search for: scap

Hello, I have noticed that pci-dss profile, ssg-centos7-xccdf.xml will always fail on test and remediation for disable_prelink rule. That seem to be caused by insufficient CentOS RPM customization of upstream code. Specifically this: https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/disable_prelink.xml#L24-L35 <https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/disable_prelink.xml> That condition will always fail on CentOS because it misses: <extend_definition comment="Installed OS is CentOS7"...

Hi, Today I tried to update my CentOS 7.5 with latest updates, but it fails to verify the signature of one of the packages: ... scap-security-guide noarch 0.1.36-9.el7.centos updates It seems like this RPM was signed with AltArch PowerPC key (see further down): Warning: /var/cache/yum/x86_64/7/updates/packages/scap-security-guide-0.1.36-9.el7.centos.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f533f4...

Hi Does Puppet support SCAP? If yes, how do you use it? If no, have you thought about it? Is it possible? Have you dismissed the idea completely? If it does support SCAP or will in the future, will the operating system be a factor, i.e. will it support both Linux and Windows? Thank you Kiki -- You received this message bec...

...Errata and Bugfix Advisory 2023:1099 Upstream details at : https://access.redhat.com/errata/RHBA-2023:1099 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: be9e5f7cee095463cb4d9b9f2109692cc190d7b3dd83fd149316ee244992293f scap-security-guide-0.1.66-1.el7.centos.noarch.rpm 395a33a57a17338d844c031715190aa5f9cfe26cbff564eca64617c5328e167f scap-security-guide-doc-0.1.66-1.el7.centos.noarch.rpm 753153d2c6886bf4e0fd54f9652da1247fec1c0ab4d58a1aeb4bec8ebba28d9e scap-security-guide-rule-playbooks-0.1.66-1.el7.centos.noarch.rpm...

...wski wrote: > Hello, > > I have noticed that pci-dss profile, ssg-centos7-xccdf.xml will always fail > on test and remediation for disable_prelink rule. That seem to be caused by > insufficient CentOS RPM customization of upstream code. Specifically this: > https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/disable_prelink.xml#L24-L35 > <https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/disable_prelink.xml> > > That condition will always fail on CentOS because it misses: > <extend_definition comment="Installed...

...rrata and Bugfix Advisory 2017:0390 Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-0390.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 40a6d896657dfcb6b55835ba4f0a85ca5d12bee985544f34ae0a8eb0d9c95a45 scap-security-guide-0.1.30-5.el7.centos.noarch.rpm 06c23ca4476ede3734c350f2038102ec745583596853484d26d7c8868847c5bf scap-security-guide-doc-0.1.30-5.el7.centos.noarch.rpm Source: 46c571fb85bffdfa81448f76a850b2d219aa93d8eb878e2c1260030a9761cf99 scap-security-guide-0.1.30-5.el7.centos.src.rpm -- Jo...

...S Errata and Bugfix Advisory 2017:2933 Upstream details at : https://access.redhat.com/errata/RHBA-2017:2933 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 47e827de6c28edb1bf5538e0fa7b2eb106b3af06cb6c0f68871ccbe057572eb7 scap-security-guide-0.1.33-6.el7.centos.noarch.rpm 00e2849864c256f9c96deb247139b8ae30c93ca4d58e329aee402130e8e6d7d4 scap-security-guide-doc-0.1.33-6.el7.centos.noarch.rpm Source: d8fff6819c85ba6fcd069224cdfcfe61cbd0f5cdbc7219b962a929053b085f00 scap-security-guide-0.1.33-6.el7.centos.src.rpm -- Jo...

...Errata and Bugfix Advisory 2018:2752 Upstream details at : https://access.redhat.com/errata/RHBA-2018:2752 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: d251d8b13aa211d2e9dbf2380d6ff8d7fbb9fbd49aff4af94527286d9829748c scap-security-guide-0.1.36-10.el7.centos.noarch.rpm 5c1d0bbcf1f1b91f5f25ba725ca5828010fc23555787b10750b804fd4749b17d scap-security-guide-doc-0.1.36-10.el7.centos.noarch.rpm Source: 14e3fbab6d32417041f84822bdba256e3322fd8da35f9b08e6e9945fb07dbf31 scap-security-guide-0.1.36-10.el7.centos.src.rpm --...

...Errata and Bugfix Advisory 2019:0826 Upstream details at : https://access.redhat.com/errata/RHBA-2019:0826 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: bb4c6463fd7698caadf8f2f4eefac7d6e7de514b58b23b1527ae4c24e8f087b0 scap-security-guide-0.1.40-13.el7.centos.noarch.rpm 6c17aa362019a3d8db322c676d0c5aab33572787e3a68298f53c1d876ac7f2e5 scap-security-guide-doc-0.1.40-13.el7.centos.noarch.rpm Source: 2e2f20b9a8a42862aeccd09dadae11af95f9b1b7c5914c157a2532a0726414e1 scap-security-guide-0.1.40-13.el7.centos.src.rpm --...

...x1b, 0x3f, 0x00 } + +typedef enum { + EVB_OFFER_CAPABILITIES = 0, + EVB_CONFIGURE, + EVB_CONFIRMATION +} evb_state; + +struct tlv_info_evb { + u8 oui[3]; + u8 sub; + /* supported forwarding mode */ + u8 smode; + /* supported capabilities */ + u8 scap; + /* currently configured forwarding mode */ + u8 cmode; + /* currently configured capabilities */ + u8 ccap; + /* supported no. of vsi */ + u16 svsi; + /* currently configured no. of vsi */ + u16 cvsi; + /* retransmission exponent */ + u...

...x1b, 0x3f, 0x00 } + +typedef enum { + EVB_OFFER_CAPABILITIES = 0, + EVB_CONFIGURE, + EVB_CONFIRMATION +} evb_state; + +struct tlv_info_evb { + u8 oui[3]; + u8 sub; + /* supported forwarding mode */ + u8 smode; + /* supported capabilities */ + u8 scap; + /* currently configured forwarding mode */ + u8 cmode; + /* currently configured capabilities */ + u8 ccap; + /* supported no. of vsi */ + u16 svsi; + /* currently configured no. of vsi */ + u16 cvsi; + /* retransmission exponent */ + u...

Hi, This set of patches contains the initial implementation of the IEEE 802.1Qbg standard: code for the exchange of EVB TLVs in LLDP frames to negotiate VSI capabalities as well as VDP VSI TLVs between a host with virtual machines and an adjacent switch. It supports setting the parameters of the TLV exchange from the command line using lldptool. VDP profiles consisting of

Hi, This set of patches contains the initial implementation of the IEEE 802.1Qbg standard: code for the exchange of EVB TLVs in LLDP frames to negotiate VSI capabalities as well as VDP VSI TLVs between a host with virtual machines and an adjacent switch. It supports setting the parameters of the TLV exchange from the command line using lldptool. VDP profiles consisting of

Hi, this set of patches contains the initial implementation of the IEEE 802.1Qbg standard: code for the exchange of EVB TLVs in LLDP frames to negotiate VSI capabalities as well as VDP VSI TLVs between a host with virtual machines and an adjacent switch. It supports setting the parameters of the TLV exchange from the command line using lldptool. VDP profiles consisting of

Hi, this set of patches contains the initial implementation of the IEEE 802.1Qbg standard: code for the exchange of EVB TLVs in LLDP frames to negotiate VSI capabalities as well as VDP VSI TLVs between a host with virtual machines and an adjacent switch. It supports setting the parameters of the TLV exchange from the command line using lldptool. VDP profiles consisting of

Hi - I?m running the OpenSCAP STIG profile on a new CentOS 7.1611 installation, and I get a few failures that look like this (output from openscap scan ?verbosity INFO). I suspect this is because the openscap module is not accepting CentOS 7 as RHEL 7 for rules purposes, despite an early check for "Community Enterprise Op...

Hi, this set of patches contains the initial implementation of the IEEE 802.1Qbg standard: code for the exchange of EVB TLVs in LLDP frames to negotiate VSI capabalities as well as VDP VSI TLVs between a host with virtual machines and an adjacent switch. It supports setting the parameters of the TLV exchange from the command line using lldptool. VDP profiles consisting of

Hi, this set of patches contains the initial implementation of the IEEE 802.1Qbg standard: code for the exchange of EVB TLVs in LLDP frames to negotiate VSI capabalities as well as VDP VSI TLVs between a host with virtual machines and an adjacent switch. It supports setting the parameters of the TLV exchange from the command line using lldptool. VDP profiles consisting of

...uld generate a weekly report that indicates compliance with 1 or more of the recognised linux server benchmarks. I am happy to pay for a subscription for the checklist, but I suspect the kind per instance 100 USD licenses I see are going to blow my budget. Current progress is... I see that OPENSCAP and OVAL have tools in CentOS-base or EPEL, such as OpenSCAP-utils ovaldi - oval reference interpreter Which can be used to create reports. However they seem a little unrefined. For SCAP and OVAL content I have found the following. 1. NIST provide SCAP content for RHEL desktop, which...

hi all,can I use puppet for security configuration check in centos ? 1.check the kernel version whether great than 2.8.18.237-1 or not. 2.check the glibc,systemtap and udev version whether great than secure version or not. 3.check the php.ini whether set safe_mode to on or not. 4.check the sshd_config whether set PermitRootLogin to no or not. If puppet can make it ,would you like to be kind