/usr/bin/diffoscope --timeout 7200 --html /srv/reproducible-results/rbuild-debian/r-b-build.Vg5wqe2u/scap-security-guide_0.1.65-1.diffoscope.html --text /srv/reproducible-results/rbuild-debian/r-b-build.Vg5wqe2u/scap-security-guide_0.1.65-1.diffoscope.txt --json /srv/reproducible-results/rbuild-debian/r-b-build.Vg5wqe2u/scap-security-guide_0.1.65-1.diffoscope.json --profile=- /srv/reproducible-results/rbuild-debian/r-b-build.Vg5wqe2u/b1/scap-security-guide_0.1.65-1_i386.changes /srv/reproducible-results/rbuild-debian/r-b-build.Vg5wqe2u/b2/scap-security-guide_0.1.65-1

⊟

2.51 GB

/srv/reproducible-results/rbuild-debian/r-b-build.Vg5wqe2u/b1/scap-security-guide_0.1.65-1_i386.changes vs.

/srv/reproducible-results/rbuild-debian/r-b-build.Vg5wqe2u/b2/scap-security-guide_0.1.65-1_i386.changes ¶

⊟

822 B

Files ¶

⊟

798 KB

ssg-applications_0.1.65-1_all.deb ¶

⊟

452 B

file list ¶

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

797 KB

data.tar.xz ¶

⊟

797 KB

data.tar ¶

⊟

1.99 KB

⊟

651 B

⊟

1.9 KB

⊟

698 B

⊟

1.88 KB

⊟

680 B

⊟

1.93 KB

⊟

730 B

⊟

75.5 KB

⊟

75.4 KB

⊟

75.5 KB

⊟

75.4 KB

⊟

70.4 KB

⊟

70.3 KB

Ordering differences only

⊟

1.17 KB

⊟

1.06 KB

⊟

142 KB

⊟

142 KB

⊟

142 KB

⊟

142 KB

⊟

133 KB

⊟

133 KB

Ordering differences only

⊟

2.84 KB

⊟

2.75 KB

⊟

50.2 KB

⊟

50.1 KB

⊟

50.2 KB

⊟

50.1 KB

⊟

46.3 KB

⊟

46.2 KB

Ordering differences only

⊟

1.17 KB

⊟

1.06 KB

⊟

136 MB

ssg-debderived_0.1.65-1_all.deb ¶

⊟

452 B

file list ¶

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

136 MB

data.tar.xz ¶

⊟

136 MB

data.tar ¶

⊟

624 KB

⊟

78.6 KB

⊟

741 KB

⊟

89.3 KB

⊟

280 KB

⊟

31.2 KB

⊟

728 KB

⊟

87.5 KB

⊟

744 KB

⊟

87.3 KB

⊟

624 KB

⊟

78.6 KB

⊟

741 KB

⊟

89.3 KB

⊟

280 KB

⊟

31.2 KB

⊟

728 KB

⊟

87.5 KB

⊟

1.24 MB

⊟

150 KB

⊟

744 KB

⊟

87.3 KB

⊟

3.92 MB

⊟

500 KB

⊟

3.79 MB

⊟

488 KB

⊟

15.5 MB

⊟

1.22 MB

Max HTML report size reached

⊟

15.5 MB

⊟

1.22 MB

Max HTML report size reached

⊟

768 KB

⊟

89.4 KB

⊟

14.2 MB

⊟

962 KB

⊟

3.89 MB

⊟

496 KB

⊟

3.77 MB

⊟

484 KB

⊟

14.1 MB

⊟

1.04 MB

⊟

14.0 MB

⊟

1.04 MB

⊟

767 KB

⊟

89.4 KB

⊟

12.3 KB

Ordering differences only

⊟

2.71 KB

Ordering differences only

⊟

2.71 KB

Ordering differences only

⊟

136 KB

Ordering differences only

⊟

136 KB

Ordering differences only

⊟

126 KB

Ordering differences only

⊟

2.06 MB

⊟

2.06 MB

Max HTML report size reached

⊟

2.06 MB

⊟

2.06 MB

Max HTML report size reached

⊟

649 KB

⊟

649 KB

Ordering differences only

⊟

1.35 MB

⊟

1.35 MB

Max HTML report size reached

⊟

2.25 MB

⊟

2.25 MB

Max HTML report size reached

⊟

2.25 MB

⊟

2.25 MB

Max HTML report size reached

⊟

676 KB

⊟

676 KB

Ordering differences only

⊟

1.52 MB

⊟

1.52 MB

Max HTML report size reached

⊟

4.55 MB

⊟

4.55 MB

Max HTML report size reached

⊟

4.55 MB

⊟

4.55 MB

Max HTML report size reached

⊟

1.17 MB

⊟

1.17 MB

Ordering differences only

⊟

3.18 MB

⊟

3.18 MB

Max HTML report size reached

⊟

4.17 MB

⊟

4.17 MB

Max HTML report size reached

⊟

4.17 MB

⊟

4.17 MB

Max HTML report size reached

⊟

1.17 MB

⊟

1.17 MB

Ordering differences only

⊟

2.88 MB

⊟

2.88 MB

Max HTML report size reached

⊟

10.2 MB

ssg-debian_0.1.65-1_all.deb ¶

⊟

367 B

file list ¶

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

10.2 MB

data.tar.xz ¶

⊟

10.2 MB

data.tar ¶

⊟

420 KB

⊟

49.9 KB

⊟

421 KB

⊟

49.9 KB

⊟

280 KB

⊟

31.2 KB

⊟

420 KB

⊟

49.9 KB

⊟

380 KB

⊟

44.8 KB

⊟

420 KB

⊟

49.9 KB

⊟

421 KB

⊟

49.9 KB

⊟

280 KB

⊟

31.2 KB

⊟

420 KB

⊟

49.9 KB

⊟

380 KB

⊟

44.8 KB

⊟

1.1 MB

⊟

1.1 MB

⊟

1.1 MB

⊟

1.1 MB

⊟

690 KB

⊟

690 KB

Ordering differences only

⊟

401 KB

⊟

401 KB

⊟

1.06 MB

⊟

1.06 MB

⊟

1.06 MB

⊟

1.06 MB

⊟

690 KB

⊟

690 KB

Ordering differences only

⊟

361 KB

⊟

361 KB

⊟

2.37 GB

ssg-nondebian_0.1.65-1_all.deb ¶

⊟

452 B

file list ¶

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

2.37 GB

data.tar.xz ¶

⊟

2.37 GB

data.tar ¶

⊟

2.41 MB

⊟

270 KB

⊟

2.35 MB

⊟

262 KB

⊟

116 KB

⊟

13.9 KB

⊟

2.53 MB

⊟

272 KB

⊟

2.47 MB

⊟

265 KB

⊟

101 KB

⊟

12.3 KB

⊟

1.79 MB

⊟

203 KB

⊟

9.17 MB

⊟

854 KB

⊟

6.49 MB

⊟

571 KB

⊟

7.24 MB

⊟

761 KB

⊟

7.48 MB

⊟

790 KB

⊟

6.96 MB

⊟

723 KB

⊟

2.55 MB

⊟

177 KB

⊟

19.6 MB

⊟

1.66 MB

Max HTML report size reached

⊟

8.15 MB

⊟

949 KB

⊟

8.05 MB

⊟

937 KB

⊟

19.6 MB

⊟

1.65 MB

Max HTML report size reached

⊟

10.1 MB

⊟

877 KB

⊟

9.07 MB

⊟

1.06 MB

⊟

6.58 MB

⊟

645 KB

⊟

17.4 MB

⊟

1.2 MB

⊟

9.63 MB

⊟

937 KB

⊟

9.07 MB

⊟

1.06 MB

⊟

15.4 MB

⊟

1.02 MB

⊟

2.78 MB

⊟

330 KB

⊟

7.66 MB

⊟

568 KB

⊟

26.4 MB

⊟

1.93 MB

Max HTML report size reached

⊟

26.3 MB

⊟

1.92 MB

Max HTML report size reached

⊟

6.95 MB

⊟

718 KB

⊟

7.17 MB

⊟

741 KB

⊟

6.69 MB

⊟

688 KB

⊟

2.5 MB

⊟

171 KB

⊟

19.6 MB

⊟

1.78 MB

Max HTML report size reached

⊟

8.03 MB

⊟

936 KB

⊟

7.94 MB

⊟

924 KB

⊟

19.6 MB

⊟

1.77 MB

Max HTML report size reached

⊟

6.38 MB

⊟

792 KB

⊟

6.69 MB

⊟

714 KB

⊟

17.5 MB

⊟

1.33 MB

Max HTML report size reached

⊟

9.59 MB

⊟

978 KB

⊟

6.38 MB

⊟

792 KB

⊟

15.2 MB

⊟

1.12 MB

⊟

32.0 MB

⊟

2.43 MB

Max HTML report size reached

⊟

31.9 MB

⊟

2.43 MB

Max HTML report size reached

⊟

26.5 MB

⊟

1.41 MB

Max HTML report size reached

⊟

13.6 MB

⊟

955 KB

⊟

7.37 MB

⊟

606 KB

⊟

1.89 KB

⊟

675 B

⊟

2.02 KB

⊟

685 B

⊟

1.88 KB

⊟

691 B

⊟

1.89 KB

⊟

703 B

⊟

2.04 KB

⊟

700 B

⊟

2.02 KB

⊟

697 B

⊟

2.04 KB

⊟

700 B

⊟

1.9 KB

⊟

697 B

⊟

1.91 KB

⊟

700 B

⊟

2.03 KB

⊟

697 B

⊟

1.91 KB

⊟

704 B

⊟

2.03 KB

⊟

697 B

⊟

6.44 MB

⊟

633 KB

⊟

6.72 MB

⊟

661 KB

⊟

6.21 MB

⊟

610 KB

⊟

2.4 MB

⊟

161 KB

⊟

8.47 MB

⊟

760 KB

⊟

5.12 MB

⊟

609 KB

⊟

6.05 MB

⊟

580 KB

⊟

16.1 MB

⊟

1.08 MB

⊟

25.0 MB

⊟

2.04 MB

Max HTML report size reached

⊟

5.12 MB

⊟

609 KB

⊟

8.81 MB

⊟

719 KB

⊟

198 KB

⊟

20.1 KB

⊟

9.39 MB

⊟

661 KB

⊟

19.5 MB

⊟

1.39 MB

Max HTML report size reached

⊟

19.4 MB

⊟

1.39 MB

Max HTML report size reached

⊟

6.64 MB

⊟

657 KB

⊟

6.9 MB

⊟

684 KB

⊟

6.4 MB

⊟

629 KB

⊟

2.5 MB

⊟

171 KB

⊟

9.61 MB

⊟

820 KB

⊟

7.96 MB

⊟

935 KB

⊟

6.18 MB

⊟

593 KB

⊟

17.1 MB

⊟

1.15 MB

⊟

7.96 MB

⊟

935 KB

⊟

14.9 MB

⊟

993 KB

⊟

10.6 MB

⊟

732 KB

⊟

26.2 MB

⊟

1.9 MB

Max HTML report size reached

⊟

26.2 MB

⊟

1.89 MB

Max HTML report size reached

⊟

6.39 MB

⊟

627 KB

⊟

6.58 MB

⊟

646 KB

⊟

6.14 MB

⊟

604 KB

⊟

2.4 MB

⊟

161 KB

⊟

7.18 MB

⊟

844 KB

⊟

6.19 MB

⊟

656 KB

⊟

15.8 MB

⊟

1.18 MB

⊟

7.18 MB

⊟

844 KB

⊟

13.8 MB

⊟

1.05 MB

⊟

9.54 MB

⊟

753 KB

⊟

22.9 MB

⊟

1.74 MB

Max HTML report size reached

⊟

22.9 MB

⊟

1.73 MB

Max HTML report size reached

⊟

47.6 KB

⊟

5.23 KB

⊟

1.87 KB

⊟

645 B

⊟

1.86 KB

⊟

637 B

⊟

1.89 KB

⊟

658 B

⊟

1.97 KB

⊟

606 B

⊟

1.83 KB

⊟

639 B

⊟

1.98 KB

⊟

649 B

⊟

2.0 KB

⊟

657 B

⊟

1.89 KB

⊟

684 B

⊟

17.6 MB

⊟

1.63 MB

Max HTML report size reached

⊟

7.16 MB

⊟

751 KB

⊟

7.45 MB

⊟

786 KB

⊟

6.91 MB

⊟

719 KB

⊟

2.46 MB

⊟

168 KB

⊟

17.7 MB

⊟

1.72 MB

Max HTML report size reached

⊟

6.92 MB

⊟

897 KB

⊟

6.74 MB

⊟

875 KB

⊟

17.7 MB

⊟

1.72 MB

Max HTML report size reached

⊟

9.0 MB

⊟

907 KB

⊟

5.63 MB

⊟

669 KB

⊟

6.54 MB

⊟

703 KB

⊟

16.8 MB

⊟

1.34 MB

Max HTML report size reached

⊟

26.4 MB

⊟

2.4 MB

Max HTML report size reached

⊟

5.63 MB

⊟

669 KB

⊟

9.22 MB

⊟

856 KB

⊟

25.3 MB

⊟

2.24 MB

Max HTML report size reached

⊟

16.2 MB

⊟

1.14 MB

⊟

2.52 MB

⊟

309 KB

⊟

6.52 MB

⊟

574 KB

⊟

20.4 MB

⊟

1.59 MB

Max HTML report size reached

⊟

20.4 MB

⊟

1.59 MB

Max HTML report size reached

⊟

7.31 MB

⊟

773 KB

⊟

7.55 MB

⊟

801 KB

⊟

7.03 MB

⊟

734 KB

⊟

2.56 MB

⊟

179 KB

⊟

19.8 MB

⊟

1.67 MB

Max HTML report size reached

⊟

8.23 MB

⊟

958 KB

⊟

8.13 MB

⊟

945 KB

⊟

19.7 MB

⊟

1.66 MB

Max HTML report size reached

⊟

10.2 MB

⊟

901 KB

⊟

9.14 MB

⊟

1.06 MB

⊟

6.62 MB

⊟

651 KB

⊟

17.5 MB

⊟

1.21 MB

Max HTML report size reached

⊟

9.69 MB

⊟

934 KB

⊟

9.14 MB

⊟

1.06 MB

⊟

15.4 MB

⊟

1.03 MB

⊟

2.79 MB

⊟

321 KB

⊟

7.69 MB

⊟

573 KB

⊟

26.5 MB

⊟

1.95 MB

Max HTML report size reached

⊟

26.5 MB

⊟

1.95 MB

Max HTML report size reached

⊟

7.03 MB

⊟

735 KB

⊟

7.24 MB

⊟

759 KB

⊟

6.75 MB

⊟

697 KB

⊟

2.51 MB

⊟

172 KB

⊟

19.8 MB

⊟

1.79 MB

Max HTML report size reached

⊟

8.11 MB

⊟

942 KB

⊟

8.02 MB

⊟

929 KB

⊟

19.7 MB

⊟

1.78 MB

Max HTML report size reached

⊟

6.42 MB

⊟

797 KB

⊟

6.73 MB

⊟

718 KB

⊟

17.5 MB

⊟

1.34 MB

Max HTML report size reached

⊟

9.66 MB

⊟

1000 KB

⊟

6.42 MB

⊟

797 KB

⊟

15.3 MB

⊟

1.12 MB

⊟

32.2 MB

⊟

2.46 MB

Max HTML report size reached

⊟

32.1 MB

⊟

2.45 MB

Max HTML report size reached

⊟

13.4 MB

⊟

887 KB

⊟

23.5 MB

⊟

1.86 MB

Max HTML report size reached

⊟

15.6 MB

⊟

971 KB

⊟

9.17 MB

⊟

854 KB

⊟

6.49 MB

⊟

571 KB

⊟

5.9 MB

⊟

632 KB

⊟

6.1 MB

⊟

653 KB

⊟

5.65 MB

⊟

605 KB

⊟

1.63 MB

⊟

126 KB

⊟

15.4 MB

⊟

1.22 MB

Max HTML report size reached

⊟

5.15 MB

⊟

605 KB

⊟

5.08 MB

⊟

600 KB

⊟

15.3 MB

⊟

1.22 MB

⊟

16.9 MB

⊟

1.16 MB

⊟

15.8 MB

⊟

1.03 MB

⊟

48.6 KB

⊟

5.28 KB

⊟

19.0 MB

⊟

1.25 MB

Max HTML report size reached

⊟

6.88 MB

⊟

695 KB

⊟

7.16 MB

⊟

725 KB

⊟

6.63 MB

⊟

668 KB

⊟

2.58 MB

⊟

181 KB

⊟

15.8 MB

⊟

1.29 MB

Max HTML report size reached

⊟

5.61 MB

⊟

666 KB

⊟

5.54 MB

⊟

661 KB

⊟

15.8 MB

⊟

1.28 MB

Max HTML report size reached

⊟

15.8 MB

⊟

1.02 MB

⊟

18.7 MB

⊟

1.31 MB

Max HTML report size reached

⊟

16.7 MB

⊟

1.08 MB

⊟

20.7 MB

⊟

1.3 MB

Max HTML report size reached

⊟

20.8 MB

⊟

1.3 MB

Max HTML report size reached

⊟

10.1 MB

⊟

784 KB

⊟

20.3 MB

⊟

1.31 MB

Max HTML report size reached

⊟

101 KB

⊟

12.2 KB

⊟

1.27 MB

⊟

216 KB

⊟

1.09 MB

Ordering differences only

⊟

712 KB

⊟

6.34 KB

⊟

3.08 KB

⊟

9.94 KB

⊟

5.17 KB

⊟

5.71 MB

⊟

1.02 MB

⊟

798 KB

Ordering differences only

⊟

489 KB

⊟

648 KB

Ordering differences only

⊟

400 KB

⊟

1.35 MB

⊟

228 KB

⊟

1.11 MB

Ordering differences only

⊟

726 KB

⊟

3.45 KB

⊟

2.72 KB

⊟

6.6 MB

⊟

1.2 MB

Max HTML report size reached

⊟

673 KB

Ordering differences only

⊟

417 KB

⊟

5.97 MB

⊟

1.95 MB

Max HTML report size reached

⊟

1.35 MB

⊟

232 KB

⊟

1.73 MB

⊟

391 KB

⊟

1.01 MB

Ordering differences only

⊟

607 KB

⊟

10.1 KB

⊟

5.37 KB

⊟

6.43 MB

⊟

1.16 MB

⊟

753 KB

Ordering differences only

⊟

437 KB

⊟

654 KB

Ordering differences only

⊟

405 KB

⊟

1.39 MB

⊟

239 KB

⊟

1.26 MB

⊟

282 KB

⊟

1.16 MB

Ordering differences only

⊟

759 KB

⊟

3.71 KB

⊟

2.97 KB

⊟

6.72 KB

⊟

3.59 KB

⊟

7.22 MB

⊟

1.32 MB

Max HTML report size reached

⊟

668 KB

Ordering differences only

⊟

413 KB

⊟

7.94 KB

Ordering differences only

⊟

7.95 KB

Ordering differences only

⊟

3.9 KB

Ordering differences only

⊟

3.91 KB

Ordering differences only

⊟

4.08 KB

Ordering differences only

⊟

107 KB

Ordering differences only

⊟

85.0 KB

Ordering differences only

⊟

16.0 KB

Ordering differences only

⊟

16.0 KB

Ordering differences only

⊟

16.0 KB

Ordering differences only

⊟

16.0 KB

Ordering differences only

⊟

2.74 KB

Ordering differences only

⊟

2.74 KB

Ordering differences only

⊟

2.74 KB

Ordering differences only

⊟

4.08 KB

Ordering differences only

⊟

811 B

Ordering differences only

⊟

819 B

Ordering differences only

⊟

870 B

Ordering differences only

⊟

862 B

Ordering differences only

⊟

878 B

Ordering differences only

⊟

160 KB

Ordering differences only

⊟

7.71 KB

Ordering differences only

⊟

7.71 KB

Ordering differences only

⊟

160 KB

Ordering differences only

⊟

2.4 KB

Ordering differences only

⊟

69.5 KB

Ordering differences only

⊟

181 KB

Ordering differences only

⊟

86.6 KB

Ordering differences only

⊟

2.4 KB

Ordering differences only

⊟

159 KB

Ordering differences only

⊟

166 KB

Ordering differences only

⊟

166 KB

Ordering differences only

⊟

2.77 KB

Ordering differences only

⊟

2.63 KB

Ordering differences only

⊟

3.93 KB

Ordering differences only

⊟

2.64 KB

Ordering differences only

⊟

920 B

Ordering differences only

⊟

912 B

Ordering differences only

⊟

928 B

Ordering differences only

⊟

2.59 KB

Ordering differences only

⊟

74.6 KB

Ordering differences only

⊟

191 KB

Ordering differences only

⊟

2.6 KB

Ordering differences only

⊟

168 KB

Ordering differences only

⊟

98.6 KB

Ordering differences only

⊟

140 KB

Ordering differences only

⊟

140 KB

Ordering differences only

⊟

161 KB

Ordering differences only

⊟

904 B

Ordering differences only

⊟

896 B

Ordering differences only

⊟

912 B

Ordering differences only

⊟

186 KB

Ordering differences only

⊟

8.03 KB

Ordering differences only

⊟

8.04 KB

Ordering differences only

⊟

186 KB

Ordering differences only

⊟

105 KB

Ordering differences only

⊟

786 B

Ordering differences only

⊟

74.0 KB

Ordering differences only

⊟

190 KB

Ordering differences only

⊟

197 KB

Ordering differences only

⊟

788 B

Ordering differences only

⊟

105 KB

Ordering differences only

⊟

203 KB

Ordering differences only

⊟

138 KB

Ordering differences only

⊟

84.0 KB

Ordering differences only

⊟

143 KB

Ordering differences only

⊟

143 KB

Ordering differences only

⊟

15.8 KB

Ordering differences only

⊟

15.8 KB

Ordering differences only

⊟

15.8 KB

Ordering differences only

⊟

15.8 KB

Ordering differences only

⊟

2.71 KB

Ordering differences only

⊟

2.71 KB

Ordering differences only

⊟

2.71 KB

Ordering differences only

⊟

4.03 KB

Ordering differences only

⊟

784 B

Ordering differences only

⊟

792 B

Ordering differences only

⊟

849 B

Ordering differences only

⊟

841 B

Ordering differences only

⊟

857 B

Ordering differences only

⊟

158 KB

Ordering differences only

⊟

7.62 KB

Ordering differences only

⊟

7.63 KB

Ordering differences only

⊟

158 KB

Ordering differences only

⊟

2.39 KB

Ordering differences only

⊟

68.7 KB

Ordering differences only

⊟

178 KB

Ordering differences only

⊟

85.6 KB

Ordering differences only

⊟

2.39 KB

Ordering differences only

⊟

157 KB

Ordering differences only

⊟

164 KB

Ordering differences only

⊟

164 KB

Ordering differences only

⊟

107 KB

Ordering differences only

⊟

85.0 KB

Ordering differences only

⊟

1.14 KB

⊟

1.0 KB

⊟

1.15 KB

⊟

1.0 KB

⊟

1.7 MB

⊟

1.7 MB

Max HTML report size reached

⊟

1.7 MB

⊟

1.7 MB

Max HTML report size reached

⊟

1.06 MB

⊟

1.06 MB

Ordering differences only

⊟

598 KB

⊟

598 KB

⊟

1.69 MB

⊟

1.69 MB

Max HTML report size reached

⊟

1.69 MB

⊟

1.69 MB

Max HTML report size reached

⊟

1.04 MB

⊟

1.04 MB

Ordering differences only

⊟

608 KB

⊟

608 KB

⊟

1.56 MB

⊟

1.56 MB

Max HTML report size reached

⊟

1.56 MB

⊟

1.56 MB

Max HTML report size reached

⊟

979 KB

⊟

979 KB

Ordering differences only

⊟

571 KB

⊟

570 KB

⊟

10.4 MB

⊟

10.4 MB

Max HTML report size reached

⊟

10.4 MB

⊟

10.4 MB

Max HTML report size reached

⊟

7.43 MB

⊟

7.43 MB

Max HTML report size reached

⊟

11.1 MB

⊟

11.1 MB

Max HTML report size reached

⊟

11.1 MB

⊟

11.1 MB

Max HTML report size reached

⊟

7.64 MB

⊟

7.64 MB

Max HTML report size reached

⊟

10.9 MB

⊟

10.9 MB

Max HTML report size reached

⊟

10.9 MB

⊟

10.9 MB

Max HTML report size reached

⊟

7.84 MB

⊟

7.84 MB

Max HTML report size reached

⊟

7.49 MB

⊟

7.49 MB

Max HTML report size reached

⊟

7.49 MB

⊟

7.49 MB

Max HTML report size reached

⊟

1.79 MB

⊟

1.79 MB

Max HTML report size reached

⊟

5.5 MB

⊟

5.5 MB

Max HTML report size reached

⊟

1.39 KB

⊟

1.28 KB

⊟

1.38 KB

⊟

1.27 KB

⊟

1.17 KB

⊟

1.06 KB

⊟

3.27 KB

⊟

3.16 KB

Ordering differences only

⊟

919 KB

⊟

919 KB

⊟

919 KB

⊟

919 KB

⊟

871 KB

⊟

871 KB

Ordering differences only

⊟

10.7 KB

⊟

10.6 KB

⊟

8.03 MB

⊟

8.03 MB

Max HTML report size reached

⊟

8.03 MB

⊟

8.03 MB

Max HTML report size reached

⊟

1.97 MB

⊟

1.97 MB

Max HTML report size reached

⊟

5.85 MB

⊟

5.85 MB

Max HTML report size reached

⊟

8.82 MB

⊟

8.82 MB

Max HTML report size reached

⊟

8.82 MB

⊟

8.82 MB

Max HTML report size reached

⊟

2.23 MB

⊟

2.23 MB

Max HTML report size reached

⊟

6.37 MB

⊟

6.37 MB

Max HTML report size reached

⊟

7.02 MB

⊟

7.02 MB

Max HTML report size reached

⊟

7.02 MB

⊟

7.02 MB

Max HTML report size reached

⊟

1.61 MB

⊟

1.61 MB

Max HTML report size reached

⊟

5.15 MB

⊟

5.15 MB

Max HTML report size reached

⊟

1.01 MB

⊟

1.01 MB

⊟

1.01 MB

⊟

1.01 MB

⊟

638 KB

⊟

638 KB

Ordering differences only

⊟

359 KB

⊟

359 KB

⊟

1.41 MB

⊟

1.41 MB

Max HTML report size reached

⊟

1.41 MB

⊟

1.41 MB

Max HTML report size reached

⊟

1.34 MB

⊟

1.34 MB

Max HTML report size reached

⊟

10.8 KB

⊟

10.7 KB

⊟

10.5 MB

⊟

10.5 MB

Max HTML report size reached

⊟

10.5 MB

⊟

10.5 MB

Max HTML report size reached

⊟

2.76 MB

⊟

2.76 MB

Max HTML report size reached

⊟

7.45 MB

⊟

7.45 MB

Max HTML report size reached

⊟

11.0 MB

⊟

11.0 MB

Max HTML report size reached

⊟

11.0 MB

⊟

11.0 MB

Max HTML report size reached

⊟

3.05 MB

⊟

3.05 MB

Max HTML report size reached

⊟

7.7 MB

⊟

7.7 MB

Max HTML report size reached

⊟

11.0 MB

⊟

11.0 MB

Max HTML report size reached

⊟

11.0 MB

⊟

11.0 MB

Max HTML report size reached

⊟

2.85 MB

⊟

2.85 MB

Max HTML report size reached

⊟

7.86 MB

⊟

7.86 MB

Max HTML report size reached

⊟

6.04 MB

⊟

6.04 MB

Max HTML report size reached

⊟

6.04 MB

⊟

6.04 MB

Max HTML report size reached

⊟

1.49 MB

⊟

1.49 MB

Max HTML report size reached

⊟

4.37 MB

⊟

4.37 MB

Max HTML report size reached

⊟

10.4 MB

⊟

10.4 MB

Max HTML report size reached

⊟

10.4 MB

⊟

10.4 MB

Max HTML report size reached

⊟

7.43 MB

⊟

7.43 MB

Max HTML report size reached

⊟

6.11 MB

⊟

6.11 MB

Max HTML report size reached

⊟

6.11 MB

⊟

6.11 MB

Max HTML report size reached

⊟

1.46 MB

⊟

1.46 MB

Max HTML report size reached

⊟

4.49 MB

⊟

4.49 MB

Max HTML report size reached

⊟

6.84 MB

⊟

6.84 MB

Max HTML report size reached

⊟

6.84 MB

⊟

6.84 MB

Max HTML report size reached

⊟

1.61 MB

⊟

1.61 MB

Max HTML report size reached

⊟

5.08 MB

⊟

5.08 MB

Max HTML report size reached

⊟

1.08 MB

⊟

1.08 MB

⊟

1.08 MB

⊟

1.08 MB

⊟

696 KB

⊟

696 KB

Ordering differences only

⊟

376 KB

⊟

376 KB


Offset 1, 6 lines modified		Offset 1, 6 lines modified

1	·~~295~~5~~dfb028c7cf43c~~5~~28f93aad~~6~~588eb~~·182~~240~~·admin·optional·ssg-applications_0.1.65-1_all.deb	1	·8bb5aace142414ae554deb708f6c6573·182188·admin·optional·ssg-applications_0.1.65-1_all.deb
2	·f7bae0738ce4e633a16dbb487c1b30d5·27788·admin·optional·ssg-base_0.1.65-1_all.deb	2	·f7bae0738ce4e633a16dbb487c1b30d5·27788·admin·optional·ssg-base_0.1.65-1_all.deb
3	·15dd06e9f234fb55e8e749b52fd73aa1·3396536·admin·optional·ssg-debderived_0.1.65-1_all.deb
4	·356b964c4499e5a97707c63bfe2d807c·831640·admin·optional·ssg-debian_0.1.65-1_all.deb
5	·~~c77011~~56ab020~~07ed~~8~~b59e76c676c97e·4047027~~2·admin·optional·ssg-~~non~~debian_0.1.65-1_all.deb	3	·b69db45ed040404786042bb1b1b4ff34·3394152·admin·optional·ssg-debderived_0.1.65-1_all.deb
		4	·0d407fcd7d4d59ce12841fe4c1ce6413·831460·admin·optional·ssg-debian_0.1.65-1_all.deb
		5	·e1e078ddf3dd030ee4a4ab81d0ea572d·40453244·admin·optional·ssg-nondebian_0.1.65-1_all.deb


Offset 1, 3 lines modified		Offset 1, 3 lines modified
1	-rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary	1	-rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary
2	-rw-r--r--···0········0········0·····1736·2022-12-20·09:54:05.000000·control.tar.xz	2	-rw-r--r--···0········0········0·····1740·2022-12-20·09:54:05.000000·control.tar.xz
3	-rw-r--r--···0········0········0···180~~312~~·2022-12-20·09:54:05.000000·data.tar.xz	3	-rw-r--r--···0········0········0···180256·2022-12-20·09:54:05.000000·data.tar.xz


Offset 50, 15 lines modified		Offset 50, 15 lines modified
50	***·Profile·Information·***	50	***·Profile·Information·***
51	Profile·Title·Upstream·STIG·for·Google·Chromium	51	Profile·Title·Upstream·STIG·for·Google·Chromium
52	Profile·ID····xccdf_org.ssgproject.content_profile_stig	52	Profile·ID····xccdf_org.ssgproject.content_profile_stig
53	*·CPE·Platforms·*	53	*·CPE·Platforms·*
54	····*·cpe:/a:google:chromium-browser	54	····*·cpe:/a:google:chromium-browser
55	***·Revision·History·***	55	***·Revision·History·***
56	Current·version:·0.1.65	56	Current·version:·0.1.65
57	····*·draft·(as·of·2024-01-22)	57	····*·draft·(as·of·2025-02-23)
58	***·Table·of·Contents·***	58	***·Table·of·Contents·***
59	···1.·Chromium	59	···1.·Chromium
60	***·Checklist·***	60	***·Checklist·***
61	Group ·Guide·to·the·Secure·Configuration·of·Chromium· Group·contains·1·group·and·37	61	Group ·Guide·to·the·Secure·Configuration·of·Chromium· Group·contains·1·group·and·37
62	rules	62	rules
63	Group ·Chromium· Group·contains·37·rules	63	Group ·Chromium· Group·contains·37·rules
64	[ref] ·Chromium·is·an·open-source·web·browser,·powered·by·WebKit·(Blink),·and	64	[ref] ·Chromium·is·an·open-source·web·browser,·powered·by·WebKit·(Blink),·and


Offset 14334, 16 lines modified		Offset 14334, 16 lines modified
00037fd0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</		00037fd0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</
00037fe0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve		00037fe0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve
00037ff0:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0		00037ff0:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0
00038000:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></		00038000:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></
00038010:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron		00038010:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron
00038020:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>		00038020:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>
00038030:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············		00038030:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00038040:·2020·2020·2028·6173·206f·6620·3230·3234·······(as·of·2024		00038040:·2020·2020·2028·6173·206f·6620·3230·3235·······(as·of·2025
00038050:·2d30·312d·3232·290a·2020·2020·2020·2020··-01-22).········		00038050:·2d30·322d·3233·290a·2020·2020·2020·2020··-02-23).········
00038060:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u		00038060:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u
00038070:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl		00038070:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl
00038080:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h		00038080:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h
00038090:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre		00038090:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre
000380a0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss		000380a0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss
000380b0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content		000380b0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
000380c0:·5f67·726f·7570·5f63·6872·6f6d·6975·6d22··_group_chromium"		000380c0:·5f67·726f·7570·5f63·6872·6f6d·6975·6d22··_group_chromium"


Offset 14331, 15 lines modified		Offset 14331, 15 lines modified
00037fa0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current		00037fa0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00037fb0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron		00037fb0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00037fc0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong		00037fc0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00037fd0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st		00037fd0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00037fe0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro		00037fe0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00037ff0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············		00037ff0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00038000:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2		00038000:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00038010:·3032·342d·3031·2d32·3229·0a20·2020·2020··024-01-22).·····		00038010:·3032·352d·3032·2d32·3329·0a20·2020·2020··025-02-23).·····
00038020:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>		00038020:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00038030:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T		00038030:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00038040:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents		00038040:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00038050:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·		00038050:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00038060:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org		00038060:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00038070:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont		00038070:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00038080:·656e·745f·6772·6f75·705f·6f70·656e·7368··ent_group_opensh		00038080:·656e·745f·6772·6f75·705f·6f70·656e·7368··ent_group_opensh


Offset 44, 15 lines modified		Offset 44, 15 lines modified
44	Profile·ID····xccdf_org.ssgproject.content_profile_cis-node	44	Profile·ID····xccdf_org.ssgproject.content_profile_cis-node
45	*·CPE·Platforms·*	45	*·CPE·Platforms·*
46	····*·cpe:/a:amazon:elastic_kubernetes_service_node:1.21	46	····*·cpe:/a:amazon:elastic_kubernetes_service_node:1.21
47	····*·cpe:/o:amazon:elastic_kubernetes_service_node:1	47	····*·cpe:/o:amazon:elastic_kubernetes_service_node:1
48	····*·cpe:/a:amazon:elastic_kubernetes_service:1	48	····*·cpe:/a:amazon:elastic_kubernetes_service:1
49	***·Revision·History·***	49	***·Revision·History·***
50	Current·version:·0.1.65	50	Current·version:·0.1.65
51	····*·draft·(as·of·2024-01-22)	51	····*·draft·(as·of·2025-02-23)
52	***·Table·of·Contents·***	52	***·Table·of·Contents·***
53	···1.·Kubernetes_Settings	53	···1.·Kubernetes_Settings
54	·········1.·Kubernetes_Kubelet_Settings	54	·········1.·Kubernetes_Kubelet_Settings
55	·········2.·Kubernetes_-_Worker_Node_Settings	55	·········2.·Kubernetes_-_Worker_Node_Settings
56	***·Checklist·***	56	***·Checklist·***
57	Group ·Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service· Group	57	Group ·Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service· Group
58	contains·3·groups·and·7·rules	58	contains·3·groups·and·7·rules


Offset 14330, 15 lines modified		Offset 14330, 15 lines modified
00037f90:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>		00037f90:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00037fa0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:		00037fa0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00037fb0:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<		00037fb0:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00037fc0:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>		00037fc0:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00037fd0:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf		00037fd0:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00037fe0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····		00037fe0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00037ff0:·2020·2020·2020·2020·2020·2020·2020·2028·················(		00037ff0:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00038000:·6173·206f·6620·3230·3234·2d30·312d·3232··as·of·2024-01-22		00038000:·6173·206f·6620·3230·3235·2d30·322d·3233··as·of·2025-02-23
00038010:·290a·2020·2020·2020·2020·2020·2020·2020··).··············		00038010:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
00038020:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di		00038020:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
00038030:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C		00038030:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
00038040:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>		00038040:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
00038050:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc		00038050:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
00038060:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje		00038060:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00038070:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group		00038070:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group


Offset 14331, 15 lines modified		Offset 14331, 15 lines modified
00037fa0:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>		00037fa0:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00037fb0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:		00037fb0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00037fc0:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<		00037fc0:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00037fd0:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>		00037fd0:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00037fe0:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf		00037fe0:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00037ff0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····		00037ff0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00038000:·2020·2020·2020·2020·2020·2020·2020·2028·················(		00038000:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00038010:·6173·206f·6620·3230·3234·2d30·312d·3232··as·of·2024-01-22		00038010:·6173·206f·6620·3230·3235·2d30·322d·3233··as·of·2025-02-23
00038020:·290a·2020·2020·2020·2020·2020·2020·2020··).··············		00038020:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
00038030:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di		00038030:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
00038040:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C		00038040:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
00038050:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>		00038050:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
00038060:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc		00038060:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
00038070:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje		00038070:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00038080:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group		00038080:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group


Offset 28, 15 lines modified		Offset 28, 15 lines modified
28	········<cpe-dict:title·xml:lang="en-us">Google·Chromium·Browser</cpe-dict:title>	28	········<cpe-dict:title·xml:lang="en-us">Google·Chromium·Browser</cpe-dict:title>
29	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-chromium-cpe-oval.xml">oval:ssg-installed_app_is_chromium:def:1</cpe-dict:check>	29	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-chromium-cpe-oval.xml">oval:ssg-installed_app_is_chromium:def:1</cpe-dict:check>
30	······</cpe-dict:cpe-item>	30	······</cpe-dict:cpe-item>
31	····</cpe-dict:cpe-list>	31	····</cpe-dict:cpe-list>
32	··</ds:component>	32	··</ds:component>
33	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-xccdf.xml"·timestamp="2022-12-20T09:54:05">	33	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-xccdf.xml"·timestamp="2022-12-20T09:54:05">
34	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	34	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
35	······<xccdf-1.2:status·date="2024-01-22">draft</xccdf-1.2:status>	35	······<xccdf-1.2:status·date="2025-02-23">draft</xccdf-1.2:status>
36	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>	36	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>
37	······<xccdf-1.2:description>	37	······<xccdf-1.2:description>
38	········This·guide·presents·a·catalog·of·security-relevant	38	········This·guide·presents·a·catalog·of·security-relevant
39	configuration·settings·for·Chromium.·It·is·a·rendering·of	39	configuration·settings·for·Chromium.·It·is·a·rendering·of
40	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	40	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
41	in·order·to·support·security·automation.··The·SCAP·content·is	41	in·order·to·support·security·automation.··The·SCAP·content·is
42	is·available·in·the	42	is·available·in·the
Offset 2477, 463 lines modified		Offset 2477, 463 lines modified
2477	······<ocil:generator>	2477	······<ocil:generator>
2478	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	2478	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
2479	········<ocil:product_version>ssg:·0.1.65</ocil:product_version>	2479	········<ocil:product_version>ssg:·0.1.65</ocil:product_version>
2480	········<ocil:schema_version>2.0</ocil:schema_version>	2480	········<ocil:schema_version>2.0</ocil:schema_version>
2481	········<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>	2481	········<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>
2482	······</ocil:generator>	2482	······</ocil:generator>
2483	······<ocil:questionnaires>	2483	······<ocil:questionnaires>
2484	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_go~~ogle_sy~~nc_ocil:questionnaire:1">	2484	········<ocil:questionnaire·id="ocil:ssg-chromium_default_block_plugins_ocil:questionnaire:1">
		2485	··········<ocil:title>Block·Plugins·by·Default</ocil:title>
2485	··········<ocil:title>Disable·Data·Synchronization·to·Google</ocil:title>
2486	··········<ocil:actions>
2487	············<ocil:test_action_ref>ocil:ssg-chromium_disable_google_sync_action:testaction:1</ocil:test_action_ref>
2488	··········</ocil:actions>
2489	········</ocil:questionnaire>
2490	········<ocil:questionnaire·id="ocil:ssg-chromium_enable_safe_browsing_ocil:questionnaire:1">
2491	··········<ocil:title>Enable·the·Safe·Browsing·Feature</ocil:title>
2492	··········<ocil:actions>
2493	············<ocil:test_action_ref>ocil:ssg-chromium_enable_safe_browsing_action:testaction:1</ocil:test_action_ref>
2494	··········</ocil:actions>
2495	········</ocil:questionnaire>
2496	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_password_manager_ocil:questionnaire:1">
2497	··········<ocil:title>Disable·Chromium·Password·Manager</ocil:title>
2498	··········<ocil:actions>	2486	··········<ocil:actions>
2499	············<ocil:test_action_ref>ocil:ssg-chromium_disable_~~pas~~sword_~~manager~~_action:testaction:1</ocil:test_action_ref>	2487	············<ocil:test_action_ref>ocil:ssg-chromium_default_block_plugins_action:testaction:1</ocil:test_action_ref>
2500	··········</ocil:actions>	2488	··········</ocil:actions>
2501	········</ocil:questionnaire>	2489	········</ocil:questionnaire>
2502	········<ocil:questionnaire·id="ocil:ssg-chromium_policy_~~fil~~e_ocil:questionnaire:1">	2490	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_protocol_schemas_ocil:questionnaire:1">
2503	··········<ocil:title>Ensure·~~the·Ch~~r~~omium~~·Pol~~icy~~·~~Config~~uration·Fil~~e·Exist~~s</ocil:title>	2491	··········<ocil:title>Disable·Insecure·And·Obsolete·Protocol·Schemas</ocil:title>
2504	··········<ocil:actions>	2492	··········<ocil:actions>
2505	············<ocil:test_action_ref>ocil:ssg-chromium_policy_~~fil~~e_action:testaction:1</ocil:test_action_ref>	2493	············<ocil:test_action_ref>ocil:ssg-chromium_disable_protocol_schemas_action:testaction:1</ocil:test_action_ref>
2506	··········</ocil:actions>	2494	··········</ocil:actions>
2507	········</ocil:questionnaire>	2495	········</ocil:questionnaire>
2508	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_outda~~ted~~_~~plu~~gins_ocil:questionnaire:1">	2496	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_search_suggestions_ocil:questionnaire:1">
2509	··········<ocil:title>Disable·Outda~~ted~~·~~Plu~~gins</ocil:title>	2497	··········<ocil:title>Disable·Search·Suggestion</ocil:title>
2510	··········<ocil:actions>	2498	··········<ocil:actions>
2511	············<ocil:test_action_ref>ocil:ssg-chromium_disable_outda~~ted~~_~~plu~~gins_action:testaction:1</ocil:test_action_ref>	2499	············<ocil:test_action_ref>ocil:ssg-chromium_disable_search_suggestions_action:testaction:1</ocil:test_action_ref>
2512	··········</ocil:actions>	2500	··········</ocil:actions>
2513	········</ocil:questionnaire>	2501	········</ocil:questionnaire>
2514	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_cleartext_p~~asswo~~rds_ocil:questionnaire:1">	2502	········<ocil:questionnaire·id="ocil:ssg-chromium_default_search_provider_name_ocil:questionnaire:1">
2515	··········<ocil:title>~~Disabl~~e·~~Use·of·Cl~~eartext·P~~asswo~~rds</ocil:title>	2503	··········<ocil:title>Set·the·Default·Search·Provider's·URL</ocil:title>
2516	··········<ocil:actions>	2504	··········<ocil:actions>
2517	············<ocil:test_action_ref>ocil:ssg-chromium_disable_cleartext_p~~asswo~~rds_action:testaction:1</ocil:test_action_ref>	2505	············<ocil:test_action_ref>ocil:ssg-chromium_default_search_provider_name_action:testaction:1</ocil:test_action_ref>
2518	··········</ocil:actions>	2506	··········</ocil:actions>
2519	········</ocil:questionnaire>	2507	········</ocil:questionnaire>
2520	········<ocil:questionnaire·id="ocil:ssg-chromium_disabl~~e_c~~loud~~_pr~~int_sharing_ocil:questionnaire:1">	2508	········<ocil:questionnaire·id="ocil:ssg-chromium_disallow_location_tracking_ocil:questionnaire:1">
2521	··········<ocil:title>Disable·Cloud~~·Pr~~int·Sharing</ocil:title>	2509	··········<ocil:title>Disable·Location·Tracking</ocil:title>
2522	··········<ocil:actions>	2510	··········<ocil:actions>
2523	············<ocil:test_action_ref>ocil:ssg-chromium_disabl~~e_c~~loud~~_pr~~int_sharing_action:testaction:1</ocil:test_action_ref>	2511	············<ocil:test_action_ref>ocil:ssg-chromium_disallow_location_tracking_action:testaction:1</ocil:test_action_ref>
2524	··········</ocil:actions>	2512	··········</ocil:actions>
2525	········</ocil:questionnaire>	2513	········</ocil:questionnaire>
2526	········<ocil:questionnaire·id="ocil:ssg-chromium_block_desktop_notifications_ocil:questionnaire:1">	2514	········<ocil:questionnaire·id="ocil:ssg-chromium_block_desktop_notifications_ocil:questionnaire:1">
2527	··········<ocil:title>Prevent·Desktop·Notifications</ocil:title>	2515	··········<ocil:title>Prevent·Desktop·Notifications</ocil:title>
2528	··········<ocil:actions>	2516	··········<ocil:actions>
2529	············<ocil:test_action_ref>ocil:ssg-chromium_block_desktop_notifications_action:testaction:1</ocil:test_action_ref>	2517	············<ocil:test_action_ref>ocil:ssg-chromium_block_desktop_notifications_action:testaction:1</ocil:test_action_ref>
2530	··········</ocil:actions>	2518	··········</ocil:actions>
2531	········</ocil:questionnaire>	2519	········</ocil:questionnaire>
2532	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~plug~~in_~~blackl~~ist_ocil:questionnaire:1">	2520	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_metrics_reporting_ocil:questionnaire:1">
2533	··········<ocil:title>Disable·~~All·Plug~~ins·b~~y·Default~~</ocil:title>	2521	··········<ocil:title>Disable·Metrics·Reporting</ocil:title>
2534	··········<ocil:actions>	2522	··········<ocil:actions>
2535	············<ocil:test_action_ref>ocil:ssg-chromium_disable_~~plug~~in_~~blackl~~ist_action:testaction:1</ocil:test_action_ref>	2523	············<ocil:test_action_ref>ocil:ssg-chromium_disable_metrics_reporting_action:testaction:1</ocil:test_action_ref>
2536	··········</ocil:actions>	2524	··········</ocil:actions>
2537	········</ocil:questionnaire>	2525	········</ocil:questionnaire>
2538	········<ocil:questionnaire·id="ocil:ssg-chromium_~~disabl~~e_~~backgr~~ound_~~proc~~essing_ocil:questionnaire:1">	2526	········<ocil:questionnaire·id="ocil:ssg-chromium_extension_whitelist_ocil:questionnaire:1">
2539	··········<ocil:title>Disable·~~Backg~~round·P~~roc~~essing</ocil:title>	2527	··········<ocil:title>Enable·Only·Approved·Extensions</ocil:title>
2540	··········<ocil:actions>	2528	··········<ocil:actions>
2541	············<ocil:test_action_ref>ocil:ssg-chromium_~~disabl~~e_~~backgr~~ound_~~proc~~essing_action:testaction:1</ocil:test_action_ref>	2529	············<ocil:test_action_ref>ocil:ssg-chromium_extension_whitelist_action:testaction:1</ocil:test_action_ref>
2542	··········</ocil:actions>	2530	··········</ocil:actions>
2543	········</ocil:questionnaire>	2531	········</ocil:questionnaire>
2544	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~sessi~~on_c~~ook~~ies_ocil:questionnaire:1">	2532	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_background_processing_ocil:questionnaire:1">
2545	··········<ocil:title>Disable·~~Sessi~~on·Cookies</ocil:title>	2533	··········<ocil:title>Disable·Background·Processing</ocil:title>
2546	··········<ocil:actions>	2534	··········<ocil:actions>
2547	············<ocil:test_action_ref>ocil:ssg-chromium_disable_~~sessi~~on_c~~ook~~ies_action:testaction:1</ocil:test_action_ref>	2535	············<ocil:test_action_ref>ocil:ssg-chromium_disable_background_processing_action:testaction:1</ocil:test_action_ref>
2548	··········</ocil:actions>	2536	··········</ocil:actions>
2549	········</ocil:questionnaire>	2537	········</ocil:questionnaire>
2550	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_auto~~com~~plete_ocil:questionnaire:1">	2538	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_network_prediction_ocil:questionnaire:1">
2551	··········<ocil:title>Disable·the·~~AutoFill·Fea~~t~~ure~~</ocil:title>	2539	··········<ocil:title>Disable·Network·Prediction</ocil:title>
2552	··········<ocil:actions>	2540	··········<ocil:actions>
2553	············<ocil:test_action_ref>ocil:ssg-chromium_disable_auto~~com~~plete_action:testaction:1</ocil:test_action_ref>	2541	············<ocil:test_action_ref>ocil:ssg-chromium_disable_network_prediction_action:testaction:1</ocil:test_action_ref>
2554	··········</ocil:actions>	2542	··········</ocil:actions>
2555	········</ocil:questionnaire>	2543	········</ocil:questionnaire>
2556	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_po~~pups~~_ocil:questionnaire:1">	2544	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_incognito_mode_ocil:questionnaire:1">
2557	··········<ocil:title>Disable·Po~~pups~~</ocil:title>	2545	··········<ocil:title>Disable·Incognito·Mode</ocil:title>
2558	··········<ocil:actions>	2546	··········<ocil:actions>
2559	············<ocil:test_action_ref>ocil:ssg-chromium_disable_po~~pups~~_action:testaction:1</ocil:test_action_ref>	2547	············<ocil:test_action_ref>ocil:ssg-chromium_disable_incognito_mode_action:testaction:1</ocil:test_action_ref>
2560	··········</ocil:actions>	2548	··········</ocil:actions>
2561	········</ocil:questionnaire>	2549	········</ocil:questionnaire>
2562	········<ocil:questionnaire·id="ocil:ssg-chromium_enable_bro~~wse~~r~~_hi~~story_ocil:questionnaire:1">	2550	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_cloud_print_sharing_ocil:questionnaire:1">
2563	··········<ocil:title>Enable·~~Saving·the~~·Brow~~ser~~·~~History~~</ocil:title>	2551	··········<ocil:title>Disable·Cloud·Print·Sharing</ocil:title>
2564	··········<ocil:actions>	2552	··········<ocil:actions>
2565	············<ocil:test_action_ref>ocil:ssg-chromium_enable_bro~~wse~~r~~_hi~~story_action:testaction:1</ocil:test_action_ref>	2553	············<ocil:test_action_ref>ocil:ssg-chromium_disable_cloud_print_sharing_action:testaction:1</ocil:test_action_ref>
2566	··········</ocil:actions>	2554	··········</ocil:actions>
2567	········</ocil:questionnaire>	2555	········</ocil:questionnaire>
2568	········<ocil:questionnaire·id="ocil:ssg-chromium_~~bla~~cklist_~~extension~~_i~~nstal~~l~~atio~~n_ocil:questionnaire:1">	2556	········<ocil:questionnaire·id="ocil:ssg-chromium_policy_file_ocil:questionnaire:1">
2569	··········<ocil:title>Dis~~abl~~e·All·~~Extens~~ions·~~by·Defaul~~t</ocil:title>	2557	··········<ocil:title>Ensure·the·Chromium·Policy·Configuration·File·Exists</ocil:title>
2570	··········<ocil:actions>	2558	··········<ocil:actions>
2571	············<ocil:test_action_ref>ocil:ssg-chromium_~~bla~~cklist_~~extension~~_i~~nstal~~l~~atio~~n_action:testaction:1</ocil:test_action_ref>	2559	············<ocil:test_action_ref>ocil:ssg-chromium_policy_file_action:testaction:1</ocil:test_action_ref>
2572	··········</ocil:actions>	2560	··········</ocil:actions>
2573	········</ocil:questionnaire>	2561	········</ocil:questionnaire>
2574	········<ocil:questionnaire·id="ocil:ssg-chromium_~~disable~~_aut~~oma~~tic~~_install~~ation_ocil:questionnaire:1">	2562	········<ocil:questionnaire·id="ocil:ssg-chromium_http_authentication_ocil:questionnaire:1">
2575	··········<ocil:title>~~Disable~~·~~Aut~~oma~~tic·Search~~·A~~nd·I~~nstallation~~·of~~·P~~lugins~~</ocil:title>	2563	··········<ocil:title>Set·Chromium's·HTTP·Authentication·Scheme</ocil:title>
2576	··········<ocil:actions>	2564	··········<ocil:actions>
2577	············<ocil:test_action_ref>ocil:ssg-chromium_~~disable~~_aut~~oma~~tic~~_install~~ation_action:testaction:1</ocil:test_action_ref>	2565	············<ocil:test_action_ref>ocil:ssg-chromium_http_authentication_action:testaction:1</ocil:test_action_ref>
2578	··········</ocil:actions>	2566	··········</ocil:actions>
2579	········</ocil:questionnaire>	2567	········</ocil:questionnaire>
2580	········<ocil:questionnaire·id="ocil:ssg-chromium_disallow_lo~~cati~~on_~~tracki~~ng_ocil:questionnaire:1">	2568	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_google_sync_ocil:questionnaire:1">
2581	··········<ocil:title>Disable·Location·~~Tracking~~</ocil:title>	2569	··········<ocil:title>Disable·Data·Synchronization·to·Google</ocil:title>
2582	··········<ocil:actions>	2570	··········<ocil:actions>
2583	············<ocil:test_action_ref>ocil:ssg-chromium_disallow_lo~~cati~~on_~~tracki~~ng_action:testaction:1</ocil:test_action_ref>	2571	············<ocil:test_action_ref>ocil:ssg-chromium_disable_google_sync_action:testaction:1</ocil:test_action_ref>
2584	··········</ocil:actions>	2572	··········</ocil:actions>
2585	········</ocil:questionnaire>	2573	········</ocil:questionnaire>
2586	········<ocil:questionnaire·id="ocil:ssg-chromium_check_cert_revocation_ocil:questionnaire:1">	2574	········<ocil:questionnaire·id="ocil:ssg-chromium_check_cert_revocation_ocil:questionnaire:1">
Max diff block lines reached; 65006/77098 bytes (84.32%) of diff not shown.


Offset 3, 463 lines modified		Offset 3, 463 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.65</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.65</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>	7	····<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_go~~ogle_sy~~nc_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-chromium_default_block_plugins_ocil:questionnaire:1">
		11	······<ocil:title>Block·Plugins·by·Default</ocil:title>
11	······<ocil:title>Disable·Data·Synchronization·to·Google</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-chromium_disable_google_sync_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-chromium_enable_safe_browsing_ocil:questionnaire:1">
17	······<ocil:title>Enable·the·Safe·Browsing·Feature</ocil:title>
18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-chromium_enable_safe_browsing_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>
21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_password_manager_ocil:questionnaire:1">
23	······<ocil:title>Disable·Chromium·Password·Manager</ocil:title>
24	······<ocil:actions>	12	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-chromium_disable_~~pas~~sword_~~manager~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-chromium_default_block_plugins_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	14	······</ocil:actions>
27	····</ocil:questionnaire>	15	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-chromium_policy_~~fil~~e_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_protocol_schemas_ocil:questionnaire:1">
29	······<ocil:title>Ensure·~~the·Ch~~r~~omium~~·Pol~~icy~~·~~Config~~uration·Fil~~e·Exist~~s</ocil:title>	17	······<ocil:title>Disable·Insecure·And·Obsolete·Protocol·Schemas</ocil:title>
30	······<ocil:actions>	18	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-chromium_policy_~~fil~~e_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-chromium_disable_protocol_schemas_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	20	······</ocil:actions>
33	····</ocil:questionnaire>	21	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_outda~~ted~~_~~plu~~gins_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_search_suggestions_ocil:questionnaire:1">
35	······<ocil:title>Disable·Outda~~ted~~·~~Plu~~gins</ocil:title>	23	······<ocil:title>Disable·Search·Suggestion</ocil:title>
36	······<ocil:actions>	24	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-chromium_disable_outda~~ted~~_~~plu~~gins_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-chromium_disable_search_suggestions_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	26	······</ocil:actions>
39	····</ocil:questionnaire>	27	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_cleartext_p~~asswo~~rds_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-chromium_default_search_provider_name_ocil:questionnaire:1">
41	······<ocil:title>~~Disabl~~e·~~Use·of·Cl~~eartext·P~~asswo~~rds</ocil:title>	29	······<ocil:title>Set·the·Default·Search·Provider's·URL</ocil:title>
42	······<ocil:actions>	30	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-chromium_disable_cleartext_p~~asswo~~rds_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-chromium_default_search_provider_name_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	32	······</ocil:actions>
45	····</ocil:questionnaire>	33	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-chromium_disabl~~e_c~~loud~~_pr~~int_sharing_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-chromium_disallow_location_tracking_ocil:questionnaire:1">
47	······<ocil:title>Disable·Cloud~~·Pr~~int·Sharing</ocil:title>	35	······<ocil:title>Disable·Location·Tracking</ocil:title>
48	······<ocil:actions>	36	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-chromium_disabl~~e_c~~loud~~_pr~~int_sharing_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-chromium_disallow_location_tracking_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	38	······</ocil:actions>
51	····</ocil:questionnaire>	39	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-chromium_block_desktop_notifications_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-chromium_block_desktop_notifications_ocil:questionnaire:1">
53	······<ocil:title>Prevent·Desktop·Notifications</ocil:title>	41	······<ocil:title>Prevent·Desktop·Notifications</ocil:title>
54	······<ocil:actions>	42	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-chromium_block_desktop_notifications_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-chromium_block_desktop_notifications_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	44	······</ocil:actions>
57	····</ocil:questionnaire>	45	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~plug~~in_~~blackl~~ist_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_metrics_reporting_ocil:questionnaire:1">
59	······<ocil:title>Disable·~~All·Plug~~ins·b~~y·Default~~</ocil:title>	47	······<ocil:title>Disable·Metrics·Reporting</ocil:title>
60	······<ocil:actions>	48	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-chromium_disable_~~plug~~in_~~blackl~~ist_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-chromium_disable_metrics_reporting_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	50	······</ocil:actions>
63	····</ocil:questionnaire>	51	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-chromium_~~disabl~~e_~~backgr~~ound_~~proc~~essing_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-chromium_extension_whitelist_ocil:questionnaire:1">
65	······<ocil:title>Disable·~~Backg~~round·P~~roc~~essing</ocil:title>	53	······<ocil:title>Enable·Only·Approved·Extensions</ocil:title>
66	······<ocil:actions>	54	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-chromium_~~disabl~~e_~~backgr~~ound_~~proc~~essing_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-chromium_extension_whitelist_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	56	······</ocil:actions>
69	····</ocil:questionnaire>	57	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~sessi~~on_c~~ook~~ies_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_background_processing_ocil:questionnaire:1">
71	······<ocil:title>Disable·~~Sessi~~on·Cookies</ocil:title>	59	······<ocil:title>Disable·Background·Processing</ocil:title>
72	······<ocil:actions>	60	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-chromium_disable_~~sessi~~on_c~~ook~~ies_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-chromium_disable_background_processing_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	62	······</ocil:actions>
75	····</ocil:questionnaire>	63	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_auto~~com~~plete_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_network_prediction_ocil:questionnaire:1">
77	······<ocil:title>Disable·the·~~AutoFill·Fea~~t~~ure~~</ocil:title>	65	······<ocil:title>Disable·Network·Prediction</ocil:title>
78	······<ocil:actions>	66	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-chromium_disable_auto~~com~~plete_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-chromium_disable_network_prediction_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	68	······</ocil:actions>
81	····</ocil:questionnaire>	69	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_po~~pups~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_incognito_mode_ocil:questionnaire:1">
83	······<ocil:title>Disable·Po~~pups~~</ocil:title>	71	······<ocil:title>Disable·Incognito·Mode</ocil:title>
84	······<ocil:actions>	72	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-chromium_disable_po~~pups~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-chromium_disable_incognito_mode_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	74	······</ocil:actions>
87	····</ocil:questionnaire>	75	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-chromium_enable_bro~~wse~~r~~_hi~~story_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_cloud_print_sharing_ocil:questionnaire:1">
89	······<ocil:title>Enable·~~Saving·the~~·Brow~~ser~~·~~History~~</ocil:title>	77	······<ocil:title>Disable·Cloud·Print·Sharing</ocil:title>
90	······<ocil:actions>	78	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-chromium_enable_bro~~wse~~r~~_hi~~story_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-chromium_disable_cloud_print_sharing_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	80	······</ocil:actions>
93	····</ocil:questionnaire>	81	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-chromium_~~bla~~cklist_~~extension~~_i~~nstal~~l~~atio~~n_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-chromium_policy_file_ocil:questionnaire:1">
95	······<ocil:title>Dis~~abl~~e·All·~~Extens~~ions·~~by·Defaul~~t</ocil:title>	83	······<ocil:title>Ensure·the·Chromium·Policy·Configuration·File·Exists</ocil:title>
96	······<ocil:actions>	84	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-chromium_~~bla~~cklist_~~extension~~_i~~nstal~~l~~atio~~n_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-chromium_policy_file_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	86	······</ocil:actions>
99	····</ocil:questionnaire>	87	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-chromium_~~disable~~_aut~~oma~~tic~~_install~~ation_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-chromium_http_authentication_ocil:questionnaire:1">
101	······<ocil:title>~~Disable~~·~~Aut~~oma~~tic·Search~~·A~~nd·I~~nstallation~~·of~~·P~~lugins~~</ocil:title>	89	······<ocil:title>Set·Chromium's·HTTP·Authentication·Scheme</ocil:title>
102	······<ocil:actions>	90	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-chromium_~~disable~~_aut~~oma~~tic~~_install~~ation_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-chromium_http_authentication_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	92	······</ocil:actions>
105	····</ocil:questionnaire>	93	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-chromium_disallow_lo~~cati~~on_~~tracki~~ng_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_google_sync_ocil:questionnaire:1">
107	······<ocil:title>Disable·Location·~~Tracking~~</ocil:title>	95	······<ocil:title>Disable·Data·Synchronization·to·Google</ocil:title>
108	······<ocil:actions>	96	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-chromium_disallow_lo~~cati~~on_~~tracki~~ng_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-chromium_disable_google_sync_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	98	······</ocil:actions>
111	····</ocil:questionnaire>	99	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-chromium_check_cert_revocation_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-chromium_check_cert_revocation_ocil:questionnaire:1">
113	······<ocil:title>Enable·Online·OCSP/CRL·Certificate·Checks</ocil:title>	101	······<ocil:title>Enable·Online·OCSP/CRL·Certificate·Checks</ocil:title>
114	······<ocil:actions>	102	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-chromium_check_cert_revocation_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-chromium_check_cert_revocation_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	104	······</ocil:actions>
117	····</ocil:questionnaire>	105	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-chromium_~~whit~~e~~list_plug~~i~~n_u~~rls_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-chromium_enable_browser_history_ocil:questionnaire:1">
119	······<ocil:title>Enable·P~~lug~~ins·~~for~~·On~~ly·App~~ro~~ved·URLs~~</ocil:title>	107	······<ocil:title>Enable·Saving·the·Browser·History</ocil:title>
120	······<ocil:actions>	108	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-chromium_~~whit~~e~~list_plug~~i~~n_u~~rls_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-chromium_enable_browser_history_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	110	······</ocil:actions>
123	····</ocil:questionnaire>	111	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-chromium_~~trust~~e~~d_h~~o~~me_pag~~e_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_session_cookies_ocil:questionnaire:1">
125	······<ocil:title>~~Set·th~~e·De~~fault~~·Home~~·Page~~</ocil:title>	113	······<ocil:title>Disable·Session·Cookies</ocil:title>
126	······<ocil:actions>	114	······<ocil:actions>
127	········<ocil:test_action_ref>ocil:ssg-chromium_~~trust~~e~~d_h~~o~~me_pag~~e_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-chromium_disable_session_cookies_action:testaction:1</ocil:test_action_ref>
128	······</ocil:actions>	116	······</ocil:actions>
Max diff block lines reached; 60212/71883 bytes (83.76%) of diff not shown.


Offset 1, 10 lines modified		Offset 1, 10 lines modified
1	<?xml·version="1.0"·encoding="utf-8"?>	1	<?xml·version="1.0"·encoding="utf-8"?>
2	<xccdf-1.2:Benchmark·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	2	<xccdf-1.2:Benchmark·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3	··<xccdf-1.2:status·date="2024-01-22">draft</xccdf-1.2:status>	3	··<xccdf-1.2:status·date="2025-02-23">draft</xccdf-1.2:status>
4	··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>	4	··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>
5	··<xccdf-1.2:description>	5	··<xccdf-1.2:description>
6	····This·guide·presents·a·catalog·of·security-relevant	6	····This·guide·presents·a·catalog·of·security-relevant
7	configuration·settings·for·Chromium.·It·is·a·rendering·of	7	configuration·settings·for·Chromium.·It·is·a·rendering·of
8	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	8	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9	in·order·to·support·security·automation.··The·SCAP·content·is	9	in·order·to·support·security·automation.··The·SCAP·content·is
10	is·available·in·the	10	is·available·in·the


Offset 36, 15 lines modified		Offset 36, 15 lines modified
36	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·Node</cpe-dict:title>	36	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·Node</cpe-dict:title>
37	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks_node:def:1</cpe-dict:check>	37	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks_node:def:1</cpe-dict:check>
38	······</cpe-dict:cpe-item>	38	······</cpe-dict:cpe-item>
39	····</cpe-dict:cpe-list>	39	····</cpe-dict:cpe-list>
40	··</ds:component>	40	··</ds:component>
41	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-xccdf.xml"·timestamp="2022-12-20T09:54:05">	41	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-xccdf.xml"·timestamp="2022-12-20T09:54:05">
42	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	42	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
43	······<xccdf-1.2:status·date="2024-01-22">draft</xccdf-1.2:status>	43	······<xccdf-1.2:status·date="2025-02-23">draft</xccdf-1.2:status>
44	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>	44	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>
45	······<xccdf-1.2:description>	45	······<xccdf-1.2:description>
46	········This·guide·presents·a·catalog·of·security-relevant	46	········This·guide·presents·a·catalog·of·security-relevant
47	configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of	47	configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of
48	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	48	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
49	in·order·to·support·security·automation.··The·SCAP·content·is	49	in·order·to·support·security·automation.··The·SCAP·content·is
50	is·available·in·the	50	is·available·in·the
Offset 87, 22 lines modified		Offset 87, 22 lines modified
87	········<html:a·href="https://www.open-scap.org/security-policies/scap-security-guide">https://www.open-scap.org/security-policies/scap-security-guide</html:a>	87	········<html:a·href="https://www.open-scap.org/security-policies/scap-security-guide">https://www.open-scap.org/security-policies/scap-security-guide</html:a>
88	······</xccdf-1.2:front-matter>	88	······</xccdf-1.2:front-matter>
89	······<xccdf-1.2:rear-matter>Red·Hat·and·Red·Hat·Enterprise·Linux·are·either·registered	89	······<xccdf-1.2:rear-matter>Red·Hat·and·Red·Hat·Enterprise·Linux·are·either·registered
90	trademarks·or·trademarks·of·Red·Hat,·Inc.·in·the·United·States·and·other	90	trademarks·or·trademarks·of·Red·Hat,·Inc.·in·the·United·States·and·other
91	countries.·All·other·names·are·registered·trademarks·or·trademarks·of·their	91	countries.·All·other·names·are·registered·trademarks·or·trademarks·of·their
92	respective·companies.</xccdf-1.2:rear-matter>	92	respective·companies.</xccdf-1.2:rear-matter>
93	······<cpe-lang:platform-specification>	93	······<cpe-lang:platform-specification>
94	········<cpe-lang:platform·id="eks~~-node~~">	94	········<cpe-lang:platform·id="eks">
95	··········<cpe-lang:logical-test·operator="AND"·negate="false">	95	··········<cpe-lang:logical-test·operator="AND"·negate="false">
96	············<cpe-lang:fact-ref·name="cpe:/o:amazon:elastic_kubernetes_servic~~e_nod~~e:1"/>	96	············<cpe-lang:fact-ref·name="cpe:/a:amazon:elastic_kubernetes_service:1"/>
97	··········</cpe-lang:logical-test>	97	··········</cpe-lang:logical-test>
98	········</cpe-lang:platform>	98	········</cpe-lang:platform>
99	········<cpe-lang:platform·id="eks">	99	········<cpe-lang:platform·id="eks-node">
100	··········<cpe-lang:logical-test·operator="AND"·negate="false">	100	··········<cpe-lang:logical-test·operator="AND"·negate="false">
101	············<cpe-lang:fact-ref·name="cpe:/a:amazon:elastic_kubernetes_service:1"/>	101	············<cpe-lang:fact-ref·name="cpe:/o:amazon:elastic_kubernetes_service_node:1"/>
102	··········</cpe-lang:logical-test>	102	··········</cpe-lang:logical-test>
103	········</cpe-lang:platform>	103	········</cpe-lang:platform>
104	······</cpe-lang:platform-specification>	104	······</cpe-lang:platform-specification>
105	······<xccdf-1.2:platform·idref="cpe:/a:amazon:elastic_kubernetes_service_node:1.21"/>	105	······<xccdf-1.2:platform·idref="cpe:/a:amazon:elastic_kubernetes_service_node:1.21"/>
106	······<xccdf-1.2:platform·idref="cpe:/o:amazon:elastic_kubernetes_service_node:1"/>	106	······<xccdf-1.2:platform·idref="cpe:/o:amazon:elastic_kubernetes_service_node:1"/>
107	······<xccdf-1.2:platform·idref="cpe:/a:amazon:elastic_kubernetes_service:1"/>	107	······<xccdf-1.2:platform·idref="cpe:/a:amazon:elastic_kubernetes_service:1"/>
108	······<xccdf-1.2:version·update="https://github.com/ComplianceAsCode/content/releases/latest">0.1.65</xccdf-1.2:version>	108	······<xccdf-1.2:version·update="https://github.com/ComplianceAsCode/content/releases/latest">0.1.65</xccdf-1.2:version>
Offset 7562, 479 lines modified		Offset 7562, 479 lines modified
7562	······<ocil:generator>	7562	······<ocil:generator>
7563	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	7563	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
7564	········<ocil:product_version>ssg:·0.1.65</ocil:product_version>	7564	········<ocil:product_version>ssg:·0.1.65</ocil:product_version>
7565	········<ocil:schema_version>2.0</ocil:schema_version>	7565	········<ocil:schema_version>2.0</ocil:schema_version>
7566	········<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>	7566	········<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>
7567	······</ocil:generator>	7567	······</ocil:generator>
7568	······<ocil:questionnaires>	7568	······<ocil:questionnaires>
7569	········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_~~str~~e~~aming_connec~~tions_ocil:questionnaire:1">	7569	········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_client_cert_rotation_master_ocil:questionnaire:1">
7570	··········<ocil:title>kubelet·-·~~Do·Not~~·Di~~sable·S~~t~~reaming~~·~~Timeouts~~</ocil:title>	7570	··········<ocil:title>kubelet·-·Enable·Client·Certificate·Rotation</ocil:title>
7571	··········<ocil:actions>	7571	··········<ocil:actions>
7572	············<ocil:test_action_ref>ocil:ssg-kubelet_enable_~~str~~e~~aming_connec~~tions_action:testaction:1</ocil:test_action_ref>	7572	············<ocil:test_action_ref>ocil:ssg-kubelet_enable_client_cert_rotation_master_action:testaction:1</ocil:test_action_ref>
7573	··········</ocil:actions>	7573	··········</ocil:actions>
7574	········</ocil:questionnaire>	7574	········</ocil:questionnaire>
7575	········<ocil:questionnaire·id="ocil:ssg-kubelet_ena~~ble_server_cert~~_~~rot~~at~~ion~~_~~mast~~er_ocil:questionnaire:1">	7575	········<ocil:questionnaire·id="ocil:ssg-kubelet_anonymous_auth_worker_ocil:questionnaire:1">
7576	··········<ocil:title>~~kube~~let·~~-·E~~n~~able~~·~~Serv~~e~~r·Cer~~ti~~fica~~te·R~~otation~~</ocil:title>	7576	··········<ocil:title>Disable·Anonymous·Authentication·to·the·Kubelet</ocil:title>
7577	··········<ocil:actions>	7577	··········<ocil:actions>
7578	············<ocil:test_action_ref>ocil:ssg-kubelet_ena~~ble_server_cert~~_~~rot~~at~~ion~~_~~mast~~er_action:testaction:1</ocil:test_action_ref>	7578	············<ocil:test_action_ref>ocil:ssg-kubelet_anonymous_auth_worker_action:testaction:1</ocil:test_action_ref>
7579	··········</ocil:actions>	7579	··········</ocil:actions>
7580	········</ocil:questionnaire>	7580	········</ocil:questionnaire>
7581	········<ocil:questionnaire·id="ocil:ssg-file_permissions_kubelet_conf_ocil:questionnaire:1">
7582	··········<ocil:ti~~tle>V~~eri~~fy·Permi~~ss~~ions·on·Th~~e~~·Kub~~ele~~t·Configu~~ration~~·Fil~~e</ocil:title>	7581	········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_server_cert_rotation_deprecated_ocil:questionnaire:1">
		7582	··········<ocil:title>kubelet·-·Enable·Server·Certificate·Rotation</ocil:title>
7583	··········<ocil:actions>	7583	··········<ocil:actions>
7584	············<ocil:test_action_ref>ocil:ssg-file_per~~missi~~o~~ns_kubel~~et_c~~onf~~_action:testaction:1</ocil:test_action_ref>	7584	············<ocil:test_action_ref>ocil:ssg-kubelet_enable_server_cert_rotation_deprecated_action:testaction:1</ocil:test_action_ref>
7585	··········</ocil:actions>	7585	··········</ocil:actions>
7586	········</ocil:questionnaire>	7586	········</ocil:questionnaire>
7587	········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_strea~~ming~~_c~~onn~~ect~~ions~~_~~dep~~recated_ocil:questionnaire:1">	7587	········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_server_cert_rotation_ocil:questionnaire:1">
7588	··········<ocil:title>kubelet·-·~~Do·Not~~·D~~isable~~·Str~~eam~~ing·~~Timeouts~~</ocil:title>	7588	··········<ocil:title>kubelet·-·Enable·Server·Certificate·Rotation</ocil:title>
7589	··········<ocil:actions>	7589	··········<ocil:actions>
7590	············<ocil:test_action_ref>ocil:ssg-kubelet_enable_strea~~ming~~_c~~onn~~ect~~ions~~_~~dep~~recated_action:testaction:1</ocil:test_action_ref>	7590	············<ocil:test_action_ref>ocil:ssg-kubelet_enable_server_cert_rotation_action:testaction:1</ocil:test_action_ref>
7591	··········</ocil:actions>	7591	··········</ocil:actions>
7592	········</ocil:questionnaire>	7592	········</ocil:questionnaire>
7593	········<ocil:questionnaire·id="ocil:ssg-~~kubelet~~_en~~able_strea~~ming~~_co~~nnections~~_worker~~_ocil:questionnaire:1">	7593	········<ocil:questionnaire·id="ocil:ssg-configure_tls_ocil:questionnaire:1">
7594	··········<ocil:title>~~kubele~~t·-·Do·Not~~·Dis~~abl~~e·St~~re~~ami~~ng·~~Time~~outs</ocil:title>	7594	··········<ocil:title>Encrypt·Traffic·to·Load·Balancers·and·Workloads</ocil:title>
7595	··········<ocil:actions>	7595	··········<ocil:actions>
7596	············<ocil:test_action_ref>ocil:ssg-~~kubelet~~_en~~able_strea~~ming~~_co~~nnections~~_worker~~_action:testaction:1</ocil:test_action_ref>	7596	············<ocil:test_action_ref>ocil:ssg-configure_tls_action:testaction:1</ocil:test_action_ref>
7597	··········</ocil:actions>	7597	··········</ocil:actions>
7598	········</ocil:questionnaire>	7598	········</ocil:questionnaire>
7599	········<ocil:questionnaire·id="ocil:ssg-contro~~l_plane_a~~c~~cess~~_ocil:questionnaire:1">	7599	········<ocil:questionnaire·id="ocil:ssg-file_owner_worker_kubeconfig_ocil:questionnaire:1">
7600	··········<ocil:title>Restrict·~~Access~~·to·the·Contr~~ol·Plan~~e·En~~dpo~~int</ocil:title>	7600	··········<ocil:title>Verify·User·Who·Owns·The·Worker·Kubeconfig·File</ocil:title>
7601	··········<ocil:actions>	7601	··········<ocil:actions>
7602	············<ocil:test_action_ref>ocil:ssg-contro~~l_plane_a~~c~~cess~~_action:testaction:1</ocil:test_action_ref>	7602	············<ocil:test_action_ref>ocil:ssg-file_owner_worker_kubeconfig_action:testaction:1</ocil:test_action_ref>
7603	··········</ocil:actions>	7603	··········</ocil:actions>
7604	········</ocil:questionnaire>	7604	········</ocil:questionnaire>
7605	········<ocil:questionnaire·id="ocil:ssg-c~~onf~~i~~gur~~e_~~net~~wo~~rk_p~~olicy_ocil:questionnaire:1">	7605	········<ocil:questionnaire·id="ocil:ssg-audit_logging_ocil:questionnaire:1">
7606	··········<ocil:title>Ensure·Ne~~twork~~·Policy·is·Enabled</ocil:title>	7606	··········<ocil:title>Ensure·Audit·Logging·is·Enabled</ocil:title>
7607	··········<ocil:actions>	7607	··········<ocil:actions>
7608	············<ocil:test_action_ref>ocil:ssg-c~~onf~~i~~gur~~e_~~net~~wo~~rk_p~~olicy_action:testaction:1</ocil:test_action_ref>	7608	············<ocil:test_action_ref>ocil:ssg-audit_logging_action:testaction:1</ocil:test_action_ref>
7609	··········</ocil:actions>	7609	··········</ocil:actions>
7610	········</ocil:questionnaire>	7610	········</ocil:questionnaire>
7611	········<ocil:questionnaire·id="ocil:ssg-file_gr~~oupown~~er_~~kubele~~t_conf_ocil:questionnaire:1">	7611	········<ocil:questionnaire·id="ocil:ssg-secret_encryption_ocil:questionnaire:1">
7612	··········<ocil:title>~~Verify~~·Group·~~Who·Own~~s·The·Kubelet·~~Configu~~r~~ation·File~~</ocil:title>	7612	··········<ocil:title>Ensure·Kubernetes·Secrets·are·Encrypted</ocil:title>
7613	··········<ocil:actions>	7613	··········<ocil:actions>
7614	············<ocil:test_action_ref>ocil:ssg-file_gr~~oupown~~er_~~kubele~~t_conf_action:testaction:1</ocil:test_action_ref>	7614	············<ocil:test_action_ref>ocil:ssg-secret_encryption_action:testaction:1</ocil:test_action_ref>
7615	··········</ocil:actions>	7615	··········</ocil:actions>
7616	········</ocil:questionnaire>	7616	········</ocil:questionnaire>
7617	········<ocil:questionnaire·id="ocil:ssg-kubelet_en~~abl~~e~~_serv~~er_cert_ro~~tati~~on_ocil:questionnaire:1">	7617	········<ocil:questionnaire·id="ocil:ssg-file_owner_kubelet_conf_ocil:questionnaire:1">
7618	··········<ocil:title>~~kubel~~et·-·En~~abl~~e·~~Serv~~er·C~~ert~~i~~fic~~ate·Ro~~tat~~ion</ocil:title>	7618	··········<ocil:title>Verify·User·Who·Owns·The·Kubelet·Configuration·File</ocil:title>
7619	··········<ocil:actions>	7619	··········<ocil:actions>
7620	············<ocil:test_action_ref>ocil:ssg-kubelet_en~~abl~~e~~_serv~~er_cert_ro~~tati~~on_action:testaction:1</ocil:test_action_ref>	7620	············<ocil:test_action_ref>ocil:ssg-file_owner_kubelet_conf_action:testaction:1</ocil:test_action_ref>
7621	··········</ocil:actions>	7621	··········</ocil:actions>
7622	········</ocil:questionnaire>	7622	········</ocil:questionnaire>
7623	········<ocil:questionnaire·id="ocil:ssg-fargate_ocil:questionnaire:1">	7623	········<ocil:questionnaire·id="ocil:ssg-kubelet_read_only_port_secured_ocil:questionnaire:1">
7624	··········<ocil:title>Conside~~r·F~~a~~rgat~~e·for·Un~~trusted~~·~~Workloads~~</ocil:title>	7624	··········<ocil:title>kubelet·-·Ensure·that·the·--read-only-port·is·secured</ocil:title>
7625	··········<ocil:actions>	7625	··········<ocil:actions>
7626	············<ocil:test_action_ref>ocil:ssg-fargate_action:testaction:1</ocil:test_action_ref>	7626	············<ocil:test_action_ref>ocil:ssg-kubelet_read_only_port_secured_action:testaction:1</ocil:test_action_ref>
7627	··········</ocil:actions>	7627	··········</ocil:actions>
7628	········</ocil:questionnaire>	7628	········</ocil:questionnaire>
7629	········<ocil:questionnaire·id="ocil:ssg-dedicated_service_accounts_ocil:questionnaire:1">
7630	··········<ocil:ti~~tle>Us~~e·~~Ded~~icate~~d·S~~e~~rvic~~e·Ac~~cou~~nt~~s</~~ocil:title>	7629	········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_iptables_util_chains_deprecated_ocil:questionnaire:1">
		7630	··········<ocil:title>kubelet·-·Allow·Automatic·Firewall·Configuration</ocil:title>
7631	··········<ocil:actions>	7631	··········<ocil:actions>
7632	············<ocil:test_action_ref>ocil:ssg-dedicated_~~serv~~ice_~~accoun~~ts_action:testaction:1</ocil:test_action_ref>	7632	············<ocil:test_action_ref>ocil:ssg-kubelet_enable_iptables_util_chains_deprecated_action:testaction:1</ocil:test_action_ref>
7633	··········</ocil:actions>	7633	··········</ocil:actions>
7634	········</ocil:questionnaire>	7634	········</ocil:questionnaire>
7635	········<ocil:questionnaire·id="ocil:ssg-kubelet_co~~nfigu~~r~~e_cl~~ient_ca_d~~eprecat~~ed_ocil:questionnaire:1">	7635	········<ocil:questionnaire·id="ocil:ssg-kubelet_authorization_mode_ocil:questionnaire:1">
7636	··········<ocil:title>~~kubel~~et·~~-·Conf~~igu~~re·the~~·~~Clien~~t·CA·Ce~~rtificate~~</ocil:title>	7636	··········<ocil:title>Ensure·authorization·is·set·to·Webhook</ocil:title>
7637	··········<ocil:actions>	7637	··········<ocil:actions>
7638	············<ocil:test_action_ref>ocil:ssg-kubelet_co~~nfigu~~r~~e_cl~~ient_ca_d~~eprecat~~ed_action:testaction:1</ocil:test_action_ref>	7638	············<ocil:test_action_ref>ocil:ssg-kubelet_authorization_mode_action:testaction:1</ocil:test_action_ref>
7639	··········</ocil:actions>	7639	··········</ocil:actions>
7640	········</ocil:questionnaire>	7640	········</ocil:questionnaire>
7641	········<ocil:questionnaire·id="ocil:ssg-kubelet_anon~~ymo~~us_~~auth_deprecat~~ed_ocil:questionnaire:1">	7641	········<ocil:questionnaire·id="ocil:ssg-kubelet_configure_client_ca_worker_ocil:questionnaire:1">
7642	··········<ocil:title>D~~isab~~le·Anon~~ymo~~us~~·Au~~thenticat~~ion~~·~~to·~~the~~·Kubel~~et</ocil:title>	7642	··········<ocil:title>kubelet·-·Configure·the·Client·CA·Certificate</ocil:title>
7643	··········<ocil:actions>	7643	··········<ocil:actions>
7644	············<ocil:test_action_ref>ocil:ssg-kubelet_anon~~ymo~~us_~~auth_deprecat~~ed_action:testaction:1</ocil:test_action_ref>	7644	············<ocil:test_action_ref>ocil:ssg-kubelet_configure_client_ca_worker_action:testaction:1</ocil:test_action_ref>
7645	··········</ocil:actions>	7645	··········</ocil:actions>
7646	········</ocil:questionnaire>	7646	········</ocil:questionnaire>
7647	········<ocil:questionnaire·id="ocil:ssg-kubelet_~~aut~~hor~~izat~~ion_~~mod~~e~~_worker~~_ocil:questionnaire:1">	7647	········<ocil:questionnaire·id="ocil:ssg-file_permissions_kubelet_conf_ocil:questionnaire:1">
Max diff block lines reached; 132371/144895 bytes (91.36%) of diff not shown.


Offset 3, 479 lines modified		Offset 3, 479 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.65</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.65</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>	7	····<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_~~str~~e~~aming_connec~~tions_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_client_cert_rotation_master_ocil:questionnaire:1">
11	······<ocil:title>kubelet·-·~~Do·Not~~·Di~~sable·S~~t~~reaming~~·~~Timeouts~~</ocil:title>	11	······<ocil:title>kubelet·-·Enable·Client·Certificate·Rotation</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_~~str~~e~~aming_connec~~tions_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_client_cert_rotation_master_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-kubelet_ena~~ble_server_cert~~_~~rot~~at~~ion~~_~~mast~~er_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-kubelet_anonymous_auth_worker_ocil:questionnaire:1">
17	······<ocil:title>~~kube~~let·~~-·E~~n~~able~~·~~Serv~~e~~r·Cer~~ti~~fica~~te·R~~otation~~</ocil:title>	17	······<ocil:title>Disable·Anonymous·Authentication·to·the·Kubelet</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-kubelet_ena~~ble_server_cert~~_~~rot~~at~~ion~~_~~mast~~er_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-kubelet_anonymous_auth_worker_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-file_permissions_kubelet_conf_ocil:questionnaire:1">
23	······<ocil:ti~~tle>V~~eri~~fy·Permi~~ss~~ions·on·Th~~e~~·Kub~~ele~~t·Configu~~ration~~·Fil~~e</ocil:title>	22	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_server_cert_rotation_deprecated_ocil:questionnaire:1">
		23	······<ocil:title>kubelet·-·Enable·Server·Certificate·Rotation</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-file_per~~missi~~o~~ns_kubel~~et_c~~onf~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_server_cert_rotation_deprecated_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_strea~~ming~~_c~~onn~~ect~~ions~~_~~dep~~recated_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_server_cert_rotation_ocil:questionnaire:1">
29	······<ocil:title>kubelet·-·~~Do·Not~~·D~~isable~~·Str~~eam~~ing·~~Timeouts~~</ocil:title>	29	······<ocil:title>kubelet·-·Enable·Server·Certificate·Rotation</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_strea~~ming~~_c~~onn~~ect~~ions~~_~~dep~~recated_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_server_cert_rotation_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-~~kubelet~~_en~~able_strea~~ming~~_co~~nnections~~_worker~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-configure_tls_ocil:questionnaire:1">
35	······<ocil:title>~~kubele~~t·-·Do·Not~~·Dis~~abl~~e·St~~re~~ami~~ng·~~Time~~outs</ocil:title>	35	······<ocil:title>Encrypt·Traffic·to·Load·Balancers·and·Workloads</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~kubelet~~_en~~able_strea~~ming~~_co~~nnections~~_worker~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-configure_tls_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-contro~~l_plane_a~~c~~cess~~_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-file_owner_worker_kubeconfig_ocil:questionnaire:1">
41	······<ocil:title>Restrict·~~Access~~·to·the·Contr~~ol·Plan~~e·En~~dpo~~int</ocil:title>	41	······<ocil:title>Verify·User·Who·Owns·The·Worker·Kubeconfig·File</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-contro~~l_plane_a~~c~~cess~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-file_owner_worker_kubeconfig_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-c~~onf~~i~~gur~~e_~~net~~wo~~rk_p~~olicy_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-audit_logging_ocil:questionnaire:1">
47	······<ocil:title>Ensure·Ne~~twork~~·Policy·is·Enabled</ocil:title>	47	······<ocil:title>Ensure·Audit·Logging·is·Enabled</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-c~~onf~~i~~gur~~e_~~net~~wo~~rk_p~~olicy_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-audit_logging_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-file_gr~~oupown~~er_~~kubele~~t_conf_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-secret_encryption_ocil:questionnaire:1">
53	······<ocil:title>~~Verify~~·Group·~~Who·Own~~s·The·Kubelet·~~Configu~~r~~ation·File~~</ocil:title>	53	······<ocil:title>Ensure·Kubernetes·Secrets·are·Encrypted</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-file_gr~~oupown~~er_~~kubele~~t_conf_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-secret_encryption_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-kubelet_en~~abl~~e~~_serv~~er_cert_ro~~tati~~on_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-file_owner_kubelet_conf_ocil:questionnaire:1">
59	······<ocil:title>~~kubel~~et·-·En~~abl~~e·~~Serv~~er·C~~ert~~i~~fic~~ate·Ro~~tat~~ion</ocil:title>	59	······<ocil:title>Verify·User·Who·Owns·The·Kubelet·Configuration·File</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-kubelet_en~~abl~~e~~_serv~~er_cert_ro~~tati~~on_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-file_owner_kubelet_conf_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-fargate_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-kubelet_read_only_port_secured_ocil:questionnaire:1">
65	······<ocil:title>Conside~~r·F~~a~~rgat~~e·for·Un~~trusted~~·~~Workloads~~</ocil:title>	65	······<ocil:title>kubelet·-·Ensure·that·the·--read-only-port·is·secured</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-fargate_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-kubelet_read_only_port_secured_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-dedicated_service_accounts_ocil:questionnaire:1">
71	······<ocil:ti~~tle>Us~~e·~~Ded~~icate~~d·S~~e~~rvic~~e·Ac~~cou~~nt~~s</~~ocil:title>	70	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_iptables_util_chains_deprecated_ocil:questionnaire:1">
		71	······<ocil:title>kubelet·-·Allow·Automatic·Firewall·Configuration</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-dedicated_~~serv~~ice_~~accoun~~ts_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_iptables_util_chains_deprecated_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-kubelet_co~~nfigu~~r~~e_cl~~ient_ca_d~~eprecat~~ed_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-kubelet_authorization_mode_ocil:questionnaire:1">
77	······<ocil:title>~~kubel~~et·~~-·Conf~~igu~~re·the~~·~~Clien~~t·CA·Ce~~rtificate~~</ocil:title>	77	······<ocil:title>Ensure·authorization·is·set·to·Webhook</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-kubelet_co~~nfigu~~r~~e_cl~~ient_ca_d~~eprecat~~ed_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-kubelet_authorization_mode_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-kubelet_anon~~ymo~~us_~~auth_deprecat~~ed_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-kubelet_configure_client_ca_worker_ocil:questionnaire:1">
83	······<ocil:title>D~~isab~~le·Anon~~ymo~~us~~·Au~~thenticat~~ion~~·~~to·~~the~~·Kubel~~et</ocil:title>	83	······<ocil:title>kubelet·-·Configure·the·Client·CA·Certificate</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-kubelet_anon~~ymo~~us_~~auth_deprecat~~ed_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-kubelet_configure_client_ca_worker_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-kubelet_~~aut~~hor~~izat~~ion_~~mod~~e~~_worker~~_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-file_permissions_kubelet_conf_ocil:questionnaire:1">
89	······<ocil:title>~~Ensure~~·~~author~~i~~zati~~on·is·set·to~~·Webh~~ook</ocil:title>	89	······<ocil:title>Verify·Permissions·on·The·Kubelet·Configuration·File</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-kubelet_~~aut~~hor~~izat~~ion_~~mod~~e~~_worker~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-file_permissions_kubelet_conf_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-kubelet_read_only_port_secured_deprecated_ocil:questionnaire:1">
95	······<ocil:~~title>~~kubelet·~~-·E~~nsure·~~that·the·--re~~a~~d-o~~nly~~-po~~rt·i~~s·se~~cure~~d</~~o~~cil:title~~>	94	····<ocil:questionnaire·id="ocil:ssg-iam_integration_ocil:questionnaire:1">
		95	······<ocil:title>Manage·Users·with·AWS·IAM</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~kubelet_r~~ead_on~~ly_por~~t~~_secured_d~~eprecated_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-iam_integration_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-appro~~ved_r~~egistries_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-kubelet_authorization_mode_master_ocil:questionnaire:1">
101	······<ocil:title>Only·use·a~~ppr~~o~~ved·c~~on~~tain~~er·~~registries~~</ocil:title>	101	······<ocil:title>Ensure·authorization·is·set·to·Webhook</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-appro~~ved_r~~egistries_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-kubelet_authorization_mode_master_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_cert_rotation_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_cert_rotation_ocil:questionnaire:1">
107	······<ocil:title>kubelet·-·Enable·Certificate·Rotation</ocil:title>	107	······<ocil:title>kubelet·-·Enable·Certificate·Rotation</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_cert_rotation_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_cert_rotation_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-kubelet_confi~~gure~~_~~cli~~e~~nt_~~ca_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-configure_network_policies_namespaces_ocil:questionnaire:1">
		113	······<ocil:title>Ensure·that·application·Namespaces·have·Network·Policies·defined.</ocil:title>
113	······<ocil:title>kubelet·-·Configure·the·Client·CA·Certificate</ocil:title>
114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-kubelet_configure_client_ca_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>
117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_cert_rotation_master_ocil:questionnaire:1">
119	······<ocil:title>kubelet·-·Enable·Certificate·Rotation</ocil:title>
120	······<ocil:actions>	114	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-~~kubelet_~~enable~~_ce~~rt_ro~~tat~~ion_master_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-configure_network_policies_namespaces_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	116	······</ocil:actions>
123	····</ocil:questionnaire>	117	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-kubelet_read_only_port_secured_ocil:questionnaire:1">
125	······<ocil:~~title>kubelet~~·~~-·Ensure·that·th~~e·--r~~ead-o~~n~~ly-p~~or~~t·is·s~~ec~~ured</~~ocil:title>	118	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_worker_kubeconfig_ocil:questionnaire:1">
Max diff block lines reached; 123706/135980 bytes (90.97%) of diff not shown.


Offset 1, 10 lines modified		Offset 1, 10 lines modified
1	<?xml·version="1.0"·encoding="utf-8"?>	1	<?xml·version="1.0"·encoding="utf-8"?>
2	<xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	2	<xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3	··<xccdf-1.2:status·date="2024-01-22">draft</xccdf-1.2:status>	3	··<xccdf-1.2:status·date="2025-02-23">draft</xccdf-1.2:status>
4	··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>	4	··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>
5	··<xccdf-1.2:description>	5	··<xccdf-1.2:description>
6	····This·guide·presents·a·catalog·of·security-relevant	6	····This·guide·presents·a·catalog·of·security-relevant
7	configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of	7	configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of
8	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	8	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9	in·order·to·support·security·automation.··The·SCAP·content·is	9	in·order·to·support·security·automation.··The·SCAP·content·is
10	is·available·in·the	10	is·available·in·the
Offset 47, 22 lines modified		Offset 47, 22 lines modified
47	····<html:a·href="https://www.open-scap.org/security-policies/scap-security-guide">https://www.open-scap.org/security-policies/scap-security-guide</html:a>	47	····<html:a·href="https://www.open-scap.org/security-policies/scap-security-guide">https://www.open-scap.org/security-policies/scap-security-guide</html:a>
48	··</xccdf-1.2:front-matter>	48	··</xccdf-1.2:front-matter>
49	··<xccdf-1.2:rear-matter>Red·Hat·and·Red·Hat·Enterprise·Linux·are·either·registered	49	··<xccdf-1.2:rear-matter>Red·Hat·and·Red·Hat·Enterprise·Linux·are·either·registered
50	trademarks·or·trademarks·of·Red·Hat,·Inc.·in·the·United·States·and·other	50	trademarks·or·trademarks·of·Red·Hat,·Inc.·in·the·United·States·and·other
51	countries.·All·other·names·are·registered·trademarks·or·trademarks·of·their	51	countries.·All·other·names·are·registered·trademarks·or·trademarks·of·their
52	respective·companies.</xccdf-1.2:rear-matter>	52	respective·companies.</xccdf-1.2:rear-matter>
53	··<cpe-lang:platform-specification>	53	··<cpe-lang:platform-specification>
54	····<cpe-lang:platform·id="eks~~-node~~">	54	····<cpe-lang:platform·id="eks">
55	······<cpe-lang:logical-test·operator="AND"·negate="false">	55	······<cpe-lang:logical-test·operator="AND"·negate="false">
56	········<cpe-lang:fact-ref·name="cpe:/o:amazon:elastic_kubernetes_servic~~e_nod~~e:1"/>	56	········<cpe-lang:fact-ref·name="cpe:/a:amazon:elastic_kubernetes_service:1"/>
57	······</cpe-lang:logical-test>	57	······</cpe-lang:logical-test>
58	····</cpe-lang:platform>	58	····</cpe-lang:platform>
59	····<cpe-lang:platform·id="eks">	59	····<cpe-lang:platform·id="eks-node">
60	······<cpe-lang:logical-test·operator="AND"·negate="false">	60	······<cpe-lang:logical-test·operator="AND"·negate="false">
61	········<cpe-lang:fact-ref·name="cpe:/a:amazon:elastic_kubernetes_service:1"/>	61	········<cpe-lang:fact-ref·name="cpe:/o:amazon:elastic_kubernetes_service_node:1"/>
62	······</cpe-lang:logical-test>	62	······</cpe-lang:logical-test>
63	····</cpe-lang:platform>	63	····</cpe-lang:platform>
64	··</cpe-lang:platform-specification>	64	··</cpe-lang:platform-specification>
65	··<xccdf-1.2:platform·idref="cpe:/a:amazon:elastic_kubernetes_service_node:1.21"/>	65	··<xccdf-1.2:platform·idref="cpe:/a:amazon:elastic_kubernetes_service_node:1.21"/>
66	··<xccdf-1.2:platform·idref="cpe:/o:amazon:elastic_kubernetes_service_node:1"/>	66	··<xccdf-1.2:platform·idref="cpe:/o:amazon:elastic_kubernetes_service_node:1"/>
67	··<xccdf-1.2:platform·idref="cpe:/a:amazon:elastic_kubernetes_service:1"/>	67	··<xccdf-1.2:platform·idref="cpe:/a:amazon:elastic_kubernetes_service:1"/>
68	··<xccdf-1.2:version·update="https://github.com/ComplianceAsCode/content/releases/latest">0.1.65</xccdf-1.2:version>	68	··<xccdf-1.2:version·update="https://github.com/ComplianceAsCode/content/releases/latest">0.1.65</xccdf-1.2:version>


Offset 28, 15 lines modified		Offset 28, 15 lines modified
28	········<cpe-dict:title·xml:lang="en-us">Mozilla·Firefox</cpe-dict:title>	28	········<cpe-dict:title·xml:lang="en-us">Mozilla·Firefox</cpe-dict:title>
29	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-firefox-cpe-oval.xml">oval:ssg-installed_app_is_firefox:def:1</cpe-dict:check>	29	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-firefox-cpe-oval.xml">oval:ssg-installed_app_is_firefox:def:1</cpe-dict:check>
30	······</cpe-dict:cpe-item>	30	······</cpe-dict:cpe-item>
31	····</cpe-dict:cpe-list>	31	····</cpe-dict:cpe-list>
32	··</ds:component>	32	··</ds:component>
33	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-xccdf.xml"·timestamp="2022-12-20T09:54:05">	33	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-xccdf.xml"·timestamp="2022-12-20T09:54:05">
34	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	34	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
35	······<xccdf-1.2:status·date="2024-01-22">draft</xccdf-1.2:status>	35	······<xccdf-1.2:status·date="2025-02-23">draft</xccdf-1.2:status>
36	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>	36	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>
37	······<xccdf-1.2:description>	37	······<xccdf-1.2:description>
38	········This·guide·presents·a·catalog·of·security-relevant	38	········This·guide·presents·a·catalog·of·security-relevant
39	configuration·settings·for·Firefox.·It·is·a·rendering·of	39	configuration·settings·for·Firefox.·It·is·a·rendering·of
40	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	40	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
41	in·order·to·support·security·automation.··The·SCAP·content·is	41	in·order·to·support·security·automation.··The·SCAP·content·is
42	is·available·in·the	42	is·available·in·the
Offset 4950, 436 lines modified		Offset 4950, 482 lines modified
4950	······<ocil:generator>	4950	······<ocil:generator>
4951	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4951	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
4952	········<ocil:product_version>ssg:·0.1.65</ocil:product_version>	4952	········<ocil:product_version>ssg:·0.1.65</ocil:product_version>
4953	········<ocil:schema_version>2.0</ocil:schema_version>	4953	········<ocil:schema_version>2.0</ocil:schema_version>
4954	········<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>	4954	········<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>
4955	······</ocil:generator>	4955	······</ocil:generator>
4956	······<ocil:questionnaires>	4956	······<ocil:questionnaires>
4957	········<ocil:questionnaire·id="ocil:ssg-firefox_p~~olicy-~~extensi~~on_r~~e~~comm~~endat~~ion~~_ocil:questionnaire:1">	4957	········<ocil:questionnaire·id="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1">
4958	··········<ocil:title>Disable~~d·Fi~~refox·~~Ext~~ens~~ion~~·Rec~~ommend~~ations</ocil:title>	4958	··········<ocil:title>Enable·Shared·System·Certificates</ocil:title>
4959	··········<ocil:actions>	4959	··········<ocil:actions>
4960	············<ocil:test_action_ref>ocil:ssg-firefox_p~~olicy-~~extensi~~on_r~~e~~comm~~endat~~ion~~_action:testaction:1</ocil:test_action_ref>	4960	············<ocil:test_action_ref>ocil:ssg-firefox_preferences-enable_ca_trust_action:testaction:1</ocil:test_action_ref>
4961	··········</ocil:actions>	4961	··········</ocil:actions>
4962	········</ocil:questionnaire>	4962	········</ocil:questionnaire>
4963	········<ocil:questionnaire·id="ocil:ssg-firefox_p~~oli~~cy-~~search_up~~date_ocil:questionnaire:1">	4963	········<ocil:questionnaire·id="ocil:ssg-firefox_preferences-auto-download_actions_ocil:questionnaire:1">
4964	··········<ocil:title>Disable·Inst~~alled·Se~~a~~rch·Plugins·Up~~d~~ate·Checking~~</ocil:title>	4964	··········<ocil:title>Disable·auto-download·for·proscribed·MIME·types.</ocil:title>
4965	··········<ocil:actions>	4965	··········<ocil:actions>
4966	············<ocil:test_action_ref>ocil:ssg-firefox_p~~oli~~cy-~~search_up~~date_action:testaction:1</ocil:test_action_ref>	4966	············<ocil:test_action_ref>ocil:ssg-firefox_preferences-auto-download_actions_action:testaction:1</ocil:test_action_ref>
4967	··········</ocil:actions>	4967	··········</ocil:actions>
4968	········</ocil:questionnaire>	4968	········</ocil:questionnaire>
4969	········<ocil:questionnaire·id="ocil:ssg-firefox_policy-te~~lemetry~~_ocil:questionnaire:1">	4969	········<ocil:questionnaire·id="ocil:ssg-firefox_policy-extension_update_ocil:questionnaire:1">
4970	··········<ocil:title>Dis~~abl~~e·Firefox·Tele~~metry~~</ocil:title>	4970	··········<ocil:title>Firefox·must·be·configured·to·not·automatically·update·installed·add-ons·and·plugins.</ocil:title>
4971	··········<ocil:actions>	4971	··········<ocil:actions>


Offset 28, 15 lines modified		Offset 28, 15 lines modified
28	········<cpe-dict:title·xml:lang="en-us">Mozilla·Firefox</cpe-dict:title>	28	········<cpe-dict:title·xml:lang="en-us">Mozilla·Firefox</cpe-dict:title>
29	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-firefox-cpe-oval.xml">oval:ssg-installed_app_is_firefox:def:1</cpe-dict:check>	29	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-firefox-cpe-oval.xml">oval:ssg-installed_app_is_firefox:def:1</cpe-dict:check>
30	······</cpe-dict:cpe-item>	30	······</cpe-dict:cpe-item>
31	····</cpe-dict:cpe-list>	31	····</cpe-dict:cpe-list>
32	··</ds:component>	32	··</ds:component>
33	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-xccdf.xml"·timestamp="2022-12-20T09:54:05">	33	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-xccdf.xml"·timestamp="2022-12-20T09:54:05">
34	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	34	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
35	······<xccdf-1.2:status·date="2024-01-22">draft</xccdf-1.2:status>	35	······<xccdf-1.2:status·date="2025-02-23">draft</xccdf-1.2:status>
36	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>	36	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>
37	······<xccdf-1.2:description>	37	······<xccdf-1.2:description>
38	········This·guide·presents·a·catalog·of·security-relevant	38	········This·guide·presents·a·catalog·of·security-relevant
39	configuration·settings·for·Firefox.·It·is·a·rendering·of	39	configuration·settings·for·Firefox.·It·is·a·rendering·of
40	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	40	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
41	in·order·to·support·security·automation.··The·SCAP·content·is	41	in·order·to·support·security·automation.··The·SCAP·content·is
42	is·available·in·the	42	is·available·in·the
Offset 4950, 436 lines modified		Offset 4950, 482 lines modified
4950	······<ocil:generator>	4950	······<ocil:generator>
4951	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4951	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
4952	········<ocil:product_version>ssg:·0.1.65</ocil:product_version>	4952	········<ocil:product_version>ssg:·0.1.65</ocil:product_version>
4953	········<ocil:schema_version>2.0</ocil:schema_version>	4953	········<ocil:schema_version>2.0</ocil:schema_version>
4954	········<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>	4954	········<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>
4955	······</ocil:generator>	4955	······</ocil:generator>
4956	······<ocil:questionnaires>	4956	······<ocil:questionnaires>
4957	········<ocil:questionnaire·id="ocil:ssg-firefox_p~~olicy-~~extensi~~on_r~~e~~comm~~endat~~ion~~_ocil:questionnaire:1">	4957	········<ocil:questionnaire·id="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1">
4958	··········<ocil:title>Disable~~d·Fi~~refox·~~Ext~~ens~~ion~~·Rec~~ommend~~ations</ocil:title>	4958	··········<ocil:title>Enable·Shared·System·Certificates</ocil:title>
4959	··········<ocil:actions>	4959	··········<ocil:actions>
4960	············<ocil:test_action_ref>ocil:ssg-firefox_p~~olicy-~~extensi~~on_r~~e~~comm~~endat~~ion~~_action:testaction:1</ocil:test_action_ref>	4960	············<ocil:test_action_ref>ocil:ssg-firefox_preferences-enable_ca_trust_action:testaction:1</ocil:test_action_ref>
4961	··········</ocil:actions>	4961	··········</ocil:actions>
4962	········</ocil:questionnaire>	4962	········</ocil:questionnaire>
4963	········<ocil:questionnaire·id="ocil:ssg-firefox_p~~oli~~cy-~~search_up~~date_ocil:questionnaire:1">	4963	········<ocil:questionnaire·id="ocil:ssg-firefox_preferences-auto-download_actions_ocil:questionnaire:1">
4964	··········<ocil:title>Disable·Inst~~alled·Se~~a~~rch·Plugins·Up~~d~~ate·Checking~~</ocil:title>	4964	··········<ocil:title>Disable·auto-download·for·proscribed·MIME·types.</ocil:title>
4965	··········<ocil:actions>	4965	··········<ocil:actions>
4966	············<ocil:test_action_ref>ocil:ssg-firefox_p~~oli~~cy-~~search_up~~date_action:testaction:1</ocil:test_action_ref>	4966	············<ocil:test_action_ref>ocil:ssg-firefox_preferences-auto-download_actions_action:testaction:1</ocil:test_action_ref>
4967	··········</ocil:actions>	4967	··········</ocil:actions>
4968	········</ocil:questionnaire>	4968	········</ocil:questionnaire>
4969	········<ocil:questionnaire·id="ocil:ssg-firefox_policy-te~~lemetry~~_ocil:questionnaire:1">	4969	········<ocil:questionnaire·id="ocil:ssg-firefox_policy-extension_update_ocil:questionnaire:1">
4970	··········<ocil:title>Dis~~abl~~e·Firefox·Tele~~metry~~</ocil:title>	4970	··········<ocil:title>Firefox·must·be·configured·to·not·automatically·update·installed·add-ons·and·plugins.</ocil:title>
4971	··········<ocil:actions>	4971	··········<ocil:actions>


Offset 14286, 16 lines modified		Offset 14286, 16 lines modified
00037cd0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p		00037cd0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037ce0:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version		00037ce0:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037cf0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65		00037cf0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037d00:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul		00037d00:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037d10:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra		00037d10:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037d20:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····		00037d20:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037d30:·2020·2020·2020·2020·2020·2020·2020·2020··················		00037d30:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037d40:·2861·7320·6f66·2032·3032·342d·3031·2d32··(as·of·2024-01-2		00037d40:·2861·7320·6f66·2032·3032·352d·3032·2d32··(as·of·2025-02-2
00037d50:·3229·0a20·2020·2020·2020·2020·2020·2020··2).·············		00037d50:·3329·0a20·2020·2020·2020·2020·2020·2020··3).·············
00037d60:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d		00037d60:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00037d70:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·		00037d70:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00037d80:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol		00037d80:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00037d90:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x		00037d90:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00037da0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj		00037da0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00037db0:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou		00037db0:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00037dc0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System		00037dc0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
Offset 16728, 139 lines modified		Offset 16728, 139 lines modified
00041570:·7267·6574·3d22·2369·646d·3235·3637·2220··rget="#idm2567"·		00041570:·7267·6574·3d22·2369·646d·3235·3637·2220··rget="#idm2567"·
00041580:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol		00041580:·7461·6269·6e64·6578·3d22·3022·2072·6f6c··tabindex="0"·rol
00041590:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-		00041590:·653d·2262·7574·746f·6e22·2061·7269·612d··e="button"·aria-
000415a0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"		000415a0:·6578·7061·6e64·6564·3d22·6661·6c73·6522··expanded="false"
000415b0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate		000415b0:·2074·6974·6c65·3d22·4163·7469·7661·7465···title="Activate
000415c0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href		000415c0:·2074·6f20·7265·7665·616c·2220·6872·6566···to·reveal"·href
000415d0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio		000415d0:·3d22·2321·223e·5265·6d65·6469·6174·696f··="#!">Remediatio
		000415e0:·6e20·5368·656c·6c20·7363·7269·7074·20e2··n·Shell·script·.
		000415f0:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
		00041600:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
		00041610:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
		00041620:·643d·2269·646d·3235·3637·223e·3c74·6162··d="idm2567"><tab
		00041630:·6c65·2063·6c61·7373·3d22·7461·626c·6520··le·class="table·
		00041640:·7461·626c·652d·7374·7269·7065·6420·7461··table-striped·ta
		00041650:·626c·652d·626f·7264·6572·6564·2074·6162··ble-bordered·tab
		00041660:·6c65·2d63·6f6e·6465·6e73·6564·223e·3c74··le-condensed"><t
		00041670:·723e·3c74·683e·436f·6d70·6c65·7869·7479··r><th>Complexity
000415e0:·6e20·416e·7369·626c·6520·736e·6970·7065··n·Ansible·snippe
000415f0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
00041600:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
00041610:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse


Offset 3, 436 lines modified		Offset 3, 482 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.65</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.65</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>	7	····<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-firefox_p~~olicy-~~extensi~~on_r~~e~~comm~~endat~~ion~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1">
11	······<ocil:title>Disable~~d·Fi~~refox·~~Ext~~ens~~ion~~·Rec~~ommend~~ations</ocil:title>	11	······<ocil:title>Enable·Shared·System·Certificates</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-firefox_p~~olicy-~~extensi~~on_r~~e~~comm~~endat~~ion~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-firefox_preferences-enable_ca_trust_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-firefox_p~~oli~~cy-~~search_up~~date_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-firefox_preferences-auto-download_actions_ocil:questionnaire:1">
17	······<ocil:title>Disable·Inst~~alled·Se~~a~~rch·Plugins·Up~~d~~ate·Checking~~</ocil:title>	17	······<ocil:title>Disable·auto-download·for·proscribed·MIME·types.</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-firefox_p~~oli~~cy-~~search_up~~date_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-firefox_preferences-auto-download_actions_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-te~~lemetry~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-extension_update_ocil:questionnaire:1">
23	······<ocil:title>Dis~~abl~~e·Firefox·Tele~~metry~~</ocil:title>	23	······<ocil:title>Firefox·must·be·configured·to·not·automatically·update·installed·add-ons·and·plugins.</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
		25	········<ocil:test_action_ref>ocil:ssg-firefox_policy-extension_update_action:testaction:1</ocil:test_action_ref>
		26	······</ocil:actions>
		27	····</ocil:questionnaire>
		28	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-pop-up_windows_ocil:questionnaire:1">
		29	······<ocil:title>Enable·Firefox·Pop-up·Blocker</ocil:title>
		30	······<ocil:actions>
		31	········<ocil:test_action_ref>ocil:ssg-firefox_policy-pop-up_windows_action:testaction:1</ocil:test_action_ref>
		32	······</ocil:actions>
		33	····</ocil:questionnaire>
		34	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-enhanced_tracking_ocil:questionnaire:1">
		35	······<ocil:title>Enabled·Firefox·Enhanced·Tracking·Protection</ocil:title>
		36	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-firefox_policy-~~tel~~emetry_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-firefox_policy-enhanced_tracking_action:testaction:1</ocil:test_action_ref>
		38	······</ocil:actions>
		39	····</ocil:questionnaire>
		40	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_deprecated_ciphers_ocil:questionnaire:1">
		41	······<ocil:title>Disable·Firefox·deprecated·ciphers</ocil:title>
		42	······<ocil:actions>
		43	········<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_deprecated_ciphers_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	44	······</ocil:actions>
27	····</ocil:questionnaire>	45	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-network_prediction_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-network_prediction_ocil:questionnaire:1">
29	······<ocil:title>Disable·Firefox·network·prediction</ocil:title>	47	······<ocil:title>Disable·Firefox·network·prediction</ocil:title>
30	······<ocil:actions>	48	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-firefox_policy-network_prediction_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-firefox_policy-network_prediction_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	50	······</ocil:actions>
33	····</ocil:questionnaire>	51	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-~~cry~~p~~tomin~~ing_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-autoplay_video_ocil:questionnaire:1">
35	······<ocil:title>~~Enabled·~~Firefox·~~Cry~~ptom~~ining·protection~~</ocil:title>	53	······<ocil:title>Firefox·autoplay·must·be·disabled.</ocil:title>
36	······<ocil:actions>	54	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-firefox_policy-~~cry~~p~~tomin~~ing_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-firefox_policy-autoplay_video_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	56	······</ocil:actions>
39	····</ocil:questionnaire>	57	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_pocket_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_pocket_ocil:questionnaire:1">
41	······<ocil:title>Disable·Firefox·Pocket</ocil:title>	59	······<ocil:title>Disable·Firefox·Pocket</ocil:title>
42	······<ocil:actions>	60	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_pocket_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_pocket_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	62	······</ocil:actions>
45	····</ocil:questionnaire>	63	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_studies_ocil:questionnaire:1">
47	······<ocil:title>Disable·Firefox·Studies</ocil:title>
48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_studies_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>
51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-~~search~~_su~~gges~~tion_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-forget_button_ocil:questionnaire:1">
53	······<ocil:title>Firefox·se~~arch~~·~~sugg~~e~~stions~~·must·be·di~~sabled~~.</ocil:title>	65	······<ocil:title>Firefox·must·prevent·the·user·from·quickly·deleting·data.</ocil:title>
54	······<ocil:actions>	66	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-firefox_policy-~~search~~_su~~gges~~tion_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-firefox_policy-forget_button_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	68	······</ocil:actions>
57	····</ocil:questionnaire>	69	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascri~~pt_~~wi~~ndow_res~~izing_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-verification_ocil:questionnaire:1">
59	······<ocil:title>Disable·~~Java~~Script~~'s·M~~ovin~~g·Or~~·Resizi~~ng·~~Wi~~ndows·Ca~~pability</ocil:title>	71	······<ocil:title>Enable·Certificate·Verification</ocil:title>
60	······<ocil:actions>	72	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascri~~pt_~~wi~~ndow_res~~izing_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-firefox_policy-verification_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	74	······</ocil:actions>
63	····</ocil:questionnaire>	75	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_deprecated_ciphers_ocil:questionnaire:1">
65	······<ocil:title>Di~~sable·F~~irefox·deprecate~~d·c~~iphers</ocil:title>	76	····<ocil:questionnaire·id="ocil:ssg-firefox_preferences-dod_root_certificate_installed_ocil:questionnaire:1">
		77	······<ocil:title>The·DoD·Root·Certificate·Exists</ocil:title>
66	······<ocil:actions>	78	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-firefox_p~~oli~~cy-d~~isable~~_de~~pre~~cate~~d_ciphers~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-firefox_preferences-dod_root_certificate_installed_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	80	······</ocil:actions>
69	····</ocil:questionnaire>	81	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-installed_firefox_version_supported_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-installed_firefox_version_supported_ocil:questionnaire:1">
71	······<ocil:title>Supported·Version·of·Firefox·Installed</ocil:title>	83	······<ocil:title>Supported·Version·of·Firefox·Installed</ocil:title>
72	······<ocil:actions>	84	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-installed_firefox_version_supported_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-installed_firefox_version_supported_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	86	······</ocil:actions>
75	····</ocil:questionnaire>	87	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-development_tools_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-development_tools_ocil:questionnaire:1">
77	······<ocil:title>Disable·Firefox·Development·Tools</ocil:title>	89	······<ocil:title>Disable·Firefox·Development·Tools</ocil:title>
78	······<ocil:actions>	90	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-firefox_policy-development_tools_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-firefox_policy-development_tools_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	92	······</ocil:actions>
81	····</ocil:questionnaire>	93	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-~~priva~~te_b~~rowsing~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-telemetry_ocil:questionnaire:1">
83	······<ocil:title>Fi~~refox~~·private·bro~~wsing·mus~~t·be~~·disabled.~~</ocil:title>	95	······<ocil:title>Disable·Firefox·Telemetry</ocil:title>
84	······<ocil:actions>	96	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-firefox_policy-~~priva~~te_b~~rowsing~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-firefox_policy-telemetry_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	98	······</ocil:actions>
87	····</ocil:questionnaire>	99	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-~~extension_~~upd~~ate~~_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_studies_ocil:questionnaire:1">
89	······<ocil:title>Fi~~refox·mu~~s~~t·b~~e·~~con~~figure~~d·to·~~not·~~autom~~at~~ically·~~upd~~ate·~~i~~nstall~~e~~d·add-ons·and·plugin~~s.</ocil:title>	101	······<ocil:title>Disable·Firefox·Studies</ocil:title>
90	······<ocil:actions>	102	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-firefox_policy-~~extension_~~upd~~ate~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_studies_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	104	······</ocil:actions>
93	····</ocil:questionnaire>	105	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-for~~get_bu~~tton_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-extension_recommendation_ocil:questionnaire:1">
95	······<ocil:title>Fi~~refox·must·p~~rev~~ent~~·~~the·us~~er~~·fr~~om·quic~~kly·del~~eting·data.</ocil:title>	107	······<ocil:title>Disabled·Firefox·Extension·Recommendations</ocil:title>
96	······<ocil:actions>	108	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-firefox_policy-for~~get_bu~~tton_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-firefox_policy-extension_recommendation_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	110	······</ocil:actions>
99	····</ocil:questionnaire>	111	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_changes_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_changes_ocil:questionnaire:1">
101	······<ocil:title>Disable·JavaScript's·Raise·Or·Lower·Windows·Capability</ocil:title>	113	······<ocil:title>Disable·JavaScript's·Raise·Or·Lower·Windows·Capability</ocil:title>
102	······<ocil:actions>	114	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_changes_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_changes_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	116	······</ocil:actions>
105	····</ocil:questionnaire>	117	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-fingerprinting_protection_ocil:questionnaire:1">
107	······<ocil:title>Enabled·Firefox·Fingerprinting·Protection</ocil:title>
108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-firefox_policy-fingerprinting_protection_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>
Max diff block lines reached; 36026/47139 bytes (76.43%) of diff not shown.


Offset 37, 15 lines modified		Offset 37, 15 lines modified
37	***·Profile·Information·***	37	***·Profile·Information·***
38	Profile·Title·Profile·for·ANSSI·DAT-NT28·Average·(Intermediate)·Level	38	Profile·Title·Profile·for·ANSSI·DAT-NT28·Average·(Intermediate)·Level
39	Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_average	39	Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_average
40	*·CPE·Platforms·*	40	*·CPE·Platforms·*
41	····*·cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~	41	····*·cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
42	***·Revision·History·***	42	***·Revision·History·***
43	Current·version:·0.1.65	43	Current·version:·0.1.65
44	····*·draft·(as·of·2024-01-22)	44	····*·draft·(as·of·2025-02-23)
45	***·Table·of·Contents·***	45	***·Table·of·Contents·***
46	···1.·System_Settings	46	···1.·System_Settings
47	·········1.·Installing_and_Maintaining_Software	47	·········1.·Installing_and_Maintaining_Software
48	·········2.·Configure_Syslog	48	·········2.·Configure_Syslog
49	·········3.·File_Permissions_and_Masks	49	·········3.·File_Permissions_and_Masks
50	···2.·Services	50	···2.·Services
51	·········1.·APT_service_configuration	51	·········1.·APT_service_configuration
Offset 167, 14 lines modified		Offset 167, 33 lines modified
167	············References: ·BP28(R5),·BP28(R59),·1,·12,·15,·16,·5,·DSS05.04,·DSS05.10,·DSS06.03,	167	············References: ·BP28(R5),·BP28(R59),·1,·12,·15,·16,·5,·DSS05.04,·DSS05.10,·DSS06.03,
168	············DSS06.10,·CCI-002038,·4.3.3.5.1,·4.3.3.6.1,·4.3.3.6.2,·4.3.3.6.3,·4.3.3.6.4,	168	············DSS06.10,·CCI-002038,·4.3.3.5.1,·4.3.3.6.1,·4.3.3.6.2,·4.3.3.6.3,·4.3.3.6.4,
169	Identifiers·4.3.3.6.5,·4.3.3.6.6,·4.3.3.6.7,·4.3.3.6.8,·4.3.3.6.9,·SR_1.1,·SR_1.10,·SR_1.2,·SR	169	Identifiers·4.3.3.6.5,·4.3.3.6.6,·4.3.3.6.7,·4.3.3.6.8,·4.3.3.6.9,·SR_1.1,·SR_1.10,·SR_1.2,·SR
170	and·········1.3,·SR_1.4,·SR_1.5,·SR_1.7,·SR_1.8,·SR_1.9,·A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,	170	and·········1.3,·SR_1.4,·SR_1.5,·SR_1.7,·SR_1.8,·SR_1.9,·A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,
171	References··A.9.2.4,·A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3,·IA-11,·CM-6(a),·PR.AC-1,·PR.AC-7,	171	References··A.9.2.4,·A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3,·IA-11,·CM-6(a),·PR.AC-1,·PR.AC-7,
172	············SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,·SRG-OS-000373-GPOS-00158,·SRG-	172	············SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,·SRG-OS-000373-GPOS-00158,·SRG-
173	············OS-000373-VMM-001470,·SRG-OS-000373-VMM-001480,·SRG-OS-000373-VMM-001490	173	············OS-000373-VMM-001470,·SRG-OS-000373-VMM-001480,·SRG-OS-000373-VMM-001490
		174	Remediation_Shell_script_⇲
		175	Complexity:·low
		176	Disruption:·low
		177	Strategy:···restrict

		178	for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
		179	··if·[·!·-e·"$f"·]·;·then
		180	····continue
		181	··fi
		182	··matching_list=$(grep·-P·'^(?!#).[\s]+\!authenticate.$'·$f·\|·uniq·)
		183	··if·!·test·-z·"$matching_list";·then
		184	····while·IFS=·read·-r·entry;·do
		185	······#·comment·out·"!authenticate"·matches·to·preserve·user·data
		186	······sed·-i·"s/^${entry}$/#·&/g"·$f
		187	····done·<<<·"$matching_list"

		188	····/usr/sbin/visudo·-cf·$f·&>·/dev/null·\|\|·echo·"Fail·to·validate·$f·with·visudo"
		189	··fi
		190	done
174	Remediation_Ansible_snippet_⇲	191	Remediation_Ansible_snippet_⇲
175	Complexity:·low	192	Complexity:·low
176	Disruption:·low	193	Disruption:·low
177	Strategy:···restrict	194	Strategy:···restrict
178	-·name:·Find·/etc/sudoers.d/·files	195	-·name:·Find·/etc/sudoers.d/·files
179	··find:	196	··find:
180	····paths:	197	····paths:
Offset 204, 33 lines modified		Offset 223, 14 lines modified
204	··-·NIST-800-53-IA-11	223	··-·NIST-800-53-IA-11
205	··-·low_complexity	224	··-·low_complexity
206	··-·low_disruption	225	··-·low_disruption
207	··-·medium_severity	226	··-·medium_severity
208	··-·no_reboot_needed	227	··-·no_reboot_needed
209	··-·restrict_strategy	228	··-·restrict_strategy
210	··-·sudo_remove_no_authenticate	229	··-·sudo_remove_no_authenticate
211	Remediation_Shell_script_⇲
212	Complexity:·low
213	Disruption:·low
214	Strategy:···restrict

215	for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
216	··if·[·!·-e·"$f"·]·;·then
217	····continue
218	··fi
219	··matching_list=$(grep·-P·'^(?!#).[\s]+\!authenticate.$'·$f·\|·uniq·)
220	··if·!·test·-z·"$matching_list";·then
221	····while·IFS=·read·-r·entry;·do
222	······#·comment·out·"!authenticate"·matches·to·preserve·user·data
223	······sed·-i·"s/^${entry}$/#·&/g"·$f
224	····done·<<<·"$matching_list"

225	····/usr/sbin/visudo·-cf·$f·&>·/dev/null·\|\|·echo·"Fail·to·validate·$f·with·visudo"
226	··fi
227	done
228	*·Rule ·Ensure·Users·Re-Authenticate·for·Privilege·Escalation·-·sudo·NOPASSWD· [ref]·*	230	*·Rule ·Ensure·Users·Re-Authenticate·for·Privilege·Escalation·-·sudo·NOPASSWD· [ref]·*
229	The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using·sudo·without	231	The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using·sudo·without
230	having·to·authenticate.·This·should·be·disabled·by·making·sure·that·the·NOPASSWD·tag·does·not	232	having·to·authenticate.·This·should·be·disabled·by·making·sure·that·the·NOPASSWD·tag·does·not
231	exist·in·/etc/sudoers·configuration·file·or·any·sudo·configuration·snippets·in·/etc/	233	exist·in·/etc/sudoers·configuration·file·or·any·sudo·configuration·snippets·in·/etc/
232	sudoers.d/.	234	sudoers.d/.
233	············Without·re-authentication,·users·may·access·resources·or·perform·tasks·for·which	235	············Without·re-authentication,·users·may·access·resources·or·perform·tasks·for·which
234	············they·do·not·have·authorization.	236	············they·do·not·have·authorization.
Offset 242, 14 lines modified		Offset 242, 33 lines modified
242	············References: ·BP28(R5),·BP28(R59),·1,·12,·15,·16,·5,·DSS05.04,·DSS05.10,·DSS06.03,	242	············References: ·BP28(R5),·BP28(R59),·1,·12,·15,·16,·5,·DSS05.04,·DSS05.10,·DSS06.03,
243	············DSS06.10,·CCI-002038,·4.3.3.5.1,·4.3.3.6.1,·4.3.3.6.2,·4.3.3.6.3,·4.3.3.6.4,	243	············DSS06.10,·CCI-002038,·4.3.3.5.1,·4.3.3.6.1,·4.3.3.6.2,·4.3.3.6.3,·4.3.3.6.4,
244	Identifiers·4.3.3.6.5,·4.3.3.6.6,·4.3.3.6.7,·4.3.3.6.8,·4.3.3.6.9,·SR_1.1,·SR_1.10,·SR_1.2,·SR	244	Identifiers·4.3.3.6.5,·4.3.3.6.6,·4.3.3.6.7,·4.3.3.6.8,·4.3.3.6.9,·SR_1.1,·SR_1.10,·SR_1.2,·SR
245	and·········1.3,·SR_1.4,·SR_1.5,·SR_1.7,·SR_1.8,·SR_1.9,·A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,	245	and·········1.3,·SR_1.4,·SR_1.5,·SR_1.7,·SR_1.8,·SR_1.9,·A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,
246	References··A.9.2.4,·A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3,·IA-11,·CM-6(a),·PR.AC-1,·PR.AC-7,	246	References··A.9.2.4,·A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3,·IA-11,·CM-6(a),·PR.AC-1,·PR.AC-7,
247	············SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,·SRG-OS-000373-GPOS-00158,·SRG-	247	············SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,·SRG-OS-000373-GPOS-00158,·SRG-
248	············OS-000373-VMM-001470,·SRG-OS-000373-VMM-001480,·SRG-OS-000373-VMM-001490	248	············OS-000373-VMM-001470,·SRG-OS-000373-VMM-001480,·SRG-OS-000373-VMM-001490
		249	Remediation_Shell_script_⇲
		250	Complexity:·low
		251	Disruption:·low
		252	Strategy:···restrict

		253	for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
		254	··if·[·!·-e·"$f"·]·;·then
		255	····continue
		256	··fi
		257	··matching_list=$(grep·-P·'^(?!#).[\s]+NOPASSWD[\s]\:.*$'·$f·\|·uniq·)
		258	··if·!·test·-z·"$matching_list";·then
		259	····while·IFS=·read·-r·entry;·do
		260	······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
		261	······sed·-i·"s/^${entry}$/#·&/g"·$f
		262	····done·<<<·"$matching_list"

		263	····/usr/sbin/visudo·-cf·$f·&>·/dev/null·\|\|·echo·"Fail·to·validate·$f·with·visudo"
		264	··fi
		265	done
249	Remediation_Ansible_snippet_⇲	266	Remediation_Ansible_snippet_⇲
250	Complexity:·low	267	Complexity:·low
251	Disruption:·low	268	Disruption:·low
252	Strategy:···restrict	269	Strategy:···restrict
253	-·name:·Find·/etc/sudoers.d/·files	270	-·name:·Find·/etc/sudoers.d/·files
254	··find:	271	··find:
255	····paths:	272	····paths:
Offset 279, 33 lines modified		Offset 298, 14 lines modified
279	··-·NIST-800-53-IA-11	298	··-·NIST-800-53-IA-11
280	··-·low_complexity	299	··-·low_complexity
281	··-·low_disruption	300	··-·low_disruption
282	··-·medium_severity	301	··-·medium_severity
283	··-·no_reboot_needed	302	··-·no_reboot_needed
284	··-·restrict_strategy	303	··-·restrict_strategy
285	··-·sudo_remove_nopasswd	304	··-·sudo_remove_nopasswd
286	Remediation_Shell_script_⇲
287	Complexity:·low
Max diff block lines reached; 75022/80440 bytes (93.26%) of diff not shown.


Offset 14288, 15 lines modified		Offset 14288, 15 lines modified
00037cf0:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v		00037cf0:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00037d00:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>		00037d00:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00037d10:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><		00037d10:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00037d20:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro		00037d20:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00037d30:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong		00037d30:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00037d40:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············		00037d40:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00037d50:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202		00037d50:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00037d60:·342d·3031·2d32·3229·0a20·2020·2020·2020··4-01-22).·······		00037d60:·352d·3032·2d32·3329·0a20·2020·2020·2020··5-02-23).·······
00037d70:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></		00037d70:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00037d80:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab		00037d80:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00037d90:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</		00037d90:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00037da0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr		00037da0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00037db0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s		00037db0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00037dc0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten		00037dc0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00037dd0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">		00037dd0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
Offset 16747, 140 lines modified		Offset 16747, 140 lines modified
000416a0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=		000416a0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
000416b0:·2223·6964·6d32·3536·3722·2074·6162·696e··"#idm2567"·tabin		000416b0:·2223·6964·6d32·3536·3722·2074·6162·696e··"#idm2567"·tabin
000416c0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu		000416c0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
000416d0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan		000416d0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
000416e0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl		000416e0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
000416f0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r		000416f0:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
00041700:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"		00041700:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
00041710:·3e52·656d·6564·6961·7469·6f6e·2041·6~~e73~~··>Remediation·~~Ans~~		00041710:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
00041720:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...
00041730:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
00041740:·~~7373~~·~~3d22~~·~~7061~~·6~~e65~~·6c2d·~~636f~~·~~6c6~~c·61~~70·~~·s~~s="~~pan~~el-coll~~ap		00041720:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
		00041730:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
		00041740:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
		00041750:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
		00041760:·6d32·3536·3722·3e3c·7461·626c·6520·636c··m2567"><table·cl
		00041770:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
		00041780:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
		00041790:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
		000417a0:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
		000417b0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
		000417c0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
		000417d0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
		000417e0:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
		000417f0:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
		00041800:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
		00041810:·3e3c·7464·3e72·6573·7472·6963·743c·2f74··><td>restrict</t
		00041820:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
		00041830:·7072·653e·3c63·6f64·653e·0a66·6f72·2066··pre><code>.for·f
		00041840:·2069·6e20·2f65·7463·2f73·7564·6f65·7273···in·/etc/sudoers
		00041850:·202f·6574·632f·7375·646f·6572·732e·642f···/etc/sudoers.d/
		00041860:·2a20·3b20·646f·0a20·2069·6620·5b20·2120··*·;·do.··if·[·!·
		00041870:·2d65·2022·2466·2220·5d20·3b20·7468·656e··-e·"$f"·]·;·then
		00041880:·0a20·2020·2063·6f6e·7469·6e75·650a·2020··.····continue.··
		00041890:·6669·0a20·206d·6174·6368·696e·675f·6c69··fi.··matching_li
		000418a0:·7374·3d24·2867·7265·7020·2d50·2027·5e28··st=$(grep·-P·'^(
		000418b0:·3f21·2329·2e2a·5b5c·735d·2b5c·2161·7574··?!#).*[\s]+\!aut
		000418c0:·6865·6e74·6963·6174·652e·2a24·2720·2466··henticate.*$'·$f
		000418d0:·207c·2075·6e69·7120·290a·2020·6966·2021···\|·uniq·).··if·!
		000418e0:·2074·6573·7420·2d7a·2022·246d·6174·6368···test·-z·"$match
		000418f0:·696e·675f·6c69·7374·223b·2074·6865·6e0a··ing_list";·then.
		00041900:·2020·2020·7768·696c·6520·4946·533d·2072······while·IFS=·r
		00041910:·6561·6420·2d72·2065·6e74·7279·3b20·646f··ead·-r·entry;·do
		00041920:·0a20·2020·2020·2023·2063·6f6d·6d65·6e74··.······#·comment
		00041930:·206f·7574·2022·2161·7574·6865·6e74·6963···out·"!authentic
		00041940:·6174·6522·206d·6174·6368·6573·2074·6f20··ate"·matches·to·
		00041950:·7072·6573·6572·7665·2075·7365·7220·6461··preserve·user·da
		00041960:·7461·0a20·2020·2020·2073·6564·202d·6920··ta.······sed·-i·
		00041970:·2273·2f5e·247b·656e·7472·797d·242f·2320··"s/^${entry}$/#·
		00041980:·2661·6d70·3b2f·6722·2024·660a·2020·2020··&/g"·$f.····
		00041990:·646f·6e65·2026·6c74·3b26·6c74·3b26·6c74··done·<<&lt
		000419a0:·3b20·2224·6d61·7463·6869·6e67·5f6c·6973··;·"$matching_lis
		000419b0:·7422·0a0a·2020·2020·2f75·7372·2f73·6269··t"..····/usr/sbi
		000419c0:·6e2f·7669·7375·646f·202d·6366·2024·6620··n/visudo·-cf·$f·
		000419d0:·2661·6d70·3b26·6774·3b20·2f64·6576·2f6e··&>·/dev/n
		000419e0:·756c·6c20·7c7c·2065·6368·6f20·2246·6169··ull·\|\|·echo·"Fai
		000419f0:·6c20·746f·2076·616c·6964·6174·6520·2466··l·to·validate·$f
		00041a00:·2077·6974·6820·7669·7375·646f·220a·2020···with·visudo".··
		00041a10:·6669·0a64·6f6e·650a·3c2f·636f·6465·3e3c··fi.done.</code><
		00041a20:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl
		00041a30:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc
		00041a40:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl
00041750:·~~7365~~·2063·6f6c·6c61·7073·6522·2069·6~~43d~~··~~se·~~collapse"·~~id=~~		00041a50:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat
		00041a60:·612d·7461·7267·6574·3d22·2369·646d·3235··a-target="#idm25
		00041a70:·3638·2220·7461·6269·6e64·6578·3d22·3022··68"·tabindex="0"
		00041a80:·2072·6f6c·653d·2262·7574·746f·6e22·2061···role="button"·a
		00041a90:·7269·612d·6578·7061·6e64·6564·3d22·6661··ria-expanded="fa
		00041aa0:·6c73·6522·2074·6974·6c65·3d22·4163·7469··lse"·title="Acti
		00041ab0:·7661·7465·2074·6f20·7265·7665·616c·2220··vate·to·reveal"·
		00041ac0:·6872·6566·3d22·2321·223e·5265·6d65·6469··href="#!">Remedi
		00041ad0:·6174·696f·6e20·416e·7369·626c·6520·736e··ation·Ansible·sn
00041760:·2269·646d·3235·3637·223e·3c74·6162·6c65··"idm2567"><table
00041770:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
00041780:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
00041790:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
000417a0:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
000417b0:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
000417c0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
000417d0:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
000417e0:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
000417f0:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
00041800:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
00041810:·2f74·683e·3c74·643e·7265·7374·7269·6374··/th><td>restrict
00041820:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
00041830:·653e·3c70·7265·3e3c·636f·6465·3e2d·206e··e><pre><code>-·n
00041840:·616d·653a·2046·696e·6420·2f65·7463·2f73··ame:·Find·/etc/s
00041850:·7564·6f65·7273·2e64·2f20·6669·6c65·730a··udoers.d/·files.
00041860:·2020·6669·6e64·3a0a·2020·2020·7061·7468····find:.····path
00041870:·733a·0a20·2020·202d·202f·6574·632f·7375··s:.····-·/etc/su
00041880:·646f·6572·732e·642f·0a20·2072·6567·6973··doers.d/.··regis
00041890:·7465·723a·2073·7564·6f65·7273·0a20·2074··ter:·sudoers.··t
000418a0:·6167·733a·0a20·202d·204e·4953·542d·3830··ags:.··-·NIST-80
000418b0:·302d·3533·2d43·4d2d·3628·6129·0a20·202d··0-53-CM-6(a).··-
000418c0:·204e·4953·542d·3830·302d·3533·2d49·412d···NIST-800-53-IA-
000418d0:·3131·0a20·202d·206c·6f77·5f63·6f6d·706c··11.··-·low_compl
000418e0:·6578·6974·790a·2020·2d20·6c6f·775f·6469··exity.··-·low_di
000418f0:·7372·7570·7469·6f6e·0a20·202d·206d·6564··sruption.··-·med
00041900:·6975·6d5f·7365·7665·7269·7479·0a20·202d··ium_severity.··-
00041910:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede
00041920:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
00041930:·7472·6174·6567·790a·2020·2d20·7375·646f··trategy.··-·sudo
00041940:·5f72·656d·6f76·655f·6e6f·5f61·7574·6865··_remove_no_authe
00041950:·6e74·6963·6174·650a·0a2d·206e·616d·653a··nticate..-·name:
00041960:·2052·656d·6f76·6520·6c69·6e65·7320·636f···Remove·lines·co
00041970:·6e74·6169·6e69·6e67·2021·6175·7468·656e··ntaining·!authen
00041980:·7469·6361·7465·2066·726f·6d20·7375·646f··ticate·from·sudo
00041990:·6572·7320·6669·6c65·730a·2020·7265·706c··ers·files.··repl
000419a0:·6163·653a·0a20·2020·2072·6567·6578·703a··ace:.····regexp:
000419b0:·2028·5e28·3f21·2329·2e2a·5b5c·735d·2b5c···(^(?!#).*[\s]+\
000419c0:·2161·7574·6865·6e74·6963·6174·652e·2a24··!authenticate.*$
000419d0:·290a·2020·2020·7265·706c·6163·653a·2027··).····replace:·'
000419e0:·2320·5c67·266c·743b·3126·6774·3b27·0a20··#·\g<1>'.·
Max diff block lines reached; 648410/667508 bytes (97.14%) of diff not shown.


Offset 38, 15 lines modified		Offset 38, 15 lines modified
38	***·Profile·Information·***	38	***·Profile·Information·***
39	Profile·Title·Profile·for·ANSSI·DAT-NT28·High·(Enforced)·Level	39	Profile·Title·Profile·for·ANSSI·DAT-NT28·High·(Enforced)·Level
40	Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_high	40	Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_high
41	*·CPE·Platforms·*	41	*·CPE·Platforms·*
42	····*·cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~	42	····*·cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
43	***·Revision·History·***	43	***·Revision·History·***
44	Current·version:·0.1.65	44	Current·version:·0.1.65
45	····*·draft·(as·of·2024-01-22)	45	····*·draft·(as·of·2025-02-23)
46	***·Table·of·Contents·***	46	***·Table·of·Contents·***
47	···1.·System_Settings	47	···1.·System_Settings
48	·········1.·Installing_and_Maintaining_Software	48	·········1.·Installing_and_Maintaining_Software
49	·········2.·System_Accounting_with_auditd	49	·········2.·System_Accounting_with_auditd
50	·········3.·GRUB2_bootloader_configuration	50	·········3.·GRUB2_bootloader_configuration
51	·········4.·Configure_Syslog	51	·········4.·Configure_Syslog
52	·········5.·File_Permissions_and_Masks	52	·········5.·File_Permissions_and_Masks
Offset 171, 14 lines modified		Offset 171, 33 lines modified
171	············References: ·BP28(R5),·BP28(R59),·1,·12,·15,·16,·5,·DSS05.04,·DSS05.10,·DSS06.03,	171	············References: ·BP28(R5),·BP28(R59),·1,·12,·15,·16,·5,·DSS05.04,·DSS05.10,·DSS06.03,
172	············DSS06.10,·CCI-002038,·4.3.3.5.1,·4.3.3.6.1,·4.3.3.6.2,·4.3.3.6.3,·4.3.3.6.4,	172	············DSS06.10,·CCI-002038,·4.3.3.5.1,·4.3.3.6.1,·4.3.3.6.2,·4.3.3.6.3,·4.3.3.6.4,
173	Identifiers·4.3.3.6.5,·4.3.3.6.6,·4.3.3.6.7,·4.3.3.6.8,·4.3.3.6.9,·SR_1.1,·SR_1.10,·SR_1.2,·SR	173	Identifiers·4.3.3.6.5,·4.3.3.6.6,·4.3.3.6.7,·4.3.3.6.8,·4.3.3.6.9,·SR_1.1,·SR_1.10,·SR_1.2,·SR
174	and·········1.3,·SR_1.4,·SR_1.5,·SR_1.7,·SR_1.8,·SR_1.9,·A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,	174	and·········1.3,·SR_1.4,·SR_1.5,·SR_1.7,·SR_1.8,·SR_1.9,·A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,
175	References··A.9.2.4,·A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3,·IA-11,·CM-6(a),·PR.AC-1,·PR.AC-7,	175	References··A.9.2.4,·A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3,·IA-11,·CM-6(a),·PR.AC-1,·PR.AC-7,
176	············SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,·SRG-OS-000373-GPOS-00158,·SRG-	176	············SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,·SRG-OS-000373-GPOS-00158,·SRG-
177	············OS-000373-VMM-001470,·SRG-OS-000373-VMM-001480,·SRG-OS-000373-VMM-001490	177	············OS-000373-VMM-001470,·SRG-OS-000373-VMM-001480,·SRG-OS-000373-VMM-001490
		178	Remediation_Shell_script_⇲
		179	Complexity:·low
		180	Disruption:·low
		181	Strategy:···restrict

		182	for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
		183	··if·[·!·-e·"$f"·]·;·then
		184	····continue
		185	··fi
		186	··matching_list=$(grep·-P·'^(?!#).[\s]+\!authenticate.$'·$f·\|·uniq·)
		187	··if·!·test·-z·"$matching_list";·then
		188	····while·IFS=·read·-r·entry;·do
		189	······#·comment·out·"!authenticate"·matches·to·preserve·user·data
		190	······sed·-i·"s/^${entry}$/#·&/g"·$f
		191	····done·<<<·"$matching_list"

		192	····/usr/sbin/visudo·-cf·$f·&>·/dev/null·\|\|·echo·"Fail·to·validate·$f·with·visudo"
		193	··fi
		194	done
178	Remediation_Ansible_snippet_⇲	195	Remediation_Ansible_snippet_⇲
179	Complexity:·low	196	Complexity:·low
180	Disruption:·low	197	Disruption:·low
181	Strategy:···restrict	198	Strategy:···restrict
182	-·name:·Find·/etc/sudoers.d/·files	199	-·name:·Find·/etc/sudoers.d/·files
183	··find:	200	··find:
184	····paths:	201	····paths:
Offset 208, 33 lines modified		Offset 227, 14 lines modified
208	··-·NIST-800-53-IA-11	227	··-·NIST-800-53-IA-11
209	··-·low_complexity	228	··-·low_complexity
210	··-·low_disruption	229	··-·low_disruption
211	··-·medium_severity	230	··-·medium_severity
212	··-·no_reboot_needed	231	··-·no_reboot_needed
213	··-·restrict_strategy	232	··-·restrict_strategy
214	··-·sudo_remove_no_authenticate	233	··-·sudo_remove_no_authenticate
215	Remediation_Shell_script_⇲
216	Complexity:·low
217	Disruption:·low
218	Strategy:···restrict

219	for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
220	··if·[·!·-e·"$f"·]·;·then
221	····continue
222	··fi
223	··matching_list=$(grep·-P·'^(?!#).[\s]+\!authenticate.$'·$f·\|·uniq·)
224	··if·!·test·-z·"$matching_list";·then
225	····while·IFS=·read·-r·entry;·do
226	······#·comment·out·"!authenticate"·matches·to·preserve·user·data
227	······sed·-i·"s/^${entry}$/#·&/g"·$f
228	····done·<<<·"$matching_list"

229	····/usr/sbin/visudo·-cf·$f·&>·/dev/null·\|\|·echo·"Fail·to·validate·$f·with·visudo"
230	··fi
231	done
232	*·Rule ·Ensure·Users·Re-Authenticate·for·Privilege·Escalation·-·sudo·NOPASSWD· [ref]·*	234	*·Rule ·Ensure·Users·Re-Authenticate·for·Privilege·Escalation·-·sudo·NOPASSWD· [ref]·*
233	The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using·sudo·without	235	The·sudo·NOPASSWD·tag,·when·specified,·allows·a·user·to·execute·commands·using·sudo·without
234	having·to·authenticate.·This·should·be·disabled·by·making·sure·that·the·NOPASSWD·tag·does·not	236	having·to·authenticate.·This·should·be·disabled·by·making·sure·that·the·NOPASSWD·tag·does·not
235	exist·in·/etc/sudoers·configuration·file·or·any·sudo·configuration·snippets·in·/etc/	237	exist·in·/etc/sudoers·configuration·file·or·any·sudo·configuration·snippets·in·/etc/
236	sudoers.d/.	238	sudoers.d/.
237	············Without·re-authentication,·users·may·access·resources·or·perform·tasks·for·which	239	············Without·re-authentication,·users·may·access·resources·or·perform·tasks·for·which
238	············they·do·not·have·authorization.	240	············they·do·not·have·authorization.
Offset 246, 14 lines modified		Offset 246, 33 lines modified
246	············References: ·BP28(R5),·BP28(R59),·1,·12,·15,·16,·5,·DSS05.04,·DSS05.10,·DSS06.03,	246	············References: ·BP28(R5),·BP28(R59),·1,·12,·15,·16,·5,·DSS05.04,·DSS05.10,·DSS06.03,
247	············DSS06.10,·CCI-002038,·4.3.3.5.1,·4.3.3.6.1,·4.3.3.6.2,·4.3.3.6.3,·4.3.3.6.4,	247	············DSS06.10,·CCI-002038,·4.3.3.5.1,·4.3.3.6.1,·4.3.3.6.2,·4.3.3.6.3,·4.3.3.6.4,
248	Identifiers·4.3.3.6.5,·4.3.3.6.6,·4.3.3.6.7,·4.3.3.6.8,·4.3.3.6.9,·SR_1.1,·SR_1.10,·SR_1.2,·SR	248	Identifiers·4.3.3.6.5,·4.3.3.6.6,·4.3.3.6.7,·4.3.3.6.8,·4.3.3.6.9,·SR_1.1,·SR_1.10,·SR_1.2,·SR
249	and·········1.3,·SR_1.4,·SR_1.5,·SR_1.7,·SR_1.8,·SR_1.9,·A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,	249	and·········1.3,·SR_1.4,·SR_1.5,·SR_1.7,·SR_1.8,·SR_1.9,·A.18.1.4,·A.9.2.1,·A.9.2.2,·A.9.2.3,
250	References··A.9.2.4,·A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3,·IA-11,·CM-6(a),·PR.AC-1,·PR.AC-7,	250	References··A.9.2.4,·A.9.2.6,·A.9.3.1,·A.9.4.2,·A.9.4.3,·IA-11,·CM-6(a),·PR.AC-1,·PR.AC-7,
251	············SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,·SRG-OS-000373-GPOS-00158,·SRG-	251	············SRG-OS-000373-GPOS-00156,·SRG-OS-000373-GPOS-00157,·SRG-OS-000373-GPOS-00158,·SRG-
252	············OS-000373-VMM-001470,·SRG-OS-000373-VMM-001480,·SRG-OS-000373-VMM-001490	252	············OS-000373-VMM-001470,·SRG-OS-000373-VMM-001480,·SRG-OS-000373-VMM-001490
		253	Remediation_Shell_script_⇲
		254	Complexity:·low
		255	Disruption:·low
		256	Strategy:···restrict

		257	for·f·in·/etc/sudoers·/etc/sudoers.d/*·;·do
		258	··if·[·!·-e·"$f"·]·;·then
		259	····continue
		260	··fi
		261	··matching_list=$(grep·-P·'^(?!#).[\s]+NOPASSWD[\s]\:.*$'·$f·\|·uniq·)
		262	··if·!·test·-z·"$matching_list";·then
		263	····while·IFS=·read·-r·entry;·do
		264	······#·comment·out·"NOPASSWD"·matches·to·preserve·user·data
		265	······sed·-i·"s/^${entry}$/#·&/g"·$f
		266	····done·<<<·"$matching_list"

		267	····/usr/sbin/visudo·-cf·$f·&>·/dev/null·\|\|·echo·"Fail·to·validate·$f·with·visudo"
		268	··fi
		269	done
253	Remediation_Ansible_snippet_⇲	270	Remediation_Ansible_snippet_⇲
254	Complexity:·low	271	Complexity:·low
255	Disruption:·low	272	Disruption:·low
256	Strategy:···restrict	273	Strategy:···restrict
257	-·name:·Find·/etc/sudoers.d/·files	274	-·name:·Find·/etc/sudoers.d/·files
258	··find:	275	··find:
259	····paths:	276	····paths:
Offset 283, 33 lines modified		Offset 302, 14 lines modified
283	··-·NIST-800-53-IA-11	302	··-·NIST-800-53-IA-11
284	··-·low_complexity	303	··-·low_complexity
285	··-·low_disruption	304	··-·low_disruption
286	··-·medium_severity	305	··-·medium_severity
287	··-·no_reboot_needed	306	··-·no_reboot_needed
288	··-·restrict_strategy	307	··-·restrict_strategy
289	··-·sudo_remove_nopasswd	308	··-·sudo_remove_nopasswd
290	Remediation_Shell_script_⇲
291	Complexity:·low
Max diff block lines reached; 86029/91469 bytes (94.05%) of diff not shown.


Offset 14281, 15 lines modified		Offset 14281, 15 lines modified
00037c80:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current		00037c80:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00037c90:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron		00037c90:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00037ca0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong		00037ca0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00037cb0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st		00037cb0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00037cc0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro		00037cc0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00037cd0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············		00037cd0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00037ce0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2		00037ce0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00037cf0:·3032·342d·3031·2d32·3229·0a20·2020·2020··024-01-22).·····		00037cf0:·3032·352d·3032·2d32·3329·0a20·2020·2020··025-02-23).·····
00037d00:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>		00037d00:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00037d10:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T		00037d10:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00037d20:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents		00037d20:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00037d30:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·		00037d30:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00037d40:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org		00037d40:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00037d50:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont		00037d50:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00037d60:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system		00037d60:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
Offset 14943, 140 lines modified		Offset 14943, 140 lines modified
0003a5e0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target		0003a5e0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
0003a5f0:·3d22·2369·646d·3235·3637·2220·7461·6269··="#idm2567"·tabi		0003a5f0:·3d22·2369·646d·3235·3637·2220·7461·6269··="#idm2567"·tabi
0003a600:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b		0003a600:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
0003a610:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa		0003a610:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
0003a620:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit		0003a620:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
0003a630:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·		0003a630:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
0003a640:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!		0003a640:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
0003a650:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An		0003a650:·223e·5265·6d65·6469·6174·696f·6e20·5368··">Remediation·Sh
0003a660:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..
0003a670:·b23c·2f61·3e3c·6272·3e3c·6469·7620·636c··.</a><br><div·cl
0003a680:·6~~173~~·~~733d~~·~~2270~~·616e·~~656c~~·2~~d63~~·~~6f6c~~·6c61··~~ass="panel-colla~~		0003a660:·656c·6c20·7363·7269·7074·20e2·87b2·3c2f··ell·script·...</
		0003a670:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
		0003a680:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
		0003a690:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
		0003a6a0:·646d·3235·3637·223e·3c74·6162·6c65·2063··dm2567"><table·c
		0003a6b0:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
		0003a6c0:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
		0003a6d0:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
		0003a6e0:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
		0003a6f0:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
		0003a700:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
		0003a710:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
		0003a720:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l
		0003a730:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
		0003a740:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
		0003a750:·683e·3c74·643e·7265·7374·7269·6374·3c2f··h><td>restrict</
		0003a760:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
		0003a770:·3c70·7265·3e3c·636f·6465·3e0a·666f·7220··<pre><code>.for·
		0003a780:·6620·696e·202f·6574·632f·7375·646f·6572··f·in·/etc/sudoer
		0003a790:·7320·2f65·7463·2f73·7564·6f65·7273·2e64··s·/etc/sudoers.d
		0003a7a0:·2f2a·203b·2064·6f0a·2020·6966·205b·2021··/*·;·do.··if·[·!
		0003a7b0:·202d·6520·2224·6622·205d·203b·2074·6865···-e·"$f"·]·;·the
		0003a7c0:·6e0a·2020·2020·636f·6e74·696e·7565·0a20··n.····continue.·
		0003a7d0:·2066·690a·2020·6d61·7463·6869·6e67·5f6c···fi.··matching_l
		0003a7e0:·6973·743d·2428·6772·6570·202d·5020·275e··ist=$(grep·-P·'^
		0003a7f0:·283f·2123·292e·2a5b·5c73·5d2b·5c21·6175··(?!#).*[\s]+\!au
		0003a800:·7468·656e·7469·6361·7465·2e2a·2427·2024··thenticate.*$'·$
		0003a810:·6620·7c20·756e·6971·2029·0a20·2069·6620··f·\|·uniq·).··if·
		0003a820:·2120·7465·7374·202d·7a20·2224·6d61·7463··!·test·-z·"$matc
		0003a830:·6869·6e67·5f6c·6973·7422·3b20·7468·656e··hing_list";·then
		0003a840:·0a20·2020·2077·6869·6c65·2049·4653·3d20··.····while·IFS=·
		0003a850:·7265·6164·202d·7220·656e·7472·793b·2064··read·-r·entry;·d
		0003a860:·6f0a·2020·2020·2020·2320·636f·6d6d·656e··o.······#·commen
		0003a870:·7420·6f75·7420·2221·6175·7468·656e·7469··t·out·"!authenti
		0003a880:·6361·7465·2220·6d61·7463·6865·7320·746f··cate"·matches·to
		0003a890:·2070·7265·7365·7276·6520·7573·6572·2064···preserve·user·d
		0003a8a0:·6174·610a·2020·2020·2020·7365·6420·2d69··ata.······sed·-i
		0003a8b0:·2022·732f·5e24·7b65·6e74·7279·7d24·2f23···"s/^${entry}$/#
		0003a8c0:·2026·616d·703b·2f67·2220·2466·0a20·2020···&/g"·$f.···
		0003a8d0:·2064·6f6e·6520·266c·743b·266c·743b·266c···done·<<&l
		0003a8e0:·743b·2022·246d·6174·6368·696e·675f·6c69··t;·"$matching_li
		0003a8f0:·7374·220a·0a20·2020·202f·7573·722f·7362··st"..····/usr/sb
		0003a900:·696e·2f76·6973·7564·6f20·2d63·6620·2466··in/visudo·-cf·$f
		0003a910:·2026·616d·703b·2667·743b·202f·6465·762f···&>·/dev/
		0003a920:·6e75·6c6c·207c·7c20·6563·686f·2022·4661··null·\|\|·echo·"Fa
		0003a930:·696c·2074·6f20·7661·6c69·6461·7465·2024··il·to·validate·$
		0003a940:·6620·7769·7468·2076·6973·7564·6f22·0a20··f·with·visudo".·
		0003a950:·2066·690a·646f·6e65·0a3c·2f63·6f64·653e···fi.done.</code>
		0003a960:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
		0003a970:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
		0003a980:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
0003a690:·~~7073~~·6520·636f·6c6c·6170·7365·2220·6964··~~pse·~~collapse"·id		0003a990:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
		0003a9a0:·7461·2d74·6172·6765·743d·2223·6964·6d32··ta-target="#idm2
		0003a9b0:·3536·3822·2074·6162·696e·6465·783d·2230··568"·tabindex="0
		0003a9c0:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
		0003a9d0:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
		0003a9e0:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
		0003a9f0:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
		0003aa00:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
		0003aa10:·6961·7469·6f6e·2041·6e73·6962·6c65·2073··iation·Ansible·s
0003a6a0:·3d22·6964·6d32·3536·3722·3e3c·7461·626c··="idm2567"><tabl
0003a6b0:·6520·636c·6173·733d·2274·6162·6c65·2074··e·class="table·t
0003a6c0:·6162·6c65·2d73·7472·6970·6564·2074·6162··able-striped·tab
0003a6d0:·6c65·2d62·6f72·6465·7265·6420·7461·626c··le-bordered·tabl
0003a6e0:·652d·636f·6e64·656e·7365·6422·3e3c·7472··e-condensed"><tr
0003a6f0:·3e3c·7468·3e43·6f6d·706c·6578·6974·793a··><th>Complexity:
0003a700:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
0003a710:·3e3c·2f74·723e·3c74·723e·3c74·683e·4469··></tr><tr><th>Di
0003a720:·7372·7570·7469·6f6e·3a3c·2f74·683e·3c74··sruption:</th><t
0003a730:·643e·6c6f·773c·2f74·643e·3c2f·7472·3e3c··d>low</td></tr><
0003a740:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:
0003a750:·3c2f·7468·3e3c·7464·3e72·6573·7472·6963··</th><td>restric
0003a760:·743c·2f74·643e·3c2f·7472·3e3c·2f74·6162··t</td></tr></tab
0003a770:·6c65·3e3c·7072·653e·3c63·6f64·653e·2d20··le><pre><code>-·
0003a780:·6e61·6d65·3a20·4669·6e64·202f·6574·632f··name:·Find·/etc/
0003a790:·7375·646f·6572·732e·642f·2066·696c·6573··sudoers.d/·files
0003a7a0:·0a20·2066·696e·643a·0a20·2020·2070·6174··.··find:.····pat
0003a7b0:·6873·3a0a·2020·2020·2d20·2f65·7463·2f73··hs:.····-·/etc/s
0003a7c0:·7564·6f65·7273·2e64·2f0a·2020·7265·6769··udoers.d/.··regi
0003a7d0:·7374·6572·3a20·7375·646f·6572·730a·2020··ster:·sudoers.··
0003a7e0:·7461·6773·3a0a·2020·2d20·4e49·5354·2d38··tags:.··-·NIST-8
0003a7f0:·3030·2d35·332d·434d·2d36·2861·290a·2020··00-53-CM-6(a).··
0003a800:·2d20·4e49·5354·2d38·3030·2d35·332d·4941··-·NIST-800-53-IA
0003a810:·2d31·310a·2020·2d20·6c6f·775f·636f·6d70··-11.··-·low_comp
0003a820:·6c65·7869·7479·0a20·202d·206c·6f77·5f64··lexity.··-·low_d
0003a830:·6973·7275·7074·696f·6e0a·2020·2d20·6d65··isruption.··-·me
0003a840:·6469·756d·5f73·6576·6572·6974·790a·2020··dium_severity.··
0003a850:·2d20·6e6f·5f72·6562·6f6f·745f·6e65·6564··-·no_reboot_need
0003a860:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_
0003a870:·7374·7261·7465·6779·0a20·202d·2073·7564··strategy.··-·sud
0003a880:·6f5f·7265·6d6f·7665·5f6e·6f5f·6175·7468··o_remove_no_auth
0003a890:·656e·7469·6361·7465·0a0a·2d20·6e61·6d65··enticate..-·name
0003a8a0:·3a20·5265·6d6f·7665·206c·696e·6573·2063··:·Remove·lines·c
0003a8b0:·6f6e·7461·696e·696e·6720·2161·7574·6865··ontaining·!authe
0003a8c0:·6e74·6963·6174·6520·6672·6f6d·2073·7564··nticate·from·sud
0003a8d0:·6f65·7273·2066·696c·6573·0a20·2072·6570··oers·files.··rep
0003a8e0:·6c61·6365·3a0a·2020·2020·7265·6765·7870··lace:.····regexp
0003a8f0:·3a20·285e·283f·2123·292e·2a5b·5c73·5d2b··:·(^(?!#).*[\s]+
0003a900:·5c21·6175·7468·656e·7469·6361·7465·2e2a··\!authenticate.*
0003a910:·2429·0a20·2020·2072·6570·6c61·6365·3a20··$).····replace:·
0003a920:·2723·205c·6726·6c74·3b31·2667·743b·270a··'#·\g<1>'.
Max diff block lines reached; 235484/254582 bytes (92.50%) of diff not shown.


Offset 14285, 15 lines modified		Offset 14285, 15 lines modified
00037cc0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current		00037cc0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00037cd0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron		00037cd0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00037ce0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong		00037ce0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00037cf0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st		00037cf0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00037d00:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro		00037d00:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00037d10:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············		00037d10:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00037d20:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2		00037d20:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00037d30:·3032·342d·3031·2d32·3229·0a20·2020·2020··024-01-22).·····		00037d30:·3032·352d·3032·2d32·3329·0a20·2020·2020··025-02-23).·····
00037d40:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>		00037d40:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00037d50:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T		00037d50:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00037d60:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents		00037d60:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00037d70:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·		00037d70:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00037d80:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org		00037d80:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00037d90:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont		00037d90:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00037da0:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system		00037da0:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
Offset 16738, 139 lines modified		Offset 16738, 139 lines modified
00041610:·2d74·6172·6765·743d·2223·6964·6d32·3536··-target="#idm256		00041610:·2d74·6172·6765·743d·2223·6964·6d32·3536··-target="#idm256
00041620:·3722·2074·6162·696e·6465·783d·2230·2220··7"·tabindex="0"·		00041620:·3722·2074·6162·696e·6465·783d·2230·2220··7"·tabindex="0"·
00041630:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar		00041630:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
00041640:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal		00041640:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
00041650:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ		00041650:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
00041660:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h		00041660:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
00041670:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia		00041670:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
00041680:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni
00041690:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>
000416a0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
000416b0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
000416c0:·7073·6522·2069·643d·2269·646d·3235·3637··pse"·id="idm2567
000416d0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
000416e0:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
000416f0:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
00041700:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
00041710:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
00041720:·6c65·7869·~~7479~~·~~3a3c~~·~~2f74~~·~~683e~~·3c74·6~~43e~~··~~lexity:</th><td>~~		00041680:·7469·6f6e·2053·6865·6c6c·2073·6372·6970··tion·Shell·scrip
		00041690:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
		000416a0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
		000416b0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
		000416c0:·2220·6964·3d22·6964·6d32·3536·3722·3e3c··"·id="idm2567"><
		000416d0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
		000416e0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
		000416f0:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
		00041700:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
		00041710:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
		00041720:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
		00041730:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
		00041740:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
		00041750:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
		00041760:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
		00041770:·6567·793a·3c2f·7468·3e3c·7464·3e72·6573··egy:</th><td>res
00041730:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·~~7472··low~~</td></tr><tr		00041780:·7472·6963·743c·2f74·643e·3c2f·7472·3e3c··trict</td></tr><
		00041790:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
		000417a0:·653e·0a66·6f72·2066·2069·6e20·2f65·7463··e>.for·f·in·/etc
		000417b0:·2f73·7564·6f65·7273·202f·6574·632f·7375··/sudoers·/etc/su
		000417c0:·646f·6572·732e·642f·2a20·3b20·646f·0a20··doers.d/*·;·do.·
		000417d0:·2069·6620·5b20·2120·2d65·2022·2466·2220···if·[·!·-e·"$f"·
		000417e0:·5d20·3b20·7468·656e·0a20·2020·2063·6f6e··]·;·then.····con
		000417f0:·7469·6e75·650a·2020·6669·0a20·206d·6174··tinue.··fi.··mat
		00041800:·6368·696e·675f·6c69·7374·3d24·2867·7265··ching_list=$(gre
		00041810:·7020·2d50·2027·5e28·3f21·2329·2e2a·5b5c··p·-P·'^(?!#).*[\
00041740:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
00041750:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
00041760:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
00041770:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
00041780:·7265·7374·7269·6374·3c2f·7464·3e3c·2f74··restrict</td></t
00041790:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
000417a0:·636f·6465·3e2d·206e·616d·653a·2046·696e··code>-·name:·Fin
000417b0:·6420·2f65·7463·2f73·7564·6f65·7273·2e64··d·/etc/sudoers.d
000417c0:·2f20·6669·6c65·730a·2020·6669·6e64·3a0a··/·files.··find:.
000417d0:·2020·2020·7061·7468·733a·0a20·2020·202d······paths:.····-
000417e0:·202f·6574·632f·7375·646f·6572·732e·642f···/etc/sudoers.d/
000417f0:·0a20·2072·6567·6973·7465·723a·2073·7564··.··register:·sud
00041800:·6f65·7273·0a20·2074·6167·733a·0a20·202d··oers.··tags:.··-
00041810:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
00041820:·3628·6129·0a20·202d·204e·4953·542d·3830··6(a).··-·NIST-80
00041830:·302d·3533·2d49·412d·3131·0a20·202d·206c··0-53-IA-11.··-·l
00041840:·6f77·5f63·6f6d·706c·6578·6974·790a·2020··ow_complexity.··
00041850:·2d20·6c6f·775f·6469·7372·7570·7469·6f6e··-·low_disruption
00041860:·0a20·202d·206d·6564·6975·6d5f·7365·7665··.··-·medium_seve
00041870:·7269·7479·0a20·202d·206e·6f5f·7265·626f··rity.··-·no_rebo
00041880:·6f74·5f6e·6565·6465·640a·2020·2d20·7265··ot_needed.··-·re
00041890:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.
000418a0:·2020·2d20·7375·646f·5f72·656d·6f76·655f····-·sudo_remove_
000418b0:·6e6f·5f61·7574·6865·6e74·6963·6174·650a··no_authenticate.
000418c0:·0a2d·206e·616d·653a·2052·656d·6f76·6520··.-·name:·Remove·
000418d0:·6c69·6e65·7320·636f·6e74·6169·6e69·6e67··lines·containing
000418e0:·2021·6175·7468·656e·7469·6361·7465·2066···!authenticate·f
000418f0:·726f·6d20·7375·646f·6572·7320·6669·6c65··rom·sudoers·file
00041900:·730a·2020·7265·706c·6163·653a·0a20·2020··s.··replace:.···
00041910:·2072·6567·6578·703a·2028·5e28·3f21·2329···regexp:·(^(?!#)
00041920:~~·2e2a·5b5c~~·735d·2b5c·2161·7574·6865·6e74··~~.*[\~~s]+\!authent		00041820:·735d·2b5c·2161·7574·6865·6e74·6963·6174··s]+\!authenticat
		00041830:·652e·2a24·2720·2466·207c·2075·6e69·7120··e.*$'·$f·\|·uniq·
		00041840:·290a·2020·6966·2021·2074·6573·7420·2d7a··).··if·!·test·-z
		00041850:·2022·246d·6174·6368·696e·675f·6c69·7374···"$matching_list
		00041860:·223b·2074·6865·6e0a·2020·2020·7768·696c··";·then.····whil
		00041870:·6520·4946·533d·2072·6561·6420·2d72·2065··e·IFS=·read·-r·e
		00041880:·6e74·7279·3b20·646f·0a20·2020·2020·2023··ntry;·do.······#
		00041890:·2063·6f6d·6d65·6e74·206f·7574·2022·2161···comment·out·"!a
		000418a0:·7574·6865·6e74·6963·6174·6522·206d·6174··uthenticate"·mat
		000418b0:·6368·6573·2074·6f20·7072·6573·6572·7665··ches·to·preserve
		000418c0:·2075·7365·7220·6461·7461·0a20·2020·2020···user·data.·····
		000418d0:·2073·6564·202d·6920·2273·2f5e·247b·656e···sed·-i·"s/^${en
		000418e0:·7472·797d·242f·2320·2661·6d70·3b2f·6722··try}$/#·&/g"
		000418f0:·2024·660a·2020·2020·646f·6e65·2026·6c74···$f.····done·&lt
		00041900:·3b26·6c74·3b26·6c74·3b20·2224·6d61·7463··;<<·"$matc
		00041910:·6869·6e67·5f6c·6973·7422·0a0a·2020·2020··hing_list"..····
		00041920:·2f75·7372·2f73·6269·6e2f·7669·7375·646f··/usr/sbin/visudo
		00041930:·202d·6366·2024·6620·2661·6d70·3b26·6774···-cf·$f·&&gt
		00041940:·3b20·2f64·6576·2f6e·756c·6c20·7c7c·2065··;·/dev/null·\|\|·e
		00041950:·6368·6f20·2246·6169·6c20·746f·2076·616c··cho·"Fail·to·val
		00041960:·6964·6174·6520·2466·2077·6974·6820·7669··idate·$f·with·vi
		00041970:·7375·646f·220a·2020·6669·0a64·6f6e·650a··sudo".··fi.done.
		00041980:·3c2f·636f·6465·3e3c·2f70·7265·3e3c·2f64··</code></pre></d
		00041990:·6976·3e3c·6120·636c·6173·733d·2262·746e··iv><a·class="btn
		000419a0:·2062·746e·2d73·7563·6365·7373·2220·6461···btn-success"·da
		000419b0:·7461·2d74·6f67·676c·653d·2263·6f6c·6c61··ta-toggle="colla
		000419c0:·7073·6522·2064·6174·612d·7461·7267·6574··pse"·data-target
		000419d0:·3d22·2369·646d·3235·3638·2220·7461·6269··="#idm2568"·tabi
		000419e0:·6e64·6578·3d22·3022·2072·6f6c·653d·2262··ndex="0"·role="b
		000419f0:·7574·746f·6e22·2061·7269·612d·6578·7061··utton"·aria-expa
		00041a00:·6e64·6564·3d22·6661·6c73·6522·2074·6974··nded="false"·tit
		00041a10:·6c65·3d22·4163·7469·7661·7465·2074·6f20··le="Activate·to·
		00041a20:·7265·7665·616c·2220·6872·6566·3d22·2321··reveal"·href="#!
		00041a30:·223e·5265·6d65·6469·6174·696f·6e20·416e··">Remediation·An
		00041a40:·7369·626c·6520·736e·6970·7065·7420·e287··sible·snippet·..
00041930:·6963·6174·652e·2a24·290a·2020·2020·7265··icate.*$).····re
00041940:·706c·6163·653a·2027·2320·5c67·266c·743b··place:·'#·\g<
00041950:·3126·6774·3b27·0a20·2020·2070·6174·683a··1>'.····path:
Max diff block lines reached; 636792/655752 bytes (97.11%) of diff not shown.


Offset 14287, 16 lines modified		Offset 14287, 16 lines modified
00037ce0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</		00037ce0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</
00037cf0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve		00037cf0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve
00037d00:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0		00037d00:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0
00037d10:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></		00037d10:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></
00037d20:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron		00037d20:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron
00037d30:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>		00037d30:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>
00037d40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············		00037d40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037d50:·2020·2020·2028·6173·206f·6620·3230·3234·······(as·of·2024		00037d50:·2020·2020·2028·6173·206f·6620·3230·3235·······(as·of·2025
00037d60:·2d30·312d·3232·290a·2020·2020·2020·2020··-01-22).········		00037d60:·2d30·322d·3233·290a·2020·2020·2020·2020··-02-23).········
00037d70:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u		00037d70:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u
00037d80:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl		00037d80:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl
00037d90:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h		00037d90:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h
00037da0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre		00037da0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre
00037db0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss		00037db0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss
00037dc0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content		00037dc0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
00037dd0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S		00037dd0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S
Offset 17203, 131 lines modified		Offset 17203, 131 lines modified
00043320:·2d74·6172·6765·743d·2223·6964·6d35·3134··-target="#idm514		00043320:·2d74·6172·6765·743d·2223·6964·6d35·3134··-target="#idm514
00043330:·3422·2074·6162·696e·6465·783d·2230·2220··4"·tabindex="0"·		00043330:·3422·2074·6162·696e·6465·783d·2230·2220··4"·tabindex="0"·
00043340:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar		00043340:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
00043350:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal		00043350:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
00043360:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ		00043360:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
00043370:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h		00043370:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
00043380:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia		00043380:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
00043390:·7469·6f6e·2041·6e73·6962·6c65·2073·6e69··tion·Ansible·sni
000433a0:·7070·6574·20e2·87b2·3c2f·613e·3c62·723e··ppet·...</a><br>
000433b0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
000433c0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
000433d0:·7073·6522·2069·643d·2269·646d·3531·3434··pse"·id="idm5144
000433e0:·223e·3c74·6162·6c65·2063·6c61·7373·3d22··"><table·class="
000433f0:·7461·626c·6520·7461·626c·652d·7374·7269··table·table-stri
00043400:·7065·6420·7461·626c·652d·626f·7264·6572··ped·table-border
00043410:·6564·2074·6162·6c65·2d63·6f6e·6465·6e73··ed·table-condens
00043420:·6564·223e·3c74·723e·3c74·683e·436f·6d70··ed"><tr><th>Comp
00043430:·6c65·7869·~~7479~~·~~3a3c~~·~~2f74~~·~~683e~~·3c74·6~~43e~~··~~lexity:</th><td>~~		00043390:·7469·6f6e·2053·6865·6c6c·2073·6372·6970··tion·Shell·scrip
		000433a0:·7420·e287·b23c·2f61·3e3c·6272·3e3c·6469··t·...</a><br><di
		000433b0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
		000433c0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
		000433d0:·2220·6964·3d22·6964·6d35·3134·3422·3e3c··"·id="idm5144"><
		000433e0:·7461·626c·6520·636c·6173·733d·2274·6162··table·class="tab
		000433f0:·6c65·2074·6162·6c65·2d73·7472·6970·6564··le·table-striped
		00043400:·2074·6162·6c65·2d62·6f72·6465·7265·6420···table-bordered·
		00043410:·7461·626c·652d·636f·6e64·656e·7365·6422··table-condensed"
		00043420:·3e3c·7472·3e3c·7468·3e43·6f6d·706c·6578··><tr><th>Complex
		00043430:·6974·793a·3c2f·7468·3e3c·7464·3e6c·6f77··ity:</th><td>low
		00043440:·3c2f·7464·3e3c·2f74·723e·3c74·723e·3c74··</td></tr><tr><t
		00043450:·683e·4469·7372·7570·7469·6f6e·3a3c·2f74··h>Disruption:</t
		00043460:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
		00043470:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
		00043480:·6567·793a·3c2f·7468·3e3c·7464·3e65·6e61··egy:</th><td>ena
00043440:·6c6f·773c·2f74·643e·3c2f·7472·3e3c·7472··~~low~~</td></tr><tr		00043490:·626c·653c·2f74·643e·3c2f·7472·3e3c·2f74··ble</td></tr></t
00043450:·3e3c·7468·3e44·6973·7275·7074·696f·6e3a··><th>Disruption:
00043460:·3c2f·7468·3e3c·7464·3e6c·6f77·3c2f·7464··</th><td>low</td
00043470:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
00043480:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
00043490:·656e·6162·6c65·3c2f·7464·3e3c·2f74·723e··enable</td></tr>
000434a0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
000434b0:·6465·3e2d·206e·616d·653a·2045·6e73·7572··de>-·name:·Ensur
000434c0:·6520·6175·6469·7464·2069·7320·696e·7374··e·auditd·is·inst
000434d0:·616c·6c65·640a·2020·7061·636b·6167·653a··alled.··package:
000434e0:·0a20·2020·206e·616d·653a·2061·7564·6974··.····name:·audit
000434f0:·640a·2020·2020·7374·6174·653a·2070·7265··d.····state:·pre
00043500:·7365·6e74·0a20·2077·6865·6e3a·2061·6e73··sent.··when:·ans
00043510:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
00043520:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
00043530:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
00043540:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
00043550:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
00043560:·225d·0a20·2074·6167·733a·0a20·202d·204e··"].··tags:.··-·N
00043570:·4953·542d·3830·302d·3533·2d41·432d·3728··IST-800-53-AC-7(
00043580:·6129·0a20·202d·204e·4953·542d·3830·302d··a).··-·NIST-800-
00043590:·3533·2d41·552d·3132·2832·290a·2020·2d20··53-AU-12(2).··-·
000435a0:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1
000435b0:·340a·2020·2d20·4e49·5354·2d38·3030·2d35··4.··-·NIST-800-5
000435c0:·~~332d~~·~~415~~5·2d32·~~2861~~·~~290a~~·~~2020~~·~~2d20~~·~~4e49~~··~~3-AU-2(a).··-·NI~~		000434a0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
		000434b0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
		000434c0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
		000434d0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
		000434e0:·666f·726d·730a·6966·205b·2021·202d·6620··forms.if·[·!·-f·
		000434f0:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a
		00043500:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&·[·!·-f·
		00043510:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere
		00043520:·6e76·205d·3b20·7468·656e·0a0a·4445·4249··nv·];·then..DEBI
		00043530:·414e·5f46·524f·4e54·454e·443d·6e6f·6e69··AN_FRONTEND=noni
		00043540:·6e74·6572·6163·7469·7665·2061·7074·2d67··nteractive·apt-g
		00043550:·6574·2069·6e73·7461·6c6c·202d·7920·2261··et·install·-y·"a
		00043560:·7564·6974·6422·0a0a·656c·7365·0a20·2020··uditd"..else.···
		00043570:·2026·6774·3b26·616d·703b·3220·6563·686f···>&2·echo
		00043580:·2027·5265·6d65·6469·6174·696f·6e20·6973···'Remediation·is
		00043590:·206e·6f74·2061·7070·6c69·6361·626c·652c···not·applicable,
		000435a0:·206e·6f74·6869·6e67·2077·6173·2064·6f6e···nothing·was·don
		000435b0:·6527·0a66·690a·3c2f·636f·6465·3e3c·2f70··e'.fi.</code></p
		000435c0:·7265·3e3c·2f64·6976·3e3c·6120·636c·6173··re></div><a·clas
		000435d0:·733d·2262·746e·2062·746e·2d73·7563·6365··s="btn·btn-succe
		000435e0:·7373·2220·6461·7461·2d74·6f67·676c·653d··ss"·data-toggle=
		000435f0:·2263·6f6c·6c61·7073·6522·2064·6174·612d··"collapse"·data-
		00043600:·7461·7267·6574·3d22·2369·646d·3531·3435··target="#idm5145
		00043610:·2220·7461·6269·6e64·6578·3d22·3022·2072··"·tabindex="0"·r
		00043620:·6f6c·653d·2262·7574·746f·6e22·2061·7269··ole="button"·ari
		00043630:·612d·6578·7061·6e64·6564·3d22·6661·6c73··a-expanded="fals
		00043640:·6522·2074·6974·6c65·3d22·4163·7469·7661··e"·title="Activa
		00043650:·7465·2074·6f20·7265·7665·616c·2220·6872··te·to·reveal"·hr
		00043660:·6566·3d22·2321·223e·5265·6d65·6469·6174··ef="#!">Remediat
		00043670:·696f·6e20·416e·7369·626c·6520·736e·6970··ion·Ansible·snip
		00043680:·7065·7420·e287·b23c·2f61·3e3c·6272·3e3c··pet·...</a><br><
		00043690:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
		000436a0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
		000436b0:·7365·2220·6964·3d22·6964·6d35·3134·3522··se"·id="idm5145"
		000436c0:·3e3c·7461·626c·6520·636c·6173·733d·2274··><table·class="t
		000436d0:·6162·6c65·2074·6162·6c65·2d73·7472·6970··able·table-strip
		000436e0:·6564·2074·6162·6c65·2d62·6f72·6465·7265··ed·table-bordere
		000436f0:·6420·7461·626c·652d·636f·6e64·656e·7365··d·table-condense
		00043700:·6422·3e3c·7472·3e3c·7468·3e43·6f6d·706c··d"><tr><th>Compl
		00043710:·6578·6974·793a·3c2f·7468·3e3c·7464·3e6c··exity:</th><td>l
		00043720:·6f77·3c2f·7464·3e3c·2f74·723e·3c74·723e··ow</td></tr><tr>
		00043730:·3c74·683e·4469·7372·7570·7469·6f6e·3a3c··<th>Disruption:<
		00043740:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
		00043750:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
		00043760:·6174·6567·793a·3c2f·7468·3e3c·7464·3e65··ategy:</th><td>e
		00043770:·6e61·626c·653c·2f74·643e·3c2f·7472·3e3c··nable</td></tr><
		00043780:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
		00043790:·653e·2d20·6e61·6d65·3a20·456e·7375·7265··e>-·name:·Ensure
		000437a0:·2061·7564·6974·6420·6973·2069·6e73·7461···auditd·is·insta
		000437b0:·6c6c·6564·0a20·2070·6163·6b61·6765·3a0a··lled.··package:.
		000437c0:·2020·2020·6e61·6d65·3a20·6175·6469·7464······name:·auditd
		000437d0:·0a20·2020·2073·7461·7465·3a20·7072·6573··.····state:·pres
		000437e0:·656e·740a·2020·7768·656e·3a20·616e·7369··ent.··when:·ansi
Max diff block lines reached; 654622/672616 bytes (97.32%) of diff not shown.


Offset 14282, 15 lines modified		Offset 14282, 15 lines modified
00037c90:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre		00037c90:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre
00037ca0:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str		00037ca0:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str
00037cb0:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro		00037cb0:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro
00037cc0:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><		00037cc0:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><
00037cd0:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st		00037cd0:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st
00037ce0:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········		00037ce0:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········
00037cf0:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of		00037cf0:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of
00037d00:·2032·3032·342d·3031·2d32·3229·0a20·2020···2024-01-22).···		00037d00:·2032·3032·352d·3032·2d32·3329·0a20·2020···2025-02-23).···
00037d10:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l		00037d10:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l
00037d20:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h2		00037d20:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h2
00037d30:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten		00037d30:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten
00037d40:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><		00037d40:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><
00037d50:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o		00037d50:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o
00037d60:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co		00037d60:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co
00037d70:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst		00037d70:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst
Offset 18332, 22 lines modified		Offset 18332, 22 lines modified
000479b0:·6e65·6564·6564·0a20·202d·2072·6573·7472··needed.··-·restr		000479b0:·6e65·6564·6564·0a20·202d·2072·6573·7472··needed.··-·restr
000479c0:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·		000479c0:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·
000479d0:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit		000479d0:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit
000479e0:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit		000479e0:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit
000479f0:·2074·6173·6b73·0a20·2073·6574·5f66·6163···tasks.··set_fac		000479f0:·2074·6173·6b73·0a20·2073·6574·5f66·6163···tasks.··set_fac
00047a00:·743a·0a20·2020·2061·7564·6974·5f61·7263··t:.····audit_arc		00047a00:·743a·0a20·2020·2061·7564·6974·5f61·7263··t:.····audit_arc
00047a10:·683a·2062·3634·0a20·2077·6865·6e3a·0a20··h:·b64.··when:.·		00047a10:·683a·2062·3634·0a20·2077·6865·6e3a·0a20··h:·b64.··when:.·
00047a20:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
00047a30:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
00047a40:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
00047a50:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
00047a60:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
00047a70:·7461·696e·6572·225d·0a20·202d·2027·2261··tainer"].··-·'"a
00047a80:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
00047a90:·~~5f66~~·~~6163~~·~~7473~~·~~2e70~~·6~~163~~·~~6b61~~·6765·~~7327~~··~~_facts.packages'~~		00047a20:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a
		00047a30:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
		00047a40:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib
		00047a50:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
		00047a60:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
		00047a70:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
		00047a80:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
		00047a90:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
00047aa0:·0a20·202d·2061·6e73·6962·6c65·5f61·7263··.··-·ansible_arc		00047aa0:·0a20·202d·2061·6e73·6962·6c65·5f61·7263··.··-·ansible_arc
00047ab0:·6869·7465·6374·7572·6520·3d3d·2022·6161··hitecture·==·"aa		00047ab0:·6869·7465·6374·7572·6520·3d3d·2022·6161··hitecture·==·"aa
00047ac0:·7263·6836·3422·206f·7220·616e·7369·626c··rch64"·or·ansibl		00047ac0:·7263·6836·3422·206f·7220·616e·7369·626c··rch64"·or·ansibl
00047ad0:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=		00047ad0:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=
00047ae0:·3d20·2270·7063·3634·2220·6f72·2061·6e73··=·"ppc64"·or·ans		00047ae0:·3d20·2270·7063·3634·2220·6f72·2061·6e73··=·"ppc64"·or·ans
00047af0:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur		00047af0:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur
00047b00:·650a·2020·2020·3d3d·2022·7070·6336·346c··e.····==·"ppc64l		00047b00:·650a·2020·2020·3d3d·2022·7070·6336·346c··e.····==·"ppc64l
Offset 18644, 23 lines modified		Offset 18644, 23 lines modified
00048d30:·6d65·5f72·756c·6573·0a20·2020·2020·2063··me_rules.······c		00048d30:·6d65·5f72·756c·6573·0a20·2020·2020·2063··me_rules.······c
00048d40:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····		00048d40:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····
00048d50:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··		00048d50:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··
00048d60:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese		00048d60:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
00048d70:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys		00048d70:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys
00048d80:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·\|·le		00048d80:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·\|·le
00048d90:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when		00048d90:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when
00048da0:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi
00048db0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
00048dc0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
00048dd0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
00048de0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
00048df0:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
00048e00:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi
00048e10:·~~626c~~·~~655f~~·~~6661~~·~~6374~~·~~732e~~·7061·~~636b~~·6167··~~ble_facts.packag~~		00048da0:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i
		00048db0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
		00048dc0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an
		00048dd0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
		00048de0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
		00048df0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
		00048e00:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
		00048e10:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
00048e20:·~~6573~~·270a·2020·7461·6773·3a0a·2020·2d20··~~es'~~.··tags:.··-·		00048e20:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·
00048e30:·434a·4953·2d35·2e34·2e31·2e31·0a20·202d··CJIS-5.4.1.1.··-		00048e30:·434a·4953·2d35·2e34·2e31·2e31·0a20·202d··CJIS-5.4.1.1.··-
00048e40:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.		00048e40:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
00048e50:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800		00048e50:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
00048e60:·2d35·332d·4143·2d36·2839·290a·2020·2d20··-53-AC-6(9).··-·		00048e60:·2d35·332d·4143·2d36·2839·290a·2020·2d20··-53-AC-6(9).··-·
00048e70:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1		00048e70:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1
00048e80:·3228·6329·0a20·202d·204e·4953·542d·3830··2(c).··-·NIST-80		00048e80:·3228·6329·0a20·202d·204e·4953·542d·3830··2(c).··-·NIST-80
00048e90:·302d·3533·2d41·552d·3228·6429·0a20·202d··0-53-AU-2(d).··-		00048e90:·302d·3533·2d41·552d·3228·6429·0a20·202d··0-53-AU-2(d).··-
Offset 18944, 22 lines modified		Offset 18944, 22 lines modified
00049ff0:·756c·6573·0a20·2020·2020·2063·7265·6174··ules.······creat		00049ff0:·756c·6573·0a20·2020·2020·2063·7265·6174··ules.······creat
0004a000:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo		0004a000:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo
0004a010:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······		0004a010:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······
0004a020:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·		0004a020:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·
0004a030:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall		0004a030:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall
0004a040:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·\|·length		0004a040:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·\|·length
0004a050:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··		0004a050:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··
0004a060:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
0004a070:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
0004a080:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
0004a090:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
0004a0a0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
0004a0b0:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au
0004a0c0:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_
0004a0d0:·~~6661~~·~~6374~~·~~732e~~·7061·~~636b~~·6167·6~~573~~·~~270a~~··~~facts.packages'.~~		0004a060:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
		0004a070:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
		0004a080:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
		0004a090:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
		0004a0a0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
		0004a0b0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
		0004a0c0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
		0004a0d0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
0004a0e0:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=		0004a0e0:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=
0004a0f0:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.		0004a0f0:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.
0004a100:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1		0004a100:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1
0004a110:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17		0004a110:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0004a120:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST		0004a120:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
0004a130:·2d38·3030·2d35·332d·4143·2d36·2839·290a··-800-53-AC-6(9).		0004a130:·2d38·3030·2d35·332d·4143·2d36·2839·290a··-800-53-AC-6(9).
0004a140:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-		0004a140:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
Offset 22393, 23 lines modified		Offset 22393, 23 lines modified
00057780:·2063·6f6e·7461·696e·733a·205e·5c73·2a2d···contains:·^\s*-		00057780:·2063·6f6e·7461·696e·733a·205e·5c73·2a2d···contains:·^\s*-
00057790:·775c·732b·2f65·7463·2f73·7564·6f65·7273··w\s+/etc/sudoers		00057790:·775c·732b·2f65·7463·2f73·7564·6f65·7273··w\s+/etc/sudoers
000577a0:·5c73·2b2d·705c·732b·7761·285c·737c·2429··\s+-p\s+wa(\s\|$)		000577a0:·5c73·2b2d·705c·732b·7761·285c·737c·2429··\s+-p\s+wa(\s\|$)
000577b0:·2b0a·2020·2020·7061·7474·6572·6e73·3a20··+.····patterns:·		000577b0:·2b0a·2020·2020·7061·7474·6572·6e73·3a20··+.····patterns:·
000577c0:·272a·2e72·756c·6573·270a·2020·7265·6769··'*.rules'.··regi		000577c0:·272a·2e72·756c·6573·270a·2020·7265·6769··'*.rules'.··regi
000577d0:·7374·6572·3a20·6669·6e64·5f65·7869·7374··ster:·find_exist		000577d0:·7374·6572·3a20·6669·6e64·5f65·7869·7374··ster:·find_exist
000577e0:·696e·675f·7761·7463·685f·7275·6c65·735f··ing_watch_rules_		000577e0:·696e·675f·7761·7463·685f·7275·6c65·735f··ing_watch_rules_
000577f0:·640a·2020·7768·656e·3a0a·2020·2d20·~~616e~~··d.··when:.··-·an		000577f0:·640a·2020·7768·656e·3a0a·2020·2d20·2722··d.··when:.··-·'"
00057800:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
00057810:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
00057820:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
00057830:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
00057840:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
00057850:·7222·5d0a·2020·2d20·2722·6175·6469·7422··r"].··-·'"audit"
00057860:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
00057870:·~~732e~~·7061·~~636b~~·6167·6~~573~~·~~270a~~·~~2020~~·7461··~~s.packages'.··ta~~		00057800:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl
		00057810:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
		00057820:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
		00057830:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
		00057840:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
Max diff block lines reached; 1133707/1143083 bytes (99.18%) of diff not shown.


Offset 14284, 15 lines modified		Offset 14284, 15 lines modified
00037cb0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C		00037cb0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037cc0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·		00037cc0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037cd0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</		00037cd0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037ce0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><		00037ce0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037cf0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft		00037cf0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00037d00:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······		00037d00:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00037d10:·2020·2020·2020·2020·2020·2020·2020·2861················(a		00037d10:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00037d20:·7320·6f66·2032·3032·342d·3031·2d32·3229··s·of·2024-01-22)		00037d20:·7320·6f66·2032·3032·352d·3032·2d32·3329··s·of·2025-02-23)
00037d30:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············		00037d30:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037d40:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div		00037d40:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00037d50:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co		00037d50:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00037d60:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><		00037d60:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00037d70:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc		00037d70:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00037d80:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec		00037d80:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00037d90:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_		00037d90:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
Offset 15292, 124 lines modified		Offset 15292, 124 lines modified
0003bbb0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=		0003bbb0:·7365·2220·6461·7461·2d74·6172·6765·743d··se"·data-target=
0003bbc0:·2223·6964·6d32·3835·3022·2074·6162·696e··"#idm2850"·tabin		0003bbc0:·2223·6964·6d32·3835·3022·2074·6162·696e··"#idm2850"·tabin
0003bbd0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu		0003bbd0:·6465·783d·2230·2220·726f·6c65·3d22·6275··dex="0"·role="bu
0003bbe0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan		0003bbe0:·7474·6f6e·2220·6172·6961·2d65·7870·616e··tton"·aria-expan
0003bbf0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl		0003bbf0:·6465·643d·2266·616c·7365·2220·7469·746c··ded="false"·titl
0003bc00:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r		0003bc00:·653d·2241·6374·6976·6174·6520·746f·2072··e="Activate·to·r
0003bc10:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"		0003bc10:·6576·6561·6c22·2068·7265·663d·2223·2122··eveal"·href="#!"
0003bc20:·3e52·656d·6564·6961·7469·6f6e·2041·6~~e73~~··>Remediation·~~Ans~~		0003bc20:·3e52·656d·6564·6961·7469·6f6e·2053·6865··>Remediation·She
		0003bc30:·6c6c·2073·6372·6970·7420·e287·b23c·2f61··ll·script·...</a
		0003bc40:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
		0003bc50:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
		0003bc60:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
		0003bc70:·6d32·3835·3022·3e3c·7461·626c·6520·636c··m2850"><table·cl
		0003bc80:·6173·733d·2274·6162·6c65·2074·6162·6c65··ass="table·table
		0003bc90:·2d73·7472·6970·6564·2074·6162·6c65·2d62··-striped·table-b
		0003bca0:·6f72·6465·7265·6420·7461·626c·652d·636f··ordered·table-co
		0003bcb0:·6e64·656e·7365·6422·3e3c·7472·3e3c·7468··ndensed"><tr><th
		0003bcc0:·3e43·6f6d·706c·6578·6974·793a·3c2f·7468··>Complexity:</th
0003bc30:·6962·6c65·2073·6e69·7070·6574·20e2·87b2··ible·snippet·...
0003bc40:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003bc50:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003bc60:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
0003bc70:·2269·646d·3238·3530·223e·3c74·6162·6c65··"idm2850"><table
0003bc80:·2063·6c61·7373·3d22·7461·626c·6520·7461···class="table·ta
0003bc90:·626c·652d·7374·7269·7065·6420·7461·626c··ble-striped·tabl
0003bca0:·652d·626f·7264·6572·6564·2074·6162·6c65··e-bordered·table
0003bcb0:·2d63·6f6e·6465·6e73·6564·223e·3c74·723e··-condensed"><tr>
0003bcc0:·3c74·683e·436f·6d70·6c65·7869·7479·3a3c··<th>Complexity:<
0003bcd0:·2f74·683e·3c74·643e·6c6f·773c·2f74·643e··/th><td>low</td>
0003bce0:·3c2f·7472·3e3c·7472·3e3c·7468·3e44·6973··</tr><tr><th>Dis
0003bcf0:·7275·7074·696f·6e3a·3c2f·7468·3e3c·7464··ruption:</th><td
0003bd00:·3e6c·6f77·3c2f·7464·3e3c·2f74·~~723e~~·3c~~74··~~>low</td></~~tr><~~t		0003bcd0:·3e3c·7464·3e6c·6f77·3c2f·7464·3e3c·2f74··><td>low</td></t
		0003bce0:·723e·3c74·723e·3c74·683e·4469·7372·7570··r><tr><th>Disrup
		0003bcf0:·7469·6f6e·3a3c·2f74·683e·3c74·643e·6c6f··tion:</th><td>lo
		0003bd00:·773c·2f74·643e·3c2f·7472·3e3c·7472·3e3c··w</td></tr><tr><
		0003bd10:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
		0003bd20:·3e3c·7464·3e65·6e61·626c·653c·2f74·643e··><td>enable</td>
		0003bd30:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
		0003bd40:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
		0003bd50:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
		0003bd60:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
		0003bd70:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
		0003bd80:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker
		0003bd90:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&&
		0003bda0:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co
		0003bdb0:·6e74·6169·6e65·7265·6e76·205d·3b20·7468··ntainerenv·];·th
		0003bdc0:·656e·0a0a·4445·4249·414e·5f46·524f·4e54··en..DEBIAN_FRONT
		0003bdd0:·454e·443d·6e6f·6e69·6e74·6572·6163·7469··END=noninteracti
		0003bde0:·7665·2061·7074·2d67·6574·2069·6e73·7461··ve·apt-get·insta
		0003bdf0:·6c6c·202d·7920·2261·6964·6522·0a0a·656c··ll·-y·"aide"..el
		0003be00:·7365·0a20·2020·2026·6774·3b26·616d·703b··se.····>&
		0003be10:·3220·6563·686f·2027·5265·6d65·6469·6174··2·echo·'Remediat
		0003be20:·696f·6e20·6973·206e·6f74·2061·7070·6c69··ion·is·not·appli
		0003be30:·6361·626c·652c·206e·6f74·6869·6e67·2077··cable,·nothing·w
		0003be40:·6173·2064·6f6e·6527·0a66·690a·3c2f·636f··as·done'.fi.</co
		0003be50:·6465·3e3c·2f70·7265·3e3c·2f64·6976·3e3c··de></pre></div><
		0003be60:·6120·636c·6173·733d·2262·746e·2062·746e··a·class="btn·btn
		0003be70:·2d73·7563·6365·7373·2220·6461·7461·2d74··-success"·data-t
0003bd10:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
0003bd20:·2f74·683e·3c74·643e·656e·6162·6c65·3c2f··/th><td>enable</
0003bd30:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
0003bd40:·3c70·7265·3e3c·636f·6465·3e2d·206e·616d··<pre><code>-·nam
0003bd50:·653a·2045·6e73·7572·6520·6169·6465·2069··e:·Ensure·aide·i
0003bd60:·7320·696e·7374·616c·6c65·640a·2020·7061··s·installed.··pa
0003bd70:·636b·6167·653a·0a20·2020·206e·616d·653a··ckage:.····name:
0003bd80:·2061·6964·650a·2020·2020·7374·6174·653a···aide.····state:
0003bd90:·2070·7265·7365·6e74·0a20·2077·6865·6e3a···present.··when:
0003bda0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
0003bdb0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
0003bdc0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
0003bdd0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
0003bde0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
0003bdf0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
0003be00:·202d·2043·4a49·532d·352e·3130·2e31·2e33···-·CJIS-5.10.1.3
0003be10:·0a20·202d·2044·4953·412d·5354·4947·2d55··.··-·DISA-STIG-U
0003be20:·4254·552d·3230·2d30·3130·3435·300a·2020··BTU-20-010450.··
0003be30:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM
0003be40:·2d36·2861·290a·2020·2d20·5043·492d·4453··-6(a).··-·PCI-DS
0003be50:·532d·5265·712d·3131·2e35·0a20·202d·2065··S-Req-11.5.··-·e
0003be60:·6e61·626c·655f·7374·7261·7465·6779·0a20··nable_strategy.·
0003be70:·202d·206c·6f77·5f63·6f6d·706c·6578·6974···-·low_complexit
0003be80:·790a·2020·2d20·6c6f·775f·6469·7372·7570··y.··-·low_disrup
0003be90:·7469·6f6e·0a20·202d·206d·6564·6975·6d5f··tion.··-·medium_
0003bea0:·7365·7665·7269·7479·0a20·202d·206e·6f5f··severity.··-·no_
0003beb0:·7265·626f·6f74·5f6e·6565·6465·640a·2020··reboot_needed.··
0003bec0:·2d20·7061·636b·6167·655f·6169·6465·5f69··-·package_aide_i
0003bed0:·6e73·7461·6c6c·6564·0a3c·2f63·6f64·653e··nstalled.</code>
0003bee0:·3c2f·7072·653e·3c2f·6469·763e·3c61·2063··</pre></div><a·c
0003bef0:·6c61·7373·3d22·6274·6e20·6274·6e2d·7375··lass="btn·btn-su
0003bf00:·6363·6573·7322·2064·6174·612d·746f·6767··ccess"·data-togg
0003bf10:·6c65·3d22·636f·6c6c·6170·7365·2220·6461··le="collapse"·da
0003bf20:·7461·2d74·6172·6765·743d·2223·6964·6d32··ta-target="#idm2
0003bf30:·3835·3122·2074·6162·696e·6465·783d·2230··851"·tabindex="0
0003bf40:·2220·726f·6c65·3d22·6275·7474·6f6e·2220··"·role="button"·
0003bf50:·6172·6961·2d65·7870·616e·6465·643d·2266··aria-expanded="f
0003bf60:·616c·7365·2220·7469·746c·653d·2241·6374··alse"·title="Act
0003bf70:·6976·6174·6520·746f·2072·6576·6561·6c22··ivate·to·reveal"
0003bf80:·2068·7265·663d·2223·2122·3e52·656d·6564···href="#!">Remed
0003bf90:·6961·7469·6f6e·204f·5342·7569·6c64·2042··iation·OSBuild·B
0003bfa0:·6c75·6570·7269·6e74·2073·6e69·7070·6574··lueprint·snippet
0003bfb0:·20e2·87b2·3c2f·613e·3c62·723e·3c64·6976···...</a><br><div
0003bfc0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0003bfd0:·6c6c·6~~170~~·~~7365~~·2063·6f6c·6c61·7073·6522··~~llapse·~~collapse"		0003be80:·6f67·676c·653d·2263·6f6c·6c61·7073·6522··oggle="collapse"
0003bfe0:·2069·643d·2269·646d·3238·3531·223e·3c70···id="idm2851"><p
0003bff0:·7265·3e3c·636f·6465·3e0a·5b5b·7061·636b··re><code>.[[pack
0003c000:·6167·6573·5d5d·0a6e·616d·6520·3d20·2261··ages]].name·=·"a
0003c010:·6964·6522·0a76·6572·7369·6f6e·203d·2022··ide".version·=·"
0003c020:·2a22·0a3c·2f63·6f64·653e·3c2f·7072·653e··*".</code></pre>
0003c030:·3c2f·6469·763e·3c61·2063·6c61·7373·3d22··</div><a·class="
0003c040:·6274·6e20·6274·6e2d·7375·6363·6573·7322··btn·btn-success"
0003~~c05~~0:·2064·6174·612d·746f·6767·6~~c65~~·3d22·636f···data-toggle="co		0003be90:·2064·6174·612d·7461·7267·6574·3d22·2369···data-target="#i
Max diff block lines reached; 3579015/3595905 bytes (99.53%) of diff not shown.


Offset 14285, 15 lines modified		Offset 14285, 15 lines modified
00037cc0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu		00037cc0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
00037cd0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<		00037cd0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
00037ce0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s		00037ce0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
00037cf0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l		00037cf0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
00037d00:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<		00037d00:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
00037d10:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······		00037d10:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
00037d20:·2020·2020·2020·2020·2020·2020·2028·6173···············(as		00037d20:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
00037d30:·206f·6620·3230·3234·2d30·312d·3232·290a···of·2024-01-22).		00037d30:·206f·6620·3230·3235·2d30·322d·3233·290a···of·2025-02-23).
00037d40:·2020·2020·2020·2020·2020·2020·2020·2020··················		00037d40:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037d50:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>		00037d50:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
00037d60:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con		00037d60:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
00037d70:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l		00037d70:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
00037d80:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd		00037d80:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
00037d90:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject		00037d90:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
00037da0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s		00037da0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
Offset 15283, 124 lines modified		Offset 15283, 124 lines modified
0003bb20:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id		0003bb20:·6461·7461·2d74·6172·6765·743d·2223·6964··data-target="#id
0003bb30:·6d32·3835·3022·2074·6162·696e·6465·783d··m2850"·tabindex=		0003bb30:·6d32·3835·3022·2074·6162·696e·6465·783d··m2850"·tabindex=
0003bb40:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button		0003bb40:·2230·2220·726f·6c65·3d22·6275·7474·6f6e··"0"·role="button
0003bb50:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=		0003bb50:·2220·6172·6961·2d65·7870·616e·6465·643d··"·aria-expanded=
0003bb60:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A		0003bb60:·2266·616c·7365·2220·7469·746c·653d·2241··"false"·title="A
0003bb70:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea		0003bb70:·6374·6976·6174·6520·746f·2072·6576·6561··ctivate·to·revea
0003bb80:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem		0003bb80:·6c22·2068·7265·663d·2223·2122·3e52·656d··l"·href="#!">Rem
0003bb90:·6564·6961·7469·6f6e·2041·6~~e73~~·6962·~~6c65~~··ediation·~~Ansible~~		0003bb90:·6564·6961·7469·6f6e·2053·6865·6c6c·2073··ediation·Shell·s
		0003bba0:·6372·6970·7420·e287·b23c·2f61·3e3c·6272··cript·...</a><br
		0003bbb0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
		0003bbc0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
		0003bbd0:·6170·7365·2220·6964·3d22·6964·6d32·3835··apse"·id="idm285
		0003bbe0:·3022·3e3c·7461·626c·6520·636c·6173·733d··0"><table·class=
		0003bbf0:·2274·6162·6c65·2074·6162·6c65·2d73·7472··"table·table-str
		0003bc00:·6970·6564·2074·6162·6c65·2d62·6f72·6465··iped·table-borde
		0003bc10:·7265·6420·7461·626c·652d·636f·6e64·656e··red·table-conden
		0003bc20:·7365·6422·3e3c·7472·3e3c·7468·3e43·6f6d··sed"><tr><th>Com
		0003bc30:·706c·6578·6974·793a·3c2f·7468·3e3c·7464··plexity:</th><td
0003bba0:·2073·6e69·7070·6574·20e2·87b2·3c2f·613e···snippet·...</a>
0003bbb0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
0003bbc0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
0003bbd0:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
0003bbe0:·3238·3530·223e·3c74·6162·6c65·2063·6c61··2850"><table·cla
0003bbf0:·7373·3d22·7461·626c·6520·7461·626c·652d··ss="table·table-
0003bc00:·7374·7269·7065·6420·7461·626c·652d·626f··striped·table-bo
0003bc10:·7264·6572·6564·2074·6162·6c65·2d63·6f6e··rdered·table-con
0003bc20:·6465·6e73·6564·223e·3c74·723e·3c74·683e··densed"><tr><th>
0003bc30:·436f·6d70·6c65·7869·7479·3a3c·2f74·683e··Complexity:</th>
0003bc40:·3c74·643e·6c6f·773c·2f74·643e·3c2f·7472··<td>low</td></tr
0003bc50:·3e3c·7472·3e3c·7468·3e44·6973·7275·7074··><tr><th>Disrupt
0003bc60:·696f·6e3a·3c2f·7468·3e3c·7464·3e6c·6f77··ion:</th><td>low
0003bc70:·3c2f·7464·3e3c·2f74·723e·3c74·~~723e~~·3c~~74··~~</td></~~tr><~~tr><t		0003bc40:·3e6c·6f77·3c2f·7464·3e3c·2f74·723e·3c74··>low</td></tr><t
		0003bc50:·723e·3c74·683e·4469·7372·7570·7469·6f6e··r><th>Disruption
		0003bc60:·3a3c·2f74·683e·3c74·643e·6c6f·773c·2f74··:</th><td>low</t
		0003bc70:·643e·3c2f·7472·3e3c·7472·3e3c·7468·3e53··d></tr><tr><th>S
		0003bc80:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
		0003bc90:·3e65·6e61·626c·653c·2f74·643e·3c2f·7472··>enable</td></tr
		0003bca0:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
		0003bcb0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
		0003bcc0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
		0003bcd0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
		0003bce0:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!
		0003bcf0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
		0003bd00:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&&·[·!
		0003bd10:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
		0003bd20:·6e65·7265·6e76·205d·3b20·7468·656e·0a0a··nerenv·];·then..
		0003bd30:·4445·4249·414e·5f46·524f·4e54·454e·443d··DEBIAN_FRONTEND=
		0003bd40:·6e6f·6e69·6e74·6572·6163·7469·7665·2061··noninteractive·a
		0003bd50:·7074·2d67·6574·2069·6e73·7461·6c6c·202d··pt-get·install·-
		0003bd60:·7920·2261·6964·6522·0a0a·656c·7365·0a20··y·"aide"..else.·
		0003bd70:·2020·2026·6774·3b26·616d·703b·3220·6563·····>&2·ec
		0003bd80:·686f·2027·5265·6d65·6469·6174·696f·6e20··ho·'Remediation·
		0003bd90:·6973·206e·6f74·2061·7070·6c69·6361·626c··is·not·applicabl
		0003bda0:·652c·206e·6f74·6869·6e67·2077·6173·2064··e,·nothing·was·d
		0003bdb0:·6f6e·6527·0a66·690a·3c2f·636f·6465·3e3c··one'.fi.</code><
		0003bdc0:·2f70·7265·3e3c·2f64·6976·3e3c·6120·636c··/pre></div><a·cl
		0003bdd0:·6173·733d·2262·746e·2062·746e·2d73·7563··ass="btn·btn-suc
		0003bde0:·6365·7373·2220·6461·7461·2d74·6f67·676c··cess"·data-toggl
0003bc80:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
0003bc90:·3c74·643e·656e·6162·6c65·3c2f·7464·3e3c··<td>enable</td><
0003bca0:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
0003bcb0:·3e3c·636f·6465·3e2d·206e·616d·653a·2045··><code>-·name:·E
0003bcc0:·6e73·7572·6520·6169·6465·2069·7320·696e··nsure·aide·is·in
0003bcd0:·7374·616c·6c65·640a·2020·7061·636b·6167··stalled.··packag
0003bce0:·653a·0a20·2020·206e·616d·653a·2061·6964··e:.····name:·aid
0003bcf0:·650a·2020·2020·7374·6174·653a·2070·7265··e.····state:·pre
0003bd00:·7365·6e74·0a20·2077·6865·6e3a·2061·6e73··sent.··when:·ans
0003bd10:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
0003bd20:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
0003bd30:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
0003bd40:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
0003bd50:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
0003bd60:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
0003bd70:·4a49·532d·352e·3130·2e31·2e33·0a20·202d··JIS-5.10.1.3.··-
0003bd80:·2044·4953·412d·5354·4947·2d55·4254·552d···DISA-STIG-UBTU-
0003bd90:·3230·2d30·3130·3435·300a·2020·2d20·4e49··20-010450.··-·NI
0003bda0:·5354·2d38·3030·2d35·332d·434d·2d36·2861··ST-800-53-CM-6(a
0003bdb0:·290a·2020·2d20·5043·492d·4453·532d·5265··).··-·PCI-DSS-Re
0003bdc0:·712d·3131·2e35·0a20·202d·2065·6e61·626c··q-11.5.··-·enabl
0003bdd0:·655f·7374·7261·7465·6779·0a20·202d·206c··e_strategy.··-·l
0003bde0:·6f77·5f63·6f6d·706c·6578·6974·790a·2020··ow_complexity.··
0003bdf0:·2d20·6c6f·775f·6469·7372·7570·7469·6f6e··-·low_disruption
0003be00:·0a20·202d·206d·6564·6975·6d5f·7365·7665··.··-·medium_seve
0003be10:·7269·7479·0a20·202d·206e·6f5f·7265·626f··rity.··-·no_rebo
0003be20:·6f74·5f6e·6565·6465·640a·2020·2d20·7061··ot_needed.··-·pa
0003be30:·636b·6167·655f·6169·6465·5f69·6e73·7461··ckage_aide_insta
0003be40:·6c6c·6564·0a3c·2f63·6f64·653e·3c2f·7072··lled.</code></pr
0003be50:·653e·3c2f·6469·763e·3c61·2063·6c61·7373··e></div><a·class
0003be60:·3d22·6274·6e20·6274·6e2d·7375·6363·6573··="btn·btn-succes
0003be70:·7322·2064·6174·612d·746f·6767·6c65·3d22··s"·data-toggle="
0003be80:·636f·6c6c·6170·7365·2220·6461·7461·2d74··collapse"·data-t
0003be90:·6172·6765·743d·2223·6964·6d32·3835·3122··arget="#idm2851"
0003bea0:·2074·6162·696e·6465·783d·2230·2220·726f···tabindex="0"·ro
0003beb0:·6c65·3d22·6275·7474·6f6e·2220·6172·6961··le="button"·aria
0003bec0:·2d65·7870·616e·6465·643d·2266·616c·7365··-expanded="false
0003bed0:·2220·7469·746c·653d·2241·6374·6976·6174··"·title="Activat
0003bee0:·6520·746f·2072·6576·6561·6c22·2068·7265··e·to·reveal"·hre
0003bef0:·663d·2223·2122·3e52·656d·6564·6961·7469··f="#!">Remediati
0003bf00:·6f6e·204f·5342·7569·6c64·2042·6c75·6570··on·OSBuild·Bluep
0003bf10:·7269·6e74·2073·6e69·7070·6574·20e2·87b2··rint·snippet·...
0003bf20:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
0003bf30:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
0003bf40:·~~7365~~·2063·6f6c·6c61·7073·6522·2069·6~~43d~~··~~se·~~collapse"·~~id=~~		0003bdf0:·653d·2263·6f6c·6c61·7073·6522·2064·6174··e="collapse"·dat
0003bf50:·2269·646d·3238·3531·223e·3c70·7265·3e3c··"idm2851"><pre><
0003bf60:·636f·6465·3e0a·5b5b·7061·636b·6167·6573··code>.[[packages
0003bf70:·5d5d·0a6e·616d·6520·3d20·2261·6964·6522··]].name·=·"aide"
0003bf80:·0a76·6572·7369·6f6e·203d·2022·2a22·0a3c··.version·=·"*".<
0003bf90:·2f63·6f64·653e·3c2f·7072·653e·3c2f·6469··/code></pre></di
0003bfa0:·763e·3c61·2063·6c61·7373·3d22·6274·6e20··v><a·class="btn·
0003bfb0:·6274·6e2d·7375·6363·6573·7322·2064·6174··btn-success"·dat
0003bfc0:·612d·746f·6767·6c65·3d22·636f·6c6c·6170··a-toggle="collap
Max diff block lines reached; 3459909/3476799 bytes (99.51%) of diff not shown.


Offset 14297, 16 lines modified		Offset 14297, 16 lines modified
00037d80:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h2		00037d80:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h2
00037d90:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers		00037d90:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers
00037da0:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1		00037da0:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1
00037db0:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>		00037db0:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>
00037dc0:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>		00037dc0:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>
00037dd0:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·		00037dd0:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·
00037de0:·2020·2020·2020·2020·2020·2020·2020·2020··················		00037de0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037df0:·2020·2028·6173·206f·6620·3230·3234·2d30·····(as·of·2024-0		00037df0:·2020·2028·6173·206f·6620·3230·3235·2d30·····(as·of·2025-0
00037e00:·312d·3232·290a·2020·2020·2020·2020·2020··1-22).··········		00037e00:·322d·3233·290a·2020·2020·2020·2020·2020··2-23).··········
00037e10:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>		00037e10:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>
00037e20:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·		00037e20:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·
00037e30:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>		00037e30:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>
00037e40:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=		00037e40:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=
00037e50:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp		00037e50:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp
00037e60:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g		00037e60:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g
00037e70:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys		00037e70:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys
Offset 15268, 124 lines modified		Offset 15268, 124 lines modified
0003ba30:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#		0003ba30:·2220·6461·7461·2d74·6172·6765·743d·2223··"·data-target="#
0003ba40:·6964·6d32·3835·3022·2074·6162·696e·6465··idm2850"·tabinde		0003ba40:·6964·6d32·3835·3022·2074·6162·696e·6465··idm2850"·tabinde
0003ba50:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt		0003ba50:·783d·2230·2220·726f·6c65·3d22·6275·7474··x="0"·role="butt
0003ba60:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande		0003ba60:·6f6e·2220·6172·6961·2d65·7870·616e·6465··on"·aria-expande
0003ba70:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=		0003ba70:·643d·2266·616c·7365·2220·7469·746c·653d··d="false"·title=
0003ba80:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev		0003ba80:·2241·6374·6976·6174·6520·746f·2072·6576··"Activate·to·rev
0003ba90:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R		0003ba90:·6561·6c22·2068·7265·663d·2223·2122·3e52··eal"·href="#!">R
0003baa0:·656d·6564·6961·7469·6f6e·2041·6~~e73~~·6962··emediation·~~Ansib~~		0003baa0:·656d·6564·6961·7469·6f6e·2053·6865·6c6c··emediation·Shell
		0003bab0:·2073·6372·6970·7420·e287·b23c·2f61·3e3c···script·...</a><
		0003bac0:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
		0003bad0:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
		0003bae0:·6c6c·6170·7365·2220·6964·3d22·6964·6d32··llapse"·id="idm2
		0003baf0:·3835·3022·3e3c·7461·626c·6520·636c·6173··850"><table·clas
		0003bb00:·733d·2274·6162·6c65·2074·6162·6c65·2d73··s="table·table-s
		0003bb10:·7472·6970·6564·2074·6162·6c65·2d62·6f72··triped·table-bor
		0003bb20:·6465·7265·6420·7461·626c·652d·636f·6e64··dered·table-cond
		0003bb30:·656e·7365·6422·3e3c·7472·3e3c·7468·3e43··ensed"><tr><th>C
		0003bb40:·6f6d·706c·6578·6974·793a·3c2f·7468·3e3c··omplexity:</th><
0003bab0:·6c65·2073·6e69·7070·6574·20e2·87b2·3c2f··le·snippet·...</
0003bac0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
0003bad0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
0003bae0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
0003baf0:·646d·3238·3530·223e·3c74·6162·6c65·2063··dm2850"><table·c
0003bb00:·6c61·7373·3d22·7461·626c·6520·7461·626c··lass="table·tabl
0003bb10:·652d·7374·7269·7065·6420·7461·626c·652d··e-striped·table-
0003bb20:·626f·7264·6572·6564·2074·6162·6c65·2d63··bordered·table-c
0003bb30:·6f6e·6465·6e73·6564·223e·3c74·723e·3c74··ondensed"><tr><t
0003bb40:·683e·436f·6d70·6c65·7869·7479·3a3c·2f74··h>Complexity:</t
0003bb50:·683e·3c74·643e·6c6f·773c·2f74·643e·3c2f··h><td>low</td></
0003bb60:·7472·3e3c·7472·3e3c·7468·3e44·6973·7275··tr><tr><th>Disru
0003bb70:·7074·696f·6e3a·3c2f·7468·3e3c·7464·3e6c··ption:</th><td>l
0003bb80:·6f77·3c2f·7464·3e3c·2f74·723e·~~3c74~~·72~~3e··~~ow</td></~~tr><~~tr>		0003bb50:·7464·3e6c·6f77·3c2f·7464·3e3c·2f74·723e··td>low</td></tr>
		0003bb60:·3c74·723e·3c74·683e·4469·7372·7570·7469··<tr><th>Disrupti
		0003bb70:·6f6e·3a3c·2f74·683e·3c74·643e·6c6f·773c··on:</th><td>low<
		0003bb80:·2f74·643e·3c2f·7472·3e3c·7472·3e3c·7468··/td></tr><tr><th
		0003bb90:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
		0003bba0:·7464·3e65·6e61·626c·653c·2f74·643e·3c2f··td>enable</td></
		0003bbb0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
		0003bbc0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
		0003bbd0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
		0003bbe0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
		0003bbf0:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[
		0003bc00:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
		0003bc10:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&&·[
		0003bc20:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
		0003bc30:·6169·6e65·7265·6e76·205d·3b20·7468·656e··ainerenv·];·then
		0003bc40:·0a0a·4445·4249·414e·5f46·524f·4e54·454e··..DEBIAN_FRONTEN
		0003bc50:·443d·6e6f·6e69·6e74·6572·6163·7469·7665··D=noninteractive
		0003bc60:·2061·7074·2d67·6574·2069·6e73·7461·6c6c···apt-get·install
		0003bc70:·202d·7920·2261·6964·6522·0a0a·656c·7365···-y·"aide"..else
		0003bc80:·0a20·2020·2026·6774·3b26·616d·703b·3220··.····>&2·
		0003bc90:·6563·686f·2027·5265·6d65·6469·6174·696f··echo·'Remediatio
		0003bca0:·6e20·6973·206e·6f74·2061·7070·6c69·6361··n·is·not·applica
		0003bcb0:·626c·652c·206e·6f74·6869·6e67·2077·6173··ble,·nothing·was
		0003bcc0:·2064·6f6e·6527·0a66·690a·3c2f·636f·6465···done'.fi.</code
		0003bcd0:·3e3c·2f70·7265·3e3c·2f64·6976·3e3c·6120··></pre></div><a·
		0003bce0:·636c·6173·733d·2262·746e·2062·746e·2d73··class="btn·btn-s
		0003bcf0:·7563·6365·7373·2220·6461·7461·2d74·6f67··uccess"·data-tog
0003bb90:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
0003bba0:·683e·3c74·643e·656e·6162·6c65·3c2f·7464··h><td>enable</td
0003bbb0:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
0003bbc0:·7265·3e3c·636f·6465·3e2d·206e·616d·653a··re><code>-·name:
0003bbd0:·2045·6e73·7572·6520·6169·6465·2069·7320···Ensure·aide·is·
0003bbe0:·696e·7374·616c·6c65·640a·2020·7061·636b··installed.··pack
0003bbf0:·6167·653a·0a20·2020·206e·616d·653a·2061··age:.····name:·a
0003bc00:·6964·650a·2020·2020·7374·6174·653a·2070··ide.····state:·p
0003bc10:·7265·7365·6e74·0a20·2077·6865·6e3a·2061··resent.··when:·a
0003bc20:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
0003bc30:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
0003bc40:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
0003bc50:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
0003bc60:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
0003bc70:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-
0003bc80:·2043·4a49·532d·352e·3130·2e31·2e33·0a20···CJIS-5.10.1.3.·
0003bc90:·202d·2044·4953·412d·5354·4947·2d55·4254···-·DISA-STIG-UBT
0003bca0:·552d·3230·2d30·3130·3435·300a·2020·2d20··U-20-010450.··-·
0003bcb0:·4e49·5354·2d38·3030·2d35·332d·434d·2d36··NIST-800-53-CM-6
0003bcc0:·2861·290a·2020·2d20·5043·492d·4453·532d··(a).··-·PCI-DSS-
0003bcd0:·5265·712d·3131·2e35·0a20·202d·2065·6e61··Req-11.5.··-·ena
0003bce0:·626c·655f·7374·7261·7465·6779·0a20·202d··ble_strategy.··-
0003bcf0:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity.
0003bd00:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti
0003bd10:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se
0003bd20:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re
0003bd30:·626f·6f74·5f6e·6565·6465·640a·2020·2d20··boot_needed.··-·
0003bd40:·7061·636b·6167·655f·6169·6465·5f69·6e73··package_aide_ins
0003bd50:·7461·6c6c·6564·0a3c·2f63·6f64·653e·3c2f··talled.</code></
0003bd60:·7072·653e·3c2f·6469·763e·3c61·2063·6c61··pre></div><a·cla
0003bd70:·7373·3d22·6274·6e20·6274·6e2d·7375·6363··ss="btn·btn-succ
0003bd80:·6573·7322·2064·6174·612d·746f·6767·6c65··ess"·data-toggle
0003bd90:·3d22·636f·6c6c·6170·7365·2220·6461·7461··="collapse"·data
0003bda0:·2d74·6172·6765·743d·2223·6964·6d32·3835··-target="#idm285
0003bdb0:·3122·2074·6162·696e·6465·783d·2230·2220··1"·tabindex="0"·
0003bdc0:·726f·6c65·3d22·6275·7474·6f6e·2220·6172··role="button"·ar
0003bdd0:·6961·2d65·7870·616e·6465·643d·2266·616c··ia-expanded="fal
0003bde0:·7365·2220·7469·746c·653d·2241·6374·6976··se"·title="Activ
0003bdf0:·6174·6520·746f·2072·6576·6561·6c22·2068··ate·to·reveal"·h
0003be00:·7265·663d·2223·2122·3e52·656d·6564·6961··ref="#!">Remedia
0003be10:·7469·6f6e·204f·5342·7569·6c64·2042·6c75··tion·OSBuild·Blu
0003be20:·6570·7269·6e74·2073·6e69·7070·6574·20e2··eprint·snippet·.
0003be30:·87b2·3c2f·613e·3c62·723e·3c64·6976·2063··..</a><br><div·c
0003be40:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0003be50:·6~~170~~·~~7365~~·2063·6f6c·6c61·7073·6522·2069··~~apse·~~collapse"·i		0003bd00:·676c·653d·2263·6f6c·6c61·7073·6522·2064··gle="collapse"·d
0003be60:·643d·2269·646d·3238·3531·223e·3c70·7265··d="idm2851"><pre
0003be70:·3e3c·636f·6465·3e0a·5b5b·7061·636b·6167··><code>.[[packag
0003be80:·6573·5d5d·0a6e·616d·6520·3d20·2261·6964··es]].name·=·"aid
0003be90:·6522·0a76·6572·7369·6f6e·203d·2022·2a22··e".version·=·"*"
0003bea0:·0a3c·2f63·6f64·653e·3c2f·7072·653e·3c2f··.</code></pre></
0003beb0:·6469·763e·3c61·2063·6c61·7373·3d22·6274··div><a·class="bt
0003bec0:·6e20·6274·6e2d·7375·6363·6573·7322·2064··n·btn-success"·d
Max diff block lines reached; 13866803/13883831 bytes (99.88%) of diff not shown.


Offset 41, 15 lines modified		Offset 41, 15 lines modified
41	Profile·Title·Canonical·Ubuntu·20.04·LTS·Security·Technical·Implementation	41	Profile·Title·Canonical·Ubuntu·20.04·LTS·Security·Technical·Implementation
42	··············Guide·(STIG)·V1R1	42	··············Guide·(STIG)·V1R1
43	Profile·ID····xccdf_org.ssgproject.content_profile_stig	43	Profile·ID····xccdf_org.ssgproject.content_profile_stig
44	*·CPE·Platforms·*	44	*·CPE·Platforms·*
45	····*·cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~	45	····*·cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~
46	***·Revision·History·***	46	***·Revision·History·***
47	Current·version:·0.1.65	47	Current·version:·0.1.65
48	····*·draft·(as·of·2024-01-22)	48	····*·draft·(as·of·2025-02-23)
49	***·Table·of·Contents·***	49	***·Table·of·Contents·***
50	···1.·System_Settings	50	···1.·System_Settings
51	·········1.·Installing_and_Maintaining_Software	51	·········1.·Installing_and_Maintaining_Software
52	·········2.·Account_and_Access_Control	52	·········2.·Account_and_Access_Control
53	·········3.·System_Accounting_with_auditd	53	·········3.·System_Accounting_with_auditd
54	·········4.·AppArmor	54	·········4.·AppArmor
55	·········5.·GRUB2_bootloader_configuration	55	·········5.·GRUB2_bootloader_configuration
Offset 111, 14 lines modified		Offset 111, 26 lines modified
111	include·install_aide	111	include·install_aide

112	class·install_aide·{	112	class·install_aide·{
113	··package·{·'aide':	113	··package·{·'aide':
114	····ensure·=>·'installed',	114	····ensure·=>·'installed',
115	··}	115	··}
116	}	116	}
		117	Remediation_Shell_script_⇲
		118	Complexity:·low
		119	Disruption:·low
		120	Strategy:···enable
		121	#·Remediation·is·applicable·only·in·certain·platforms
		122	if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then

		123	DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"

		124	else
		125	····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
		126	fi
117	Remediation_Ansible_snippet_⇲	127	Remediation_Ansible_snippet_⇲
118	Complexity:·low	128	Complexity:·low
119	Disruption:·low	129	Disruption:·low
120	Strategy:···enable	130	Strategy:···enable
121	-·name:·Ensure·aide·is·installed	131	-·name:·Ensure·aide·is·installed
122	··package:	132	··package:
123	····name:·aide	133	····name:·aide
Offset 136, 26 lines modified		Offset 148, 14 lines modified
136	··-·no_reboot_needed	148	··-·no_reboot_needed
137	··-·package_aide_installed	149	··-·package_aide_installed
138	Remediation_OSBuild_Blueprint_snippet_⇲	150	Remediation_OSBuild_Blueprint_snippet_⇲

139	[[packages]]	151	[[packages]]
140	name·=·"aide"	152	name·=·"aide"
141	version·=·"*"	153	version·=·"*"
142	Remediation_Shell_script_⇲
143	Complexity:·low
144	Disruption:·low
145	Strategy:···enable
146	#·Remediation·is·applicable·only·in·certain·platforms
147	if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then

148	DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"

149	else
150	····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
151	fi
152	*·Rule ·Configure·AIDE·to·Verify·the·Audit·Tools· [ref]·*	154	*·Rule ·Configure·AIDE·to·Verify·the·Audit·Tools· [ref]·*
153	The·operating·system·file·integrity·tool·must·be·configured·to·protect·the·integrity·of·the	155	The·operating·system·file·integrity·tool·must·be·configured·to·protect·the·integrity·of·the
154	audit·tools.	156	audit·tools.
155	················Protecting·the·integrity·of·the·tools·used·for·auditing·purposes·is·a·critical	157	················Protecting·the·integrity·of·the·tools·used·for·auditing·purposes·is·a·critical
156	················step·toward·ensuring·the·integrity·of·audit·information.·Audit·information	158	················step·toward·ensuring·the·integrity·of·audit·information.·Audit·information
157	················includes·all·information·(e.g.,·audit·records,·audit·settings,·and·audit	159	················includes·all·information·(e.g.,·audit·records,·audit·settings,·and·audit
158	················reports)·needed·to·successfully·audit·information·system·activity.·Audit·tools	160	················reports)·needed·to·successfully·audit·information·system·activity.·Audit·tools
Offset 275, 14 lines modified		Offset 275, 29 lines modified
275	············BAI02.01,·BAI03.05,·BAI06.01,·BAI10.01,·BAI10.02,·BAI10.03,·BAI10.05,·DSS01.03,·DSS03.05,·DSS04.07,	275	············BAI02.01,·BAI03.05,·BAI06.01,·BAI10.01,·BAI10.02,·BAI10.03,·BAI10.05,·DSS01.03,·DSS03.05,·DSS04.07,
276	Identifiers·DSS05.02,·DSS05.03,·DSS05.05,·DSS05.07,·DSS06.02,·DSS06.06,·CCI-001744,·CCI-002699,·CCI-002702,	276	Identifiers·DSS05.02,·DSS05.03,·DSS05.05,·DSS05.07,·DSS06.02,·DSS06.06,·CCI-001744,·CCI-002699,·CCI-002702,
277	and·········4.3.4.3.2,·4.3.4.3.3,·4.3.4.4.4,·SR_3.1,·SR_3.3,·SR_3.4,·SR_3.8,·SR_4.1,·SR_6.2,·SR_7.6,·A.11.2.4,	277	and·········4.3.4.3.2,·4.3.4.3.3,·4.3.4.4.4,·SR_3.1,·SR_3.3,·SR_3.4,·SR_3.8,·SR_4.1,·SR_6.2,·SR_7.6,·A.11.2.4,
278	References··A.12.1.2,·A.12.2.1,·A.12.4.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,	278	References··A.12.1.2,·A.12.2.1,·A.12.4.1,·A.12.5.1,·A.12.6.2,·A.14.1.2,·A.14.1.3,·A.14.2.2,·A.14.2.3,·A.14.2.4,
279	············A.14.2.7,·A.15.2.1,·A.8.2.3,·SI-7,·SI-7(1),·CM-6(a),·DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,	279	············A.14.2.7,·A.15.2.1,·A.8.2.3,·SI-7,·SI-7(1),·CM-6(a),·DE.CM-1,·DE.CM-7,·PR.DS-1,·PR.DS-6,·PR.DS-8,
280	············PR.IP-1,·PR.IP-3,·Req-11.5,·SRG-OS-000363-GPOS-00150,·SRG-OS-000446-GPOS-00200,·SRG-OS-000447-GPOS-	280	············PR.IP-1,·PR.IP-3,·Req-11.5,·SRG-OS-000363-GPOS-00150,·SRG-OS-000446-GPOS-00200,·SRG-OS-000447-GPOS-
281	············00201,·UBTU-20-010074,·1.4.2	281	············00201,·UBTU-20-010074,·1.4.2
		282	Remediation_Shell_script_⇲
		283	#·Remediation·is·applicable·only·in·certain·platforms
		284	if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then

		285	DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"

		286	#·AiDE·usually·adds·its·own·cron·jobs·to·/etc/cron.daily.·If·script·is·there,·this·rule·is
		287	#·compliant.·Otherwise,·we·copy·the·script·to·the·/etc/cron.weekly
		288	if·!·egrep·-q·'^(/usr/bin/)?aide\.wrapper\s+'·/etc/cron./;·then
		289	····cp·-f·/usr/share/aide/config/cron.daily/aide·/etc/cron.weekly/
		290	fi

		291	else
		292	····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
		293	fi
282	Remediation_Ansible_snippet_⇲	294	Remediation_Ansible_snippet_⇲
283	Complexity:·low	295	Complexity:·low
284	Disruption:·low	296	Disruption:·low
285	Strategy:···restrict	297	Strategy:···restrict
286	-·name:·Ensure·AIDE·is·installed	298	-·name:·Ensure·AIDE·is·installed
287	··package:	299	··package:
288	····name:·'{{·item·}}'	300	····name:·'{{·item·}}'
Offset 381, 29 lines modified		Offset 396, 14 lines modified
381	··-·PCI-DSS-Req-11.5	396	··-·PCI-DSS-Req-11.5
382	··-·aide_periodic_cron_checking	397	··-·aide_periodic_cron_checking
383	··-·low_complexity	398	··-·low_complexity
384	··-·low_disruption	399	··-·low_disruption
385	··-·medium_severity	400	··-·medium_severity
386	··-·no_reboot_needed	401	··-·no_reboot_needed
387	··-·restrict_strategy	402	··-·restrict_strategy
388	Remediation_Shell_script_⇲
389	#·Remediation·is·applicable·only·in·certain·platforms
390	if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then

391	DEBIAN_FRONTEND=noninteractive·apt-get·install·-y·"aide"

392	#·AiDE·usually·adds·its·own·cron·jobs·to·/etc/cron.daily.·If·script·is·there,·this·rule·is
393	#·compliant.·Otherwise,·we·copy·the·script·to·the·/etc/cron.weekly
394	if·!·egrep·-q·'^(/usr/bin/)?aide\.wrapper\s+'·/etc/cron./;·then
395	····cp·-f·/usr/share/aide/config/cron.daily/aide·/etc/cron.weekly/
396	fi

397	else
398	····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
399	fi
400	Group ·Federal·Information·Processing·Standard·(FIPS)· Group·contains·1·rule	403	Group ·Federal·Information·Processing·Standard·(FIPS)· Group·contains·1·rule
401	[ref] ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is	404	[ref] ·The·Federal·Information·Processing·Standard·(FIPS)·is·a·computer·security·standard·which·is
402	developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic	405	developed·by·the·U.S.·Government·and·industry·working·groups·to·validate·the·quality·of·cryptographic
403	modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different	406	modules.·The·FIPS·standard·provides·four·security·levels·to·ensure·adequate·coverage·of·different
404	industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.	407	industries,·implementation·of·cryptographic·modules,·and·organizational·sizes·and·requirements.
Max diff block lines reached; 980297/985298 bytes (99.49%) of diff not shown.


Offset 138, 16 lines modified		Offset 138, 16 lines modified
138	····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/	138	····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
139	······find:	139	······find:
140	········paths:·/etc/audit/rules.d	140	········paths:·/etc/audit/rules.d
141	········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s\|$)+	141	········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s\|$)+
142	········patterns:·'*.rules'	142	········patterns:·'*.rules'
143	······register:·find_existing_watch_rules_d	143	······register:·find_existing_watch_rules_d
144	······when:	144	······when:
145	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
146	······-·'"audit"·in·ansible_facts.packages'	145	······-·'"audit"·in·ansible_facts.packages'
		146	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
147	······tags:	147	······tags:
148	······-·CJIS-5.4.1.1	148	······-·CJIS-5.4.1.1
149	······-·NIST-800-171-3.1.7	149	······-·NIST-800-171-3.1.7
150	······-·NIST-800-53-AC-2(7)(b)	150	······-·NIST-800-53-AC-2(7)(b)
151	······-·NIST-800-53-AC-6(9)	151	······-·NIST-800-53-AC-6(9)
152	······-·NIST-800-53-AU-12(c)	152	······-·NIST-800-53-AU-12(c)
153	······-·NIST-800-53-AU-2(d)	153	······-·NIST-800-53-AU-2(d)
Offset 164, 16 lines modified		Offset 164, 16 lines modified
164	····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions	164	····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
165	······find:	165	······find:
166	········paths:·/etc/audit/rules.d	166	········paths:·/etc/audit/rules.d
167	········contains:·^.*(?:-F·key=\|-k\s+)actions$	167	········contains:·^.*(?:-F·key=\|-k\s+)actions$
168	········patterns:·'*.rules'	168	········patterns:·'*.rules'
169	······register:·find_watch_key	169	······register:·find_watch_key
170	······when:	170	······when:
171	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
172	······-·'"audit"·in·ansible_facts.packages'	171	······-·'"audit"·in·ansible_facts.packages'
		172	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
173	······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched	173	······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
174	········==·0	174	········==·0
175	······tags:	175	······tags:
176	······-·CJIS-5.4.1.1	176	······-·CJIS-5.4.1.1
177	······-·NIST-800-171-3.1.7	177	······-·NIST-800-171-3.1.7
178	······-·NIST-800-53-AC-2(7)(b)	178	······-·NIST-800-53-AC-2(7)(b)
179	······-·NIST-800-53-AC-6(9)	179	······-·NIST-800-53-AC-6(9)
Offset 190, 16 lines modified		Offset 190, 16 lines modified
190	······-·restrict_strategy	190	······-·restrict_strategy

191	····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule	191	····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
192	······set_fact:	192	······set_fact:
193	········all_files:	193	········all_files:
194	········-·/etc/audit/rules.d/actions.rules	194	········-·/etc/audit/rules.d/actions.rules
195	······when:	195	······when:
196	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
197	······-·'"audit"·in·ansible_facts.packages'	196	······-·'"audit"·in·ansible_facts.packages'
		197	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
198	······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched	198	······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
199	········is·defined·and·find_existing_watch_rules_d.matched·==·0	199	········is·defined·and·find_existing_watch_rules_d.matched·==·0
200	······tags:	200	······tags:
201	······-·CJIS-5.4.1.1	201	······-·CJIS-5.4.1.1
202	······-·NIST-800-171-3.1.7	202	······-·NIST-800-171-3.1.7
203	······-·NIST-800-53-AC-2(7)(b)	203	······-·NIST-800-53-AC-2(7)(b)
204	······-·NIST-800-53-AC-6(9)	204	······-·NIST-800-53-AC-6(9)
Offset 216, 16 lines modified		Offset 216, 16 lines modified
216	······-·restrict_strategy	216	······-·restrict_strategy

217	····-·name:·Use·matched·file·as·the·recipient·for·the·rule	217	····-·name:·Use·matched·file·as·the·recipient·for·the·rule
218	······set_fact:	218	······set_fact:
219	········all_files:	219	········all_files:
220	········-·'{{·find_watch_key.files·\|·map(attribute=''path'')·\|·list·\|·first·}}'	220	········-·'{{·find_watch_key.files·\|·map(attribute=''path'')·\|·list·\|·first·}}'
221	······when:	221	······when:
222	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
223	······-·'"audit"·in·ansible_facts.packages'	222	······-·'"audit"·in·ansible_facts.packages'
		223	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
224	······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched	224	······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
225	········is·defined·and·find_existing_watch_rules_d.matched·==·0	225	········is·defined·and·find_existing_watch_rules_d.matched·==·0
226	······tags:	226	······tags:
227	······-·CJIS-5.4.1.1	227	······-·CJIS-5.4.1.1
228	······-·NIST-800-171-3.1.7	228	······-·NIST-800-171-3.1.7
229	······-·NIST-800-53-AC-2(7)(b)	229	······-·NIST-800-53-AC-2(7)(b)
230	······-·NIST-800-53-AC-6(9)	230	······-·NIST-800-53-AC-6(9)
Offset 244, 16 lines modified		Offset 244, 16 lines modified
244	····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/	244	····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
245	······lineinfile:	245	······lineinfile:
246	········path:·'{{·all_files[0]·}}'	246	········path:·'{{·all_files[0]·}}'
247	········line:·-w·/etc/sudoers·-p·wa·-k·actions	247	········line:·-w·/etc/sudoers·-p·wa·-k·actions
248	········create:·true	248	········create:·true
249	········mode:·'0640'	249	········mode:·'0640'
250	······when:	250	······when:
251	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
252	······-·'"audit"·in·ansible_facts.packages'	251	······-·'"audit"·in·ansible_facts.packages'
		252	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
253	······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched	253	······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
254	········==·0	254	········==·0
255	······tags:	255	······tags:
256	······-·CJIS-5.4.1.1	256	······-·CJIS-5.4.1.1
257	······-·NIST-800-171-3.1.7	257	······-·NIST-800-171-3.1.7
258	······-·NIST-800-53-AC-2(7)(b)	258	······-·NIST-800-53-AC-2(7)(b)
259	······-·NIST-800-53-AC-6(9)	259	······-·NIST-800-53-AC-6(9)
Offset 272, 16 lines modified		Offset 272, 16 lines modified
272	····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/audit.rules	272	····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/audit.rules
273	······find:	273	······find:
274	········paths:·/etc/audit/	274	········paths:·/etc/audit/
275	········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s\|$)+	275	········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s\|$)+
276	········patterns:·audit.rules	276	········patterns:·audit.rules
277	······register:·find_existing_watch_audit_rules	277	······register:·find_existing_watch_audit_rules
278	······when:	278	······when:
279	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
280	······-·'"audit"·in·ansible_facts.packages'	279	······-·'"audit"·in·ansible_facts.packages'
		280	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
281	······tags:	281	······tags:
282	······-·CJIS-5.4.1.1	282	······-·CJIS-5.4.1.1
283	······-·NIST-800-171-3.1.7	283	······-·NIST-800-171-3.1.7
284	······-·NIST-800-53-AC-2(7)(b)	284	······-·NIST-800-53-AC-2(7)(b)
285	······-·NIST-800-53-AC-6(9)	285	······-·NIST-800-53-AC-6(9)
286	······-·NIST-800-53-AU-12(c)	286	······-·NIST-800-53-AU-12(c)
287	······-·NIST-800-53-AU-2(d)	287	······-·NIST-800-53-AU-2(d)
Offset 299, 16 lines modified		Offset 299, 16 lines modified
299	······lineinfile:	299	······lineinfile:
300	········line:·-w·/etc/sudoers·-p·wa·-k·actions	300	········line:·-w·/etc/sudoers·-p·wa·-k·actions
301	········state:·present	301	········state:·present
302	········dest:·/etc/audit/audit.rules	302	········dest:·/etc/audit/audit.rules
303	········create:·true	303	········create:·true
304	········mode:·'0640'	304	········mode:·'0640'
305	······when:	305	······when:
306	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
307	······-·'"audit"·in·ansible_facts.packages'	306	······-·'"audit"·in·ansible_facts.packages'
		307	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
308	······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched	308	······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched
309	········==·0	309	········==·0
310	······tags:	310	······tags:
311	······-·CJIS-5.4.1.1	311	······-·CJIS-5.4.1.1
312	······-·NIST-800-171-3.1.7	312	······-·NIST-800-171-3.1.7
313	······-·NIST-800-53-AC-2(7)(b)	313	······-·NIST-800-53-AC-2(7)(b)
314	······-·NIST-800-53-AC-6(9)	314	······-·NIST-800-53-AC-6(9)
Offset 327, 16 lines modified		Offset 327, 16 lines modified
327	····-·name:·Check·if·watch·rule·for·/etc/sudoers.d/·already·exists·in·/etc/audit/rules.d/	327	····-·name:·Check·if·watch·rule·for·/etc/sudoers.d/·already·exists·in·/etc/audit/rules.d/
Max diff block lines reached; 7162/12423 bytes (57.65%) of diff not shown.


Offset 1092, 16 lines modified		Offset 1092, 16 lines modified
1092	······-·no_reboot_needed	1092	······-·no_reboot_needed

1093	····-·name:·Test·for·existence·/boot/grub/grub.cfg	1093	····-·name:·Test·for·existence·/boot/grub/grub.cfg
1094	······stat:	1094	······stat:
1095	········path:·/boot/grub/grub.cfg	1095	········path:·/boot/grub/grub.cfg
1096	······register:·file_exists	1096	······register:·file_exists
1097	······when:	1097	······when:
1098	······-·'"grub2-common"·in·ansible_facts.packages'
1099	······-·'"/boot/efi"·not·in·ansible_mounts·\|·map(attribute="mount")·\|·list'	1098	······-·'"/boot/efi"·not·in·ansible_mounts·\|·map(attribute="mount")·\|·list'
		1099	······-·'"grub2-common"·in·ansible_facts.packages'
1100	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]	1100	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1101	······tags:	1101	······tags:
1102	······-·CJIS-5.5.2.2	1102	······-·CJIS-5.5.2.2
1103	······-·NIST-800-171-3.4.5	1103	······-·NIST-800-171-3.4.5
1104	······-·NIST-800-53-AC-6(1)	1104	······-·NIST-800-53-AC-6(1)
1105	······-·NIST-800-53-CM-6(a)	1105	······-·NIST-800-53-CM-6(a)
1106	······-·PCI-DSS-Req-7.1	1106	······-·PCI-DSS-Req-7.1
Offset 1113, 16 lines modified		Offset 1113, 16 lines modified
1113	······-·no_reboot_needed	1113	······-·no_reboot_needed

1114	····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg	1114	····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
1115	······file:	1115	······file:
1116	········path:·/boot/grub/grub.cfg	1116	········path:·/boot/grub/grub.cfg
1117	········owner:·'0'	1117	········owner:·'0'
1118	······when:	1118	······when:
1119	······-·'"grub2-common"·in·ansible_facts.packages'
1120	······-·'"/boot/efi"·not·in·ansible_mounts·\|·map(attribute="mount")·\|·list'	1119	······-·'"/boot/efi"·not·in·ansible_mounts·\|·map(attribute="mount")·\|·list'
		1120	······-·'"grub2-common"·in·ansible_facts.packages'
1121	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]	1121	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1122	······-·file_exists.stat·is·defined·and·file_exists.stat.exists	1122	······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1123	······tags:	1123	······tags:
1124	······-·CJIS-5.5.2.2	1124	······-·CJIS-5.5.2.2
1125	······-·NIST-800-171-3.4.5	1125	······-·NIST-800-171-3.4.5
1126	······-·NIST-800-53-AC-6(1)	1126	······-·NIST-800-53-AC-6(1)
1127	······-·NIST-800-53-CM-6(a)	1127	······-·NIST-800-53-CM-6(a)
Offset 1150, 16 lines modified		Offset 1150, 16 lines modified
1150	······-·no_reboot_needed	1150	······-·no_reboot_needed

1151	····-·name:·Test·for·existence·/boot/grub/grub.cfg	1151	····-·name:·Test·for·existence·/boot/grub/grub.cfg
1152	······stat:	1152	······stat:
1153	········path:·/boot/grub/grub.cfg	1153	········path:·/boot/grub/grub.cfg
1154	······register:·file_exists	1154	······register:·file_exists
1155	······when:	1155	······when:
1156	······-·'"grub2-common"·in·ansible_facts.packages'
1157	······-·'"/boot/efi"·not·in·ansible_mounts·\|·map(attribute="mount")·\|·list'	1156	······-·'"/boot/efi"·not·in·ansible_mounts·\|·map(attribute="mount")·\|·list'
		1157	······-·'"grub2-common"·in·ansible_facts.packages'
1158	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]	1158	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1159	······tags:	1159	······tags:
1160	······-·NIST-800-171-3.4.5	1160	······-·NIST-800-171-3.4.5
1161	······-·NIST-800-53-AC-6(1)	1161	······-·NIST-800-53-AC-6(1)
1162	······-·NIST-800-53-CM-6(a)	1162	······-·NIST-800-53-CM-6(a)
1163	······-·configure_strategy	1163	······-·configure_strategy
1164	······-·file_permissions_grub2_cfg	1164	······-·file_permissions_grub2_cfg
Offset 1169, 16 lines modified		Offset 1169, 16 lines modified
1169	······-·no_reboot_needed	1169	······-·no_reboot_needed

1170	····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg	1170	····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
1171	······file:	1171	······file:
1172	········path:·/boot/grub/grub.cfg	1172	········path:·/boot/grub/grub.cfg
1173	········mode:·u-xs,g-xwrs,o-xwrt	1173	········mode:·u-xs,g-xwrs,o-xwrt
1174	······when:	1174	······when:
1175	······-·'"grub2-common"·in·ansible_facts.packages'
1176	······-·'"/boot/efi"·not·in·ansible_mounts·\|·map(attribute="mount")·\|·list'	1175	······-·'"/boot/efi"·not·in·ansible_mounts·\|·map(attribute="mount")·\|·list'
		1176	······-·'"grub2-common"·in·ansible_facts.packages'
1177	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]	1177	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1178	······-·file_exists.stat·is·defined·and·file_exists.stat.exists	1178	······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1179	······tags:	1179	······tags:
1180	······-·NIST-800-171-3.4.5	1180	······-·NIST-800-171-3.4.5
1181	······-·NIST-800-53-AC-6(1)	1181	······-·NIST-800-53-AC-6(1)
1182	······-·NIST-800-53-CM-6(a)	1182	······-·NIST-800-53-CM-6(a)
1183	······-·configure_strategy	1183	······-·configure_strategy


Offset 1061, 16 lines modified		Offset 1061, 16 lines modified
1061	······-·no_reboot_needed	1061	······-·no_reboot_needed

1062	····-·name:·Test·for·existence·/boot/grub/grub.cfg	1062	····-·name:·Test·for·existence·/boot/grub/grub.cfg
1063	······stat:	1063	······stat:
1064	········path:·/boot/grub/grub.cfg	1064	········path:·/boot/grub/grub.cfg
1065	······register:·file_exists	1065	······register:·file_exists
1066	······when:	1066	······when:
1067	······-·'"grub2-common"·in·ansible_facts.packages'
1068	······-·'"/boot/efi"·not·in·ansible_mounts·\|·map(attribute="mount")·\|·list'	1067	······-·'"/boot/efi"·not·in·ansible_mounts·\|·map(attribute="mount")·\|·list'
		1068	······-·'"grub2-common"·in·ansible_facts.packages'
1069	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]	1069	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1070	······tags:	1070	······tags:
1071	······-·CJIS-5.5.2.2	1071	······-·CJIS-5.5.2.2
1072	······-·NIST-800-171-3.4.5	1072	······-·NIST-800-171-3.4.5
1073	······-·NIST-800-53-AC-6(1)	1073	······-·NIST-800-53-AC-6(1)
1074	······-·NIST-800-53-CM-6(a)	1074	······-·NIST-800-53-CM-6(a)
1075	······-·PCI-DSS-Req-7.1	1075	······-·PCI-DSS-Req-7.1
Offset 1082, 16 lines modified		Offset 1082, 16 lines modified
1082	······-·no_reboot_needed	1082	······-·no_reboot_needed

1083	····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg	1083	····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
1084	······file:	1084	······file:
1085	········path:·/boot/grub/grub.cfg	1085	········path:·/boot/grub/grub.cfg
1086	········owner:·'0'	1086	········owner:·'0'
1087	······when:	1087	······when:
1088	······-·'"grub2-common"·in·ansible_facts.packages'
1089	······-·'"/boot/efi"·not·in·ansible_mounts·\|·map(attribute="mount")·\|·list'	1088	······-·'"/boot/efi"·not·in·ansible_mounts·\|·map(attribute="mount")·\|·list'
		1089	······-·'"grub2-common"·in·ansible_facts.packages'
1090	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]	1090	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1091	······-·file_exists.stat·is·defined·and·file_exists.stat.exists	1091	······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1092	······tags:	1092	······tags:
1093	······-·CJIS-5.5.2.2	1093	······-·CJIS-5.5.2.2
1094	······-·NIST-800-171-3.4.5	1094	······-·NIST-800-171-3.4.5
1095	······-·NIST-800-53-AC-6(1)	1095	······-·NIST-800-53-AC-6(1)
1096	······-·NIST-800-53-CM-6(a)	1096	······-·NIST-800-53-CM-6(a)
Offset 1119, 16 lines modified		Offset 1119, 16 lines modified
1119	······-·no_reboot_needed	1119	······-·no_reboot_needed

1120	····-·name:·Test·for·existence·/boot/grub/grub.cfg	1120	····-·name:·Test·for·existence·/boot/grub/grub.cfg
1121	······stat:	1121	······stat:
1122	········path:·/boot/grub/grub.cfg	1122	········path:·/boot/grub/grub.cfg
1123	······register:·file_exists	1123	······register:·file_exists
1124	······when:	1124	······when:
1125	······-·'"grub2-common"·in·ansible_facts.packages'
1126	······-·'"/boot/efi"·not·in·ansible_mounts·\|·map(attribute="mount")·\|·list'	1125	······-·'"/boot/efi"·not·in·ansible_mounts·\|·map(attribute="mount")·\|·list'
		1126	······-·'"grub2-common"·in·ansible_facts.packages'
1127	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]	1127	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1128	······tags:	1128	······tags:
1129	······-·NIST-800-171-3.4.5	1129	······-·NIST-800-171-3.4.5
1130	······-·NIST-800-53-AC-6(1)	1130	······-·NIST-800-53-AC-6(1)
1131	······-·NIST-800-53-CM-6(a)	1131	······-·NIST-800-53-CM-6(a)
1132	······-·configure_strategy	1132	······-·configure_strategy
1133	······-·file_permissions_grub2_cfg	1133	······-·file_permissions_grub2_cfg
Offset 1138, 16 lines modified		Offset 1138, 16 lines modified
1138	······-·no_reboot_needed	1138	······-·no_reboot_needed

1139	····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg	1139	····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
1140	······file:	1140	······file:
1141	········path:·/boot/grub/grub.cfg	1141	········path:·/boot/grub/grub.cfg
1142	········mode:·u-xs,g-xwrs,o-xwrt	1142	········mode:·u-xs,g-xwrs,o-xwrt
1143	······when:	1143	······when:
1144	······-·'"grub2-common"·in·ansible_facts.packages'
1145	······-·'"/boot/efi"·not·in·ansible_mounts·\|·map(attribute="mount")·\|·list'	1144	······-·'"/boot/efi"·not·in·ansible_mounts·\|·map(attribute="mount")·\|·list'
		1145	······-·'"grub2-common"·in·ansible_facts.packages'
1146	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]	1146	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1147	······-·file_exists.stat·is·defined·and·file_exists.stat.exists	1147	······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1148	······tags:	1148	······tags:
1149	······-·NIST-800-171-3.4.5	1149	······-·NIST-800-171-3.4.5
1150	······-·NIST-800-53-AC-6(1)	1150	······-·NIST-800-53-AC-6(1)
1151	······-·NIST-800-53-CM-6(a)	1151	······-·NIST-800-53-CM-6(a)
1152	······-·configure_strategy	1152	······-·configure_strategy


Offset 1183, 16 lines modified		Offset 1183, 16 lines modified

1183	····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension	1183	····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1184	······find:	1184	······find:
1185	········paths:·/etc/audit/rules.d/	1185	········paths:·/etc/audit/rules.d/
1186	········patterns:·'*.rules'	1186	········patterns:·'*.rules'
1187	······register:·find_rules_d	1187	······register:·find_rules_d
1188	······when:	1188	······when:
1189	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1190	······-·'"auditd"·in·ansible_facts.packages'	1189	······-·'"auditd"·in·ansible_facts.packages'
		1190	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1191	······tags:	1191	······tags:
1192	······-·CJIS-5.4.1.1	1192	······-·CJIS-5.4.1.1
1193	······-·NIST-800-171-3.3.1	1193	······-·NIST-800-171-3.3.1
1194	······-·NIST-800-171-3.4.3	1194	······-·NIST-800-171-3.4.3
1195	······-·NIST-800-53-AC-6(9)	1195	······-·NIST-800-53-AC-6(9)
1196	······-·NIST-800-53-CM-6(a)	1196	······-·NIST-800-53-CM-6(a)
1197	······-·PCI-DSS-Req-10.5.2	1197	······-·PCI-DSS-Req-10.5.2
Offset 1207, 16 lines modified		Offset 1207, 16 lines modified
1207	······lineinfile:	1207	······lineinfile:
1208	········path:·'{{·item·}}'	1208	········path:·'{{·item·}}'
1209	········regexp:·^\s(?:-e)\s+.$	1209	········regexp:·^\s(?:-e)\s+.$
1210	········state:·absent	1210	········state:·absent
1211	······loop:·'{{·find_rules_d.files·\|·map(attribute=''path'')·\|·list·+·[''/etc/audit/audit.rules'']	1211	······loop:·'{{·find_rules_d.files·\|·map(attribute=''path'')·\|·list·+·[''/etc/audit/audit.rules'']
1212	········}}'	1212	········}}'
1213	······when:	1213	······when:
1214	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1215	······-·'"auditd"·in·ansible_facts.packages'	1214	······-·'"auditd"·in·ansible_facts.packages'
		1215	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1216	······tags:	1216	······tags:
1217	······-·CJIS-5.4.1.1	1217	······-·CJIS-5.4.1.1
1218	······-·NIST-800-171-3.3.1	1218	······-·NIST-800-171-3.3.1
1219	······-·NIST-800-171-3.4.3	1219	······-·NIST-800-171-3.4.3
1220	······-·NIST-800-53-AC-6(9)	1220	······-·NIST-800-53-AC-6(9)
1221	······-·NIST-800-53-CM-6(a)	1221	······-·NIST-800-53-CM-6(a)
1222	······-·PCI-DSS-Req-10.5.2	1222	······-·PCI-DSS-Req-10.5.2
Offset 1233, 16 lines modified		Offset 1233, 16 lines modified
1233	········create:·true	1233	········create:·true
1234	········line:·-e·2	1234	········line:·-e·2
1235	········mode:·o-rwx	1235	········mode:·o-rwx
1236	······loop:	1236	······loop:
1237	······-·/etc/audit/audit.rules	1237	······-·/etc/audit/audit.rules
1238	······-·/etc/audit/rules.d/immutable.rules	1238	······-·/etc/audit/rules.d/immutable.rules
1239	······when:	1239	······when:
1240	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1241	······-·'"auditd"·in·ansible_facts.packages'	1240	······-·'"auditd"·in·ansible_facts.packages'
		1241	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1242	······tags:	1242	······tags:
1243	······-·CJIS-5.4.1.1	1243	······-·CJIS-5.4.1.1
1244	······-·NIST-800-171-3.3.1	1244	······-·NIST-800-171-3.3.1
1245	······-·NIST-800-171-3.4.3	1245	······-·NIST-800-171-3.4.3
1246	······-·NIST-800-53-AC-6(9)	1246	······-·NIST-800-53-AC-6(9)
1247	······-·NIST-800-53-CM-6(a)	1247	······-·NIST-800-53-CM-6(a)
1248	······-·PCI-DSS-Req-10.5.2	1248	······-·PCI-DSS-Req-10.5.2
Offset 1277, 16 lines modified		Offset 1277, 16 lines modified
1277	····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/	1277	····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
1278	······find:	1278	······find:
1279	········paths:·/etc/audit/rules.d	1279	········paths:·/etc/audit/rules.d
1280	········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s\|$)+	1280	········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s\|$)+
1281	········patterns:·'*.rules'	1281	········patterns:·'*.rules'
1282	······register:·find_existing_watch_rules_d	1282	······register:·find_existing_watch_rules_d
1283	······when:	1283	······when:
1284	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1285	······-·'"auditd"·in·ansible_facts.packages'	1284	······-·'"auditd"·in·ansible_facts.packages'
		1285	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1286	······tags:	1286	······tags:
1287	······-·CJIS-5.4.1.1	1287	······-·CJIS-5.4.1.1
1288	······-·NIST-800-171-3.1.7	1288	······-·NIST-800-171-3.1.7
1289	······-·NIST-800-53-AC-2(7)(b)	1289	······-·NIST-800-53-AC-2(7)(b)
1290	······-·NIST-800-53-AC-6(9)	1290	······-·NIST-800-53-AC-6(9)
1291	······-·NIST-800-53-AU-12(c)	1291	······-·NIST-800-53-AU-12(c)
1292	······-·NIST-800-53-AU-2(d)	1292	······-·NIST-800-53-AU-2(d)
Offset 1303, 16 lines modified		Offset 1303, 16 lines modified
1303	····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions	1303	····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
1304	······find:	1304	······find:
1305	········paths:·/etc/audit/rules.d	1305	········paths:·/etc/audit/rules.d
1306	········contains:·^.*(?:-F·key=\|-k\s+)actions$	1306	········contains:·^.*(?:-F·key=\|-k\s+)actions$
1307	········patterns:·'*.rules'	1307	········patterns:·'*.rules'
1308	······register:·find_watch_key	1308	······register:·find_watch_key
1309	······when:	1309	······when:
1310	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1311	······-·'"auditd"·in·ansible_facts.packages'	1310	······-·'"auditd"·in·ansible_facts.packages'
		1311	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1312	······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched	1312	······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1313	········==·0	1313	········==·0
1314	······tags:	1314	······tags:
1315	······-·CJIS-5.4.1.1	1315	······-·CJIS-5.4.1.1
1316	······-·NIST-800-171-3.1.7	1316	······-·NIST-800-171-3.1.7
1317	······-·NIST-800-53-AC-2(7)(b)	1317	······-·NIST-800-53-AC-2(7)(b)
1318	······-·NIST-800-53-AC-6(9)	1318	······-·NIST-800-53-AC-6(9)
Offset 1329, 16 lines modified		Offset 1329, 16 lines modified
1329	······-·restrict_strategy	1329	······-·restrict_strategy

1330	····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule	1330	····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
1331	······set_fact:	1331	······set_fact:
1332	········all_files:	1332	········all_files:
1333	········-·/etc/audit/rules.d/actions.rules	1333	········-·/etc/audit/rules.d/actions.rules
1334	······when:	1334	······when:
1335	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1336	······-·'"auditd"·in·ansible_facts.packages'	1335	······-·'"auditd"·in·ansible_facts.packages'
		1336	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1337	······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched	1337	······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1338	········is·defined·and·find_existing_watch_rules_d.matched·==·0	1338	········is·defined·and·find_existing_watch_rules_d.matched·==·0
1339	······tags:	1339	······tags:
1340	······-·CJIS-5.4.1.1	1340	······-·CJIS-5.4.1.1
1341	······-·NIST-800-171-3.1.7	1341	······-·NIST-800-171-3.1.7
1342	······-·NIST-800-53-AC-2(7)(b)	1342	······-·NIST-800-53-AC-2(7)(b)
1343	······-·NIST-800-53-AC-6(9)	1343	······-·NIST-800-53-AC-6(9)
Offset 1355, 16 lines modified		Offset 1355, 16 lines modified
1355	······-·restrict_strategy	1355	······-·restrict_strategy

1356	····-·name:·Use·matched·file·as·the·recipient·for·the·rule	1356	····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1357	······set_fact:	1357	······set_fact:
1358	········all_files:	1358	········all_files:
1359	········-·'{{·find_watch_key.files·\|·map(attribute=''path'')·\|·list·\|·first·}}'	1359	········-·'{{·find_watch_key.files·\|·map(attribute=''path'')·\|·list·\|·first·}}'
1360	······when:	1360	······when:
1361	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1362	······-·'"auditd"·in·ansible_facts.packages'	1361	······-·'"auditd"·in·ansible_facts.packages'
		1362	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1363	······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched	1363	······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1364	········is·defined·and·find_existing_watch_rules_d.matched·==·0	1364	········is·defined·and·find_existing_watch_rules_d.matched·==·0
1365	······tags:	1365	······tags:
1366	······-·CJIS-5.4.1.1	1366	······-·CJIS-5.4.1.1
1367	······-·NIST-800-171-3.1.7	1367	······-·NIST-800-171-3.1.7
1368	······-·NIST-800-53-AC-2(7)(b)	1368	······-·NIST-800-53-AC-2(7)(b)
1369	······-·NIST-800-53-AC-6(9)	1369	······-·NIST-800-53-AC-6(9)
Offset 1383, 16 lines modified		Offset 1383, 16 lines modified
1383	····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/	1383	····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 133550/138587 bytes (96.37%) of diff not shown.


Offset 1152, 16 lines modified		Offset 1152, 16 lines modified

1152	····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension	1152	····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1153	······find:	1153	······find:
1154	········paths:·/etc/audit/rules.d/	1154	········paths:·/etc/audit/rules.d/
1155	········patterns:·'*.rules'	1155	········patterns:·'*.rules'
1156	······register:·find_rules_d	1156	······register:·find_rules_d
1157	······when:	1157	······when:
1158	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1159	······-·'"auditd"·in·ansible_facts.packages'	1158	······-·'"auditd"·in·ansible_facts.packages'
		1159	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1160	······tags:	1160	······tags:
1161	······-·CJIS-5.4.1.1	1161	······-·CJIS-5.4.1.1
1162	······-·NIST-800-171-3.3.1	1162	······-·NIST-800-171-3.3.1
1163	······-·NIST-800-171-3.4.3	1163	······-·NIST-800-171-3.4.3
1164	······-·NIST-800-53-AC-6(9)	1164	······-·NIST-800-53-AC-6(9)
1165	······-·NIST-800-53-CM-6(a)	1165	······-·NIST-800-53-CM-6(a)
1166	······-·PCI-DSS-Req-10.5.2	1166	······-·PCI-DSS-Req-10.5.2
Offset 1176, 16 lines modified		Offset 1176, 16 lines modified
1176	······lineinfile:	1176	······lineinfile:
1177	········path:·'{{·item·}}'	1177	········path:·'{{·item·}}'
1178	········regexp:·^\s(?:-e)\s+.$	1178	········regexp:·^\s(?:-e)\s+.$
1179	········state:·absent	1179	········state:·absent
1180	······loop:·'{{·find_rules_d.files·\|·map(attribute=''path'')·\|·list·+·[''/etc/audit/audit.rules'']	1180	······loop:·'{{·find_rules_d.files·\|·map(attribute=''path'')·\|·list·+·[''/etc/audit/audit.rules'']
1181	········}}'	1181	········}}'
1182	······when:	1182	······when:
1183	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1184	······-·'"auditd"·in·ansible_facts.packages'	1183	······-·'"auditd"·in·ansible_facts.packages'
		1184	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1185	······tags:	1185	······tags:
1186	······-·CJIS-5.4.1.1	1186	······-·CJIS-5.4.1.1
1187	······-·NIST-800-171-3.3.1	1187	······-·NIST-800-171-3.3.1
1188	······-·NIST-800-171-3.4.3	1188	······-·NIST-800-171-3.4.3
1189	······-·NIST-800-53-AC-6(9)	1189	······-·NIST-800-53-AC-6(9)
1190	······-·NIST-800-53-CM-6(a)	1190	······-·NIST-800-53-CM-6(a)
1191	······-·PCI-DSS-Req-10.5.2	1191	······-·PCI-DSS-Req-10.5.2
Offset 1202, 16 lines modified		Offset 1202, 16 lines modified
1202	········create:·true	1202	········create:·true
1203	········line:·-e·2	1203	········line:·-e·2
1204	········mode:·o-rwx	1204	········mode:·o-rwx
1205	······loop:	1205	······loop:
1206	······-·/etc/audit/audit.rules	1206	······-·/etc/audit/audit.rules
1207	······-·/etc/audit/rules.d/immutable.rules	1207	······-·/etc/audit/rules.d/immutable.rules
1208	······when:	1208	······when:
1209	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1210	······-·'"auditd"·in·ansible_facts.packages'	1209	······-·'"auditd"·in·ansible_facts.packages'
		1210	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1211	······tags:	1211	······tags:
1212	······-·CJIS-5.4.1.1	1212	······-·CJIS-5.4.1.1
1213	······-·NIST-800-171-3.3.1	1213	······-·NIST-800-171-3.3.1
1214	······-·NIST-800-171-3.4.3	1214	······-·NIST-800-171-3.4.3
1215	······-·NIST-800-53-AC-6(9)	1215	······-·NIST-800-53-AC-6(9)
1216	······-·NIST-800-53-CM-6(a)	1216	······-·NIST-800-53-CM-6(a)
1217	······-·PCI-DSS-Req-10.5.2	1217	······-·PCI-DSS-Req-10.5.2
Offset 1246, 16 lines modified		Offset 1246, 16 lines modified
1246	····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/	1246	····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
1247	······find:	1247	······find:
1248	········paths:·/etc/audit/rules.d	1248	········paths:·/etc/audit/rules.d
1249	········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s\|$)+	1249	········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s\|$)+
1250	········patterns:·'*.rules'	1250	········patterns:·'*.rules'
1251	······register:·find_existing_watch_rules_d	1251	······register:·find_existing_watch_rules_d
1252	······when:	1252	······when:
1253	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1254	······-·'"auditd"·in·ansible_facts.packages'	1253	······-·'"auditd"·in·ansible_facts.packages'
		1254	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1255	······tags:	1255	······tags:
1256	······-·CJIS-5.4.1.1	1256	······-·CJIS-5.4.1.1
1257	······-·NIST-800-171-3.1.7	1257	······-·NIST-800-171-3.1.7
1258	······-·NIST-800-53-AC-2(7)(b)	1258	······-·NIST-800-53-AC-2(7)(b)
1259	······-·NIST-800-53-AC-6(9)	1259	······-·NIST-800-53-AC-6(9)
1260	······-·NIST-800-53-AU-12(c)	1260	······-·NIST-800-53-AU-12(c)
1261	······-·NIST-800-53-AU-2(d)	1261	······-·NIST-800-53-AU-2(d)
Offset 1272, 16 lines modified		Offset 1272, 16 lines modified
1272	····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions	1272	····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
1273	······find:	1273	······find:
1274	········paths:·/etc/audit/rules.d	1274	········paths:·/etc/audit/rules.d
1275	········contains:·^.*(?:-F·key=\|-k\s+)actions$	1275	········contains:·^.*(?:-F·key=\|-k\s+)actions$
1276	········patterns:·'*.rules'	1276	········patterns:·'*.rules'
1277	······register:·find_watch_key	1277	······register:·find_watch_key
1278	······when:	1278	······when:
1279	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1280	······-·'"auditd"·in·ansible_facts.packages'	1279	······-·'"auditd"·in·ansible_facts.packages'
		1280	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1281	······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched	1281	······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1282	········==·0	1282	········==·0
1283	······tags:	1283	······tags:
1284	······-·CJIS-5.4.1.1	1284	······-·CJIS-5.4.1.1
1285	······-·NIST-800-171-3.1.7	1285	······-·NIST-800-171-3.1.7
1286	······-·NIST-800-53-AC-2(7)(b)	1286	······-·NIST-800-53-AC-2(7)(b)
1287	······-·NIST-800-53-AC-6(9)	1287	······-·NIST-800-53-AC-6(9)
Offset 1298, 16 lines modified		Offset 1298, 16 lines modified
1298	······-·restrict_strategy	1298	······-·restrict_strategy

1299	····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule	1299	····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
1300	······set_fact:	1300	······set_fact:
1301	········all_files:	1301	········all_files:
1302	········-·/etc/audit/rules.d/actions.rules	1302	········-·/etc/audit/rules.d/actions.rules
1303	······when:	1303	······when:
1304	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1305	······-·'"auditd"·in·ansible_facts.packages'	1304	······-·'"auditd"·in·ansible_facts.packages'
		1305	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1306	······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched	1306	······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1307	········is·defined·and·find_existing_watch_rules_d.matched·==·0	1307	········is·defined·and·find_existing_watch_rules_d.matched·==·0
1308	······tags:	1308	······tags:
1309	······-·CJIS-5.4.1.1	1309	······-·CJIS-5.4.1.1
1310	······-·NIST-800-171-3.1.7	1310	······-·NIST-800-171-3.1.7
1311	······-·NIST-800-53-AC-2(7)(b)	1311	······-·NIST-800-53-AC-2(7)(b)
1312	······-·NIST-800-53-AC-6(9)	1312	······-·NIST-800-53-AC-6(9)
Offset 1324, 16 lines modified		Offset 1324, 16 lines modified
1324	······-·restrict_strategy	1324	······-·restrict_strategy

1325	····-·name:·Use·matched·file·as·the·recipient·for·the·rule	1325	····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1326	······set_fact:	1326	······set_fact:
1327	········all_files:	1327	········all_files:
1328	········-·'{{·find_watch_key.files·\|·map(attribute=''path'')·\|·list·\|·first·}}'	1328	········-·'{{·find_watch_key.files·\|·map(attribute=''path'')·\|·list·\|·first·}}'
1329	······when:	1329	······when:
1330	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1331	······-·'"auditd"·in·ansible_facts.packages'	1330	······-·'"auditd"·in·ansible_facts.packages'
		1331	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1332	······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched	1332	······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1333	········is·defined·and·find_existing_watch_rules_d.matched·==·0	1333	········is·defined·and·find_existing_watch_rules_d.matched·==·0
1334	······tags:	1334	······tags:
1335	······-·CJIS-5.4.1.1	1335	······-·CJIS-5.4.1.1
1336	······-·NIST-800-171-3.1.7	1336	······-·NIST-800-171-3.1.7
1337	······-·NIST-800-53-AC-2(7)(b)	1337	······-·NIST-800-53-AC-2(7)(b)
1338	······-·NIST-800-53-AC-6(9)	1338	······-·NIST-800-53-AC-6(9)
Offset 1352, 16 lines modified		Offset 1352, 16 lines modified
1352	····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/	1352	····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 133550/138587 bytes (96.37%) of diff not shown.


Offset 779, 16 lines modified		Offset 779, 16 lines modified
779	····-·name:·Check·if·watch·rule·for·/etc/group·already·exists·in·/etc/audit/rules.d/	779	····-·name:·Check·if·watch·rule·for·/etc/group·already·exists·in·/etc/audit/rules.d/
780	······find:	780	······find:
781	········paths:·/etc/audit/rules.d	781	········paths:·/etc/audit/rules.d
782	········contains:·^\s*-w\s+/etc/group\s+-p\s+wa(\s\|$)+	782	········contains:·^\s*-w\s+/etc/group\s+-p\s+wa(\s\|$)+
783	········patterns:·'*.rules'	783	········patterns:·'*.rules'
784	······register:·find_existing_watch_rules_d	784	······register:·find_existing_watch_rules_d
785	······when:	785	······when:
786	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
787	······-·'"auditd"·in·ansible_facts.packages'	786	······-·'"auditd"·in·ansible_facts.packages'
		787	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
788	······tags:	788	······tags:
789	······-·CJIS-5.4.1.1	789	······-·CJIS-5.4.1.1
790	······-·DISA-STIG-UBTU-20-010101	790	······-·DISA-STIG-UBTU-20-010101
791	······-·NIST-800-171-3.1.7	791	······-·NIST-800-171-3.1.7
792	······-·NIST-800-53-AC-2(4)	792	······-·NIST-800-53-AC-2(4)
793	······-·NIST-800-53-AC-6(9)	793	······-·NIST-800-53-AC-6(9)
794	······-·NIST-800-53-AU-12(c)	794	······-·NIST-800-53-AU-12(c)
Offset 805, 16 lines modified		Offset 805, 16 lines modified
805	····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_usergroup_modification	805	····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_usergroup_modification
806	······find:	806	······find:
807	········paths:·/etc/audit/rules.d	807	········paths:·/etc/audit/rules.d
808	········contains:·^.*(?:-F·key=\|-k\s+)audit_rules_usergroup_modification$	808	········contains:·^.*(?:-F·key=\|-k\s+)audit_rules_usergroup_modification$
809	········patterns:·'*.rules'	809	········patterns:·'*.rules'
810	······register:·find_watch_key	810	······register:·find_watch_key
811	······when:	811	······when:
812	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
813	······-·'"auditd"·in·ansible_facts.packages'	812	······-·'"auditd"·in·ansible_facts.packages'
		813	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
814	······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched	814	······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
815	········==·0	815	········==·0
816	······tags:	816	······tags:
817	······-·CJIS-5.4.1.1	817	······-·CJIS-5.4.1.1
818	······-·DISA-STIG-UBTU-20-010101	818	······-·DISA-STIG-UBTU-20-010101
819	······-·NIST-800-171-3.1.7	819	······-·NIST-800-171-3.1.7
820	······-·NIST-800-53-AC-2(4)	820	······-·NIST-800-53-AC-2(4)
Offset 832, 16 lines modified		Offset 832, 16 lines modified

832	····-·name:·Use·/etc/audit/rules.d/audit_rules_usergroup_modification.rules·as·the·recipient	832	····-·name:·Use·/etc/audit/rules.d/audit_rules_usergroup_modification.rules·as·the·recipient
833	········for·the·rule	833	········for·the·rule
834	······set_fact:	834	······set_fact:
835	········all_files:	835	········all_files:
836	········-·/etc/audit/rules.d/audit_rules_usergroup_modification.rules	836	········-·/etc/audit/rules.d/audit_rules_usergroup_modification.rules
837	······when:	837	······when:
838	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
839	······-·'"auditd"·in·ansible_facts.packages'	838	······-·'"auditd"·in·ansible_facts.packages'
		839	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
840	······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched	840	······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
841	········is·defined·and·find_existing_watch_rules_d.matched·==·0	841	········is·defined·and·find_existing_watch_rules_d.matched·==·0
842	······tags:	842	······tags:
843	······-·CJIS-5.4.1.1	843	······-·CJIS-5.4.1.1
844	······-·DISA-STIG-UBTU-20-010101	844	······-·DISA-STIG-UBTU-20-010101
845	······-·NIST-800-171-3.1.7	845	······-·NIST-800-171-3.1.7
846	······-·NIST-800-53-AC-2(4)	846	······-·NIST-800-53-AC-2(4)
Offset 858, 16 lines modified		Offset 858, 16 lines modified
858	······-·restrict_strategy	858	······-·restrict_strategy

859	····-·name:·Use·matched·file·as·the·recipient·for·the·rule	859	····-·name:·Use·matched·file·as·the·recipient·for·the·rule
860	······set_fact:	860	······set_fact:
861	········all_files:	861	········all_files:
862	········-·'{{·find_watch_key.files·\|·map(attribute=''path'')·\|·list·\|·first·}}'	862	········-·'{{·find_watch_key.files·\|·map(attribute=''path'')·\|·list·\|·first·}}'
863	······when:	863	······when:
864	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
865	······-·'"auditd"·in·ansible_facts.packages'	864	······-·'"auditd"·in·ansible_facts.packages'
		865	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
866	······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched	866	······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
867	········is·defined·and·find_existing_watch_rules_d.matched·==·0	867	········is·defined·and·find_existing_watch_rules_d.matched·==·0
868	······tags:	868	······tags:
869	······-·CJIS-5.4.1.1	869	······-·CJIS-5.4.1.1
870	······-·DISA-STIG-UBTU-20-010101	870	······-·DISA-STIG-UBTU-20-010101
871	······-·NIST-800-171-3.1.7	871	······-·NIST-800-171-3.1.7
872	······-·NIST-800-53-AC-2(4)	872	······-·NIST-800-53-AC-2(4)
Offset 886, 16 lines modified		Offset 886, 16 lines modified
886	····-·name:·Add·watch·rule·for·/etc/group·in·/etc/audit/rules.d/	886	····-·name:·Add·watch·rule·for·/etc/group·in·/etc/audit/rules.d/
887	······lineinfile:	887	······lineinfile:
888	········path:·'{{·all_files[0]·}}'	888	········path:·'{{·all_files[0]·}}'
889	········line:·-w·/etc/group·-p·wa·-k·audit_rules_usergroup_modification	889	········line:·-w·/etc/group·-p·wa·-k·audit_rules_usergroup_modification
890	········create:·true	890	········create:·true
891	········mode:·'0640'	891	········mode:·'0640'
892	······when:	892	······when:
893	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
894	······-·'"auditd"·in·ansible_facts.packages'	893	······-·'"auditd"·in·ansible_facts.packages'
		894	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
895	······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched	895	······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
896	········==·0	896	········==·0
897	······tags:	897	······tags:
898	······-·CJIS-5.4.1.1	898	······-·CJIS-5.4.1.1
899	······-·DISA-STIG-UBTU-20-010101	899	······-·DISA-STIG-UBTU-20-010101
900	······-·NIST-800-171-3.1.7	900	······-·NIST-800-171-3.1.7
901	······-·NIST-800-53-AC-2(4)	901	······-·NIST-800-53-AC-2(4)
Offset 914, 16 lines modified		Offset 914, 16 lines modified
914	····-·name:·Check·if·watch·rule·for·/etc/group·already·exists·in·/etc/audit/audit.rules	914	····-·name:·Check·if·watch·rule·for·/etc/group·already·exists·in·/etc/audit/audit.rules
915	······find:	915	······find:
916	········paths:·/etc/audit/	916	········paths:·/etc/audit/
917	········contains:·^\s*-w\s+/etc/group\s+-p\s+wa(\s\|$)+	917	········contains:·^\s*-w\s+/etc/group\s+-p\s+wa(\s\|$)+
918	········patterns:·audit.rules	918	········patterns:·audit.rules
919	······register:·find_existing_watch_audit_rules	919	······register:·find_existing_watch_audit_rules
920	······when:	920	······when:
921	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
922	······-·'"auditd"·in·ansible_facts.packages'	921	······-·'"auditd"·in·ansible_facts.packages'
		922	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
923	······tags:	923	······tags:
924	······-·CJIS-5.4.1.1	924	······-·CJIS-5.4.1.1
925	······-·DISA-STIG-UBTU-20-010101	925	······-·DISA-STIG-UBTU-20-010101
926	······-·NIST-800-171-3.1.7	926	······-·NIST-800-171-3.1.7
927	······-·NIST-800-53-AC-2(4)	927	······-·NIST-800-53-AC-2(4)
928	······-·NIST-800-53-AC-6(9)	928	······-·NIST-800-53-AC-6(9)
929	······-·NIST-800-53-AU-12(c)	929	······-·NIST-800-53-AU-12(c)
Offset 941, 16 lines modified		Offset 941, 16 lines modified
941	······lineinfile:	941	······lineinfile:
942	········line:·-w·/etc/group·-p·wa·-k·audit_rules_usergroup_modification	942	········line:·-w·/etc/group·-p·wa·-k·audit_rules_usergroup_modification
943	········state:·present	943	········state:·present
944	········dest:·/etc/audit/audit.rules	944	········dest:·/etc/audit/audit.rules
945	········create:·true	945	········create:·true
946	········mode:·'0640'	946	········mode:·'0640'
947	······when:	947	······when:
948	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
949	······-·'"auditd"·in·ansible_facts.packages'	948	······-·'"auditd"·in·ansible_facts.packages'
		949	······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
950	······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched	950	······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched
951	········==·0	951	········==·0
952	······tags:	952	······tags:
953	······-·CJIS-5.4.1.1	953	······-·CJIS-5.4.1.1
954	······-·DISA-STIG-UBTU-20-010101	954	······-·DISA-STIG-UBTU-20-010101
955	······-·NIST-800-171-3.1.7	955	······-·NIST-800-171-3.1.7
956	······-·NIST-800-53-AC-2(4)	956	······-·NIST-800-53-AC-2(4)
Offset 990, 16 lines modified		Offset 990, 16 lines modified
990	····-·name:·Check·if·watch·rule·for·/etc/gshadow·already·exists·in·/etc/audit/rules.d/	990	····-·name:·Check·if·watch·rule·for·/etc/gshadow·already·exists·in·/etc/audit/rules.d/
Max diff block lines reached; 123095/128504 bytes (95.79%) of diff not shown.


Offset 3, 1933 lines modified		Offset 3, 1933 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.65</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.65</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>	7	····<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_~~kerb~~_auth_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-sshd_enable_pam_ocil:questionnaire:1">
11	······<ocil:title>Disable·~~Kerberos~~·A~~uthenticatio~~n</ocil:title>	11	······<ocil:title>Enable·PAM</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-sshd_disable_~~kerb~~_auth_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-sshd_enable_pam_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-disallow_bypass_password_sudo_ocil:questionnaire:1">
17	······<ocil:title~~>Di~~sallo~~w·C~~onfiguratio~~n·t~~o·~~Bypa~~ss·Pas~~sword·R~~equi~~reme~~n~~ts·for·Priv~~ilege~~·Es~~cal~~ation</~~o~~cil:title~~>	16	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_arp_filter_ocil:questionnaire:1">
		17	······<ocil:title>Configure·ARP·filtering·for·All·IPv4·Interfaces</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-disal~~low~~_~~bypass_p~~a~~sswo~~rd_~~sudo~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_arp_filter_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-file_gr~~oupow~~ne~~rship_audi~~t_configuration_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-kernel_config_retpoline_ocil:questionnaire:1">
23	······<ocil:title>Audit·Co~~nfig~~uration·Fil~~es·Mus~~t·~~Be·Own~~ed·By·~~Grou~~p·r~~oot~~</ocil:title>	23	······<ocil:title>Avoid·speculative·indirect·branches·in·kernel</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-file_gr~~oupow~~ne~~rship_audi~~t_configuration_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-kernel_config_retpoline_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-kern~~el_modu~~l~~e_tip~~c~~_dis~~a~~bled~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-set_ipv6_loopback_traffic_ocil:questionnaire:1">
29	······<ocil:title>Disa~~ble~~·TIPC·Support</ocil:title>	29	······<ocil:title>Set·configuration·for·IPv6·loopback·traffic</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-kern~~el_modu~~l~~e_tip~~c~~_dis~~a~~bled~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-set_ipv6_loopback_traffic_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-sshd_enable_warning_banner_ocil:questionnaire:1">
35	······<ocil:~~title>E~~nable·~~SSH·W~~arni~~ng·Bann~~er</ocil:title>	34	····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_ocil:questionnaire:1">
		35	······<ocil:title>Record·Events·that·Modify·User/Group·Information</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-sshd~~_enab~~le_war~~ning~~_ba~~nner~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-audit_rules_usergroup_modification_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-kernel_config_bug_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-kernel_config_bug_ocil:questionnaire:1">
41	······<ocil:title>Enable·support·for·BUG()</ocil:title>	41	······<ocil:title>Enable·support·for·BUG()</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-kernel_config_bug_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-kernel_config_bug_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-sudo_add_requiretty_ocil:questionnaire:1">
47	······<ocil:title>Ensure·Only·Users·Logged·In·To·Real·tty·Can·Execute·Sudo·-·sudo·requiretty</ocil:title>
48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-sudo_add_requiretty_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>
51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-package_syslogng_installed_ocil:questionnaire:1">
53	······<ocil:title>Ensure·syslog-ng·is·Installed</ocil:title>
54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-package_syslogng_installed_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>
57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-sshd_set_idle_time~~out~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_all_disable_ipv6_ocil:questionnaire:1">
59	······<ocil:title>Se~~t·SSH~~·~~Cli~~ent·Alive·Interval</ocil:title>	47	······<ocil:title>Disable·IPv6·Addressing·on·All·IPv6·Interfaces</ocil:title>
60	······<ocil:actions>	48	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-sshd_set_idle_time~~out~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_all_disable_ipv6_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	50	······</ocil:actions>
63	····</ocil:questionnaire>	51	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-kernel_config_randomize_base_ocil:questionnaire:1">
65	······<ocil:title~~>Random~~ize·~~the·addre~~ss·~~of·t~~he~~·kernel·image·(KASLR)</~~ocil:title>	52	····<ocil:questionnaire·id="ocil:ssg-sshd_allow_only_protocol2_ocil:questionnaire:1">
		53	······<ocil:title>Allow·Only·SSH·Protocol·2</ocil:title>
66	······<ocil:actions>	54	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-ke~~rnel~~_c~~onfig~~_~~randomize_base~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-sshd_allow_only_protocol2_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	56	······</ocil:actions>
69	····</ocil:questionnaire>	57	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~fil~~e_~~perm~~i~~ssio~~ns~~_var_log~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-kernel_config_binfmt_misc_ocil:questionnaire:1">
71	······<ocil:title>~~Verify~~·Per~~missions·on~~·~~/var/log~~·Dir~~ectory~~</ocil:title>	59	······<ocil:title>Disable·kernel·support·for·MISC·binaries</ocil:title>
72	······<ocil:actions>	60	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~fil~~e_~~perm~~i~~ssio~~ns~~_var_log~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-kernel_config_binfmt_misc_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	62	······</ocil:actions>
75	····</ocil:questionnaire>	63	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-grub2_enable_iommu_force_ocil:questionnaire:1">
77	······<ocil:t~~itle>IOMMU·~~configurati~~on·d~~i~~rec~~tive</ocil:title>	64	····<ocil:questionnaire·id="ocil:ssg-postfix_client_configure_mail_alias_postmaster_ocil:questionnaire:1">
		65	······<ocil:title>Configure·System·to·Forward·All·Mail·From·Postmaster·to·The·Root·Account</ocil:title>
78	······<ocil:actions>	66	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~grub2~~_en~~abl~~e_i~~ommu~~_force_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-postfix_client_configure_mail_alias_postmaster_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	68	······</ocil:actions>
81	····</ocil:questionnaire>	69	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-kernel_config_x86_vsyscall_emulation_ocil:questionnaire:1">
83	······<ocil:~~title>Dis~~able·~~x86·v~~s~~yscall·em~~u~~lat~~i~~on</~~ocil:title>	70	····<ocil:questionnaire·id="ocil:ssg-no_rsh_trust_files_ocil:questionnaire:1">
		71	······<ocil:title>Remove·Rsh·Trust·Files</ocil:title>
84	······<ocil:actions>	72	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~ker~~n~~el_c~~o~~nfig~~_~~x86~~_~~vsy~~s~~cal~~l_emul~~ati~~on_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-no_rsh_trust_files_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	74	······</ocil:actions>
87	····</ocil:questionnaire>	75	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-s~~udo~~_~~remov~~e~~_nop~~a~~ssw~~d_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-service_iptables_enabled_ocil:questionnaire:1">
89	······<ocil:title>~~Ensure·U~~ser~~s·Re-Authent~~i~~cate·~~for·~~Privi~~lege·E~~scalatio~~n·~~-·su~~d~~o·NOPASSWD~~</ocil:title>	77	······<ocil:title>Verify·iptables·Enabled</ocil:title>
90	······<ocil:actions>	78	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-s~~udo~~_~~remov~~e~~_nop~~a~~ssw~~d_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-service_iptables_enabled_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	80	······</ocil:actions>
93	····</ocil:questionnaire>	81	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-~~sshd~~_~~set~~_~~logl~~evel_~~info~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
95	······<ocil:title>Set·LogLeve~~l·to~~·I~~NFO~~</ocil:title>	83	······<ocil:title>Unmap·kernel·when·running·in·userspace·(aka·KAISER)</ocil:title>
96	······<ocil:actions>	84	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_~~set~~_~~logl~~evel_~~info~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	86	······</ocil:actions>
99	····</ocil:questionnaire>	87	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchmod_ocil:questionnaire:1">
101	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·th~~at·M~~odify~~·the·Syst~~e~~m's·Discr~~et~~ion~~ar~~y·Acc~~e~~ss·Contr~~o~~ls·-·fchmod</~~o~~cil:title~~>	88	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_gshadow_ocil:questionnaire:1">
		89	······<ocil:title>Verify·Group·Who·Owns·Backup·gshadow·File</ocil:title>
102	······<ocil:actions>	90	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~audit_~~r~~ules_dac~~_~~modifica~~tion_fchmod_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-file_groupowner_backup_etc_gshadow_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	92	······</ocil:actions>
105	····</ocil:questionnaire>	93	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-chro~~nyd~~_se~~rver~~_dir~~ective~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-grub2_l1tf_argument_ocil:questionnaire:1">
107	······<ocil:title>~~Ensure·~~C~~hrony·is·only·c~~onfigured·~~with·the~~·s~~erver~~·di~~rec~~tive</ocil:title>	95	······<ocil:title>Configure·L1·Terminal·Fault·mitigations</ocil:title>
108	······<ocil:actions>	96	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-chro~~nyd~~_se~~rver~~_dir~~ective~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-grub2_l1tf_argument_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	98	······</ocil:actions>
111	····</ocil:questionnaire>	99	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-accounts_passwords_pam_faillock_audit_ocil:questionnaire:1">
113	······<ocil:title~~>Acc~~o~~unt·Locko~~uts~~·Mus~~t·Be~~·Logg~~e~~d</~~ocil:title>	100	····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_renameat_ocil:questionnaire:1">
		101	······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·renameat</ocil:title>
114	······<ocil:actions>	102	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-a~~cco~~unts_~~passwords_pam~~_~~faillock_~~a~~udi~~t_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_renameat_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	104	······</ocil:actions>
117	····</ocil:questionnaire>	105	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-accounts_max_concurrent_login_sessions_ocil:questionnaire:1">
119	······<ocil:title>Li~~mit·th~~e·N~~umber·of·Concurr~~en~~t·Log~~i~~n·Se~~ssions·~~Allowed·Per·User</~~ocil:title>	106	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_group_ocil:questionnaire:1">
		107	······<ocil:title>Verify·Permissions·on·Backup·group·File</ocil:title>
120	······<ocil:actions>	108	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-a~~ccounts_~~m~~ax_c~~onc~~urrent_login~~_~~ses~~sions_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_group_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 652943/664341 bytes (98.28%) of diff not shown.


Offset 3, 3211 lines modified		Offset 3, 3211 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.65</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.65</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>	7	····<ocil:timestamp>2022-12-20T09:54:05</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_~~kerb~~_auth_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-sshd_enable_pam_ocil:questionnaire:1">
		11	······<ocil:title>Enable·PAM</ocil:title>
11	······<ocil:title>Disable·Kerberos·Authentication</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-sshd_disable_kerb_auth_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-disallow_bypass_password_sudo_ocil:questionnaire:1">
17	······<ocil:title>Disallow·Configuration·to·Bypass·Password·Requirements·for·Privilege·Escalation</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-disal~~low~~_~~bypass~~_pa~~ssword_sud~~o_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-sshd_enable_pam_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-~~file_groupow~~nership~~_aud~~it_conf~~igu~~ration_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_arp_filter_ocil:questionnaire:1">
23	······<ocil:title>~~Audit·~~Configur~~ation~~·Fil~~es·Must·Be~~·~~Owned·By~~·~~Group·root~~</ocil:title>	17	······<ocil:title>Configure·ARP·filtering·for·All·IPv4·Interfaces</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~file_groupow~~nership~~_aud~~it_conf~~igu~~ration_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_arp_filter_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-~~ker~~nel_~~module~~_tipc_disabled_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-mount_option_tmp_nosuid_ocil:questionnaire:1">
29	······<ocil:title>Dis~~able·TIPC~~·~~Support~~</ocil:title>	23	······<ocil:title>Add·nosuid·Option·to·/tmp</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~ker~~nel_~~module~~_tipc_disabled_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-mount_option_tmp_nosuid_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-~~sshd~~_e~~nab~~le_warning_~~ban~~ner_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-kernel_config_retpoline_ocil:questionnaire:1">
35	······<ocil:title>Enable·~~SSH~~·Warning·~~Ban~~ner</ocil:title>	29	······<ocil:title>Avoid·speculative·indirect·branches·in·kernel</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_e~~nab~~le_warning_~~ban~~ner_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-kernel_config_retpoline_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-ke~~rnel~~_co~~nfig~~_~~bug~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-set_ipv6_loopback_traffic_ocil:questionnaire:1">
41	······<ocil:title>Ena~~ble~~·~~support~~·for·~~BUG()~~</ocil:title>	35	······<ocil:title>Set·configuration·for·IPv6·loopback·traffic</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-ke~~rnel~~_co~~nfig~~_~~bug~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-set_ipv6_loopback_traffic_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-sudo~~_add~~_r~~equiretty~~_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-mount_option_var_tmp_nodev_ocil:questionnaire:1">
47	······<ocil:title>~~Ensure·Only·Users·Log~~ged·In·To·Re~~al·tty·Ca~~n·~~Exe~~cut~~e·Su~~do·-·sudo·re~~qui~~retty</ocil:title>	41	······<ocil:title>Add·nodev·Option·to·/var/tmp</ocil:title>
48	······<ocil:actions>	42	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-sudo~~_add~~_r~~equiretty~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_nodev_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	44	······</ocil:actions>
51	····</ocil:questionnaire>	45	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-package_syslogng_installed_ocil:questionnaire:1">
53	······<ocil:~~title>E~~nsure·~~sys~~log-~~ng·~~is~~·Installe~~d</ocil:title>	46	····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_ocil:questionnaire:1">
		47	······<ocil:title>Record·Events·that·Modify·User/Group·Information</ocil:title>
54	······<ocil:actions>	48	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_s~~ysl~~o~~gng_~~i~~nst~~a~~lled~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-audit_rules_usergroup_modification_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	50	······</ocil:actions>
57	····</ocil:questionnaire>	51	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-ss~~hd_s~~et_id~~le_t~~i~~meo~~ut_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-kernel_config_bug_ocil:questionnaire:1">
59	······<ocil:title>~~Set·SSH·Clien~~t·Al~~ive~~·~~Interval~~</ocil:title>	53	······<ocil:title>Enable·support·for·BUG()</ocil:title>
60	······<ocil:actions>	54	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-ss~~hd_s~~et_id~~le_t~~i~~meo~~ut_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-kernel_config_bug_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	56	······</ocil:actions>
63	····</ocil:questionnaire>	57	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~ker~~nel_conf~~ig_randomiz~~e_~~base~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_all_disable_ipv6_ocil:questionnaire:1">
65	······<ocil:title>Ra~~ndomiz~~e·~~the~~·address·of·~~the~~·ke~~rnel~~·i~~mag~~e·(~~KASLR)~~</ocil:title>	59	······<ocil:title>Disable·IPv6·Addressing·on·All·IPv6·Interfaces</ocil:title>
66	······<ocil:actions>	60	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~ker~~nel_conf~~ig_randomiz~~e_~~base~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_all_disable_ipv6_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	62	······</ocil:actions>
69	····</ocil:questionnaire>	63	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~file~~_pe~~rmissi~~ons_~~var_l~~og_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-sshd_allow_only_protocol2_ocil:questionnaire:1">
71	······<ocil:title>V~~erify~~·~~Permissi~~ons·on·~~/var/l~~o~~g·Di~~rec~~tory~~</ocil:title>	65	······<ocil:title>Allow·Only·SSH·Protocol·2</ocil:title>
72	······<ocil:actions>	66	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~file~~_pe~~rmissi~~ons_~~var_l~~og_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-sshd_allow_only_protocol2_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	68	······</ocil:actions>
75	····</ocil:questionnaire>	69	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-gr~~ub2~~_en~~able_~~iommu_~~for~~ce_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-kernel_config_binfmt_misc_ocil:questionnaire:1">
77	······<ocil:title>~~IOMMU~~·con~~fig~~ur~~ati~~on·~~direct~~ive</ocil:title>	71	······<ocil:title>Disable·kernel·support·for·MISC·binaries</ocil:title>
78	······<ocil:actions>	72	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-gr~~ub2~~_en~~able_~~iommu_~~for~~ce_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-kernel_config_binfmt_misc_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	74	······</ocil:actions>
81	····</ocil:questionnaire>	75	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-kernel_config_x86_vsyscall_emulation_ocil:questionnaire:1">
83	······<ocil:title>Dis~~able·~~x~~86·vsys~~c~~all·~~emulatio~~n</~~ocil:title>	76	····<ocil:questionnaire·id="ocil:ssg-postfix_client_configure_mail_alias_postmaster_ocil:questionnaire:1">
		77	······<ocil:title>Configure·System·to·Forward·All·Mail·From·Postmaster·to·The·Root·Account</ocil:title>
84	······<ocil:actions>	78	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~kern~~el_config_~~x86~~_~~vsysc~~all_~~emul~~a~~tion~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-postfix_client_configure_mail_alias_postmaster_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	80	······</ocil:actions>
87	····</ocil:questionnaire>	81	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-sudo_r~~emove_nopasswd~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-no_rsh_trust_files_ocil:questionnaire:1">
89	······<ocil:title>~~Ensu~~re~~·Us~~ers·R~~e-Au~~th~~enticate~~·for~~·Priv~~ilege~~·Escalation·-·~~s~~udo·NOPASSWD~~</ocil:title>	83	······<ocil:title>Remove·Rsh·Trust·Files</ocil:title>
90	······<ocil:actions>	84	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-sudo_r~~emove_nopasswd~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-no_rsh_trust_files_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	86	······</ocil:actions>
93	····</ocil:questionnaire>	87	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-s~~shd_s~~e~~t_log~~leve~~l_info~~_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-service_iptables_enabled_ocil:questionnaire:1">
95	······<ocil:title>Set·~~LogLev~~el·~~to·INFO~~</ocil:title>	89	······<ocil:title>Verify·iptables·Enabled</ocil:title>
96	······<ocil:actions>	90	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-s~~shd_s~~e~~t_log~~leve~~l_info~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-service_iptables_enabled_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	92	······</ocil:actions>
99	····</ocil:questionnaire>	93	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchmod_ocil:questionnaire:1">
101	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·th~~at·M~~odi~~fy·the·Sy~~s~~tem's·Dis~~c~~ret~~i~~onary·Acc~~e~~ss·Con~~trol~~s·-·fchmod</~~o~~cil:title~~>	94	····<ocil:questionnaire·id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
		95	······<ocil:title>Unmap·kernel·when·running·in·userspace·(aka·KAISER)</ocil:title>
102	······<ocil:actions>	96	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~audit~~_~~rules~~_dac_~~modific~~at~~ion~~_~~fchmod~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-kernel_config_unmap_kernel_at_el0_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	98	······</ocil:actions>
105	····</ocil:questionnaire>	99	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-chro~~nyd_s~~er~~ver_dir~~ec~~tive~~_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_gshadow_ocil:questionnaire:1">
107	······<ocil:title>~~Ensure~~·Chrony·is·o~~nly~~·con~~figure~~d·wi~~th·the~~·~~server·~~di~~rect~~ive</ocil:title>	101	······<ocil:title>Verify·Group·Who·Owns·Backup·gshadow·File</ocil:title>
108	······<ocil:actions>	102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-chro~~nyd_s~~er~~ver_dir~~ec~~tive~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-file_groupowner_backup_etc_gshadow_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	104	······</ocil:actions>
111	····</ocil:questionnaire>	105	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-accounts_~~passwords_pam~~_fa~~illock_audi~~t_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-grub2_l1tf_argument_ocil:questionnaire:1">
113	······<ocil:title>~~Acco~~unt·L~~ockouts~~·Must·~~Be·Logged~~</ocil:title>	107	······<ocil:title>Configure·L1·Terminal·Fault·mitigations</ocil:title>
114	······<ocil:actions>	108	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-accounts_~~passwords_pam~~_fa~~illock_audi~~t_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-grub2_l1tf_argument_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	110	······</ocil:actions>
117	····</ocil:questionnaire>	111	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-accounts_max_concurrent_login_sessions_ocil:questionnaire:1">
119	······<ocil:title>Li~~mit·th~~e·N~~umber·of·Concur~~rent·Login~~·Ses~~sio~~ns·Allowed·Per·Us~~e~~r</~~o~~cil:title~~>	112	····<ocil:questionnaire·id="ocil:ssg-partition_for_var_tmp_ocil:questionnaire:1">
		113	······<ocil:title>Ensure·/var/tmp·Located·On·Separate·Partition</ocil:title>
120	······<ocil:actions>	114	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-~~accoun~~t~~s_max_c~~o~~ncurre~~nt_login_s~~essions~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-partition_for_var_tmp_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	116	······</ocil:actions>
123	····</ocil:questionnaire>	117	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-grub2_systemd_debug-shell_argument_absent_ocil:questionnaire:1">
Max diff block lines reached; 680290/692482 bytes (98.24%) of diff not shown.