scap-security-guide  

Messages by Thread

• oscap & jboss on Fedora Ivan Saez Scheihing
  • Re: oscap & jboss on Fedora David Smith
  • Re: oscap & jboss on Fedora Martin Preisler
  • Re: oscap & jboss on Fedora Ivan Saez Scheihing
  • Re: oscap & jboss on Fedora Ivan Saez Scheihing
  • Re: oscap & jboss on Fedora Martin Preisler
  • Re: oscap & jboss on Fedora Ivan Saez Scheihing
  • Re: oscap & jboss on Fedora Martin Preisler
  • Re: oscap & jboss on Fedora Martin Preisler
• Seeking feedback on GovReady - tools for government-ready configurations of software Greg Elin
  • Re: Seeking feedback on GovReady - tools for government-ready configurations of software Shawn Wells
  • Re: Seeking feedback on GovReady - tools for government-ready configurations of software Greg Elin
• [PATCH 15/15] Adding sysctl_net_ipv6_conf_all_accept_ra_value for XCCDF calls Shawn Wells
• [PATCH 14/15] Adding sysctl_net_ipv6_conf_all_accept_ra XCCDF Shawn Wells
• [PATCH 13/15] Adding sysctl_net_ipv6_conf_all_accept_ra in support of C2S profile Shawn Wells
• [PATCH 12/15] [Fedora] adding transforms/.gitignore Shawn Wells
• [PATCH 11/15] Adding service_*_enabled.sh remediation scripts Shawn Wells
• [PATCH 09/15] Added OVAL signoff to service_enabled and service_disabled templates Shawn Wells
• [PATCH 10/15] Adding signoff to service_disabled and service_enabled oval templates Shawn Wells
• [PATCH 08/15] Adding package_*_removed.sh scripts Shawn Wells
• [PATCH 07/15] Updated RHEL6 OVAL templates Shawn Wells
• [PATCH 05/15] Updated RHEL6 OVAL create_services_enabled.py to create bash remediation Shawn Wells
• [PATCH 06/15] Updated RHEL6 OVAL template create_sysctl_checks.py to include bash remediation Shawn Wells
• [PATCH 03/15] Updated RHEL6 OVAL template create_kernel_modules_disabled.py to include bash remediation scripts Shawn Wells
• [PATCH 04/15] Updated RHEL6 OVAL template create_services_disabled.py to generate bash remediation Shawn Wells
• [PATCH 02/15] Updated RHEL6 OVAL template 'create_package_removed.py' to build bash scripts Shawn Wells
• [PATCH 01/15] Added --rules-without-fix to RHEL6 verify-references.py Shawn Wells
• [PATCH] [RHEL/6] accounts_umask_etc_profile - when checking umask check all the occurrences not just the first one (because the last listed one is actually the one applied) Jan Lieskovsky
  • Re: [PATCH] [RHEL/6] accounts_umask_etc_profile - when checking umask check all the occurrences not just the first one (because the last listed one is actually the one applied) Shawn Wells
  • Re: [PATCH] [RHEL/6] accounts_umask_etc_profile - when checking umask check all the occurrences not just the first one (because the last listed one is actually the one applied) Jan Lieskovsky
• [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Jan Lieskovsky
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Shawn Wells
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Kayse, Josh
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Kayse, Josh
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Shawn Wells
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Trevor Vaughan
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Shawn Wells
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Trevor Vaughan
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Shawn Wells
  • RE: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Trey Henefield
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Trevor Vaughan
  • RE: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Trey Henefield
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Trevor Vaughan
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Shawn Wells
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Trevor Vaughan
  • RE: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Roach, Brian
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Trevor Vaughan
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Jan Lieskovsky
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Trevor Vaughan
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Jan Lieskovsky
  • Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively Kayse, Josh
  • Please ignore this patch, it's wrong [was: Re: [PATCH] [RHEL/6] Search for nousb kernel command line argument in /etc/grub.conf within bootloader_nousb_argument check case-insensitively] Jan Lieskovsky
• [PATCH] [RHEL/6] Case-insensitively check the presence of audit=1 expression on the kernel command line in /etc/grub.conf within bootloader_audit_argument check Jan Lieskovsky
  • Re: [PATCH] [RHEL/6] Case-insensitively check the presence of audit=1 expression on the kernel command line in /etc/grub.conf within bootloader_audit_argument check Shawn Wells
  • Please ignore this patch, it's wrong [was: Re: [PATCH] [RHEL/6] Case-insensitively check the presence of audit=1 expression on the kernel command line in /etc/grub.conf within bootloader_audit_argument check] Jan Lieskovsky
• [PATCH] [RHEL/6] Make the (selinux|enforcing)=0 test within enable_selinux_bootloader check case-insensitive Jan Lieskovsky
  • Re: [PATCH] [RHEL/6] Make the (selinux|enforcing)=0 test within enable_selinux_bootloader check case-insensitive Shawn Wells
  • Please ignore this patch, it's wrong [was: Re: [PATCH] [RHEL/6] Make the (selinux|enforcing)=0 test within enable_selinux_bootloader check case-insensitive] Jan Lieskovsky
• Propose removal of "Disable anacron Service" Trevor Vaughan
  • Re: Propose removal of "Disable anacron Service" Jeffrey Blank
  • Re: Propose removal of "Disable anacron Service" Shawn Wells
• [PATCH 25/26] Updating RHEL/6/output/.gitignore Shawn Wells
• [PATCH 26/26] Updating commit per Jan's feedback Shawn Wells
• [PATCH 24/26] Updating C2S profile Shawn Wells
• [PATCH 22/26] C2S 6.1.10 --> service_atd_disabled Shawn Wells
• [PATCH 23/26] C2S 7.1.1 --> accounts_maximum_age_login_defs Shawn Wells
• [PATCH 19/26] C2S 3.2 --> packagegroup_xwindows_remove Shawn Wells
• [PATCH 20/26] C2S 3.16 --> postfix_network_listening_disabled Shawn Wells
• [PATCH 21/26] Adding rsyslog_nolisten mapping Shawn Wells
• [PATCH 17/26] C2S 1.1.6 --> mount_option_var_tmp_bind_var Shawn Wells
• [PATCH 16/26] Mapped C2S 9.2.11 to gid_passwd_group_same Shawn Wells
• [PATCH 18/26] C2S 1.1.10 --> mount_option_nodev_nonroot_local_partitions Shawn Wells
• [PATCH 15/26] Adding C2S into build system Shawn Wells
• [PATCH 14/26] New Profile Shawn Wells
• [PATCH 13/26] [bugfix] kernel_module_hfs_disabledplus --> kernel_module_hfsplus_disabled Shawn Wells
• [PATCH 11/26] New RHEL6 rule Shawn Wells
• [PATCH 06/26] typo fix Shawn Wells
• [PATCH 07/26] New Rule Shawn Wells
• [PATCH 12/26] New RHEL6 rule Shawn Wells
• [PATCH 09/26] New RHEL6 Rule Shawn Wells
• [PATCH 10/26] New RHEL6 rule Shawn Wells
• [PATCH 04/26] Moved RHEL6 selinux_policytype.sh to shared/ Shawn Wells
• [PATCH 08/26] XCCDF Rule Rename Shawn Wells
• [PATCH 05/26] New RHEL6 Rule Shawn Wells
• [PATCH 03/26] Moved RHEL6 selinux_state.sh to shared Shawn Wells
• [PATCH 01/26] New Remediation Shawn Wells
• [PATCH 00/26] Resubmission of C2S profile Shawn Wells
  • Re: [PATCH 00/26] Resubmission of C2S profile Shawn Wells
  • Re: [PATCH 00/26] Resubmission of C2S profile Jeffrey Blank
  • Re: [PATCH 00/26] Resubmission of C2S profile Andrew Gilmore
  • Re: [PATCH 00/26] Resubmission of C2S profile Shawn Wells
  • Re: [PATCH 00/26] Resubmission of C2S profile Trevor Vaughan
• [PATCH 02/26] New Remediation Shawn Wells
• [PATCH v2] [shared] Allow comments in sshd config directives, support only lowercase sshd config values (yes/no) Jan Lieskovsky
  • Re: [PATCH v2] [shared] Allow comments in sshd config directives, support only lowercase sshd config values (yes/no) Shawn Wells
  • Re: [PATCH v2] [shared] Allow comments in sshd config directives, support only lowercase sshd config values (yes/no) Jan Lieskovsky
• [PATCH 14/15] New Profile Shawn Wells
• [PATCH 15/15] Adding C2S into build system Shawn Wells
• [PATCH 12/15] New RHEL6 rule Shawn Wells
• [PATCH 11/15] New RHEL6 rule Shawn Wells
• [PATCH 13/15] [bugfix] kernel_module_hfs_disabledplus --> kernel_module_hfsplus_disabled Shawn Wells
• [PATCH 08/15] XCCDF Rule Rename Shawn Wells
• [PATCH 10/15] New RHEL6 rule Shawn Wells
• [PATCH 09/15] New RHEL6 Rule Shawn Wells
• [PATCH 04/15] Moved RHEL6 selinux_policytype.sh to shared/ Shawn Wells
  • Re: [PATCH 04/15] Moved RHEL6 selinux_policytype.sh to shared/ Jan Lieskovsky
• [PATCH 06/15] typo fix Shawn Wells
• [PATCH 02/15] New Remediation Shawn Wells
  • Re: [PATCH 02/15] New Remediation Jan Lieskovsky
  • Re: [PATCH 02/15] New Remediation Shawn Wells
• [PATCH 03/15] Moved RHEL6 selinux_state.sh to shared Shawn Wells
  • Re: [PATCH 03/15] Moved RHEL6 selinux_state.sh to shared Jan Lieskovsky
• [PATCH 05/15] New RHEL6 Rule Shawn Wells
  • Re: [PATCH 05/15] New RHEL6 Rule Jan Lieskovsky
  • Re: [PATCH 05/15] New RHEL6 Rule Shawn Wells
• [PATCH 00/15] Adding new profile, C2S Shawn Wells
  • Re: [PATCH 00/15] Adding new profile, C2S Jeffrey Blank
  • Re: [PATCH 00/15] Adding new profile, C2S Shawn Wells
  • Re: [PATCH 00/15] Adding new profile, C2S Shawn Wells
  • Re: [PATCH 00/15] Adding new profile, C2S Jeffrey Blank
• [PATCH 07/15] New Rule Shawn Wells
  • Re: [PATCH 07/15] New Rule Jan Lieskovsky
  • Re: [PATCH 07/15] New Rule Shawn Wells
• [PATCH 01/15] New Remediation Shawn Wells
  • Re: [PATCH 01/15] New Remediation Jan Lieskovsky
  • Re: [PATCH 01/15] New Remediation Shawn Wells
• [PATCH] [RHEL/6] Fix couple of typos in CS2 Example Server Profile Jan Lieskovsky
  • Re: [PATCH] [RHEL/6] Fix couple of typos in CS2 Example Server Profile David Smith
  • Re: [PATCH] [RHEL/6] Fix couple of typos in CS2 Example Server Profile Jan Lieskovsky
• [PATCH] /etc/login.defs password rules - allow heading spaces, trailing comments. Start using shared version for maximum password age Jan Lieskovsky
  • Re: [PATCH] /etc/login.defs password rules - allow heading spaces, trailing comments. Start using shared version for maximum password age Shawn Wells
  • Re: [PATCH] /etc/login.defs password rules - allow heading spaces, trailing comments. Start using shared version for maximum password age Jan Lieskovsky
• [PATCH] [shared] Allow comments in sshd config directives Jan Lieskovsky
  • Re: [PATCH] [shared] Allow comments in sshd config directives Jan Ruzicka
  • Re: [PATCH] [shared] Allow comments in sshd config directives Jan Lieskovsky
  • Re: [PATCH] [shared] Allow comments in sshd config directives Ronald
• SSG generate fix banner text Gallagher, Michael L
  • RE: SSG generate fix banner text Trey Henefield
  • Re: SSG generate fix banner text Shawn Wells
• [PATCH] [RHEL/6] rsyslog_nolisten + system/logging.xml changes Jan Lieskovsky
  • Re: [PATCH] [RHEL/6] rsyslog_nolisten + system/logging.xml changes Shawn Wells
  • Re: [PATCH] [RHEL/6] rsyslog_nolisten + system/logging.xml changes Jan Lieskovsky
• [PATCH] [RHEL/6] Don't allow whitespace around equal sign in /etc/sysconfig/init Jan Lieskovsky
  • Re: [PATCH] [RHEL/6] Don't allow whitespace around equal sign in /etc/sysconfig/init Shawn Wells
  • Re: [PATCH] [RHEL/6] Don't allow whitespace around equal sign in /etc/sysconfig/init Jan Ruzicka
  • Re: [PATCH] [RHEL/6] Don't allow whitespace around equal sign in /etc/sysconfig/init Jan Lieskovsky
  • Re: [PATCH] [RHEL/6] Don't allow whitespace around equal sign in /etc/sysconfig/init Jan Lieskovsky
• CSCF-RHEL6-MLS profile Kordell, Luke T
  • Re: CSCF-RHEL6-MLS profile Shawn Wells
  • Re: CSCF-RHEL6-MLS profile Shawn Wells
• Review request for couple of pending patches Jan Lieskovsky
  • Re: Review request for couple of pending patches Martin Preisler
  • Re: Review request for couple of pending patches Jan Lieskovsky
  • Re: Review request for couple of pending patches Martin Preisler
  • Re: Review request for couple of pending patches Jan Lieskovsky
  • Re: Review request for couple of pending patches Shawn Wells
  • Re: Review request for couple of pending patches Jan Lieskovsky
• RHEL6 & STIG Steve Thomas
  • RE: RHEL6 & STIG Kordell, Luke T
• Lastlog Implementation Kayse, Josh
• [PATCH] [RHEL/6] Don't require exact permissions on httpd directories / files (AKA allow also stronger permissions to meet the checks) Jan Lieskovsky
• audit rules and -a exit,always Steve Grubb
  • Re: audit rules and -a exit,always leam hall
• [PATCH] [shared] When checking permissions on /etc/group and /etc/passwd allow also stronger permissions than just exactly 0644 Jan Lieskovsky
  • Re: [PATCH] [shared] When checking permissions on /etc/group and /etc/passwd allow also stronger permissions than just exactly 0644 Trevor Vaughan
  • Re: [PATCH] [shared] When checking permissions on /etc/group and /etc/passwd allow also stronger permissions than just exactly 0644 Jan Lieskovsky
  • Re: [PATCH] [shared] When checking permissions on /etc/group and /etc/passwd allow also stronger permissions than just exactly 0644 Shawn Wells
• [PATCH] [RHEL/6] Allow /boot/grub/grub.conf permissions to be stronger than 0600 Jan Lieskovsky
  • Re: [PATCH] [RHEL/6] Allow /boot/grub/grub.conf permissions to be stronger than 0600 Shawn Wells
• [PATCH] Service cgred (service name for binary cgrulesengd) is gone in RHEL 7. Maura Dailey
  • Re: [PATCH] Service cgred (service name for binary cgrulesengd) is gone in RHEL 7. Jan Lieskovsky
  • Re: [PATCH] Service cgred (service name for binary cgrulesengd) is gone in RHEL 7. Maura Dailey
  • Re: [PATCH] Service cgred (service name for binary cgrulesengd) is gone in RHEL 7. Jan Lieskovsky
  • Re: [PATCH] Service cgred (service name for binary cgrulesengd) is gone in RHEL 7. Maura Dailey
  • Re: [PATCH] Service cgred (service name for binary cgrulesengd) is gone in RHEL 7. Shawn Wells
  • Re: [PATCH] Service cgred (service name for binary cgrulesengd) is gone in RHEL 7. Trevor Vaughan
• [PATCH] Shared check was missing RHEL 7 platform line Maura Dailey
  • Re: [PATCH] Shared check was missing RHEL 7 platform line Jan Lieskovsky
  • Re: [PATCH] Shared check was missing RHEL 7 platform line Maura Dailey
  • Re: [PATCH] Shared check was missing RHEL 7 platform line Jan Lieskovsky
• ensure_gpgcheck_globally_activated Delorenzo, Michael A CIV USARMY ARDEC (US)
  • Re: ensure_gpgcheck_globally_activated Ronald
  • RE: ensure_gpgcheck_globally_activated Delorenzo, Michael A CIV USARMY ARDEC (US)
  • Re: ensure_gpgcheck_globally_activated Ronald
  • [PATCH] Fix broken references to ensure_gpgcheck_globally_activated [was: Re: ensure_gpgcheck_globally_activated] Jan Lieskovsky
• [PATCH] Consolidate ntp and openssh package checks for Fedora, RHEL 6, and RHEL 7 into the shared directory, since they all share the same package name. Maura Dailey
  • Re: [PATCH] Consolidate ntp and openssh package checks for Fedora, RHEL 6, and RHEL 7 into the shared directory, since they all share the same package name. Jan Lieskovsky
• MLS_CSCF profile Kordell, Luke T
  • Re: MLS_CSCF profile Shawn Wells
• IPV6 and security? Andrew Gilmore
  • Re: IPV6 and security? Shawn Wells
  • Re: IPV6 and security? Frank Caviggia
  • Re: IPV6 and security? Shawn Wells
  • Re: IPV6 and security? Steve Grubb
  • Re: IPV6 and security? Andrew Gilmore
  • Re: IPV6 and security? Steve Grubb
  • Re: IPV6 and security? Andrew Gilmore
  • RE: IPV6 and security? (UNCLASSIFIED) Beavers, Randall D. CTR (US)
  • Re: IPV6 and security? (UNCLASSIFIED) Frank Caviggia
• [PATCH] Removing ntpdate as a package doesn't make sense, because it's a dependency of ntp, a package we want to be installed. It's suffient to check that the ntpdate service is not configured to start. Maura Dailey

• Earlier messages
• Later messages