scap-security-guide-0.1.77-3.el9 RPM for noarch

From CentOS Stream 9 AppStream for ppc64le

The scap-security-guide project provides a guide for configuration of the
system from the final system's security point of view. The guidance is specified
in the Security Content Automation Protocol (SCAP) format and constitutes
a catalog of practical hardening advice, linked to government requirements
where applicable. The project bridges the gap between generalized policy
requirements and specific implementation guidelines. The system
administrator can use the oscap CLI tool from openscap-scanner package, or the
scap-workbench GUI tool from scap-workbench package to verify that the system
conforms to provided guideline. Refer to scap-security-guide(8) manual page for
further information.

Provides

• scap-security-guide

Requires

• openscap-scanner >= 1.2.5
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• xml-common

License

BSD-3-Clause

Changelog

* Fri Jun 27 2025 Vojtech Polasek <vpolasek@redhat.com> - 0.1.77-3
  - fix incorrect applicability of Grub2 UEFI specific rules
  - replace grub-mkconfig with grub2-mkconfig in rule descriptions
* Fri Jun 06 2025 Matthew Burket <mburket@redhat.com> - 0.1.77-2
  - Turn on SCE for this release (RHEL-94803)
* Tue Jun 03 2025 Matthew Burket <mburket@redhat.com> - 0.1.77-1
  - Rebase to scap-security-guide version 0.1.77 (RHEL-94803)
  - rule networkmanager_dns_mode now checks dropin files and has more resilient regex (RHEL-62843)
  - rsyslog_remote_loghost checks for Rainer Script syntax as well (RHEL-62731)
  - improve checking of Grub2 superuser and password configuration (RHEL-58818)
* Tue Feb 25 2025 Vojtech Polasek <vpolasek@redhat.com> - 0.1.76-1
  - rebase scap-security-guide to the latest upstream version 0.1.76 (RHEL-74240)
  - modify the rule require_singleuser_auth to honor overriding mechanism offered by Systemd (RHEL-71936)
  - make the rule sysctl_user_max_user_namespaces informational and unscored in RHEL 9 STIG profile (RHEL-40120)
  - align checking of approved SSH ciphers with latest STIG policy (RHEL-65432)
* Fri Nov 15 2024 Matthew Burket <mburket@redhat.com> - 0.1.75-1
  - Rebase to new release (RHEL-66154)
  - the rule sshd_use_priv_separation is no longer used (RHEL-66057)
  - add a rule checking for presence of chrony to CIS RHEL 9 profile (RHEL-60005)
  - remediation of Networkmanager DNS mode now remediates value "default" (RHEL-53426)
  - Adjust mount_option_nodev_nonroot_local_partitions to work in Image Builder environments. (RHEL-45018)
  - Adjusted rules related to sshd ensure constancy in checked values and ensure that drop in configuration files are checked. (RHEL-38206)
* Fri Aug 09 2024 Matthew Burket <mburket@redhat.com> - 0.1.74-1
  - Rebase to a new upstream release 0.1.74 (RHEL-53865)
  - Ensure authselect features are preserved by enable_authselect rule (RHEL-39383)
  - Fix check for passwords last changed date (RHEL-47129)
  - Remediations of Journald configuration files now include a correct section (RHEL-38531)
  - Adjust service requirements for CIS profiles (RHEL-23852)
  - Update password hashing settings for ANSSI-BP-028 (RHEL-44983)
* Wed Aug 07 2024 Milan Lysonek <mlysonek@redhat.com> - 0.1.73-2
  - Switch gating to tmt plan (RHEL-43243)
* Mon May 20 2024 Vojtech Polasek <vpolasek@redhat.com> - 0.1.73-1
  - Rebase to a new upstream release 0.1.73 (RHEL-36663)
  - Correctly parse sudo options even if they are not quoted (RHEL-31976)
  - Ensure that web links within kickstart files are valid (RHEL-30735)
  - Align set of allowed SSH ciphers with STIG requirement (RHEL-29684)
  - Add audit rules on /etc/sysconfig/network-scripts (RHEL-29308)
  - Remove rule restricting user namespaces from stig_gui profile (RHEL-10416)
  - Add rule which enables auditing of files within /etc/sysconfig/network-scripts (RHEL-1093)
* Tue Feb 13 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-1
  - Rebase to a new upstream release 0.1.72 (RHEL-21425)
  - Check dropin files in /etc/systemd/journald.conf.d/ (RHEL-14484)
  - Fix remediation to not update comments (RHEL-1484)
  - Fix package check on SCAP tests for dnf settings (RHEL-17417)
  - Update description for audit_rules_kernel_module_loading (RHEL-1489)
  - Disable remediation for /dev/shm options in offline mode (RHEL-16801)
  - Include explanatory comment in the remediation of CCE-83871-4 (RHEL-17418)
* Tue Dec 05 2023 Jan Černý <jcerny@redhat.com> - 0.1.69-3
  - Align STIG profile with official DISA STIG for RHEL 9 (RHEL-1807)
* Thu Aug 17 2023 Jan Černý <jcerny@redhat.com> - 0.1.69-2
  - Remove OpenSSH crypto policy hardening rules from STIG profile (RHBZ#2221697)
  - Fix ANSSI High profile with secure boot (RHBZ#2221697)
* Wed Aug 09 2023 Jan Černý <jcerny@redhat.com> - 0.1.69-1
  - Rebase to a new upstream release 0.1.69 (RHBZ#2221697)
  - Improve CIS benchmark rules related to auditing of kernel module related events (RHBZ#2209657)
  - SSSD configuration files are now created with correct permissions whenever remediating SSSD related rules (RHBZ#2211511)
  - add warning about migration of network configuration files when upgrading from RHEL 8 to RHEL 9 (RHBZ#2172555)
  - Correct URL used to download CVE checks. (RHBZ#2223178)
  - update ANSSI BP-028 profiles to be aligned with version 2.0 (RHBZ#2155790)
  - Fixed excess quotes in journald configuration files (RHBZ#2193169)
  - Change rules checking home directories to apply only to local users (RHBZ#2203791)
  - Change rules checking password age to apply only to local users (RHBZ#2213958)
  - Updated man page (RHBZ#2060028)

Files

/usr/share/doc/scap-security-guide/LICENSE
/usr/share/man/man8/scap-security-guide.8.gz
/usr/share/scap-security-guide/ansible/cs9-playbook-anssi_bp28_enhanced.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-anssi_bp28_high.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-anssi_bp28_intermediary.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-anssi_bp28_minimal.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-ccn_advanced.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-ccn_basic.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-ccn_intermediate.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-cis.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-cis_server_l1.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-cis_workstation_l1.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-cis_workstation_l2.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-cui.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-e8.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-hipaa.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-ism_o.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-ospp.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-pci-dss.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-stig.yml
/usr/share/scap-security-guide/ansible/cs9-playbook-stig_gui.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-anssi_bp28_enhanced.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-anssi_bp28_high.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-anssi_bp28_intermediary.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-anssi_bp28_minimal.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-ccn_advanced.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-ccn_basic.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-ccn_intermediate.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-cis.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-cis_server_l1.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-cis_workstation_l1.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-cis_workstation_l2.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-cui.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-e8.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-hipaa.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-ism_o.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-ospp.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-pci-dss.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-stig.yml
/usr/share/scap-security-guide/ansible/rhel9-playbook-stig_gui.yml
/usr/share/scap-security-guide/kickstart
/usr/share/scap-security-guide/kickstart/ssg-rhel9-anssi_bp28_enhanced-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-anssi_bp28_high-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-anssi_bp28_intermediary-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-anssi_bp28_minimal-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-ccn_advanced-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-ccn_basic-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-ccn_intermediate-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-cis-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-cis_server_l1-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-cis_workstation_l1-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-cis_workstation_l2-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-cui-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-e8-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-hipaa-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-ism_o-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-ospp-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-pci-dss-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-stig-ks.cfg
/usr/share/scap-security-guide/kickstart/ssg-rhel9-stig_gui-ks.cfg
/usr/share/xml/scap/ssg/content
/usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml
/usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 15 05:05:29 2025