-
Sun Nov 22 2015 Jingdong Lu <jingdong.lu@oracle.com> 0.1.25-3.0.2
- Update "Security Policy" UI interface during installation [22127080]
-
Thu Nov 19 2015 Jacob Wang <jacob.wang@oracle.com> 0.1.25-3.0.1
- Oracle files:docs/RedHat/en-US/images/image_right.png docs/RedHat/en-US/images/rhlogo.png docs/RedHat/en-US/images/documentation.png docs/RedHat/en-US/images/image_left.png
- Oracle files:JBossEAP5/docs/jboss_logo.png JBossFuse6/docs/jboss_logo.png
- Fixed initial OL CPE patch placing oval cpe checks to shared/oval (ilya.okomin@oracle.com)
- Updated platform metadata value: multi_platform_all (ilya.okomin@oracle.com)
- Replace jboss_logo.png and redhat image under docs/RedHat/en-US/images/ in tarball.
- Added OL6 and OL7 CPE names approved by NIST support (ilya.okomin@oracle.com)
- Update description for Oracle Linux
-
Fri Oct 02 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.25-3
- Drop "Verify and Correct File Permissions with RPM" rule from the PCI-DSS
profile for Red Hat Enterprise Linux 7 (RH BZ#1267861)
-
Wed Sep 09 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.25-2
- Update R and BR for the openscap-scanner package to 1.2.5 per RHBZ#1202762#c7
-
Wed Aug 19 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.25-1
- Rebase to upstream 0.1.25 release
-
Tue Aug 04 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.24-4
- Fix false-positive in OVAL check for 'accounts_passwords_pam_faillock_deny'
rule
-
Mon Aug 03 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.24-3
- Add remediation script for 'accounts_passwords_pam_faillock_unlock_time' rule
for Red Hat Enterprise Linux 7 product
- Override title and description for all existing profiles for Red Hat
Enterprise Linux 6 product that are extending another SCAP profile
(RHBZ#1246529)
- Correct various issues in the included Oscap Anaconda Addon PCI-DSS profile
kickstart file for Red Hat Enterprise Linux 7 product
- Add remediation script for 'audit_rules_time_clock_settime' rule for
Red Hat Enterprise Linux 7 product
- Add remediation scripts for 'audit_rules_time_adjtimex',
'audit_rules_time_settimeofday', and 'audit_rules_time_stime' rules for
Red Hat Enterprise Linux 7 product
- Tag current PCI-DSS profile for Red Hat Enterprise Linux 7 product with
"Draft" label
- Disable the following rules in the PCI-DSS profile for the Red Hat Enterprise
Linux 7 product:
* dconf_gnome_screensaver_idle_delay -- missing remediation script,
* dconf_gnome_screensaver_idle_activation -- missing remediation script,
* dconf_gnome_screensaver_lock_enabled -- missing remediation script,
* audit_rules_login_events -- incorrect OVAL check (upstream issue #607),
* audit_rules_privileged_commands -- missing remediation script, and
* audit_rules_immutable -- missing remediation script.
-
Mon Aug 03 2015 Martin Preisler <mpreisle@redhat.com> 0.1.24-2
- Break-down firewalld rule description for Red Hat Enterprise Linux 7 product
into multiple lines, prevents HTML guide UX issues
-
Tue Jul 07 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.24-1
- Rebase to upstream scap-security-guide-0.1.24 version
- Start producing the -doc subpackage to provide the HTML formatted
documents containing security guides generated from shipped XCCDF benchmarks
-
Mon Jun 22 2015 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.23-1
- Rebase to upstream scap-security-guide-0.1.23 version
- Update upstream tarball source URL to GitHub archive location
- Drop the following patches that have been accepted upstream:
* scap-security-guide-0.1.19-rhel7-include-only-rht-ccp-profile.patch
* scap-security-guide-0.1.19-rhel7-drop-restorecond-since-in-optional.patch
* scap-security-guide-0.1.19-update-man-page-for-rhel7-content.patch
* scap-security-guide-0.1.19-rhel7-update-pam-XCCDF-to-use-pam_pwquality.patch
* scap-security-guide-0.1.20-rhel7-shared-fix-limit-password-reuse-remediation.patch
* scap-security-guide-0.1.20-rhel6-rhel7-PR#280-set-deny-prerequisite-#1.patch
* scap-security-guide-0.1.20-rhel6-rhel7-set-deny-prerequisite-#2.patch
* scap-security-guide-0.1.20-shared-fix-set-deny-for-failed-password-attempts-remediation.patch
* scap-security-guide-0.1.20-rhel7-specify-exact-profile-name-when-generating-guide.patch
- Include the datastream versions of Firefox and Java Runtime Environment (JRE) benchmarks
- Include USGCB and DISA STIG profile kickstart files for Red Hat Enterprise Linux 6
-
Tue Oct 21 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.19-2
- Fix Limit Password Reuse remediation script error
- Fix Set Deny For Failed Password Attempts remediation script error
- Use RHT-CCP profile name when generating HTML guide
- Describe RHT-CCP profile in the manual page
-
Mon Sep 29 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.19-1
- Include RHEL-7 content (RHT-CCP profile only)
- Drop RHEL-7 restorecond XCCDF rule since policycoreutils-restorecond in Optional channel
- Drop RHEL-7 cpuspeed XCCDF rule since obsoleted by cpupower from kernel-tools
- Update manual page to be more appropriate for RHEL-7
- Drop RHEL-6 C2S profile update patch since merged upstream
-
Tue Sep 02 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.18-4
- Initial build for Red Hat Enterprise Linux 7
-
Thu Aug 28 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.18-3
- Update C2S profile <description> per request from CIS
-
Thu Jun 26 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.18-2
- Include the upstream STIG for RHEL 6 Server profile disclaimer file too
-
Sun Jun 22 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.18-1
- Make new 0.1.18 release
-
Wed May 14 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.17-2
- Drop vendor line from the spec file. Let the build system to provide it.
-
Fri May 09 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.17-1
- Upgrade to upstream 0.1.17 version
-
Mon May 05 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.16-2
- Initial RPM for RHEL base channels
-
Mon May 05 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1.16-1
- Change naming scheme (0.1-16 => 0.1.16-1)
-
Fri Feb 21 2014 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-16
- Include datastream file into RHEL6 RPM package too
- Bump version
-
Tue Dec 24 2013 Shawn Wells <shawn@redhat.com> 0.1-16.rc2
+ RHEL6 stig-rhel6-server XCCDF profile renamed to stig-rhel6-server-upstream
-
Mon Dec 23 2013 Shawn Wells <shawn@redhat.com> 0.1-16.rc1
- [bugfix] RHEL6 no_empty_passwords remediation script overwrote
system-auth symlink. Added --follow-symlink to sed command.
-
Fri Nov 01 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-15
- Version bump
-
Sat Oct 26 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-15.rc5
- Point the spec's source to proper remote tarball location
- Modify the main Makefile to use remote tarball when building RHEL/6's SRPM
-
Sat Oct 26 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-15.rc4
- Don't include the table html files two times
- Remove makewhatis
-
Fri Oct 25 2013 Shawn Wells <shawn@redhat.com> 0.1-15.rc3
- [bugfix] Updated rsyslog_remote_loghost to scan /etc/rsyslog.conf and /etc/rsyslog.d/*
- Numberous XCCDF->OVAL naming schema updates
- All rules now have CCE
-
Fri Oct 25 2013 Shawn Wells <shawn@redhat.com> 0.1-15.rc2
- RHEL/6 HTML table naming bugfixes (table-rhel6-*, not table-*-rhel6)
-
Fri Oct 25 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-15.rc1
- Apply spec file changes required by review request (RH BZ#1018905)
-
Thu Oct 24 2013 Shawn Wells <shawn@redhat.com> 0.1-14
- Formal RPM release
- Inclusion of rht-ccp profile
- OVAL unit testing patches
- Bash remediation patches
- Bugfixes
-
Mon Oct 07 2013 Jan iankko Lieskovsky <jlieskov@redhat.com> 0.1-14.rc1
- Change RPM versioning scheme to include release into tarball
-
Sat Sep 28 2013 Shawn Wells <shawn@redhat.com> 0.1-13
- Updated RPM spec file to fix rpmlint warnings
-
Wed Jun 26 2013 Shawn Wells <shawn@redhat.com> 0.1-12
- Updated RPM version to 0.1-12
-
Fri Apr 26 2013 Shawn Wells <shawn@redhat.com> 0.1-11
- Significant amount of OVAL bugfixes
- Incorporation of Draft RHEL/6 STIG feedback
-
Sat Feb 16 2013 Shawn Wells <shawn@redhat.com> 0.1-10
- `man scap-security-guide`
- OVAL bug fixes
- NIST 800-53 mappings update
-
Wed Nov 28 2012 Shawn Wells <shawn@redhat.com> 0.1-9
- Updated BuildRequires to reflect python-lxml (thank you, Ray S.!)
- Reverting to noarch RPM
-
Tue Nov 27 2012 Shawn Wells <shawn@redhat.com> 0.1-8
- Significant copy editing to XCCDF rules per community
feedback on the DISA RHEL/6 STIG Initial Draft
-
Thu Nov 01 2012 Shawn Wells <shawn@redhat.com> 0.1-7
- Corrected XCCDF content errors
- OpenSCAP now supports CPE dictionaries, important to
utilize --cpe-dict when scanning machines with OpenSCAP,
e.g.:
$ oscap xccdf eval --profile stig-server \
--cpe-dict ssg-rhel6-cpe-dictionary.xml ssg-rhel6-xccdf.xml
-
Mon Oct 22 2012 Shawn Wells <shawn@redhat.com> 0.1-6
- Corrected RPM versioning, we're on 0.1 release 6 (not version 1 release 6)
- Updated RPM includes feedback received from DoD Consensus meetings
-
Fri Oct 05 2012 Jeffrey Blank <blank@eclipse.ncsc.mil> 1.0-5
- Adjusted installation directory to /usr/share/xml/scap.
-
Tue Aug 28 2012 Spencer Shimko <sshimko@tresys.com> 1.0-4
- Fix BuildRequires and Requires.
-
Tue Jul 03 2012 Jeffrey Blank <blank@eclipse.ncsc.mil> 1.0-3
- Modified install section, made description more concise.
-
Thu Apr 19 2012 Spencer Shimko <sshimko@tresys.com> 1.0-2
- Minor updates to pass some variables in from build system.
-
Mon Apr 02 2012 Shawn Wells <shawn@redhat.com> 1.0-1
- First attempt at SSG RPM. May ${deity} help us...