[ol8_appstream] scap-security-guide-0.1.66-2.0.5.el8.noarch

Name:	scap-security-guide
Version:	0.1.66
Release:	2.0.5.el8
Architecture:	noarch
Group:	Applications/System
Size:	154257745
License:	BSD-3-Clause
RPM:	scap-security-guide-0.1.66-2.0.5.el8.noarch.rpm
Source RPM:	scap-security-guide-0.1.66-2.0.5.el8.src.rpm
Build Date:	Wed Aug 16 2023
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://github.com/ComplianceAsCode/content/
Summary:	Security guidance and baselines in SCAP formats
Description:	The scap-security-guide project provides a guide for configuration of the system from the final system's security point of view. The guidance is specified in the Security Content Automation Protocol (SCAP) format and constitutes a catalog of practical hardening advice, linked to government requirements where applicable. The project bridges the gap between generalized policy requirements and specific implementation guidelines. The system administrator can use the oscap CLI tool from openscap-scanner package, or the scap-workbench GUI tool from scap-workbench package to verify that the system conforms to provided guideline. Refer to scap-security-guide(8) manual page for further information.

Changelog (Show File list) (Show related packages)

Thu Aug 10 2023 Edgar Aguilar <edgar.aguilar@oracle.com> - 0.1.66-2.0.5

- Update STIG rule selection [Orabug: 35663552]
- Update STIG id references so all rules in STIG profile have a STIG ID assigned
  and only those [Orabug: 35663552]
- Add automation content for file_permission_user_init_files [Orabug: 35663552]
- Update applicability of rules bios_enable_execution_restrictions, service_rngd_enabled
  logind_session_timeout & sysctl_kernel_kexec_load_disabled [Orabug: 35663552]
- Fix issue when adding entries in fstab of type iso9660. When running a STIG remediation
  there were wrong entries being added to fstab when there were a cdrom mounted
  [Orabug: 35663552]
- Update url for remote content when using --fetch-remote-resources. This frees up
  some memory due to more specific OVAL checks [Orabug: 35663552]
- Update ssh MACs and Ciphers allowed by STIG profile [Orabug: 35663552]
- Update references to reflect STIG V1R7 compliance [Orabug: 35663552]
- Fix unreachable code in sssd_enable_smartcards bash remediation [Orabug: 35663552]
- Update regex to better find included files in sshd_config [Orabug: 35663552]

Tue May 16 2023 Federico Ramírez <federico.r.ramirez@oracle.com> - 0.1.66-2.0.4
```
- Bump release version so it is not the same as for OL8.7 [JIRA: OLDIS-23758]
```

Tue May 16 2023 Federico Ramírez <federico.r.ramirez@oracle.com> - 0.1.66-2.0.3

- Fix ansible to content to manage correctly binary dirs when they have hardlinks. And
  manage correctly fstab entries where the mount point has a blank space in mount
  point [Orabug: 35338979]
- Update OVAL content to allow spaces in postfix configuration. And recognize locked
  accounts with hashed password in /etc/passwd [Orabug: 35338979]
- Add rule package_mailx_installed and ensure_oracle_gpgkey_installed to stig profile
  to cover new STIG ids OL08-00-010358 and OL08-00-010019 [Orabug: 35338979]
- Update references to reflect STIG V1R6 compliance [Orabug: 35338979]
- Update bash condition to recognize uefi applicability [Orabug: 35338979]

Fri Mar 31 2023 Federico Ramírez <federico.r.ramirez@oracle.com> - 0.1.66-2.0.2

- Introduce a new OVAL macro to consistently identify interactive users [Orabug: 35214522]
- Update accounts_user_dot_no_world_writable_programs rule to look for
 initialization files on the user's homedirs only and to prevent the search for
 world-writables to descend to other file systems [Orabug: 35214522]

Mon Feb 27 2023 Edgar Aguilar <edgar.aguilar@oracle.com> - 0.1.66-2.0.1

- Update rules dealing with sshd_config to look into files added to the include
 keyword [Orabug: 34893225]
- Update remediation in sebool_secure_mode_insmod which wasn't letting the system boot when
 running anssi-high profile [Orabug: 34893225]
- Update OL stig profile rule selection remove sshd_disable_compression [Orabug: 35017186]
- Introduce new rules, sshd_use_approved_kex_ordered_stig, configure_bashrc_tmux,
 configure_tmux_lock_keybinding [Orabug: 35017186]
- Update rules modifying pam files to handle /etc/pam.d/system-auth precedence over
 other configuration files [Orabug: 35017186]
- Update version of stig profiles to V1R5 [Orabug: 35017186]

Mon Feb 13 2023 Watson Sato <wsato@redhat.com> - 0.1.66-2
```
- Unselect rule logind_session_timeout (RHBZ#2158404)
```

Mon Feb 06 2023 Watson Sato <wsato@redhat.com> - 0.1.66-1

- Rebase to a new upstream release 0.1.66 (RHBZ#2158404)
- Update RHEL8 STIG profile to V1R9 (RHBZ#2152658)
- Fix levels of CIS rules (RHBZ#2162803)
- Remove unused RHEL8 STIG control file (RHBZ#2156192)
- Fix accounts_password_pam_unix_remember's check and remediations (RHBZ#2153547)
- Fix handling of space in sudo_require_reauthentication (RHBZ#2152208)
- Add rule for audit immutable login uids (RHBZ#2151553)
- Fix remediation of audit watch rules (RHBZ#2119356)
- Align file_permissions_sshd_private_key with DISA Benchmark (RHBZ#2115343)
- Fix applicability of kerberos rules (RHBZ#2099394)
- Add support rainer scripts in rsyslog rules (RHBZ#2072444)

Tue Jan 10 2023 Watson Sato <wsato@redhat.com> - 0.1.63-5

- Update RHEL8 STIG profile to V1R8 (RHBZ#2148446)
- Add rule warning for sysctl IPv4 forwarding config (RHBZ#2118758)
- Fix remediation for firewalld_sshd_port_enabled (RHBZ#2116474)
- Fix compatibility with Ansible 2.14

Wed Aug 17 2022 Watson Sato <wsato@redhat.com> - 0.1.63-4
```
- Fix check of enable_fips_mode on s390x (RHBZ#2070564)
```
Mon Aug 15 2022 Watson Sato <wsato@redhat.com> - 0.1.63-3
```
- Fix Ansible partition conditional (RHBZ#2032403)
```