Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

scap-security-guide-0.1.78-1.el8_10.alma.1 RPM for noarch

From AlmaLinux 8.10 AppStream for s390x

Name: scap-security-guide Distribution: AlmaLinux
Version: 0.1.78 Vendor: AlmaLinux
Release: 1.el8_10.alma.1 Build date: Wed Oct 8 19:14:54 2025
Group: Applications/System Build host: s390x-builder02.almalinux.org
Size: 52638677 Source RPM: scap-security-guide-0.1.78-1.el8_10.alma.1.src.rpm
Packager: AlmaLinux Packaging Team <packager@almalinux.org>
Url: https://github.com/ComplianceAsCode/content/
Summary: Security guidance and baselines in SCAP formats
 
The scap-security-guide project provides a guide for configuration of the
system from the final system's security point of view. The guidance is specified
in the Security Content Automation Protocol (SCAP) format and constitutes
a catalog of practical hardening advice, linked to government requirements
where applicable. The project bridges the gap between generalized policy
requirements and specific implementation guidelines. The system
administrator can use the oscap CLI tool from openscap-scanner package, or the
scap-workbench GUI tool from scap-workbench package to verify that the system
conforms to provided guideline. Refer to scap-security-guide(8) manual page for
further information.

Provides

Requires

License

BSD-3-Clause

Changelog

* Wed Oct 08 2025 Andrew Lukoshko <alukoshko@almalinux.org> - 0.1.78-1.alma.1
  - Add AlmaLinux support
* Tue Sep 16 2025 Matthew Burket <mburket@redhat.com> - 0.1.78-1
  - Rebase scap-security-guide to the latest upstream version 0.1.78 (RHEL-111011)
  - Rule service_rngd_enabled is now evaluated on RHEL >= 8.4 in case kernel is not in FIPS mode (RHEL-95188)
  - Use default order in rule configure_gnutls_tls_crypto_policy (RHEL-1821)
  - Renable building of bash scripts (RHEL-105501)
* Tue Jun 03 2025 Matthew Burket <mburket@redhat.com> - 0.1.77-1
  - Rebase scap-security-guide to the latest upstream version 0.1.77 (RHEL-94802)
  - STIG: do not remediate rule disabling user namespaces (RHEL-76750)
* Tue Feb 25 2025 Vojtech Polasek <vpolasek@redhat.com> - 0.1.76-1
  - rebase scap-security-guide to the latest upstream version 0.1.76 (RHEL-74241)
* Fri Nov 15 2024 Matthew Burket <mburket@redhat.com> - 0.1.75-1
  - Rebase scap-security-guide to the latest upstream version (RHEL-66153)
  - detection of Grub2 kernel command line arguments has been enhanced to cover more use cases (RHEL-53365)
* Mon Aug 19 2024 Vojtech Polasek <vpolasek@redhat.com> - 0.1.74-3
  - fix build
  - keep firefox and rhel8 ds-1.2 files in the package in form of symbolic links to regular ds files
* Fri Aug 16 2024 Vojtech Polasek <vpolasek@redhat.com> - 0.1.74-2
  - include RHEL 7 artifacts from the last RHEL 7 build
* Fri Aug 09 2024 Matthew Burket <mburket@redhat.com> - 0.1.74-1
  - Rebase to a new upstream release 0.1.74 (RHEL-53913)
  - Improve Rsyslog rules to support RainerScript syntax (RHEL-1816)
  - Update password hashing settings for ANSSI-BP-028 (RHEL-54390)
* Wed Aug 07 2024 Milan Lysonek <mlysonek@redhat.com> - 0.1.73-2
  - Switch gating to tmt plan (RHEL-43242)
* Tue May 21 2024 Jan Černý <jcerny@redhat.com> - 0.1.73-1
  - Rebase scap-security-guide package to version 0.1.73 (RHEL-36733)
  - Change crypto policy used in the CUI profile to FIPS (RHEL-30346)
  - Fix file path identification in Rsyslog configuration (RHEL-17202)
  - Use a correct chrony server address in STIG profile (RHEL-1814)
  - Don't BuildRequire /usr/bin/python3 (RHEL-2244)
* Fri Feb 16 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-2
  - Unlist profiles no longer maintained in RHEL8.
* Wed Feb 14 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-1
  - Rebase to a new upstream release 0.1.72 (RHEL-25250)
  - Increase CIS standards coverage regarding SSH and cron (RHEL-1314)
  - Increase compatibility of accounts_tmout rule for ksh (RHEL-16896 and RHEL-1811)
  - Align Ansible and Bash remediation in sssd_certificate_verification rule (RHEL-1313)
  - Add a warning to rule service_rngd_enabled about rule applicability (RHEL-1819)
  - Add rule to terminate idle user sessions after defined time (RHEL-1801)
  - Allow spaces around equal sign in /etc/sudoers (RHEL-1904)
  - Add remediation for rule fapolicy_default_deny (RHEL-1817)
  - Fix invalid syntax in file /usr/share/scap-security-guide/ansible/rhel8-playbook-ospp.yml (RHEL-19127)
  - Refactor ensure_pam_wheel_group_empty (RHEL-1905)
  - Prevent remediation of display_login_attempts rule from creating redundant configuration entries (RHEL-1809)
  - Update PCI-DSS to v4 (RHEL-1808)
  - Fix regex in Ansible remediation of configure_ssh_crypto_policy (RHEL-1820)
* Thu Aug 17 2023 Vojtech Polasek <vpolasek@redhat.com> - 0.1.69-2
  - remove problematic rule from ANSSI High profile (RHBZ#2221695)
* Thu Aug 10 2023 Jan Černý <jcerny@redhat.com> - 0.1.69-1
  - Rebase to a new upstream release 0.1.69 (RHBZ#2221695)
  - Fixed CCE link URL (RHBZ#2178516)
  - align remediations with rule description for rule configuring OpenSSL cryptopolicy (RHBZ#2192893)
  - Add rule audit_rules_login_events_faillock to STIG profile (RHBZ#2167999)
  - Fixed rules related to AIDE configuration (RHBZ#2175684)
  - Allow default permissions for files stored on EFI FAT partitions (RHBZ#2184487)
  - Add appropriate STIGID to accounts_passwords_pam_faillock_interval rule (RHBZ#2209073)
  - improved and unified OVAL checks checking for interactive users (RHBZ#2157877)
  - update ANSSI BP-028 profiles to be aligned with version 2.0 (RHBZ#2155789)
  - unify OVAL checks to correctly identify interactive users (RHBZ#2178740)
  - make rule checking for Postfix unrestricted relay accept more variants of valid configuration syntax (RHBZ#2170530)
  - Fixed excess quotes in journald configuration files (RHBZ#2169857)
  - rules related to polyinstantiated directories are not applied when building images for Image Builder (RHBZ#2130182)
  - evaluation and remediation of rules related to mount points have been enhanced for Image Builder (RHBZ#2130185)
  - do not enable FIPS mode when creating hardened images for Image Builder (RHBZ#2130181)
  - Correct URL used to download CVE checks (RHBZ#2222583)
  - mention exact required configuration value in description of some PAM related rules (RHBZ#2175882)
  - make mount point related rules not applicable when no such mount points exist (RHBZ#2176008)
  - improve checks determining if FIPS mode is enabled (RHBZ#2129100)
* Mon Feb 13 2023 Watson Sato <wsato@redhat.com> - 0.1.66-2
  - Unselect rule logind_session_timeout (RHBZ#2158404)
* Mon Feb 06 2023 Watson Sato <wsato@redhat.com> - 0.1.66-1
  - Rebase to a new upstream release 0.1.66 (RHBZ#2158404)
  - Update RHEL8 STIG profile to V1R9 (RHBZ#2152658)
  - Fix levels of CIS rules (RHBZ#2162803)
  - Remove unused RHEL8 STIG control file (RHBZ#2156192)
  - Fix accounts_password_pam_unix_remember's check and remediations (RHBZ#2153547)
  - Fix handling of space in sudo_require_reauthentication (RHBZ#2152208)
  - Add rule for audit immutable login uids (RHBZ#2151553)
  - Fix remediation of audit watch rules (RHBZ#2119356)
  - Align file_permissions_sshd_private_key with DISA Benchmark (RHBZ#2115343)
  - Fix applicability of kerberos rules (RHBZ#2099394)
  - Add support rainer scripts in rsyslog rules (RHBZ#2072444)
* Tue Jan 10 2023 Watson Sato <wsato@redhat.com> - 0.1.63-5
  - Update RHEL8 STIG profile to V1R8 (RHBZ#2148446)
  - Add rule warning for sysctl IPv4 forwarding config (RHBZ#2118758)
  - Fix remediation for firewalld_sshd_port_enabled (RHBZ#2116474)
  - Fix compatibility with Ansible 2.14
* Wed Aug 17 2022 Watson Sato <wsato@redhat.com> - 0.1.63-4
  - Fix check of enable_fips_mode on s390x (RHBZ#2070564)
* Mon Aug 15 2022 Watson Sato <wsato@redhat.com> - 0.1.63-3
  - Fix Ansible partition conditional (RHBZ#2032403)
* Wed Aug 10 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-2
  - aligning with the latest STIG update (RHBZ#2112937)
  - OSPP: use Authselect minimal profile (RHBZ#2117192)
  - OSPP: change rules for protecting of boot (RHBZ#2116440)
  - add warning about configuring of TCP queues to rsyslog_remote_loghost (RHBZ#2078974)
  - fix handling of Defaults clause in sudoers (RHBZ#2083109)
  - make rules checking for mount options of /tmp and /var/tmp applicable only when the partition really exists (RHBZ#2032403)
  - fix handling of Rsyslog include directives (RHBZ#2075384)
* Mon Aug 01 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-1
  - Rebase to a new upstream release 0.1.63 (RHBZ#2070564)
* Wed Jun 01 2022 Matej Tyc <matyc@redhat.com> - 0.1.62-1
  - Rebase to a new upstream release (RHBZ#2070564)
* Tue May 17 2022 Watson Sato <wsato@redhat.com> - 0.1.60-9
  - Fix validation of OVAL 5.10 content (RHBZ#2079241)
  - Fix Ansible sysctl remediation (RHBZ#2079241)
* Tue May 03 2022 Watson Sato <wsato@redhat.com> - 0.1.60-8
  - Update to ensure a sysctl option is not defined in multiple files (RHBZ#2079241)
  - Update RHEL8 STIG profile to V1R6 (RHBZ#2079241)
* Thu Feb 24 2022 Watson Sato <wsato@redhat.com> - 0.1.60-7
  - Resize ANSSI kickstart partitions to accommodate GUI installs (RHBZ#2058033)
* Wed Feb 23 2022 Matthew Burket <mburket@redhat.com> - 0.1.60-6
  - Fix another issue with getting STIG items in create_scap_delta_tailoring.py (RHBZ#2014485)
* Mon Feb 21 2022 Gabriel Becker <ggasparb@redhat.com> - 0.1.60-5
  - Remove tmux process runinng check in configure_bashrc_exec_tmux (RHBZ#2055860)
  - Fix issue with getting STIG items in create_scap_delta_tailoring.py (RHBZ#2014485)
  - Update rule enable_fips_mode to check only for technical state (RHBZ#2014485)
* Wed Feb 16 2022 Watson Sato <wsato@redhat.com> - 0.1.60-4
  - Fix Ansible service disabled tasks (RHBZ#2014485)
  - Set rule package_krb5-workstation_removed as not applicable on RHV (RHBZ#2055149)
* Mon Feb 14 2022 Gabriel Becker <ggasparb@redhat.com> - 0.1.60-3
  - Update sudoers rules in RHEL8 STIG V1R5 (RHBZ#2049555)
  - Add missing SRG references in RHEL8 STIG V1R5 rules (RHBZ#2049555)
  - Update chronyd_or_ntpd_set_maxpoll to disregard server and poll directives (RHBZ#2026301)
  - Fix GRUB2 rule template to configure the module correctly on RHEL8 (RHBZ#2030966)
  - Update GRUB2 rule descriptions (RHBZ#2014485)
  - Make package_rear_installed not applicable on AARCH64 (RHBZ#2014485)
* Fri Feb 11 2022 Watson Sato <wsato@redhat.com> - 0.1.60-2
  - Update RHEL8 STIG profile to V1R5 (RHBZ#2049555)
  - Align audit rules for OSPP profile (RHBZ#2000264)
  - Fix rule selection in ANSSI Enhanced profile (RHBZ#2053587)
* Thu Jan 27 2022 Watson Sato <wsato@redhat.com> - 0.1.60-1
  - Rebase to a new upstream release (RHBZ#2014485)
* Wed Dec 01 2021 Watson Sato <wsato@redhat.com> - 0.1.59-1
  - Rebase to a new upstream release (RHBZ#2014485)
* Fri Oct 15 2021 Matej Tyc <matyc@redhat.com> - 0.1.58-1
  - Rebase to a new upstream release. (RHBZ#2014485)
  - Add a VM wait handling to fix issues with tests.
* Tue Aug 24 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-4
  - Fix a value selector in RHEL8 CIS L1 profiles (RHBZ#1993197)
* Mon Aug 23 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-3
  - Fix remaining audit rules file permissions (RHBZ#1993056)
  - Mark a STIG service rule as machine only (RHBZ#1993056)
  - Fix a remaining broken RHEL7 documentation link. (RHBZ#1966577)
* Fri Aug 20 2021 Marcus Burghardt <maburgha@redhat.com> - 0.1.57-2
  - Update Ansible login banner fixes to avoid unnecessary updates (RHBZ#1857179)
  - Include tests for Ansible Playbooks that remove and reintroduce files.
  - Update RHEL8 STIG profile to V1R3 (RHBZ#1993056) 
  - Improve Audit Rules remediation to group similar syscalls (RHBZ#1876483)
  - Reestructure RHEL7 and RHEL8 CIS profiles according to the policy (RHBZ#1993197)
  - Add Kickstart files for ISM profile (RHBZ#1955373)
  - Fix broken RHEL7 documentation links (RHBZ#1966577)
* Fri Jul 30 2021 Matej Tyc <matyc@redhat.com> - 0.1.57-1
  - Update to the latest upstream release (RHBZ#1966577)
  - Enable the ISM profile.
* Tue Jun 08 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.56-2
  - Create subpackage to hold ansible playbooks per rule (RHBZ#1966604)
* Tue Jun 01 2021 Watson Sato <wsato@redhat.com> - 0.1.56-1
  - Update to the latest upstream release (RHBZ#1966577)
  - Add ANSSI High Profile (RHBZ#1955183)
* Wed Feb 17 2021 Watson Sato <wsato@redhat.com> - 0.1.54-5
  - Remove Kickstart for not shipped profile (RHBZ#1778188)
* Tue Feb 16 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.54-4
  - Remove auditd_data_retention_space_left from RHEL8 STIG profile (RHBZ#1918742)
* Tue Feb 16 2021 Vojtech Polasek <vpolasek@redhat.com> - 0.1.54-3
  - drop kernel_module_vfat_disabled from CIS profiles (RHBZ#1927019)
* Fri Feb 12 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.54-2
  - Add initial RHEL8 STIG V1R1 profile (RHBZ#1918742)
* Thu Feb 04 2021 Watson Sato <wsato@redhat.com> - 0.1.54-1
  - Update to the latest upstream release (RHBZ#1889344)
  - Add Minimal, Intermediary and Enhanced ANSSI Profiles (RHBZ#1778188)
* Fri Jan 08 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.53-4
  - Fix description of rule installed_OS_is_vendor_supported (RHBZ#1914193)
  - Fix RHEL6 CPE dictionary (RHBZ#1899059)
  - Fix SRG mapping references for ssh_client_rekey_limit and use_pam_wheel_for_su (RHBZ#1914853)
* Tue Dec 15 2020 Gabriel Becker <ggasparb@redhat.com> - 0.1.53-3
  - Enforce pam_wheel for "su" in the OSPP pr