Issued at: 2023-02-22
Updated at: 2023-02-22
Synopsis
scap-security-guide bug fix and enhancement update
Description
The scap-security-guide project provides a guide for configuration of the system from the final system's security point of view. The guidance is specified in the
Security Content Automation Protocol (SCAP) format and constitutes a catalog of practical hardening advice, linked to government requirements where applicable.
The project bridges the gap between generalized policy requirements and specific implementation guidelines.
Bug Fix(es) and Enhancement(s):
* [SCAP] PCI-DSS Rsyslog log files related rules fails for Rsyslog 8 RainerScript syntax (BZ#2168050)
* DISA STIG: SCAP kerberos related findings after realm join (BZ#2168054)
* file_permissions_sshd_private_key is not aligned with DISA STIG benchmark (BZ#2168057)
* audit_rules_usergroup_modification_shadow don't remediate existing audit rule (BZ#2168060)
* Rules concerning audit check for content of specific files, and not /etc/audit/audit.rules ( ex xccdf_org.ssgproject.content_rule_audit_immutable_login_uids) (BZ#2168063)
* The stig rule xccdf_org.ssgproject.content_rule_sudo_require_reauthentication fails due to space in in the "timestamp_timeout" value (BZ#2168066)
* Some rules have proper STIG references but they are not part of STIG profile (BZ#2168069)
* Two CIS Level 2 Benchmarks are listed in scap-security-guide under CIS Level 1 Profile (BZ#2168072)
* Update Rocky Linux8 DISA STIG profile to V1R9 (BZ#2168075)
* Rebase SSG to the latest upstream version in Rocky Linux 8.8 (BZ#2168079)