Did a full update of all the content on the
people.redhat.com page.
Here are the patches that are now reflected:
$ git log --oneline --after={2012-09-01}
8e17ead comprehensive content (and some copy) editing to XCCDF in
system/ directory
9d57cdf temporary fixups to shorthand macros, still need to improve further
65b44fb updating transform to show STIG-structured XCCDF as a table
a7fb416 added Makerules and updated transforms to create STIG-specific
content
42b2418 added new file that can transform XCCDF Rules into CSV
849b4d2 more unicode cleanup. hmmm perhaps we need a git commit hook...
f713555 out unicode, out!!! somebody needs to use a real text editor or
stop copying/pasting * fancy characters are nice, but are causing
trouble for some transforms
c067d2c updated RPM specfile Requires/BuildRequires, change installation
directory
527445c typo fix
ee4044c additions/alterations for CCI refs in multiple Rules in services
guidance
69fd53d addition/alternation of CCI references for multiple Rules in
system guidance
2245949 alternate titles for stig populated, Makerule to process them fixed
ca035c8 Updated shorthand2xccdf.xslt
114ecb3 moving xccdf resolve operation to a Rule off the critical path
(for now)
a421324 changed supporting transforms and scripts to support new
filename format
f8558b2 changed Makefile to create output filenames compliant with NIST
800-126
6b75fcf including dublin core namespace in input documents
f4189a0 minor typo fixups
8578d1d very rough first cut at producing XCCDF structured in the manner
of a STIG
4c28a5d new transform to add references to Rules (e.g. if a default ref
needed)
7b5e036 Merge branch 'master' of
git://git.fedorahosted.org/scap-security-guide
ce0a197 fixing a problem where an extra description was included (which
somehow validated!)
8dbc8d6 added ability to display tester's attestation to manual check column
a1be821 Fixed iptables typo in ldap and ssh sections Per a find from
Andrew Gilmore, we had a typo in the iptables rules. Specifically a
space charactor as documented at:
https://lists.fedorahosted.org/pipermail/scap-security-guide/2012-October...
6af9931 transforming test data to valid XCCDF
a63ff10 fixing typo it matters where a node is nested
cc269e8 Merge branch 'master' of
git://git.fedorahosted.org/scap-security-guide
444e1f8 Test tags added to input/system/software/updating.xml
b62bfeb moved CCIs appropriately
6c89fda Test tags added to input/system/software/disk_partitioning.xml
8d040ab added and modified OCIL check text
24b710c Signed off on sticky_world_writable_dirs - Updated find command,
making easier to read - Signed off on sticky_world_writable_dirs
6dad182 Signed off on - Signed off on
ee559c2 Signed off on world_writable_files_system_ownership - Updated
find command. It's trivial, but modifying to "-perm 0002" is easier to
read/understand "-perm -0002" - Signed off on the rule
06cb742 Signed off on user_umask_profile - Updated OCIL conditional
check to reflect failure if OCIL check returns no output - Signed off on
user_umask_profile
e0a65a5 Signed off on user_umask_logindefs - Added text for OCIL
condition to reflect failure if umask setting is not configured at all -
Signed off on user_umask_logindefs
6311d55 Added persistent config test to sysctl-check-macro Historically
this macro only checked for runtime config, not persistent configuration
via /etc/sysctl.conf
d117304 Updated sysctl-desc-macro to check for persistent config
9b564f4 Copy-edit of enable_randomize_va_space Quick wording edit of
enable_randomize_va_space
0ecda1b additional OCIL check text
d885ac4 additional OCIL checks
7996dcb OCIL text additions and modifications
5919212 added new macro for SSH checks (rough wording for now), and used it
adc8fa3 repairing conflicts, editor's corrections to style
64bb002 inclusion of OCIL check text and modification of language
4c560ba Merge branch 'master' of
git://git.fedorahosted.org/scap-security-guide
8194cb7 Merge branch 'master' of
ssh://git.fedorahosted.org/git/scap-security-guide
1290f05 OCIL clause changes for input/system/permissions/files.xml
a8f8f56 OCIL clause changes for input/system/permissions/files.xml
2dbfd06 OCIL clause changes for input/system/network/ipv6.xml
092fd5b OCIL clause changes for input/system/network/iptables.xml
fb9ffa5 OCIL clause changes for input/system/auditing.xml
35e8e5e added OCIL checks
b91edcb added or modified check text, adding OCIL clauses where appropriate
9d89035 added or modified check text, adding OCIL clauses where appropriate
00ed6c4 password file entries for accounts with UID 0
7762d0e Merge branch 'master' of
git://git.fedorahosted.org/scap-security-guide
8fa5bda OCIL clause tags added to 6 files in the /input dir
7843c35 commented out vestige of variable display
ae459aa added OCIL checks
6aa5c33 support for including clauses with macro-ized check texts
6d68a94 typo fixes for service checks
c83fe6d typo fixes to checks in auditing section
1687561 fixes to check text for services
0822a9f removed duplicate OCIL check
d327922 added example clause for manual check text, to enable
boilerplate remark generation
699c6c1 adding transforms and Values support to enable automatic
generation of boilerplate text * if a "shorthand" OCIL / manual check
text is decorated with a clause attribute, then it can now be used to
generate a boilerplate remark which incorporates that clause * for
example, if your check needs to conclude with, "If [clause], then this
is a finding..." we can now generate the boilerplate portions if the
clause is provided. The clause can also be used to construct a question
in the true OCIL style for the valid OCIL output.
ef86b74 temporary commenting of x windows listening Rule, until new
version is complete
71c1e5b removal of duplicate OCIL checking text
dc08b1d Merge branch 'master' of
git://git.fedorahosted.org/scap-security-guide
6f7a445 Merge branch 'master' of
git://git.fedorahosted.org/scap-security-guide
5f71ae0 added check text to system section
3719922 added check text to services sections
d8b9d39 removed superceded checks for client-side NIS checks *
superceded by requirement to not use NIS at all
a1cd2d2 added new macros for file permissions, kernel modules, audit rules
9fddc56 added shorthand2xccdf dependency to tables Makerule
04e42a8 Merge branch 'master' of
ssh://git.fedorahosted.org/git/scap-security-guide
b097946 Merge branch 'master' of
ssh://git.fedorahosted.org/git/scap-security-guide
65d3e3c changed wide-ranging discussion about IPtables rules to Group
b6b0f7f changed a coarse discussion about SNMP to a Group
38fa846 fixed indenting, reassigned Groups/Rules in Samba guidance
95de787 changed firewall discussion about SSH to a Group
29cbe43 changed discussions about Postfix to Groups
5fea641 changed HOWTO information for OpenLDAP server to Groups
72a9fb0 changed coarse-grained discussion to Groups for FTP
59ec780 changed coarse-grained recommendations to Groups for BIND
1f25dd6 changing HOWTO information about OpenSSL into Groups
75c2126 changing coarse-grained recommendations to Groups for DHCP
f5dfd0e style updates to software updates section
687e4e9 added new transform to validly order nodes inside Groups
135f345 removed obsolete settings
56648b8 changed a rule to a group
845cfe8 content editing for CUPS
c026ab9 Merge branch 'master' of
git://git.fedorahosted.org/scap-security-guide
f51cf47 Merge branch 'master' of
git://git.fedorahosted.org/scap-security-guide
5681483 quick fix to make things validate
d98de9c Multiple Check Text / Fix Text Changes.
33c73c3 Merge branch 'master' of
git://git.fedorahosted.org/scap-security-guide
4fd38a0 Created OCIL for max_concurrent_login_sessions
11fa767 Created OCIL for set_iptables_default_rule_forward - Created
OCIL for set_iptables_default_rule_forward
bad8f04 Updated install_openswan - Created OCIL content, mapped to xccdf
macro - Updated description to use package-install-macro
0b98b48 Updated service-disable-check-macro to check for runtime and
config (boottime) settings - service-disable-check-macro was checking
for a "service disabled," but not checking init settings of services.
Updated service-disable-check-macro to reflect chkconfig tests - Updated
bluetooth to use this check - Removed my old ocil-disabled, since it
clearly isn't needed once content was added to service-disable-check-macro
0578288 Created macro "service-disable-ocil-macro", mapped to
service_bluetooth_disabled - Created service-disable-ocil-macro for use
as macro when making OCIL checks on disabled services - Mapped OCIL of
service_bluetooth_disabled as an example
cd7df03 Created OCIL for account_disable_post_pw_expiration - Created
OCIL for account_disable_post_pw_expiration
cd6bdd9 Created OCIL for world_writable_files_system_ownership Modified
description text, which already had manual check information, to create
OCIL content
146e6fe Created OCIL for tftpd_uses_secure_mode - Updated description
for minor things / copy editing - Created OCIL for tftpd_uses_secure_mode
7fe9f83 Created OCIL for user_umask_logindefs - Updated description text
for clarify/copy editing - Created OCIL for user_umask_logindefs
8c59d80 Created OCIL for user_umask_profile - Updated description test -
Created OCIL
894ac4e Created OCIL for user_umask_cshrc - Updated description to
increase readability - Created OCIL text
1e67699 Created OCIL for user_umask_bashrc Created OCIL text for
user_umask_bashrc
028d570 Created OCIL for no_netrc_files - Updated description language
to place OCIL language in <OCIL> tags - Expanded OCIL check description
to state that any .netrc files should be deleted or documented
897339e Created OCIL for ftp_present_banner - Updated text to reflect
default config file location at /etc/vsftpd/vsftpd.conf - Created OCIL
text to grep out the value of banner_file and ensure it is "/etc/issue"
94a0131 Title "Added OCIL Checking"
7a32f42 Merge branch 'master' of
git://git.fedorahosted.org/scap-security-guide
b78a491 support for generating OCIL, synchronizing/generating OCIL IDs
automatically
508081e new transforms to create OCIL from manual checks, change inline
content to references
a9b3af4 additions to Makefile to create OCIL output from inline manual
check text
5ba638c support for generating OCIL
50803cd Merge branch 'master' of
git://git.fedorahosted.org/scap-security-guide
e634bac added macro-ized package installation checks
a5dc3dc changes to support "transitional" OCIL content (which is what
we're calling our manual check text)
556a49b correcting checktypes used in test for
accounts_nologin_for_system fix accidental addition of argument to
testcheck's oscap invocation...we get ovalresults anyway
ad1783d Update CCE-14440-2 "Ensure Red Hat GPG Key is Installed"
db48fe3 fix to regex for scanning files for WiFi drivers
49bc6b4 Merge branch 'gshadow-perms'
cd30ede support for handling new <ocil> tags for manual check info *
also, support for displaying this manual check information in tables *
definitions of new macros to make developing easier
554143b use of new macros for disk partition checking, minor language
updates
06df714 added proposed new "<ocil>" tags to contain manual check
information. * these also use new macros for disabling services and
checking partitioning
c06e009 removed vestigial file
b1b62f7 Use mode 0 for gshadow file
9a21611 content editing for permissions section, fixups for title style
* my voyage through the content revealed to me how much other content
editing is still needed
3a002fe added support to automatically add reference to OVAL
definitions * to document their true origin, ease some debugging
7f84d9a added xslt template to automatically insert current date into
XCCDF * easier than manually inserting date?
82f675b removed CCE references from OVAL content
bad218d added OVAL files which are now created through template
8469150 removed files which are either obsolete or are/will be created
through different mechanisms
f7e52e2 added argument to output oval-results file * this will help
avoid future issues with invalid output/input
6451273 removal of CCE info from templates for kernelmods, packages,
perms, services, sysctls
d1be7a7 removed CCE identifiers from template source-info files
94856e4 removed CCE handling from scripts that create templated OVAL checks
f0f381a new helper scripts for making/verifying/installing templated files
19b174a added new Makerules to insert alternate titles, create STIG
tables with them
41e12f9 helper script to create alternate titles files and link it to
Rules in a XCCDF Profile * short title is also synchronized as an aide
to data entry
59c7b4c new transform to replace concise, broadly-acceptable titles with
alternative titles in XCCDF
bca8516 new file (alt-titles-stig.xml) that enables entering alternate
titles for Rules