Updated V2R2 update with latest saf cli release #49
+761
−1,505
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR will update the RHEL8 repository to Version 2 Release 2 of the latest STIG guidance
Removed Controls:
SV-230348, SV-230349, SV-230350, SV-230353, SV-230368, SV-244537, SV-244540, SV-245540, SV-251717"
New Controls:
SV-268322: RHEL 8 must not allow blank or null passwords in the system-auth file.
Modified Controls:
SV-230233: Check text, SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS input values changed. SHA_CRYPT_MIN_ROUNDS" or "SHA_CRYPT_MAX_ROUNDS" is set, and this value is below "100000" (Previously "5000")
FIPS-140-2 --> FIPS-140-3
SV-230251: Check text, MACs entries to verify in opensshserver.config changed
SV-230252: Verify ciphers use FIPS-140-3 instead of FIPS-140-2 algorithms
SV-230253: Control now only applicable for RHEL versions 8.0 and 8.1
SV-230315: Minor check text changes, no revisions necessary
SV-230379: Command for checking system accounts changed from using sudo more to just the less command
SV-230470: Additional condition for determining if control is not applicable: 'If the system is a virtual machine with no virtual or physical USB peripherals attached, this is not a finding.'
SV-230524, SV-244548: Additional conditions for verifying peripheral / USB device security
'If the USBGuard package is not installed, ask the SA to indicate how unauthorized peripherals are being blocked.
If there is no evidence that unauthorized peripherals are being blocked before establishing a connection, this is a finding.
If the system is a virtual machine with no virtual or physical USB peripherals attached, this is not a finding.'
SV-230548: Removes note in check text specifying that control is not applicable if containers are in use
SV-230559: Additional condition specifying whether results are a finding for control: 'If NFS mounts are being used, this is not a finding'
SV-244527: Additional note specifying that requirement not applicable for RHEL versions 8.4 and above
SV-244547: New note specifying requirement not applicable for virtual machines with no virtual or physical USB devices attached.
SV-257728: Idle user session length lowered from 900 to 600 seconds, control now only applicable to RHEL versions 8.7 and higher