Hi Marek, thank you for the answer. I am afraid it is worse than that, there are also rules added to the new file. See an example diff below.
Shall I change the tracking to bugzilla or stay on the mailing list? Best regards, Mathias Am 04.09.2017 um 16:10 schrieb Marek Haicman: > Err, clicked reply instead of reply-all :) > > On 09/04/2017 03:36 PM, Marek Haicman wrote: >> On 09/03/2017 01:55 PM, Mathias Münch wrote: >>> Hello! >>> >>> When I create a tailoring file with the scap workbench (SCAP Workbench >>> 1.1.5, compiled with Qt 4.8.7, using OpenSCAP 1.2.14) everything works >>> fine for the original customization. >>> >>> Now when I load the tailoring file again into the workbench in order to >>> change things (e.g. re-enable one rule) and save, then the "extends" >>> attribute is gone from the Profile tag and lots of additional rules >>> (that I did not touch) are added to the tailoring. >>> >>> Am I missing some point or is this expected behaviour? >>> >>> Best regards, >>> >>> Mathias >>> >>> _______________________________________________ >>> Open-scap-list mailing list >>> [email protected] >>> https://www.redhat.com/mailman/listinfo/open-scap-list >>> >> >> Hello Mathias, >> thank you for the report! This issue has been already reported in >> RHBZ, https://bugzilla.redhat.com/show_bug.cgi?id=1454455 it's not >> expected behaviour. :) Please take a look at your reproducer, if only >> groups are newly added there. In that case, it SHOULD be harmless. >> >> Thanks! >> Marek >
5c5 < <xccdf:Profile id="xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream_customized" extends="xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream"> --- > <xccdf:Profile > id="xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream_customized"> 7a8,189 > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_accounts_password_all_shadowed" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_require_singleuser_auth" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_disable_interactive_boot" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_accept_source_route" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_service_chronyd_or_ntpd_enabled" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_chronyd_or_ntpd_specify_remote_server" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_wireless_disable_in_bios" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_wireless_disable_interfaces" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_service_bluetooth_disabled" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_service_telnet_disabled" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_package_telnet-server_removed" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_package_telnet_removed" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_package_rsh-server_removed" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_service_rexec_disabled" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_service_rsh_disabled" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_package_rsh_removed" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_service_rlogin_disabled" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_no_rsh_trust_files" selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_package_ypserv_removed" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_service_ypbind_disabled" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_package_ypbind_removed" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_package_talk-server_removed" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_package_talk_removed" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_service_crond_enabled" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_sshd_disable_rhosts" > selected="true"/> > <xccdf:select idref="xccdf_org.ssgproject.content_rule_disable_host_auth" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_enable_selinux_bootloader" > selected="true"/> > <xccdf:select idref="xccdf_org.ssgproject.content_rule_selinux_state" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_selinux_policytype" selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_accounts_no_uid_except_zero" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_gid_passwd_group_same" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_file_permissions_sshd_pub_key" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_file_permissions_ungroupowned" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_no_files_unowned_by_user" > selected="true"/> > <xccdf:select idref="xccdf_org.ssgproject.content_rule_rpm_verify_hashes" > selected="true"/> > <xccdf:select idref="xccdf_org.ssgproject.content_rule_umask_for_daemons" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_sysctl_kernel_exec_shield" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_install_PAE_kernel_on_x86-32" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_bios_enable_execution_restrictions" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_display_login_attempts" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_account_temp_expire_date" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_ftp_present_banner" selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_security_patches_up_to_date" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_network_disable_ddns_interfaces" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_libreswan_approved_tunnels" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_xwindows_runlevel_setting" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_package_xorg-x11-server-common_removed" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_enable_x11_forwarding" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_mount_option_krb_sec_remote_filesystems" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_use_kerberos_security_all_exports" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_package_tftp-server_removed" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_rule_service_zebra_disabled" > selected="true"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_remediation_functions" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_intro" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_general-principles" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_principle-encrypt-transmitted-data" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_principle-minimize-software" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_principle-separate-servers" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_principle-use-security-tools" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_principle-least-privilege" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_how-to-use" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_intro-read-sections-completely" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_intro-test-non-production" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_intro-root-shell-assumed" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_intro-formatting-conventions" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_intro-reboot-required" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_gnome" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_gnome_login_screen" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_gnome_screen_locking" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_gnome_system_settings" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_gnome_network_settings" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_gnome_remote_access_settings" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_gnome_media_settings" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_sudo" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_partitions" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_permissions_important_account_files" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_permissions_within_important_dirs" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_root_paths" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_user_umask" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_smart_card_login" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_gui_login_banner" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_network_disable_unused_interfaces" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_network_ssl" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_network-uncommon" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_ensure_rsyslog_log_file_configuration" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_rsyslog_accepting_remote_messages" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_log_rotation" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_configure_logwatch_on_logserver" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_restrict_at_cron_users" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_sshd_strengthen_firewall" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_sssd" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_avahi" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_disable_avahi_group" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_avahi_configuration" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_printing" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_configure_printing" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_dhcp" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_disabling_dhcp_server" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_dhcp_server_configuration" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_dhcp_server_minimize_served_info" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_disabling_dhcp_client" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_dhcp_client_configuration" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_dhcp_client_restrict_options" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_mail" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_client" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_postfix_harden_os" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_postfix_configure_ssl_certs" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_postfix_install_ssl_cert" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_postfix_server_configuration" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_postfix_server_denial_of_service" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_postfix_server_mail_relay" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_postfix_server_mail_relay_set_trusted_networks" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_postfix_server_mail_smtpd_relay_restrictions" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_postfix_server_mail_smtpd_recipient_restrictions" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_postfix_server_mail_relay_smtp_auth_for_untrusted_networks" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_postfix_server_mail_relay_require_tls_for_smtp_auth" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_ldap" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_openldap_client" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_openldap_server" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_ldap_server_config_certificate_files" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_disabling_nfs" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_disabling_nfs_services" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_nfs_configuring_all_machines" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_nfs_client_or_server_not_both" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_nfs_configure_fixed_ports" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_disabling_nfsd" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_configure_exports_restrictively" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_use_acl_enforce_auth_restrictions" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_export_filesystems_read_only" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_dns" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_disabling_dns_server" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_dns_server_isolation" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_dns_server_dedicated" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_dns_server_chroot" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_dns_server_protection" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_dns_server_separate_internal_external" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_dns_server_partition_with_views" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_disabling_vsftpd" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_ftp_use_vsftpd" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_ftp_restrict_users" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_ftp_limit_users" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_ftp_configure_firewall" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_http" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_disabling_httpd" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_installing_httpd" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_httpd_minimal_modules_installed" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_securing_httpd" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_httpd_restrict_info_leakage" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_httpd_minimize_loadable_modules" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_httpd_core_modules" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_httpd_basic_authentication" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_httpd_optional_components" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_httpd_minimize_config_files_included" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_httpd_directory_restrictions" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_httpd_modules_improve_security" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_httpd_deploy_mod_ssl" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_httpd_deploy_mod_security" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_httpd_use_dos_protection_modules" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_httpd_configure_php_securely" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_httpd_configure_os_protect_web_server" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_httpd_restrict_file_dir_access" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_httpd_configure_firewalld" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_chroot" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_imap" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_disabling_dovecot" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_configure_dovecot" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_dovecot_support_necessary_protocols" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_dovecot_enabling_ssl" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_dovecot_allow_imap_access" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_smb" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_disabling_samba" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_configuring_samba" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_smb_restrict_file_sharing" > selected="false"/> > <xccdf:select > idref="xccdf_org.ssgproject.content_group_smb_disable_printing" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_proxy" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_disabling_squid" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_srg_support" > selected="false"/> > <xccdf:select idref="xccdf_org.ssgproject.content_group_c2s_support" > selected="false"/> 202a385,421 > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_password_pam_minlen" > selector="15"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_password_pam_ocredit" > selector="1"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_password_pam_dcredit" > selector="1"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_password_pam_ucredit" > selector="1"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_password_pam_lcredit" > selector="1"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_password_pam_retry" > selector="3"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny" > selector="3"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time" > selector="604800"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_fail_interval" > selector="900"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_conf_default_accept_source_route_value" > selector="disabled"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_tcp_syncookies_value" > selector="enabled"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_conf_all_accept_redirects_value" > selector="disabled"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_conf_default_accept_redirects_value" > selector="disabled"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value" > selector="enabled"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_auditd_num_logs" selector="5"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_auditd_max_log_file" > selector="6"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_auditd_max_log_file_action" > selector="rotate"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_auditd_space_left_action" > selector="email"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_auditd_admin_space_left_action" > selector="single"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_auditd_action_mail_acct" > selector="root"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_multiple_time_servers" > selector="rhel"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_selinux_state" > selector="enforcing"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_selinux_policy_name" > selector="targeted"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_umask_for_daemons" > selector="022"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_accounts_max_concurrent_login_sessions" > selector="10"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs" > selector="60"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs" > selector="1"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_accounts_tmout" > selector="10_min"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_sshd_idle_timeout_value" > selector="15_minutes"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_password_pam_unix_remember" > selector="5"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_password_pam_difok" > selector="8"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_login_banner_text" > selector="dod_default"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_password_pam_minclass" > selector="4"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_password_pam_maxrepeat" > selector="2"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_password_pam_maxclassrepeat" > selector="2"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_inactivity_timeout_value" > selector="15_minutes"/> > <xccdf:refine-value > idref="xccdf_org.ssgproject.content_value_var_account_disable_post_pw_expiration" > selector="0"/>
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
