Synopsis
scap-security-guide bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for scap-security-guide is now available for Red Hat Enterprise Linux 8.
Description
The scap-security-guide project provides a guide for configuration of the system from the final system's security point of view. The guidance is specified in the
Security Content Automation Protocol (SCAP) format and constitutes a catalog of practical hardening advice, linked to government requirements where applicable.
The project bridges the gap between generalized policy requirements and specific implementation guidelines.
Bug Fix(es) and Enhancement(s):
- Update scap-security-guide for use with Common Criteria on RHEL-8.4. (BZ#2100516)
- Rebase SSG to the latest upstream version in RHEL 8.7 (BZ#2116347)
- Update RHEL8 DISA STIG profile to V1R7 (BZ#2116408)
- The new enable_authselect SCAP rule needs some tweaking (BZ#2117306)
- Separate rule just for the GRUB_DISABLE_RECOVERY=true check (BZ#2117308)
- openscap cis_server_level1 benchmark list mount option requirement for /var/tmp but does not require separate /var/tmp (BZ#2117510)
- Update content in alignment to CIS RHEL8 Benchmark v2.0.0 (BZ#2118975)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
-
Red Hat Enterprise Linux for x86_64 8 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
-
Red Hat Enterprise Linux Server - AUS 8.6 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 8 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
-
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
-
Red Hat Enterprise Linux Server - TUS 8.8 x86_64
-
Red Hat Enterprise Linux Server - TUS 8.6 x86_64
-
Red Hat Enterprise Linux for ARM 64 8 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
-
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
-
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
-
BZ - 2116347
- Rebase SSG to the latest upstream version in RHEL 8.7 [rhel-8.6.0.z]
-
BZ - 2116408
- Update RHEL8 DISA STIG profile to V1R7 [rhel-8.6.0.z]
-
BZ - 2117306
- The new enable_authselect SCAP rule needs some tweaking [rhel-8.6.0.z]
-
BZ - 2117510
- openscap cis_server_level1 benchmark list mount option requirement for /var/tmp but does not require separate /var/tmp [rhel-8.6.0.z]
-
BZ - 2118975
- Update content in alignment to CIS RHEL8 Benchmark v2.0.0 [rhel-8.6.0.z]
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 8
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
x86_64 |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
x86_64 |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
x86_64 |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux Server - AUS 8.6
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
x86_64 |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux for IBM z Systems 8
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
s390x |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
s390x |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
s390x |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux for Power, little endian 8
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
ppc64le |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
ppc64le |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
ppc64le |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux Server - TUS 8.8
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
x86_64 |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux Server - TUS 8.6
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
x86_64 |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux for ARM 64 8
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
aarch64 |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
aarch64 |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
aarch64 |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
ppc64le |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
ppc64le |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
x86_64 |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM |
scap-security-guide-0.1.63-1.el8_6.src.rpm
|
SHA-256: d5b519f109e567c9d2de85b99d1003ef80eb96648f8bc16aa5d8d65d6423b9ea |
x86_64 |
scap-security-guide-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: 48ea0fcef1c1d52497470e4523489dc66c5d2d0e78477e69c8c5f50a4c9f3b00 |
scap-security-guide-doc-0.1.63-1.el8_6.noarch.rpm
|
SHA-256: dc0696130aa0ae1a86fbd65a6df3ac6ebe95a814ee5418354f823ad0ac9e4771 |