search

ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://complianceascode.readthedocs.io/en/latest/
Other
2.23k stars 698 forks source link

CCE-90811-1 is `notselected` by SSG, however for DISA STIG it `fail` #11803

Closed mildas closed 7 months ago

mildas commented 7 months ago

Description of problem:

The content is misaligned with an external (third party) content that targets the same policy - typically, this means that a system hardened by our content doesn't pass the scan by the external content.

Details:

Rule CCE-90811-1 which is sshd_set_idle_timeout is notselected in our content. The equivalent rule in DISA STIG checks the requirement and results in fail.

Outcome:

SSG and DISA contents are aligned

SCAP Security Guide Version:

latest master

External Content's Version:

REHL9 V1R2

Mab879 commented 7 months ago

Set the requires on sshd_set_idle_timeout to sshd_set_keepalive