824cca23 100644 --- a/shared/references/disa-stig-rhel8-v1r5-xccdf-scap.xml +++ b/shared/references/disa-stig-rhel8-v1r5-xccdf-scap.xml @@...