[PATCH] [Fedora] Introduce SSG manual page. Fix previous changelog date typo. Create 0.1-2 version
by Jan Lieskovsky
The following proposal performs:
* include manual page for scap-security-guide in Fedora too
(fixes --w no-documentation rpmlint's warning),
* fixes previous date Fedora spec's typo,
* merge previous Fedora spec's changelog entries into
one to create new upstream scap-security-guide-0.1-2 version
(me to be able to schedule Fedora package review request).
Please review.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
10 years, 6 months
[Fedora] Remove percent sign from Fedora spec's changelog to silence rpmlint warning
by Jan Lieskovsky
Remove percent sign from Fedora spec's changelog to silence one rpmlint
warning that raised in between. No other change was made to the content.
Pushed this change already (as I need it for other commit).
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
P.S. Noticed the wrong date used. Will correct it with subsequent proposal.
10 years, 6 months
[PATCH] [Fedora] Convert RHEL6 'Restrict Root Logins' section's rules to Fedora
by Jan Lieskovsky
This proposal converts rules from RHEL6's 'Restrict Root Logins'
section so they could be used on Fedora too. Depends on previous
typo fix (caab207a8c8a587914d9a1b318d972bbd678896c).
Common Fedora rpm Makefile rules and Fedora SSG Makefile content
rules have been tested and confirmed to work properly.
Please review.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
10 years, 6 months
[PATCH] [RHEL6] Fix couple of typos in the text in 'Restrict Root Logins' document
by Jan Lieskovsky
This proposal fixes couple of text typos in the 'Restrict Root Logins'
document:
* replace <tt>/etc/secuetty</tt> with <tt>/etc/securetty</tt>,
* s/on thesyste,/on the system,/
* s/passowrd/password/
* s/as as user can login/as user can login/
* remove couple instances of whitespace noise at the end of rows,
* be consistent - globally use one space character to start new
sentence (in cca 3 cases there have been two spaces).
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
10 years, 6 months
[PATCH] additional OVAL testing
by David Smith
From: David Smith <dsmith(a)eclipse.ncsc.mil>
---
.../accounts_password_pam_cracklib_dcredit.xml | 1 +
.../accounts_password_pam_cracklib_difok.xml | 1 +
.../accounts_password_pam_cracklib_lcredit.xml | 1 +
.../accounts_password_pam_cracklib_ocredit.xml | 1 +
.../accounts_password_pam_cracklib_ucredit.xml | 1 +
.../checks/audit_rules_file_deletion_events.xml | 1 +
RHEL6/input/checks/audit_rules_media_export.xml | 1 +
.../input/checks/audit_rules_sysadmin_actions.xml | 1 +
RHEL6/input/checks/audit_rules_time_adjtimex.xml | 1 +
.../audit_rules_unsuccessful_file_modification.xml | 1 +
10 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/RHEL6/input/checks/accounts_password_pam_cracklib_dcredit.xml b/RHEL6/input/checks/accounts_password_pam_cracklib_dcredit.xml
index 182313a..b0e13f4 100644
--- a/RHEL6/input/checks/accounts_password_pam_cracklib_dcredit.xml
+++ b/RHEL6/input/checks/accounts_password_pam_cracklib_dcredit.xml
@@ -7,6 +7,7 @@
</affected>
<description>The password dcredit should meet minimum
requirements using pam_cracklib</description>
+ <reference source="DS" ref_id="20131011" ref_url="test_attestation" />
</metadata>
<criteria>
<criterion comment="Conditions for dcredit are satisfied"
diff --git a/RHEL6/input/checks/accounts_password_pam_cracklib_difok.xml b/RHEL6/input/checks/accounts_password_pam_cracklib_difok.xml
index 37945cd..2aad2de 100644
--- a/RHEL6/input/checks/accounts_password_pam_cracklib_difok.xml
+++ b/RHEL6/input/checks/accounts_password_pam_cracklib_difok.xml
@@ -7,6 +7,7 @@
</affected>
<description>The password difok should meet minimum
requirements using pam_cracklib</description>
+ <reference source="DS" ref_id="20131011" ref_url="test_attestation" />
</metadata>
<criteria>
<criterion comment="Conditions for difok are satisfied"
diff --git a/RHEL6/input/checks/accounts_password_pam_cracklib_lcredit.xml b/RHEL6/input/checks/accounts_password_pam_cracklib_lcredit.xml
index f9c42f0..a4f35f0 100644
--- a/RHEL6/input/checks/accounts_password_pam_cracklib_lcredit.xml
+++ b/RHEL6/input/checks/accounts_password_pam_cracklib_lcredit.xml
@@ -7,6 +7,7 @@
</affected>
<description>The password lcredit should meet minimum
requirements using pam_cracklib</description>
+ <reference source="DS" ref_id="20131011" ref_url="test_attestation" />
</metadata>
<criteria>
<criterion comment="Conditions for lcredit are satisfied"
diff --git a/RHEL6/input/checks/accounts_password_pam_cracklib_ocredit.xml b/RHEL6/input/checks/accounts_password_pam_cracklib_ocredit.xml
index 8d433f4..39d106f 100644
--- a/RHEL6/input/checks/accounts_password_pam_cracklib_ocredit.xml
+++ b/RHEL6/input/checks/accounts_password_pam_cracklib_ocredit.xml
@@ -7,6 +7,7 @@
</affected>
<description>The password ocredit should meet minimum
requirements using pam_cracklib</description>
+ <reference source="DS" ref_id="20131011" ref_url="test_attestation" />
</metadata>
<criteria>
<criterion comment="Conditions for ocredit are satisfied"
diff --git a/RHEL6/input/checks/accounts_password_pam_cracklib_ucredit.xml b/RHEL6/input/checks/accounts_password_pam_cracklib_ucredit.xml
index 9227167..0e2c478 100644
--- a/RHEL6/input/checks/accounts_password_pam_cracklib_ucredit.xml
+++ b/RHEL6/input/checks/accounts_password_pam_cracklib_ucredit.xml
@@ -7,6 +7,7 @@
</affected>
<description>The password ucredit should meet minimum
requirements using pam_cracklib</description>
+ <reference source="DS" ref_id="20131011" ref_url="test_attestation" />
</metadata>
<criteria>
<criterion comment="Conditions for ucredit are satisfied"
diff --git a/RHEL6/input/checks/audit_rules_file_deletion_events.xml b/RHEL6/input/checks/audit_rules_file_deletion_events.xml
index 9995642..d93d4d2 100644
--- a/RHEL6/input/checks/audit_rules_file_deletion_events.xml
+++ b/RHEL6/input/checks/audit_rules_file_deletion_events.xml
@@ -6,6 +6,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>Audit files deletion events.</description>
+ <reference source="DS" ref_id="20131011" ref_url="test_attestation" />
</metadata>
<criteria>
<criterion comment="audit file delete" test_ref="test_audit_rules_file_deletion_events" />
diff --git a/RHEL6/input/checks/audit_rules_media_export.xml b/RHEL6/input/checks/audit_rules_media_export.xml
index 7019700..5adbfd2 100644
--- a/RHEL6/input/checks/audit_rules_media_export.xml
+++ b/RHEL6/input/checks/audit_rules_media_export.xml
@@ -6,6 +6,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>Audit rules that detect the mounting of filesystems should be enabled.</description>
+ <reference source="DS" ref_id="20131011" ref_url="test_attestation" />
</metadata>
<criteria>
<criterion comment="audit mount" test_ref="test_audit_rules_media_export" />
diff --git a/RHEL6/input/checks/audit_rules_sysadmin_actions.xml b/RHEL6/input/checks/audit_rules_sysadmin_actions.xml
index 485f12e..081eedf 100644
--- a/RHEL6/input/checks/audit_rules_sysadmin_actions.xml
+++ b/RHEL6/input/checks/audit_rules_sysadmin_actions.xml
@@ -6,6 +6,7 @@
<platform>Red Hat Enterprise Linux 6</platform>
</affected>
<description>Audit actions taken by system administrators on the system.</description>
+ <reference source="DS" ref_id="20131011" ref_url="test_attestation" />
</metadata>
<criteria>
<criterion comment="audit sudoers" test_ref="test_audit_rules_sysadmin_actions" />
diff --git a/RHEL6/input/checks/audit_rules_time_adjtimex.xml b/RHEL6/input/checks/audit_rules_time_adjtimex.xml
index bbafe7f..ca3b631 100644
--- a/RHEL6/input/checks/audit_rules_time_adjtimex.xml
+++ b/RHEL6/input/checks/audit_rules_time_adjtimex.xml
@@ -8,6 +8,7 @@
</affected>
<description>Record attempts to alter time through adjtimex.
</description>
+ <reference source="DS" ref_id="20131011" ref_url="test_attestation" />
</metadata>
<criteria comment="Test for either..." operator="OR">
<criteria comment="both..." operator="AND">
diff --git a/RHEL6/input/checks/audit_rules_unsuccessful_file_modification.xml b/RHEL6/input/checks/audit_rules_unsuccessful_file_modification.xml
index 424462b..c2305f3 100644
--- a/RHEL6/input/checks/audit_rules_unsuccessful_file_modification.xml
+++ b/RHEL6/input/checks/audit_rules_unsuccessful_file_modification.xml
@@ -8,6 +8,7 @@
</affected>
<description>Audit rules about the Unauthorized Access
Attempts to Files (unsuccessful) are enabled</description>
+ <reference source="DS" ref_id="20131011" ref_url="test_attestation" />
</metadata>
<criteria operator="AND">
<criterion comment="audit file eacces" test_ref="test_audit_rules_unsuccessful_file_modification_eacces" />
--
1.7.1
10 years, 6 months
[PATCH] Prettied up custom stylesheet at Jeff's request
by Maura Dailey
I added more color and a few new fields that had been dropped by the transforms. The images were also replaced. Various other minor formatting changes were made.
- Maura Dailey
Maura Dailey (1):
Made some corrections to the XSLT transforms to remedy missing
fields, replaced PNG files with different images, added background
colors and borders to code and header elements, created table for
Security Identifiers and References (and added prefixes to
references to make the source more obvious)
RHEL6/output/images/collapsed.png | Bin 1075 -> 742 bytes
RHEL6/output/images/expanded.png | Bin 1090 -> 1206 bytes
RHEL6/transforms/xccdf2html.xslt | 249 +++++++++++++++++++++++++------------
3 files changed, 171 insertions(+), 78 deletions(-)
10 years, 6 months