rpms / scap-security-guide

Clone
Source Code
GIT

Files

  1.   721d24fb3493dfda52785c0348f30b2f62b52d45
  2.   SOURCES
  3.   scap-security-guide-0.1.25-centos-menu-branding.patch
Blob Blame History Raw 
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/C2S.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/C2S.xml
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/C2S.xml	2016-06-22 12:56:46.000000000 +0000
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/C2S.xml	2016-11-15 16:20:21.101599393 +0000
@@ -1,10 +1,10 @@
 <Profile id="C2S">
-<title>C2S for Red Hat Enterprise Linux 7</title>
+<title>C2S for CentOS Linux 7</title>
 <description>This profile demonstrates compliance against the
 U.S. Government Commercial Cloud Services (C2S) baseline.
 
 This baseline was inspired by the Center for Internet Security
-(CIS) Red Hat Enterprise Linux 7 Benchmark, v1.1.0 - 04-02-2015.
+(CIS) CentOS Linux 7 Benchmark, v1.1.0 - 04-02-2015.
 For the SCAP Security Guide project to remain in compliance with
 CIS' terms and conditions, specifically Restrictions(8), note
 there is no representation or claim that the C2S profile will
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/nist-CL-IL-AL.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/nist-CL-IL-AL.xml
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/nist-CL-IL-AL.xml	2016-06-22 12:56:46.000000000 +0000
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/nist-CL-IL-AL.xml	2016-11-15 18:30:22.535473255 +0000
@@ -1,5 +1,5 @@
 <Profile id="nist-cl-il-al" extends="common">
-<title override="true">CNSSI 1253 Low/Low/Low Control Baseline for Red Hat Enterprise Linux 7</title>
+<title override="true">CNSSI 1253 Low/Low/Low Control Baseline for CentOS Linux 7</title>
 <description override="true">This profile follows the Committee on National Security Systems Instruction
 (CNSSI) No. 1253, "Security Categorization and Control Selection for National Security
 Systems" on security controls to meet low confidentiality, low integrity, and low
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/ospp-rhel7-server.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/ospp-rhel7-server.xml
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/ospp-rhel7-server.xml	2016-06-22 12:56:46.000000000 +0000
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/ospp-rhel7-server.xml	2016-11-15 18:30:44.136480430 +0000
@@ -1,6 +1,6 @@
 <Profile id="ospp-rhel7-server">
 <title>United States Government Configuration Baseline (USGCB / STIG)</title>
-<description override="true">This is a *draft* profile for NIAP OSPP v4.0. This profile is being developed under the National Information Assurance Partnership. The scope of this profile is to configure Red Hat Enteprise Linux 7 against the NIAP Protection Profile for General Purpose Operating Systems v4.0. The NIAP OSPP profile also serves as a working draft for USGCB submission against RHEL7 Server.</description>
+<description override="true">This is a *draft* profile for NIAP OSPP v4.0. This profile is being developed under the National Information Assurance Partnership. The scope of this profile is to configure CentOS Linux 7 against the NIAP Protection Profile for General Purpose Operating Systems v4.0. The NIAP OSPP profile also serves as a working draft for USGCB submission against CentOS7 Server.</description>
 
 <!-- OSPP v4.0 is available here:
      https://www.niap-ccevs.org/pp/PP_OS_v4.0/ 
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/pci-dss.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/pci-dss.xml
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/pci-dss.xml	2016-11-15 18:35:12.316574543 +0000
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/pci-dss.xml	2016-11-15 18:31:03.287486842 +0000
@@ -1,5 +1,5 @@
 <Profile id="pci-dss" xmlns="http://checklists.nist.gov/xccdf/1.1">
-<title>PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7</title>
+<title>PCI-DSS v3 Control Baseline for CentOS Linux 7</title>
 <description>This is a *draft* profile for PCI-DSS v3</description>
 
 <refine-value idref="var_password_pam_unix_remember" selector="4" />
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/pci-dss.xml.rhel7_pcidss_drop_rpm_verify_permissions_rule scap-security-guide-0.1.30.new/RHEL/7/input/profiles/pci-dss.xml.rhel7_pcidss_drop_rpm_verify_permissions_rule
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/pci-dss.xml.rhel7_pcidss_drop_rpm_verify_permissions_rule	2016-06-22 12:56:46.000000000 +0000
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/pci-dss.xml.rhel7_pcidss_drop_rpm_verify_permissions_rule	2016-11-15 18:31:24.039493843 +0000
@@ -1,5 +1,5 @@
 <Profile id="pci-dss" xmlns="http://checklists.nist.gov/xccdf/1.1">
-<title>PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7</title>
+<title>PCI-DSS v3 Control Baseline for CentOS Linux 7</title>
 <description>This is a *draft* profile for PCI-DSS v3</description>
 
 <refine-value idref="var_password_pam_unix_remember" selector="4" />
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/rht-ccp.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/rht-ccp.xml
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/rht-ccp.xml	2016-06-22 12:56:46.000000000 +0000
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/rht-ccp.xml	2016-11-15 18:32:04.251507569 +0000
@@ -98,11 +98,11 @@
 <select idref="sysctl_kernel_ipv6_disable" selected="true"/>
 <select idref="service_ip6tables_enabled" selected="true"/>
 
-This requirement does not apply against Red Hat Enterprise Linux 7:
+This requirement does not apply against CentOS Linux 7:
 see: https://github.com/OpenSCAP/scap-security-guide/issues/66 for details.
 <select idref="kernel_module_rds_disabled" selected="true"/>
 
-This requirement does not apply against Red Hat Enterprise Linux 7:
+This requirement does not apply against CentOS Linux 7:
 see: https://github.com/OpenSCAP/scap-security-guide/issues/67 for details.
 <select idref="kernel_module_tipc_disabled" selected="true"/>
 
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/standard.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/standard.xml
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/standard.xml	2016-06-22 12:56:46.000000000 +0000
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/standard.xml	2016-11-15 18:32:32.999517516 +0000
@@ -1,6 +1,6 @@
 <Profile id="standard">
 <title>Standard System Security Profile</title>
-<description>This profile contains rules to ensure standard security baseline of Red Hat Enterprise Linux 7 system.
+<description>This profile contains rules to ensure standard security baseline of CentOS Linux 7 system.
 Regardless of your system's workload all of these checks should pass.</description>
 
 <select idref="ensure_redhat_gpgkey_installed" selected="true" />
@@ -14,7 +14,7 @@ Regardless of your system's workload all
 <select idref="accounts_root_path_dirs_no_write" selected="true"/>
 <select idref="dir_perms_world_writable_sticky_bits" selected="true" />
 
-<!-- The following rules currently returns 'notapplicable' on RHEL-7 container -->
+<!-- The following rules currently returns 'notapplicable' on CentOS-7 container -->
 <!-- Investigate why, fix the issues, and re-enable back once fixed -->
 <!-- <select idref="accounts_password_all_shadowed" selected="true"/> -->
 <!-- <select idref="root_path_no_dot" selected="true"/> -->
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/stig-rhel7-server-gui-upstream.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/stig-rhel7-server-gui-upstream.xml
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/stig-rhel7-server-gui-upstream.xml	2016-06-22 12:56:46.000000000 +0000
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/stig-rhel7-server-gui-upstream.xml	2016-11-15 18:32:48.434522900 +0000
@@ -1,5 +1,5 @@
 <Profile id="stig-rhel7-server-gui-upstream" extends="stig-rhel7-server-upstream">
-<title override="true">STIG for Red Hat Enterprise Linux 7 Server Running GUIs</title>
+<title override="true">STIG for CentOS Linux 7 Server Running GUIs</title>
 <description override="true">This is a *draft* profile for STIG. This profile is being developed under the DoD consensus model to become a STIG in coordination with DISA FSO.</description>
 
 <!-- DISA FSO REFINEMENT VALUES
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/stig-rhel7-server-upstream.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/stig-rhel7-server-upstream.xml
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/stig-rhel7-server-upstream.xml	2016-06-22 12:56:46.000000000 +0000
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/stig-rhel7-server-upstream.xml	2016-11-15 18:33:07.232529497 +0000
@@ -1,5 +1,5 @@
 <Profile id="stig-rhel7-server-upstream" extends="ospp-rhel7-server">
-<title override="true">STIG for Red Hat Enterprise Linux 7 Server</title>
+<title override="true">STIG for CentOS Linux 7 Server</title>
 <description override="true">This is a *draft* profile for STIG. This profile is being developed under the DoD consensus model to become a STIG in coordination with DISA FSO.</description>
 
 <!-- DISA FSO REFINEMENT VALUES
diff -uNrp scap-security-guide-0.1.30/RHEL/7/input/profiles/stig-rhel7-workstation-upstream.xml scap-security-guide-0.1.30.new/RHEL/7/input/profiles/stig-rhel7-workstation-upstream.xml
--- scap-security-guide-0.1.30/RHEL/7/input/profiles/stig-rhel7-workstation-upstream.xml	2016-06-22 12:56:46.000000000 +0000
+++ scap-security-guide-0.1.30.new/RHEL/7/input/profiles/stig-rhel7-workstation-upstream.xml	2016-11-15 18:33:34.107539010 +0000
@@ -1,5 +1,5 @@
 <Profile id="stig-rhel7-workstation-upstream" extends="stig-rhel7-server-gui-upstream">
-<title override="true">STIG for Red Hat Enterprise Linux 7 Workstation</title>
+<title override="true">STIG for CentOS Linux 7 Workstation</title>
 <description override="true">This is a *draft* profile for STIG. This profile is being developed under the DoD consensus model to become a STIG in coordination with DISA FSO.</description>
 
 <!-- DISA FSO REFINEMENT VALUES
diff -uNrp scap-security-guide-0.1.30.orig/RHEL/7/input/profiles/cjis-rhel7-server.xml scap-security-guide-0.1.30/RHEL/7/input/profiles/cjis-rhel7-server.xml
--- scap-security-guide-0.1.30.orig/RHEL/7/input/profiles/cjis-rhel7-server.xml	2016-06-22 12:56:46.000000000 +0000
+++ scap-security-guide-0.1.30/RHEL/7/input/profiles/cjis-rhel7-server.xml	2017-03-03 10:31:09.864377323 +0000
@@ -1,6 +1,6 @@
 <Profile id="cjis-rhel7-server">
 <title>Criminal Justice Information Services (CJIS) Security Policy</title>
-<description override="true">This is a *draft* profile for CJIS v5.4. The scope of this profile is to configure Red Hat Enteprise Linux 7 against the U. S. Department of Justice, FBI CJIS Security Policy.
+<description override="true">This is a *draft* profile for CJIS v5.4. The scope of this profile is to configure CentOS Linux 7 against the U. S. Department of Justice, FBI CJIS Security Policy.
 </description>
 
 <!-- CJIS v5.4 is available here:
@@ -118,7 +118,7 @@
 <select idref="sysctl_net_ipv4_icmp_echo_ignore_broadcasts" selected="true" />
 
 <!-- 5.10.1.2 Encryption -->
-<!-- How can I make RHEL 6 or RHEL 7 FIPS 140-2 compliant? https://access.redhat.com/solutions/137833 -->
+<!-- How can I make CentOS 6 or CentOS 7 FIPS 140-2 compliant? https://access.redhat.com/solutions/137833 -->
 <refine-value idref="var_password_pam_ocredit" selector="1" />
 <refine-value idref="var_password_pam_dcredit" selector="1" />
 <refine-value idref="var_password_pam_ucredit" selector="1" />
@@ -141,4 +141,4 @@
 <!-- 5.13.1.3 Bluetooth -->
 <select idref="kernel_module_bluetooth_disabled" selected="true"/>
 
-</Profile>
\ No newline at end of file
+</Profile>

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation