[ol8_appstream] scap-security-guide-0.1.66-2.0.1.el8_7.noarch

The scap-security-guide project provides a guide for configuration of the
system from the final system's security point of view. The guidance is specified
in the Security Content Automation Protocol (SCAP) format and constitutes
a catalog of practical hardening advice, linked to government requirements
where applicable. The project bridges the gap between generalized policy
requirements and specific implementation guidelines. The system
administrator can use the oscap CLI tool from openscap-scanner package, or the
scap-workbench GUI tool from scap-workbench package to verify that the system
conforms to provided guideline. Refer to scap-security-guide(8) manual page for
further information.

Changelog (Show File list) (Show related packages)

• Mon Feb 27 2023 Edgar Aguilar <edgar.aguilar@oracle.com> - 0.1.66-2.0.1

  - Update rules dealing with sshd_config to look into files added to the include
   keyword [Orabug: 34893225]
  - Update remediation in sebool_secure_mode_insmod which wasn't letting the system boot when
   running anssi-high profile [Orabug: 34893225]
  - Update OL stig profile rule selection remove sshd_disable_compression [Orabug: 35017186]
  - Introduce new rules, sshd_use_approved_kex_ordered_stig, configure_bashrc_tmux,
   configure_tmux_lock_keybinding [Orabug: 35017186]
  - Update rules modifying pam files to handle /etc/pam.d/system-auth precedence over
   other configuration files [Orabug: 35017186]
  - Update version of stig profiles to V1R5 [Orabug: 35017186]

• Mon Feb 13 2023 Watson Sato <wsato@redhat.com> - 0.1.66-2

  - Unselect rule logind_session_timeout (RHBZ#2168079)

• Mon Feb 06 2023 Watson Sato <wsato@redhat.com> - 0.1.66-1

  - Rebase to a new upstream release 0.1.66 (RHBZ#2168079)
  - Update RHEL8 STIG profile to V1R9 (RHBZ#2168075)
  - Fix levels of CIS rules (RHBZ#2168072)
  - Remove unused RHEL8 STIG control file (RHBZ#2168069)
  - Fix handling of space in sudo_require_reauthentication (RHBZ#2168066)
  - Add rule for audit immutable login uids (RHBZ#2168063)
  - Fix remediation of audit watch rules (RHBZ#2168060)
  - Align file_permissions_sshd_private_key with DISA Benchmark (RHBZ#2168057)
  - Fix applicability of kerberos rules (RHBZ#2168054)
  - Add support rainer scripts in rsyslog rules (RHBZ#2168050)

• Wed Aug 17 2022 Watson Sato <wsato@redhat.com> - 0.1.63-4

  - Fix check of enable_fips_mode on s390x (RHBZ#2070564)

• Mon Aug 15 2022 Watson Sato <wsato@redhat.com> - 0.1.63-3

  - Fix Ansible partition conditional (RHBZ#2032403)

• Wed Aug 10 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-2

  - aligning with the latest STIG update (RHBZ#2112937)
  - OSPP: use Authselect minimal profile (RHBZ#2117192)
  - OSPP: change rules for protecting of boot (RHBZ#2116440)
  - add warning about configuring of TCP queues to rsyslog_remote_loghost (RHBZ#2078974)
  - fix handling of Defaults clause in sudoers (RHBZ#2083109)
  - make rules checking for mount options of /tmp and /var/tmp applicable only when the partition really exists (RHBZ#2032403)
  - fix handling of Rsyslog include directives (RHBZ#2075384)

• Mon Aug 01 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-1

  - Rebase to a new upstream release 0.1.63 (RHBZ#2070564)

• Wed Jun 01 2022 Matej Tyc <matyc@redhat.com> - 0.1.62-1

  - Rebase to a new upstream release (RHBZ#2070564)

• Tue May 17 2022 Watson Sato <wsato@redhat.com> - 0.1.60-9

  - Fix validation of OVAL 5.10 content (RHBZ#2079241)
  - Fix Ansible sysctl remediation (RHBZ#2079241)

• Tue May 03 2022 Watson Sato <wsato@redhat.com> - 0.1.60-8

  - Update to ensure a sysctl option is not defined in multiple files (RHBZ#2079241)
  - Update RHEL8 STIG profile to V1R6 (RHBZ#2079241)