On 7/27/14, 11:26 PM, Shawn Wells wrote:
DISA FSO has provided the following patches based on end-user feedback and updates done amongst the DISA FSO staff. Submitting to list on their behalf.-shawn Leland Steinke (21): Update aide_build_database Add VMS/DPMS mappings in stig_overlay Update VRelease attributes for DISA FSO VMS tags Add set_ip6tables_default_rule to common, map to STIG RHEL-06-000523 Update VRelease attribute for RHEL-06-000008 (ensure_redhat_gpgkey_installed) Add reload to set_ip6tables_default_rule [bugfix] modify file_permissions_library_dirs to follow symlinks [bugfix] Modify file_permissions_binary_dirs to follow symlinks Increment VRelease for sysctl_ipv6_default_accept_redirects/RHEL-06-000099 Check syscall audits explicitly to avoid partial matches Add applicability statement to audit_rules_time_stime/RHEL-06-000169 Give SELinux precedence over HBSS in install_hids/RHEL-06-000285 Update install_antivirus/RHEL-06-000284 from uvscan to VSEL/nails Remove display_login_attempts/RHEL-06-000506 from RHEL 6 STIG Add display_login_attempts/RHEL-06-000372 to STIG [bugfix] Update selinux_all_devicefiles to "any_exist" Increment OVAL version for selinux_all_devicefiles_labeled Update OVAL version for sysctl_net_ipv6_conf_default_accept_redirects Fix lowercase in system/auditing.xml Update severity of aide_build_database in stig_overlay.xml [bugfix] Correct static sysctl.conf check regex and increment versions RHEL/6/input/auxiliary/stig_overlay.xml | 87 +++++++++++--------- .../checks/selinux_all_devicefiles_labeled.xml | 2 +- RHEL/6/input/checks/sysctl_fs_suid_dumpable.xml | 2 +- .../input/checks/sysctl_kernel_dmesg_restrict.xml | 2 +- RHEL/6/input/checks/sysctl_kernel_exec_shield.xml | 2 +- .../checks/sysctl_kernel_randomize_va_space.xml | 2 +- .../sysctl_net_ipv4_conf_all_accept_redirects.xml | 2 +- ...ysctl_net_ipv4_conf_all_accept_source_route.xml | 2 +- .../sysctl_net_ipv4_conf_all_log_martians.xml | 2 +- .../checks/sysctl_net_ipv4_conf_all_rp_filter.xml | 2 +- .../sysctl_net_ipv4_conf_all_secure_redirects.xml | 2 +- .../sysctl_net_ipv4_conf_all_send_redirects.xml | 2 +- ...sctl_net_ipv4_conf_default_accept_redirects.xml | 2 +- ...l_net_ipv4_conf_default_accept_source_route.xml | 2 +- .../sysctl_net_ipv4_conf_default_rp_filter.xml | 2 +- ...sctl_net_ipv4_conf_default_secure_redirects.xml | 2 +- ...sysctl_net_ipv4_conf_default_send_redirects.xml | 2 +- ...sysctl_net_ipv4_icmp_echo_ignore_broadcasts.xml | 2 +- ..._net_ipv4_icmp_ignore_bogus_error_responses.xml | 2 +- RHEL/6/input/checks/sysctl_net_ipv4_ip_forward.xml | 2 +- .../checks/sysctl_net_ipv4_tcp_syncookies.xml | 2 +- .../sysctl_net_ipv6_conf_default_accept_ra.xml | 2 +- ...sctl_net_ipv6_conf_default_accept_redirects.xml | 2 +- RHEL/6/input/checks/templates/template_sysctl | 2 +- RHEL/6/input/profiles/common.xml | 1 + RHEL/6/input/system/accounts/pam.xml | 2 +- RHEL/6/input/system/auditing.xml | 3 + RHEL/6/input/system/network/iptables.xml | 2 + RHEL/6/input/system/permissions/files.xml | 4 +- RHEL/6/input/system/software/integrity.xml | 27 ++++-- 30 files changed, 97 insertions(+), 75 deletions(-)
went through patches individually - they were OK (once exception, patch 18) pushing patches on FSO's behalf... $ git push Enter passphrase for key '/home/shawnw/.ssh/id_rsa': Counting objects: 240, done. Delta compression using up to 2 threads. Compressing objects: 100% (202/202), done. Writing objects: 100% (202/202), 17.90 KiB, done. Total 202 (delta 157), reused 0 (delta 0) To ssh://[email protected]/git/scap-security-guide.git c20e040..c1c1972 master -> master -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
