On 2/15/13 4:28 PM, Jeffrey Blank wrote:
>If a password exists for a service account its declared a finding and
>passwd -l <account name> should be done, but passwd -l only puts !! In
>front of the hash to lock the account and does not remove the hash. I'm
>assuming this is going to cause some false positives in scanning. So
>maybe some extra wording saying that if a has exists and !! Comes before
>it, then its not a finding?
A patch would force the issue / be most helpful.
Thanks for the feedback!
>I'm keeping track of everything as I develop the STIG content, so will
>report back as I mow through everything.
"Content" remains a confusingly overloaded word. If it's not too much
to ask, I'd request that everyone use it only to describe SCAP-formatted
content, such as the STIG itself or the other SCAP content on
scap-security-guide.
>P.S. From the RHEL5 Beta STIG to the RHEL5 Final no change log or
>revision tracking was done, which makes updating content a
>nightmare--especially if there are dups of like checks. Maybe we can ping
>DISA to try and implement that?
Yes -- we need to sync shortly. Ideally all changes would go through
SSG, and then the git log will provide a complete and transparent record
of all changes. I do not believe DISA's system includes version control
(but I'm open to correction).
Exactly!
The content to become the draft STIG was submitted to DISA FSO on Fri
26-OCT-2012. There have been 248 patches since that time, so the DISA
draft is quiet out of date. When they rebase (aka, for the "final
draft") here are the patches they'll be picking up.... plus whatever
else is found during the first public comment period
1bf0720 - David Smith, 2 days ago : language cleanup
f4c30d0 - David Smith, 7 days ago : added CCEs
9182e21 - Jeffrey Blank, 10 days ago : updated refine-value names for
umask in profiles, and Rules
8619d02 - Jeffrey Blank, 10 days ago : fixed/updated IDs in umask checks
and renamed a couple
fed8a5a - Shawn Wells, 10 days ago : Renamed manpage to scap-security-guide
70a1e50 - Shawn Wells, 10 days ago : Patch to include JBoss content in
the RPM
fa66d34 - Shawn Wells, 10 days ago : Updating URN for fix scripts
407984d - Jeffrey Blank, 10 days ago : fixed typo in refine-value for
user umasks
5da9e54 - Jeffrey Blank, 10 days ago : fixed bug which unnecessarily
prepended "oval:" to IDs
7a05569 - Shawn Wells, 10 days ago : [bugfix] Updated .spec to reflect
$RPM_BUILD_ROOT for chcon'ing manpage
40c0126 - Shawn Wells, 2 weeks ago : [bugfix] Inconsistent kernel
checking As reported by Philip S., OVAL was checking for /bin/false
whereas the XCCDF macro was still configured for /bin/true
e2c65fc - Shawn Wells, 2 weeks ago : [bugfix] Missed a
var_accounts_passwords_pam_faillock_unlock_time value
6b3cfb6 - Shawn Wells, 2 weeks ago : [bugfix]
var_accounts_passwords_pam_faillock_unlock_time value exceeded
MAX_TIME_INTERVAL As reported by Philip S., the 100000000 value for
var_accounts_passwords_pam_faillock_unlock_time exceeded the
MAX_TIME_INTERVAL value of which PAM would accept.
9a5a07f - Shawn Wells, 2 weeks ago : Created SSG Manpage, shortened RPM
"Description" text - Created SSG manpage, updated RPM build spec to
include it. Users can now "man ssg" - The RPM description text was to
verbose when shown through 'yum list' output. Shortened.
b88e801 - Shawn Wells, 2 weeks ago : Finished USGCB profile - There
were a few USGCBv5 rules that were not in SSG. Created a new ticket
group to track these for inclusion/discussion:
https://fedorahosted.org/scap-security-guide/report/3 ("USGCB Baseline
Release" section)
f56cbb4 - Shawn Wells, 2 weeks ago : Added value for
var_account_disable_post_pw_expiration USGCB calls for a value of 30 for
var_account_disable_post_pw_expiration, added that selector into the
available choices
4284654 - Shawn Wells, 2 weeks ago :
[bugfix]set_sysctl_net_ipv6_conf_default_accept_ra didn't have OVAL
value passed through set_sysctl_net_ipv6_conf_default_accept_ra was not
passing the sysctl_net_ipv6_conf_default_accept_ra_value variable to the
OVAL
6ee7d3d - Shawn Wells, 2 weeks ago : Creation of USGCB profile Began
buildout of a profile which maps to requirements that drove the RHEL5
USGCB. Did not add to build system since this is far from ready.
85a82cb - Mike Palmiotto, 3 weeks ago : Change kernel module disabling
to use /bin/false.
fe0d255 - Kenneth Stailey, 3 weeks ago : Fix processor_type value for
32-bit systems
f2efd9f - David Smith, 3 weeks ago : added address/CIDR option to
/etc/exports file
52f179f - David Smith, 4 weeks ago : copy editing
9358ae6 - Christopher Anderson, 4 weeks ago : Correct spelling for
divine intervention request in spec file (diety -> deity).
9cb81a9 - Christopher Anderson, 4 weeks ago : A few more spelling fixes.
ff6ba53 - David Smith, 4 weeks ago : edited value to reflect recent changes
32dcc36 - David Smith, 4 weeks ago : fixed typo, changed OVAL to reflect
recommended value
bf08ab4 - David Smith, 4 weeks ago : changed kernel.randomize_va_space
value to 2
dc3c937 - David Smith, 4 weeks ago : copy editing
0e793e1 - Christopher Anderson, 4 weeks ago : Corrected a few speling
errrors.
d7a92ca - David Smith, 4 weeks ago : copy editing, mostly adding colons
74536bc - David Smith, 4 weeks ago : slight text modifications
1137321 - David Smith, 4 weeks ago : turned a Rule into a Group
8996090 - Shawn Wells, 4 weeks ago : Altered references from
system-auth-ac to system-auth
1dfb1a8 - Kenneth Stailey, 4 weeks ago : Fix reverse logic of two
ssh_config tests
f268f7d - David Smith, 4 weeks ago : began adding CCE elements to build
table of needed CCEs
85a12cc - David Smith, 4 weeks ago : removed a rule
0e7a2a8 - David Smith, 4 weeks ago : turned a group into a rule
72f865c - David Smith, 4 weeks ago : tag escape fix
cd48981 - David Smith, 4 weeks ago : text fixes from DISA FSO
4d063b5 - Shawn Wells, 5 weeks ago : Bugfix: Removed duplicate
<rationale> Bugfix: Removed duplicate <rationale>
11a94d1 - Shawn Wells, 5 weeks ago : DISA FSO: OCIL language cleanup to
RHEL6/input/system/logging.xml DISA FSO: OCIL language cleanup to
RHEL6/input/system/logging.xml
53a0ca7 - Shawn Wells, 5 weeks ago : DISA FSO: Language changes to
RHEL6/input/services/ftp.xml Language changes to FTP section, patched by
DISA FSO
59c17c6 - Shawn Wells, 5 weeks ago : Updated escape char
e7973bb - Shawn Wells, 5 weeks ago : [bugfix] Fixed
kernel.randomize_va_space OVAL check
863061b - Shawn Wells, 5 weeks ago : DISA FSO: removed disable_at from
STIG profile Removed disable_at from STIG profile per FSO feedback
7329708 - Shawn Wells, 5 weeks ago : Updated auxiliary/srg_support.xml
language Minor language patch
6b51ef4 - Shawn Wells, 5 weeks ago : DISA FSO: Updated alt-titles
Updated alt-titles per feedback from FSO
b46de95 - Shawn Wells, 5 weeks ago : Mapped CP-* Procedural requirements
f12b4fe - Shawn Wells, 5 weeks ago : Mapped CM-9 Procedural requirements
b3b6bbe - Shawn Wells, 5 weeks ago : Mapped CM-8 All procedural requirements
dad8076 - Shawn Wells, 5 weeks ago : Mapped CM-7 CM-7 calls for the
system to provide only essential capabilities, and restrict defined
functions, ports, protocols, and services. Removed a few existing CM-7
mappings to follow the above interpretation, added others.
fa7d1a6 - Shawn Wells, 5 weeks ago : Mapped CM-6 (significant change)
27f0a5f - Shawn Wells, 5 weeks ago : Mapped CM-3, CM-4, CM-5 Various
procedural requirements
520e4ca - Shawn Wells, 5 weeks ago : Mapped CM-1* and CM-2*
048e514 - Shawn Wells, 5 weeks ago : Mapped CA-3, CA-5, CA-6, CA-7 All
organizational procedural requirements
c20507a - Shawn Wells, 5 weeks ago : Mapped CA-2*
a509f0f - Shawn Wells, 5 weeks ago : Mapped CA-1*
40c055d - Shawn Wells, 5 weeks ago : Mapped AU-12*
f134bae - Shawn Wells, 5 weeks ago : Added AU-11 mappings
f9ae6d9 - Shawn Wells, 5 weeks ago : Mapped AU-9
5ec98e6 - Shawn Wells, 5 weeks ago : Mapped AU-8
aab8605 - Shawn Wells, 5 weeks ago : Mapped AU-6* to procedural requirements
206ed8d - Shawn Wells, 5 weeks ago : Mapped AU-3*
3d314ef - Shawn Wells, 5 weeks ago : Request for discussion: Removed
AU-2 mappings from system/logging.xml
9fb277f - Shawn Wells, 5 weeks ago : Added AU-2* mappings Added several
AU-2* mappings
41a5457 - Shawn Wells, 5 weeks ago : Mapped AU-1(b) AU-1(b) calls for
"... procedures to facilitate the implimentation of the audit and
accountability policy....," thus maps to all the rules within our all
audit section
5fe405a - Shawn Wells, 5 weeks ago : Mapped AU-1(a) to
nist_procedural_requirement 1(a) calls for organizational policy
creation, outside the scope of SSG
ed64723 - David Smith, 5 weeks ago : fixed typo that prevented validation
3933073 - David Smith, 5 weeks ago : fixed typos
f022728 - David Smith, 5 weeks ago : fixed issues created during last
git merge
7e55726 - Shawn Wells, 5 weeks ago : (DISA FSO) Cleaning up merge
conflicts in services/base.xml (DISA FSO) Cleaning up merge conflicts in
services/base.xml
0859727 - Shawn Wells, 5 weeks ago : (DISA FSO) Typo fixes for
RHEL6/input/services/ftp.xml (DISA FSO) Typo fixes for
RHEL6/input/services/ftp.xml
f5114ad - Shawn Wells, 5 weeks ago : (DISA FSO) Fixed typos in
RHEL6/input/system/accounts/physical.xml
700a541 - Shawn Wells, 5 weeks ago : (DISA FSO) Fixed typo in
RHEL6/input/system/software/integrity.xml
f4fa7ef - David Smith, 6 weeks ago : moved CCI 144 to permanent finding
afcdaed - David Smith, 6 weeks ago : added new rule for audispd use
e61be4c - David Smith, 6 weeks ago : changed netrc rule to only look in
user home directories
ed03ebe - David Smith, 6 weeks ago : added text to specify acceptable
ciphers
f4322ec - David Smith, 6 weeks ago : shifted references to refer to
SRG-OS-000095, per DISA FSO comments (rows 145-147, 150)
035f68d - David Smith, 6 weeks ago : removed reference to CCI 143 in
auditd admin_space_left_action rule, and removed reference to CCI 169 in
auditd enabled rule, per DISA FSO comments (rows 79, 101)
3ee1686 - David Smith, 6 weeks ago : added text to manually stop autofs
service, per DISA FSO comments (row 57)
e3e94b7 - David Smith, 6 weeks ago : added text to manually stop running
bluetooth service, per DISA FSO comments (row 58)
ad30f25 - David Smith, 6 weeks ago : added CCI 157 as PNF, per DISA FSO
spreadsheet (row 89)
4dab29c - Shawn Wells, 6 weeks ago : Fixing up typos Fixing up typos
8d7ae49 - Shawn Wells, 6 weeks ago : Finished mappings through AC-*
40a87f8 - Shawn Wells, 7 weeks ago : Added mappings for AC-18*,
disablement of wireless capabilities Updated granularity of existing
mappings
b4bd239 - Shawn Wells, 7 weeks ago : Added mappings against AC-17* Added
serveral mappings against the AC-17* requirements, broke them down into
sup compartments AC-17(1), AC-17(a), etc
4adb50f - Shawn Wells, 7 weeks ago : Created auxiliary mappings file for
NIST profiles
a24d2de - Shawn Wells, 7 weeks ago : Initial profile for NIST
low/low/low Initial profile for NIST low/low/low Much work left to do!
5196076 - Shawn Wells, 7 weeks ago : Updated AC-11* mappings Reflect
granularity of AC-11(a), (b), and (1)
a39d805 - Shawn Wells, 7 weeks ago : Updated mappings of AC-8* Updated
to reflect granularity of AC-8(a-c)
d2c1abe - Shawn Wells, 7 weeks ago : Updated mappings for AC-7* Updated
mappings to reflect granularity of AC-7(a) vs AC-7(b)
9c7696d - Shawn Wells, 7 weeks ago : Updated mappings for AC-6* Updated
serveral mappings for AC-6. A key distinction between AC-6 and CM-6/CM-7
is that AC-6 calls for least privilege -- e.g. file permissions --
whereas the later CM-* sections call out least functionality (e.g. only
ssh can listen on port 22).
253d7ed - Shawn Wells, 7 weeks ago : Removed AC-4 mappings Removed
numberous AC-4 mappings. AC-4 calls for the IS to *enforce* flow control
(e.g. turn on iptables, selinux) but does not give configuration
guidance. This is enabled in later controls.
22ac728 - Shawn Wells, 7 weeks ago : Removed AC-3 mapping against
various rules AC-3 states that DAC and MAC systems must be enabled, and
that FIPS used whenever possible. It does *not* call out file
permissions, network firewalls, etc... those things are set later (e.g.
CM-6, SC-*).
9ea1fef - Shawn Wells, 7 weeks ago : Removed "strict" from
var_selinux_policy_name There is no strict mode in RHEL6 -- only
targeted or mls
d42cbb0 - Shawn Wells, 7 weeks ago : Mapped audit_sysadmin_actions to
AC-2(7)(b) Req calls for tracking/monitoring privileged role
assignments, which is done through sudoers
3c8d744 - Shawn Wells, 7 weeks ago : Mapped account_temp_expire_date and
account_disable_post_pw_expiration to AC-2(2) and AC-2(3) Mapped
account_temp_expire_date and account_disable_post_pw_expiration to
AC-2(2) and AC-2(3)
be85b19 - Shawn Wells, 7 weeks ago : Mapped to correct rule
(account_temp_expire_date) Former mapping didn't exist, needed to be
mapped to account_temp_expire_date
3e8bb4a - Shawn Wells, 7 weeks ago : Mapped sshd_use_approved_ciphers to
AC-3 AC-3 requires FIPS 140-2 certified ciphers
b89c184 - Shawn Wells, 7 weeks ago : Removed AC-2 mapping from
ldap_server_config_olcrootpw Setting a root password does not correspond
to AC-2. Removing mapping.
f1ad064 - Shawn Wells, 7 weeks ago : Updated verify-references.py to
ignore ocil-transitional The verify-references.py script was generating
significant noice on our OCIL checks, however ocil-transitional is
expected as it generates our "this is a finding if...." language.
ded873a - Jeffrey Blank, 7 weeks ago : typo fixups
517042b - David Smith, 7 weeks ago : added/changed NIST 800-53 references
eacf98a - Jeffrey Blank, 8 weeks ago : banner language fixup
b8a1dd1 - Jeffrey Blank, 8 weeks ago : CCI ref fixup
158de20 - Jeffrey Blank, 8 weeks ago : added new CCE IDs per michele's
post to list
9194d00 - Jeffrey Blank, 8 weeks ago : adding additional lockout Rules
to STIG profile
b2e7af0 - Jeffrey Blank, 8 weeks ago : adding additional, granular
account lockout Rules
652a1e2 - Jeffrey Blank, 8 weeks ago : adding ref to ip6tables to stay
in sync with iptables
276a335 - Jeffrey Blank, 8 weeks ago : language requiring establishment
of automatic/regular updates per SRG
0f43c2e - Jeffrey Blank, 8 weeks ago : minor wording tweaks to account
expiration, for consistency
b10d5da - Jeffrey Blank, 8 weeks ago : SRG mapping fixups per FSO, new
alt-titles
a150042 - Jeffrey Blank, 8 weeks ago : added new Rule for temporary
account expiration, also to stig profile
c44a14a - Jeffrey Blank, 8 weeks ago : improved checks and text so that
unlabeled devices are recursively sought
e51326e - David Smith, 8 weeks ago : changed rule to use "screen"
instead of "vlock"
1a29670 - David Smith, 8 weeks ago : changed periods back to colons,
where appropriate
9623ff9 - Jeffrey Blank, 8 weeks ago : bugfix for dropping SRGs (lacking
Rules which reference them) from flat table output
0e44520 - Jeffrey Blank, 9 weeks ago : SRG/CCI reference fixups per FSO
feedback from 11/20
82ab793 - Jeffrey Blank, 9 weeks ago : removal of reference inside Group
0a4b04f - Jeffrey Blank, 9 weeks ago : updates to CCI references for
Rules in auditing, software integrity * audit tools are protected with
vendor default permissions
b61c33e - Jeffrey Blank, 9 weeks ago : provided details that the RHEL
auditing system meets SRG requirements
8922528 - Jeffrey Blank, 9 weeks ago : support for adding SRG ID items
to unflattened profile table
d81ca52 - Jeffrey Blank, 9 weeks ago : removing CCI refs when attached
to Groups, in favor of Rules or srg_support
ac3c110 - Jeffrey Blank, 9 weeks ago : added Rule for encrypting
partitions to stig profile
1accaf2 - Jeffrey Blank, 9 weeks ago : new alt-titles for STIG Rules,
CCI references updates
3beba3c - Jeffrey Blank, 9 weeks ago : adding creation of new
SRG-complete table with CCI refs combined (vs flattened)
7ff92e2 - Jeffrey Blank, 9 weeks ago : rework of CCI references in SRG
support file to indicate selection on DoD baselines
1416f0d - Jeffrey Blank, 9 weeks ago : adjusting DISA CCI references in
system config items
daf1ea0 - Michele Newman, 9 weeks ago : Added to profile and updated text.
8ee63a3 - Michele Newman, 9 weeks ago : Added new rule per ticket #120
(snmp non-default password use)
981d74b - David Smith, 9 weeks ago : mapped to SRG requirements
3d51bcb - David Smith, 9 weeks ago : added a few items to 'met inherently'
76b007c - David Smith, 9 weeks ago : commented two items out from profile
de61168 - David Smith, 9 weeks ago : Added check text where needed
34a039c - Shawn Wells, 10 weeks ago : Bugfix: Typos in
input/system/permissions/files.xml Fixes the following errors: $ make
all cd RHEL6 && make make[1]: Entering directory
`/var/www/html/scap-security-guide/RHEL6' xsltproc -o
output/rhel6-shorthand.xml input/guide.xslt input/guide.xml
input/system/permissions/files.xml:196: parser error : expected '>'
stored in <tt>/lib/modules</</tt>>. All files in these
directories ^
input/system/permissions/files.xml:196: parser error : Opening and
ending tag mismatch: tt line 196 and unparseable stored in
<tt>/lib/modules</</tt>>. All files in these
directories ^
input/system/permissions/files.xml:196: parser error : Opening and
ending tag mismatch: description line 187 and tt stored in
<tt>/lib/modules</</tt>>. All files in these
directories ^
input/system/permissions/files.xml:201: parser error : Opening and
ending tag mismatch: Rule line 185 and description
</description> ^ input/system/permissions/files.xml:213:
parser error : Opening and ending tag mismatch: Group line 176 and Rule
</Rule> ^ input/system/permissions/files.xml:304: parser error :
Extra content at the end of the document <Rule
id="sticky_world_writable_dirs"> ^
ffc2184 - Jeffrey Blank, 10 weeks ago : adding new column with check
instructions
fcc7756 - Jeffrey Blank, 10 weeks ago : include check instructions in
SRG mapping tables
530a3d6 - Jeffrey Blank, 10 weeks ago : ensure guide generation does not
trample other tempfiles
7219778 - Jeffrey Blank, 2 months ago : fixed characters to escape ampersand
276155d - Jeffrey Blank, 2 months ago : added new Rules to create Rule
table, including any SRG items not tied to specific configuration action
b328960 - Jeffrey Blank, 2 months ago : new transform to add items from
an SRG mapping table to a Rule table
333f98e - Jeffrey Blank, 2 months ago : added xhtml files to gitignore
in output
5fcf118 - Michele Newman, 2 months ago : Make was failing, had to escape
the double ampersand. Ticket #164.
f955a97 - Michele Newman, 2 months ago : Changed "isn't" to "is not".
e823036 - Michele Newman, 2 months ago : Changes per ticket #155.
e573590 - Michele Newman, 2 months ago : Changes per ticket #152.
f9de8d1 - Michele Newman, 2 months ago : Changes per ticket #151.
1bdc958 - Michele Newman, 2 months ago : Changes per ticket #143.
0b1ece9 - Michele Newman, 2 months ago : Changes per ticket #138.
30ac0ef - Michele Newman, 2 months ago : Changes per ticket #137.
f6b6fee - Michele Newman, 2 months ago : Changed pet ticket #135.
3576abb - Michele Newman, 2 months ago : Changed per ticket #139.
4e112a4 - Michele Newman, 2 months ago : Changing IPtables to reflect
RHEL 6 style, ticket #105.
a624af0 - Michele Newman, 2 months ago : Changed content as per ticket #147.
0ea406b - Shawn Wells, 2 months ago : DISA FSO requested updates to
RHEL6/input/system/permissions/files.xml DISA FSO requested updates to
RHEL6/input/system/permissions/files.xml Closing ticke
https://fedorahosted.org/scap-security-guide/ticket/157
7221833 - Shawn Wells, 2 months ago : DISA FSO requested updates to
RHEL6/input/system/permissions/mounting.xml DISA FSO requested updates
to RHEL6/input/system/permissions/mounting.xml Closing ticket
https://fedorahosted.org/scap-security-guide/ticket/158
7f3f414 - Shawn Wells, 2 months ago : DISA FSO requested updates to
RHEL6/input/system/accounts/physical.xml DISA FSO requested updates to
RHEL6/input/system/accounts/physical.xml Closing
https://fedorahosted.org/scap-security-guide/ticket/141
0572166 - Shawn Wells, 2 months ago : DISA FSO requested updates to
RHEL6/input/system/selinux.xml DISA FSO requested updates to
RHEL6/input/system/selinux.xml Closing ticket
https://fedorahosted.org/scap-security-guide/ticket/160
607ff19 - Shawn Wells, 2 months ago : DISA FSO requested updates to
RHEL6/input/system/software/disk_partitioning.xml DISA FSO requested
updates to RHEL6/input/system/software/disk_partitioning.xml
11f3bb5 - Shawn Wells, 2 months ago : DISA FSO requested updates to
RHEL6/input/system/software/integrity.xml DISA FSO requested updates to
RHEL6/input/system/software/integrity.xml
https://fedorahosted.org/scap-security-guide/ticket/162 --> closed
43c14d9 - Shawn Wells, 2 months ago : DISA FSO requested updates to
RHEL6/input/system/software/updating.xml DISA FSO requested updates to
RHEL6/input/system/software/updating.xml Thank you FSO for the copy editing!
b9549e0 - Shawn Wells, 2 months ago : Renamed STIG-server to
"stig-rhel6-server"
5a65f36 - Shawn Wells, 3 months ago : DISA FSO requested updates to
RHEL6/input/system/accounts/pam.xml DISA FSO requested updates to
RHEL6/input/system/accounts/pam.xml Ticket
https://fedorahosted.org/scap-security-guide/ticket/140 Thanks for the
copy editing!
47f8df4 - Shawn Wells, 3 months ago : Updated RPM package - Updated
build requires to include python-lxml - Rebased to noarch
662748d - Shawn Wells, 3 months ago : Releasing 0.1-8 Updated associated
build files to reflect 0.1-8
d4a25e9 - Shawn Wells, 3 months ago : Undoing inclusion of supplemental
mappings into XCCDF/STIG Profile
5780b87 - Shawn Wells, 3 months ago : Rollback FSO : to . copy editing
Rollback FSO : to . copy editing
9a9a407 - Simon Lukasik, 3 months ago : Do not select the Group but the
Rule.
4847c46 - Michele Newman, 3 months ago : Changed per ticket #132.
85d496c - Michele Newman, 3 months ago : Added per ticket #131.
770f8e7 - Michele Newman, 3 months ago : Added per ticket #130.
d586593 - Michele Newman, 3 months ago : Added per ticket #129.
4a334d7 - Michele Newman, 3 months ago : Added per ticket #128.
4a1f892 - Michele Newman, 3 months ago : Added per ticket 127
d01a898 - Michele Newman, 3 months ago : Added per ticket #126.
d751a0d - Michele Newman, 3 months ago : Added per ticket 125.
f9c9cc7 - Michele Newman, 3 months ago : Added per ticket #124.
963f1b5 - Michele Newman, 3 months ago : Added per ticket #123.
257bfd9 - Michele Newman, 3 months ago : Added per ticket #122.
79f7263 - Michele Newman, 3 months ago : Spelling errors were fixed.
bf8eae7 - Shawn Wells, 3 months ago : DISA FSO provided copy editing of
RHEL6/input/services/printing.xml DISA FSO provided copy editing of
RHEL6/input/services/printing.xml
89357ce - Shawn Wells, 3 months ago : DISA FSO provided copy edits of
RHEL6/transforms/shorthand2xccdf.xslt DISA FSO provided copy edits of
RHEL6/transforms/shorthand2xccdf.xslt
32b587f - Shawn Wells, 3 months ago : Updates to DNS, FTP, LDAP copy
editing Updates to DNS, FTP, LDAP copy editing
9f6a7e0 - Shawn Wells, 3 months ago : DISA FSO provided copy editing of
RHEL6/input/services/obsolete.xml DISA FSO provided copy editing of
RHEL6/input/services/obsolete.xml
313f34e - Shawn Wells, 3 months ago : DISA FSO copy editing of
RHEL6/input/services/ntp.xml DISA FSO copy editing of
RHEL6/input/services/ntp.xml
264bee2 - Shawn Wells, 3 months ago : DISA FSO provided copy editing of
RHEL6/input/services/nfs.xml
74e9b06 - Shawn Wells, 3 months ago : DISA FSO copy editing of
RHEL6/input/services/mail.xml DISA FSO copy editing of
RHEL6/input/services/mail.xml
d360193 - Shawn Wells, 3 months ago : DISA FSO provided copy editing of
RHEL6/input/services/ldap.xml DISA FSO provided copy editing of
RHEL6/input/services/ldap.xml
b1f1dcc - Shawn Wells, 3 months ago : DISA FSO provided copy editing of
RHEL6/input/services/imap.xml DISA FSO provided copy editing of
RHEL6/input/services/imap.xml
d237f50 - Shawn Wells, 3 months ago : DISA FSO provided copy editing of
RHEL6/input/services/ftp.xml DISA FSO provided copy editing of
RHEL6/input/services/ftp.xml
607fcd0 - Shawn Wells, 3 months ago : DISA FSO provided copy editing of
RHEL6/input/services/dns.xml DISA FSO provided copy editing of
RHEL6/input/services/dns.xml
6379c05 - Shawn Wells, 3 months ago : DISA FSO provided copy editing of
RHEL6/input/services/dhcp.xml DISA FSO provided copy editing of
RHEL6/input/services/dhcp.xml
af70cba - Shawn Wells, 3 months ago : DISA FSO copy editing of
RHEL6/input/services/cron.xml DISA FSO copy editing of
RHEL6/input/services/cron.xml
2a61a55 - Shawn Wells, 3 months ago : DISA FSO: Copy editing of Avahi
section DISA FSO provided copy editing of the Avahi section
f3a5a03 - Shawn Wells, 3 months ago : Further auxiliary titles copy
editing Spelt out numberical requirements
809da4a - Shawn Wells, 3 months ago : DISA FSO: Copy editing of
auxiliary titles Modified "require passwords contain" --> "require
passwords to contain" per feedback from DISA FSO
dea6020 - Michele Newman, 3 months ago : Changed shell to non-priviledged.
f48f504 - Michele Newman, 3 months ago : Made shell to non-priviledged.
b4c5e2e - Michele Newman, 3 months ago : Removed comma.
813fd20 - Michele Newman, 3 months ago : Moved command output after grep
command.
0a98746 - Michele Newman, 4 months ago : Changed to easier check command.
926667e - Michele Newman, 4 months ago : Prompt must be for priviledged
user(#), not normal user ($).
2458cd4 - Michele Newman, 4 months ago : Added filename for reference.
8a02ba8 - Michele Newman, 4 months ago : Audit rule requires arch type.
21cad5a - Michele Newman, 4 months ago : Changed check text to be
consistent.
594e1b0 - Michele Newman, 4 months ago : Changed command to be
consistent with others.
c8c13bd - Michele Newman, 4 months ago : Fix command was referencing
account info not network.
99be990 - Michele Newman, 4 months ago : Added example command.
fd66a0a - Michele Newman, 4 months ago : Added example command.
34c32a1 - Michele Newman, 4 months ago : Added example command.
0b7a9aa - Shawn Wells, 4 months ago : Added RPM dependency on
openscap-utils >= 0.9.1
60394d1 - Shawn Wells, 4 months ago : Releasing 0.1-7 RPM - Updated
XCCDF content to fix user reported bugs - Added note about --cpe-dict
c67bab3 - Shawn Wells, 4 months ago : Commented out erronious text in
configure_logwatch_on_logserver Commented out erronious text in
configure_logwatch_on_logserver
11c3e67 - Shawn Wells, 4 months ago : ensure_logrotate_activated comment
not ended appropriately ensure_logrotate_activated comment not ended
appropriately
c48f0eb - Shawn Wells, 4 months ago : Updated STIG-server, fixed typo in
rule of "service_postfix_enable" Updated STIG-server, fixed typo in rule
of "service_postfix_enable"
69ccd61 - Shawn Wells, 4 months ago : removing scratch files
bade928 - David Smith, 4 months ago : changed password history alt title
for consistency
01a5a5b - David Smith, 4 months ago : slight text modification
3220a8e - David Smith, 4 months ago : corrected severity listing for SELinux
81adc3e - David Smith, 4 months ago : slight modification of text
6677413 - David Smith, 4 months ago : Modified text from "three" to "3"
in password lockout rule
320da24 - David Smith, 4 months ago : removed text referring to earlier
issues with CBC ciphers
78bf4e1 - David Smith, 4 months ago : OCIL clause fix
227dce9 - Michele Newman, 4 months ago : Added formatting.
1d94d19 - Shawn Wells, 4 months ago : test
f42854d - Shawn Wells, 4 months ago : test
22836ac - Michele Newman, 4 months ago : Removed extraneous quote.
7882027 - Michele Newman, 4 months ago : Wrong filename.
1eb9996 - Michele Newman, 4 months ago : Filename was not provided.
d457996 - Michele Newman, 4 months ago : Filename was wrong.
263623d - Michele Newman, 4 months ago : Directory name was wrong.
b02bffe - Michele Newman, 4 months ago : Fixed spelling errors.
1e22709 - Michele Newman, 4 months ago : Fixed spelling error.
123212c - Michele Newman, 4 months ago : Configuration was referencing
wrong setting.
83e778b - Shawn Wells, 4 months ago : Updated OCIL clause for
package_rsyslog_installed Old clause made it a finding if the package
WAS installed. Needs to be a finding only if NOT installed.
4703f71 - Michele Newman, 4 months ago : The at daemon service is
spelled "atd".
3840405 - Michele Newman, 4 months ago : Macro was referencing the wrong
audit syscall.
60807b9 - Michele Newman, 4 months ago : Macro was referring to wrong
audit check.
67a7d3e - Michele Newman, 4 months ago : The check is refering to chmod
not fchmod.
deb736a - Michele Newman, 4 months ago : Added full path.
69f8164 - Michele Newman, 4 months ago : Fixed spelling errors.
2ac295e - Michele Newman, 4 months ago : Fixed spelling errors.
37cdab6 - Michele Newman, 4 months ago : Fixed spelling errors.
d210aaf - Michele Newman, 4 months ago : Fixed spelling errors.
62332bc - Michele Newman, 4 months ago : Added command for check.
64447ad - Michele Newman, 4 months ago : Replaced the space between the
kernel setting and value to an "=", so if copy/pasted it would work
properly.
6200027 - Michele Newman, 4 months ago : Removed trailing "/" after
filename.
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
