From c2ab56834853550dc83070b643be6c536983a3b9 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 21 Feb 2023 07:06:44 +0000 Subject: [PATCH] import scap-security-guide-0.1.66-2.el8_7 --- ...lld_sshd_port_enabled_tests-PR_10162.patch | 2 +- ...de-0.1.67-pwhistory_control-PR_10175.patch | 2 +- ...ssion_timeout_from_profiles-PR_10202.patch | 2 +- ..._files_permissions_template-PR_10139.patch | 2 +- ...log_files_rules_remediations-PR_9789.patch | 2 +- SPECS/scap-security-guide.spec | 29 +++++++------------ 6 files changed, 16 insertions(+), 23 deletions(-) diff --git a/SOURCES/scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch b/SOURCES/scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch index 4c6024e..625ed24 100644 --- a/SOURCES/scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch +++ b/SOURCES/scap-security-guide-0.1.67-firewalld_sshd_port_enabled_tests-PR_10162.patch @@ -1,4 +1,4 @@ -From f9a787045807d22b0bca3d028f265cb6f87f681c Mon Sep 17 00:00:00 2001 +From 5e28d4aa823560545e6b49d58e55aecb572f6bd9 Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Tue, 7 Feb 2023 10:53:18 +0100 Subject: [PATCH 4/5] Change custom zones check in firewalld_sshd_port_enabled diff --git a/SOURCES/scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch b/SOURCES/scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch index 5e4db7f..42c969d 100644 --- a/SOURCES/scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch +++ b/SOURCES/scap-security-guide-0.1.67-pwhistory_control-PR_10175.patch @@ -1,4 +1,4 @@ -From a8236abf709c577152cb96876fcc27c8cf173e66 Mon Sep 17 00:00:00 2001 +From 8a0670168b1b8278bb943d8f48acbd728905deb7 Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Wed, 8 Feb 2023 14:42:32 +0100 Subject: [PATCH 5/5] Accept required and requisite control flag for diff --git a/SOURCES/scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch b/SOURCES/scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch index 378e699..52c00b7 100644 --- a/SOURCES/scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch +++ b/SOURCES/scap-security-guide-0.1.67-remove_logind_session_timeout_from_profiles-PR_10202.patch @@ -1,4 +1,4 @@ -From 775dec7b479f9fa900fa46d174b202efc14407fa Mon Sep 17 00:00:00 2001 +From 96ef6ed5f2e74b83c366c9704b37904731e526a1 Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Mon, 13 Feb 2023 11:14:40 +0100 Subject: [PATCH 6/6] remove rule logind_session_timeout and associated diff --git a/SOURCES/scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch b/SOURCES/scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch index 62167c2..a90c93a 100644 --- a/SOURCES/scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch +++ b/SOURCES/scap-security-guide-0.1.67-rsyslog_files_permissions_template-PR_10139.patch @@ -1,4 +1,4 @@ -From b09bf3ad8acd82003f068f0d8f60a44f04092656 Mon Sep 17 00:00:00 2001 +From 639ae28966832df2300fc486f493225e1e9aa87b Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Tue, 7 Feb 2023 10:53:17 +0100 Subject: [PATCH 3/5] Extends rsyslog_logfiles_attributes_modify template for diff --git a/SOURCES/scap-security-guide-0.1.67-rsyslog_files_rules_remediations-PR_9789.patch b/SOURCES/scap-security-guide-0.1.67-rsyslog_files_rules_remediations-PR_9789.patch index 161299f..9543446 100644 --- a/SOURCES/scap-security-guide-0.1.67-rsyslog_files_rules_remediations-PR_9789.patch +++ b/SOURCES/scap-security-guide-0.1.67-rsyslog_files_rules_remediations-PR_9789.patch @@ -1,4 +1,4 @@ -From be0ffb00c4911eb6b6478525e27e494809ce44ea Mon Sep 17 00:00:00 2001 +From 7d188e88ef47a50714b127658b4138540af8396c Mon Sep 17 00:00:00 2001 From: Watson Sato Date: Tue, 7 Feb 2023 10:53:17 +0100 Subject: [PATCH 2/5] Rsyslog files rules remediations diff --git a/SPECS/scap-security-guide.spec b/SPECS/scap-security-guide.spec index a5b2b91..3d035b5 100644 --- a/SPECS/scap-security-guide.spec +++ b/SPECS/scap-security-guide.spec @@ -133,26 +133,19 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name %changelog * Mon Feb 13 2023 Watson Sato - 0.1.66-2 -- Unselect rule logind_session_timeout (RHBZ#2158404) +- Unselect rule logind_session_timeout (RHBZ#2168079) * Mon Feb 06 2023 Watson Sato - 0.1.66-1 -- Rebase to a new upstream release 0.1.66 (RHBZ#2158404) -- Update RHEL8 STIG profile to V1R9 (RHBZ#2152658) -- Fix levels of CIS rules (RHBZ#2162803) -- Remove unused RHEL8 STIG control file (RHBZ#2156192) -- Fix accounts_password_pam_unix_remember's check and remediations (RHBZ#2153547) -- Fix handling of space in sudo_require_reauthentication (RHBZ#2152208) -- Add rule for audit immutable login uids (RHBZ#2151553) -- Fix remediation of audit watch rules (RHBZ#2119356) -- Align file_permissions_sshd_private_key with DISA Benchmark (RHBZ#2115343) -- Fix applicability of kerberos rules (RHBZ#2099394) -- Add support rainer scripts in rsyslog rules (RHBZ#2072444) - -* Tue Jan 10 2023 Watson Sato - 0.1.63-5 -- Update RHEL8 STIG profile to V1R8 (RHBZ#2148446) -- Add rule warning for sysctl IPv4 forwarding config (RHBZ#2118758) -- Fix remediation for firewalld_sshd_port_enabled (RHBZ#2116474) -- Fix compatibility with Ansible 2.14 +- Rebase to a new upstream release 0.1.66 (RHBZ#2168079) +- Update RHEL8 STIG profile to V1R9 (RHBZ#2168075) +- Fix levels of CIS rules (RHBZ#2168072) +- Remove unused RHEL8 STIG control file (RHBZ#2168069) +- Fix handling of space in sudo_require_reauthentication (RHBZ#2168066) +- Add rule for audit immutable login uids (RHBZ#2168063) +- Fix remediation of audit watch rules (RHBZ#2168060) +- Align file_permissions_sshd_private_key with DISA Benchmark (RHBZ#2168057) +- Fix applicability of kerberos rules (RHBZ#2168054) +- Add support rainer scripts in rsyslog rules (RHBZ#2168050) * Wed Aug 17 2022 Watson Sato - 0.1.63-4 - Fix check of enable_fips_mode on s390x (RHBZ#2070564)