Skip to content

Debian13 20260702#14851

Open
a-skr wants to merge 6 commits into
ComplianceAsCode:masterfrom
a-skr:debian13-20260702
Open

Debian13 20260702#14851
a-skr wants to merge 6 commits into
ComplianceAsCode:masterfrom
a-skr:debian13-20260702

Conversation

@a-skr

@a-skr a-skr commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Description:

  • add a debian13 test container
  • update debian13 cis benchmarks
  • add some new rules related to apt configuration
  • add CIS related profiles

@openshift-ci openshift-ci Bot added the needs-ok-to-test Used by openshift-ci bot. label Jul 2, 2026
@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown

Hi @a-skr. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_aide_installed'.
--- xccdf_org.ssgproject.content_rule_package_aide_installed
+++ xccdf_org.ssgproject.content_rule_package_aide_installed
@@ -212,6 +212,9 @@
 R79
 
 [reference]:
+6.3.1
+
+[reference]:
 1034
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_aide_build_database'.
--- xccdf_org.ssgproject.content_rule_aide_build_database
+++ xccdf_org.ssgproject.content_rule_aide_build_database
@@ -237,6 +237,9 @@
 R79
 
 [reference]:
+6.3.1
+
+[reference]:
 11.5.2
 
 [rationale]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_aide_periodic_checking_systemd_timer'.
--- xccdf_org.ssgproject.content_rule_aide_periodic_checking_systemd_timer
+++ xccdf_org.ssgproject.content_rule_aide_periodic_checking_systemd_timer
@@ -224,6 +224,9 @@
 R76
 
 [reference]:
+6.3.2
+
+[reference]:
 11.5.2
 
 [rationale]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_sudo_installed'.
--- xccdf_org.ssgproject.content_rule_package_sudo_installed
+++ xccdf_org.ssgproject.content_rule_package_sudo_installed
@@ -20,6 +20,9 @@
 R33
 
 [reference]:
+5.2.1
+
+[reference]:
 1386
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sudo_add_use_pty'.
--- xccdf_org.ssgproject.content_rule_sudo_add_use_pty
+++ xccdf_org.ssgproject.content_rule_sudo_add_use_pty
@@ -16,6 +16,9 @@
 R39
 
 [reference]:
+5.2.2
+
+[reference]:
 2.2.6
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_pam_pwquality_installed'.
--- xccdf_org.ssgproject.content_rule_package_pam_pwquality_installed
+++ xccdf_org.ssgproject.content_rule_package_pam_pwquality_installed
@@ -10,6 +10,9 @@
 [reference]:
 SRG-OS-000480-GPOS-00225
 
+[reference]:
+5.3.1.3
+
 [rationale]:
 Use of a complex password helps to increase the time and resources required
 to compromise the password. Password complexity, or strength, is a measure

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny'.
--- xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny
+++ xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny
@@ -139,6 +139,9 @@
 R31
 
 [reference]:
+5.3.3.1.1
+
+[reference]:
 0421
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time'.
--- xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time
+++ xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time
@@ -153,6 +153,9 @@
 R31
 
 [reference]:
+5.3.3.1.2
+
+[reference]:
 0421
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit
@@ -178,6 +178,9 @@
 R31
 
 [reference]:
+5.3.3.2.3
+
+[reference]:
 0421
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit
@@ -178,6 +178,9 @@
 R31
 
 [reference]:
+5.3.3.2.3
+
+[reference]:
 0421
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass
@@ -183,6 +183,9 @@
 R68
 
 [reference]:
+5.3.3.2.3
+
+[reference]:
 0421
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen
@@ -181,6 +181,9 @@
 
 [reference]:
 R68
+
+[reference]:
+5.3.3.2.2
 
 [reference]:
 0421

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit
@@ -177,6 +177,9 @@
 R31
 
 [reference]:
+5.3.3.2.3
+
+[reference]:
 0421
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit
@@ -181,6 +181,9 @@
 R31
 
 [reference]:
+5.3.3.2.3
+
+[reference]:
 0421
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_logindefs'.
--- xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_logindefs
+++ xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_logindefs
@@ -171,6 +171,9 @@
 
 [reference]:
 SRG-OS-000073-GPOS-00041
+
+[reference]:
+5.4.1.4
 
 [reference]:
 0418

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_tmout'.
--- xccdf_org.ssgproject.content_rule_accounts_tmout
+++ xccdf_org.ssgproject.content_rule_accounts_tmout
@@ -151,6 +151,9 @@
 R32
 
 [reference]:
+5.4.3.2
+
+[reference]:
 8.6.1
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_user_dot_group_ownership'.
--- xccdf_org.ssgproject.content_rule_accounts_user_dot_group_ownership
+++ xccdf_org.ssgproject.content_rule_accounts_user_dot_group_ownership
@@ -23,6 +23,9 @@
 [reference]:
 R50
 
+[reference]:
+7.2.10
+
 [rationale]:
 Local initialization files for interactive users are used to configure the
 user's shell environment upon logon. Malicious modification of these files could

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_user_dot_user_ownership'.
--- xccdf_org.ssgproject.content_rule_accounts_user_dot_user_ownership
+++ xccdf_org.ssgproject.content_rule_accounts_user_dot_user_ownership
@@ -21,6 +21,9 @@
 [reference]:
 R50
 
+[reference]:
+7.2.10
+
 [rationale]:
 Local initialization files are used to configure the user's shell environment
 upon logon. Malicious modification of these files could compromise accounts upon

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permission_user_init_files'.
--- xccdf_org.ssgproject.content_rule_file_permission_user_init_files
+++ xccdf_org.ssgproject.content_rule_file_permission_user_init_files
@@ -13,6 +13,9 @@
 [reference]:
 R50
 
+[reference]:
+7.2.10
+
 [rationale]:
 Local initialization files are used to configure the user's shell environment
 upon logon. Malicious modification of these files could compromise accounts upon

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_umask_etc_bashrc'.
--- xccdf_org.ssgproject.content_rule_accounts_umask_etc_bashrc
+++ xccdf_org.ssgproject.content_rule_accounts_umask_etc_bashrc
@@ -83,6 +83,9 @@
 [reference]:
 R36
 
+[reference]:
+5.4.3.3
+
 [rationale]:
 The umask value influences the permissions assigned to files when they are created.
 A misconfigured umask value could result in files with excessive permissions that can be read or

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs'.
--- xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs
+++ xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs
@@ -127,6 +127,9 @@
 [reference]:
 R36
 
+[reference]:
+5.4.3.3
+
 [rationale]:
 The umask value influences the permissions assigned to files when they are created.
 A misconfigured umask value could result in files with excessive permissions that can be read and

New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile'.
--- xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile
+++ xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile
@@ -87,6 +87,9 @@
 [reference]:
 R36
 
+[reference]:
+5.4.3.3
+
 [rationale]:
 The umask value influences the permissions assigned to files when they are created.
 A misconfigured umask value could result in files with excessive permissions that can be read or

OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_enable_iommu_force' differs.
--- oval:ssg-grub2_enable_iommu_force:def:1
+++ oval:ssg-grub2_enable_iommu_force:def:1
@@ -1,9 +1,14 @@
 criteria OR
 criteria AND
 criteria OR
+criterion oval:ssg-test_grub2_iommu_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_iommu_in_grub_cfg_uefi:tst:1
+criteria OR
 criteria OR
 criterion oval:ssg-test_grub2_iommu_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_iommu_grub_cmdline_linux_from_grub_d:tst:1
 criteria AND
 criteria OR
 criterion oval:ssg-test_grub2_iommu_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_iommu_grub_cmdline_linux_default_from_grub_d:tst:1
 extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1

OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_l1tf_argument' differs.
--- oval:ssg-grub2_l1tf_argument:def:1
+++ oval:ssg-grub2_l1tf_argument:def:1
@@ -1,9 +1,14 @@
 criteria OR
 criteria AND
 criteria OR
+criterion oval:ssg-test_grub2_l1tf_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_l1tf_in_grub_cfg_uefi:tst:1
+criteria OR
 criteria OR
 criterion oval:ssg-test_grub2_l1tf_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_l1tf_grub_cmdline_linux_from_grub_d:tst:1
 criteria AND
 criteria OR
 criterion oval:ssg-test_grub2_l1tf_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_l1tf_grub_cmdline_linux_default_from_grub_d:tst:1
 extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1

OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_mce_argument' differs.
--- oval:ssg-grub2_mce_argument:def:1
+++ oval:ssg-grub2_mce_argument:def:1
@@ -1,9 +1,14 @@
 criteria OR
 criteria AND
 criteria OR
+criterion oval:ssg-test_grub2_mce_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_mce_in_grub_cfg_uefi:tst:1
+criteria OR
 criteria OR
 criterion oval:ssg-test_grub2_mce_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_mce_grub_cmdline_linux_from_grub_d:tst:1
 criteria AND
 criteria OR
 criterion oval:ssg-test_grub2_mce_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_mce_grub_cmdline_linux_default_from_grub_d:tst:1
 extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1

OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_mds_argument' differs.
--- oval:ssg-grub2_mds_argument:def:1
+++ oval:ssg-grub2_mds_argument:def:1
@@ -1,9 +1,14 @@
 criteria OR
 criteria AND
 criteria OR
+criterion oval:ssg-test_grub2_mds_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_mds_in_grub_cfg_uefi:tst:1
+criteria OR
 criteria OR
 criterion oval:ssg-test_grub2_mds_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_mds_grub_cmdline_linux_from_grub_d:tst:1
 criteria AND
 criteria OR
 criterion oval:ssg-test_grub2_mds_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_mds_grub_cmdline_linux_default_from_grub_d:tst:1
 extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1

OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_page_alloc_shuffle_argument' differs.
--- oval:ssg-grub2_page_alloc_shuffle_argument:def:1
+++ oval:ssg-grub2_page_alloc_shuffle_argument:def:1
@@ -1,9 +1,14 @@
 criteria OR
 criteria AND
 criteria OR
+criterion oval:ssg-test_grub2_page_alloc_shuffle_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_page_alloc_shuffle_in_grub_cfg_uefi:tst:1
+criteria OR
 criteria OR
 criterion oval:ssg-test_grub2_page_alloc_shuffle_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_page_alloc_shuffle_grub_cmdline_linux_from_grub_d:tst:1
 criteria AND
 criteria OR
 criterion oval:ssg-test_grub2_page_alloc_shuffle_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_page_alloc_shuffle_grub_cmdline_linux_default_from_grub_d:tst:1
 extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1

OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_pti_argument' differs.
--- oval:ssg-grub2_pti_argument:def:1
+++ oval:ssg-grub2_pti_argument:def:1
@@ -1,9 +1,14 @@
 criteria OR
 criteria AND
 criteria OR
+criterion oval:ssg-test_grub2_pti_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_pti_in_grub_cfg_uefi:tst:1
+criteria OR
 criteria OR
 criterion oval:ssg-test_grub2_pti_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_pti_grub_cmdline_linux_from_grub_d:tst:1
 criteria AND
 criteria OR
 criterion oval:ssg-test_grub2_pti_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_pti_grub_cmdline_linux_default_from_grub_d:tst:1
 extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1

OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_rng_core_default_quality_argument' differs.
--- oval:ssg-grub2_rng_core_default_quality_argument:def:1
+++ oval:ssg-grub2_rng_core_default_quality_argument:def:1
@@ -1,9 +1,14 @@
 criteria OR
 criteria AND
 criteria OR
+criterion oval:ssg-test_grub2_rng_core_default_quality_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_rng_core_default_quality_in_grub_cfg_uefi:tst:1
+criteria OR
 criteria OR
 criterion oval:ssg-test_grub2_rng_core_default_quality_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_rng_core_default_quality_grub_cmdline_linux_from_grub_d:tst:1
 criteria AND
 criteria OR
 criterion oval:ssg-test_grub2_rng_core_default_quality_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_rng_core_default_quality_grub_cmdline_linux_default_from_grub_d:tst:1
 extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1

OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_slab_nomerge_argument' differs.
--- oval:ssg-grub2_slab_nomerge_argument:def:1
+++ oval:ssg-grub2_slab_nomerge_argument:def:1
@@ -1,9 +1,14 @@
 criteria OR
 criteria AND
 criteria OR
+criterion oval:ssg-test_grub2_slab_nomerge_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_slab_nomerge_in_grub_cfg_uefi:tst:1
+criteria OR
 criteria OR
 criterion oval:ssg-test_grub2_slab_nomerge_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_slab_nomerge_grub_cmdline_linux_from_grub_d:tst:1
 criteria AND
 criteria OR
 criterion oval:ssg-test_grub2_slab_nomerge_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_slab_nomerge_grub_cmdline_linux_default_from_grub_d:tst:1
 extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1

OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_spec_store_bypass_disable_argument' differs.
--- oval:ssg-grub2_spec_store_bypass_disable_argument:def:1
+++ oval:ssg-grub2_spec_store_bypass_disable_argument:def:1
@@ -1,9 +1,14 @@
 criteria OR
 criteria AND
 criteria OR
+criterion oval:ssg-test_grub2_spec_store_bypass_disable_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_spec_store_bypass_disable_in_grub_cfg_uefi:tst:1
+criteria OR
 criteria OR
 criterion oval:ssg-test_grub2_spec_store_bypass_disable_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_spec_store_bypass_disable_grub_cmdline_linux_from_grub_d:tst:1
 criteria AND
 criteria OR
 criterion oval:ssg-test_grub2_spec_store_bypass_disable_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_spec_store_bypass_disable_grub_cmdline_linux_default_from_grub_d:tst:1
 extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1

OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_spectre_v2_argument' differs.
--- oval:ssg-grub2_spectre_v2_argument:def:1
+++ oval:ssg-grub2_spectre_v2_argument:def:1
@@ -1,9 +1,14 @@
 criteria OR
 criteria AND
 criteria OR
+criterion oval:ssg-test_grub2_spectre_v2_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_spectre_v2_in_grub_cfg_uefi:tst:1
+criteria OR
 criteria OR
 criterion oval:ssg-test_grub2_spectre_v2_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_spectre_v2_grub_cmdline_linux_from_grub_d:tst:1
 criteria AND
 criteria OR
 criterion oval:ssg-test_grub2_spectre_v2_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_spectre_v2_grub_cmdline_linux_default_from_grub_d:tst:1
 extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_rsyslog_installed'.
--- xccdf_org.ssgproject.content_rule_package_rsyslog_installed
+++ xccdf_org.ssgproject.content_rule_package_rsyslog_installed
@@ -108,6 +108,9 @@
 SRG-OS-000480-GPOS-00227
 
 [reference]:
+6.1.2.1
+
+[reference]:
 1409
 
 [rationale]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_service_rsyslog_enabled'.
--- xccdf_org.ssgproject.content_rule_service_rsyslog_enabled
+++ xccdf_org.ssgproject.content_rule_service_rsyslog_enabled
@@ -214,6 +214,9 @@
 
 [reference]:
 SRG-OS-000480-GPOS-00227
+
+[reference]:
+6.1.2.2
 
 [reference]:
 1409

New content has different text for rule 'xccdf_org.ssgproject.content_rule_rsyslog_filecreatemode'.
--- xccdf_org.ssgproject.content_rule_rsyslog_filecreatemode
+++ xccdf_org.ssgproject.content_rule_rsyslog_filecreatemode
@@ -10,6 +10,9 @@
 [reference]:
 R71
 
+[reference]:
+6.1.2.4
+
 [rationale]:
 It is important to ensure that log files have the correct permissions
 to ensure that sensitive data is archived and protected.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_ip_forward'.
--- xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_ip_forward
+++ xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_ip_forward
@@ -340,6 +340,9 @@
 
 [reference]:
 R12
+
+[reference]:
+3.3.1.1
 
 [reference]:
 1.4.3

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_unauthorized_world_writable'.
--- xccdf_org.ssgproject.content_rule_file_permissions_unauthorized_world_writable
+++ xccdf_org.ssgproject.content_rule_file_permissions_unauthorized_world_writable
@@ -172,6 +172,9 @@
 R54
 
 [reference]:
+7.1.11
+
+[reference]:
 1409
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_ungroupowned'.
--- xccdf_org.ssgproject.content_rule_file_permissions_ungroupowned
+++ xccdf_org.ssgproject.content_rule_file_permissions_ungroupowned
@@ -339,6 +339,9 @@
 R53
 
 [reference]:
+7.1.12
+
+[reference]:
 2.2.6
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_no_files_unowned_by_user'.
--- xccdf_org.ssgproject.content_rule_no_files_unowned_by_user
+++ xccdf_org.ssgproject.content_rule_no_files_unowned_by_user
@@ -345,6 +345,9 @@
 
 [reference]:
 R53
+
+[reference]:
+7.1.12
 
 [reference]:
 2.2.6

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_group'.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_group
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_group
@@ -172,6 +172,9 @@
 R50
 
 [reference]:
+7.1.3
+
+[reference]:
 2.2.6
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_gshadow'.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_gshadow
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_gshadow
@@ -165,6 +165,9 @@
 [reference]:
 R50
 
+[reference]:
+7.1.7
+
 [rationale]:
 The /etc/gshadow file contains group password hashes. Protection of this file
 is critical for system security.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_passwd'.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_passwd
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_passwd
@@ -172,6 +172,9 @@
 R50
 
 [reference]:
+7.1.1
+
+[reference]:
 2.2.6
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_shadow'.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_shadow
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_shadow
@@ -172,6 +172,9 @@
 R50
 
 [reference]:
+7.1.5
+
+[reference]:
 2.2.6
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_shells'.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_shells
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_shells
@@ -16,6 +16,9 @@
 [reference]:
 R50
 
+[reference]:
+7.1.9
+
 [rationale]:
 The /etc/shells file contains the list of full pathnames to shells on the system.
 Since this file is used by many system programs this file should be protected.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_group'.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_group
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_group
@@ -172,6 +172,9 @@
 R50
 
 [reference]:
+7.1.3
+
+[reference]:
 2.2.6
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_gshadow'.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_gshadow
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_gshadow
@@ -165,6 +165,9 @@
 [reference]:
 R50
 
+[reference]:
+7.1.7
+
 [rationale]:
 The /etc/gshadow file contains group password hashes. Protection of this file
 is critical for system security.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_passwd'.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_passwd
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_passwd
@@ -172,6 +172,9 @@
 R50
 
 [reference]:
+7.1.1
+
+[reference]:
 2.2.6
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_shadow'.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_shadow
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_shadow
@@ -172,6 +172,9 @@
 R50
 
 [reference]:
+7.1.5
+
+[reference]:
 2.2.6
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_shells'.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_shells
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_shells
@@ -16,6 +16,9 @@
 [reference]:
 R50
 
+[reference]:
+7.1.9
+
 [rationale]:
 The /etc/shells file contains the list of full pathnames to shells on the system.
 Since this file is used by many system programs this file should be protected.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_etc_group'.
--- xccdf_org.ssgproject.content_rule_file_permissions_etc_group
+++ xccdf_org.ssgproject.content_rule_file_permissions_etc_group
@@ -172,6 +172,9 @@
 R50
 
 [reference]:
+7.1.3
+
+[reference]:
 2.2.6
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_etc_gshadow'.
--- xccdf_org.ssgproject.content_rule_file_permissions_etc_gshadow
+++ xccdf_org.ssgproject.content_rule_file_permissions_etc_gshadow
@@ -165,6 +165,9 @@
 [reference]:
 R50
 
+[reference]:
+7.1.7
+
 [rationale]:
 The /etc/gshadow file contains group password hashes. Protection of this file
 is critical for system security.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_etc_passwd'.
--- xccdf_org.ssgproject.content_rule_file_permissions_etc_passwd
+++ xccdf_org.ssgproject.content_rule_file_permissions_etc_passwd
@@ -172,6 +172,9 @@
 R50
 
 [reference]:
+7.1.1
+
+[reference]:
 2.2.6
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow'.
--- xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow
+++ xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow
@@ -172,6 +172,9 @@
 R50
 
 [reference]:
+7.1.5
+
+[reference]:
 2.2.6
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_etc_shells'.
--- xccdf_org.ssgproject.content_rule_file_permissions_etc_shells
+++ xccdf_org.ssgproject.content_rule_file_permissions_etc_shells
@@ -15,6 +15,9 @@
 [reference]:
 R50
 
+[reference]:
+7.1.9
+
 [rationale]:
 The /etc/shells file contains the list of full pathnames to shells on the system.
 Since this file is used by many system programs this file should be protected.

OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_page_poison_argument' differs.
--- oval:ssg-grub2_page_poison_argument:def:1
+++ oval:ssg-grub2_page_poison_argument:def:1
@@ -1,9 +1,14 @@
 criteria OR
 criteria AND
 criteria OR
+criterion oval:ssg-test_grub2_page_poison_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_page_poison_in_grub_cfg_uefi:tst:1
+criteria OR
 criteria OR
 criterion oval:ssg-test_grub2_page_poison_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_page_poison_grub_cmdline_linux_from_grub_d:tst:1
 criteria AND
 criteria OR
 criterion oval:ssg-test_grub2_page_poison_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_page_poison_grub_cmdline_linux_default_from_grub_d:tst:1
 extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1

OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_slub_debug_argument' differs.
--- oval:ssg-grub2_slub_debug_argument:def:1
+++ oval:ssg-grub2_slub_debug_argument:def:1
@@ -1,9 +1,14 @@
 criteria OR
 criteria AND
 criteria OR
+criterion oval:ssg-test_grub2_slub_debug_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_slub_debug_in_grub_cfg_uefi:tst:1
+criteria OR
 criteria OR
 criterion oval:ssg-test_grub2_slub_debug_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_slub_debug_grub_cmdline_linux_from_grub_d:tst:1
 criteria AND
 criteria OR
 criterion oval:ssg-test_grub2_slub_debug_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_slub_debug_grub_cmdline_linux_default_from_grub_d:tst:1
 extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_cron_installed'.
--- xccdf_org.ssgproject.content_rule_package_cron_installed
+++ xccdf_org.ssgproject.content_rule_package_cron_installed
@@ -222,6 +222,9 @@
 SRG-OS-000480-GPOS-00227
 
 [reference]:
+2.4.1.1
+
+[reference]:
 2.2.6
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_service_cron_enabled'.
--- xccdf_org.ssgproject.content_rule_service_cron_enabled
+++ xccdf_org.ssgproject.content_rule_service_cron_enabled
@@ -223,6 +223,9 @@
 [reference]:
 PR.PT-3
 
+[reference]:
+2.4.1.1
+
 [rationale]:
 Due to its usage for maintenance and security-supporting tasks,
 enabling the cron daemon is essential.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_nis_removed'.
--- xccdf_org.ssgproject.content_rule_package_nis_removed
+++ xccdf_org.ssgproject.content_rule_package_nis_removed
@@ -5,6 +5,9 @@
 [description]:
 The support for Yellowpages should not be installed unless it is required.
 
+[reference]:
+2.2.1
+
 [rationale]:
 NIS is the historical SUN service for central account management, more and more replaced by LDAP.
 NIS does not support efficiently security constraints, ACL, etc. and should not be used.

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_dhcp_removed'.
--- xccdf_org.ssgproject.content_rule_package_dhcp_removed
+++ xccdf_org.ssgproject.content_rule_package_dhcp_removed
@@ -214,6 +214,9 @@
 R62
 
 [reference]:
+2.1.3
+
+[reference]:
 2.2.4
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_postfix_network_listening_disabled'.
--- xccdf_org.ssgproject.content_rule_postfix_network_listening_disabled
+++ xccdf_org.ssgproject.content_rule_postfix_network_listening_disabled
@@ -212,6 +212,9 @@
 R74
 
 [reference]:
+2.1.22
+
+[reference]:
 1.4.2
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_chrony_installed'.
--- xccdf_org.ssgproject.content_rule_package_chrony_installed
+++ xccdf_org.ssgproject.content_rule_package_chrony_installed
@@ -23,6 +23,9 @@
 R71
 
 [reference]:
+2.3.1.1
+
+[reference]:
 0988
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_xinetd_removed'.
--- xccdf_org.ssgproject.content_rule_package_xinetd_removed
+++ xccdf_org.ssgproject.content_rule_package_xinetd_removed
@@ -297,6 +297,9 @@
 
 [reference]:
 R62
+
+[reference]:
+2.1.20
 
 [reference]:
 1409

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_ypserv_removed'.
--- xccdf_org.ssgproject.content_rule_package_ypserv_removed
+++ xccdf_org.ssgproject.content_rule_package_ypserv_removed
@@ -306,6 +306,9 @@
 
 [reference]:
 R62
+
+[reference]:
+2.1.10
 
 [reference]:
 2.2.4

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_rsh_removed'.
--- xccdf_org.ssgproject.content_rule_package_rsh_removed
+++ xccdf_org.ssgproject.content_rule_package_rsh_removed
@@ -50,6 +50,9 @@
 R62
 
 [reference]:
+2.2.2
+
+[reference]:
 2.2.4
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_talk_removed'.
--- xccdf_org.ssgproject.content_rule_package_talk_removed
+++ xccdf_org.ssgproject.content_rule_package_talk_removed
@@ -33,6 +33,9 @@
 R62
 
 [reference]:
+2.2.3
+
+[reference]:
 2.2.4
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_telnet_removed'.
--- xccdf_org.ssgproject.content_rule_package_telnet_removed
+++ xccdf_org.ssgproject.content_rule_package_telnet_removed
@@ -49,6 +49,9 @@
 R62
 
 [reference]:
+2.2.4
+
+[reference]:
 1409
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_tftp-server_removed'.
--- xccdf_org.ssgproject.content_rule_package_tftp-server_removed
+++ xccdf_org.ssgproject.content_rule_package_tftp-server_removed
@@ -280,6 +280,9 @@
 
 [reference]:
 R62
+
+[reference]:
+2.1.16
 
 [reference]:
 2.2.4

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_sshd_config'.
--- xccdf_org.ssgproject.content_rule_file_groupowner_sshd_config
+++ xccdf_org.ssgproject.content_rule_file_groupowner_sshd_config
@@ -169,6 +169,9 @@
 [reference]:
 R50
 
+[reference]:
+5.1.1
+
 [rationale]:
 Service configuration files enable or disable features of their respective
 services that if configured incorrectly can lead to insecure and vulnerable

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_owner_sshd_config'.
--- xccdf_org.ssgproject.content_rule_file_owner_sshd_config
+++ xccdf_org.ssgproject.content_rule_file_owner_sshd_config
@@ -169,6 +169,9 @@
 [reference]:
 R50
 
+[reference]:
+5.1.1
+
 [rationale]:
 Service configuration files enable or disable features of their respective
 services that if configured incorrectly can lead to insecure and vulnerable

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_sshd_config'.
--- xccdf_org.ssgproject.content_rule_file_permissions_sshd_config
+++ xccdf_org.ssgproject.content_rule_file_permissions_sshd_config
@@ -169,6 +169,9 @@
 R50
 
 [reference]:
+5.1.1
+
+[reference]:
 2.2.6
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_sshd_private_key'.
--- xccdf_org.ssgproject.content_rule_file_permissions_sshd_private_key
+++ xccdf_org.ssgproject.content_rule_file_permissions_sshd_private_key
@@ -182,6 +182,9 @@
 R50
 
 [reference]:
+5.1.2
+
+[reference]:
 1449
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_sshd_pub_key'.
--- xccdf_org.ssgproject.content_rule_file_permissions_sshd_pub_key
+++ xccdf_org.ssgproject.content_rule_file_permissions_sshd_pub_key
@@ -181,6 +181,9 @@
 R50
 
 [reference]:
+5.1.3
+
+[reference]:
 2.2.6
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sshd_set_keepalive'.
--- xccdf_org.ssgproject.content_rule_sshd_set_keepalive
+++ xccdf_org.ssgproject.content_rule_sshd_set_keepalive
@@ -318,6 +318,9 @@
 SRG-OS-000279-GPOS-00109
 
 [reference]:
+5.1.7
+
+[reference]:
 8.2.8
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout'.
--- xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout
+++ xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout
@@ -322,6 +322,9 @@
 
 [reference]:
 SRG-OS-000395-GPOS-00175
+
+[reference]:
+5.1.7
 
 [reference]:
 8.2.8

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords'.
--- xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords
+++ xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords
@@ -384,6 +384,9 @@
 SRG-OS-000480-GPOS-00227
 
 [reference]:
+5.1.20
+
+[reference]:
 1546
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_root_login'.
--- xccdf_org.ssgproject.content_rule_sshd_disable_root_login
+++ xccdf_org.ssgproject.content_rule_sshd_disable_root_login
@@ -424,6 +424,9 @@
 
 [reference]:
 R33
+
+[reference]:
+5.1.21
 
 [reference]:
 1546

New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_audit_installed'.
--- xccdf_org.ssgproject.content_rule_package_audit_installed
+++ xccdf_org.ssgproject.content_rule_package_audit_installed
@@ -132,6 +132,9 @@
 R73
 
 [reference]:
+6.2.1.1
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_service_auditd_enabled'.
--- xccdf_org.ssgproject.content_rule_service_auditd_enabled
+++ xccdf_org.ssgproject.content_rule_service_auditd_enabled
@@ -471,6 +471,9 @@
 
 [reference]:
 R73
+
+[reference]:
+6.2.1.2
 
 [reference]:
 1409

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_immutable'.
--- xccdf_org.ssgproject.content_rule_audit_rules_immutable
+++ xccdf_org.ssgproject.content_rule_audit_rules_immutable
@@ -374,6 +374,9 @@
 R73
 
 [reference]:
+6.2.3.36
+
+[reference]:
 10.3.2
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_media_export'.
--- xccdf_org.ssgproject.content_rule_audit_rules_media_export
+++ xccdf_org.ssgproject.content_rule_audit_rules_media_export
@@ -391,6 +391,9 @@
 R73
 
 [reference]:
+6.2.3.21
+
+[reference]:
 10.2.1.7
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification'.
--- xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification
+++ xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification
@@ -381,6 +381,9 @@
 R73
 
 [reference]:
+6.2.3.8
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions'.
--- xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions
+++ xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions
@@ -572,6 +572,9 @@
 R73
 
 [reference]:
+6.2.3.1
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group'.
--- xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group
+++ xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group
@@ -551,6 +551,9 @@
 R73
 
 [reference]:
+6.2.3.12
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow'.
--- xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow
+++ xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow
@@ -551,6 +551,9 @@
 R73
 
 [reference]:
+6.2.3.14
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd'.
--- xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd
+++ xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd
@@ -557,6 +557,9 @@
 R73
 
 [reference]:
+6.2.3.15
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd'.
--- xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd
+++ xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd
@@ -566,6 +566,9 @@
 R73
 
 [reference]:
+6.2.3.13
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow'.
--- xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow
+++ xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow
@@ -551,6 +551,9 @@
 R73
 
 [reference]:
+6.2.3.14
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_sudo_log_events'.
--- xccdf_org.ssgproject.content_rule_audit_sudo_log_events
+++ xccdf_org.ssgproject.content_rule_audit_sudo_log_events
@@ -45,6 +45,9 @@
 R73
 
 [reference]:
+6.2.3.3
+
+[reference]:
 10.2.1.3
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod
@@ -424,6 +424,9 @@
 R73
 
 [reference]:
+6.2.3.18
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown
@@ -427,6 +427,9 @@
 R73
 
 [reference]:
+6.2.3.19
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod
@@ -424,6 +424,9 @@
 R73
 
 [reference]:
+6.2.3.18
+
+[reference]:
 10.3.4
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat
@@ -424,6 +424,9 @@
 R73
 
 [reference]:
+6.2.3.18
+
+[reference]:
 10.3.4
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown
@@ -430,6 +430,9 @@
 R73
 
 [reference]:
+6.2.3.19
+
+[reference]:
 10.3.4
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat
@@ -427,6 +427,9 @@
 R73
 
 [reference]:
+6.2.3.19
+
+[reference]:
 10.3.4
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr
@@ -451,6 +451,9 @@
 R73
 
 [reference]:
+6.2.3.20
+
+[reference]:
 10.3.4
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr
@@ -445,6 +445,9 @@
 R73
 
 [reference]:
+6.2.3.20
+
+[reference]:
 10.3.4
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown
@@ -427,6 +427,9 @@
 R73
 
 [reference]:
+6.2.3.19
+
+[reference]:
 10.3.4
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr
@@ -457,6 +457,9 @@
 R73
 
 [reference]:
+6.2.3.20
+
+[reference]:
 10.3.4
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr
@@ -445,6 +445,9 @@
 R73
 
 [reference]:
+6.2.3.20
+
+[reference]:
 10.3.4
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr
@@ -456,6 +456,9 @@
 R73
 
 [reference]:
+6.2.3.20
+
+[reference]:
 10.3.4
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr
@@ -421,6 +421,9 @@
 R73
 
 [reference]:
+6.2.3.20
+
+[reference]:
 10.3.4
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename
@@ -419,6 +419,9 @@
 R73
 
 [reference]:
+6.2.3.25
+
+[reference]:
 10.2.1.7
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat
@@ -419,6 +419,9 @@
 R73
 
 [reference]:
+6.2.3.25
+
+[reference]:
 10.2.1.7
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink
@@ -419,6 +419,9 @@
 R73
 
 [reference]:
+6.2.3.24
+
+[reference]:
 10.2.1.7
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat
@@ -419,6 +419,9 @@
 R73
 
 [reference]:
+6.2.3.24
+
+[reference]:
 10.2.1.7
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat
+++ xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat
@@ -409,6 +409,9 @@
 R73
 
 [reference]:
+6.2.3.11
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate'.
--- xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate
+++ xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate
@@ -412,6 +412,9 @@
 R73
 
 [reference]:
+6.2.3.11
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open'.
--- xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open
+++ xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open
@@ -412,6 +412,9 @@
 R73
 
 [reference]:
+6.2.3.11
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat
+++ xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat
@@ -412,6 +412,9 @@
 R73
 
 [reference]:
+6.2.3.11
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate'.
--- xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate
+++ xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate
@@ -412,6 +412,9 @@
 R73
 
 [reference]:
+6.2.3.11
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete'.
--- xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete
+++ xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete
@@ -393,6 +393,9 @@
 
 [reference]:
 R73
+
+[reference]:
+6.2.3.33
 
 [rationale]:
 The removal of kernel modules can be used to alter the behavior of

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit'.
--- xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit
+++ xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit
@@ -393,6 +393,9 @@
 
 [reference]:
 R73
+
+[reference]:
+6.2.3.32
 
 [rationale]:
 The addition/removal of kernel modules can be used to alter the behavior of

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init'.
--- xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init
+++ xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init
@@ -393,6 +393,9 @@
 
 [reference]:
 R73
+
+[reference]:
+6.2.3.32
 
 [rationale]:
 The addition of kernel modules can be used to alter the behavior of

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock'.
--- xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock
+++ xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock
@@ -386,6 +386,9 @@
 R73
 
 [reference]:
+6.2.3.23
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog'.
--- xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog
+++ xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog
@@ -404,6 +404,9 @@
 R73
 
 [reference]:
+6.2.3.23
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands'.
--- xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands
+++ xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands
@@ -437,6 +437,9 @@
 R73
 
 [reference]:
+6.2.3.10
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod'.
--- xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod
+++ xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod
@@ -68,6 +68,9 @@
 [reference]:
 R73
 
+[reference]:
+6.2.3.31
+
 [rationale]:
 Without generating audit records that are specific to the security and
 mission needs of the organization, it would be difficult to establish,

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex'.
--- xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex
+++ xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex
@@ -374,6 +374,9 @@
 R73
 
 [reference]:
+6.2.3.4
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime'.
--- xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime
+++ xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime
@@ -374,6 +374,9 @@
 R73
 
 [reference]:
+6.2.3.4
+
+[reference]:
 0582
 
 [reference]:

New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime'.
--- xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime
+++ xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime
@@ -368,6 +368,9 @@
 R73
 
 [reference]:
+6.2.3.4
+
+[reference]:
 0582
 
 [reference]:

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

Change in Ansible shell module found.

Please consider using more suitable Ansible module than shell if possible.

@a-skr a-skr force-pushed the debian13-20260702 branch from f6a726b to 97cc46c Compare July 2, 2026 14:02
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

Change in Ansible shell module found.

Please consider using more suitable Ansible module than shell if possible.

@Mab879 Mab879 added this to the 0.1.82 milestone Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

needs-ok-to-test Used by openshift-ci bot.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants