Update OL8 STIG profile to DISA STIG V2R8#14738
Conversation
Signed-off-by: Armando Acosta <armando.acosta@oracle.com>
Signed-off-by: Armando Acosta <armando.acosta@oracle.com>
OL08-00-010180 OL08-00-010181 Signed-off-by: Armando Acosta <armando.acosta@oracle.com>
mrkanon
added
Oracle Linux
|
/retest |
Mab879
left a comment
Mab879
left a comment
There was a problem hiding this comment.
Please take look at these findings.
- ensure_epel_repos_disabled is missing its STIG ID reference
The profile maps OL08-00-040010 to this rule (stig.profile:970-971), but ensure_epel_repos_disabled/rule.yml has no stigid@ol8. Without it, the OL8 data stream won't associate this rule with its V2R8 STIG ID.
- ensure_epel_repos_disabled is missing a severity override
The V2R8 reference XML assigns severity="high" to OL08-00-040010. The rule defaults to severity: medium. Other newly-added rules in this PR received overrides (e.g., package_crypto-policies_installed.severity=high); this one was missed.
- Stale stigid@ol8 on package_rsh-server_removed
OL08-00-040010 was reassigned in V2R8 from rsh-server removal to the EPEL check. The rule is no longer in the profile, and its stigid should be removed. The PR cleaned up four other removed rules but missed this one.
- Stale stigid@ol8 on sshd_use_approved_kex_ordered_stig
OL08-00-040342 does not exist in the V2R8 reference XML. The rule was correctly removed from the profile, but the stigid reference in rule.yml was not cleaned up.
This review was created in part with Claude code.
2 participants
Description:
Update the OL8 STIG profile to be compliant with DISA STIG V2R8
Rationale:
Be aligned with OL8 DISA STIG V2R8