-
By trial and error, I've discovered that this is the minimal XML that the STIG viewer will accept for results import, including "pass", "fail", and (the useless) "notchecked"
```xml
pa…
-
changing /etc/login.def to set umask 077 is not sufficient, since /etc/profiles defaults to set umask 022 for interactive users.
Recommend also fixing /etc/profiles as well as part of those fixes a…
-
I'm not sure why but I get the feeling the SCAP content provided by DISA at https://iasecontent.disa.mil/stigs/zip/U_Red_Hat_Enterprise_Linux_7_V2R1_STIG_SCAP_1-2_Benchmark.zip is faulty.
These are…
-
Hello,
I am implementing RHEL7-STIG on machines that are using AD auth with SSSD.
Our AD already implements account lockout after failed password attempts.
With the way RHEL7-STIG currently s…
-
**Is your feature request related to a problem? Please describe.**
Running Lynis against at hardened system finds that `PrintLastLog yes`is not set in `/etc/ssh/sshd_config`.
I think it's a good ide…
-
Currently there are ~~roughly 130~~ **19** Cat 2 STIG items that are not implemented in this role. Need to finish these before a 1.0 release.
**High Priority CAT2 Items (always flagged by a benchm…
-
I have run into an issue when opening a checklist with manual checklist entries. I get the error when attempting to open with STIG Viewer. Originally, I was getting the same issue as [#259 ](https://…
-
We are trying to use the python put_object. It's failing on anything larger than 5MB because we are required by RHEL STIG to have fips enabled. md5 is not fips compliant and so it's disabled in the …
-
Spooler Service is STOPPED [Fail]
Spooler Service START TYPE is DISABLED [Fail]
These should be Pass or Informative. Disabling the print spooler on a DC is for hardening purposes.
-
I'm using the oscap addon and have the following in my kickstart:
```text
repo --name=openscap-latest --baseurl=https://copr-be.cloud.fedoraproject.org/results/openscapmaint/openscap-latest/epel-7…