ELBA-2023-12392
- ULN >
- Oracle Linux Errata repository >
- ELBA-2023-12392
ELBA-2023-12392 - scap-security-guide bug fix update
| Type: | BUG |
| Severity: | NA |
| Release Date: | 2023-06-12 |
Description
[0.1.66-1.0.5]
- Fix url to remote oval definitions [Orabug: 35441381]
- Update rules about password aging so they take into account empty string
passwords [Orabug: 35450273]
- Update jinja conditionals in source, so built contents include all expected
strings/code [Orabug: 35450273]
- Update regex in OVAL of rule postfix_prevent_unrestricted_relay to allow
multiple compliant scenarios [Orabug: 35446144]
- Add OVAL, Bash and ansible to rule file_permission_user_init_files [Orabug: 35450273]
- Update vendor references to mention Oracle and Oracle Linux [Orabug: 35450273]
[0.1.66-1.0.3]
- Introduce a new OVAL macro to consistently identify interactive users [Orabug: 35214522]
- Update accounts_user_dot_no_world_writable_programs rule to look for
initialization files on the user's homedirs only and to prevent the search for
world-writables to descend to other file systems [Orabug: 35214522]
- Align the OL7 stig profile with latest DISA release v2r11 [Orabug: 35334374]
[0.1.66-1.0.1]
- Rebase to a new Red Hat errata 0.1.66-1 [Orabug: 35165879]
- Sync OL7 stig profile with DISA STIG v2r10 [Orabug: 35049052]
- Update rhel7 project profiles to use oracle gpgkey [Orabug: 33612582]
- Update rhel7 profiles to generate Oracle Linux 7 content [Orabug: 33612582]
- Update source to generate Oracle Linux 7 content [Orabug: 33612582]
- Use separate rule for each audit syscall in pci-dss profile [Orabug: 33612582]
- Add ntpd and chronyd OL approved servers support [Orabug: 33612582]
- Add UEFI boot loader rules to Oracle Linux 7 profiles [Orabug: 33612582]
- Fix OL7 mapping in stable_profile_ids test [Orabug: 33612582]
- Update OL7 Essential Eight profile [Orabug: 33612582]
- Disable cis profile [Orabug: 33612582]
- Disable new CIS and stig_gui profiles for RHEL7 product [Orabug: 34195638]
- Update regex for audit_rules_suid_privilege_function rule [Orabug: 34664858]
[0.1.66-1]
- Rebase to a new upstream release 0.1.66 (RHBZ#2158410)
- Update RHEL7 STIG profile to V3R10 (RHBZ#2152657)
- Align file_permissions_sshd_private_key with DISA Benchmark (RHBZ#2123284)
- Fix remediation of audit watch rules (RHBZ#2123367)
- Fix check firewalld_sshd_port_enabled (RHBZ#2158410)
- Fix accepted control flags for pam_pwhistory (RHBZ#2158410)
- Unselect rule logind_session_timeout (RHBZ#2158410)
- Add support rainer scripts in rsyslog rules (RHBZ#2170038)
[0.1.63-1]
- Update to the latest upstream release (RHBZ#2116359)
- Fix SSH Key permissions (RHBZ#2021258)
- Remove PCI-DSS Benchmark(RHBZ2038165)
- Updated source of CVE data feed(RHBZ#2028432)
- Improved alignment with DISA's RHEL7 STIG(RHBZ#1967950)
- Update RHEL7 STIG profile to v3r8 (RHBZ#2112939)
- Add warning how to override audit buffer (RHBZ#1993822)
- Fix smartcard_auth rule for systems installed without authconfig (RHBZ#2116359)
- Fix check of enable_fips_mode on s390x (RHBZ#2116359)
- Fix applicability of pam_pkcs11 and grub2 rules on s390x (RHBZ#2116359)
[0.1.57-8]
- Remove warning how to override audit buffer (RHBZ#1993822)
[0.1.57-7]
- Add warning how to override audit buffer (RHBZ#1993822)
- Fix name of antivirus package in STIG profile (RHBZ#2066321)
- Update RHEL7 DISA STIG profile to v3r7 (RHBZ#2079217)
[0.1.57-6]
- Fix bash remediation of sudo_require_reauthentication (RHBZ#2049532)
[0.1.57-5]
- Update RHEL7 DISA STIG profile to v3r6 (RHBZ#2049532)
[0.1.57-4]
- Update RHEL7 DISA STIG profile to v3r5 (RHBZ#1996678)
[0.1.57-3]
- Fix broken SELinux documentation links (RHBZ#1996678)
[0.1.57-2]
- Fix auditd_overflow_action configuration path for RHEL7 (RHBZ#1996678)
[0.1.57-1]
- Rebase to the 0.1.57 upstream release
- Update RHEL7 DISA STIG profile to v3r4 (RHBZ#1996678)
- Split CIS profile (RHBZ#1953787)
[0.1.54-7]
- Generate HTML STIG reference tables also for stig_gui profile (RHBZ#1958789)
[0.1.54-6]
- Add kickstart files for RHEL 7 stig and stig_gui profiles (RHBZ#1958789)
[0.1.54-5]
- Create subpackage to hold ansible playbooks per rule (RHBZ#1966589)
- Fix Bash remediation of dconf_gnome_login_retries (RHBZ#1967566)
[0.1.54-4]
- Update RHEL 7 STIG profile to V3R3 (RHBZ#1958789)
- Update ANSSI High Profile (RHBZ#1955180)
[0.1.54-3]
- Realign PCI-DSS rules selection to v0.1.54 (RHBZ#1497415)
[0.1.54-2]
- Remove Kickstart for not shipped profile (RHBZ#1497415)
- Fix STIG id reference format for sshd_x11_use_localhost (RHBZ#1921643)
[0.1.54-1]
- Rebase to incorporate ANSSI Profile (RHBZ#1497415)
- Update RHEL7 STIG profile to V3R2 (RHBZ#1921643)
- Add Minimal, Intermediary and Enhanced ANSSI Profiles (RHBZ#1497415)
[0.1.52-2]
- Update RHEL7 DISA STIG to V3R1 (RHBZ#1665233)
[0.1.52-1]
- Update to the latest upstream release (RHBZ#1665233)
- Update RHEL7 DISA STIG to V2R8 (RHBZ#1665233)
[0.1.49-13]
- Add example kickstart for RHEL7 HIPAA (RHBZ#1513087)
- Fix Test Suite to run on Python3
[0.1.49-12]
- CIS Profile (RHBZ#1821633)
- Make sure boot target is multi-user.target when xorg package is removed
- Add CIS Profile content attribution to Center for Internet Security
[0.1.49-11]
- HIPAA Profile improvement (RHBZ#1513087)
- Add Ansible remediation for audit_rules_system_shutdown
[0.1.49-10]
- CIS Profile fixes (RHBZ#1821633)
- Fix Ansible mount_option template
- Re-order rpm_verify_permissions to avoid file permission conflicts
[0.1.49-9]
- CIS Profile fixes (RHBZ#1821633)
- Fix Ansible mount_option template
- Add Ansible for ensure_logrotate_activated
- Add warnings to rpm_verify_permissions and ownership about findindings that may need further inspection
[0.1.49-8]
- Fix specfile to apply patch (RHBZ#1691877)
[0.1.49-7]
- Bug fixes on CIS profile (RHBZ#1821633)
Added Ansible remediations
Fixed CIS references
Fixed integration issues with CIS profile
[0.1.49-6]
- Added a patch fixing audit_rules_privileged_commands (RHBZ#1691877)
[0.1.49-5]
- Added a patch fix for sshd_allow_protocol_2 (RHBZ#1823576)
[0.1.49-5]
- Added a patch warning about non-local users/groups are not considered by some rules (RHBZ#1721439, RHBZ#1544765, RHBZ#1829743)
[0.1.49-4]
- Fix removable media options rules (RHBZ#1691579)
[0.1.49-3]
- Add new rules and references for RHEL7 CIS (RHBZ#1821633)
[0.1.49-2]
- Fix remediation of dconf_gnome_login_banner_text (RHBZ#1776780)
- Fix misleading sysctl rules description (RHBZ#1494606)
- Update STIG FIPS approved SSHD ciphers (RHBZ#1781244)
[0.1.49-1]
- Update to the latest upstream release (RHBZ#1815008)
[0.1.46-11]
- Ship RHEL 8 content (RHBZ#1777862)
[0.1.46-10]
- Added missing CCE for rule sudo_require_authentication. (RHBZ#1755192)
- fix check and remediation for rule aide_periodic_cron_checking (RHBZ#1658036)
[0.1.46-9]
- Fixed missing CCE for OSPP, E8 and STIG profiles. (RHBZ#1726698)
- Added kickstart file for the Essential Eight (e8) profile. (RHBZ#1755192)
[0.1.46-8]
- Fix an omission on backporting the patch which fixes krb_sec rule. (RHBZ#1726698)
[0.1.46-7]
- Added support for the Essential Eight (e8) profile. (RHBZ#1755192)
- Fixed issues with sshd rules used in the e8 profile. (RHBZ#1755192)
[0.1.46-6]
- Updated ansible playbooks to use modules in favor of shell. (RHBZ#1726698)
- Removed rule directory_access_var_log_audit from OSPP profile. (RHBZ#1726698)
- Fixed ansible playbooks failing when running in --check mode. (RHBZ#1726698)
[0.1.46-5]
- Fixed grub2_enable_fips_mode rule when installing RHEL on machines with AES-enabled processors. (RHBZ#1754532)
[0.1.46-4]
- Fix evaluation and remediation of audit rules in PCI-DSS profile (RHBZ#1754550)
- Fixed mtab handling of remediation of /dev/shm/noexec (RHBZ#1754553)
[0.1.46-3]
- Made the cmake product selection future-proof. (RHBZ#1726698)
[0.1.46-2]
- Fix rules file_permissions_unauthorized_suid and sgid (RHBZ#1693026)
[0.1.46-1]
- Update to the latest upstream release 0.1.46 (RHBZ#1726698)
[0.1.45-2]
- Added a patch not to build SCAP 1.2 datastreams, only SCAP 1.3 (RHBZ#1726698)
[0.1.45-1]
- Update to the latest upstream release (RHBZ#1726698)
[0.1.43-13]
- Fixed the shared dconf bash remediation (RHBZ#1631378)
[0.1.43-12]
- Make aide and smart card rules not applicable to containers (RHBZ#1711893)
- Added rule dconf_db_up_to_date to ensure dconf databases are up-to-date (RHBZ#1631378)
[0.1.43-11]
- Remove faulty dconf_use_text_backend rule from all profiles (Reverts RHBZ#1631378)
[0.1.43-10]
- Fixed Ansible remediation for sssd_ssh_known_hosts_timeout (RHBZ#1599179)
[0.1.43-9]
- Fixed missing Ansible tags and platform checks (RHBZ#1685950)
[0.1.43-8]
- Fixed OVAL check for sssd_ssh_known_hosts_timeout and added bash remediation (RHBZ#1599179)
[0.1.43-7]
- Fix handling of package CPE during generation of Ansible playbooks (RHBZ#1647189)
[0.1.43-6]
- Deduplicated more CCEs assigned to rules (RHBZ#1703092)
[0.1.43-5]
- Remove ensure_gpgcheck_repo_metadata rule from profiles (RHBZ#1703010)
- Deduplicate CCE assigned to rules (RHBZ#1703092)
[0.1.43-4]
- Mark SELinux rules as machine only (RHBZ#1630739)
- Mark service disabled rules as machine only (RHBZ#1630739)
[0.1.43-3]
- Mark rules which were not applicable for containers as machine only (RHBZ#1630739)
- Fix content support for UBI-Minimal (RHBZ#1695213)
[0.1.43-2]
- Fixes for smooth Ansible playbooks run (RHBZ#1647189)
- Fix Ansible template for file permissions (RHBZ#1686007)
- Fix remediation of rule rpm_verify_permissions (RHBZ#1686005)
- Fix remediation of audit rules for privileged commands (RHBZ#1687826)
[0.1.43-1]
- Update to the latest upstream release (RHBZ#1684545)
[0.1.40-12]
- Fix malformed patch for removal of abrt and sendmail (RHBZ#1619689)
[0.1.40-11]
- Fixes for RHBZ#1619689:
- Added support for kernel parameters yama.ptrace_scope, kptr_restrict, dmesg_restrict and kexec_load_disabled.
- Added support for boot parameters audit_backlog_limit=8192, slub_debug=P, page_poison=1 and vsyscall=none.
- Added support for proper /dev/shm handling (noexec,nosuid,nodev,mode=1777)
- Added support for checking that sendmail and abrt are not installed.
- Introduced OSPP to the OSPP profile title.
- Disabled linkcheck tests during the build.
[0.1.40-10]
- Fix regression in file ownership and group OVAL. (RHBZ#1570802)
[0.1.40-9]
- Fix malformed patch for Audit Rules (RHBZ#1619689)
[0.1.40-8]
- Add Bash remediation for rule grub2_audit_arguments (RHBZ#1619689)
- Allow remediation for rule dconf_gnome_screensaver_lock_delay to fix commented settings (RHBZ#1609122)
- Select missing audit rules for privileged commands for OSPP4.2 Profile (RHBZ#1619689)
[0.1.40-7]
- Fixed previously applied patches for OSPP 4.2 (RHBZ#1619689)
[0.1.40-6]
- Applied a batch of patches that improve OSPP 4.2 profile support for RHEL7 (RHBZ#1619689)
- Fixed the xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_lock_enabled check (RHBZ#1609122)
[0.1.40-5]
- Re-fix FIPS patch. (RHBZ#1587911)
[0.1.40-4]
- Applied a batch of patches that improve OSPP 4.2 profile support for RHEL7 (RHBZ#1619689)
[0.1.40-3]
- Don't generate remediations for Anaconda for /dev/cdrom mount point (RHBZ#1618840)
- Install dracut-fips when fips mode is enabled in the profile (RHBZ#1587911)
[0.1.40-2]
- Don't generate remediations for Anaconda for /dev/shm mount point (RHBZ#1570956)
[0.1.40-1]
- Update to upstream release 0.1.40
- Underlying code has been deduplicated and unified, which fixes countless subtle bugs.
- Updated Ansible playbooks, so they don't use deprecated constructs.
- Service disable family of rules take the corresponding socket deactivation into account if applicable in check and in remediations.
[0.1.39-2]
- Fix configuration to not build new products introduced in upstream
- Test package with ctest
[0.1.39-1]
- Update to upstream release 0.1.39
- Profile IDs simplified
- Common Profile removed in favor of Standard Profile
- RHEL7 STIG reference updated to V1R4
- RHEL6 STIG reference updated to V1R18
- New License - BSD-3 Clause
- Several remediation fixes
- Better content support for DISA STIG Viewer (#2418)
[0.1.36-7]
- Fix sshd_required unset (RHBZ#1522956)
- Fix missing bash remediation functions include (RHBZ#1524738)
- Fix empty columns in SRG HTML Table (RHBZ#1531105)
- Fix reference to oudated PAM config manual (RHBZ#1447760)
[0.1.36-6]
- Rebuild with OpenSCAP 1.2.16
[0.1.36-5]
- Patched not to check library ownership in libexec.
- Patched to fix title of DISA STIG profile.
- Patched to deprecate RhostsRSAAuthentication.
- Patched to fix umask_for_daemons.
[0.1.36-4]
- Rebuild with OpenSCAP 1.2.16
[0.1.36-3]
- Add DISA STIG Rule IDs to XCCDF Rules with STIGID
[0.1.36-2]
- Fix configuration to not build new products introduced in upstream
[0.1.36-1]
- Update to upstream release 0.1.36
- Introduction of SCAP Security Guide Test Suite
- Better alignment of RHEL6 and RHEL7 with DISA STIG
- Remove JBoss EAP5 content due to being End-of-Life
- New STIG Profile for JBOSS EAP 6
- Updates in C2S Profile for RHEL 7
- Variables can be directly tailored in Ansible roles
- Content presents less false positives in containers
- Changes in directory layout
[0.1.35-2]
- Do not build content for JBOSS EAP6
[0.1.35-1]
- Update to upstream release 0.1.35
- Remove Red Hat Enterprise Linux 5 content due to being End-of-Life March 31, 2017
- Added several templates for OVAL checks
- Many optimizations in build process
- Different title for PCI-DSS Benchmark variants
- Remediation roles moved to /usr/share/scap-security
- Fix duplicated roles and guides (RHBZ#1465691)
[0.1.33-6]
- Dropped remediation that makes system not accessible by SSH (RHBZ#1478414)
[0.1.33-5]
- Fix Anaconda Smartcard auth remediation (RHBZ#1461330)
[0.1.33-4]
- Fix specfile to not include tables twice
[0.1.33-3]
- Fix malformed title of profile nist-800-171-cui
[0.1.33-2]
- Fix emtpy ospp-rhel7 table
- Fix Anaconda remediation templates (RHBZ#1450731)
[0.1.33-1]
- Update to upstream version 0.1.33
- DISA RHEL7 STIG profile alignment improved
- Introduction of remediation roles
- RPM and DEB test packages are built by CMake with CPack
- Lots of remediation fixes
[0.1.32-1]
- Update to upstream version 0.1.32
- New CMake build system
- Improved NIST 800-171 profile
- Initial RHVH profile
- New CPE to identify systems like machines (bare-metal and VM) and containers (image and container)
- Template clean up in lots of remediations
[0.1.30-6]
- Ship separate OCIL definitions for Red Hat Enterprise Linux 7 (RHBZ#1428144)
[0.1.30-5]
- Fix template remediation function used by SSHD remediation
- Reduce scope of patch that fixes SSHD remediation (RH BZ#1415152)
[0.1.30-4]
- Correct remediation for SSHD which caused it not to start (RH BZ#1415152)
[0.1.30-3]
- Correct the remediation script for 'Enable Smart Card Login' rule
for Red Hat Enterprise Linux 7 (RH BZ#1357019)
[0.1.30-2]
- Fix issue of two STIG profiles for Red Hat Enterprise Linux 6 benchmark
having the identical title (RH BZ#1351541)
- Enhance the shared OVAL check for 'Set Deny For Failed Password Attempts'
rule and also Red Hat Enterprise Linux 7 OVAL check for 'Configure the root
Account for Failed Password Attempts' rule to report correct system status
WRT to these requirements also in the case the SSSD daemon is used
(RH BZ#1344581)
- Include currently available kickstart files and produced HTML tables for
Red Hat Enterprise Linux 6 and 7 products into the produced RPM package
(RH BZ#1351751)
[0.1.30-1]
- Update to upstream's 0.1.30 release:
https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.30
(RH BZ#1289533)
- Drop remediation functions library since starting from 0.1.30 release
remediation scripts are part of the benchmarks directly
- Drop three patches that have been accepted upstream in the meantime
- Update drop-rpm-verify-permissions-rule patch to work properly against
0.1.30 release
[0.1.25-3]
- Drop 'Verify and Correct File Permissions with RPM' rule from the PCI-DSS
profile for Red Hat Enterprise Linux 7 (RH BZ#1267861)
[0.1.25-2]
- Update R and BR for the openscap-scanner package to 1.2.5 per RHBZ#1202762#c7
[0.1.25-1]
- Rebase to upstream 0.1.25 release
[0.1.24-4]
- Fix false-positive in OVAL check for 'accounts_passwords_pam_faillock_deny'
rule
[0.1.24-3]
- Add remediation script for 'accounts_passwords_pam_faillock_unlock_time' rule
for Red Hat Enterprise Linux 7 product
- Override title and description for all existing profiles for Red Hat
Enterprise Linux 6 product that are extending another SCAP profile
(RHBZ#1246529)
- Correct various issues in the included Oscap Anaconda Addon PCI-DSS profile
kickstart file for Red Hat Enterprise Linux 7 product
- Add remediation script for 'audit_rules_time_clock_settime' rule for
Red Hat Enterprise Linux 7 product
- Add remediation scripts for 'audit_rules_time_adjtimex',
'audit_rules_time_settimeofday', and 'audit_rules_time_stime' rules for
Red Hat Enterprise Linux 7 product
- Tag current PCI-DSS profile for Red Hat Enterprise Linux 7 product with
'Draft' label
- Disable the following rules in the PCI-DSS profile for the Red Hat Enterprise
Linux 7 product:
* dconf_gnome_screensaver_idle_delay -- missing remediation script,
* dconf_gnome_screensaver_idle_activation -- missing remediation script,
* dconf_gnome_screensaver_lock_enabled -- missing remediation script,
* audit_rules_login_events -- incorrect OVAL check (upstream issue #607),
* audit_rules_privileged_commands -- missing remediation script, and
* audit_rules_immutable -- missing remediation script.
[0.1.24-2]
- Break-down firewalld rule description for Red Hat Enterprise Linux 7 product
into multiple lines, prevents HTML guide UX issues
[0.1.24-1]
- Rebase to upstream scap-security-guide-0.1.24 version
- Start producing the -doc subpackage to provide the HTML formatted
documents containing security guides generated from shipped XCCDF benchmarks
[0.1.23-1]
- Rebase to upstream scap-security-guide-0.1.23 version
- Update upstream tarball source URL to GitHub archive location
- Drop the following patches that have been accepted upstream:
* scap-security-guide-0.1.19-rhel7-include-only-rht-ccp-profile.patch
* scap-security-guide-0.1.19-rhel7-drop-restorecond-since-in-optional.patch
* scap-security-guide-0.1.19-update-man-page-for-rhel7-content.patch
* scap-security-guide-0.1.19-rhel7-update-pam-XCCDF-to-use-pam_pwquality.patch
* scap-security-guide-0.1.20-rhel7-shared-fix-limit-password-reuse-remediation.patch
* scap-security-guide-0.1.20-rhel6-rhel7-PR#280-set-deny-prerequisite-#1.patch
* scap-security-guide-0.1.20-rhel6-rhel7-set-deny-prerequisite-#2.patch
* scap-security-guide-0.1.20-shared-fix-set-deny-for-failed-password-attempts-remediation.patch
* scap-security-guide-0.1.20-rhel7-specify-exact-profile-name-when-generating-guide.patch
- Include the datastream versions of Firefox and Java Runtime Environment (JRE) benchmarks
- Include USGCB and DISA STIG profile kickstart files for Red Hat Enterprise Linux 6
[0.1.19-2]
- Fix Limit Password Reuse remediation script error
- Fix Set Deny For Failed Password Attempts remediation script error
- Use RHT-CCP profile name when generating HTML guide
- Describe RHT-CCP profile in the manual page
[0.1.19-1]
- Include RHEL-7 content (RHT-CCP profile only)
- Drop RHEL-7 restorecond XCCDF rule since policycoreutils-restorecond in Optional channel
- Drop RHEL-7 cpuspeed XCCDF rule since obsoleted by cpupower from kernel-tools
- Update manual page to be more appropriate for RHEL-7
- Drop RHEL-6 C2S profile update patch since merged upstream
[0.1.18-4]
- Initial build for Red Hat Enterprise Linux 7
[0.1.18-3]
- Update C2S profile
[0.1.18-2]
- Include the upstream STIG for RHEL 6 Server profile disclaimer file too
[0.1.18-1]
- Make new 0.1.18 release
[0.1.17-2]
- Drop vendor line from the spec file. Let the build system to provide it.
[0.1.17-1]
- Upgrade to upstream 0.1.17 version
[0.1.16-2]
- Initial RPM for RHEL base channels
[0.1.16-1]
- Change naming scheme (0.1-16 => 0.1.16-1)
[0.1-16]
- Include datastream file into RHEL6 RPM package too
- Bump version
[0.1-16.rc2]
+ RHEL6 stig-rhel6-server XCCDF profile renamed to stig-rhel6-server-upstream
[0.1-16.rc1]
- [bugfix] RHEL6 no_empty_passwords remediation script overwrote
system-auth symlink. Added --follow-symlink to sed command.
[0.1-15]
- Version bump
[0.1-15.rc5]
- Point the spec's source to proper remote tarball location
- Modify the main Makefile to use remote tarball when building RHEL/6's SRPM
[0.1-15.rc4]
- Don't include the table html files two times
- Remove makewhatis
[0.1-15.rc3]
- [bugfix] Updated rsyslog_remote_loghost to scan /etc/rsyslog.conf and /etc/rsyslog.d/*
- Numberous XCCDF->OVAL naming schema updates
- All rules now have CCE
[0.1-15.rc2]
- RHEL/6 HTML table naming bugfixes (table-rhel6-*, not table-*-rhel6)
[0.1-15.rc1]
- Apply spec file changes required by review request (RH BZ#1018905)
[0.1-14]
- Formal RPM release
- Inclusion of rht-ccp profile
- OVAL unit testing patches
- Bash remediation patches
- Bugfixes
[0.1-14.rc1]
- Change RPM versioning scheme to include release into tarball
[0.1-13]
- Updated RPM spec file to fix rpmlint warnings
[0.1-12]
- Updated RPM version to 0.1-12
[0.1-11]
- Significant amount of OVAL bugfixes
- Incorporation of Draft RHEL/6 STIG feedback
[0.1-10]
- man scap-security-guide
- OVAL bug fixes
- NIST 800-53 mappings update
[0.1-9]
- Updated BuildRequires to reflect python-lxml (thank you, Ray S.!)
- Reverting to noarch RPM
[0.1-8]
- Significant copy editing to XCCDF rules per community
feedback on the DISA RHEL/6 STIG Initial Draft
[0.1-7]
- Corrected XCCDF content errors
- OpenSCAP now supports CPE dictionaries, important to
utilize --cpe-dict when scanning machines with OpenSCAP,
e.g.:
$ oscap xccdf eval --profile stig-server --cpe-dict ssg-rhel6-cpe-dictionary.xml ssg-rhel6-xccdf.xml
[0.1-6]
- Corrected RPM versioning, we're on 0.1 release 6 (not version 1 release 6)
- Updated RPM includes feedback received from DoD Consensus meetings
[1.0-5]
- Adjusted installation directory to /usr/share/xml/scap.
[1.0-4]
- Fix BuildRequires and Requires.
[1.0-3]
- Modified install section, made description more concise.
[1.0-2]
- Minor updates to pass some variables in from build system.
[1.0-1]
- First attempt at SSG RPM. May help us...
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (aarch64) | scap-security-guide-0.1.66-1.0.5.el7_9.src.rpm | 97738a16da993b3395f6e49b7c098c38 | - |
| scap-security-guide-0.1.66-1.0.5.el7_9.noarch.rpm | 88439c325bf9d66e88326e33277ecb94 | - | |
| scap-security-guide-doc-0.1.66-1.0.5.el7_9.noarch.rpm | bebb5072cbc616194e78a4fb4cb63545 | - | |
| Oracle Linux 7 (x86_64) | scap-security-guide-0.1.66-1.0.5.el7_9.src.rpm | 97738a16da993b3395f6e49b7c098c38 | - |
| scap-security-guide-0.1.66-1.0.5.el7_9.noarch.rpm | 88439c325bf9d66e88326e33277ecb94 | - | |
| scap-security-guide-doc-0.1.66-1.0.5.el7_9.noarch.rpm | bebb5072cbc616194e78a4fb4cb63545 | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
