James Cassell
James Cassell
This is a rebase of #887 depends on https://github.com/rpm-software-management/libdnf/pull/751
It would be helpful to optionally have abduco perform an action after no input from the user for a configurable period of time. This could be either just a "session...
V1R24
**NEW** - [ ] RHEL-06-000534 V-97229 `fips=1` in the kernel cmdline - [ ] RHEL-06-000244 V-97231 FIPS compliant MACs in sshd_config **UPDATED** - [x] RHEL-06-000078 thru RHEL-06-000099 `sysctl --system` to...
- [ ] REMOVED V-38439 The system must provide automated support for account management functions. - [ ] Audit Rules: require both b32 and b64 everywhere - [ ] V-38679...
- [ ] V-92257- Added a requirement that requires system and application account passwords to be changed at least annually. - [ ] V-38682- Updated both "grep" commands in the...
yum tasks with 'state: absent' should be gated behind a distruption-high option similar to that in RHEL7-STIG role. The exception should be CAT 1 items that don't have an 'unless...
- [ ] V-81443 – Added Requirement to require the installation and use of antivirus leaving other configurations to the AV product STIGs. (CAT II) - [x] V-81445 - Added...
There is an "AUDIT" task that is useless, and there is no associated PATCH task. Something similar was implemented for V-57569: https://github.com/MindPointGroup/RHEL6-STIG/blob/76bbbbd7f1384295d9283a0a530a6915e6e7f328/tasks/cat2.yml#L2169-L2185
The STIG says to set these values: ``` xferlog_enable=YES xferlog_std_format=NO log_ftp_protocol=YES ``` We only set the first one.
The defaults chosen for this project sometimes fail the scap-security-guide checks. It would be nice to create a tailoring file for variables here that would allow ssg to pass its...