stable

scap-security-guide-0.1.75-1.fc40

FEDORA-2024-c2dc530cf3 created by mburket 2 months ago for Fedora 40

Important Highlights

  • Add new product kylinserver10 (#12393)
  • Create OL10 product (#12290)
  • Update PCI-DSS control file for version 4.0.1 (#12435)

New Rules and Profiles

  • [New Rule] Package kea removed (#12464)
  • Add Ism profile for ol8 (#12493)
  • Add Ism profile to OL9 (#12346)
  • Create CIS rules for login banners (#12472)
  • New rule tftp_uses_secure_mode_systemd (#12436)
  • Update chrony rules for RHEL 10 (#12415)
  • Update RHEL 9 STIG to V2R2 (#12551)

Changes in Remediations

  • Add ansible remediation configure_bind_crypto_policy (#12325)
  • Add ansible remediation to ensure_oracle_gpgkey_installed rule (#12323)
  • Add ansible remediation to mount_option_home template (#12546)
  • Add ansible remediaton for rsyslog_cron_logging rule (#12326)
  • Add insensitive option to ansible_lineinfile macro (#12314)
  • Add rule accounts_tmout to SLE Micro 5 STIG profile (#12524)
  • Add rule security_patches_up_to_date to SLE Micro 5 STIG profile (#12506)
  • Add rules to support remote offload of journal logs (#12479)
  • Add support for XCCDF variables into sshd_lineinfile template (#12251)
  • Added remediation and tests for the rule permissions_local_var_log_audit (#12360)
  • Avoid tmpfiles override (#12218)
  • Bring bash version in-sync with Ansible (#12398)
  • Change flags cleanup (#12397)
  • Create CIS rules for login banners (#12472)
  • Don't autoremove packages on dnf package uninstall (#12389)
  • Fix "unknown predicate -L" (#12305)
  • Fix ansible remediation for audispd plugin UBTU-20-010216 (#12293)
  • Skip users with ID above UID MAX on accounts_user_interactive_home_directory_defined (#12527)
  • SLE15 related fixes in ntp and aide rules (#12548)
  • Slmicro5 stig add accounts and software rules support (#12364)
  • Update ansible remediation to harden_sshd_ciphers_openssh_conf_crypto_policy rule (#12324)
  • Update bash remediation to fix bug into account_disable_inactivity* (#12134)
  • Update remedation for firewalld_sshd_port_enabled (#12522)
  • Update select rules for RHEL not to modify systemd units in /usr (#12486)
  • Update SLE12 STIG version to V3R1 (#12580)
  • Update SLE15 STIG version to V2R2 (#12570)

Changes in Checks

  • Add "is_substring" variable to grub2_bootloader_argument template (#12308)
  • Add OL9 into installed_OS_is_vendor_supported (#12333)
  • Add rule accounts_tmout to SLE Micro 5 STIG profile (#12524)
  • Add support for XCCDF variables into sshd_lineinfile template (#12251)
  • convert more rules to sshd_lineinfile template (#12301)
  • Create CIS rules for login banners (#12472)
  • enhance the grub2_argument template to cover more use cases (#12375)
  • Fix Audit related rules in RHEL 10 (#12359)
  • Fix inventory_test_kernel_installed for SLE (#12516)
  • Remove redundant sshd oval macro (#12532)
  • Slmicro5 stig add accounts and software rules support (#12364)
  • Update SLE15 STIG version to V2R2 (#12570)

Removed Products

  • Remove uos20 (#12248)

Fixed Bugs

  • Remove installed_OS_is_FIPS_certified from sshd_use_approved_ciphers (#12242)
  • firewalld_sshd_port_enabled add zone to all connections (#12256)
  • Create CIS rules for login banners (#12472)
  • Disable sysctl_kernel_modules_disabled Ansible remediation (#12514)
  • Explicitly state FindOpenSCAP cmake so it loads before it's used. (#12538)
  • Extend mount_option_nodev_nonroot_local_partitions (#12270)
  • Fix crypto policy selection rhel10 (#12466)
  • Fix references section in the workshop artificial rule data. (#12261)
  • Fix title of var_networkmanager_dns_mode (#12258)
  • Remove enable_dracut_fips_module from RHEL 10 profiles (#12467)
  • Two CIS RHEL 9 enhancements (#12453)
  • Update Account Home Folder Rules (#12465)
  • Update audit_rules_suid_privilege_function to use ExecStart instead of ExecStartPost (#12549)
  • Update Regex for sudoers_explicit_command_args (#12350)
  • Update SLE15 STIG version to V2R1 (#12269)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-c2dc530cf3

This update has been submitted for testing by mburket.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'passed'.

2 months ago

This update has been pushed to testing.

2 months ago

This update has been submitted for stable by bodhi.

2 months ago

This update has been pushed to stable.

2 months ago

Please login to add feedback.

Metadata
Type
unspecified
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
2 months ago
approved
2 months ago
BZ#2303894 scap-security-guide-0.1.75 is available
0
0

Automated Test Results