[ol9_appstream] scap-security-guide-0.1.66-1.0.3.el9_1.noarch

The scap-security-guide project provides a guide for configuration of the
system from the final system's security point of view. The guidance is specified
in the Security Content Automation Protocol (SCAP) format and constitutes
a catalog of practical hardening advice, linked to government requirements
where applicable. The project bridges the gap between generalized policy
requirements and specific implementation guidelines. The system
administrator can use the oscap CLI tool from openscap-scanner package, or the
scap-workbench GUI tool from scap-workbench package to verify that the system
conforms to provided guideline. Refer to scap-security-guide(8) manual page for
further information.

Changelog (Show File list) (Show related packages)

• Mon Apr 10 2023 Edgar Aguilar <edgar.aguilar@oracle.com> - 0.1.66-1.0.3

  - Fix the stig_gui profile so it actually allows a GUI installation [Orabug: 35275834]

• Fri Mar 31 2023 Edgar Aguilar <edgar.aguilar@oracle.com> - 0.1.66-1.0.2

  - Introduce a new OVAL macro to consistently identify interactive users [Orabug: 35214522]
  - Update accounts_user_dot_no_world_writable_programs rule to look for
   initialization files on the user's homedirs only and to prevent the search for
   world-writables to descend to other file systems [Orabug: 35214522]
  - Update rule selection in OL9 stig profile [Orabug: 35246363]

• Tue Feb 28 2023 Edgar Aguilar <edgar.aguilar@oracle.com> - 0.1.66-1.0.1

  - Rebase to RHEL release 0.1.66-1

• Mon Feb 13 2023 Watson Sato <wsato@redhat.com> - 0.1.66-1

  - Rebase to a new upstream release 0.1.66 (RHBZ#2169443)
  - Fix remediation of audit watch rules (RHBZ#2169441)
  - Fix check firewalld_sshd_port_enabled (RHBZ#2169443)
  - Fix accepted control flags for pam_pwhistory (RHBZ#2169443)
  - Unselect rule logind_session_timeout (RHBZ#2169443)
  - Add support rainer scripts in rsyslog rules (RHBZ#2169445)

• Thu Aug 25 2022 Gabriel Becker <ggasparb@redhat.com> - 0.1.63-5

  - OSPP: fix rule related to coredump (RHBZ#2081688)

• Tue Aug 23 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-4

  - use sysctl_kernel_core_pattern rule again in RHEL9 OSPP (RHBZ#2081688)

• Thu Aug 11 2022 Matej Tyc <matyc@redhat.com> - 0.1.63-3

  - Readd rules to the benchmark to be compatible across all minor versions of RHEL9 (RHBZ#2117669)

• Wed Aug 10 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-2

  - OSPP: utilize different audit rule set for different hardware platforms (RHBZ#1998583)
  - OSPP: update rules related to coredumps (RHBZ#2081688)
  - OSPP: update rules related to BPF (RHBZ#2081728)
  - fix description of require_singleuser_mode (RHBZ#2092799)
  - fix remediation of OpenSSL cryptopolicy (RHBZ#2108569)
  - OSPP: use minimal Authselect profile(RHBZ#2114979)

• Mon Aug 01 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-1

  - Rebase to a new upstream release 0.1.63 (RHBZ#2070563)

• Mon Jul 18 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.62-2

  - Remove sysctl_fs_protected_* rules from RHEL9 OSPP (RHBZ#2081719)
  - Make rule audit_access_success_ unenforcing in RHEL9 OSPP (RHBZ#2058154)
  - Drop zipl_vsyscall_argument rule from RHEL9 OSPP profile (RHBZ#2060049)
  - make sysctl_user_max_user_namespaces in RHEL9 OSPP (RHBZ#2083716)
  - Remove some sysctl rules  related to network from RHEL9 OSPP (RHBZ#2081708)
  - Add rule to check if Grub2 recovery is disabled to RHEL9 OSPP (RHBZ#2092809)
  - Add rule grub2_systemd_debug-shell_argument_absent (RHBZ#2092840)
  - Remove rule accounts_password_minlen_login_defs from all profiles (RHBZ#2073040)
  - Remove rules related to remove logging from RHEL9 OSPP (RHBZ#2105016)
  - Remove sshd_enable_strictmodes from OSPP (RHBZ#2105278)
  - Remove rules related to NIS services (RHBZ#2096602)
  - Make rule stricter when checking for FIPS crypto-policies (RHBZ#2057082)