|
 |
ee8600 |
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/C2S.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/C2S.xml
|
|
|
ee8600 |
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/C2S.xml 2016-06-22 12:56:46.000000000 +0000
|
|
|
ee8600 |
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/C2S.xml 2016-11-15 16:20:21.101599393 +0000
|
|
|
ee8600 |
@@ -1,10 +1,10 @@
|
|
|
ee8600 |
<Profile id="C2S">
|
|
|
ee8600 |
-<title>C2S for Red Hat Enterprise Linux 7</title>
|
|
|
ee8600 |
+<title>C2S for CentOS Linux 7</title>
|
|
|
ee8600 |
<description>This profile demonstrates compliance against the
|
|
|
ee8600 |
U.S. Government Commercial Cloud Services (C2S) baseline.
|
|
|
ee8600 |
|
|
|
ee8600 |
This baseline was inspired by the Center for Internet Security
|
|
|
ee8600 |
-(CIS) Red Hat Enterprise Linux 7 Benchmark, v1.1.0 - 04-02-2015.
|
|
|
ee8600 |
+(CIS) CentOS Linux 7 Benchmark, v1.1.0 - 04-02-2015.
|
|
|
ee8600 |
For the SCAP Security Guide project to remain in compliance with
|
|
|
ee8600 |
CIS' terms and conditions, specifically Restrictions(8), note
|
|
|
ee8600 |
there is no representation or claim that the C2S profile will
|
|
|
ee8600 |
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/cjis-rhel7-server.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/cjis-rhel7-server.xml
|
|
|
ee8600 |
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/cjis-rhel7-server.xml 2016-06-22 12:56:46.000000000 +0000
|
|
|
ee8600 |
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/cjis-rhel7-server.xml 2016-11-15 18:29:47.554461773 +0000
|
|
|
ee8600 |
@@ -1,6 +1,6 @@
|
|
|
ee8600 |
<Profile id="cjis-rhel7-server">
|
|
|
ee8600 |
<title>Criminal Justice Information Services (CJIS) Security Policy</title>
|
|
|
ee8600 |
-<description override="true">This is a *draft* profile for CJIS v5.4. The scope of this profile is to configure Red Hat Enteprise Linux 7 against the U. S. Department of Justice, FBI CJIS Security Policy.
|
|
|
ee8600 |
+<description override="true">This is a *draft* profile for CJIS v5.4. The scope of this profile is to configure CentOS Linux 7 against the U. S. Department of Justice, FBI CJIS Security Policy.
|
|
|
ee8600 |
</description>
|
|
|
ee8600 |
|
|
|
ee8600 |
|
|
|
ee8600 |
@@ -118,7 +118,7 @@
|
|
|
ee8600 |
<select idref="sysctl_net_ipv4_icmp_echo_ignore_broadcasts" selected="true" />
|
|
|
ee8600 |
|
|
|
ee8600 |
|
|
|
ee8600 |
-
|
|
|
ee8600 |
+
|
|
|
ee8600 |
<refine-value idref="var_password_pam_ocredit" selector="1" />
|
|
|
ee8600 |
<refine-value idref="var_password_pam_dcredit" selector="1" />
|
|
|
ee8600 |
<refine-value idref="var_password_pam_ucredit" selector="1" />
|
|
|
ee8600 |
@@ -141,4 +141,4 @@
|
|
|
ee8600 |
|
|
|
ee8600 |
<select idref="kernel_module_bluetooth_disabled" selected="true"/>
|
|
|
ee8600 |
|
|
|
ee8600 |
-</Profile>
|
|
|
ee8600 |
\ No newline at end of file
|
|
|
ee8600 |
+</Profile>
|
|
|
ee8600 |
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/nist-CL-IL-AL.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/nist-CL-IL-AL.xml
|
|
|
ee8600 |
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/nist-CL-IL-AL.xml 2016-06-22 12:56:46.000000000 +0000
|
|
|
ee8600 |
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/nist-CL-IL-AL.xml 2016-11-15 18:30:22.535473255 +0000
|
|
|
ee8600 |
@@ -1,5 +1,5 @@
|
|
|
ee8600 |
<Profile id="nist-cl-il-al" extends="common">
|
|
|
ee8600 |
-<title override="true">CNSSI 1253 Low/Low/Low Control Baseline for Red Hat Enterprise Linux 7</title>
|
|
|
ee8600 |
+<title override="true">CNSSI 1253 Low/Low/Low Control Baseline for CentOS Linux 7</title>
|
|
|
ee8600 |
<description override="true">This profile follows the Committee on National Security Systems Instruction
|
|
|
ee8600 |
(CNSSI) No. 1253, "Security Categorization and Control Selection for National Security
|
|
|
ee8600 |
Systems" on security controls to meet low confidentiality, low integrity, and low
|
|
|
ee8600 |
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/ospp-rhel7-server.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/ospp-rhel7-server.xml
|
|
|
ee8600 |
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/ospp-rhel7-server.xml 2016-06-22 12:56:46.000000000 +0000
|
|
|
ee8600 |
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/ospp-rhel7-server.xml 2016-11-15 18:30:44.136480430 +0000
|
|
|
ee8600 |
@@ -1,6 +1,6 @@
|
|
|
ee8600 |
<Profile id="ospp-rhel7-server">
|
|
|
ee8600 |
<title>United States Government Configuration Baseline (USGCB / STIG)</title>
|
|
|
ee8600 |
-<description override="true">This is a *draft* profile for NIAP OSPP v4.0. This profile is being developed under the National Information Assurance Partnership. The scope of this profile is to configure Red Hat Enteprise Linux 7 against the NIAP Protection Profile for General Purpose Operating Systems v4.0. The NIAP OSPP profile also serves as a working draft for USGCB submission against RHEL7 Server.</description>
|
|
|
ee8600 |
+<description override="true">This is a *draft* profile for NIAP OSPP v4.0. This profile is being developed under the National Information Assurance Partnership. The scope of this profile is to configure CentOS Linux 7 against the NIAP Protection Profile for General Purpose Operating Systems v4.0. The NIAP OSPP profile also serves as a working draft for USGCB submission against CentOS7 Server.</description>
|
|
|
ee8600 |
|
|
|
ee8600 |
|
|
|
ee8600 |
https://www.niap-ccevs.org/pp/PP_OS_v4.0/
|
|
|
ee8600 |
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/pci-dss.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/pci-dss.xml
|
|
|
ee8600 |
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/pci-dss.xml 2016-11-15 18:35:12.316574543 +0000
|
|
|
ee8600 |
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/pci-dss.xml 2016-11-15 18:31:03.287486842 +0000
|
|
|
ee8600 |
@@ -1,5 +1,5 @@
|
|
|
ee8600 |
<Profile id="pci-dss" xmlns="http://checklists.nist.gov/xccdf/1.1">
|
|
|
ee8600 |
-<title>PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7</title>
|
|
|
ee8600 |
+<title>PCI-DSS v3 Control Baseline for CentOS Linux 7</title>
|
|
|
ee8600 |
<description>This is a *draft* profile for PCI-DSS v3</description>
|
|
|
ee8600 |
|
|
|
ee8600 |
<refine-value idref="var_password_pam_unix_remember" selector="4" />
|
|
|
ee8600 |
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/pci-dss.xml.rhel7_pcidss_drop_rpm_verify_permissions_rule scap-security-guide-0.1.30.new/RHEL/7/input/profiles/pci-dss.xml.rhel7_pcidss_drop_rpm_verify_permissions_rule
|
|
|
ee8600 |
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/pci-dss.xml.rhel7_pcidss_drop_rpm_verify_permissions_rule 2016-06-22 12:56:46.000000000 +0000
|
|
|
ee8600 |
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/pci-dss.xml.rhel7_pcidss_drop_rpm_verify_permissions_rule 2016-11-15 18:31:24.039493843 +0000
|
|
|
ee8600 |
@@ -1,5 +1,5 @@
|
|
|
ee8600 |
<Profile id="pci-dss" xmlns="http://checklists.nist.gov/xccdf/1.1">
|
|
|
ee8600 |
-<title>PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7</title>
|
|
|
ee8600 |
+<title>PCI-DSS v3 Control Baseline for CentOS Linux 7</title>
|
|
|
ee8600 |
<description>This is a *draft* profile for PCI-DSS v3</description>
|
|
|
ee8600 |
|
|
|
ee8600 |
<refine-value idref="var_password_pam_unix_remember" selector="4" />
|
|
|
ee8600 |
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/rht-ccp.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/rht-ccp.xml
|
|
|
ee8600 |
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/rht-ccp.xml 2016-06-22 12:56:46.000000000 +0000
|
|
|
ee8600 |
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/rht-ccp.xml 2016-11-15 18:32:04.251507569 +0000
|
|
|
ee8600 |
@@ -98,11 +98,11 @@
|
|
|
ee8600 |
<select idref="sysctl_kernel_ipv6_disable" selected="true"/>
|
|
|
ee8600 |
<select idref="service_ip6tables_enabled" selected="true"/>
|
|
|
ee8600 |
|
|
|
ee8600 |
-This requirement does not apply against Red Hat Enterprise Linux 7:
|
|
|
ee8600 |
+This requirement does not apply against CentOS Linux 7:
|
|
|
ee8600 |
see: https://github.com/OpenSCAP/scap-security-guide/issues/66 for details.
|
|
|
ee8600 |
<select idref="kernel_module_rds_disabled" selected="true"/>
|
|
|
ee8600 |
|
|
|
ee8600 |
-This requirement does not apply against Red Hat Enterprise Linux 7:
|
|
|
ee8600 |
+This requirement does not apply against CentOS Linux 7:
|
|
|
ee8600 |
see: https://github.com/OpenSCAP/scap-security-guide/issues/67 for details.
|
|
|
ee8600 |
<select idref="kernel_module_tipc_disabled" selected="true"/>
|
|
|
ee8600 |
|
|
|
ee8600 |
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/standard.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/standard.xml
|
|
|
ee8600 |
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/standard.xml 2016-06-22 12:56:46.000000000 +0000
|
|
|
ee8600 |
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/standard.xml 2016-11-15 18:32:32.999517516 +0000
|
|
|
ee8600 |
@@ -1,6 +1,6 @@
|
|
|
ee8600 |
<Profile id="standard">
|
|
|
ee8600 |
<title>Standard System Security Profile</title>
|
|
|
ee8600 |
-<description>This profile contains rules to ensure standard security baseline of Red Hat Enterprise Linux 7 system.
|
|
|
ee8600 |
+<description>This profile contains rules to ensure standard security baseline of CentOS Linux 7 system.
|
|
|
ee8600 |
Regardless of your system's workload all of these checks should pass.</description>
|
|
|
ee8600 |
|
|
|
ee8600 |
<select idref="ensure_redhat_gpgkey_installed" selected="true" />
|
|
|
ee8600 |
@@ -14,7 +14,7 @@ Regardless of your system's workload all
|
|
|
ee8600 |
<select idref="accounts_root_path_dirs_no_write" selected="true"/>
|
|
|
ee8600 |
<select idref="dir_perms_world_writable_sticky_bits" selected="true" />
|
|
|
ee8600 |
|
|
|
ee8600 |
-
|
|
|
ee8600 |
+
|
|
|
ee8600 |
|
|
|
ee8600 |
|
|
|
ee8600 |
|
|
|
ee8600 |
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/stig-rhel7-server-gui-upstream.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/stig-rhel7-server-gui-upstream.xml
|
|
|
ee8600 |
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/stig-rhel7-server-gui-upstream.xml 2016-06-22 12:56:46.000000000 +0000
|
|
|
ee8600 |
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/stig-rhel7-server-gui-upstream.xml 2016-11-15 18:32:48.434522900 +0000
|
|
|
ee8600 |
@@ -1,5 +1,5 @@
|
|
|
ee8600 |
<Profile id="stig-rhel7-server-gui-upstream" extends="stig-rhel7-server-upstream">
|
|
|
ee8600 |
-<title override="true">STIG for Red Hat Enterprise Linux 7 Server Running GUIs</title>
|
|
|
ee8600 |
+<title override="true">STIG for CentOS Linux 7 Server Running GUIs</title>
|
|
|
ee8600 |
<description override="true">This is a *draft* profile for STIG. This profile is being developed under the DoD consensus model to become a STIG in coordination with DISA FSO.</description>
|
|
|
ee8600 |
|
|
|
ee8600 |
|
|
|
ee8600 |
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/stig-rhel7-server-upstream.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/stig-rhel7-server-upstream.xml
|
|
|
ee8600 |
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/stig-rhel7-server-upstream.xml 2016-06-22 12:56:46.000000000 +0000
|
|
|
ee8600 |
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/stig-rhel7-server-upstream.xml 2016-11-15 18:33:07.232529497 +0000
|
|
|
ee8600 |
@@ -1,5 +1,5 @@
|
|
|
ee8600 |
<Profile id="stig-rhel7-server-upstream" extends="ospp-rhel7-server">
|
|
|
ee8600 |
-<title override="true">STIG for Red Hat Enterprise Linux 7 Server</title>
|
|
|
ee8600 |
+<title override="true">STIG for CentOS Linux 7 Server</title>
|
|
|
ee8600 |
<description override="true">This is a *draft* profile for STIG. This profile is being developed under the DoD consensus model to become a STIG in coordination with DISA FSO.</description>
|
|
|
ee8600 |
|
|
|
ee8600 |
|
|
|
ee8600 |
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/stig-rhel7-workstation-upstream.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/stig-rhel7-workstation-upstream.xml
|
|
|
ee8600 |
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/stig-rhel7-workstation-upstream.xml 2016-06-22 12:56:46.000000000 +0000
|
|
|
ee8600 |
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/stig-rhel7-workstation-upstream.xml 2016-11-15 18:33:34.107539010 +0000
|
|
|
ee8600 |
@@ -1,5 +1,5 @@
|
|
|
ee8600 |
<Profile id="stig-rhel7-workstation-upstream" extends="stig-rhel7-server-gui-upstream">
|
|
|
ee8600 |
-<title override="true">STIG for Red Hat Enterprise Linux 7 Workstation</title>
|
|
|
ee8600 |
+<title override="true">STIG for CentOS Linux 7 Workstation</title>
|
|
|
ee8600 |
<description override="true">This is a *draft* profile for STIG. This profile is being developed under the DoD consensus model to become a STIG in coordination with DISA FSO.</description>
|
|
|
ee8600 |
|
|
|
ee8600 |
|