Debian13 20260702#14851
Conversation
|
Hi @a-skr. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Tip We noticed you've done this a few times! Consider joining the org to skip this step and gain Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
This datastream diff is auto generated by the check Click here to see the full diffNew content has different text for rule 'xccdf_org.ssgproject.content_rule_package_aide_installed'.
--- xccdf_org.ssgproject.content_rule_package_aide_installed
+++ xccdf_org.ssgproject.content_rule_package_aide_installed
@@ -212,6 +212,9 @@
R79
[reference]:
+6.3.1
+
+[reference]:
1034
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_aide_build_database'.
--- xccdf_org.ssgproject.content_rule_aide_build_database
+++ xccdf_org.ssgproject.content_rule_aide_build_database
@@ -237,6 +237,9 @@
R79
[reference]:
+6.3.1
+
+[reference]:
11.5.2
[rationale]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_aide_periodic_checking_systemd_timer'.
--- xccdf_org.ssgproject.content_rule_aide_periodic_checking_systemd_timer
+++ xccdf_org.ssgproject.content_rule_aide_periodic_checking_systemd_timer
@@ -224,6 +224,9 @@
R76
[reference]:
+6.3.2
+
+[reference]:
11.5.2
[rationale]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_sudo_installed'.
--- xccdf_org.ssgproject.content_rule_package_sudo_installed
+++ xccdf_org.ssgproject.content_rule_package_sudo_installed
@@ -20,6 +20,9 @@
R33
[reference]:
+5.2.1
+
+[reference]:
1386
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_sudo_add_use_pty'.
--- xccdf_org.ssgproject.content_rule_sudo_add_use_pty
+++ xccdf_org.ssgproject.content_rule_sudo_add_use_pty
@@ -16,6 +16,9 @@
R39
[reference]:
+5.2.2
+
+[reference]:
2.2.6
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_pam_pwquality_installed'.
--- xccdf_org.ssgproject.content_rule_package_pam_pwquality_installed
+++ xccdf_org.ssgproject.content_rule_package_pam_pwquality_installed
@@ -10,6 +10,9 @@
[reference]:
SRG-OS-000480-GPOS-00225
+[reference]:
+5.3.1.3
+
[rationale]:
Use of a complex password helps to increase the time and resources required
to compromise the password. Password complexity, or strength, is a measure
New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny'.
--- xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny
+++ xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny
@@ -139,6 +139,9 @@
R31
[reference]:
+5.3.3.1.1
+
+[reference]:
0421
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time'.
--- xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time
+++ xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time
@@ -153,6 +153,9 @@
R31
[reference]:
+5.3.3.1.2
+
+[reference]:
0421
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit
@@ -178,6 +178,9 @@
R31
[reference]:
+5.3.3.2.3
+
+[reference]:
0421
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit
@@ -178,6 +178,9 @@
R31
[reference]:
+5.3.3.2.3
+
+[reference]:
0421
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass
@@ -183,6 +183,9 @@
R68
[reference]:
+5.3.3.2.3
+
+[reference]:
0421
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen
@@ -181,6 +181,9 @@
[reference]:
R68
+
+[reference]:
+5.3.3.2.2
[reference]:
0421
New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit
@@ -177,6 +177,9 @@
R31
[reference]:
+5.3.3.2.3
+
+[reference]:
0421
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit'.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit
@@ -181,6 +181,9 @@
R31
[reference]:
+5.3.3.2.3
+
+[reference]:
0421
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_logindefs'.
--- xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_logindefs
+++ xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_logindefs
@@ -171,6 +171,9 @@
[reference]:
SRG-OS-000073-GPOS-00041
+
+[reference]:
+5.4.1.4
[reference]:
0418
New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_tmout'.
--- xccdf_org.ssgproject.content_rule_accounts_tmout
+++ xccdf_org.ssgproject.content_rule_accounts_tmout
@@ -151,6 +151,9 @@
R32
[reference]:
+5.4.3.2
+
+[reference]:
8.6.1
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_user_dot_group_ownership'.
--- xccdf_org.ssgproject.content_rule_accounts_user_dot_group_ownership
+++ xccdf_org.ssgproject.content_rule_accounts_user_dot_group_ownership
@@ -23,6 +23,9 @@
[reference]:
R50
+[reference]:
+7.2.10
+
[rationale]:
Local initialization files for interactive users are used to configure the
user's shell environment upon logon. Malicious modification of these files could
New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_user_dot_user_ownership'.
--- xccdf_org.ssgproject.content_rule_accounts_user_dot_user_ownership
+++ xccdf_org.ssgproject.content_rule_accounts_user_dot_user_ownership
@@ -21,6 +21,9 @@
[reference]:
R50
+[reference]:
+7.2.10
+
[rationale]:
Local initialization files are used to configure the user's shell environment
upon logon. Malicious modification of these files could compromise accounts upon
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permission_user_init_files'.
--- xccdf_org.ssgproject.content_rule_file_permission_user_init_files
+++ xccdf_org.ssgproject.content_rule_file_permission_user_init_files
@@ -13,6 +13,9 @@
[reference]:
R50
+[reference]:
+7.2.10
+
[rationale]:
Local initialization files are used to configure the user's shell environment
upon logon. Malicious modification of these files could compromise accounts upon
New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_umask_etc_bashrc'.
--- xccdf_org.ssgproject.content_rule_accounts_umask_etc_bashrc
+++ xccdf_org.ssgproject.content_rule_accounts_umask_etc_bashrc
@@ -83,6 +83,9 @@
[reference]:
R36
+[reference]:
+5.4.3.3
+
[rationale]:
The umask value influences the permissions assigned to files when they are created.
A misconfigured umask value could result in files with excessive permissions that can be read or
New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs'.
--- xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs
+++ xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs
@@ -127,6 +127,9 @@
[reference]:
R36
+[reference]:
+5.4.3.3
+
[rationale]:
The umask value influences the permissions assigned to files when they are created.
A misconfigured umask value could result in files with excessive permissions that can be read and
New content has different text for rule 'xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile'.
--- xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile
+++ xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile
@@ -87,6 +87,9 @@
[reference]:
R36
+[reference]:
+5.4.3.3
+
[rationale]:
The umask value influences the permissions assigned to files when they are created.
A misconfigured umask value could result in files with excessive permissions that can be read or
OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_enable_iommu_force' differs.
--- oval:ssg-grub2_enable_iommu_force:def:1
+++ oval:ssg-grub2_enable_iommu_force:def:1
@@ -1,9 +1,14 @@
criteria OR
criteria AND
criteria OR
+criterion oval:ssg-test_grub2_iommu_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_iommu_in_grub_cfg_uefi:tst:1
+criteria OR
criteria OR
criterion oval:ssg-test_grub2_iommu_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_iommu_grub_cmdline_linux_from_grub_d:tst:1
criteria AND
criteria OR
criterion oval:ssg-test_grub2_iommu_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_iommu_grub_cmdline_linux_default_from_grub_d:tst:1
extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1
OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_l1tf_argument' differs.
--- oval:ssg-grub2_l1tf_argument:def:1
+++ oval:ssg-grub2_l1tf_argument:def:1
@@ -1,9 +1,14 @@
criteria OR
criteria AND
criteria OR
+criterion oval:ssg-test_grub2_l1tf_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_l1tf_in_grub_cfg_uefi:tst:1
+criteria OR
criteria OR
criterion oval:ssg-test_grub2_l1tf_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_l1tf_grub_cmdline_linux_from_grub_d:tst:1
criteria AND
criteria OR
criterion oval:ssg-test_grub2_l1tf_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_l1tf_grub_cmdline_linux_default_from_grub_d:tst:1
extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1
OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_mce_argument' differs.
--- oval:ssg-grub2_mce_argument:def:1
+++ oval:ssg-grub2_mce_argument:def:1
@@ -1,9 +1,14 @@
criteria OR
criteria AND
criteria OR
+criterion oval:ssg-test_grub2_mce_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_mce_in_grub_cfg_uefi:tst:1
+criteria OR
criteria OR
criterion oval:ssg-test_grub2_mce_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_mce_grub_cmdline_linux_from_grub_d:tst:1
criteria AND
criteria OR
criterion oval:ssg-test_grub2_mce_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_mce_grub_cmdline_linux_default_from_grub_d:tst:1
extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1
OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_mds_argument' differs.
--- oval:ssg-grub2_mds_argument:def:1
+++ oval:ssg-grub2_mds_argument:def:1
@@ -1,9 +1,14 @@
criteria OR
criteria AND
criteria OR
+criterion oval:ssg-test_grub2_mds_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_mds_in_grub_cfg_uefi:tst:1
+criteria OR
criteria OR
criterion oval:ssg-test_grub2_mds_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_mds_grub_cmdline_linux_from_grub_d:tst:1
criteria AND
criteria OR
criterion oval:ssg-test_grub2_mds_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_mds_grub_cmdline_linux_default_from_grub_d:tst:1
extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1
OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_page_alloc_shuffle_argument' differs.
--- oval:ssg-grub2_page_alloc_shuffle_argument:def:1
+++ oval:ssg-grub2_page_alloc_shuffle_argument:def:1
@@ -1,9 +1,14 @@
criteria OR
criteria AND
criteria OR
+criterion oval:ssg-test_grub2_page_alloc_shuffle_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_page_alloc_shuffle_in_grub_cfg_uefi:tst:1
+criteria OR
criteria OR
criterion oval:ssg-test_grub2_page_alloc_shuffle_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_page_alloc_shuffle_grub_cmdline_linux_from_grub_d:tst:1
criteria AND
criteria OR
criterion oval:ssg-test_grub2_page_alloc_shuffle_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_page_alloc_shuffle_grub_cmdline_linux_default_from_grub_d:tst:1
extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1
OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_pti_argument' differs.
--- oval:ssg-grub2_pti_argument:def:1
+++ oval:ssg-grub2_pti_argument:def:1
@@ -1,9 +1,14 @@
criteria OR
criteria AND
criteria OR
+criterion oval:ssg-test_grub2_pti_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_pti_in_grub_cfg_uefi:tst:1
+criteria OR
criteria OR
criterion oval:ssg-test_grub2_pti_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_pti_grub_cmdline_linux_from_grub_d:tst:1
criteria AND
criteria OR
criterion oval:ssg-test_grub2_pti_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_pti_grub_cmdline_linux_default_from_grub_d:tst:1
extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1
OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_rng_core_default_quality_argument' differs.
--- oval:ssg-grub2_rng_core_default_quality_argument:def:1
+++ oval:ssg-grub2_rng_core_default_quality_argument:def:1
@@ -1,9 +1,14 @@
criteria OR
criteria AND
criteria OR
+criterion oval:ssg-test_grub2_rng_core_default_quality_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_rng_core_default_quality_in_grub_cfg_uefi:tst:1
+criteria OR
criteria OR
criterion oval:ssg-test_grub2_rng_core_default_quality_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_rng_core_default_quality_grub_cmdline_linux_from_grub_d:tst:1
criteria AND
criteria OR
criterion oval:ssg-test_grub2_rng_core_default_quality_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_rng_core_default_quality_grub_cmdline_linux_default_from_grub_d:tst:1
extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1
OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_slab_nomerge_argument' differs.
--- oval:ssg-grub2_slab_nomerge_argument:def:1
+++ oval:ssg-grub2_slab_nomerge_argument:def:1
@@ -1,9 +1,14 @@
criteria OR
criteria AND
criteria OR
+criterion oval:ssg-test_grub2_slab_nomerge_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_slab_nomerge_in_grub_cfg_uefi:tst:1
+criteria OR
criteria OR
criterion oval:ssg-test_grub2_slab_nomerge_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_slab_nomerge_grub_cmdline_linux_from_grub_d:tst:1
criteria AND
criteria OR
criterion oval:ssg-test_grub2_slab_nomerge_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_slab_nomerge_grub_cmdline_linux_default_from_grub_d:tst:1
extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1
OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_spec_store_bypass_disable_argument' differs.
--- oval:ssg-grub2_spec_store_bypass_disable_argument:def:1
+++ oval:ssg-grub2_spec_store_bypass_disable_argument:def:1
@@ -1,9 +1,14 @@
criteria OR
criteria AND
criteria OR
+criterion oval:ssg-test_grub2_spec_store_bypass_disable_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_spec_store_bypass_disable_in_grub_cfg_uefi:tst:1
+criteria OR
criteria OR
criterion oval:ssg-test_grub2_spec_store_bypass_disable_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_spec_store_bypass_disable_grub_cmdline_linux_from_grub_d:tst:1
criteria AND
criteria OR
criterion oval:ssg-test_grub2_spec_store_bypass_disable_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_spec_store_bypass_disable_grub_cmdline_linux_default_from_grub_d:tst:1
extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1
OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_spectre_v2_argument' differs.
--- oval:ssg-grub2_spectre_v2_argument:def:1
+++ oval:ssg-grub2_spectre_v2_argument:def:1
@@ -1,9 +1,14 @@
criteria OR
criteria AND
criteria OR
+criterion oval:ssg-test_grub2_spectre_v2_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_spectre_v2_in_grub_cfg_uefi:tst:1
+criteria OR
criteria OR
criterion oval:ssg-test_grub2_spectre_v2_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_spectre_v2_grub_cmdline_linux_from_grub_d:tst:1
criteria AND
criteria OR
criterion oval:ssg-test_grub2_spectre_v2_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_spectre_v2_grub_cmdline_linux_default_from_grub_d:tst:1
extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_rsyslog_installed'.
--- xccdf_org.ssgproject.content_rule_package_rsyslog_installed
+++ xccdf_org.ssgproject.content_rule_package_rsyslog_installed
@@ -108,6 +108,9 @@
SRG-OS-000480-GPOS-00227
[reference]:
+6.1.2.1
+
+[reference]:
1409
[rationale]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_service_rsyslog_enabled'.
--- xccdf_org.ssgproject.content_rule_service_rsyslog_enabled
+++ xccdf_org.ssgproject.content_rule_service_rsyslog_enabled
@@ -214,6 +214,9 @@
[reference]:
SRG-OS-000480-GPOS-00227
+
+[reference]:
+6.1.2.2
[reference]:
1409
New content has different text for rule 'xccdf_org.ssgproject.content_rule_rsyslog_filecreatemode'.
--- xccdf_org.ssgproject.content_rule_rsyslog_filecreatemode
+++ xccdf_org.ssgproject.content_rule_rsyslog_filecreatemode
@@ -10,6 +10,9 @@
[reference]:
R71
+[reference]:
+6.1.2.4
+
[rationale]:
It is important to ensure that log files have the correct permissions
to ensure that sensitive data is archived and protected.
New content has different text for rule 'xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_ip_forward'.
--- xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_ip_forward
+++ xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_ip_forward
@@ -340,6 +340,9 @@
[reference]:
R12
+
+[reference]:
+3.3.1.1
[reference]:
1.4.3
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_unauthorized_world_writable'.
--- xccdf_org.ssgproject.content_rule_file_permissions_unauthorized_world_writable
+++ xccdf_org.ssgproject.content_rule_file_permissions_unauthorized_world_writable
@@ -172,6 +172,9 @@
R54
[reference]:
+7.1.11
+
+[reference]:
1409
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_ungroupowned'.
--- xccdf_org.ssgproject.content_rule_file_permissions_ungroupowned
+++ xccdf_org.ssgproject.content_rule_file_permissions_ungroupowned
@@ -339,6 +339,9 @@
R53
[reference]:
+7.1.12
+
+[reference]:
2.2.6
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_no_files_unowned_by_user'.
--- xccdf_org.ssgproject.content_rule_no_files_unowned_by_user
+++ xccdf_org.ssgproject.content_rule_no_files_unowned_by_user
@@ -345,6 +345,9 @@
[reference]:
R53
+
+[reference]:
+7.1.12
[reference]:
2.2.6
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_group'.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_group
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_group
@@ -172,6 +172,9 @@
R50
[reference]:
+7.1.3
+
+[reference]:
2.2.6
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_gshadow'.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_gshadow
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_gshadow
@@ -165,6 +165,9 @@
[reference]:
R50
+[reference]:
+7.1.7
+
[rationale]:
The /etc/gshadow file contains group password hashes. Protection of this file
is critical for system security.
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_passwd'.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_passwd
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_passwd
@@ -172,6 +172,9 @@
R50
[reference]:
+7.1.1
+
+[reference]:
2.2.6
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_shadow'.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_shadow
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_shadow
@@ -172,6 +172,9 @@
R50
[reference]:
+7.1.5
+
+[reference]:
2.2.6
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_etc_shells'.
--- xccdf_org.ssgproject.content_rule_file_groupowner_etc_shells
+++ xccdf_org.ssgproject.content_rule_file_groupowner_etc_shells
@@ -16,6 +16,9 @@
[reference]:
R50
+[reference]:
+7.1.9
+
[rationale]:
The /etc/shells file contains the list of full pathnames to shells on the system.
Since this file is used by many system programs this file should be protected.
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_group'.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_group
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_group
@@ -172,6 +172,9 @@
R50
[reference]:
+7.1.3
+
+[reference]:
2.2.6
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_gshadow'.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_gshadow
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_gshadow
@@ -165,6 +165,9 @@
[reference]:
R50
+[reference]:
+7.1.7
+
[rationale]:
The /etc/gshadow file contains group password hashes. Protection of this file
is critical for system security.
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_passwd'.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_passwd
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_passwd
@@ -172,6 +172,9 @@
R50
[reference]:
+7.1.1
+
+[reference]:
2.2.6
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_shadow'.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_shadow
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_shadow
@@ -172,6 +172,9 @@
R50
[reference]:
+7.1.5
+
+[reference]:
2.2.6
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_owner_etc_shells'.
--- xccdf_org.ssgproject.content_rule_file_owner_etc_shells
+++ xccdf_org.ssgproject.content_rule_file_owner_etc_shells
@@ -16,6 +16,9 @@
[reference]:
R50
+[reference]:
+7.1.9
+
[rationale]:
The /etc/shells file contains the list of full pathnames to shells on the system.
Since this file is used by many system programs this file should be protected.
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_etc_group'.
--- xccdf_org.ssgproject.content_rule_file_permissions_etc_group
+++ xccdf_org.ssgproject.content_rule_file_permissions_etc_group
@@ -172,6 +172,9 @@
R50
[reference]:
+7.1.3
+
+[reference]:
2.2.6
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_etc_gshadow'.
--- xccdf_org.ssgproject.content_rule_file_permissions_etc_gshadow
+++ xccdf_org.ssgproject.content_rule_file_permissions_etc_gshadow
@@ -165,6 +165,9 @@
[reference]:
R50
+[reference]:
+7.1.7
+
[rationale]:
The /etc/gshadow file contains group password hashes. Protection of this file
is critical for system security.
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_etc_passwd'.
--- xccdf_org.ssgproject.content_rule_file_permissions_etc_passwd
+++ xccdf_org.ssgproject.content_rule_file_permissions_etc_passwd
@@ -172,6 +172,9 @@
R50
[reference]:
+7.1.1
+
+[reference]:
2.2.6
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow'.
--- xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow
+++ xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow
@@ -172,6 +172,9 @@
R50
[reference]:
+7.1.5
+
+[reference]:
2.2.6
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_etc_shells'.
--- xccdf_org.ssgproject.content_rule_file_permissions_etc_shells
+++ xccdf_org.ssgproject.content_rule_file_permissions_etc_shells
@@ -15,6 +15,9 @@
[reference]:
R50
+[reference]:
+7.1.9
+
[rationale]:
The /etc/shells file contains the list of full pathnames to shells on the system.
Since this file is used by many system programs this file should be protected.
OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_page_poison_argument' differs.
--- oval:ssg-grub2_page_poison_argument:def:1
+++ oval:ssg-grub2_page_poison_argument:def:1
@@ -1,9 +1,14 @@
criteria OR
criteria AND
criteria OR
+criterion oval:ssg-test_grub2_page_poison_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_page_poison_in_grub_cfg_uefi:tst:1
+criteria OR
criteria OR
criterion oval:ssg-test_grub2_page_poison_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_page_poison_grub_cmdline_linux_from_grub_d:tst:1
criteria AND
criteria OR
criterion oval:ssg-test_grub2_page_poison_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_page_poison_grub_cmdline_linux_default_from_grub_d:tst:1
extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1
OVAL for rule 'xccdf_org.ssgproject.content_rule_grub2_slub_debug_argument' differs.
--- oval:ssg-grub2_slub_debug_argument:def:1
+++ oval:ssg-grub2_slub_debug_argument:def:1
@@ -1,9 +1,14 @@
criteria OR
criteria AND
criteria OR
+criterion oval:ssg-test_grub2_slub_debug_in_grub_cfg:tst:1
+criterion oval:ssg-test_grub2_slub_debug_in_grub_cfg_uefi:tst:1
+criteria OR
criteria OR
criterion oval:ssg-test_grub2_slub_debug_grub_cmdline_linux:tst:1
+criterion oval:ssg-test_grub2_slub_debug_grub_cmdline_linux_from_grub_d:tst:1
criteria AND
criteria OR
criterion oval:ssg-test_grub2_slub_debug_grub_cmdline_linux_default:tst:1
+criterion oval:ssg-test_grub2_slub_debug_grub_cmdline_linux_default_from_grub_d:tst:1
extend_definition oval:ssg-bootloader_disable_recovery_set_to_true:def:1
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_cron_installed'.
--- xccdf_org.ssgproject.content_rule_package_cron_installed
+++ xccdf_org.ssgproject.content_rule_package_cron_installed
@@ -222,6 +222,9 @@
SRG-OS-000480-GPOS-00227
[reference]:
+2.4.1.1
+
+[reference]:
2.2.6
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_service_cron_enabled'.
--- xccdf_org.ssgproject.content_rule_service_cron_enabled
+++ xccdf_org.ssgproject.content_rule_service_cron_enabled
@@ -223,6 +223,9 @@
[reference]:
PR.PT-3
+[reference]:
+2.4.1.1
+
[rationale]:
Due to its usage for maintenance and security-supporting tasks,
enabling the cron daemon is essential.
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_nis_removed'.
--- xccdf_org.ssgproject.content_rule_package_nis_removed
+++ xccdf_org.ssgproject.content_rule_package_nis_removed
@@ -5,6 +5,9 @@
[description]:
The support for Yellowpages should not be installed unless it is required.
+[reference]:
+2.2.1
+
[rationale]:
NIS is the historical SUN service for central account management, more and more replaced by LDAP.
NIS does not support efficiently security constraints, ACL, etc. and should not be used.
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_dhcp_removed'.
--- xccdf_org.ssgproject.content_rule_package_dhcp_removed
+++ xccdf_org.ssgproject.content_rule_package_dhcp_removed
@@ -214,6 +214,9 @@
R62
[reference]:
+2.1.3
+
+[reference]:
2.2.4
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_postfix_network_listening_disabled'.
--- xccdf_org.ssgproject.content_rule_postfix_network_listening_disabled
+++ xccdf_org.ssgproject.content_rule_postfix_network_listening_disabled
@@ -212,6 +212,9 @@
R74
[reference]:
+2.1.22
+
+[reference]:
1.4.2
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_chrony_installed'.
--- xccdf_org.ssgproject.content_rule_package_chrony_installed
+++ xccdf_org.ssgproject.content_rule_package_chrony_installed
@@ -23,6 +23,9 @@
R71
[reference]:
+2.3.1.1
+
+[reference]:
0988
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_xinetd_removed'.
--- xccdf_org.ssgproject.content_rule_package_xinetd_removed
+++ xccdf_org.ssgproject.content_rule_package_xinetd_removed
@@ -297,6 +297,9 @@
[reference]:
R62
+
+[reference]:
+2.1.20
[reference]:
1409
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_ypserv_removed'.
--- xccdf_org.ssgproject.content_rule_package_ypserv_removed
+++ xccdf_org.ssgproject.content_rule_package_ypserv_removed
@@ -306,6 +306,9 @@
[reference]:
R62
+
+[reference]:
+2.1.10
[reference]:
2.2.4
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_rsh_removed'.
--- xccdf_org.ssgproject.content_rule_package_rsh_removed
+++ xccdf_org.ssgproject.content_rule_package_rsh_removed
@@ -50,6 +50,9 @@
R62
[reference]:
+2.2.2
+
+[reference]:
2.2.4
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_talk_removed'.
--- xccdf_org.ssgproject.content_rule_package_talk_removed
+++ xccdf_org.ssgproject.content_rule_package_talk_removed
@@ -33,6 +33,9 @@
R62
[reference]:
+2.2.3
+
+[reference]:
2.2.4
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_telnet_removed'.
--- xccdf_org.ssgproject.content_rule_package_telnet_removed
+++ xccdf_org.ssgproject.content_rule_package_telnet_removed
@@ -49,6 +49,9 @@
R62
[reference]:
+2.2.4
+
+[reference]:
1409
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_tftp-server_removed'.
--- xccdf_org.ssgproject.content_rule_package_tftp-server_removed
+++ xccdf_org.ssgproject.content_rule_package_tftp-server_removed
@@ -280,6 +280,9 @@
[reference]:
R62
+
+[reference]:
+2.1.16
[reference]:
2.2.4
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_groupowner_sshd_config'.
--- xccdf_org.ssgproject.content_rule_file_groupowner_sshd_config
+++ xccdf_org.ssgproject.content_rule_file_groupowner_sshd_config
@@ -169,6 +169,9 @@
[reference]:
R50
+[reference]:
+5.1.1
+
[rationale]:
Service configuration files enable or disable features of their respective
services that if configured incorrectly can lead to insecure and vulnerable
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_owner_sshd_config'.
--- xccdf_org.ssgproject.content_rule_file_owner_sshd_config
+++ xccdf_org.ssgproject.content_rule_file_owner_sshd_config
@@ -169,6 +169,9 @@
[reference]:
R50
+[reference]:
+5.1.1
+
[rationale]:
Service configuration files enable or disable features of their respective
services that if configured incorrectly can lead to insecure and vulnerable
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_sshd_config'.
--- xccdf_org.ssgproject.content_rule_file_permissions_sshd_config
+++ xccdf_org.ssgproject.content_rule_file_permissions_sshd_config
@@ -169,6 +169,9 @@
R50
[reference]:
+5.1.1
+
+[reference]:
2.2.6
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_sshd_private_key'.
--- xccdf_org.ssgproject.content_rule_file_permissions_sshd_private_key
+++ xccdf_org.ssgproject.content_rule_file_permissions_sshd_private_key
@@ -182,6 +182,9 @@
R50
[reference]:
+5.1.2
+
+[reference]:
1449
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_file_permissions_sshd_pub_key'.
--- xccdf_org.ssgproject.content_rule_file_permissions_sshd_pub_key
+++ xccdf_org.ssgproject.content_rule_file_permissions_sshd_pub_key
@@ -181,6 +181,9 @@
R50
[reference]:
+5.1.3
+
+[reference]:
2.2.6
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_sshd_set_keepalive'.
--- xccdf_org.ssgproject.content_rule_sshd_set_keepalive
+++ xccdf_org.ssgproject.content_rule_sshd_set_keepalive
@@ -318,6 +318,9 @@
SRG-OS-000279-GPOS-00109
[reference]:
+5.1.7
+
+[reference]:
8.2.8
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout'.
--- xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout
+++ xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout
@@ -322,6 +322,9 @@
[reference]:
SRG-OS-000395-GPOS-00175
+
+[reference]:
+5.1.7
[reference]:
8.2.8
New content has different text for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords'.
--- xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords
+++ xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords
@@ -384,6 +384,9 @@
SRG-OS-000480-GPOS-00227
[reference]:
+5.1.20
+
+[reference]:
1546
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_root_login'.
--- xccdf_org.ssgproject.content_rule_sshd_disable_root_login
+++ xccdf_org.ssgproject.content_rule_sshd_disable_root_login
@@ -424,6 +424,9 @@
[reference]:
R33
+
+[reference]:
+5.1.21
[reference]:
1546
New content has different text for rule 'xccdf_org.ssgproject.content_rule_package_audit_installed'.
--- xccdf_org.ssgproject.content_rule_package_audit_installed
+++ xccdf_org.ssgproject.content_rule_package_audit_installed
@@ -132,6 +132,9 @@
R73
[reference]:
+6.2.1.1
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_service_auditd_enabled'.
--- xccdf_org.ssgproject.content_rule_service_auditd_enabled
+++ xccdf_org.ssgproject.content_rule_service_auditd_enabled
@@ -471,6 +471,9 @@
[reference]:
R73
+
+[reference]:
+6.2.1.2
[reference]:
1409
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_immutable'.
--- xccdf_org.ssgproject.content_rule_audit_rules_immutable
+++ xccdf_org.ssgproject.content_rule_audit_rules_immutable
@@ -374,6 +374,9 @@
R73
[reference]:
+6.2.3.36
+
+[reference]:
10.3.2
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_media_export'.
--- xccdf_org.ssgproject.content_rule_audit_rules_media_export
+++ xccdf_org.ssgproject.content_rule_audit_rules_media_export
@@ -391,6 +391,9 @@
R73
[reference]:
+6.2.3.21
+
+[reference]:
10.2.1.7
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification'.
--- xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification
+++ xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification
@@ -381,6 +381,9 @@
R73
[reference]:
+6.2.3.8
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions'.
--- xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions
+++ xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions
@@ -572,6 +572,9 @@
R73
[reference]:
+6.2.3.1
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group'.
--- xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group
+++ xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_group
@@ -551,6 +551,9 @@
R73
[reference]:
+6.2.3.12
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow'.
--- xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow
+++ xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_gshadow
@@ -551,6 +551,9 @@
R73
[reference]:
+6.2.3.14
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd'.
--- xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd
+++ xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_opasswd
@@ -557,6 +557,9 @@
R73
[reference]:
+6.2.3.15
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd'.
--- xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd
+++ xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_passwd
@@ -566,6 +566,9 @@
R73
[reference]:
+6.2.3.13
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow'.
--- xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow
+++ xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification_shadow
@@ -551,6 +551,9 @@
R73
[reference]:
+6.2.3.14
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_sudo_log_events'.
--- xccdf_org.ssgproject.content_rule_audit_sudo_log_events
+++ xccdf_org.ssgproject.content_rule_audit_sudo_log_events
@@ -45,6 +45,9 @@
R73
[reference]:
+6.2.3.3
+
+[reference]:
10.2.1.3
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod
@@ -424,6 +424,9 @@
R73
[reference]:
+6.2.3.18
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown
@@ -427,6 +427,9 @@
R73
[reference]:
+6.2.3.19
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod
@@ -424,6 +424,9 @@
R73
[reference]:
+6.2.3.18
+
+[reference]:
10.3.4
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat
@@ -424,6 +424,9 @@
R73
[reference]:
+6.2.3.18
+
+[reference]:
10.3.4
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown
@@ -430,6 +430,9 @@
R73
[reference]:
+6.2.3.19
+
+[reference]:
10.3.4
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat
@@ -427,6 +427,9 @@
R73
[reference]:
+6.2.3.19
+
+[reference]:
10.3.4
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr
@@ -451,6 +451,9 @@
R73
[reference]:
+6.2.3.20
+
+[reference]:
10.3.4
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr
@@ -445,6 +445,9 @@
R73
[reference]:
+6.2.3.20
+
+[reference]:
10.3.4
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown
@@ -427,6 +427,9 @@
R73
[reference]:
+6.2.3.19
+
+[reference]:
10.3.4
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr
@@ -457,6 +457,9 @@
R73
[reference]:
+6.2.3.20
+
+[reference]:
10.3.4
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr
@@ -445,6 +445,9 @@
R73
[reference]:
+6.2.3.20
+
+[reference]:
10.3.4
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr
@@ -456,6 +456,9 @@
R73
[reference]:
+6.2.3.20
+
+[reference]:
10.3.4
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr'.
--- xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr
+++ xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr
@@ -421,6 +421,9 @@
R73
[reference]:
+6.2.3.20
+
+[reference]:
10.3.4
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_rename
@@ -419,6 +419,9 @@
R73
[reference]:
+6.2.3.25
+
+[reference]:
10.2.1.7
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_renameat
@@ -419,6 +419,9 @@
R73
[reference]:
+6.2.3.25
+
+[reference]:
10.2.1.7
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlink
@@ -419,6 +419,9 @@
R73
[reference]:
+6.2.3.24
+
+[reference]:
10.2.1.7
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat
+++ xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events_unlinkat
@@ -419,6 +419,9 @@
R73
[reference]:
+6.2.3.24
+
+[reference]:
10.2.1.7
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat
+++ xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat
@@ -409,6 +409,9 @@
R73
[reference]:
+6.2.3.11
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate'.
--- xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate
+++ xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_ftruncate
@@ -412,6 +412,9 @@
R73
[reference]:
+6.2.3.11
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open'.
--- xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open
+++ xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open
@@ -412,6 +412,9 @@
R73
[reference]:
+6.2.3.11
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat'.
--- xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat
+++ xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat
@@ -412,6 +412,9 @@
R73
[reference]:
+6.2.3.11
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate'.
--- xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate
+++ xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_truncate
@@ -412,6 +412,9 @@
R73
[reference]:
+6.2.3.11
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete'.
--- xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete
+++ xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_delete
@@ -393,6 +393,9 @@
[reference]:
R73
+
+[reference]:
+6.2.3.33
[rationale]:
The removal of kernel modules can be used to alter the behavior of
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit'.
--- xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit
+++ xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_finit
@@ -393,6 +393,9 @@
[reference]:
R73
+
+[reference]:
+6.2.3.32
[rationale]:
The addition/removal of kernel modules can be used to alter the behavior of
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init'.
--- xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init
+++ xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading_init
@@ -393,6 +393,9 @@
[reference]:
R73
+
+[reference]:
+6.2.3.32
[rationale]:
The addition of kernel modules can be used to alter the behavior of
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock'.
--- xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock
+++ xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock
@@ -386,6 +386,9 @@
R73
[reference]:
+6.2.3.23
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog'.
--- xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog
+++ xccdf_org.ssgproject.content_rule_audit_rules_login_events_lastlog
@@ -404,6 +404,9 @@
R73
[reference]:
+6.2.3.23
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands'.
--- xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands
+++ xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands
@@ -437,6 +437,9 @@
R73
[reference]:
+6.2.3.10
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod'.
--- xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod
+++ xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod
@@ -68,6 +68,9 @@
[reference]:
R73
+[reference]:
+6.2.3.31
+
[rationale]:
Without generating audit records that are specific to the security and
mission needs of the organization, it would be difficult to establish,
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex'.
--- xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex
+++ xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex
@@ -374,6 +374,9 @@
R73
[reference]:
+6.2.3.4
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime'.
--- xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime
+++ xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime
@@ -374,6 +374,9 @@
R73
[reference]:
+6.2.3.4
+
+[reference]:
0582
[reference]:
New content has different text for rule 'xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime'.
--- xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime
+++ xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime
@@ -368,6 +368,9 @@
R73
[reference]:
+6.2.3.4
+
+[reference]:
0582
[reference]: |
|
Change in Ansible Please consider using more suitable Ansible module than |
|
Change in Ansible Please consider using more suitable Ansible module than |
Description: