You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[Enhancement] [RHEL/7] Assign CCE identifiers to RHEL-7 rules
[Enhancement] [RHEL/7] Added a new CJIS profile (Criminal Justice Information Services (CJIS) Security Policy)
[Enhancement] [Debian/8] Add profile for each ANSSI hardning level for NP targets (ansi_np_nt28_eleve, ansi_np_nt28_intermediaire, ansi_np_nt28_minimal, ansi_np_nt28_restreint)
[Enhancement] Don't rely on absolute path of the shell remediation functions library to be able to perform remediations (remediations are now part of benchmarks themselves)
XCCDF changes / enhancements:
[Fedora] Separate dconf settings into dedicated 'Gnome Desktop Environment' XCCDF section
[RHEL/6] Move most GNOME checks into their own file, Add new GNOME XCCDF and OVAL content (Fixes #1205)
[Enhancement][RHEL/7] Create a STIG for GUI-enabled systems (Create a RHEL7 GUI STIG, Create a RHEL7 Workstation STIG for future use, Remove DConf checks from the stig-rhel7-server-upstream profile and add to the new stig-rhel7-server-gui-upstream profile) (Fixes #481)
[BugFix] [RHEL/7] Fix multiple invalid selector warnings when scanning against "stig-rhel7-server-upstream" profile
[BugFix] [RHEL/6] [RHEL/7] Add warning note for ctrl-alt-delete key sequence
[Enhancement][RHEL/6] Add STIG GUI profiles for RHEL6
[Enhancement][RHEL/7] Disable CTRL-ALT-DEL in GUI profile
[Enhancement][RHEL/7] Add SELinux boolean XSLT macros (Add a single enable/disable SELinux boolean macro, Add a single enable/disable SELinux boolean check macro)
[Enhancement][RHEL/7] Add RHEL/7 STIG Reference Identifiers (Add RHEL/7 STIG identifier, Add RHEL/7 OS URI Link)
[Enhancement] [RHEL/7] Added a new CJIS profile (Criminal Justice Information Services (CJIS) Security Policy)
[Enhancement][RHEL/7] Add initial sudoers content (Add initial sudo content to check for NOPASSWD and !authenticate in sudoers for RHEL7 STIG, Fixes #1015)
[Enhancement][RHEL6/7] Add FIPS XCCDF and OVAL content (Adds FIPS GRUB & GRUB2 XCCDF and OVAL content, Fixes #998)
[Enhancement][Fedora][RHEL/7] Add UEFI XCCDF/OVAL content (Add new UEFI XCCDF/OVAL content, Make sure that if /boot/grub2.cfg or /boot/efi/EFI//grub.cfg does not exist to not fail the check, Fixes #1162)
[BugFix] [RHEL/7] [Fedora] Update form of 'disable_interactive_boot' rule for Systemd (RHEL/7, Fedora) based systems (update all XCCDF, OVAL, and remediations)
[Bugfix] Move Chromium XCCDF content to XCCDF directory
[Bugfix] FIPS grub XCCDF and OVAL
[BugFix] [RHEL/6] [RHEL/7] [Fedora] Rewrite XCCDF prose for 'no_shelllogin_for_systemaccounts' rule not to mention hardcoded UIDs (use UID_MIN instead)
[BugFix] [RHEL/6] [RHEL/7] [Fedora] Modify 'standard' profiles to comment out the rules currently returning 'notapplicable' result (needs investigation of reasons why it's behaving so, and fixing the issues prior re-enabling them back)
[Enhancement][RHEL/7] Add SELinux OVAL templates (Add initial sebool OVAL templates, Create new shared/template folder for future template consolidation work)
[BugFix] updating RHEL5 file_permissions_ungroupowned to use shared/version
[Enhancement] Add PPC and PPC64LE System Architecture (Add PPC and PPC64LE OVAL checking support)
[Enhancement] Examine /etc/profile.d/*.sh for TMOUT
[Bugfix][RHEL6/7] Add IPv6 equivalents to IPv4 sysctl (Adds IPv6 XCCDF/OVAL content that is equivalent to IPv4 sysctl XCCDF/OVAL content NOTE: Not all IPv4 sysctl XCCDF/OVAL content has correspond IPv6 sysctl equivalents, Fixes #1214)
[RHEL/7] [bugfix] Check for FIPS in DEFAULT grub line if DEFAULT line exists
[BugFix] [shared] Rewrite OVAL for 'no_shelllogin_for_systemaccounts' rule so it wouldn't always perform the check on hardcoded <0, 499> UID range
[BugFix] [RHEL/7] Modify RHEL-7 OVAL for 'install_PAE_kernel_on_x86-32' rule not to fail on 64-bit (any not 32-bit system)
[BugFix] [RHEL/7] Generate xccdf:metadata (Dublin Core , , (s), and
[BugFix] [Debian/8] [Fedora] [Firefox] [Chromium] [JBoss/Fuse/6] [JRE] [OpenStack/RHEL-OSP/7] [RHEL/5] [RHEL/6] [RHEVM3] [Webmin] Generate xccdf:metadata element of Debian/8 benchmark dynamically (from content of Contributors.md and value of selected internal values)
[Enhancement] [RHEL/7] Apply the newly introduced shell variables and remediation functions XCCDF expansion (translation into XCCDF <sub> elements) against RHEL-7 benchmark
[Enhancement][Infrastructure] Apply the new remediations as xccdf:Value functionality to the remaining benchmarks too (Webmin, RHEVM3, RHEL/6, RHEL/5, OpenStack/RHEL-OSP/7, JRE, JBoss/Fuse/6, JBoss/EAP/5, Firefox, Fedora, Debian/8, and Chromium)
[BugFix] Multiple fixes in expand_xccdf_subs() routine of the combineremediations.py helper
[BugFix] [Infrastructure] Fix currently failing 'make content' for RHEL/6 content due to undefined 'cisuri' variable (Fixes #1288)
Infrastructure:
[Fedora] Add Fedora 25 CPE to Fedora benchmark
[BugFix] [Infrastructure] add_cce_id_refs_to_oval_checks routine - When propagating CCE identifiers from XCCDF to specific OVAL verify particular CCE ID has correct form (either 'CCE-XXXX-X' or 'CCE-XXXXX-X') (Fixes #1228, #1229, #1230)
[BugFix] [Infrastructure] Verify if CCE identifiers listed in various SSG XCCDF benchmarks have the correct form (either 'CCE-XXXX-X' or 'CCE-XXXXX-X')
[BugFix] Use proper rule names in various RHEL/5, RHEL/6, RHEL/7, and RHEVM3 profiles
[Bugfix][Infrastructure] Print message for unused remediation scripts during build
[Enhancement] Don't rely on the absolute path of the remediation functions library when performing remediations (Instead of that transform necessary shell variables and remediation functions calls into corresponding XCCDF <sub> elements to be present directly in the benchmark, Fixes #590, Fixes #1055)
[Enhancement][Infrastructure] Remove Red Hat identifiers from derivatives
[Enhancement][Infrastructure] Add new shared_shorthand2xccdf.xslt
[Enhancement][Infrastructure] Update more content to use shared_shorthand2xccdf.xslt (Enhances Fedora, Debian, RHEL-OSP, and RHEL5/7 to use the new shared_shorthand2xccdf.xslt)
[Enhancement] [Infrastructure] Use "hidden" and "prohibitChanges" attributes set to "true" for xccdf:Values representing remediation routines
[BugFix] [Infrastructure] Perform a sanity check while performing XCCDF <sub idref=...> substitution for remediation functions (Exit with failure (1) if some of the functions wasn't substituted properly)
[BugFix] [Infrastructure] When performing XCCDF <sub> substitution expand also functions not having some arguments in the function call
[BugFix] [Infrastructure] If some of the remediation functions recursively calls another remediation function, we need to define also the called function