이 콘텐츠는 선택한 언어로 제공되지 않습니다.

7.190. scap-security-guide


Updated scap-security-guide package that fixes several bugs and adds various enhancements are now available for Red Hat Enterprise Linux 6.
The scap-security-guide package provides the security guidance, baselines, and associated validation mechanisms that use Security Content Automation Protocol (SCAP). SCAP Security Guide contains the necessary data to perform system security compliance scans regarding prescribed security policy requirements; both a written description and an automated test (probe) are included. By automating the testing, SCAP Security Guide provides a convenient and reliable way to verify system compliance on a regular basis.

Bug Fixes

BZ#1133963
The SCAP content for Red Hat Enterprise Linux 6 Server is now shipped also in the datastream output format.
* The SCAP content for Red Hat Enterprise Linux 7 Server has been included in order to enable the possibility to perform remote scans of Red Hat Enterprise Linux 7 Server systems from Red Hat Enterprise Linux 6 systems.
* This update also includes the United States Government Configuration Baseline (USGCB) profile kickstart file for a new installation of USGCB-compliant Red Hat Enterprise Linux 6 Server system. Refer to Red Hat Enterprise Linux 6 Security Guide for further details.
BZ#1183034
Previously, when checking the sysctl kernel parameters configuration, the SCAP content recognized only the settings present in the /etc/sysctl.conf file. With this update, the content has been updated to also recognize the sysctl utility settings from additional configuration files located in the /etc/sysctl.d/ directory.
BZ#1185426
Prior to this update, when performing a validation if the removable media block special devices were configured with the "nodev", "noexec", or "nosuid" options, the content could incorrectly report shared memory (/dev/shm) device as the one missing the required setting. With this update, the corresponding Open Vulnerability and Assessment Language (OVAL) checks have been corrected to verify mount options settings only for removable media block special devices.
BZ#1191409
Due to a bug in the OVAL check validation, if the listening capability of the postfix service was disabled, the system property scan returned a failure even if the postfix package was not installed on the system. This bug has been corrected and the feature of the postfix service is now reported as disabled. Also, the underlying scan result returns "PASS" when the postfix package is not installed on the system.
BZ#1199946
An earlier version of the scap-security-guide package included also an Extensible Configuration Checklist Document Format (XCCDF) profile named "test". Since the purpose of this profile is just to check basic sanity of the corresponding SCAP content and it is not intended to be applied for actual system scan, the "test" profile has now been removed.
Users of scap-security-guide are advised to upgrade to this updated package, which fixes these bugs and adds these enhancements.
Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.