- Issued:
- 2023-03-07
- Updated:
- 2023-03-07
RHBA-2023:1099 - Bug Fix Advisory
Synopsis
scap-security-guide bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for scap-security-guide is now available for Red Hat Enterprise Linux 7.
Description
The scap-security-guide project provides a guide for configuration of the system from the final system's security point of view. The guidance is specified in the Security Content Automation Protocol (SCAP) format and constitutes a catalog of practical hardening advice, linked to government requirements where applicable. The project bridges the gap between generalized policy requirements and specific implementation guidelines.
Bug Fix(es) and Enhancement(s):
- file_permissions_sshd_private_key is not aligned with DISA STIG benchmark (BZ#2123284)
- audit_rules_usergroup_modification_shadow don't remediate existing audit rule (BZ#2123367)
- Update RHEL7 DISA STIG profile to V3R10 (BZ#2152657)
- Rebase SSG to latest upstream version in RHEL 7.9 (BZ#2158410)
- [SCAP] PCI-DSS Rsyslog log files related rules fails for Rsyslog 8 RainerScript syntax (BZ#2170038)
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
- Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le
Fixes
- BZ - 2123284 - file_permissions_sshd_private_key is not aligned with DISA STIG benchmark [rhel-7.9.z]
- BZ - 2123367 - audit_rules_usergroup_modification_shadow don't remediate existing audit rule [rhel-7.9.z]
- BZ - 2152657 - Update RHEL7 DISA STIG profile to V3R10 [rhel-7.9.z]
- BZ - 2158410 - Rebase SSG to latest upstream version in RHEL 7.9 [rhel-7.9.z]
- BZ - 2170038 - [SCAP] PCI-DSS Rsyslog log files related rules fails for Rsyslog 8 RainerScript syntax [rhel-7.9.z]
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 7
SRPM | |
---|---|
scap-security-guide-0.1.66-1.el7_9.src.rpm | SHA-256: d36426efdc39d8843202d218c899add5c3bfc18389378c4f1a2e19b92f0c9ab1 |
x86_64 | |
scap-security-guide-0.1.66-1.el7_9.noarch.rpm | SHA-256: e78cf7f785f2331aedea88f84f550d15cba818404b4965d987d33cb0dcdd95e5 |
scap-security-guide-doc-0.1.66-1.el7_9.noarch.rpm | SHA-256: 3cf85e0280455dfc1efb0a5db3ba0f4a1e13882d404c65d9a17c500726578751 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 7
SRPM | |
---|---|
scap-security-guide-0.1.66-1.el7_9.src.rpm | SHA-256: d36426efdc39d8843202d218c899add5c3bfc18389378c4f1a2e19b92f0c9ab1 |
x86_64 | |
scap-security-guide-0.1.66-1.el7_9.noarch.rpm | SHA-256: e78cf7f785f2331aedea88f84f550d15cba818404b4965d987d33cb0dcdd95e5 |
scap-security-guide-doc-0.1.66-1.el7_9.noarch.rpm | SHA-256: 3cf85e0280455dfc1efb0a5db3ba0f4a1e13882d404c65d9a17c500726578751 |
Red Hat Enterprise Linux Workstation 7
SRPM | |
---|---|
scap-security-guide-0.1.66-1.el7_9.src.rpm | SHA-256: d36426efdc39d8843202d218c899add5c3bfc18389378c4f1a2e19b92f0c9ab1 |
x86_64 | |
scap-security-guide-0.1.66-1.el7_9.noarch.rpm | SHA-256: e78cf7f785f2331aedea88f84f550d15cba818404b4965d987d33cb0dcdd95e5 |
scap-security-guide-doc-0.1.66-1.el7_9.noarch.rpm | SHA-256: 3cf85e0280455dfc1efb0a5db3ba0f4a1e13882d404c65d9a17c500726578751 |
Red Hat Enterprise Linux Desktop 7
SRPM | |
---|---|
scap-security-guide-0.1.66-1.el7_9.src.rpm | SHA-256: d36426efdc39d8843202d218c899add5c3bfc18389378c4f1a2e19b92f0c9ab1 |
x86_64 | |
scap-security-guide-0.1.66-1.el7_9.noarch.rpm | SHA-256: e78cf7f785f2331aedea88f84f550d15cba818404b4965d987d33cb0dcdd95e5 |
scap-security-guide-doc-0.1.66-1.el7_9.noarch.rpm | SHA-256: 3cf85e0280455dfc1efb0a5db3ba0f4a1e13882d404c65d9a17c500726578751 |
Red Hat Enterprise Linux for IBM z Systems 7
SRPM | |
---|---|
scap-security-guide-0.1.66-1.el7_9.src.rpm | SHA-256: d36426efdc39d8843202d218c899add5c3bfc18389378c4f1a2e19b92f0c9ab1 |
s390x | |
scap-security-guide-0.1.66-1.el7_9.noarch.rpm | SHA-256: e78cf7f785f2331aedea88f84f550d15cba818404b4965d987d33cb0dcdd95e5 |
scap-security-guide-doc-0.1.66-1.el7_9.noarch.rpm | SHA-256: 3cf85e0280455dfc1efb0a5db3ba0f4a1e13882d404c65d9a17c500726578751 |
Red Hat Enterprise Linux for Power, big endian 7
SRPM | |
---|---|
scap-security-guide-0.1.66-1.el7_9.src.rpm | SHA-256: d36426efdc39d8843202d218c899add5c3bfc18389378c4f1a2e19b92f0c9ab1 |
ppc64 | |
scap-security-guide-0.1.66-1.el7_9.noarch.rpm | SHA-256: e78cf7f785f2331aedea88f84f550d15cba818404b4965d987d33cb0dcdd95e5 |
scap-security-guide-doc-0.1.66-1.el7_9.noarch.rpm | SHA-256: 3cf85e0280455dfc1efb0a5db3ba0f4a1e13882d404c65d9a17c500726578751 |
Red Hat Enterprise Linux for Scientific Computing 7
SRPM | |
---|---|
scap-security-guide-0.1.66-1.el7_9.src.rpm | SHA-256: d36426efdc39d8843202d218c899add5c3bfc18389378c4f1a2e19b92f0c9ab1 |
x86_64 | |
scap-security-guide-0.1.66-1.el7_9.noarch.rpm | SHA-256: e78cf7f785f2331aedea88f84f550d15cba818404b4965d987d33cb0dcdd95e5 |
scap-security-guide-doc-0.1.66-1.el7_9.noarch.rpm | SHA-256: 3cf85e0280455dfc1efb0a5db3ba0f4a1e13882d404c65d9a17c500726578751 |
Red Hat Enterprise Linux for Power, little endian 7
SRPM | |
---|---|
scap-security-guide-0.1.66-1.el7_9.src.rpm | SHA-256: d36426efdc39d8843202d218c899add5c3bfc18389378c4f1a2e19b92f0c9ab1 |
ppc64le | |
scap-security-guide-0.1.66-1.el7_9.noarch.rpm | SHA-256: e78cf7f785f2331aedea88f84f550d15cba818404b4965d987d33cb0dcdd95e5 |
scap-security-guide-doc-0.1.66-1.el7_9.noarch.rpm | SHA-256: 3cf85e0280455dfc1efb0a5db3ba0f4a1e13882d404c65d9a17c500726578751 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7
SRPM | |
---|---|
scap-security-guide-0.1.66-1.el7_9.src.rpm | SHA-256: d36426efdc39d8843202d218c899add5c3bfc18389378c4f1a2e19b92f0c9ab1 |
s390x | |
scap-security-guide-0.1.66-1.el7_9.noarch.rpm | SHA-256: e78cf7f785f2331aedea88f84f550d15cba818404b4965d987d33cb0dcdd95e5 |
scap-security-guide-doc-0.1.66-1.el7_9.noarch.rpm | SHA-256: 3cf85e0280455dfc1efb0a5db3ba0f4a1e13882d404c65d9a17c500726578751 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7
SRPM | |
---|---|
scap-security-guide-0.1.66-1.el7_9.src.rpm | SHA-256: d36426efdc39d8843202d218c899add5c3bfc18389378c4f1a2e19b92f0c9ab1 |
ppc64 | |
scap-security-guide-0.1.66-1.el7_9.noarch.rpm | SHA-256: e78cf7f785f2331aedea88f84f550d15cba818404b4965d987d33cb0dcdd95e5 |
scap-security-guide-doc-0.1.66-1.el7_9.noarch.rpm | SHA-256: 3cf85e0280455dfc1efb0a5db3ba0f4a1e13882d404c65d9a17c500726578751 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7
SRPM | |
---|---|
scap-security-guide-0.1.66-1.el7_9.src.rpm | SHA-256: d36426efdc39d8843202d218c899add5c3bfc18389378c4f1a2e19b92f0c9ab1 |
ppc64le | |
scap-security-guide-0.1.66-1.el7_9.noarch.rpm | SHA-256: e78cf7f785f2331aedea88f84f550d15cba818404b4965d987d33cb0dcdd95e5 |
scap-security-guide-doc-0.1.66-1.el7_9.noarch.rpm | SHA-256: 3cf85e0280455dfc1efb0a5db3ba0f4a1e13882d404c65d9a17c500726578751 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.