/usr/bin/diffoscope --timeout 7200 --html /srv/reproducible-results/rbuild-debian/r-b-build.dMrVcbxe/scap-security-guide_0.1.76-1.diffoscope.html --text /srv/reproducible-results/rbuild-debian/r-b-build.dMrVcbxe/scap-security-guide_0.1.76-1.diffoscope.txt --json /srv/reproducible-results/rbuild-debian/r-b-build.dMrVcbxe/scap-security-guide_0.1.76-1.diffoscope.json --profile=- /srv/reproducible-results/rbuild-debian/r-b-build.dMrVcbxe/b1/scap-security-guide_0.1.76-1_arm64.changes /srv/reproducible-results/rbuild-debian/r-b-build.dMrVcbxe/b2/scap-security-guide_0.1.76-1

⊟

93.6 MB

/srv/reproducible-results/rbuild-debian/r-b-build.dMrVcbxe/b1/scap-security-guide_0.1.76-1_arm64.changes vs.

/srv/reproducible-results/rbuild-debian/r-b-build.dMrVcbxe/b2/scap-security-guide_0.1.76-1_arm64.changes ¶

⊟

824 B

Files ¶

⊟

407 KB

ssg-applications_0.1.76-1_all.deb ¶

⊟

370 B

file list ¶

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

406 KB

data.tar.xz ¶

⊟

406 KB

data.tar ¶

⊟

77.1 KB

⊟

77.0 KB

⊟

68.6 KB

⊟

68.5 KB

Ordering differences only

⊟

85.1 KB

⊟

85.0 KB

⊟

76.5 KB

⊟

76.4 KB

Ordering differences only

⊟

52.9 KB

⊟

52.8 KB

⊟

45.9 KB

⊟

45.8 KB

Ordering differences only

⊟

9.96 MB

ssg-debderived_0.1.76-1_all.deb ¶

⊟

367 B

file list ¶

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

9.96 MB

data.tar.xz ¶

⊟

9.96 MB

data.tar ¶

⊟

696 KB

⊟

696 KB

⊟

662 KB

⊟

662 KB

Ordering differences only

⊟

731 KB

⊟

731 KB

⊟

696 KB

⊟

696 KB

Ordering differences only

⊟

1.37 MB

⊟

1.37 MB

⊟

1.31 MB

⊟

1.31 MB

Ordering differences only

⊟

1.43 MB

⊟

1.43 MB

⊟

1.36 MB

⊟

1.36 MB

Ordering differences only

⊟

929 KB

⊟

929 KB

⊟

886 KB

⊟

886 KB

Ordering differences only

⊟

3.73 MB

ssg-debian_0.1.76-1_all.deb ¶

⊟

367 B

file list ¶

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

3.73 MB

data.tar.xz ¶

⊟

3.73 MB

data.tar ¶

⊟

733 KB

⊟

733 KB

⊟

698 KB

⊟

698 KB

Ordering differences only

⊟

1.19 MB

⊟

1.19 MB

⊟

1.14 MB

⊟

1.14 MB

Ordering differences only

⊟

2.51 KB

⊟

2.41 KB

Ordering differences only

⊟

79.5 MB

ssg-nondebian_0.1.76-1_all.deb ¶

⊟

452 B

file list ¶

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

79.5 MB

data.tar.xz ¶

⊟

79.5 MB

data.tar ¶

⊟

3.5 KB

⊟

1.87 KB

⊟

3.25 KB

⊟

2.52 KB

⊟

3.49 KB

⊟

2.0 KB

⊟

6.48 KB

⊟

5.11 KB

⊟

1.31 KB

⊟

1.18 KB

⊟

1.12 KB

⊟

999 B

⊟

1.12 KB

⊟

999 B

⊟

756 KB

⊟

756 KB

⊟

720 KB

⊟

720 KB

Ordering differences only

⊟

901 KB

⊟

901 KB

⊟

859 KB

⊟

859 KB

Ordering differences only

⊟

893 KB

⊟

893 KB

⊟

852 KB

⊟

852 KB

Ordering differences only

⊟

1.02 MB

⊟

1.02 MB

⊟

997 KB

⊟

997 KB

Ordering differences only

⊟

1.01 MB

⊟

1.01 MB

⊟

985 KB

⊟

985 KB

Ordering differences only

⊟

1.01 MB

⊟

1.01 MB

⊟

985 KB

⊟

985 KB

Ordering differences only

⊟

3.41 MB

⊟

3.41 MB

⊟

2.13 MB

⊟

2.13 MB

⊟

2.29 KB

⊟

2.19 KB

Ordering differences only

⊟

3.26 MB

⊟

3.26 MB

⊟

2.48 KB

⊟

2.39 KB

Ordering differences only

⊟

2.05 MB

⊟

2.05 MB

⊟

1.96 MB

⊟

1.96 MB

Ordering differences only

⊟

241 KB

⊟

241 KB

⊟

225 KB

⊟

225 KB

Ordering differences only

⊟

9.12 KB

⊟

9.02 KB

⊟

4.0 KB

⊟

3.89 KB

Ordering differences only

⊟

877 KB

⊟

877 KB

⊟

840 KB

⊟

840 KB

Ordering differences only

⊟

1.82 MB

⊟

1.82 MB

⊟

1.74 MB

⊟

1.74 MB

Ordering differences only

⊟

2.28 KB

⊟

2.18 KB

Ordering differences only

⊟

2.19 MB

⊟

2.19 MB

⊟

2.1 MB

⊟

2.1 MB

Ordering differences only

⊟

2.28 KB

⊟

2.18 KB

Ordering differences only

⊟

2.59 MB

⊟

2.59 MB

⊟

2.48 MB

⊟

2.48 MB

Ordering differences only

⊟

2.06 MB

⊟

2.06 MB

⊟

1.97 MB

⊟

1.97 MB

Ordering differences only

⊟

2.27 KB

⊟

2.17 KB

Ordering differences only

⊟

941 KB

⊟

941 KB

⊟

897 KB

⊟

897 KB

Ordering differences only

⊟

554 KB

⊟

554 KB

⊟

525 KB

⊟

525 KB

Ordering differences only

⊟

679 KB

⊟

679 KB

⊟

645 KB

⊟

645 KB

Ordering differences only

⊟

1.62 MB

⊟

1.62 MB

⊟

1.55 MB

⊟

1.55 MB

Ordering differences only

⊟

2.28 KB

⊟

2.17 KB

Ordering differences only

⊟

2.13 MB

⊟

2.13 MB

⊟

2.05 MB

⊟

2.05 MB

Ordering differences only

⊟

2.3 KB

⊟

2.2 KB

Ordering differences only

⊟

3.41 MB

⊟

3.41 MB

⊟

3.27 MB

⊟

3.27 MB

Ordering differences only

⊟

3.26 MB

⊟

3.26 MB

⊟

3.12 MB

⊟

3.12 MB

Ordering differences only

⊟

2.49 KB

⊟

2.39 KB

Ordering differences only

⊟

1.57 MB

⊟

1.57 MB

⊟

1.5 MB

⊟

1.5 MB

Ordering differences only

⊟

1.79 MB

⊟

1.79 MB

⊟

1.7 MB

⊟

1.7 MB

Ordering differences only

⊟

2.49 KB

⊟

2.39 KB

Ordering differences only

⊟

1.88 MB

⊟

1.88 MB

⊟

1.8 MB

⊟

1.8 MB

Ordering differences only

⊟

2.49 KB

⊟

2.39 KB

Ordering differences only

⊟

1.01 MB

⊟

1.01 MB

⊟

983 KB

⊟

983 KB

Ordering differences only


Offset 1, 6 lines modified		Offset 1, 6 lines modified

1	·3b961349f689d4e~~76153f715f36~~6~~baba~~·153748·admin·optional·ssg-applications_0.1.76-1_all.deb	1	·73b99687142a6b4bc2cb738ea816afc5·153744·admin·optional·ssg-applications_0.1.76-1_all.deb
2	·ea0c1f19113a8a6c0a6e8b10e8e208a9·32632·admin·optional·ssg-base_0.1.76-1_all.deb	2	·ea0c1f19113a8a6c0a6e8b10e8e208a9·32632·admin·optional·ssg-base_0.1.76-1_all.deb
3	·e8d8b5d07fc10b7a7ca1d90b2545e4ce·3725952·admin·optional·ssg-debderived_0.1.76-1_all.deb
4	·6d3e00a0583a40561c16ee4c551363c6·1232524·admin·optional·ssg-debian_0.1.76-1_all.deb
5	·af0~~ef7e3bdcf4~~e~~0bc0~~b~~4c5dbd~~c65fc0d·371~~026~~52·admin·optional·ssg-~~non~~debian_0.1.76-1_all.deb	3	·d5ad0488f0c9ac7ed76db154519c44fa·3725856·admin·optional·ssg-debderived_0.1.76-1_all.deb
		4	·d85ff4175cbf8e8a59386b5d3100e52c·1232372·admin·optional·ssg-debian_0.1.76-1_all.deb
		5	·d9e2b953a3fda287fec0899bdc9642fe·37099656·admin·optional·ssg-nondebian_0.1.76-1_all.deb


Offset 1, 3 lines modified		Offset 1, 3 lines modified
1	-rw-r--r--···0········0········0········4·2025-03-01·08:08:00.000000·debian-binary	1	-rw-r--r--···0········0········0········4·2025-03-01·08:08:00.000000·debian-binary
2	-rw-r--r--···0········0········0·····1724·2025-03-01·08:08:00.000000·control.tar.xz	2	-rw-r--r--···0········0········0·····1720·2025-03-01·08:08:00.000000·control.tar.xz
3	-rw-r--r--···0········0········0···151832·2025-03-01·08:08:00.000000·data.tar.xz	3	-rw-r--r--···0········0········0···151832·2025-03-01·08:08:00.000000·data.tar.xz


Offset 19, 23 lines modified		Offset 19, 23 lines modified
19	····</ds:checklists>	19	····</ds:checklists>
20	····<ds:checks>	20	····<ds:checks>
21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-oval.xml"/>	21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-oval.xml"/>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-ocil.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-ocil.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-cpe-oval.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-cpe-oval.xml"/>
24	····</ds:checks>	24	····</ds:checks>
25	··</ds:data-stream>	25	··</ds:data-stream>
26	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	26	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28	······<cpe-dict:cpe-item·name="cpe:/a:google:chromium-browser">	28	······<cpe-dict:cpe-item·name="cpe:/a:google:chromium-browser">
29	········<cpe-dict:title·xml:lang="en-us">Google·Chromium·Browser</cpe-dict:title>	29	········<cpe-dict:title·xml:lang="en-us">Google·Chromium·Browser</cpe-dict:title>
30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-chromium-cpe-oval.xml">oval:ssg-installed_app_is_chromium:def:1</cpe-dict:check>	30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-chromium-cpe-oval.xml">oval:ssg-installed_app_is_chromium:def:1</cpe-dict:check>
31	······</cpe-dict:cpe-item>	31	······</cpe-dict:cpe-item>
32	····</cpe-dict:cpe-list>	32	····</cpe-dict:cpe-list>
33	··</ds:component>	33	··</ds:component>
34	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-xccdf.xml"·timestamp="2025-02-28T20:08:00">	34	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-xccdf.xml"·timestamp="2025-03-01T22:08:00">
35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>	37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>
38	······<xccdf-1.2:description>	38	······<xccdf-1.2:description>
39	········This·guide·presents·a·catalog·of·security-relevant	39	········This·guide·presents·a·catalog·of·security-relevant
40	configuration·settings·for·Chromium.·It·is·a·rendering·of	40	configuration·settings·for·Chromium.·It·is·a·rendering·of
41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 1675, 15 lines modified		Offset 1675, 15 lines modified
1675	··········<xccdf-1.2:check·system="http://scap.nist.gov/schema/ocil/2">	1675	··········<xccdf-1.2:check·system="http://scap.nist.gov/schema/ocil/2">
1676	············<xccdf-1.2:check-content-ref·href="ssg-chromium-ocil.xml"·name="ocil:ssg-chromium_whitelist_plugin_urls_ocil:questionnaire:1"/>	1676	············<xccdf-1.2:check-content-ref·href="ssg-chromium-ocil.xml"·name="ocil:ssg-chromium_whitelist_plugin_urls_ocil:questionnaire:1"/>
1677	··········</xccdf-1.2:check>	1677	··········</xccdf-1.2:check>
1678	········</xccdf-1.2:Rule>	1678	········</xccdf-1.2:Rule>
1679	······</xccdf-1.2:Group>	1679	······</xccdf-1.2:Group>
1680	····</xccdf-1.2:Benchmark>	1680	····</xccdf-1.2:Benchmark>
1681	··</ds:component>	1681	··</ds:component>
1682	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-oval.xml"·timestamp="2025-02-28T20:08:00">	1682	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-oval.xml"·timestamp="2025-03-01T22:08:00">
1683	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	1683	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
1684	······<oval-def:generator>	1684	······<oval-def:generator>
1685	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	1685	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
1686	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.5</oval:product_version>	1686	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.5</oval:product_version>
1687	········<oval:schema_version>5.11</oval:schema_version>	1687	········<oval:schema_version>5.11</oval:schema_version>
1688	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	1688	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>
1689	······</oval-def:generator>	1689	······</oval-def:generator>
Offset 2539, 400 lines modified		Offset 2539, 400 lines modified
2539	········<oval-def:external_variable·id="oval:ssg-var_enable_encrypted_searching:var:1"·version="1"·datatype="string"·comment="Expected·search·provider·name"/>	2539	········<oval-def:external_variable·id="oval:ssg-var_enable_encrypted_searching:var:1"·version="1"·datatype="string"·comment="Expected·search·provider·name"/>
2540	········<oval-def:external_variable·id="oval:ssg-var_extension_whitelist:var:1"·version="1"·datatype="string"·comment="Expected·approved·extensions"/>	2540	········<oval-def:external_variable·id="oval:ssg-var_extension_whitelist:var:1"·version="1"·datatype="string"·comment="Expected·approved·extensions"/>
2541	········<oval-def:external_variable·id="oval:ssg-var_auth_schema:var:1"·version="1"·datatype="string"·comment="Expected·HTTP·authentication·type"/>	2541	········<oval-def:external_variable·id="oval:ssg-var_auth_schema:var:1"·version="1"·datatype="string"·comment="Expected·HTTP·authentication·type"/>
2542	········<oval-def:external_variable·id="oval:ssg-var_trusted_home_page:var:1"·version="1"·datatype="string"·comment="Expected·home·page"/>	2542	········<oval-def:external_variable·id="oval:ssg-var_trusted_home_page:var:1"·version="1"·datatype="string"·comment="Expected·home·page"/>
2543	······</oval-def:variables>	2543	······</oval-def:variables>
2544	····</oval-def:oval_definitions>	2544	····</oval-def:oval_definitions>
2545	··</ds:component>	2545	··</ds:component>
2546	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-ocil.xml"·timestamp="2025-02-28T20:08:00">	2546	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-ocil.xml"·timestamp="2025-03-01T22:08:00">
2547	····<ocil:ocil>	2547	····<ocil:ocil>
2548	······<ocil:generator>	2548	······<ocil:generator>
2549	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	2549	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
2550	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>	2550	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>
2551	········<ocil:schema_version>2.0</ocil:schema_version>	2551	········<ocil:schema_version>2.0</ocil:schema_version>
2552	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	2552	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
2553	······</ocil:generator>	2553	······</ocil:generator>
2554	······<ocil:questionnaires>	2554	······<ocil:questionnaires>
2555	········<ocil:questionnaire·id="ocil:ssg-chromium_enable_safe_browsing_ocil:questionnaire:1">
2556	··········<ocil:title>Enable·the·Safe·Browsing·Feature</ocil:title>
2557	··········<ocil:actions>
2558	············<ocil:test_action_ref>ocil:ssg-chromium_enable_safe_browsing_action:testaction:1</ocil:test_action_ref>
2559	··········</ocil:actions>
2560	········</ocil:questionnaire>
2561	········<ocil:questionnaire·id="ocil:ssg-chromium_blacklist_extension_installation_ocil:questionnaire:1">
2562	··········<ocil:title>Disable·All·Extensions·by·Default</ocil:title>
2563	··········<ocil:actions>
2564	············<ocil:test_action_ref>ocil:ssg-chromium_blacklist_extension_installation_action:testaction:1</ocil:test_action_ref>
2565	··········</ocil:actions>
2566	········</ocil:questionnaire>
2567	········<ocil:questionnaire·id="ocil:ssg-chromium_default_search_provider_name_ocil:questionnaire:1">
2568	··········<ocil:title>Set·the·Default·Search·Provider's·URL</ocil:title>
2569	··········<ocil:actions>
2570	············<ocil:test_action_ref>ocil:ssg-chromium_default_search_provider_name_action:testaction:1</ocil:test_action_ref>
2571	··········</ocil:actions>
2572	········</ocil:questionnaire>
2573	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_plugin_blacklist_ocil:questionnaire:1">	2555	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_plugin_blacklist_ocil:questionnaire:1">
2574	··········<ocil:title>Disable·All·Plugins·by·Default</ocil:title>	2556	··········<ocil:title>Disable·All·Plugins·by·Default</ocil:title>
2575	··········<ocil:actions>	2557	··········<ocil:actions>
2576	············<ocil:test_action_ref>ocil:ssg-chromium_disable_plugin_blacklist_action:testaction:1</ocil:test_action_ref>	2558	············<ocil:test_action_ref>ocil:ssg-chromium_disable_plugin_blacklist_action:testaction:1</ocil:test_action_ref>
2577	··········</ocil:actions>	2559	··········</ocil:actions>
2578	········</ocil:questionnaire>	2560	········</ocil:questionnaire>
2579	········<ocil:questionnaire·id="ocil:ssg-chromium_~~block_~~des~~ktop~~_noti~~ficatio~~ns_ocil:questionnaire:1">	2561	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_google_sync_ocil:questionnaire:1">
2580	··········<ocil:title>~~Prevent~~·D~~esktop·Notif~~ications</ocil:title>	2562	··········<ocil:title>Disable·Data·Synchronization·to·Google</ocil:title>
2581	··········<ocil:actions>	2563	··········<ocil:actions>
2582	············<ocil:test_action_ref>ocil:ssg-chromium_~~block_~~des~~ktop~~_noti~~ficatio~~ns_action:testaction:1</ocil:test_action_ref>	2564	············<ocil:test_action_ref>ocil:ssg-chromium_disable_google_sync_action:testaction:1</ocil:test_action_ref>
2583	··········</ocil:actions>	2565	··········</ocil:actions>
2584	········</ocil:questionnaire>	2566	········</ocil:questionnaire>
2585	········<ocil:questionnaire·id="ocil:ssg-chromium_http_authentication_ocil:questionnaire:1">	2567	········<ocil:questionnaire·id="ocil:ssg-chromium_http_authentication_ocil:questionnaire:1">
2586	··········<ocil:title>Set·Chromium's·HTTP·Authentication·Scheme</ocil:title>	2568	··········<ocil:title>Set·Chromium's·HTTP·Authentication·Scheme</ocil:title>
2587	··········<ocil:actions>	2569	··········<ocil:actions>
2588	············<ocil:test_action_ref>ocil:ssg-chromium_http_authentication_action:testaction:1</ocil:test_action_ref>	2570	············<ocil:test_action_ref>ocil:ssg-chromium_http_authentication_action:testaction:1</ocil:test_action_ref>
2589	··········</ocil:actions>	2571	··········</ocil:actions>
2590	········</ocil:questionnaire>	2572	········</ocil:questionnaire>
2591	········<ocil:questionnaire·id="ocil:ssg-chromium_che~~ck_c~~ert_revoc~~ation~~_ocil:questionnaire:1">	2573	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_firewall_traversal_ocil:questionnaire:1">
2592	··········<ocil:title>Enable·~~Onl~~i~~ne·OCSP/CRL~~·~~Certificat~~e·Checks</ocil:title>	2574	··········<ocil:title>Disable·Chromium's·Ability·to·Traverse·Firewalls</ocil:title>
2593	··········<ocil:actions>	2575	··········<ocil:actions>
2594	············<ocil:test_action_ref>ocil:ssg-chromium_che~~ck_c~~ert_revoc~~ation~~_action:testaction:1</ocil:test_action_ref>	2576	············<ocil:test_action_ref>ocil:ssg-chromium_disable_firewall_traversal_action:testaction:1</ocil:test_action_ref>
2595	··········</ocil:actions>	2577	··········</ocil:actions>
2596	········</ocil:questionnaire>	2578	········</ocil:questionnaire>
2597	········<ocil:questionnaire·id="ocil:ssg-chromium_default_bl~~ock~~_p~~lugin~~s_ocil:questionnaire:1">	2579	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_cleartext_passwords_ocil:questionnaire:1">
2598	··········<ocil:title>Bl~~ock~~·Pl~~ugins·by·Default~~</ocil:title>	2580	··········<ocil:title>Disable·Use·of·Cleartext·Passwords</ocil:title>
2599	··········<ocil:actions>	2581	··········<ocil:actions>
		2582	············<ocil:test_action_ref>ocil:ssg-chromium_disable_cleartext_passwords_action:testaction:1</ocil:test_action_ref>
		2583	··········</ocil:actions>
		2584	········</ocil:questionnaire>
		2585	········<ocil:questionnaire·id="ocil:ssg-chromium_default_search_provider_name_ocil:questionnaire:1">
		2586	··········<ocil:title>Set·the·Default·Search·Provider's·URL</ocil:title>
		2587	··········<ocil:actions>
2600	············<ocil:test_action_ref>ocil:ssg-chromium_default_~~blo~~ck_p~~lug~~ins_action:testaction:1</ocil:test_action_ref>	2588	············<ocil:test_action_ref>ocil:ssg-chromium_default_search_provider_name_action:testaction:1</ocil:test_action_ref>
2601	··········</ocil:actions>	2589	··········</ocil:actions>
2602	········</ocil:questionnaire>	2590	········</ocil:questionnaire>
2603	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_network_prediction_ocil:questionnaire:1">	2591	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_network_prediction_ocil:questionnaire:1">
2604	··········<ocil:title>Disable·Network·Prediction</ocil:title>	2592	··········<ocil:title>Disable·Network·Prediction</ocil:title>
2605	··········<ocil:actions>	2593	··········<ocil:actions>
2606	············<ocil:test_action_ref>ocil:ssg-chromium_disable_network_prediction_action:testaction:1</ocil:test_action_ref>	2594	············<ocil:test_action_ref>ocil:ssg-chromium_disable_network_prediction_action:testaction:1</ocil:test_action_ref>
2607	··········</ocil:actions>	2595	··········</ocil:actions>
2608	········</ocil:questionnaire>	2596	········</ocil:questionnaire>
2609	········<ocil:questionnaire·id="ocil:ssg-chromium_~~trusted_home~~_~~pag~~e_ocil:questionnaire:1">	2597	········<ocil:questionnaire·id="ocil:ssg-chromium_policy_file_ocil:questionnaire:1">
2610	··········<ocil:title>Set·the·Default·~~Hom~~e·~~Page~~</ocil:title>	2598	··········<ocil:title>Ensure·the·Chromium·Policy·Configuration·File·Exists</ocil:title>
2611	··········<ocil:actions>	2599	··········<ocil:actions>
2612	············<ocil:test_action_ref>ocil:ssg-chromium_~~trusted_home~~_~~pag~~e_action:testaction:1</ocil:test_action_ref>	2600	············<ocil:test_action_ref>ocil:ssg-chromium_policy_file_action:testaction:1</ocil:test_action_ref>
2613	··········</ocil:actions>	2601	··········</ocil:actions>
2614	········</ocil:questionnaire>	2602	········</ocil:questionnaire>
2615	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_saved_pas~~sword~~s_ocil:questionnaire:1">	2603	········<ocil:questionnaire·id="ocil:ssg-chromium_enable_approved_plugins_ocil:questionnaire:1">
2616	··········<ocil:title>Disable·Saved·Pas~~sword~~s</ocil:title>	2604	··········<ocil:title>Enable·Only·Approved·Plugins</ocil:title>
2617	··········<ocil:actions>	2605	··········<ocil:actions>
2618	············<ocil:test_action_ref>ocil:ssg-chromium_disable_saved_pas~~sword~~s_action:testaction:1</ocil:test_action_ref>	2606	············<ocil:test_action_ref>ocil:ssg-chromium_enable_approved_plugins_action:testaction:1</ocil:test_action_ref>
2619	··········</ocil:actions>	2607	··········</ocil:actions>
Max diff block lines reached; 68108/78779 bytes (86.45%) of diff not shown.


Offset 3, 391 lines modified		Offset 3, 391 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-chromium_enable_safe_browsing_ocil:questionnaire:1">
11	······<ocil:title>Enable·the·Safe·Browsing·Feature</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-chromium_enable_safe_browsing_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-chromium_blacklist_extension_installation_ocil:questionnaire:1">
17	······<ocil:title>Disable·All·Extensions·by·Default</ocil:title>
18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-chromium_blacklist_extension_installation_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>
21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-chromium_default_search_provider_name_ocil:questionnaire:1">
23	······<ocil:title>Set·the·Default·Search·Provider's·URL</ocil:title>
24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-chromium_default_search_provider_name_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>
27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_plugin_blacklist_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_plugin_blacklist_ocil:questionnaire:1">
29	······<ocil:title>Disable·All·Plugins·by·Default</ocil:title>	11	······<ocil:title>Disable·All·Plugins·by·Default</ocil:title>
30	······<ocil:actions>	12	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-chromium_disable_plugin_blacklist_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-chromium_disable_plugin_blacklist_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	14	······</ocil:actions>
33	····</ocil:questionnaire>	15	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-chromium_~~block_~~des~~ktop~~_noti~~ficatio~~ns_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_google_sync_ocil:questionnaire:1">
35	······<ocil:title>~~Prevent~~·D~~esktop·Notif~~ications</ocil:title>	17	······<ocil:title>Disable·Data·Synchronization·to·Google</ocil:title>
36	······<ocil:actions>	18	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-chromium_~~block_~~des~~ktop~~_noti~~ficatio~~ns_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-chromium_disable_google_sync_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	20	······</ocil:actions>
39	····</ocil:questionnaire>	21	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-chromium_http_authentication_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-chromium_http_authentication_ocil:questionnaire:1">
41	······<ocil:title>Set·Chromium's·HTTP·Authentication·Scheme</ocil:title>	23	······<ocil:title>Set·Chromium's·HTTP·Authentication·Scheme</ocil:title>
42	······<ocil:actions>	24	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-chromium_http_authentication_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-chromium_http_authentication_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	26	······</ocil:actions>
45	····</ocil:questionnaire>	27	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-chromium_che~~ck_c~~ert_revoc~~ation~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_firewall_traversal_ocil:questionnaire:1">
47	······<ocil:title>Enable·~~Onl~~i~~ne·OCSP/CRL~~·~~Certificat~~e·Checks</ocil:title>	29	······<ocil:title>Disable·Chromium's·Ability·to·Traverse·Firewalls</ocil:title>
48	······<ocil:actions>	30	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-chromium_che~~ck_c~~ert_revoc~~ation~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-chromium_disable_firewall_traversal_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	32	······</ocil:actions>
51	····</ocil:questionnaire>	33	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-chromium_default_bl~~ock~~_p~~lugin~~s_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_cleartext_passwords_ocil:questionnaire:1">
53	······<ocil:title>Bl~~ock~~·Pl~~ugins·by·Default~~</ocil:title>	35	······<ocil:title>Disable·Use·of·Cleartext·Passwords</ocil:title>
54	······<ocil:actions>	36	······<ocil:actions>
		37	········<ocil:test_action_ref>ocil:ssg-chromium_disable_cleartext_passwords_action:testaction:1</ocil:test_action_ref>
		38	······</ocil:actions>
		39	····</ocil:questionnaire>
		40	····<ocil:questionnaire·id="ocil:ssg-chromium_default_search_provider_name_ocil:questionnaire:1">
		41	······<ocil:title>Set·the·Default·Search·Provider's·URL</ocil:title>
		42	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-chromium_default_~~blo~~ck_p~~lug~~ins_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-chromium_default_search_provider_name_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	44	······</ocil:actions>
57	····</ocil:questionnaire>	45	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_network_prediction_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_network_prediction_ocil:questionnaire:1">
59	······<ocil:title>Disable·Network·Prediction</ocil:title>	47	······<ocil:title>Disable·Network·Prediction</ocil:title>
60	······<ocil:actions>	48	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-chromium_disable_network_prediction_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-chromium_disable_network_prediction_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	50	······</ocil:actions>
63	····</ocil:questionnaire>	51	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-chromium_~~trusted_home~~_~~pag~~e_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-chromium_policy_file_ocil:questionnaire:1">
65	······<ocil:title>Set·the·Default·~~Hom~~e·~~Page~~</ocil:title>	53	······<ocil:title>Ensure·the·Chromium·Policy·Configuration·File·Exists</ocil:title>
66	······<ocil:actions>	54	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-chromium_~~trusted_home~~_~~pag~~e_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-chromium_policy_file_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	56	······</ocil:actions>
69	····</ocil:questionnaire>	57	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_saved_pas~~sword~~s_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-chromium_enable_approved_plugins_ocil:questionnaire:1">
71	······<ocil:title>Disable·Saved·Pas~~sword~~s</ocil:title>	59	······<ocil:title>Enable·Only·Approved·Plugins</ocil:title>
72	······<ocil:actions>	60	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-chromium_disable_saved_pas~~sword~~s_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-chromium_enable_approved_plugins_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	62	······</ocil:actions>
75	····</ocil:questionnaire>	63	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-chromium_~~disa~~ble~~_ba~~ck~~ground_pr~~ocessing_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-chromium_check_cert_revocation_ocil:questionnaire:1">
77	······<ocil:title>Disable·~~Background~~·Proce~~ssing~~</ocil:title>	65	······<ocil:title>Enable·Online·OCSP/CRL·Certificate·Checks</ocil:title>
78	······<ocil:actions>	66	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-chromium_~~disa~~ble~~_ba~~ck~~ground_pr~~ocessing_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-chromium_check_cert_revocation_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	68	······</ocil:actions>
81	····</ocil:questionnaire>	69	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-chromium_~~disabl~~e_th~~irdparty_cook~~ies_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-chromium_extension_whitelist_ocil:questionnaire:1">
83	······<ocil:title>Disable·~~3rd~~·Party·~~Cook~~ies</ocil:title>	71	······<ocil:title>Enable·Only·Approved·Extensions</ocil:title>
84	······<ocil:actions>	72	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-chromium_~~disabl~~e_th~~irdparty_cook~~ies_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-chromium_extension_whitelist_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	74	······</ocil:actions>
87	····</ocil:questionnaire>	75	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-chromium_plu~~gin~~s_re~~quir~~e_~~aut~~hor~~ization~~_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-chromium_trusted_home_page_ocil:questionnaire:1">
89	······<ocil:title>Re~~quir~~e·Outdated·~~Plugins~~·to·be·~~Authoriz~~ed</ocil:title>	77	······<ocil:title>Set·the·Default·Home·Page</ocil:title>
90	······<ocil:actions>	78	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-chromium_plu~~gin~~s_re~~quir~~e_~~aut~~hor~~ization~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-chromium_trusted_home_page_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	80	······</ocil:actions>
93	····</ocil:questionnaire>	81	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-chromium_~~ext~~e~~nsi~~on~~_wh~~i~~tel~~ist_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-chromium_block_desktop_notifications_ocil:questionnaire:1">
95	······<ocil:title>~~Enable~~·~~Only·A~~ppro~~ved·Ex~~t~~ens~~ions</ocil:title>	83	······<ocil:title>Prevent·Desktop·Notifications</ocil:title>
96	······<ocil:actions>	84	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-chromium_~~ext~~e~~nsi~~on~~_wh~~i~~tel~~ist_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-chromium_block_desktop_notifications_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	86	······</ocil:actions>
99	····</ocil:questionnaire>	87	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~pas~~sword_~~manager~~_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-chromium_default_block_plugins_ocil:questionnaire:1">
101	······<ocil:title>~~Disa~~ble·~~Chromi~~um·~~Pas~~sw~~ord~~·~~Man~~a~~ger~~</ocil:title>	89	······<ocil:title>Block·Plugins·by·Default</ocil:title>
102	······<ocil:actions>	90	······<ocil:actions>
		91	········<ocil:test_action_ref>ocil:ssg-chromium_default_block_plugins_action:testaction:1</ocil:test_action_ref>
		92	······</ocil:actions>
		93	····</ocil:questionnaire>
		94	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_background_processing_ocil:questionnaire:1">
		95	······<ocil:title>Disable·Background·Processing</ocil:title>
		96	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-chromium_disable_pa~~ssw~~ord_~~manager~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-chromium_disable_background_processing_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	98	······</ocil:actions>
105	····</ocil:questionnaire>	99	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_metrics_reporting_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_metrics_reporting_ocil:questionnaire:1">
107	······<ocil:title>Disable·Metrics·Reporting</ocil:title>	101	······<ocil:title>Disable·Metrics·Reporting</ocil:title>
108	······<ocil:actions>	102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-chromium_disable_metrics_reporting_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-chromium_disable_metrics_reporting_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	104	······</ocil:actions>
111	····</ocil:questionnaire>	105	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~googl~~e_sync_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_outdated_plugins_ocil:questionnaire:1">
113	······<ocil:title>Disable·Dat~~a·Synchroni~~zation·to~~·Google~~</ocil:title>	107	······<ocil:title>Disable·Outdated·Plugins</ocil:title>
114	······<ocil:actions>	108	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-chromium_disable_~~googl~~e_sync_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-chromium_disable_outdated_plugins_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	110	······</ocil:actions>
117	····</ocil:questionnaire>	111	····</ocil:questionnaire>
Max diff block lines reached; 59291/69990 bytes (84.71%) of diff not shown.


Offset 19, 15 lines modified		Offset 19, 15 lines modified
19	····</ds:checklists>	19	····</ds:checklists>
20	····<ds:checks>	20	····<ds:checks>
21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-oval.xml"/>	21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-oval.xml"/>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-ocil.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-ocil.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-cpe-oval.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-cpe-oval.xml"/>
24	····</ds:checks>	24	····</ds:checks>
25	··</ds:data-stream>	25	··</ds:data-stream>
26	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	26	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28	······<cpe-dict:cpe-item·name="cpe:/a:amazon:elastic_kubernetes_service:1">	28	······<cpe-dict:cpe-item·name="cpe:/a:amazon:elastic_kubernetes_service:1">
29	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service</cpe-dict:title>	29	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service</cpe-dict:title>
30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks:def:1</cpe-dict:check>	30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks:def:1</cpe-dict:check>
31	······</cpe-dict:cpe-item>	31	······</cpe-dict:cpe-item>
32	······<cpe-dict:cpe-item·name="cpe:/a:amazon:elastic_kubernetes_service_node:1.21">	32	······<cpe-dict:cpe-item·name="cpe:/a:amazon:elastic_kubernetes_service_node:1.21">
33	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·1.21</cpe-dict:title>	33	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·1.21</cpe-dict:title>
Offset 35, 15 lines modified		Offset 35, 15 lines modified
35	······</cpe-dict:cpe-item>	35	······</cpe-dict:cpe-item>
36	······<cpe-dict:cpe-item·name="cpe:/o:amazon:elastic_kubernetes_service_node:1">	36	······<cpe-dict:cpe-item·name="cpe:/o:amazon:elastic_kubernetes_service_node:1">
37	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·Node</cpe-dict:title>	37	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·Node</cpe-dict:title>
38	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks_node:def:1</cpe-dict:check>	38	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks_node:def:1</cpe-dict:check>
39	······</cpe-dict:cpe-item>	39	······</cpe-dict:cpe-item>
40	····</cpe-dict:cpe-list>	40	····</cpe-dict:cpe-list>
41	··</ds:component>	41	··</ds:component>
42	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-xccdf.xml"·timestamp="2025-02-28T20:08:00">	42	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-xccdf.xml"·timestamp="2025-03-01T22:08:00">
43	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	43	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
44	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	44	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
45	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>	45	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>
46	······<xccdf-1.2:description>	46	······<xccdf-1.2:description>
47	········This·guide·presents·a·catalog·of·security-relevant	47	········This·guide·presents·a·catalog·of·security-relevant
48	configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of	48	configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of
49	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	49	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 1545, 15 lines modified		Offset 1545, 15 lines modified
1545	··············<xccdf-1.2:check-content-ref·href="ssg-eks-ocil.xml"·name="ocil:ssg-file_permissions_worker_kubeconfig_ocil:questionnaire:1"/>	1545	··············<xccdf-1.2:check-content-ref·href="ssg-eks-ocil.xml"·name="ocil:ssg-file_permissions_worker_kubeconfig_ocil:questionnaire:1"/>
1546	············</xccdf-1.2:check>	1546	············</xccdf-1.2:check>
1547	··········</xccdf-1.2:Rule>	1547	··········</xccdf-1.2:Rule>
1548	········</xccdf-1.2:Group>	1548	········</xccdf-1.2:Group>
1549	······</xccdf-1.2:Group>	1549	······</xccdf-1.2:Group>
1550	····</xccdf-1.2:Benchmark>	1550	····</xccdf-1.2:Benchmark>
1551	··</ds:component>	1551	··</ds:component>
1552	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-oval.xml"·timestamp="2025-02-28T20:08:00">	1552	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-oval.xml"·timestamp="2025-03-01T22:08:00">
1553	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	1553	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
1554	······<oval-def:generator>	1554	······<oval-def:generator>
1555	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	1555	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
1556	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.5</oval:product_version>	1556	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.5</oval:product_version>
1557	········<oval:schema_version>5.11</oval:schema_version>	1557	········<oval:schema_version>5.11</oval:schema_version>
1558	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	1558	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>
1559	······</oval-def:generator>	1559	······</oval-def:generator>
Offset 2166, 506 lines modified		Offset 2166, 620 lines modified
2166	········<oval-def:external_variable·id="oval:ssg-var_streaming_connection_timeouts:var:1"·version="1"·datatype="string"·comment="variable"/>	2166	········<oval-def:external_variable·id="oval:ssg-var_streaming_connection_timeouts:var:1"·version="1"·datatype="string"·comment="variable"/>
2167	········<oval-def:local_variable·id="oval:ssg-kubelet_read_only_port_secured_file_location:var:1"·version="1"·datatype="string"·comment="The·actual·path·of·the·file·to·scan.">	2167	········<oval-def:local_variable·id="oval:ssg-kubelet_read_only_port_secured_file_location:var:1"·version="1"·datatype="string"·comment="The·actual·path·of·the·file·to·scan.">
2168	··········<oval-def:literal_component>/etc/kubernetes/compliance-operator/kubeletconfig/openscap-kubeletconfig</oval-def:literal_component>	2168	··········<oval-def:literal_component>/etc/kubernetes/compliance-operator/kubeletconfig/openscap-kubeletconfig</oval-def:literal_component>
2169	········</oval-def:local_variable>	2169	········</oval-def:local_variable>
2170	······</oval-def:variables>	2170	······</oval-def:variables>
2171	····</oval-def:oval_definitions>	2171	····</oval-def:oval_definitions>
2172	··</ds:component>	2172	··</ds:component>
2173	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-ocil.xml"·timestamp="2025-02-28T20:08:00">	2173	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-ocil.xml"·timestamp="2025-03-01T22:08:00">
2174	····<ocil:ocil>	2174	····<ocil:ocil>
2175	······<ocil:generator>	2175	······<ocil:generator>
2176	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	2176	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
2177	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>	2177	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>
2178	········<ocil:schema_version>2.0</ocil:schema_version>	2178	········<ocil:schema_version>2.0</ocil:schema_version>
2179	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	2179	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
2180	······</ocil:generator>	2180	······</ocil:generator>
2181	······<ocil:questionnaires>	2181	······<ocil:questionnaires>
2182	········<ocil:questionnaire·id="ocil:ssg-~~file_~~per~~miss~~i~~ons_kubel~~et_conf_ocil:questionnaire:1">	2182	········<ocil:questionnaire·id="ocil:ssg-private_nodes_ocil:questionnaire:1">
2183	··········<ocil:title>~~Verify·Permissi~~ons~~·on·~~The·~~Kubel~~et·Configuration·~~Fil~~e</ocil:title>	2183	··········<ocil:title>Ensure·Cluster·Private·Nodes</ocil:title>
2184	··········<ocil:actions>	2184	··········<ocil:actions>
2185	············<ocil:test_action_ref>ocil:ssg-~~file_~~per~~miss~~i~~ons_kubel~~et_conf_action:testaction:1</ocil:test_action_ref>	2185	············<ocil:test_action_ref>ocil:ssg-private_nodes_action:testaction:1</ocil:test_action_ref>
2186	··········</ocil:actions>	2186	··········</ocil:actions>
2187	········</ocil:questionnaire>	2187	········</ocil:questionnaire>
2188	········<ocil:questionnaire·id="ocil:ssg-iam_integration_ocil:questionnaire:1">	2188	········<ocil:questionnaire·id="ocil:ssg-configure_network_policies_namespaces_ocil:questionnaire:1">
2189	··········<ocil:title>Manage·Users·with·~~AWS·IAM~~</ocil:title>	2189	··········<ocil:title>Ensure·that·application·Namespaces·have·Network·Policies·defined.</ocil:title>
2190	··········<ocil:actions>	2190	··········<ocil:actions>
2191	············<ocil:test_action_ref>ocil:ssg-iam_integration_action:testaction:1</ocil:test_action_ref>	2191	············<ocil:test_action_ref>ocil:ssg-configure_network_policies_namespaces_action:testaction:1</ocil:test_action_ref>
2192	··········</ocil:actions>	2192	··········</ocil:actions>
2193	········</ocil:questionnaire>	2193	········</ocil:questionnaire>
2194	········<ocil:questionnaire·id="ocil:ssg-~~kubelet_anonym~~ous_~~auth~~_ocil:questionnaire:1">	2194	········<ocil:questionnaire·id="ocil:ssg-configure_network_policy_ocil:questionnaire:1">
2195	··········<ocil:title>Disable·An~~onym~~ous·~~Authent~~ic~~atio~~n·to·~~the·Ku~~belet</ocil:title>	2195	··········<ocil:title>Ensure·Network·Policy·is·Enabled</ocil:title>
2196	··········<ocil:actions>	2196	··········<ocil:actions>
2197	············<ocil:test_action_ref>ocil:ssg-~~kubelet_anonym~~ous_~~auth~~_action:testaction:1</ocil:test_action_ref>	2197	············<ocil:test_action_ref>ocil:ssg-configure_network_policy_action:testaction:1</ocil:test_action_ref>
2198	··········</ocil:actions>	2198	··········</ocil:actions>
2199	········</ocil:questionnaire>	2199	········</ocil:questionnaire>
2200	········<ocil:questionnaire·id="ocil:ssg-s~~ecre~~t_~~encrypt~~ion_ocil:questionnaire:1">	2200	········<ocil:questionnaire·id="ocil:ssg-audit_logging_ocil:questionnaire:1">
2201	··········<ocil:title>Ensure·Ku~~ber~~netes·~~Secrets~~·are·Encr~~ypt~~ed</ocil:title>	2201	··········<ocil:title>Ensure·Audit·Logging·is·Enabled</ocil:title>
2202	··········<ocil:actions>	2202	··········<ocil:actions>
2203	············<ocil:test_action_ref>ocil:ssg-s~~ecre~~t_~~encrypt~~ion_action:testaction:1</ocil:test_action_ref>	2203	············<ocil:test_action_ref>ocil:ssg-audit_logging_action:testaction:1</ocil:test_action_ref>
2204	··········</ocil:actions>	2204	··········</ocil:actions>
2205	········</ocil:questionnaire>	2205	········</ocil:questionnaire>
2206	········<ocil:questionnaire·id="ocil:ssg-file_permissions_worker_kubeconfig_ocil:questionnaire:1">
2207	··········<ocil:ti~~tle>V~~eri~~fy·Permi~~ss~~ions·on·~~the·Wo~~rker·Kub~~ec~~onfig·F~~ile</o~~cil:title~~>	2206	········<ocil:questionnaire·id="ocil:ssg-kubelet_read_only_port_secured_ocil:questionnaire:1">
		2207	··········<ocil:title>kubelet·-·Ensure·that·the·--read-only-port·is·secured</ocil:title>
2208	··········<ocil:actions>	2208	··········<ocil:actions>
2209	············<ocil:test_action_ref>ocil:ssg-~~fil~~e~~_permissi~~ons_worker_kubeco~~nfig~~_action:testaction:1</ocil:test_action_ref>	2209	············<ocil:test_action_ref>ocil:ssg-kubelet_read_only_port_secured_action:testaction:1</ocil:test_action_ref>
2210	··········</ocil:actions>	2210	··········</ocil:actions>
2211	········</ocil:questionnaire>	2211	········</ocil:questionnaire>
2212	········<ocil:questionnaire·id="ocil:ssg-~~kub~~e~~let_e~~n~~abl~~e_c~~ert_rot~~ation_ocil:questionnaire:1">	2212	········<ocil:questionnaire·id="ocil:ssg-endpoint_configuration_ocil:questionnaire:1">
2213	··········<ocil:title>~~kubel~~et·~~-·En~~able·C~~ertif~~icate·Ro~~tation~~</ocil:title>	2213	··········<ocil:title>Ensure·Private·Endpoint·Access</ocil:title>
2214	··········<ocil:actions>	2214	··········<ocil:actions>
2215	············<ocil:test_action_ref>ocil:ssg-~~kub~~e~~let_e~~n~~abl~~e_c~~ert_rot~~ation_action:testaction:1</ocil:test_action_ref>	2215	············<ocil:test_action_ref>ocil:ssg-endpoint_configuration_action:testaction:1</ocil:test_action_ref>
2216	··········</ocil:actions>	2216	··········</ocil:actions>
2217	········</ocil:questionnaire>	2217	········</ocil:questionnaire>
2218	········<ocil:questionnaire·id="ocil:ssg-file_owner_k~~ubelet_~~conf_ocil:questionnaire:1">	2218	········<ocil:questionnaire·id="ocil:ssg-file_owner_worker_kubeconfig_ocil:questionnaire:1">
2219	··········<ocil:title>Verify·User·Who·Owns·The·K~~ubel~~et·Co~~nfigurat~~ion·File</ocil:title>	2219	··········<ocil:title>Verify·User·Who·Owns·The·Worker·Kubeconfig·File</ocil:title>
2220	··········<ocil:actions>	2220	··········<ocil:actions>
2221	············<ocil:test_action_ref>ocil:ssg-file_owner_k~~ubelet_~~conf_action:testaction:1</ocil:test_action_ref>	2221	············<ocil:test_action_ref>ocil:ssg-file_owner_worker_kubeconfig_action:testaction:1</ocil:test_action_ref>
2222	··········</ocil:actions>	2222	··········</ocil:actions>
2223	········</ocil:questionnaire>	2223	········</ocil:questionnaire>
2224	········<ocil:questionnaire·id="ocil:ssg-file_~~grou~~p~~own~~er~~_worker~~_kubeconfig_ocil:questionnaire:1">	2224	········<ocil:questionnaire·id="ocil:ssg-file_permissions_kubelet_conf_ocil:questionnaire:1">
2225	··········<ocil:title>Verify·~~Group·Wh~~o~~·Owns~~·The·~~Work~~er·~~Kubeconf~~ig·File</ocil:title>	2225	··········<ocil:title>Verify·Permissions·on·The·Kubelet·Configuration·File</ocil:title>
2226	··········<ocil:actions>	2226	··········<ocil:actions>
		2227	············<ocil:test_action_ref>ocil:ssg-file_permissions_kubelet_conf_action:testaction:1</ocil:test_action_ref>
		2228	··········</ocil:actions>
		2229	········</ocil:questionnaire>
		2230	········<ocil:questionnaire·id="ocil:ssg-dedicated_service_accounts_ocil:questionnaire:1">
		2231	··········<ocil:title>Use·Dedicated·Service·Accounts</ocil:title>
		2232	··········<ocil:actions>
		2233	············<ocil:test_action_ref>ocil:ssg-dedicated_service_accounts_action:testaction:1</ocil:test_action_ref>
		2234	··········</ocil:actions>
		2235	········</ocil:questionnaire>
		2236	········<ocil:questionnaire·id="ocil:ssg-kubelet_configure_client_ca_ocil:questionnaire:1">
		2237	··········<ocil:title>kubelet·-·Configure·the·Client·CA·Certificate</ocil:title>
		2238	··········<ocil:actions>
		2239	············<ocil:test_action_ref>ocil:ssg-kubelet_configure_client_ca_action:testaction:1</ocil:test_action_ref>
		2240	··········</ocil:actions>
		2241	········</ocil:questionnaire>
		2242	········<ocil:questionnaire·id="ocil:ssg-secret_encryption_ocil:questionnaire:1">
		2243	··········<ocil:title>Ensure·Kubernetes·Secrets·are·Encrypted</ocil:title>
Max diff block lines reached; 75089/86916 bytes (86.39%) of diff not shown.


Offset 3, 497 lines modified		Offset 3, 611 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-~~file_~~per~~miss~~i~~ons_kubel~~et_conf_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-private_nodes_ocil:questionnaire:1">
11	······<ocil:title>~~Verify·Permissi~~ons~~·on·~~The·~~Kubel~~et·Configuration·~~Fil~~e</ocil:title>	11	······<ocil:title>Ensure·Cluster·Private·Nodes</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-~~file_~~per~~miss~~i~~ons_kubel~~et_conf_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-private_nodes_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-iam_integration_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-configure_network_policies_namespaces_ocil:questionnaire:1">
17	······<ocil:title>Manage·Users·with·~~AWS·IAM~~</ocil:title>	17	······<ocil:title>Ensure·that·application·Namespaces·have·Network·Policies·defined.</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-iam_integration_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-configure_network_policies_namespaces_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-~~kubelet_anonym~~ous_~~auth~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-configure_network_policy_ocil:questionnaire:1">
23	······<ocil:title>Disable·An~~onym~~ous·~~Authent~~ic~~atio~~n·to·~~the·Ku~~belet</ocil:title>	23	······<ocil:title>Ensure·Network·Policy·is·Enabled</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~kubelet_anonym~~ous_~~auth~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-configure_network_policy_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-s~~ecre~~t_~~encrypt~~ion_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-audit_logging_ocil:questionnaire:1">
29	······<ocil:title>Ensure·Ku~~ber~~netes·~~Secrets~~·are·Encr~~ypt~~ed</ocil:title>	29	······<ocil:title>Ensure·Audit·Logging·is·Enabled</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-s~~ecre~~t_~~encrypt~~ion_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-audit_logging_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-file_permissions_worker_kubeconfig_ocil:questionnaire:1">
35	······<ocil:ti~~tle>V~~eri~~fy·Permi~~ss~~ions·on·~~the·Wo~~rker·Kub~~ec~~onfig·F~~ile</o~~cil:title~~>	34	····<ocil:questionnaire·id="ocil:ssg-kubelet_read_only_port_secured_ocil:questionnaire:1">
		35	······<ocil:title>kubelet·-·Ensure·that·the·--read-only-port·is·secured</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~fil~~e~~_permissi~~ons_worker_kubeco~~nfig~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-kubelet_read_only_port_secured_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-~~kub~~e~~let_e~~n~~abl~~e_c~~ert_rot~~ation_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-endpoint_configuration_ocil:questionnaire:1">
41	······<ocil:title>~~kubel~~et·~~-·En~~able·C~~ertif~~icate·Ro~~tation~~</ocil:title>	41	······<ocil:title>Ensure·Private·Endpoint·Access</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~kub~~e~~let_e~~n~~abl~~e_c~~ert_rot~~ation_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-endpoint_configuration_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-file_owner_k~~ubelet_~~conf_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-file_owner_worker_kubeconfig_ocil:questionnaire:1">
47	······<ocil:title>Verify·User·Who·Owns·The·K~~ubel~~et·Co~~nfigurat~~ion·File</ocil:title>	47	······<ocil:title>Verify·User·Who·Owns·The·Worker·Kubeconfig·File</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-file_owner_k~~ubelet_~~conf_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-file_owner_worker_kubeconfig_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-file_~~grou~~p~~own~~er~~_worker~~_kubeconfig_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-file_permissions_kubelet_conf_ocil:questionnaire:1">
53	······<ocil:title>Verify·~~Group·Wh~~o~~·Owns~~·The·~~Work~~er·~~Kubeconf~~ig·File</ocil:title>	53	······<ocil:title>Verify·Permissions·on·The·Kubelet·Configuration·File</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
		55	········<ocil:test_action_ref>ocil:ssg-file_permissions_kubelet_conf_action:testaction:1</ocil:test_action_ref>
		56	······</ocil:actions>
		57	····</ocil:questionnaire>
		58	····<ocil:questionnaire·id="ocil:ssg-dedicated_service_accounts_ocil:questionnaire:1">
		59	······<ocil:title>Use·Dedicated·Service·Accounts</ocil:title>
		60	······<ocil:actions>
		61	········<ocil:test_action_ref>ocil:ssg-dedicated_service_accounts_action:testaction:1</ocil:test_action_ref>
		62	······</ocil:actions>
		63	····</ocil:questionnaire>
		64	····<ocil:questionnaire·id="ocil:ssg-kubelet_configure_client_ca_ocil:questionnaire:1">
		65	······<ocil:title>kubelet·-·Configure·the·Client·CA·Certificate</ocil:title>
		66	······<ocil:actions>
		67	········<ocil:test_action_ref>ocil:ssg-kubelet_configure_client_ca_action:testaction:1</ocil:test_action_ref>
		68	······</ocil:actions>
		69	····</ocil:questionnaire>
		70	····<ocil:questionnaire·id="ocil:ssg-secret_encryption_ocil:questionnaire:1">
		71	······<ocil:title>Ensure·Kubernetes·Secrets·are·Encrypted</ocil:title>
		72	······<ocil:actions>
		73	········<ocil:test_action_ref>ocil:ssg-secret_encryption_action:testaction:1</ocil:test_action_ref>
		74	······</ocil:actions>
		75	····</ocil:questionnaire>
		76	····<ocil:questionnaire·id="ocil:ssg-file_owner_kubelet_conf_ocil:questionnaire:1">
		77	······<ocil:title>Verify·User·Who·Owns·The·Kubelet·Configuration·File</ocil:title>
		78	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-file_~~group~~owner_~~wor~~k~~er_kube~~config_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-file_owner_kubelet_conf_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	80	······</ocil:actions>
57	····</ocil:questionnaire>	81	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_iptables_util_chains_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_iptables_util_chains_ocil:questionnaire:1">
59	······<ocil:title>kubelet·-·Allow·Automatic·Firewall·Configuration</ocil:title>	83	······<ocil:title>kubelet·-·Allow·Automatic·Firewall·Configuration</ocil:title>
60	······<ocil:actions>	84	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_iptables_util_chains_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_iptables_util_chains_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	86	······</ocil:actions>
63	····</ocil:questionnaire>	87	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-registry_access_ocil:questionnaire:1">
65	······<ocil:title>Mi~~nimize·~~user·acces~~s·t~~o~~·Amaz~~on~~·ECR</~~ocil:title>	88	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_streaming_connections_deprecated_ocil:questionnaire:1">
		89	······<ocil:title>kubelet·-·Do·Not·Disable·Streaming·Timeouts</ocil:title>
66	······<ocil:actions>	90	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-registry_acc~~ess~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_streaming_connections_deprecated_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	92	······</ocil:actions>
69	····</ocil:questionnaire>	93	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~priva~~te~~_nodes~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-iam_integration_ocil:questionnaire:1">
71	······<ocil:title>~~Ensur~~e·Cluster~~·Pr~~i~~vate·Nodes~~</ocil:title>	95	······<ocil:title>Manage·Users·with·AWS·IAM</ocil:title>
72	······<ocil:actions>	96	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~priva~~te~~_nodes~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-iam_integration_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	98	······</ocil:actions>
75	····</ocil:questionnaire>	99	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-~~configure_netw~~ork_po~~licy~~_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-kubelet_anonymous_auth_ocil:questionnaire:1">
77	······<ocil:title>Ensure·~~Netw~~ork·~~Pol~~icy·is·~~Ena~~bled</ocil:title>	101	······<ocil:title>Disable·Anonymous·Authentication·to·the·Kubelet</ocil:title>
78	······<ocil:actions>	102	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~configure_netw~~ork_po~~licy~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-kubelet_anonymous_auth_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	104	······</ocil:actions>
81	····</ocil:questionnaire>	105	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-con~~figu~~re_tls_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_cert_rotation_ocil:questionnaire:1">
83	······<ocil:title>~~Encryp~~t~~·Traffic~~·to·Loa~~d·Balancers·~~and·Wor~~kloads~~</ocil:title>	107	······<ocil:title>kubelet·-·Enable·Certificate·Rotation</ocil:title>
84	······<ocil:actions>	108	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-con~~figu~~re_tls_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_cert_rotation_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	110	······</ocil:actions>
87	····</ocil:questionnaire>	111	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-approved_registries_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-approved_registries_ocil:questionnaire:1">
89	······<ocil:title>Only·use·approved·container·registries</ocil:title>	113	······<ocil:title>Only·use·approved·container·registries</ocil:title>
90	······<ocil:actions>	114	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-approved_registries_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-approved_registries_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	116	······</ocil:actions>
93	····</ocil:questionnaire>	117	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-image_scanning_ocil:questionnaire:1">
95	······<ocil:title>Ensure·Image·Vulnerability·Scanning</ocil:title>
96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-image_scanning_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>
99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-kubelet_authorization_mode_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-kubelet_authorization_mode_ocil:questionnaire:1">
101	······<ocil:title>Ensure·authorization·is·set·to·Webhook</ocil:title>	119	······<ocil:title>Ensure·authorization·is·set·to·Webhook</ocil:title>
102	······<ocil:actions>	120	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-kubelet_authorization_mode_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-kubelet_authorization_mode_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 67774/78085 bytes (86.80%) of diff not shown.


Offset 3, 191 lines modified		Offset 3, 191 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-~~search~~_su~~gges~~tion_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-forget_button_ocil:questionnaire:1">
11	······<ocil:title>Firefox·se~~arch~~·~~sugg~~e~~stions~~·must·be·di~~sabled~~.</ocil:title>	11	······<ocil:title>Firefox·must·prevent·the·user·from·quickly·deleting·data.</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-firefox_policy-~~search~~_su~~gges~~tion_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-firefox_policy-forget_button_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-dev~~elo~~pment_~~tool~~s_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_changes_ocil:questionnaire:1">
17	······<ocil:title>Disable·Fir~~efox~~·De~~vel~~o~~pme~~nt·~~Too~~ls</ocil:title>	17	······<ocil:title>Disable·JavaScript's·Raise·Or·Lower·Windows·Capability</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-firefox_policy-dev~~elo~~pment_~~tool~~s_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_changes_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-e~~xtensio~~n~~_update~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-development_tools_ocil:questionnaire:1">
23	······<ocil:title>Fi~~refox·mu~~s~~t·b~~e·~~con~~figure~~d·to·~~not·~~automatical~~ly·update·inst~~alled~~·~~add~~-o~~ns·and·~~pl~~ugin~~s.</ocil:title>	23	······<ocil:title>Disable·Firefox·Development·Tools</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-firefox_policy-e~~xtensio~~n~~_update~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-firefox_policy-development_tools_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-~~disable~~_poc~~ket~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-network_prediction_ocil:questionnaire:1">
29	······<ocil:title>Disable·Firefox·Pocket</ocil:title>	29	······<ocil:title>Disable·Firefox·network·prediction</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-firefox_policy-~~disable~~_poc~~ket~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-firefox_policy-network_prediction_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-fingerprinting_protection_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-fingerprinting_protection_ocil:questionnaire:1">
35	······<ocil:title>Enabled·Firefox·Fingerprinting·Protection</ocil:title>	35	······<ocil:title>Enabled·Firefox·Fingerprinting·Protection</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-firefox_policy-fingerprinting_protection_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-firefox_policy-fingerprinting_protection_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-exten~~sio~~n_recomme~~ndatio~~n_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-content_blocker_ocil:questionnaire:1">
41	······<ocil:title>Disabled·~~Firef~~o~~x·Ex~~t~~ension~~·Rec~~omme~~n~~datio~~ns</ocil:title>	41	······<ocil:title>Ensure·the·Content·Blocker·uBlock·Origin·is·Installed</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-firefox_policy-exten~~sio~~n_recomme~~ndatio~~n_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-firefox_policy-content_blocker_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-~~netw~~ork_p~~red~~iction_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-cryptomining_ocil:questionnaire:1">
47	······<ocil:title>Disable·Firefox·net~~work~~·pr~~edi~~ction</ocil:title>	47	······<ocil:title>Enabled·Firefox·Cryptomining·protection</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-firefox_policy-~~netw~~ork_p~~red~~iction_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-firefox_policy-cryptomining_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-firefox_p~~referen~~ces-~~auto-downloa~~d_act~~ion~~s_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-search_update_ocil:questionnaire:1">
53	······<ocil:title>Disable·aut~~o-downlo~~ad~~·for·proscribe~~d~~·MIME·types.~~</ocil:title>	53	······<ocil:title>Disable·Installed·Search·Plugins·Update·Checking</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-firefox_p~~referen~~ces-~~auto-downloa~~d_act~~ion~~s_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-firefox_policy-search_update_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-veri~~fica~~tion_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-telemetry_ocil:questionnaire:1">
59	······<ocil:title>Enable·Certif~~ica~~te·Veri~~fica~~tion</ocil:title>	59	······<ocil:title>Disable·Firefox·Telemetry</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-firefox_policy-veri~~fica~~tion_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-firefox_policy-telemetry_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-firefox_p~~oli~~cy-con~~tent~~_~~blocker~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-firefox_preferences-auto-download_actions_ocil:questionnaire:1">
65	······<ocil:title>Ensure·t~~he·Co~~n~~tent~~·Blo~~cke~~r·uBlock·Ori~~gin~~·i~~s·Ins~~t~~alled~~</ocil:title>	65	······<ocil:title>Disable·auto-download·for·proscribed·MIME·types.</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-firefox_p~~oli~~cy-con~~tent~~_~~blocker~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-firefox_preferences-auto-download_actions_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-firefox_p~~referen~~ces-enable_~~ca_trust~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-enhanced_tracking_ocil:questionnaire:1">
71	······<ocil:title>Enable~~·Sha~~red·~~Syst~~em·~~Cert~~i~~fica~~tes</ocil:title>	71	······<ocil:title>Enabled·Firefox·Enhanced·Tracking·Protection</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-firefox_p~~referen~~ces-enable_~~ca_trust~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-firefox_policy-enhanced_tracking_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_resizing_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_resizing_ocil:questionnaire:1">
77	······<ocil:title>Disable·JavaScript's·Moving·Or·Resizing·Windows·Capability</ocil:title>	77	······<ocil:title>Disable·JavaScript's·Moving·Or·Resizing·Windows·Capability</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_resizing_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_resizing_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-te~~lem~~etry_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-search_suggestion_ocil:questionnaire:1">
83	······<ocil:title>Disa~~ble~~·~~Fir~~efox·Te~~lemetry~~</ocil:title>	83	······<ocil:title>Firefox·search·suggestions·must·be·disabled.</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-firefox_policy-te~~lem~~etry_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-firefox_policy-search_suggestion_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-firefox_p~~oli~~cy-private_~~browsing~~_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-firefox_preferences-dod_root_certificate_installed_ocil:questionnaire:1">
89	······<ocil:title>~~Firef~~ox·pr~~iva~~te·b~~rows~~ing~~·mus~~t·be·dis~~able~~d.</ocil:title>	89	······<ocil:title>The·DoD·Root·Certificate·Exists</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-firefox_p~~oli~~cy-private_~~browsing~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-firefox_preferences-dod_root_certificate_installed_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-firefox_~~policy-~~s~~earch_u~~pdate_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-installed_firefox_version_supported_ocil:questionnaire:1">
95	······<ocil:title>~~Disable·Ins~~t~~all~~ed·Searc~~h·Plugins·Update·Checking~~</ocil:title>	95	······<ocil:title>Supported·Version·of·Firefox·Installed</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-firefox_~~policy-~~s~~earch_u~~pdate_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-installed_firefox_version_supported_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-cryptomi~~ning~~_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_deprecated_ciphers_ocil:questionnaire:1">
101	······<ocil:title>Enabled·Firefox·Crypt~~omining~~·~~prot~~e~~cti~~on</ocil:title>	101	······<ocil:title>Disable·Firefox·deprecated·ciphers</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
		103	········<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_deprecated_ciphers_action:testaction:1</ocil:test_action_ref>
		104	······</ocil:actions>
		105	····</ocil:questionnaire>
		106	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_pocket_ocil:questionnaire:1">
		107	······<ocil:title>Disable·Firefox·Pocket</ocil:title>
		108	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-firefox_policy-~~cryptomining~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_pocket_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	110	······</ocil:actions>
105	····</ocil:questionnaire>	111	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-pop-up_windows_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-pop-up_windows_ocil:questionnaire:1">
107	······<ocil:title>Enable·Firefox·Pop-up·Blocker</ocil:title>	113	······<ocil:title>Enable·Firefox·Pop-up·Blocker</ocil:title>
108	······<ocil:actions>	114	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-firefox_policy-pop-up_windows_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-firefox_policy-pop-up_windows_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	116	······</ocil:actions>
111	····</ocil:questionnaire>	117	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-i~~nstalled_~~fire~~fox_v~~e~~rsion~~_s~~uppo~~r~~ted~~_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1">
113	······<ocil:title>Su~~pport~~ed·V~~ersion~~·~~of·Firefox·Inst~~alled</ocil:title>	119	······<ocil:title>Enable·Shared·System·Certificates</ocil:title>
114	······<ocil:actions>	120	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-i~~nstalled_~~fire~~fox_v~~e~~rsion~~_s~~uppo~~r~~ted~~_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-firefox_preferences-enable_ca_trust_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	122	······</ocil:actions>
117	····</ocil:questionnaire>	123	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-~~disable_d~~epre~~cated~~_cip~~hers~~_ocil:questionnaire:1">	124	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-extension_update_ocil:questionnaire:1">
119	······<ocil:title>Dis~~abl~~e·Firefox·de~~prec~~ated·cip~~her~~s</ocil:title>	125	······<ocil:title>Firefox·must·be·configured·to·not·automatically·update·installed·add-ons·and·plugins.</ocil:title>
120	······<ocil:actions>	126	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-firefox_policy-~~disable_d~~epre~~cated~~_cip~~hers~~_action:testaction:1</ocil:test_action_ref>	127	········<ocil:test_action_ref>ocil:ssg-firefox_policy-extension_update_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	128	······</ocil:actions>
123	····</ocil:questionnaire>	129	····</ocil:questionnaire>
Max diff block lines reached; 34293/46784 bytes (73.30%) of diff not shown.


Offset 3, 4873 lines modified		Offset 3, 4972 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-~~dis~~a~~llow~~_b~~ypas~~s_p~~assword_sudo~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-audit_rules_media_export_ocil:questionnaire:1">
11	······<ocil:title>Disal~~low~~·C~~onf~~i~~guration·~~to·~~Bypass·Passw~~ord·R~~equi~~rements·for·P~~riv~~il~~ege·Es~~c~~alation~~</ocil:title>	11	······<ocil:title>Ensure·auditd·Collects·Information·on·Exporting·to·Media·(successful)</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-~~dis~~a~~llow~~_b~~ypas~~s_p~~assword_sudo~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-audit_rules_media_export_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-ser~~vice~~_~~timesyncd_~~e~~nabl~~ed_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-chronyd_server_directive_ocil:questionnaire:1">
17	······<ocil:title>En~~abl~~e·sys~~temd_t~~ime~~syncd~~·Service</ocil:title>	17	······<ocil:title>Ensure·Chrony·is·only·configured·with·the·server·directive</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-ser~~vice~~_~~timesyncd_~~e~~nabl~~ed_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-chronyd_server_directive_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-sshd_set_~~max~~_ses~~sions~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_kptr_restrict_ocil:questionnaire:1">
23	······<ocil:title>Set·~~SSH~~·~~MaxS~~e~~ssi~~ons·~~limit~~</ocil:title>	23	······<ocil:title>Restrict·Exposed·Kernel·Pointer·Addresses·Access</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-sshd_set_~~max~~_ses~~sions~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-sysctl_kernel_kptr_restrict_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-file_owner_var_~~log~~_messa~~ges~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-file_owner_backup_etc_gshadow_ocil:questionnaire:1">
29	······<ocil:title>Verify·User·Who·Owns·/var/~~log/me~~ssa~~ges~~·File</ocil:title>	29	······<ocil:title>Verify·User·Who·Owns·Backup·gshadow·File</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-file_owner_var_~~log~~_messa~~ges~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_gshadow_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-file_~~permissions~~_backup_etc_gsh~~adow~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-file_owner_backup_etc_group_ocil:questionnaire:1">
35	······<ocil:title>Verify·Permi~~ssi~~o~~ns·on~~·Backup·gsh~~adow~~·File</ocil:title>	35	······<ocil:title>Verify·User·Who·Owns·Backup·group·File</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-file_~~permissions~~_backup_etc_gsh~~adow~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_group_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdrivermode_ocil:questionnaire:1">
41	······<ocil:~~title>E~~nsure·R~~sysl~~o~~g·En~~cr~~ypt~~s~~·Of~~f~~-Load~~e~~d·Aud~~i~~t·Reco~~rd~~s</~~ocil:title>	40	····<ocil:questionnaire·id="ocil:ssg-file_permissions_library_dirs_ocil:questionnaire:1">
		41	······<ocil:title>Verify·that·Shared·Library·Files·Have·Restrictive·Permissions</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-rsysl~~og_~~e~~ncrypt~~_~~offload_act~~ionse~~ndst~~reamdriv~~ermode~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-file_permissions_library_dirs_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-~~grub2_rng_core_~~default_qu~~ali~~ty_argument_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-disable_host_auth_ocil:questionnaire:1">
47	······<ocil:title>~~Con~~fi~~gure·th~~e·con~~fidenc~~e·in·~~TPM·for·en~~tropy</ocil:title>	47	······<ocil:title>Disable·Host-Based·Authentication</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~grub2_rng_core_~~default_qu~~ali~~ty_argument_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-disable_host_auth_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-package_gnutls-utils_installed_ocil:questionnaire:1">
53	······<ocil:~~title>E~~nsure·~~gnut~~ls-utils·is·ins~~talled</~~ocil:title>	52	····<ocil:questionnaire·id="ocil:ssg-audit_rules_mac_modification_usr_share_ocil:questionnaire:1">
		53	······<ocil:title>Record·Events·that·Modify·the·System's·Mandatory·Access·Controls·in·usr/share</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_~~gnutls-ut~~i~~ls_~~ins~~talled~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_usr_share_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-sysct~~l_fs~~_~~protected~~_symli~~nks~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-package_MFEhiplsm_installed_ocil:questionnaire:1">
59	······<ocil:title>Enabl~~e·K~~e~~rnel~~·Par~~ameter·to·E~~nfo~~rce·DAC~~·~~on·~~S~~ymlinks~~</ocil:title>	59	······<ocil:title>Install·the·Host·Intrusion·Prevention·System·(HIPS)·Module</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-sysct~~l_fs~~_~~protected~~_symli~~nks~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-package_MFEhiplsm_installed_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~sshd~~_~~set_ke~~e~~palive~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-kernel_config_debug_sg_ocil:questionnaire:1">
65	······<ocil:title>Set·~~SSH·Cli~~ent·~~Aliv~~e·~~Coun~~t~~·Max~~</ocil:title>	65	······<ocil:title>Enable·checks·on·scatter-gather·(SG)·table·operations</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_~~set_ke~~e~~palive~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-kernel_config_debug_sg_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_var_log_syslog_ocil:questionnaire:1">
71	······<ocil:title>Verify·~~User~~·Who·Owns·/var/log~~·Directory~~</ocil:title>	71	······<ocil:title>Verify·Group·Who·Owns·/var/log/syslog·File</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-file_groupowner_var_log_syslog_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-sec~~uri~~ty_p~~atche~~s~~_up_to_~~date_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-accounts_polyinstantiated_tmp_ocil:questionnaire:1">
77	······<ocil:title>Ensure·Software·Pat~~ches·Ins~~t~~all~~ed</ocil:title>	77	······<ocil:title>Configure·Polyinstantiation·of·/tmp·Directories</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-sec~~uri~~ty_p~~atche~~s~~_up_to_~~date_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-accounts_polyinstantiated_tmp_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-~~file~~_~~groupown~~er_b~~acku~~p~~_et~~c_sha~~dow~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-sshd_enable_gssapi_auth_ocil:questionnaire:1">
83	······<ocil:title>~~Verify·Us~~er·Wh~~o·Owns~~·~~Bac~~kup~~·shadow·F~~ile</ocil:title>	83	······<ocil:title>Enable·GSSAPI·Authentication</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~file~~_~~groupown~~er_b~~acku~~p~~_et~~c_sha~~dow~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-sshd_enable_gssapi_auth_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-file_permissions_binary_dirs_ocil:questionnaire:1">
89	······<ocil:~~title>Ver~~ify·~~that·System·Execu~~tables·Hav~~e·Restr~~icti~~ve·Per~~m~~issions</~~ocil:title>	88	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lremovexattr_ocil:questionnaire:1">
		89	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·lremovexattr</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-file_~~per~~mission~~s_binary_dirs~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_lremovexattr_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_x11_forwarding_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-sshd_enable_x11_forwarding_ocil:questionnaire:1">
95	······<ocil:title>Disable·X11·Forwarding</ocil:title>	95	······<ocil:title>Enable·Encrypted·X11·Forwarding</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-sshd_disable_x11_forwarding_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-sshd_enable_x11_forwarding_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-~~file_permiss~~ions_backup_etc~~_pas~~swd_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-auditd_local_events_ocil:questionnaire:1">
101	······<ocil:title>~~Verify~~·~~Permissio~~ns·on·~~Bac~~ku~~p·passwd~~·~~File~~</ocil:title>	101	······<ocil:title>Include·Local·Events·in·Audit·Logs</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~file_permiss~~ions_backup_etc~~_pas~~swd_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-auditd_local_events_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_umount_ocil:questionnaire:1">
107	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·th~~at·M~~odi~~fy·the·Sy~~s~~tem's·Dis~~c~~ret~~i~~onary·Acces~~s·Contro~~ls·-·~~umount</o~~cil:title~~>	106	····<ocil:questionnaire·id="ocil:ssg-kernel_config_compat_vdso_ocil:questionnaire:1">
		107	······<ocil:title>Disable·the·32-bit·vDSO</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~audi~~t_rules_dac_modifi~~cation_umount~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-kernel_config_compat_vdso_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-gr~~ub2_sp~~e~~ctre~~_v~~2_argum~~ent_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-package_ntp_installed_ocil:questionnaire:1">
113	······<ocil:title>En~~force~~·~~Spec~~tre·v2~~·mitigat~~ion</ocil:title>	113	······<ocil:title>Install·the·ntp·service</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-gr~~ub2_sp~~e~~ctre~~_v~~2_argum~~ent_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-package_ntp_installed_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-audit_rules_~~netwo~~rkc~~onfig~~_modification_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_setxattr_ocil:questionnaire:1">
119	······<ocil:title>Record·Events·that·Modify·the·System's·Network·~~Envi~~ronment</ocil:title>	119	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·setxattr</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-audit_rules_~~netwo~~rkc~~onfig~~_modification_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_setxattr_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	122	······</ocil:actions>
123	····</ocil:questionnaire>	123	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-~~sysctl_~~ne~~t_ipv~~6_conf~~_all_d~~is~~able_ipv6~~_ocil:questionnaire:1">	124	····<ocil:questionnaire·id="ocil:ssg-kernel_config_panic_timeout_ocil:questionnaire:1">
125	······<ocil:title>~~Disab~~le~~·IPv6·Add~~r~~essing·o~~n·All·I~~Pv6·In~~te~~rfaces~~</ocil:title>	125	······<ocil:title>Kernel·panic·timeout</ocil:title>
Max diff block lines reached; 665018/677786 bytes (98.12%) of diff not shown.


Offset 3, 5783 lines modified		Offset 3, 5437 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-rsyslog_encrypt_offload_defaultnetstreamdriver_ocil:questionnaire:1">
11	······<ocil:~~title>E~~nsure·R~~sysl~~o~~g·En~~c~~rypt~~s~~·Off-Loa~~de~~d·Au~~dit·Reco~~rds</~~ocil:title>	10	····<ocil:questionnaire·id="ocil:ssg-chronyd_server_directive_ocil:questionnaire:1">
		11	······<ocil:title>Ensure·Chrony·is·only·configured·with·the·server·directive</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-rs~~ysl~~o~~g_e~~ncry~~pt_offloa~~d_de~~faultnetst~~reamdriver_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-chronyd_server_directive_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-~~no_rsh~~_~~trus~~t_~~file~~s_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-rsyslog_remote_loghost_ocil:questionnaire:1">
17	······<ocil:title>Remove·~~Rsh~~·T~~rus~~t~~·Files~~</ocil:title>	17	······<ocil:title>Ensure·Logs·Sent·To·Remote·Host</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~no_rsh~~_~~trus~~t_~~file~~s_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-rsyslog_remote_loghost_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-~~audit_rule~~s~~_priv~~il~~eged~~_commands_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-selinux_state_ocil:questionnaire:1">
23	······<ocil:title>Ensure·~~aud~~i~~td·Collects·I~~n~~formati~~on·~~on·~~the·Use·~~of·P~~rivi~~leged·Comma~~nds</ocil:title>	23	······<ocil:title>Ensure·SELinux·State·is·Enforcing</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~audit_rule~~s~~_priv~~il~~eged~~_commands_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-selinux_state_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-~~package_~~au~~dit~~_ins~~talled~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_gssapi_auth_ocil:questionnaire:1">
29	······<ocil:title>Ensure·~~the·audit~~·Su~~bsy~~stem·i~~s·Ins~~ta~~lled~~</ocil:title>	29	······<ocil:title>Disable·GSSAPI·Authentication</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~package_~~au~~dit~~_ins~~talled~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-sshd_disable_gssapi_auth_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-~~file~~_gr~~oupown~~er_etc_shadow_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_tcp_forwarding_ocil:questionnaire:1">
35	······<ocil:title>Veri~~fy·Group~~·~~Who~~·O~~wns~~·s~~hadow·F~~ile</ocil:title>	35	······<ocil:title>Disable·SSH·TCP·Forwarding</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~file~~_gr~~oupown~~er_etc_shadow_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-sshd_disable_tcp_forwarding_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-partition_for_home_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-directory_permissions_var_log_audit_ocil:questionnaire:1">
41	······<ocil:title>Ens~~ure~~·~~/home~~·Located~~·On·Sepa~~rate·Partition</ocil:title>	41	······<ocil:title>System·Audit·Logs·Must·Have·Mode·0750·or·Less·Permissive</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-partition_for_home_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-directory_permissions_var_log_audit_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-a~~udi~~td_data_~~disk~~_erro~~r_action~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-accounts_password_warn_age_login_defs_ocil:questionnaire:1">
47	······<ocil:title>~~Configu~~re~~·audi~~td·Dis~~k·E~~rror~~·Actio~~n·~~on·D~~isk·Er~~ror~~</ocil:title>	47	······<ocil:title>Set·Password·Warning·Age</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-a~~udi~~td_data_~~disk~~_erro~~r_action~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-accounts_password_warn_age_login_defs_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-disable_~~host~~_a~~uth~~_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-sysctl_fs_suid_dumpable_ocil:questionnaire:1">
53	······<ocil:title>Disable·Ho~~st-Ba~~s~~ed·Authentication~~</ocil:title>	53	······<ocil:title>Disable·Core·Dumps·for·SUID·programs</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-disable_~~host~~_a~~uth~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-sysctl_fs_suid_dumpable_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-s~~shd_s~~e~~t_ke~~epalive_0_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-service_ntp_enabled_ocil:questionnaire:1">
59	······<ocil:title>~~Set·SSH·C~~lient·Alive·Co~~unt~~·Max·to~~·zer~~o</ocil:title>	59	······<ocil:title>Enable·the·NTP·Daemon</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-s~~shd_s~~e~~t_ke~~epalive_0_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-service_ntp_enabled_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~moun~~t_option_hom~~e_nodev~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
65	······<ocil:title>Add·~~nodev~~·Option·to·~~/hom~~e</ocil:title>	65	······<ocil:title>Configure·auditd·mail_acct·Action·on·Low·Disk·Space</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~moun~~t_option_hom~~e_nodev~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~audit_rules_time_set~~timeofday_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-kernel_config_panic_timeout_ocil:questionnaire:1">
71	······<ocil:title>Recor~~d·at~~te~~mpt~~s·to·al~~ter~~·time~~·thr~~ou~~gh·set~~t~~imeofday~~</ocil:title>	71	······<ocil:title>Kernel·panic·timeout</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~audit_rules_time_set~~timeofday_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-kernel_config_panic_timeout_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-~~sshd~~_~~set~~_~~keepaliv~~e_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-kernel_config_acpi_custom_method_ocil:questionnaire:1">
77	······<ocil:title>Set·~~SSH~~·Client·Alive·Coun~~t·Max~~</ocil:title>	77	······<ocil:title>Do·not·allow·ACPI·methods·to·be·inserted/replaced·at·run·time</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_~~set~~_~~keepaliv~~e_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-kernel_config_acpi_custom_method_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-file_permissions_unauthorized_world_writable_ocil:questionnaire:1">
83	······<ocil:~~title>E~~nsure·~~No·W~~orld-~~Wri~~t~~able·Files·Exist</~~ocil:title>	82	····<ocil:questionnaire·id="ocil:ssg-partition_for_var_log_ocil:questionnaire:1">
		83	······<ocil:title>Ensure·/var/log·Located·On·Separate·Partition</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~file_~~permissions_~~unaut~~hor~~ized~~_world_~~writable~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-partition_for_var_log_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-set_iptables_default_rule_ocil:questionnaire:1">
89	······<ocil:ti~~tle>S~~e~~t·Defau~~l~~t·ipt~~a~~bles·Po~~l~~icy·f~~o~~r·In~~comin~~g·Pack~~et~~s</~~ocil:title>	88	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fremovexattr_ocil:questionnaire:1">
		89	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fremovexattr</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-s~~et_~~i~~ptab~~les_defa~~ult~~_rule_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fremovexattr_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-accounts_pas~~sword_all_sh~~a~~dowed~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-grub2_nosmep_argument_absent_ocil:questionnaire:1">
95	······<ocil:title>~~Verify·All~~·~~Account~~·Password·Hashes·~~are·Shad~~owed</ocil:title>	95	······<ocil:title>Ensure·SMEP·is·not·disabled·during·boot</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-accounts_pas~~sword_all_sh~~a~~dowed~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-grub2_nosmep_argument_absent_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-file_pe~~rmiss~~ions_var_log_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_unlink_ocil:questionnaire:1">
101	······<ocil:title>Verify·Permi~~ssions·~~on·/v~~ar/log~~·Dir~~ectory~~</ocil:title>	101	······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·unlink</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-file_pe~~rmiss~~ions_var_log_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_unlink_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-audit_rules_i~~mmu~~table_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lchown_ocil:questionnaire:1">
107	······<ocil:title>~~Mak~~e·the·auditd·~~Conf~~iguration·~~Immu~~table</ocil:title>	107	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·lchown</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-audit_rules_i~~mmu~~table_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_lchown_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-s~~shd~~_se~~t_log~~in_grace_time_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-dir_permissions_binary_dirs_ocil:questionnaire:1">
113	······<ocil:title>Ensure·~~SSH·L~~ogi~~nGr~~aceTi~~me·is~~·~~conf~~i~~gured~~</ocil:title>	113	······<ocil:title>Verify·that·System·Executable·Directories·Have·Restrictive·Permissions</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-s~~shd~~_se~~t_log~~in_grace_time_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-dir_permissions_binary_dirs_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-file~~_permissions~~_~~etc_p~~a~~sswd~~_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-postfix_client_configure_mail_alias_ocil:questionnaire:1">
119	······<ocil:title>Verify·Per~~missions~~·on·~~passwd~~·~~File~~</ocil:title>	119	······<ocil:title>Configure·System·to·Forward·All·Mail·For·The·Root·Account</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-file~~_permissions~~_~~etc_p~~a~~sswd~~_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-postfix_client_configure_mail_alias_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	122	······</ocil:actions>
123	····</ocil:questionnaire>	123	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-kernel_config_security_yama_ocil:questionnaire:1">
125	······<ocil:titl~~e>Enab~~le·Yama·s~~uppo~~r~~t</~~ocil:title>	124	····<ocil:questionnaire·id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdrivermode_ocil:questionnaire:1">
		125	······<ocil:title>Ensure·Rsyslog·Encrypts·Off-Loaded·Audit·Records</ocil:title>
Max diff block lines reached; 699637/712228 bytes (98.23%) of diff not shown.


Offset 3, 7198 lines modified		Offset 3, 7198 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_rp_filter_ocil:questionnaire:1">
11	······<ocil:title>Enable·Kernel·Parameter·to·Use·Reverse·Path·Filtering·on·all·IPv4·Interfaces·by·Default</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_rp_filter_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-nftables_rules_permanent_ocil:questionnaire:1">
17	······<ocil:title>Ensure·nftables·Rules·are·Permanent</ocil:title>
18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-nftables_rules_permanent_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>
21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-~~sshd_e~~na~~ble_x11~~_forwar~~din~~g_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-partition_for_srv_ocil:questionnaire:1">
		11	······<ocil:title>Ensure·/srv·Located·On·Separate·Partition</ocil:title>
23	······<ocil:title>Enable·Encrypted·X11·Forwarding</ocil:title>
24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-sshd_enable_x11_forwarding_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>
27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-audit_rules_networkconfig_modification_ocil:questionnaire:1">
29	······<ocil:title>Record·Events·that·Modify·the·System's·Network·Environment</ocil:title>
30	······<ocil:actions>	12	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~audi~~t_r~~ules_ne~~two~~rkc~~on~~fig~~_~~modi~~fi~~cation~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-partition_for_srv_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	14	······</ocil:actions>
33	····</ocil:questionnaire>	15	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-package_gnutls-utils_installed_ocil:questionnaire:1">
35	······<ocil:~~title>E~~nsure·~~gnut~~ls-ut~~ils·i~~s~~·inst~~alle~~d</~~ocil:title>	16	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_dictcheck_ocil:questionnaire:1">
		17	······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Prevent·the·Use·of·Dictionary·Words</ocil:title>
36	······<ocil:actions>	18	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-pac~~kage~~_~~gnutls-utils~~_~~ins~~t~~alled~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_dictcheck_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	20	······</ocil:actions>
39	····</ocil:questionnaire>	21	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-a~~udit_rules_sys~~a~~dmin~~_act~~ions~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-package_pam_pwquality_installed_ocil:questionnaire:1">
41	······<ocil:title>Ens~~ure·audi~~t~~d·C~~oll~~ects~~·~~Sys~~tem~~·Administra~~tor·~~Actions~~</ocil:title>	23	······<ocil:title>Install·pam_pwquality·Package</ocil:title>
42	······<ocil:actions>	24	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-a~~udit_rules_sys~~a~~dmin~~_act~~ions~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-package_pam_pwquality_installed_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	26	······</ocil:actions>
45	····</ocil:questionnaire>	27	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-~~bios_en~~able_~~execution~~_re~~strictions~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-package_rsync_removed_ocil:questionnaire:1">
47	······<ocil:title>En~~able·NX·or·XD~~·~~Suppo~~rt·in~~·the·BIOS~~</ocil:title>	29	······<ocil:title>Uninstall·rsync·Package</ocil:title>
48	······<ocil:actions>	30	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~bios_en~~able_~~execution~~_re~~strictions~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-package_rsync_removed_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	32	······</ocil:actions>
51	····</ocil:questionnaire>	33	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-audit_rules_login_~~even~~ts_t~~allylog~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_ftruncate_ocil:questionnaire:1">
53	······<ocil:title>Record·~~Attempt~~s~~·to~~·Alte~~r·Logon·and~~·Logout·E~~vent~~s·-·t~~allylog~~</ocil:title>	35	······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·ftruncate</ocil:title>
54	······<ocil:actions>	36	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-audit_rules_login_~~even~~ts_t~~allylog~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_ftruncate_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	38	······</ocil:actions>
57	····</ocil:questionnaire>	39	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1">
59	······<ocil:t~~itle>C~~onf~~igu~~re·~~aud~~itd~~·max_~~l~~og_fil~~e~~_acti~~on·U~~pon·R~~eac~~hing·Max~~imu~~m·Log·S~~i~~ze</~~o~~cil:title~~>	40	····<ocil:questionnaire·id="ocil:ssg-kernel_config_security_ocil:questionnaire:1">
		41	······<ocil:title>Enable·different·security·models</ocil:title>
60	······<ocil:actions>	42	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~auditd_dat~~a_rete~~nti~~on~~_max_~~log_file_~~act~~ion_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-kernel_config_security_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	44	······</ocil:actions>
63	····</ocil:questionnaire>	45	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-s~~et_~~i~~ptab~~les_d~~efa~~ult_rule_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-audit_rules_immutable_ocil:questionnaire:1">
65	······<ocil:title>Se~~t·D~~efault·ipt~~able~~s·Po~~licy·for·I~~ncomin~~g·P~~ackets</ocil:title>	47	······<ocil:title>Make·the·auditd·Configuration·Immutable</ocil:title>
66	······<ocil:actions>	48	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-s~~et_~~i~~ptab~~les_d~~efa~~ult_rule_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-audit_rules_immutable_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	50	······</ocil:actions>
69	····</ocil:questionnaire>	51	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-kernel_config_security_writable_hooks_ocil:questionnaire:1">
71	······<ocil:title>Disable~~·mu~~t~~abl~~e·hooks</ocil:title>	52	····<ocil:questionnaire·id="ocil:ssg-accounts_user_dot_user_ownership_ocil:questionnaire:1">
		53	······<ocil:title>User·Initialization·Files·Must·Be·Owned·By·the·Primary·User</ocil:title>
72	······<ocil:actions>	54	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~kerne~~l_con~~fig_~~se~~curi~~ty_~~writable_hooks~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-accounts_user_dot_user_ownership_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	56	······</ocil:actions>
75	····</ocil:questionnaire>	57	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-ensure_pam_wheel_group_empty_ocil:questionnaire:1">
77	······<ocil:~~title>E~~nsure·th~~e·Gr~~o~~up·U~~se~~d·by·pam~~_~~wheel.s~~o·Module·Exist~~s·o~~n·Syste~~m·and·~~is~~·Empty</~~o~~cil:title~~>	58	····<ocil:questionnaire·id="ocil:ssg-mount_option_dev_shm_nosuid_ocil:questionnaire:1">
		59	······<ocil:title>Add·nosuid·Option·to·/dev/shm</ocil:title>
78	······<ocil:actions>	60	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-ensure_p~~am_whe~~el_g~~roup_empty~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nosuid_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	62	······</ocil:actions>
81	····</ocil:questionnaire>	63	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-~~dco~~nf_g~~nome_~~login_~~banner_~~text_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-no_shelllogin_for_systemaccounts_ocil:questionnaire:1">
83	······<ocil:title>Set·the·~~GNOME3~~·Login·~~Warning~~·~~Ban~~ne~~r·Text~~</ocil:title>	65	······<ocil:title>Ensure·that·System·Accounts·Do·Not·Run·a·Shell·Upon·Login</ocil:title>
84	······<ocil:actions>	66	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~dco~~nf_g~~nome_~~login_~~banner_~~text_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-no_shelllogin_for_systemaccounts_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	68	······</ocil:actions>
87	····</ocil:questionnaire>	69	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-~~file_permi~~s~~sions~~_cron_daily_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_clock_settime_ocil:questionnaire:1">
89	······<ocil:title>Ver~~ify·P~~e~~rmi~~ssions·on·cro~~n.da~~ily</ocil:title>	71	······<ocil:title>Record·Attempts·to·Alter·Time·Through·clock_settime</ocil:title>
90	······<ocil:actions>	72	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~file_permi~~s~~sions~~_cron_daily_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-audit_rules_time_clock_settime_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	74	······</ocil:actions>
93	····</ocil:questionnaire>	75	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-ss~~hd_enable~~_war~~ning~~_ba~~nne~~r_~~net~~_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-partition_for_var_tmp_ocil:questionnaire:1">
95	······<ocil:title>En~~abl~~e·~~SSH~~·Wa~~rni~~n~~g·B~~anner</ocil:title>	77	······<ocil:title>Ensure·/var/tmp·Located·On·Separate·Partition</ocil:title>
96	······<ocil:actions>	78	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-ss~~hd_enable~~_war~~ning~~_ba~~nne~~r_~~net~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-partition_for_var_tmp_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	80	······</ocil:actions>
99	····</ocil:questionnaire>	81	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_su_ocil:questionnaire:1">
101	······<ocil:~~title>E~~nsure·~~aud~~itd·Co~~llect~~s~~·Inf~~orm~~atio~~n·on·~~the·U~~s~~e·of·Privi~~leg~~ed·C~~omm~~ands·-·~~su</o~~cil:title~~>	82	····<ocil:questionnaire·id="ocil:ssg-dconf_gnome_disable_user_list_ocil:questionnaire:1">
		83	······<ocil:title>Disable·the·GNOME3·Login·User·List</ocil:title>
102	······<ocil:actions>	84	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~audit~~_~~rules~~_priv~~ileg~~ed_co~~mmands_~~su_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-dconf_gnome_disable_user_list_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	86	······</ocil:actions>
105	····</ocil:questionnaire>	87	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-audit_sudo_log_events_ocil:questionnaire:1">
107	······<ocil:title~~>Re~~c~~ord·Attempts·~~to·p~~erf~~orm·mai~~ntenanc~~e~~·act~~i~~viti~~es</o~~cil:title~~>	88	····<ocil:questionnaire·id="ocil:ssg-accounts_passwords_pam_faillock_deny_ocil:questionnaire:1">
		89	······<ocil:title>Lock·Accounts·After·Failed·Password·Attempts</ocil:title>
108	······<ocil:actions>	90	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-au~~dit~~_sudo_lo~~g_ev~~ents_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-accounts_passwords_pam_faillock_deny_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	92	······</ocil:actions>
111	····</ocil:questionnaire>	93	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-au~~dit~~d_~~dat~~a_d~~isk~~_error_~~acti~~on_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-journald_forward_to_syslog_ocil:questionnaire:1">
113	······<ocil:title>Configure·au~~dit~~d·Dis~~k·Er~~ror·~~Actio~~n·on·~~Disk·Err~~or</ocil:title>	95	······<ocil:title>Ensure·journald·is·configured·to·send·logs·to·rsyslog</ocil:title>
114	······<ocil:actions>	96	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-au~~dit~~d_~~dat~~a_d~~isk~~_error_~~acti~~on_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-journald_forward_to_syslog_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	98	······</ocil:actions>
117	····</ocil:questionnaire>	99	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-file_permissions_cron_allow_ocil:questionnaire:1">
119	······<ocil:ti~~tle>V~~eri~~fy·Permi~~ssi~~ons·o~~n~~·/etc/cron.all~~ow·file</ocil:title>	100	····<ocil:questionnaire·id="ocil:ssg-kernel_config_seccomp_filter_ocil:questionnaire:1">
		101	······<ocil:title>Enable·use·of·Berkeley·Packet·Filter·with·seccomp</ocil:title>
120	······<ocil:actions>	102	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-file_pe~~rmiss~~ions_cron_al~~low~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-kernel_config_seccomp_filter_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 1360559/1372210 bytes (99.15%) of diff not shown.


Offset 3, 6528 lines modified		Offset 3, 6528 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-~~grub2~~_~~slab~~_no~~merge~~_a~~rgument~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
		11	······<ocil:title>Disable·Accepting·Packets·Routed·Between·Local·Interfaces</ocil:title>
11	······<ocil:title>Disable·merging·of·slabs·with·similar·size</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-grub2_slab_nomerge_argument_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-sudo_require_reauthentication_ocil:questionnaire:1">
17	······<ocil:title>Require·Re-Authentication·When·Using·the·sudo·Command</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-s~~udo~~_require_~~reauthenti~~cation_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-~~servic~~e~~_iptable~~s_e~~nabled~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_issue_ocil:questionnaire:1">
23	······<ocil:title>Verify·i~~ptabl~~es·Enabled</ocil:title>	17	······<ocil:title>Verify·permissions·on·System·Login·Banner</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~servic~~e~~_iptable~~s_e~~nabled~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_issue_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-~~file~~_pe~~rmissi~~ons_~~sshd_~~config_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-sshd_allow_only_protocol2_ocil:questionnaire:1">
29	······<ocil:title>V~~erify~~·~~Permissi~~ons·on·SSH·Serv~~er·~~co~~nfi~~g·~~fil~~e</ocil:title>	23	······<ocil:title>Allow·Only·SSH·Protocol·2</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~file~~_pe~~rmissi~~ons_~~sshd_~~config_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-sshd_allow_only_protocol2_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-~~kernel~~_config_~~pag~~e_poison~~ing~~_zero_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-dconf_gnome_login_banner_text_ocil:questionnaire:1">
35	······<ocil:title>Use~~·zero~~·~~for·pois~~oning·~~instead~~·~~of·d~~e~~buggin~~g·v~~alue~~</ocil:title>	29	······<ocil:title>Set·the·GNOME3·Login·Warning·Banner·Text</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~kernel~~_config_~~pag~~e_poison~~ing~~_zero_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-dconf_gnome_login_banner_text_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_chsh_ocil:questionnaire:1">
41	······<ocil:~~title>E~~nsure·~~aud~~itd·Col~~lect~~s~~·In~~f~~ormati~~on~~·on·th~~e·Us~~e·of·P~~rivilege~~d·Commands·-·ch~~sh</o~~cil:title~~>	34	····<ocil:questionnaire·id="ocil:ssg-file_group_ownership_var_log_audit_ocil:questionnaire:1">
		35	······<ocil:title>System·Audit·Logs·Must·Be·Group·Owned·By·Root</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~audit_~~ru~~les_p~~rivi~~leged~~_command~~s_ch~~sh_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-file_group_ownership_var_log_audit_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-~~audit_~~r~~ule~~s_~~sudoer~~s_d_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_passwd_ocil:questionnaire:1">
47	······<ocil:title>~~Ensu~~re~~·au~~di~~td·Collects·~~Syste~~m·A~~dminis~~trator·Ac~~tions·-~~·/etc/~~sudoe~~rs.d/~~</ocil:title>	41	······<ocil:title>Verify·Permissions·on·passwd·File</ocil:title>
48	······<ocil:actions>	42	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~audit_~~r~~ule~~s_~~sudoer~~s_d_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_passwd_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	44	······</ocil:actions>
51	····</ocil:questionnaire>	45	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_allow_ocil:questionnaire:1">
53	······<ocil:ti~~tle>V~~eri~~fy·User·Who·Owns·/e~~t~~c/cron.a~~ll~~ow·f~~i~~le</~~ocil:title>	46	····<ocil:questionnaire·id="ocil:ssg-auditd_data_disk_full_action_stig_ocil:questionnaire:1">
		47	······<ocil:title>Configure·auditd·Disk·Full·Action·when·Disk·Space·Is·Full</ocil:title>
54	······<ocil:actions>	48	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-file_~~owner~~_cron_a~~llow~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-auditd_data_disk_full_action_stig_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	50	······</ocil:actions>
57	····</ocil:questionnaire>	51	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-~~kern~~el_~~config~~_default_~~mma~~p_m~~in_ad~~dr_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-gnome_gdm_disable_xdmcp_ocil:questionnaire:1">
59	······<ocil:title>~~Con~~fi~~gure·Low·Addres~~s~~·Sp~~a~~ce·To·Pr~~otect·~~From·User~~·~~Allocation~~</ocil:title>	53	······<ocil:title>Disable·XDMCP·in·GDM</ocil:title>
60	······<ocil:actions>	54	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~kern~~el_~~config~~_default_~~mma~~p_m~~in_ad~~dr_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-gnome_gdm_disable_xdmcp_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	56	······</ocil:actions>
63	····</ocil:questionnaire>	57	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~audit_ru~~les_time_se~~ttim~~e~~ofday~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-rsyslog_files_ownership_ocil:questionnaire:1">
65	······<ocil:title>~~Reco~~rd·~~attempt~~s·to·~~alt~~er·t~~ime·th~~ro~~ugh·set~~time~~ofday~~</ocil:title>	59	······<ocil:title>Ensure·Log·Files·Are·Owned·By·Appropriate·User</ocil:title>
66	······<ocil:actions>	60	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~audit_ru~~les_time_se~~ttim~~e~~ofday~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-rsyslog_files_ownership_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	62	······</ocil:actions>
69	····</ocil:questionnaire>	63	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-audit_ru~~les~~_time~~_watch~~_~~loca~~ltime_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-sudo_add_use_pty_ocil:questionnaire:1">
71	······<ocil:title>Record·~~Att~~e~~mpts~~·to·Alter·the·lo~~caltime~~·~~File~~</ocil:title>	65	······<ocil:title>Ensure·Only·Users·Logged·In·To·Real·tty·Can·Execute·Sudo·-·sudo·use_pty</ocil:title>
72	······<ocil:actions>	66	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-audit_ru~~les~~_time~~_watch~~_~~loca~~ltime_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-sudo_add_use_pty_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	68	······</ocil:actions>
75	····</ocil:questionnaire>	69	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-~~packag~~e_s~~amba_~~r~~emov~~ed_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-file_ownership_sshd_private_key_ocil:questionnaire:1">
77	······<ocil:title>Unins~~tall~~·S~~amba~~·Package</ocil:title>	71	······<ocil:title>Verify·Ownership·on·SSH·Server·Private·*_key·Key·Files</ocil:title>
78	······<ocil:actions>	72	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_s~~amba_~~r~~emov~~ed_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-file_ownership_sshd_private_key_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	74	······</ocil:actions>
81	····</ocil:questionnaire>	75	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-mount_option_dev_shm_nodev_ocil:questionnaire:1">
83	······<ocil:title>Ad~~d·nodev·Op~~tion·to~~·/d~~ev/s~~hm</~~ocil:title>	76	····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_randomize_va_space_ocil:questionnaire:1">
		77	······<ocil:title>Enable·Randomized·Layout·of·Virtual·Address·Space</ocil:title>
84	······<ocil:actions>	78	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~moun~~t_~~option~~_d~~ev_shm~~_~~nodev~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-sysctl_kernel_randomize_va_space_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	80	······</ocil:actions>
87	····</ocil:questionnaire>	81	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-set_ufw_loopback_traffic_ocil:questionnaire:1">
89	······<ocil:title~~>Set·UFW·Loopb~~a~~ck·T~~raffic</ocil:title>	82	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_setxattr_ocil:questionnaire:1">
		83	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·setxattr</ocil:title>
90	······<ocil:actions>	84	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-set_ufw_lo~~opb~~ack_traf~~fic~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_setxattr_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	86	······</ocil:actions>
93	····</ocil:questionnaire>	87	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_system_j~~ournal~~_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_passwd_ocil:questionnaire:1">
95	······<ocil:title>Verify·Group·Who·Owns·the·system·~~journal~~</ocil:title>	89	······<ocil:title>Verify·Group·Who·Owns·passwd·File</ocil:title>
96	······<ocil:actions>	90	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-file_groupowner_system_j~~ournal~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_passwd_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	92	······</ocil:actions>
99	····</ocil:questionnaire>	93	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-~~pack~~age_i~~ptab~~les-persistent_rem~~ove~~d_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-audit_rules_session_events_utmp_ocil:questionnaire:1">
101	······<ocil:title>Remove·iptables-persistent·Pa~~ckage~~</ocil:title>	95	······<ocil:title>Record·Attempts·to·Alter·Process·and·Session·Initiation·Information·utmp</ocil:title>
102	······<ocil:actions>	96	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~pack~~age_i~~ptab~~les-persistent_rem~~ove~~d_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-audit_rules_session_events_utmp_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	98	······</ocil:actions>
105	····</ocil:questionnaire>	99	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-~~file_permiss~~ions_~~etc~~_au~~dit~~_~~auditd~~_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-mount_option_var_log_noexec_ocil:questionnaire:1">
107	······<ocil:title>~~Verify·P~~e~~rmiss~~ions·on·/~~etc~~/a~~udi~~t/~~auditd.~~conf</ocil:title>	101	······<ocil:title>Add·noexec·Option·to·/var/log</ocil:title>
108	······<ocil:actions>	102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~file_permiss~~ions_~~etc~~_au~~dit~~_~~auditd~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-mount_option_var_log_noexec_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	104	······</ocil:actions>
111	····</ocil:questionnaire>	105	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-sshd_use_approved_ciphers_ordered_stig_ocil:questionnaire:1">
113	······<ocil:ti~~tle>Us~~e·Onl~~y·FIPS·140-2·V~~alidat~~ed·Cip~~h~~ers</~~ocil:title>	106	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchmodat_ocil:questionnaire:1">
		107	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fchmodat</ocil:title>
114	······<ocil:actions>	108	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_use_a~~ppr~~oved_ci~~phers_ordere~~d_stig_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchmodat_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	110	······</ocil:actions>
117	····</ocil:questionnaire>	111	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-~~audit_~~rules~~_priv~~ileged_comma~~nds~~_kmod_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-rsyslog_filecreatemode_ocil:questionnaire:1">
119	······<ocil:title>Ensure·~~auditd·Col~~lects·Inf~~orm~~at~~ion~~·on~~·th~~e·Use~~·of·P~~r~~ivileged~~·Co~~mma~~nds~~·-·kmo~~d</ocil:title>	113	······<ocil:title>Ensure·rsyslog·Default·File·Permissions·Configured</ocil:title>
120	······<ocil:actions>	114	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-~~audit_~~rules~~_priv~~ileged_comma~~nds~~_kmod_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-rsyslog_filecreatemode_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	116	······</ocil:actions>
123	····</ocil:questionnaire>	117	····</ocil:questionnaire>
Max diff block lines reached; 1416494/1429098 bytes (99.12%) of diff not shown.


Offset 3, 9694 lines modified		Offset 3, 9694 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-file_owner_at_deny_ocil:questionnaire:1">
11	······<ocil:title>Verify·User·Who·Owns·/etc/at.deny·file</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-file_owner_at_deny_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-service_squid_disabled_ocil:questionnaire:1">
17	······<ocil:title>Disable·Squid</ocil:title>
18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-service_squid_disabled_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>
21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-package_~~avah~~i~~_remov~~ed_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-package_cron_installed_ocil:questionnaire:1">
23	······<ocil:title>Uninstall·avahi·Server·~~Packag~~e</ocil:title>	11	······<ocil:title>Install·the·cron·service</ocil:title>
24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-package_avahi_removed_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>
27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-service_nfs_disabled_ocil:questionnaire:1">
29	······<ocil:title>Disable·Network·File·System·(nfs)</ocil:title>
30	······<ocil:actions>	12	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~servic~~e_~~nfs~~_disabled_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-package_cron_installed_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	14	······</ocil:actions>
33	····</ocil:questionnaire>	15	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_wat~~ch_l~~o~~caltime~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_settimeofday_ocil:questionnaire:1">
35	······<ocil:title>Record·Attempts·to·Alter·the·lo~~cal~~time~~·File~~</ocil:title>	17	······<ocil:title>Record·attempts·to·alter·time·through·settimeofday</ocil:title>
36	······<ocil:actions>	18	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-audit_rules_time_wat~~ch_l~~o~~caltime~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-audit_rules_time_settimeofday_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	20	······</ocil:actions>
39	····</ocil:questionnaire>	21	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1">
41	······<ocil:t~~itle>C~~onf~~igu~~re·audi~~td·max_lo~~g_file_a~~ction·Up~~on~~·Reac~~h~~ing·Maxim~~u~~m·L~~o~~g·S~~ize~~</ocil~~:~~tit~~le>	22	····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_monthly_ocil:questionnaire:1">
		23	······<ocil:title>Verify·Owner·on·cron.monthly</ocil:title>
42	······<ocil:actions>	24	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-auditd_~~data_r~~et~~enti~~on_m~~ax_l~~o~~g_file_a~~ct~~ion~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-file_owner_cron_monthly_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	26	······</ocil:actions>
45	····</ocil:questionnaire>	27	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-file_~~per~~missions_etc_~~shadow~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
47	······<ocil:title>Verify·Permissions·on·s~~hadow·File~~</ocil:title>	29	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fchownat</ocil:title>
48	······<ocil:actions>	30	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-file_~~per~~missions_etc_~~shadow~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchownat_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	32	······</ocil:actions>
51	····</ocil:questionnaire>	33	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-mount_option_home_nodev_ocil:questionnaire:1">
53	······<ocil:title>Add~~·nod~~e~~v·Opt~~ion~~·to·/home</~~ocil:title>	34	····<ocil:questionnaire·id="ocil:ssg-audit_rules_login_events_faillock_ocil:questionnaire:1">
		35	······<ocil:title>Record·Attempts·to·Alter·Logon·and·Logout·Events·-·faillock</ocil:title>
54	······<ocil:actions>	36	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~moun~~t_~~opti~~on_~~home~~_~~nodev~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-audit_rules_login_events_faillock_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	38	······</ocil:actions>
57	····</ocil:questionnaire>	39	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_creat_ocil:questionnaire:1">
59	······<ocil:~~title>Reco~~rd·~~Unsu~~ccessful~~·Access·Att~~e~~mpt~~s~~·to·Files·-·creat</~~ocil:title>	40	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_security_opasswd_old_ocil:questionnaire:1">
		41	······<ocil:title>Verify·Group·Who·Owns·/etc/security/opasswd.old·File</ocil:title>
60	······<ocil:actions>	42	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~audit_~~ru~~les_unsuc~~cessful_file_mo~~difi~~ca~~tion~~_cr~~eat~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_security_opasswd_old_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	44	······</ocil:actions>
63	····</ocil:questionnaire>	45	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-mount_option_var_tmp_nodev_ocil:questionnaire:1">
65	······<ocil:title>Ad~~d·nodev·Opti~~on·to~~·/v~~ar/tm~~p</~~ocil:title>	46	····<ocil:questionnaire·id="ocil:ssg-dconf_gnome_disable_automount_ocil:questionnaire:1">
		47	······<ocil:title>Disable·GNOME3·Automounting</ocil:title>
66	······<ocil:actions>	48	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~mou~~nt_o~~ption_var~~_~~tmp_n~~o~~dev~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-dconf_gnome_disable_automount_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	50	······</ocil:actions>
69	····</ocil:questionnaire>	51	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~file~~_owne~~r_sshd~~_c~~onfig~~_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-no_netrc_files_ocil:questionnaire:1">
71	······<ocil:title>Verify·~~Own~~er·on~~·SSH~~·S~~erv~~er·~~config~~·file</ocil:title>	53	······<ocil:title>Verify·No·netrc·Files·Exist</ocil:title>
72	······<ocil:actions>	54	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~file~~_owne~~r_sshd~~_c~~onfig~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-no_netrc_files_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	56	······</ocil:actions>
75	····</ocil:questionnaire>	57	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-~~no_fil~~es_~~unowned~~_~~by_us~~er_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-package_ftp_removed_ocil:questionnaire:1">
77	······<ocil:title>~~Ensu~~re~~·All·Fil~~es·~~Are~~·~~Owned·by·~~a·User</ocil:title>	59	······<ocil:title>Remove·ftp·Package</ocil:title>
78	······<ocil:actions>	60	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~no_fil~~es_~~unowned~~_~~by_us~~er_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-package_ftp_removed_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	62	······</ocil:actions>
81	····</ocil:questionnaire>	63	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_clock_settime_ocil:questionnaire:1">
83	······<ocil:title>~~Rec~~or~~d·Att~~em~~pts·t~~o·Al~~ter·Time·T~~h~~rough·c~~l~~ock_~~s~~ettime</~~ocil:title>	64	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_gssapi_auth_ocil:questionnaire:1">
		65	······<ocil:title>Disable·GSSAPI·Authentication</ocil:title>
84	······<ocil:actions>	66	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-a~~udit~~_rules_~~tim~~e_~~clock_set~~time_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-sshd_disable_gssapi_auth_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	68	······</ocil:actions>
87	····</ocil:questionnaire>	69	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-acc~~oun~~ts_umask_e~~tc_log~~in_~~def~~s_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-audit_rules_sysadmin_actions_ocil:questionnaire:1">
89	······<ocil:title>Ensure·~~the·Defau~~lt~~·Uma~~sk·~~is·S~~et·~~Correc~~t~~ly·in~~·~~log~~i~~n.d~~efs</ocil:title>	71	······<ocil:title>Ensure·auditd·Collects·System·Administrator·Actions</ocil:title>
90	······<ocil:actions>	72	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-acc~~oun~~ts_umask_e~~tc_log~~in_~~def~~s_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-audit_rules_sysadmin_actions_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	74	······</ocil:actions>
93	····</ocil:questionnaire>	75	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_weekly_ocil:questionnaire:1">
95	······<ocil:ti~~tle>V~~eri~~fy·Grou~~p~~·Who·Own~~s~~·cr~~on.weekl~~y</~~ocil:title>	76	····<ocil:questionnaire·id="ocil:ssg-package_systemd-journal-remote_installed_ocil:questionnaire:1">
		77	······<ocil:title>Install·systemd-journal-remote·Package</ocil:title>
96	······<ocil:actions>	78	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~fil~~e_grou~~powne~~r~~_cron~~_~~week~~ly_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-package_systemd-journal-remote_installed_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	80	······</ocil:actions>
99	····</ocil:questionnaire>	81	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-file_~~own~~er_etc_i~~ssue~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_unlinkat_ocil:questionnaire:1">
101	······<ocil:title>Verify·ownership·of·Sys~~tem~~·~~Login~~·Ban~~ner~~</ocil:title>	83	······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·unlinkat</ocil:title>
102	······<ocil:actions>	84	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-file_~~own~~er_etc_i~~ssue~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_unlinkat_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	86	······</ocil:actions>
105	····</ocil:questionnaire>	87	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-accounts_password_last_ch~~ang~~e~~_is~~_i~~n_pas~~t_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_dcredit_ocil:questionnaire:1">
107	······<ocil:title>Ensure·~~all~~·u~~sers·la~~st·password·~~chang~~e~~·da~~te·is·in·t~~he·p~~ast</ocil:title>	89	······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Minimum·Digit·Characters</ocil:title>
108	······<ocil:actions>	90	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-accounts_password_last_ch~~ang~~e~~_is~~_i~~n_pas~~t_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_dcredit_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	92	······</ocil:actions>
111	····</ocil:questionnaire>	93	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-sshd_set_login_grace_time_ocil:questionnaire:1">
113	······<ocil:~~title>E~~nsure·S~~SH·L~~ogi~~nGr~~ac~~eTime·i~~s·co~~nfigu~~re~~d</~~ocil:title>	94	····<ocil:questionnaire·id="ocil:ssg-accounts_user_dot_user_ownership_ocil:questionnaire:1">
		95	······<ocil:title>User·Initialization·Files·Must·Be·Owned·By·the·Primary·User</ocil:title>
114	······<ocil:actions>	96	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_set_lo~~gin_g~~race~~_time~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-accounts_user_dot_user_ownership_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	98	······</ocil:actions>
117	····</ocil:questionnaire>	99	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-acco~~unts~~_umask_et~~c_p~~r~~ofil~~e_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-package_vsftpd_removed_ocil:questionnaire:1">
119	······<ocil:title>Ensu~~re·~~t~~he·Def~~aul~~t·Umas~~k·is~~·Set·Corre~~ct~~ly·~~in·/etc~~/profil~~e</ocil:title>	101	······<ocil:title>Uninstall·vsftpd·Package</ocil:title>
120	······<ocil:actions>	102	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-acco~~unts~~_umask_et~~c_p~~r~~ofil~~e_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-package_vsftpd_removed_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	104	······</ocil:actions>
Max diff block lines reached; 895993/907402 bytes (98.74%) of diff not shown.


Offset 3, 2563 lines modified		Offset 3, 2563 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-service_s~~nmpd~~_disabled_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-kernel_config_security_writable_hooks_ocil:questionnaire:1">
11	······<ocil:title>Disable·~~snmpd·Service~~</ocil:title>	11	······<ocil:title>Disable·mutable·hooks</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-service_s~~nmpd~~_disabled_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-kernel_config_security_writable_hooks_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-set_i~~p6tables~~_de~~fault_~~r~~ule~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-kernel_config_security_dmesg_restrict_ocil:questionnaire:1">
17	······<ocil:title>Set~~·Defa~~u~~lt·~~ip~~6tabl~~es·~~Policy~~·fo~~r·Incomi~~n~~g·Packets~~</ocil:title>	17	······<ocil:title>Restrict·unprivileged·access·to·the·kernel·syslog</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-set_i~~p6tables~~_de~~fault_~~r~~ule~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-kernel_config_security_dmesg_restrict_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_default_disable_ipv6_ocil:questionnaire:1">
23	······<ocil:~~title>Dis~~able·I~~Pv6·Addre~~ss~~ing·on·IPv6·Inte~~rf~~aces·~~b~~y·D~~e~~faul~~t</ocil:title>	22	····<ocil:questionnaire·id="ocil:ssg-sshd_enable_warning_banner_net_ocil:questionnaire:1">
		23	······<ocil:title>Enable·SSH·Warning·Banner</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-sysctl_ne~~t_ipv6_conf~~_defa~~ult_dis~~able~~_ipv6~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-sshd_enable_warning_banner_net_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1">
29	······<ocil:t~~itle>C~~onf~~igu~~re·~~aud~~itd~~·max~~_log_fil~~e_action·Upo~~n·Re~~achi~~ng~~·Max~~i~~mum·Log·Siz~~e</o~~cil:title~~>	28	····<ocil:questionnaire·id="ocil:ssg-kernel_config_ipv6_ocil:questionnaire:1">
		29	······<ocil:title>Disable·the·IPv6·protocol</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~auditd_data_re~~te~~nti~~on_max_log_file_ac~~tion~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-kernel_config_ipv6_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-kern~~el_c~~on~~fig~~_mo~~dule~~_sig_~~hash~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-partition_for_var_log_audit_ocil:questionnaire:1">
35	······<ocil:title>Spe~~cify·the·h~~ash·to~~·us~~e·~~whe~~n·~~signing~~·~~modules~~</ocil:title>	35	······<ocil:title>Ensure·/var/log/audit·Located·On·Separate·Partition</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-kern~~el_c~~on~~fig~~_mo~~dule~~_sig_~~hash~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-partition_for_var_log_audit_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-~~fil~~e_~~perm~~i~~ssions_e~~tc_passwd_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-kernel_config_security_yama_ocil:questionnaire:1">
41	······<ocil:title>~~Verify·P~~e~~rmissions~~·o~~n·p~~assw~~d·File~~</ocil:title>	41	······<ocil:title>Enable·Yama·support</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~fil~~e_~~perm~~i~~ssions_e~~tc_passwd_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-kernel_config_security_yama_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-~~partition~~_~~for~~_srv_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-file_owner_etc_passwd_ocil:questionnaire:1">
47	······<ocil:title>~~Ensure~~·/srv·~~Located~~·O~~n·Se~~pa~~rate~~·~~Parti~~tion</ocil:title>	47	······<ocil:title>Verify·User·Who·Owns·passwd·File</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~partition~~_~~for~~_srv_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-file_owner_etc_passwd_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_shadow_ocil:questionnaire:1">
53	······<ocil:ti~~tle>V~~eri~~fy·Permi~~ssions~~·on·Backup·shad~~o~~w·Fi~~le</ocil:title>	52	····<ocil:questionnaire·id="ocil:ssg-securetty_root_login_console_only_ocil:questionnaire:1">
		53	······<ocil:title>Restrict·Virtual·Console·Root·Logins</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-file~~_permissi~~ons_b~~ackup~~_~~etc_shad~~ow_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-securetty_root_login_console_only_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-a~~udit_priv~~ileged_~~comma~~nds_re~~boot~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-account_unique_name_ocil:questionnaire:1">
59	······<ocil:title>Ensure·~~auditd·C~~oll~~ects~~·~~Inf~~ormation·on·the·~~Use·of~~·Priv~~ileg~~ed·~~Comm~~an~~ds·-~~·r~~eboot~~</ocil:title>	59	······<ocil:title>Ensure·All·Accounts·on·the·System·Have·Unique·Names</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-a~~udit_priv~~ileged_~~comma~~nds_re~~boot~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-account_unique_name_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~kerne~~l_co~~nfig~~_~~module~~_sig_sha~~512~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-package_chrony_installed_ocil:questionnaire:1">
65	······<ocil:title>S~~ign~~·ker~~nel~~·~~modules~~·~~with·SHA-512~~</ocil:title>	65	······<ocil:title>The·Chrony·package·is·installed</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~kerne~~l_co~~nfig~~_~~module~~_sig_sha~~512~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-package_chrony_installed_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-seli~~nux~~_~~state~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-gnome_gdm_disable_xdmcp_ocil:questionnaire:1">
71	······<ocil:title>Ens~~ure·SELinux~~·~~State~~·i~~s·E~~n~~forcing~~</ocil:title>	71	······<ocil:title>Disable·XDMCP·in·GDM</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-seli~~nux~~_~~state~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-gnome_gdm_disable_xdmcp_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-~~audit_rules_u~~serg~~roup~~_m~~odific~~a~~tion~~_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-service_ntp_enabled_ocil:questionnaire:1">
77	······<ocil:title>~~Record·~~E~~vents~~·that·~~Modify~~·Use~~r/Group·Infor~~m~~ati~~on</ocil:title>	77	······<ocil:title>Enable·the·NTP·Daemon</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~audit_rules_u~~serg~~roup~~_m~~odific~~a~~tion~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-service_ntp_enabled_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-audit_r~~ules_~~login_~~eve~~nts_l~~astl~~og_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-audit_privileged_commands_reboot_ocil:questionnaire:1">
83	······<ocil:title>Re~~cor~~d·~~Attemp~~ts·to·Alte~~r·Log~~on·~~and·Lo~~g~~out·Eve~~nts·-·l~~astl~~og</ocil:title>	83	······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·reboot</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-audit_r~~ules_~~login_~~eve~~nts_l~~astl~~og_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-audit_privileged_commands_reboot_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-~~kerne~~l_co~~nfig_retpo~~line_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-sysctl_fs_protected_symlinks_ocil:questionnaire:1">
89	······<ocil:title>~~Avoid~~·spe~~cul~~a~~tiv~~e~~·indirect·b~~r~~anches~~·in·~~ker~~nel</ocil:title>	89	······<ocil:title>Enable·Kernel·Parameter·to·Enforce·DAC·on·Symlinks</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~kerne~~l_co~~nfig_retpo~~line_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-sysctl_fs_protected_symlinks_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-auditd_overflow_~~action~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-partition_for_var_ocil:questionnaire:1">
95	······<ocil:title>Ap~~prop~~r~~iat~~e~~·Action~~·~~Must~~·b~~e·Se~~tup·When·the~~·In~~terna~~l·Audi~~t~~·Ev~~ent·Qu~~eue·~~is·~~Full~~</ocil:title>	95	······<ocil:title>Ensure·/var·Located·On·Separate·Partition</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-auditd_overflow_~~action~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-partition_for_var_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-auditd_~~data_di~~sk_er~~ror~~_~~act~~i~~on_s~~tig_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-audit_rules_mac_modification_ocil:questionnaire:1">
101	······<ocil:title>Con~~figure~~·auditd·Dis~~k·Error·Ac~~t~~ion~~·~~on·Di~~s~~k·Er~~ror</ocil:title>	101	······<ocil:title>Record·Events·that·Modify·the·System's·Mandatory·Access·Controls</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-auditd_~~data_di~~sk_er~~ror~~_~~act~~i~~on_s~~tig_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-kernel_config_proc_kcore_ocil:questionnaire:1">
107	······<ocil:title~~>Disab~~le·su~~ppor~~t~~·for·/pr~~o~~c/kkcore</~~ocil:title>	106	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_num_logs_ocil:questionnaire:1">
		107	······<ocil:title>Configure·auditd·Number·of·Logs·Retained</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~kernel~~_~~config_pr~~oc_kcore_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_num_logs_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-ker~~nel~~_~~conf~~i~~g_ra~~n~~dom~~i~~ze_memo~~ry_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-dir_permissions_library_dirs_ocil:questionnaire:1">
113	······<ocil:title>~~Randomize~~·the·ker~~nel~~·memory·sections</ocil:title>	113	······<ocil:title>Verify·that·Shared·Library·Directories·Have·Restrictive·Permissions</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-ker~~nel~~_~~conf~~i~~g_ra~~n~~dom~~i~~ze_memo~~ry_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-dir_permissions_library_dirs_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-sshd_enable_pubke~~y_auth~~_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-sudo_add_noexec_ocil:questionnaire:1">
119	······<ocil:title>En~~abl~~e·Public·~~Key~~·Authen~~ticati~~on</ocil:title>	119	······<ocil:title>Ensure·Privileged·Escalated·Commands·Cannot·Execute·Other·Commands·-·sudo·NOEXEC</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-sshd_enable_pubke~~y_auth~~_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-sudo_add_noexec_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	122	······</ocil:actions>
123	····</ocil:questionnaire>	123	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_s~~ettime~~ofday_ocil:questionnaire:1">	124	····<ocil:questionnaire·id="ocil:ssg-audit_privileged_commands_poweroff_ocil:questionnaire:1">
125	······<ocil:title>~~Reco~~rd·at~~temp~~ts·to·alter·time~~·thr~~o~~ugh·~~s~~ettim~~eofday</ocil:title>	125	······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·poweroff</ocil:title>
Max diff block lines reached; 702131/714774 bytes (98.23%) of diff not shown.


Offset 3, 3841 lines modified		Offset 3, 3841 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lremovexattr_ocil:questionnaire:1">
11	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·th~~at·M~~odi~~fy·the·Sy~~s~~tem's·Dis~~c~~ret~~ion~~ary·Acc~~ess·C~~ontrols·-·~~lre~~mov~~exattr</o~~cil:title~~>	10	····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_key_ocil:questionnaire:1">
		11	······<ocil:title>Specify·module·signing·key·to·use</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-~~audi~~t_rules_dac_modific~~ati~~on_lrem~~ovexattr~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_key_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-~~kern~~el_config~~_modu~~l~~e_sig~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-postfix_client_configure_relayhost_ocil:questionnaire:1">
17	······<ocil:title>En~~abl~~e·module·si~~gnat~~ure·verific~~ation~~</ocil:title>	17	······<ocil:title>Configure·System·to·Forward·All·Mail·through·a·specific·host</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~kern~~el_config~~_modu~~l~~e_sig~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-postfix_client_configure_relayhost_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-grub2_page_alloc_shuffle_argument_ocil:questionnaire:1">
23	······<ocil:~~title>E~~nable·~~rand~~omi~~zation·of·the·page·a~~lloc~~ator</~~ocil:title>	22	····<ocil:questionnaire·id="ocil:ssg-kernel_config_legacy_ptys_ocil:questionnaire:1">
		23	······<ocil:title>Disable·legacy·(BSD)·PTY·support</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~grub2_pa~~ge~~_al~~loc~~_shuff~~le_a~~rgument~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-kernel_config_legacy_ptys_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-aide_~~perio~~d~~ic_c~~r~~on_ch~~e~~cking~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-service_systemd-journald_enabled_ocil:questionnaire:1">
29	······<ocil:title>Confi~~gur~~e·Pe~~riodic·Execution~~·~~of·AIDE~~</ocil:title>	29	······<ocil:title>Enable·systemd-journald·Service</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-aide_~~perio~~d~~ic_c~~r~~on_ch~~e~~cking~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-service_systemd-journald_enabled_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-~~ker~~nel_mo~~dule_tipc~~_disabled_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-mount_option_srv_nosuid_ocil:questionnaire:1">
35	······<ocil:title>Dis~~able·TIPC~~·~~Suppo~~rt</ocil:title>	35	······<ocil:title>Add·nosuid·Option·to·/srv</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~ker~~nel_mo~~dule_tipc~~_disabled_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-mount_option_srv_nosuid_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-~~packag~~e_tal~~k_removed~~_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-file_owner_var_log_syslog_ocil:questionnaire:1">
41	······<ocil:title>Unins~~tall~~·tal~~k·Packa~~ge</ocil:title>	41	······<ocil:title>Verify·User·Who·Owns·/var/log/syslog·File</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_tal~~k_removed~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-file_owner_var_log_syslog_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-~~package_setr~~o~~uble~~s~~hoot-se~~r~~ver~~_re~~mov~~ed_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-dir_system_commands_group_root_owned_ocil:questionnaire:1">
47	······<ocil:title>Uninsta~~ll·~~setro~~ubl~~esho~~ot-~~server·Package</ocil:title>	47	······<ocil:title>Verify·that·system·commands·directories·have·root·as·a·group·owner</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~package_setr~~o~~uble~~s~~hoot-se~~r~~ver~~_re~~mov~~ed_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-dir_system_commands_group_root_owned_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-~~packag~~e~~_nss-tools_~~inst~~all~~ed_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-aide_periodic_checking_systemd_timer_ocil:questionnaire:1">
53	······<ocil:title>Ensure·nss-t~~ools·~~is·in~~stalled~~</ocil:title>	53	······<ocil:title>Configure·Systemd·Timer·Execution·of·AIDE</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~packag~~e~~_nss-tools_~~inst~~all~~ed_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-aide_periodic_checking_systemd_timer_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-file_owner_v~~ar_lo~~g_~~syslog~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-kernel_config_devkmem_ocil:questionnaire:1">
59	······<ocil:title>Verif~~y·Us~~er·~~Who·Owns·/~~var/l~~og/syslog·File~~</ocil:title>	59	······<ocil:title>Disable·/dev/kmem·virtual·device·support</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-file_owner_v~~ar_lo~~g_~~syslog~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-kernel_config_devkmem_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-fi~~le_~~owner_~~back~~up_etc_gshadow_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-account_unique_name_ocil:questionnaire:1">
65	······<ocil:title>Ve~~rify~~·User·Who·Owns~~·Backup·gshadow~~·~~Fil~~e</ocil:title>	65	······<ocil:title>Ensure·All·Accounts·on·the·System·Have·Unique·Names</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-fi~~le_~~owner_~~back~~up_etc_gshadow_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-account_unique_name_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-audit_rules_~~dac_modifi~~c~~atio~~n_lse~~txattr~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_rmmod_ocil:questionnaire:1">
71	······<ocil:title>~~Reco~~rd·~~Even~~ts·~~tha~~t·~~Modify·~~the·~~Sys~~tem's·Discre~~tiona~~r~~y·Access~~·Co~~ntrol~~s·-·~~lsetxattr~~</ocil:title>	71	······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·rmmod</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-audit_rules_~~dac_modifi~~c~~atio~~n_lse~~txattr~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_rmmod_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-directory_groupowner_etc_sudoersd_ocil:questionnaire:1">
77	······<ocil:title>~~Verify·G~~r~~oup·Wh~~o~~·Own~~s·/e~~tc/sud~~o~~ers.d·D~~i~~rect~~o~~ry</~~ocil:title>	76	····<ocil:questionnaire·id="ocil:ssg-kernel_config_panic_on_oops_ocil:questionnaire:1">
		77	······<ocil:title>Kernel·panic·oops</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-directo~~ry_~~groupown~~er_e~~tc_~~sud~~oersd_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-kernel_config_panic_on_oops_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-~~kernel~~_c~~onfig~~_~~retpo~~l~~ine~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-package_chrony_installed_ocil:questionnaire:1">
83	······<ocil:title>~~Avoid·~~spe~~culative·i~~n~~dire~~c~~t·b~~ra~~nche~~s·in~~·kern~~el</ocil:title>	83	······<ocil:title>The·Chrony·package·is·installed</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~kernel~~_c~~onfig~~_~~retpo~~l~~ine~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-package_chrony_installed_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-kernel_config_l~~egacy~~_vsysc~~all~~_~~xonly~~_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-kernel_config_sched_stack_end_check_ocil:questionnaire:1">
89	······<ocil:title>Di~~sable~~·vsysc~~all·em~~u~~late~~·~~exe~~cut~~ion·on~~ly</ocil:title>	89	······<ocil:title>Detect·stack·corruption·on·calls·to·schedule()</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-kernel_config_l~~egacy~~_vsysc~~all~~_~~xonly~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-kernel_config_sched_stack_end_check_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-sysctl~~_ke~~rne~~l_ya~~ma_ptr~~ace_sc~~ope_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-rsyslog_remote_loghost_ocil:questionnaire:1">
95	······<ocil:title>Restrict·usage·o~~f·p~~t~~race~~·to·~~des~~cendant~~·pr~~o~~ces~~ses</ocil:title>	95	······<ocil:title>Ensure·Logs·Sent·To·Remote·Host</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-sysctl~~_ke~~rne~~l_ya~~ma_ptr~~ace_sc~~ope_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-rsyslog_remote_loghost_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_default_accept_source_route_ocil:questionnaire:1">
101	······<ocil:title~~>Di~~s~~able·Ker~~n~~el·Pa~~rameter·f~~or·Ac~~c~~eptin~~g·S~~our~~c~~e-Rout~~e~~d·Pa~~ckets·on·~~IPv6·Int~~e~~rfa~~ces~~·by·D~~e~~fau~~lt</o~~cil:title~~>	100	····<ocil:questionnaire·id="ocil:ssg-package_net-snmp_removed_ocil:questionnaire:1">
		101	······<ocil:title>Uninstall·net-snmp·Package</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-sysct~~l_n~~e~~t_ipv6~~_con~~f_d~~e~~faul~~t_~~acce~~pt_~~sou~~rce_ro~~ute~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-package_net-snmp_removed_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-~~sysc~~tl_k~~ernel~~_kptr_r~~estr~~ict_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-accounts_umask_etc_profile_ocil:questionnaire:1">
107	······<ocil:title>Restrict·~~Exposed~~·~~Kern~~el·Pointer·~~Addr~~es~~ses·Access~~</ocil:title>	107	······<ocil:title>Ensure·the·Default·Umask·is·Set·Correctly·in·/etc/profile</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~sysc~~tl_k~~ernel~~_kptr_r~~estr~~ict_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-accounts_umask_etc_profile_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-audit_sudo_log_events_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_creat_ocil:questionnaire:1">
113	······<ocil:title>Record·~~Attempt~~s~~·to~~·pe~~rform·~~m~~ain~~t~~enanc~~e·~~activi~~t~~ies~~</ocil:title>	113	······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·creat</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-audit_sudo_log_events_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_creat_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_chrony_keys_ocil:questionnaire:1">
119	······<ocil:title>~~Verify·G~~r~~oup·Wh~~o~~·Own~~s·/e~~tc/chr~~o~~ny.key~~s·File</ocil:title>	118	····<ocil:questionnaire·id="ocil:ssg-kernel_module_rds_disabled_ocil:questionnaire:1">
		119	······<ocil:title>Disable·RDS·Support</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-file~~_group~~o~~wner~~_~~etc~~_ch~~rony_k~~eys_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-kernel_module_rds_disabled_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	122	······</ocil:actions>
123	····</ocil:questionnaire>	123	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_kmod_ocil:questionnaire:1">
Max diff block lines reached; 1179567/1192408 bytes (98.92%) of diff not shown.


Offset 239, 23 lines modified		Offset 239, 23 lines modified
239	······</cpe-lang:logical-test>	239	······</cpe-lang:logical-test>
240	····</cpe-lang:platform>	240	····</cpe-lang:platform>
241	····<cpe-lang:platform·id="package_bash">	241	····<cpe-lang:platform·id="package_bash">
242	······<cpe-lang:logical-test·operator="AND"·negate="false">	242	······<cpe-lang:logical-test·operator="AND"·negate="false">
243	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian12-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>	243	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian12-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>
244	······</cpe-lang:logical-test>	244	······</cpe-lang:logical-test>
245	····</cpe-lang:platform>	245	····</cpe-lang:platform>
246	····<cpe-lang:platform·id="os_linux_rhel_gt_or_eq_8_7~~_and_os_linux_rhel_ne_9_0~~">	246	····<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">
247	······<cpe-lang:logical-test·operator="AND"·negate="false">	247	······<cpe-lang:logical-test·operator="AND"·negate="false">
248	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian12-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_gt_or_eq_8_7:def:1"/>	248	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian12-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>
249	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian12-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_ne_9_0:def:1"/>
250	······</cpe-lang:logical-test>	249	······</cpe-lang:logical-test>
251	····</cpe-lang:platform>	250	····</cpe-lang:platform>
252	····<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">	251	····<cpe-lang:platform·id="os_linux_rhel_gt_or_eq_8_7_and_os_linux_rhel_ne_9_0">
253	······<cpe-lang:logical-test·operator="AND"·negate="false">	252	······<cpe-lang:logical-test·operator="AND"·negate="false">
254	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian12-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>	253	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian12-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_gt_or_eq_8_7:def:1"/>
		254	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian12-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_ne_9_0:def:1"/>
255	······</cpe-lang:logical-test>	255	······</cpe-lang:logical-test>
256	····</cpe-lang:platform>	256	····</cpe-lang:platform>
257	····<cpe-lang:platform·id="package_shadow-utils">	257	····<cpe-lang:platform·id="package_shadow-utils">
258	······<cpe-lang:logical-test·operator="AND"·negate="false">	258	······<cpe-lang:logical-test·operator="AND"·negate="false">
259	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian12-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>	259	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian12-cpe-oval.xml"·id-ref="oval:ssg-package_shadow-utils:def:1"/>
260	······</cpe-lang:logical-test>	260	······</cpe-lang:logical-test>
261	····</cpe-lang:platform>	261	····</cpe-lang:platform>


Offset 19, 23 lines modified		Offset 19, 23 lines modified
19	····</ds:checklists>	19	····</ds:checklists>
20	····<ds:checks>	20	····<ds:checks>
21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-oval.xml"/>	21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-oval.xml"/>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-ocil.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-ocil.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-cpe-oval.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-cpe-oval.xml"/>
24	····</ds:checks>	24	····</ds:checks>
25	··</ds:data-stream>	25	··</ds:data-stream>
26	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	26	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28	······<cpe-dict:cpe-item·name="cpe:/a:mozilla:firefox">	28	······<cpe-dict:cpe-item·name="cpe:/a:mozilla:firefox">
29	········<cpe-dict:title·xml:lang="en-us">Mozilla·Firefox</cpe-dict:title>	29	········<cpe-dict:title·xml:lang="en-us">Mozilla·Firefox</cpe-dict:title>
30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-firefox-cpe-oval.xml">oval:ssg-installed_app_is_firefox:def:1</cpe-dict:check>	30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-firefox-cpe-oval.xml">oval:ssg-installed_app_is_firefox:def:1</cpe-dict:check>
31	······</cpe-dict:cpe-item>	31	······</cpe-dict:cpe-item>
32	····</cpe-dict:cpe-list>	32	····</cpe-dict:cpe-list>
33	··</ds:component>	33	··</ds:component>
34	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-xccdf.xml"·timestamp="2025-02-28T20:08:00">	34	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-xccdf.xml"·timestamp="2025-03-01T22:08:00">
35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>	37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>
38	······<xccdf-1.2:description>	38	······<xccdf-1.2:description>
39	········This·guide·presents·a·catalog·of·security-relevant	39	········This·guide·presents·a·catalog·of·security-relevant
40	configuration·settings·for·Firefox.·It·is·a·rendering·of	40	configuration·settings·for·Firefox.·It·is·a·rendering·of
41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 3488, 15 lines modified		Offset 3488, 15 lines modified
3488	··············<xccdf-1.2:check-content-ref·href="ssg-firefox-ocil.xml"·name="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1"/>	3488	··············<xccdf-1.2:check-content-ref·href="ssg-firefox-ocil.xml"·name="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1"/>
3489	············</xccdf-1.2:check>	3489	············</xccdf-1.2:check>
3490	··········</xccdf-1.2:Rule>	3490	··········</xccdf-1.2:Rule>
3491	········</xccdf-1.2:Group>	3491	········</xccdf-1.2:Group>
3492	······</xccdf-1.2:Group>	3492	······</xccdf-1.2:Group>
3493	····</xccdf-1.2:Benchmark>	3493	····</xccdf-1.2:Benchmark>
3494	··</ds:component>	3494	··</ds:component>
3495	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-oval.xml"·timestamp="2025-02-28T20:08:00">	3495	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-oval.xml"·timestamp="2025-03-01T22:08:00">
3496	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	3496	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
3497	······<oval-def:generator>	3497	······<oval-def:generator>
3498	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	3498	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
3499	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.5</oval:product_version>	3499	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.5</oval:product_version>
3500	········<oval:schema_version>5.11</oval:schema_version>	3500	········<oval:schema_version>5.11</oval:schema_version>
3501	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	3501	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>


Offset 21, 23 lines modified		Offset 21, 23 lines modified
21	····<ds:checks>	21	····<ds:checks>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-oval.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-oval.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-ocil.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-ocil.xml"/>
24	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-cpe-oval.xml"/>	24	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-cpe-oval.xml"/>
25	······<ds:component-ref·id="scap_org.open-scap_cref_oval-com.ubuntu.xenial.usn.oval.xml.bz2"·xlink:href="https://security-metadata.canonical.com/oval/com.ubuntu.xenial.usn.oval.xml.bz2"/>	25	······<ds:component-ref·id="scap_org.open-scap_cref_oval-com.ubuntu.xenial.usn.oval.xml.bz2"·xlink:href="https://security-metadata.canonical.com/oval/com.ubuntu.xenial.usn.oval.xml.bz2"/>
26	····</ds:checks>	26	····</ds:checks>
27	··</ds:data-stream>	27	··</ds:data-stream>
28	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	28	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
29	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	29	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
30	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~">	30	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~">
31	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·16.04·(Xenial)</cpe-dict:title>	31	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·16.04·(Xenial)</cpe-dict:title>
32	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1604-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1604:def:1</cpe-dict:check>	32	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1604-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1604:def:1</cpe-dict:check>
33	······</cpe-dict:cpe-item>	33	······</cpe-dict:cpe-item>
34	····</cpe-dict:cpe-list>	34	····</cpe-dict:cpe-list>
35	··</ds:component>	35	··</ds:component>
36	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-xccdf.xml"·timestamp="2025-02-28T20:08:00">	36	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-xccdf.xml"·timestamp="2025-03-01T22:08:00">
37	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-XENIAL"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	37	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-XENIAL"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
38	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	38	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
39	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·16.04</xccdf-1.2:title>	39	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·16.04</xccdf-1.2:title>
40	······<xccdf-1.2:description>	40	······<xccdf-1.2:description>
41	········This·guide·presents·a·catalog·of·security-relevant	41	········This·guide·presents·a·catalog·of·security-relevant
42	configuration·settings·for·Ubuntu·16.04.·It·is·a·rendering·of	42	configuration·settings·for·Ubuntu·16.04.·It·is·a·rendering·of
43	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	43	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 63230, 15 lines modified		Offset 63230, 15 lines modified
63230	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu1604-ocil.xml"·name="ocil:ssg-auditd_write_logs_ocil:questionnaire:1"/>	63230	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu1604-ocil.xml"·name="ocil:ssg-auditd_write_logs_ocil:questionnaire:1"/>
63231	············</xccdf-1.2:check>	63231	············</xccdf-1.2:check>
63232	··········</xccdf-1.2:Rule>	63232	··········</xccdf-1.2:Rule>
63233	········</xccdf-1.2:Group>	63233	········</xccdf-1.2:Group>
63234	······</xccdf-1.2:Group>	63234	······</xccdf-1.2:Group>
63235	····</xccdf-1.2:Benchmark>	63235	····</xccdf-1.2:Benchmark>
63236	··</ds:component>	63236	··</ds:component>
63237	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-oval.xml"·timestamp="2025-02-28T20:08:00">	63237	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-oval.xml"·timestamp="2025-03-01T22:08:00">
63238	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	63238	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
63239	······<oval-def:generator>	63239	······<oval-def:generator>
63240	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	63240	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
63241	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.5</oval:product_version>	63241	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.5</oval:product_version>
63242	········<oval:schema_version>5.11</oval:schema_version>	63242	········<oval:schema_version>5.11</oval:schema_version>
63243	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	63243	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>


Offset 21, 23 lines modified		Offset 21, 23 lines modified
21	····<ds:checks>	21	····<ds:checks>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-oval.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-oval.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-ocil.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-ocil.xml"/>
24	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-cpe-oval.xml"/>	24	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-cpe-oval.xml"/>
25	······<ds:component-ref·id="scap_org.open-scap_cref_oval-com.ubuntu.bionic.usn.oval.xml.bz2"·xlink:href="https://security-metadata.canonical.com/oval/com.ubuntu.bionic.usn.oval.xml.bz2"/>	25	······<ds:component-ref·id="scap_org.open-scap_cref_oval-com.ubuntu.bionic.usn.oval.xml.bz2"·xlink:href="https://security-metadata.canonical.com/oval/com.ubuntu.bionic.usn.oval.xml.bz2"/>
26	····</ds:checks>	26	····</ds:checks>
27	··</ds:data-stream>	27	··</ds:data-stream>
28	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	28	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
29	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	29	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
30	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~">	30	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~">
31	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·18.04·(Bionic·Beaver)</cpe-dict:title>	31	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·18.04·(Bionic·Beaver)</cpe-dict:title>
32	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1804-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1804:def:1</cpe-dict:check>	32	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1804-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1804:def:1</cpe-dict:check>
33	······</cpe-dict:cpe-item>	33	······</cpe-dict:cpe-item>
34	····</cpe-dict:cpe-list>	34	····</cpe-dict:cpe-list>
35	··</ds:component>	35	··</ds:component>
36	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-xccdf.xml"·timestamp="2025-02-28T20:08:00">	36	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-xccdf.xml"·timestamp="2025-03-01T22:08:00">
37	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-BIONIC"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	37	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-BIONIC"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
38	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	38	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
39	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·18.04</xccdf-1.2:title>	39	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·18.04</xccdf-1.2:title>
40	······<xccdf-1.2:description>	40	······<xccdf-1.2:description>
41	········This·guide·presents·a·catalog·of·security-relevant	41	········This·guide·presents·a·catalog·of·security-relevant
42	configuration·settings·for·Ubuntu·18.04.·It·is·a·rendering·of	42	configuration·settings·for·Ubuntu·18.04.·It·is·a·rendering·of
43	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	43	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 67111, 15 lines modified		Offset 67111, 15 lines modified
67111	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu1804-ocil.xml"·name="ocil:ssg-auditd_write_logs_ocil:questionnaire:1"/>	67111	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu1804-ocil.xml"·name="ocil:ssg-auditd_write_logs_ocil:questionnaire:1"/>
67112	············</xccdf-1.2:check>	67112	············</xccdf-1.2:check>
67113	··········</xccdf-1.2:Rule>	67113	··········</xccdf-1.2:Rule>
67114	········</xccdf-1.2:Group>	67114	········</xccdf-1.2:Group>
67115	······</xccdf-1.2:Group>	67115	······</xccdf-1.2:Group>
67116	····</xccdf-1.2:Benchmark>	67116	····</xccdf-1.2:Benchmark>
67117	··</ds:component>	67117	··</ds:component>
67118	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-oval.xml"·timestamp="2025-02-28T20:08:00">	67118	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-oval.xml"·timestamp="2025-03-01T22:08:00">
67119	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	67119	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
67120	······<oval-def:generator>	67120	······<oval-def:generator>
67121	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	67121	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
67122	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.5</oval:product_version>	67122	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.5</oval:product_version>
67123	········<oval:schema_version>5.11</oval:schema_version>	67123	········<oval:schema_version>5.11</oval:schema_version>
67124	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	67124	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>


Offset 19, 23 lines modified		Offset 19, 23 lines modified
19	····</ds:checklists>	19	····</ds:checklists>
20	····<ds:checks>	20	····<ds:checks>
21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-oval.xml"/>	21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-oval.xml"/>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-ocil.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-ocil.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-cpe-oval.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-cpe-oval.xml"/>
24	····</ds:checks>	24	····</ds:checks>
25	··</ds:data-stream>	25	··</ds:data-stream>
26	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	26	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~">	28	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~">
29	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·20.04·(Focal·Fossa)</cpe-dict:title>	29	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·20.04·(Focal·Fossa)</cpe-dict:title>
30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu2004-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu2004:def:1</cpe-dict:check>	30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu2004-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu2004:def:1</cpe-dict:check>
31	······</cpe-dict:cpe-item>	31	······</cpe-dict:cpe-item>
32	····</cpe-dict:cpe-list>	32	····</cpe-dict:cpe-list>
33	··</ds:component>	33	··</ds:component>
34	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-xccdf.xml"·timestamp="2025-02-28T20:08:00">	34	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-xccdf.xml"·timestamp="2025-03-01T22:08:00">
35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_20-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_20-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·20.04</xccdf-1.2:title>	37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·20.04</xccdf-1.2:title>
38	······<xccdf-1.2:description>	38	······<xccdf-1.2:description>
39	········This·guide·presents·a·catalog·of·security-relevant	39	········This·guide·presents·a·catalog·of·security-relevant
40	configuration·settings·for·Ubuntu·20.04.·It·is·a·rendering·of	40	configuration·settings·for·Ubuntu·20.04.·It·is·a·rendering·of
41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 143123, 15 lines modified		Offset 143123, 15 lines modified
143123	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu2004-ocil.xml"·name="ocil:ssg-file_permissions_etc_audit_rulesd_ocil:questionnaire:1"/>	143123	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu2004-ocil.xml"·name="ocil:ssg-file_permissions_etc_audit_rulesd_ocil:questionnaire:1"/>
143124	············</xccdf-1.2:check>	143124	············</xccdf-1.2:check>
143125	··········</xccdf-1.2:Rule>	143125	··········</xccdf-1.2:Rule>
143126	········</xccdf-1.2:Group>	143126	········</xccdf-1.2:Group>
143127	······</xccdf-1.2:Group>	143127	······</xccdf-1.2:Group>
143128	····</xccdf-1.2:Benchmark>	143128	····</xccdf-1.2:Benchmark>
143129	··</ds:component>	143129	··</ds:component>
143130	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-oval.xml"·timestamp="2025-02-28T20:08:00">	143130	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-oval.xml"·timestamp="2025-03-01T22:08:00">
143131	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	143131	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
143132	······<oval-def:generator>	143132	······<oval-def:generator>
143133	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	143133	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
143134	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.5</oval:product_version>	143134	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.5</oval:product_version>
143135	········<oval:schema_version>5.11</oval:schema_version>	143135	········<oval:schema_version>5.11</oval:schema_version>
143136	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	143136	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>


Offset 8560, 18 lines modified		Offset 8560, 18 lines modified
000216f0:·6b0a·616e·6420·7573·6520·7468·6520·696e··k.and·use·the·in		000216f0:·6b0a·616e·6420·7573·6520·7468·6520·696e··k.and·use·the·in
00021700:·666f·726d·6174·696f·6e20·746f·2070·6f74··formation·to·pot		00021700:·666f·726d·6174·696f·6e20·746f·2070·6f74··formation·to·pot
00021710:·656e·7469·616c·6c79·2063·6f6d·7072·6f6d··entially·comprom		00021710:·656e·7469·616c·6c79·2063·6f6d·7072·6f6d··entially·comprom
00021720:·6973·6520·7468·6520·696e·7465·6772·6974··ise·the·integrit		00021720:·6973·6520·7468·6520·696e·7465·6772·6974··ise·the·integrit
00021730:·7920·6f66·2074·6865·2073·7973·7465·6d20··y·of·the·system·		00021730:·7920·6f66·2074·6865·2073·7973·7465·6d20··y·of·the·system·
00021740:·616e·640a·6e65·7477·6f72·6b28·7329·2e0a··and.network(s)..		00021740:·616e·640a·6e65·7477·6f72·6b28·7329·2e0a··and.network(s)..
00021750:·2020·3c2f·7464·3e0a·2020·3c74·643e·7661····</td>.··<td>va		00021750:·2020·3c2f·7464·3e0a·2020·3c74·643e·7661····</td>.··<td>va
00021760:·725f·736e·6d70·645f·726f·5f73·7472·696e··r_snmpd_ro_strin		00021760:·725f·736e·6d70·645f·7277·5f73·7472·696e··r_snmpd_rw_strin
00021770:·673d·6368·616e·6765·6d65·726f·3c62·722f··g=changemero<br/		00021770:·673d·6368·616e·6765·6d65·7277·3c62·722f··g=changemerw<br/
00021780:·3e76·6172·5f73·6e6d·7064·5f72·775f·7374··>var_snmpd_rw_st		00021780:·3e76·6172·5f73·6e6d·7064·5f72·6f5f·7374··>var_snmpd_ro_st
00021790:·7269·6e67·3d63·6861·6e67·656d·6572·773c··ring=changemerw<		00021790:·7269·6e67·3d63·6861·6e67·656d·6572·6f3c··ring=changemero<
000217a0:·2f74·643e·0a3c·2f74·723e·0a3c·7472·3e0a··/td>.</tr>.<tr>.		000217a0:·2f74·643e·0a3c·2f74·723e·0a3c·7472·3e0a··/td>.</tr>.<tr>.
000217b0:·2020·3c74·643e·5343·2d35·3c2f·7464·3e0a····<td>SC-5</td>.		000217b0:·2020·3c74·643e·5343·2d35·3c2f·7464·3e0a····<td>SC-5</td>.
000217c0:·2020·3c74·643e·4e2f·413c·2f74·643e·0a20····<td>N/A</td>.·		000217c0:·2020·3c74·643e·4e2f·413c·2f74·643e·0a20····<td>N/A</td>.·
000217d0:·203c·7464·3e43·6f6e·6669·6775·7265·204b···<td>Configure·K		000217d0:·203c·7464·3e43·6f6e·6669·6775·7265·204b···<td>Configure·K
000217e0:·6572·6e65·6c20·746f·2052·6174·6520·4c69··ernel·to·Rate·Li		000217e0:·6572·6e65·6c20·746f·2052·6174·6520·4c69··ernel·to·Rate·Li
000217f0:·6d69·7420·5365·6e64·696e·6720·6f66·2044··mit·Sending·of·D		000217f0:·6d69·7420·5365·6e64·696e·6720·6f66·2044··mit·Sending·of·D
00021800:·7570·6c69·6361·7465·2054·4350·2041·636b··uplicate·TCP·Ack		00021800:·7570·6c69·6361·7465·2054·4350·2041·636b··uplicate·TCP·Ack


Offset 2919, 16 lines modified		Offset 2919, 16 lines modified
2919	··············································································network·management	2919	··············································································network·management
2920	··············································································protocol·(SNMP)	2920	··············································································protocol·(SNMP)
2921	··············································································community·strings	2921	··············································································community·strings
2922	··············································································must·be·changed·to	2922	··············································································must·be·changed·to
2923	··································Edit·/etc/snmp/snmpd.conf,·remove·or·change·maintain·security.	2923	··································Edit·/etc/snmp/snmpd.conf,·remove·or·change·maintain·security.
2924	··································the·default·community·strings·of·public·and·If·the·service·is	2924	··································the·default·community·strings·of·public·and·If·the·service·is
2925	··································private.·This·profile·configures·new·read-··running·with·the	2925	··································private.·This·profile·configures·new·read-··running·with·the
2926	········N/·Ensure·Default·SNMP····only·community·string·to·changemero·and·····default·············var_snmpd_ro_string=changemero	2926	········N/·Ensure·Default·SNMP····only·community·string·to·changemero·and·····default·············var_snmpd_rw_string=changemerw
2927	IA-5(e)·A··Password·Is·Not·Used···read-write·community·string·to·changemerw.··authenticators,·····var_snmpd_rw_string=changemerw	2927	IA-5(e)·A··Password·Is·Not·Used···read-write·community·string·to·changemerw.··authenticators,·····var_snmpd_ro_string=changemero
2928	··································Once·the·default·community·strings·have·····then·anyone·can	2928	··································Once·the·default·community·strings·have·····then·anyone·can
2929	··································been·changed,·restart·the·SNMP·service:·····gather·data·about	2929	··································been·changed,·restart·the·SNMP·service:·····gather·data·about
2930	··································$·sudo·systemctl·restart·snmpd··············the·system·and·the	2930	··································$·sudo·systemctl·restart·snmpd··············the·system·and·the
2931	··············································································network·and·use·the	2931	··············································································network·and·use·the
2932	··············································································information·to	2932	··············································································information·to
2933	··············································································potentially	2933	··············································································potentially
2934	··············································································compromise·the	2934	··············································································compromise·the


Offset 4070, 15 lines modified		Offset 4070, 15 lines modified
4070	<tt>RekeyLimit</tt>.	4070	<tt>RekeyLimit</tt>.
4071	··</td>	4071	··</td>
4072	··<td·xml:lang="en-US">	4072	··<td·xml:lang="en-US">
4073	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling	4073	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4074	time-based·limit,·effects·of·potential·attacks·against	4074	time-based·limit,·effects·of·potential·attacks·against
4075	encryption·keys·are·limited.	4075	encryption·keys·are·limited.
4076	··</td>	4076	··</td>
4077	··<td>var_ssh_client_rekey_limit_time=1~~hou~~r<br/>var_ssh_client_rekey_limit_size=1G</td>	4077	··<td>var_ssh_client_rekey_limit_size=1G<br/>var_ssh_client_rekey_limit_time=1hour</td>
4078	</tr>	4078	</tr>
4079	<tr>	4079	<tr>
4080	··<td></td>	4080	··<td></td>
4081	··<td>N/A</td>	4081	··<td>N/A</td>
4082	··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>	4082	··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>
4083	··<td·xml:lang="en-US">	4083	··<td·xml:lang="en-US">
4084	To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure	4084	To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure


Offset 3341, 16 lines modified		Offset 3341, 16 lines modified
3341	··················································································································options,·which·can	3341	··················································································································options,·which·can
3342	··················································································································help·protect	3342	··················································································································help·protect
3343	··················································································································programs·which·use	3343	··················································································································programs·which·use
3344	··················································································································it.	3344	··················································································································it.
3345	·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in····By·decreasing·the	3345	·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in····By·decreasing·the
3346	·························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the····limit·based·on·the	3346	·························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the····limit·based·on·the
3347	········Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····amount·of·data·and	3347	········Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····amount·of·data·and
3348	·····N/·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·var_ssh_client_rekey_limit_time=1~~hou~~r	3348	·····N/·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·var_ssh_client_rekey_limit_size=1G
3349	·····A··renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·limit,·effects·of···var_ssh_client_rekey_limit_size=1G	3349	·····A··renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·limit,·effects·of···var_ssh_client_rekey_limit_time=1hour
3350	········for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order··potential·attacks	3350	········for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order··potential·attacks
3351	·························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf······against·encryption	3351	·························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf······against·encryption
3352	·························containing·definition·of·RekeyLimit.·····················································keys·are·limited.	3352	·························containing·definition·of·RekeyLimit.·····················································keys·are·limited.
3353	··················································································································Some·SSH	3353	··················································································································Some·SSH
3354	··················································································································implementations·use	3354	··················································································································implementations·use
3355	··················································································································the·openssl·library	3355	··················································································································the·openssl·library
3356	··················································································································for·entropy,·which	3356	··················································································································for·entropy,·which


Offset 24427, 17 lines modified		Offset 24427, 17 lines modified
0005f6a0:·6e67·0a74·696d·652d·6261·7365·6420·6c69··ng.time-based·li		0005f6a0:·6e67·0a74·696d·652d·6261·7365·6420·6c69··ng.time-based·li
0005f6b0:·6d69·742c·2065·6666·6563·7473·206f·6620··mit,·effects·of·		0005f6b0:·6d69·742c·2065·6666·6563·7473·206f·6620··mit,·effects·of·
0005f6c0:·706f·7465·6e74·6961·6c20·6174·7461·636b··potential·attack		0005f6c0:·706f·7465·6e74·6961·6c20·6174·7461·636b··potential·attack
0005f6d0:·7320·6167·6169·6e73·740a·656e·6372·7970··s·against.encryp		0005f6d0:·7320·6167·6169·6e73·740a·656e·6372·7970··s·against.encryp
0005f6e0:·7469·6f6e·206b·6579·7320·6172·6520·6c69··tion·keys·are·li		0005f6e0:·7469·6f6e·206b·6579·7320·6172·6520·6c69··tion·keys·are·li
0005f6f0:·6d69·7465·642e·0a20·203c·2f74·643e·0a20··mited..··</td>.·		0005f6f0:·6d69·7465·642e·0a20·203c·2f74·643e·0a20··mited..··</td>.·
0005f700:·203c·7464·3e76·6172·5f72·656b·6579·5f6c···<td>var_rekey_l		0005f700:·203c·7464·3e76·6172·5f72·656b·6579·5f6c···<td>var_rekey_l
		0005f710:·696d·6974·5f73·697a·653d·3147·3c62·722f··imit_size=1G<br/
		0005f720:·3e76·6172·5f72·656b·6579·5f6c·696d·6974··>var_rekey_limit
0005f710:~~·696d·6974~~·5f74·696d·653d·3168·6f75·723c··~~imit~~_time=1hour<		0005f730:·5f74·696d·653d·3168·6f75·723c·2f74·643e··_time=1hour</td>
0005f720:·6272·2f3e·7661·725f·7265·6b65·795f·6c69··br/>var_rekey_li
0005f730:·6d69·745f·7369·7a65·3d31·473c·2f74·643e··mit_size=1G</td>
0005f740:·0a3c·2f74·723e·0a3c·7472·3e0a·2020·3c74··.</tr>.<tr>.··<t		0005f740:·0a3c·2f74·723e·0a3c·7472·3e0a·2020·3c74··.</tr>.<tr>.··<t
0005f750:·643e·3c2f·7464·3e0a·2020·3c74·643e·4e2f··d></td>.··<td>N/		0005f750:·643e·3c2f·7464·3e0a·2020·3c74·643e·4e2f··d></td>.··<td>N/
0005f760:·413c·2f74·643e·0a20·203c·7464·3e53·5348··A</td>.··<td>SSH		0005f760:·413c·2f74·643e·0a20·203c·7464·3e53·5348··A</td>.··<td>SSH
0005f770:·2073·6572·7665·7220·7573·6573·2073·7472···server·uses·str		0005f770:·2073·6572·7665·7220·7573·6573·2073·7472···server·uses·str
0005f780:·6f6e·6720·656e·7472·6f70·7920·746f·2073··ong·entropy·to·s		0005f780:·6f6e·6720·656e·7472·6f70·7920·746f·2073··ong·entropy·to·s
0005f790:·6565·643c·2f74·643e·0a20·203c·7464·2078··eed</td>.··<td·x		0005f790:·6565·643c·2f74·643e·0a20·203c·7464·2078··eed</td>.··<td·x
0005f7a0:·6d6c·3a6c·616e·673d·2265·6e2d·5553·223e··ml:lang="en-US">		0005f7a0:·6d6c·3a6c·616e·673d·2265·6e2d·5553·223e··ml:lang="en-US">


Offset 7774, 16 lines modified		Offset 7774, 16 lines modified
7774	·································private·key.··········································system·where·the	7774	·································private·key.··········································system·where·the
7775	·······················································································associated·public	7775	·······················································································associated·public
7776	·······················································································key·has·been	7776	·······················································································key·has·been
7777	·······················································································installed.	7777	·······················································································installed.
7778	·································The·RekeyLimit·parameter·specifies·how·often·the······By·decreasing·the	7778	·································The·RekeyLimit·parameter·specifies·how·often·the······By·decreasing·the
7779	·································session·key·of·the·is·renegotiated,·both·in·terms·of··limit·based·on·the	7779	·································session·key·of·the·is·renegotiated,·both·in·terms·of··limit·based·on·the
7780	···········Force·frequent········amount·of·data·that·may·be·transmitted·and·the·time···amount·of·data·and	7780	···········Force·frequent········amount·of·data·that·may·be·transmitted·and·the·time···amount·of·data·and
7781	········N/·session·key···········elapsed.··············································enabling·time-based·var_rekey_limit_time=1~~hou~~r	7781	········N/·session·key···········elapsed.··············································enabling·time-based·var_rekey_limit_size=1G
7782	········A··renegotiation·········To·decrease·the·default·limits,·add·or·correct·the····limit,·effects·of···var_rekey_limit_size=1G	7782	········A··renegotiation·········To·decrease·the·default·limits,·add·or·correct·the····limit,·effects·of···var_rekey_limit_time=1hour
7783	·································following·line·in·/etc/ssh/sshd_config:···············potential·attacks	7783	·································following·line·in·/etc/ssh/sshd_config:···············potential·attacks
7784	·································RekeyLimit·1G·1hour···································against·encryption	7784	·································RekeyLimit·1G·1hour···································against·encryption
7785	·······················································································keys·are·limited.	7785	·······················································································keys·are·limited.
7786	·······················································································SSH·implementation	7786	·······················································································SSH·implementation
7787	·······················································································in·Oracle·Linux·8	7787	·······················································································in·Oracle·Linux·8
7788	·······················································································uses·the·openssl	7788	·······················································································uses·the·openssl
7789	·······················································································library,·which	7789	·······················································································library,·which


Offset 4075, 15 lines modified		Offset 4075, 15 lines modified
4075	<tt>RekeyLimit</tt>.	4075	<tt>RekeyLimit</tt>.
4076	··</td>	4076	··</td>
4077	··<td·xml:lang="en-US">	4077	··<td·xml:lang="en-US">
4078	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling	4078	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4079	time-based·limit,·effects·of·potential·attacks·against	4079	time-based·limit,·effects·of·potential·attacks·against
4080	encryption·keys·are·limited.	4080	encryption·keys·are·limited.
4081	··</td>	4081	··</td>
4082	··<td>var_ssh_client_rekey_limit_time=1~~hou~~r<br/>var_ssh_client_rekey_limit_size=1G</td>	4082	··<td>var_ssh_client_rekey_limit_size=1G<br/>var_ssh_client_rekey_limit_time=1hour</td>
4083	</tr>	4083	</tr>
4084	<tr>	4084	<tr>
4085	··<td></td>	4085	··<td></td>
4086	··<td>CCE-83349-1</td>	4086	··<td>CCE-83349-1</td>
4087	··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>	4087	··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>
4088	··<td·xml:lang="en-US">	4088	··<td·xml:lang="en-US">
4089	To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure	4089	To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure
Offset 4138, 15 lines modified		Offset 4138, 15 lines modified
4138	<pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>	4138	<pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>
4139	··</td>	4139	··</td>
4140	··<td·xml:lang="en-US">	4140	··<td·xml:lang="en-US">
4141	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling	4141	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4142	time-based·limit,·effects·of·potential·attacks·against	4142	time-based·limit,·effects·of·potential·attacks·against
4143	encryption·keys·are·limited.	4143	encryption·keys·are·limited.
4144	··</td>	4144	··</td>
4145	··<td>var_rekey_limit_time=1~~hou~~r<br/>var_rekey_limit_size=1G</td>	4145	··<td>var_rekey_limit_size=1G<br/>var_rekey_limit_time=1hour</td>
4146	</tr>	4146	</tr>
4147	<tr>	4147	<tr>
4148	··<td></td>	4148	··<td></td>
4149	··<td>CCE-82462-3</td>	4149	··<td>CCE-82462-3</td>
4150	··<td>SSH·server·uses·strong·entropy·to·seed</td>	4150	··<td>SSH·server·uses·strong·entropy·to·seed</td>
4151	··<td·xml:lang="en-US">	4151	··<td·xml:lang="en-US">
4152	To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.	4152	To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.


Offset 3356, 16 lines modified		Offset 3356, 16 lines modified
3356	······················································································································options,·which·can	3356	······················································································································options,·which·can
3357	······················································································································help·protect	3357	······················································································································help·protect
3358	······················································································································programs·which·use	3358	······················································································································programs·which·use
3359	······················································································································it.	3359	······················································································································it.
3360	·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in····By·decreasing·the	3360	·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in····By·decreasing·the
3361	·····························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the····limit·based·on·the	3361	·····························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the····limit·based·on·the
3362	·····CCE-···Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····amount·of·data·and	3362	·····CCE-···Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····amount·of·data·and
3363	·····82880-·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·var_ssh_client_rekey_limit_time=1~~hou~~r	3363	·····82880-·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·var_ssh_client_rekey_limit_size=1G
3364	·····6······renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·limit,·effects·of···var_ssh_client_rekey_limit_size=1G	3364	·····6······renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·limit,·effects·of···var_ssh_client_rekey_limit_time=1hour
3365	············for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order··potential·attacks	3365	············for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order··potential·attacks
3366	·····························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf······against·encryption	3366	·····························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf······against·encryption
3367	·····························containing·definition·of·RekeyLimit.·····················································keys·are·limited.	3367	·····························containing·definition·of·RekeyLimit.·····················································keys·are·limited.
3368	······················································································································Some·SSH	3368	······················································································································Some·SSH
3369	······················································································································implementations·use	3369	······················································································································implementations·use
3370	······················································································································the·openssl·library	3370	······················································································································the·openssl·library
3371	······················································································································for·entropy,·which	3371	······················································································································for·entropy,·which
Offset 3416, 16 lines modified		Offset 3416, 16 lines modified
3416	······················································································································generator·used·by	3416	······················································································································generator·used·by
3417	······················································································································SSH·would·be·known	3417	······················································································································SSH·would·be·known
3418	······················································································································to·potential	3418	······················································································································to·potential
3419	······················································································································attackers.	3419	······················································································································attackers.
3420	······················································································································By·decreasing·the	3420	······················································································································By·decreasing·the
3421	·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,·····limit·based·on·the	3421	·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,·····limit·based·on·the
3422	·····CCE-···Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············amount·of·data·and	3422	·····CCE-···Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············amount·of·data·and
3423	·····82177-·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·var_rekey_limit_time=1~~hou~~r	3423	·····82177-·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·var_rekey_limit_size=1G
3424	·····7······renegotiation····sshd_config:·············································································limit,·effects·of···var_rekey_limit_size=1G	3424	·····7······renegotiation····sshd_config:·············································································limit,·effects·of···var_rekey_limit_time=1hour
3425	·····························RekeyLimit·1G·1hour······································································potential·attacks	3425	·····························RekeyLimit·1G·1hour······································································potential·attacks
3426	······················································································································against·encryption	3426	······················································································································against·encryption
3427	······················································································································keys·are·limited.	3427	······················································································································keys·are·limited.
3428	······················································································································SSH·implementation	3428	······················································································································SSH·implementation
3429	······················································································································in·Red·Hat	3429	······················································································································in·Red·Hat
3430	······················································································································Enterprise·Linux·8	3430	······················································································································Enterprise·Linux·8
3431	······················································································································uses·the·openssl	3431	······················································································································uses·the·openssl


Offset 1, 10 lines modified		Offset 1, 10 lines modified
1	<?xml·version="1.0"·encoding="utf-8"?>	1	<?xml·version="1.0"·encoding="utf-8"?>
2	<xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">	2	<xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">
3	··<xccdf-1.2:version·time="2025-02-28T20:08:00">1</xccdf-1.2:version>	3	··<xccdf-1.2:version·time="2025-03-01T22:08:00">1</xccdf-1.2:version>
4	··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">	4	··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">
5	····<xccdf-1.2:title·override="true">DISA·STIG·for·Oracle·Linux·8</xccdf-1.2:title>	5	····<xccdf-1.2:title·override="true">DISA·STIG·for·Oracle·Linux·8</xccdf-1.2:title>
6	····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the	6	····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the
7	DISA·STIG·for·Oracle·Linux·8·V2R3.</xccdf-1.2:description>	7	DISA·STIG·for·Oracle·Linux·8·V2R3.</xccdf-1.2:description>
8	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs"·selected="false"/>	8	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs"·selected="false"/>
9	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_logon_fail_delay"·selected="false"/>	9	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_logon_fail_delay"·selected="false"/>
10	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions"·selected="false"/>	10	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions"·selected="false"/>


Offset 3, 3095 lines modified		Offset 3, 3095 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-~~sshd~~_set_~~idle_~~ti~~meout~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-audit_rules_execution_chcon_ocil:questionnaire:1">
11	······<ocil:title>Set·~~SSH~~·~~Cli~~e~~nt·Alive·I~~n~~terval~~</ocil:title>	11	······<ocil:title>Record·Any·Attempts·to·Run·chcon</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_set_~~idle_~~ti~~meout~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-audit_rules_execution_chcon_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-package_avahi_removed_ocil:questionnaire:1">
17	······<ocil:title~~>Uninsta~~l~~l·av~~ahi~~·Serv~~e~~r·P~~ackage</ocil:title>	16	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lsetxattr_ocil:questionnaire:1">
		17	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·lsetxattr</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_avahi_re~~moved~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_lsetxattr_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_passwd_ocil:questionnaire:1">
23	······<ocil:title~~>Ver~~i~~fy·Gro~~u~~p·Who·Owns·Backup·p~~a~~sswd·F~~il~~e</~~ocil:title>	22	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
		23	······<ocil:title>Configure·auditd·mail_acct·Action·on·Low·Disk·Space</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-file_~~groupow~~n~~er_b~~ac~~kup~~_~~etc_p~~as~~swd~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-~~file~~_o~~wner~~_~~etc~~_issu~~e_n~~et_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-mount_option_home_nosuid_ocil:questionnaire:1">
29	······<ocil:title>~~Verify~~·ownershi~~p·o~~f·Syst~~em·Log~~i~~n·Ba~~nner·for·~~Remote~~·Conne~~ctions~~</ocil:title>	29	······<ocil:title>Add·nosuid·Option·to·/home</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~file~~_o~~wner~~_~~etc~~_issu~~e_n~~et_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-mount_option_home_nosuid_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-~~packag~~e_~~ftp_removed~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_hourly_ocil:questionnaire:1">
35	······<ocil:title>Re~~move~~·~~ftp~~·Pac~~kage~~</ocil:title>	35	······<ocil:title>Verify·Owner·on·cron.hourly</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_~~ftp_removed~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-file_owner_cron_hourly_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-s~~ervic~~e_~~auditd_~~e~~nabled~~_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-sshd_set_max_sessions_ocil:questionnaire:1">
41	······<ocil:title>~~Enable~~·a~~uditd·Serv~~ice</ocil:title>	41	······<ocil:title>Set·SSH·MaxSessions·limit</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-s~~ervic~~e_~~auditd_~~e~~nabled~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-sshd_set_max_sessions_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-audi~~t_ru~~le~~s_dac~~_mo~~dificati~~on_re~~movexa~~ttr_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-file_owner_crontab_ocil:questionnaire:1">
47	······<ocil:title>Recor~~d·Events·that·Mod~~ify~~·the~~·S~~yst~~e~~m's·Disc~~retion~~ary~~·Acc~~ess·~~Cont~~rols·-·removex~~attr</ocil:title>	47	······<ocil:title>Verify·Owner·on·crontab</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-audi~~t_ru~~le~~s_dac~~_mo~~dificati~~on_re~~movexa~~ttr_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-file_owner_crontab_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-file_cron_deny_~~not_exist~~_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-file_owner_grub2_cfg_ocil:questionnaire:1">
53	······<ocil:title>~~Ensure~~·~~tha~~t~~·/etc~~/cron.d~~eny~~·does·~~not·exist~~</ocil:title>	53	······<ocil:title>Verify·/boot/grub2/grub.cfg·User·Ownership</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-file_cron_deny_~~not_exist~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-file_owner_grub2_cfg_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-audit_rules_kernel_module_loading_create_ocil:questionnaire:1">
59	······<ocil:~~title>E~~nsure·~~aud~~itd·Co~~llect~~s~~·Informa~~tion·on~~·Kern~~e~~l·Modul~~e·~~Unl~~oadi~~ng·-·cr~~eate_mo~~dule</oc~~il:~~title~~>	58	····<ocil:questionnaire·id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
		59	······<ocil:title>Verify·Only·Root·Has·UID·0</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-a~~udit_r~~ules_~~ker~~n~~el_m~~odule_l~~oading~~_create_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~sudo~~_~~cus~~tom_~~logfile~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-package_vsftpd_removed_ocil:questionnaire:1">
65	······<ocil:title>En~~sure·Sudo·Logfi~~le·~~Exis~~ts·-~~·su~~do·~~logfil~~e</ocil:title>	65	······<ocil:title>Uninstall·vsftpd·Package</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~sudo~~_~~cus~~tom_~~logfile~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-package_vsftpd_removed_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-e~~nsur~~e_ro~~ot_~~password_~~configur~~ed_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-file_ownership_sshd_pub_key_ocil:questionnaire:1">
71	······<ocil:title>~~Ensure~~·A~~uth~~en~~ticati~~on·~~Requi~~red·~~for·Single·Us~~er·~~Mod~~e</ocil:title>	71	······<ocil:title>Verify·Ownership·on·SSH·Server·Public·*.pub·Key·Files</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-e~~nsur~~e_ro~~ot_~~password_~~configur~~ed_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-file_ownership_sshd_pub_key_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
77	······<ocil:~~title>Reco~~rd·~~Events·that·Modify·~~t~~he·Sy~~s~~tem'~~s~~·Discreti~~o~~nary·Ac~~c~~ess·Contro~~l~~s·-·fch~~owna~~t</oc~~il:~~title~~>	76	····<ocil:questionnaire·id="ocil:ssg-accounts_passwords_pam_faillock_unlock_time_ocil:questionnaire:1">
		77	······<ocil:title>Set·Lockout·Time·for·Failed·Password·Attempts</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-au~~dit~~_~~rule~~s_dac_modi~~ficatio~~n_fc~~hownat~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-accounts_passwords_pam_faillock_unlock_time_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-~~sudo~~_add_use_pty_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-kernel_module_sctp_disabled_ocil:questionnaire:1">
83	······<ocil:title>Ens~~ure·~~Onl~~y·Users·Logged·In·To·R~~eal·~~tty~~·C~~an·Execu~~te·Su~~do·-·s~~udo~~·use_~~pty</ocil:title>	83	······<ocil:title>Disable·SCTP·Support</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~sudo~~_add_use_pty_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-kernel_module_sctp_disabled_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-no_password_auth_for_systemaccounts_ocil:questionnaire:1">
89	······<ocil:~~title>E~~nsure·~~that·Sy~~s~~tem·A~~c~~cou~~nt~~s·Are·Lock~~ed</ocil:title>	88	····<ocil:questionnaire·id="ocil:ssg-package_nftables_installed_ocil:questionnaire:1">
		89	······<ocil:title>Install·nftables·Package</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~no_~~pas~~sword~~_aut~~h_for~~_systema~~ccounts~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-package_nftables_installed_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-~~mount_~~o~~ptio~~n~~_tmp_nosuid~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_user_cfg_ocil:questionnaire:1">
95	······<ocil:title>~~Add~~·nosu~~id·Option~~·to·~~/tm~~p</ocil:title>	95	······<ocil:title>Verify·/boot/grub2/user.cfg·Group·Ownership</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~mount_~~o~~ptio~~n~~_tmp_nosuid~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-file_groupowner_user_cfg_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-~~moun~~t_option_var_~~tmp~~_~~noexec~~_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_space_left_action_ocil:questionnaire:1">
101	······<ocil:title>Add·noexec·Option·to·~~/var/tmp~~</ocil:title>	101	······<ocil:title>Configure·auditd·space_left·Action·on·Low·Disk·Space</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~moun~~t_option_var_~~tmp~~_~~noexec~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_space_left_action_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-file_own~~er_cr~~on_mont~~hly~~_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-selinux_state_ocil:questionnaire:1">
107	······<ocil:title>Ver~~ify·Ow~~ner·on·~~cron.m~~o~~nthly~~</ocil:title>	107	······<ocil:title>Ensure·SELinux·State·is·Enforcing</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-file_own~~er_cr~~on_mont~~hly~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-selinux_state_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-fi~~rewal~~ld_loop~~back_t~~r~~affic~~_rest~~ricted~~_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_at_allow_ocil:questionnaire:1">
113	······<ocil:title>C~~onf~~igure·Firew~~alld·t~~o·~~Restric~~t·~~Loopb~~ac~~k·Tra~~f~~fic~~</ocil:title>	113	······<ocil:title>Verify·Group·Who·Owns·/etc/at.allow·file</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-fi~~rewal~~ld_loop~~back_t~~r~~affic~~_rest~~ricted~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-file_groupowner_at_allow_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-~~sshd~~_limit_user~~_access~~_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-file_permissions_ungroupowned_ocil:questionnaire:1">
119	······<ocil:title>Li~~mit~~·Use~~rs'~~·~~SSH·Access~~</ocil:title>	119	······<ocil:title>Ensure·All·Files·Are·Owned·by·a·Group</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_limit_user~~_access~~_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-file_permissions_ungroupowned_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	122	······</ocil:actions>
123	····</ocil:questionnaire>	123	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-audit_rules_~~tim~~e_s~~ett~~imeofday_ocil:questionnaire:1">	124	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_open_ocil:questionnaire:1">
Max diff block lines reached; 724409/736898 bytes (98.31%) of diff not shown.


Offset 3, 5367 lines modified		Offset 3, 5367 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_empty_passwords_ocil:questionnaire:1">
11	······<ocil:title>Disable·SSH·Access·via·Empty·Passwords</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-sshd_disable_empty_passwords_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-~~packag~~e_ta~~lk_removed~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-sudo_remove_no_authenticate_ocil:questionnaire:1">
17	······<ocil:title>Uninstall·talk·Package</ocil:title>	11	······<ocil:title>Ensure·Users·Re-Authenticate·for·Privilege·Escalation·-·sudo·!authenticate</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_ta~~lk_removed~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-sudo_remove_no_authenticate_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-file_gr~~oup~~owner_e~~tc_~~pa~~ssw~~d_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-service_chronyd_enabled_ocil:questionnaire:1">
23	······<ocil:title>Ve~~rify·G~~ro~~up·Who·Owns~~·pass~~wd·Fi~~le</ocil:title>	17	······<ocil:title>The·Chronyd·service·is·enabled</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-file_gr~~oup~~owner_e~~tc_~~pa~~ssw~~d_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-service_chronyd_enabled_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-d~~isabl~~e_hos~~t_auth~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
29	······<ocil:title>Disable·Hos~~t-Bas~~ed·Authentication</ocil:title>	23	······<ocil:title>Ensure·Users·Re-Authenticate·for·Privilege·Escalation·-·sudo·NOPASSWD</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-d~~isabl~~e_hos~~t_auth~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lchown_ocil:questionnaire:1">
35	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·th~~at·M~~odify~~·the·Syst~~e~~m's·D~~is~~cre~~tion~~ary·Access·Controls·-·~~l~~chown</~~o~~cil:title~~>	28	····<ocil:questionnaire·id="ocil:ssg-file_permissions_sshd_private_key_ocil:questionnaire:1">
		29	······<ocil:title>Verify·Permissions·on·SSH·Server·Private·*_key·Key·Files</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~audit_~~r~~ule~~s~~_dac~~_modification_~~lchown~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-file_permissions_sshd_private_key_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-~~kernel_config~~_r~~andomize~~_memory_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-sshd_rekey_limit_ocil:questionnaire:1">
41	······<ocil:title>~~Randomiz~~e·the~~·ker~~nel·mem~~ory·sec~~tions</ocil:title>	35	······<ocil:title>Force·frequent·session·key·renegotiation</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~kernel_config~~_r~~andomize~~_memory_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-sshd_rekey_limit_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-audit_privileged_commands_shutdown_ocil:questionnaire:1">
47	······<ocil:~~title>E~~nsure·~~aud~~itd·Col~~lect~~s~~·Info~~rmati~~on·on·t~~he·Us~~e·of·Privileg~~ed·Comm~~ands·-·~~shutdown</ocil:~~title~~>	40	····<ocil:questionnaire·id="ocil:ssg-service_syslogng_enabled_ocil:questionnaire:1">
		41	······<ocil:title>Enable·syslog-ng·Service</ocil:title>
48	······<ocil:actions>	42	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~audit~~_privile~~ged_c~~ommands_s~~hutdown~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-service_syslogng_enabled_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	44	······</ocil:actions>
51	····</ocil:questionnaire>	45	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-~~servic~~e~~_fir~~e~~walld_enabl~~ed_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-grub2_enable_iommu_force_ocil:questionnaire:1">
53	······<ocil:title>~~Verify·~~fir~~ewall~~d~~·Enabled~~</ocil:title>	47	······<ocil:title>IOMMU·configuration·directive</ocil:title>
54	······<ocil:actions>	48	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~servic~~e~~_fir~~e~~walld_enabl~~ed_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-grub2_enable_iommu_force_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	50	······</ocil:actions>
57	····</ocil:questionnaire>	51	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-sshd_~~enabl~~e_gssapi_~~auth~~_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-sshd_set_keepalive_0_ocil:questionnaire:1">
59	······<ocil:title>~~Enable~~·~~GSSAPI~~·A~~uth~~enticat~~ion~~</ocil:title>	53	······<ocil:title>Set·SSH·Client·Alive·Count·Max·to·zero</ocil:title>
60	······<ocil:actions>	54	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-sshd_~~enabl~~e_gssapi_~~auth~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-sshd_set_keepalive_0_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	56	······</ocil:actions>
63	····</ocil:questionnaire>	57	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~accounts_~~pa~~sswo~~rd_~~pam_lcredit~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-prefer_64bit_os_ocil:questionnaire:1">
65	······<ocil:title>~~Ens~~ure·~~PAM~~·Enforces·Pa~~ssword·Requir~~ement~~s·-~~·M~~inimu~~m·Low~~erca~~se~~·Cha~~racters</ocil:title>	59	······<ocil:title>Prefer·to·use·a·64-bit·Operating·System·when·supported</ocil:title>
66	······<ocil:actions>	60	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~accounts_~~pa~~sswo~~rd_~~pam_lcredit~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-prefer_64bit_os_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	62	······</ocil:actions>
69	····</ocil:questionnaire>	63	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-selinux_no~~t_dis~~a~~bled~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-file_permissions_audit_configuration_ocil:questionnaire:1">
71	······<ocil:title>Ensure·~~SEL~~inux·is·Not·Dis~~abled~~</ocil:title>	65	······<ocil:title>Audit·Configuration·Files·Permissions·are·640·or·More·Restrictive</ocil:title>
72	······<ocil:actions>	66	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-selinux_no~~t_dis~~a~~bled~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-file_permissions_audit_configuration_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	68	······</ocil:actions>
75	····</ocil:questionnaire>	69	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-g~~nome_~~gdm_di~~sabl~~e_~~xdmcp~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-package_bind_removed_ocil:questionnaire:1">
77	······<ocil:title>Disable·~~XDMCP·in·GDM~~</ocil:title>	71	······<ocil:title>Uninstall·bind·Package</ocil:title>
78	······<ocil:actions>	72	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-g~~nome_~~gdm_di~~sabl~~e_~~xdmcp~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-package_bind_removed_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	74	······</ocil:actions>
81	····</ocil:questionnaire>	75	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_pwhistory_remember_system_auth_ocil:questionnaire:1">
83	······<ocil:title~~>Limit·Pa~~ss~~word·R~~e~~use:·syst~~e~~m-au~~t~~h</~~ocil:title>	76	····<ocil:questionnaire·id="ocil:ssg-kernel_config_debug_notifiers_ocil:questionnaire:1">
		77	······<ocil:title>Enable·checks·on·notifier·call·chains</ocil:title>
84	······<ocil:actions>	78	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-ac~~cou~~nts_~~pass~~wo~~rd_pam_p~~whi~~stor~~y_remember_syste~~m_auth~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-kernel_config_debug_notifiers_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	80	······</ocil:actions>
87	····</ocil:questionnaire>	81	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-audi~~t_ru~~les_~~sysadmi~~n_actions_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_group_ocil:questionnaire:1">
89	······<ocil:title>~~Ensu~~re~~·au~~ditd·~~Collects~~·~~System~~·Administ~~rat~~or~~·Act~~ions</ocil:title>	83	······<ocil:title>Verify·Group·Who·Owns·group·File</ocil:title>
90	······<ocil:actions>	84	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-audi~~t_ru~~les_~~sysadmi~~n_actions_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_group_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	86	······</ocil:actions>
93	····</ocil:questionnaire>	87	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-file_~~permissions~~_cr~~ontab~~_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-file_owner_at_allow_ocil:questionnaire:1">
95	······<ocil:title>Verify·Per~~missio~~ns·~~on·~~cro~~ntab~~</ocil:title>	89	······<ocil:title>Verify·User·Who·Owns·/etc/at.allow·file</ocil:title>
96	······<ocil:actions>	90	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-file_~~permissions~~_cr~~ontab~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-file_owner_at_allow_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	92	······</ocil:actions>
99	····</ocil:questionnaire>	93	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-partition_~~for_srv~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_setxattr_ocil:questionnaire:1">
101	······<ocil:title>Ens~~ure~~·~~/srv~~·~~Loca~~ted·~~On·S~~eparate·Part~~ition~~</ocil:title>	95	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·setxattr</ocil:title>
102	······<ocil:actions>	96	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-partition_~~for_srv~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_setxattr_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	98	······</ocil:actions>
105	····</ocil:questionnaire>	99	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-grub2_enable_iommu_force_ocil:questionnaire:1">
107	······<ocil:title~~>IOMMU·~~con~~figurati~~o~~n·direct~~ive</ocil:title>	100	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_minlen_ocil:questionnaire:1">
		101	······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Minimum·Length</ocil:title>
108	······<ocil:actions>	102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-grub2_~~enable_iommu~~_~~forc~~e_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_minlen_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	104	······</ocil:actions>
111	····</ocil:questionnaire>	105	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-gr~~ub2~~_~~spect~~r~~e_v2_argument~~_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-kernel_config_randomize_base_ocil:questionnaire:1">
113	······<ocil:title>Enforce·Spectre·v2·mitig~~ation~~</ocil:title>	107	······<ocil:title>Randomize·the·address·of·the·kernel·image·(KASLR)</ocil:title>
114	······<ocil:actions>	108	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-gr~~ub2~~_~~spect~~r~~e_v2_argument~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-kernel_config_randomize_base_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	110	······</ocil:actions>
117	····</ocil:questionnaire>	111	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-grub2_nosmap_argument_absent_ocil:questionnaire:1">
119	······<ocil:~~title>E~~nsure·~~SMAP·~~is~~·no~~t·disable~~d·duri~~ng·boot</ocil:title>	112	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_max_log_file_action_stig_ocil:questionnaire:1">
		113	······<ocil:title>Configure·auditd·max_log_file_action·Upon·Reaching·Maximum·Log·Size</ocil:title>
120	······<ocil:actions>	114	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-~~grub2~~_nosmap_arg~~ument~~_a~~bse~~nt_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_max_log_file_action_stig_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	116	······</ocil:actions>
123	····</ocil:questionnaire>	117	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-sys~~ctl_fs~~_~~suid_dumpable~~_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-sshd_set_loglevel_info_ocil:questionnaire:1">
Max diff block lines reached; 867096/879309 bytes (98.61%) of diff not shown.


Offset 3, 2971 lines modified		Offset 3, 2971 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-~~chronyd_~~r~~un_as_ch~~rony_~~user~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-file_ownership_library_dirs_ocil:questionnaire:1">
		11	······<ocil:title>Verify·that·Shared·Library·Files·Have·Root·Ownership</ocil:title>
11	······<ocil:title>Ensure·that·chronyd·is·running·under·chrony·user·account</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-chronyd_run_as_chrony_user_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-file_permissions_unauthorized_sgid_ocil:questionnaire:1">
17	······<ocil:title>Ensure·All·SGID·Executables·Are·Authorized</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-file_~~permi~~ssions_~~unautho~~ri~~zed~~_~~sgid~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-file_ownership_library_dirs_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-~~audit_rul~~e~~s_dac~~_~~mod~~i~~ficati~~o~~n_chown~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-package_ypbind_removed_ocil:questionnaire:1">
23	······<ocil:title>Reco~~rd·E~~ve~~nts·that·Modify~~·the·S~~ystem's~~·~~Discr~~eti~~onary·Acc~~e~~ss·Co~~nt~~rols·-·chown~~</ocil:title>	17	······<ocil:title>Remove·NIS·Client</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~audit_rul~~e~~s_dac~~_~~mod~~i~~ficati~~o~~n_chown~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-package_ypbind_removed_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-a~~udit~~_rules_time~~_st~~ime_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-sshd_set_keepalive_ocil:questionnaire:1">
29	······<ocil:title>Re~~cor~~d·~~Attempts·~~to·Al~~ter·T~~ime·Through·st~~ime~~</ocil:title>	23	······<ocil:title>Set·SSH·Client·Alive·Count·Max</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-a~~udit~~_rules_time~~_st~~ime_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-sshd_set_keepalive_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-~~file_p~~erm~~ission~~s_una~~uthor~~i~~zed_sui~~d_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-package_gnutls-utils_installed_ocil:questionnaire:1">
35	······<ocil:title>Ensure·~~All·SUID·Exec~~utables·Are·A~~uthoriz~~ed</ocil:title>	29	······<ocil:title>Ensure·gnutls-utils·is·installed</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~file_p~~erm~~ission~~s_una~~uthor~~i~~zed_sui~~d_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-package_gnutls-utils_installed_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-~~sys~~ctl_ne~~t_ipv4~~_conf_de~~faul~~t_~~send~~_r~~edi~~rects_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_hourly_ocil:questionnaire:1">
41	······<ocil:title>~~Disable·~~Ker~~nel~~·~~Paramet~~er·fo~~r·Sendi~~n~~g·ICMP~~·~~Redire~~cts·on~~·all·IPv4·Inte~~r~~faces·by·Defau~~lt</ocil:title>	35	······<ocil:title>Verify·Owner·on·cron.hourly</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~sys~~ctl_ne~~t_ipv4~~_conf_de~~faul~~t_~~send~~_r~~edi~~rects_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-file_owner_cron_hourly_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-s~~ervice~~_oddj~~obd_d~~is~~abled~~_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-sudo_add_requiretty_ocil:questionnaire:1">
47	······<ocil:title>Disable·Odd·Job·Daemon·(o~~ddjobd)~~</ocil:title>	41	······<ocil:title>Ensure·Only·Users·Logged·In·To·Real·tty·Can·Execute·Sudo·-·sudo·requiretty</ocil:title>
48	······<ocil:actions>	42	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-s~~ervice~~_oddj~~obd_d~~is~~abled~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-sudo_add_requiretty_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	44	······</ocil:actions>
51	····</ocil:questionnaire>	45	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-accounts_max_concurrent_login_sessions_ocil:questionnaire:1">
53	······<ocil:title>Li~~mit·th~~e·~~Number·of·Conc~~urre~~nt·L~~o~~gin·Se~~ss~~ion~~s·Allowed·Per~~·Us~~e~~r</~~ocil:title>	46	····<ocil:questionnaire·id="ocil:ssg-grub2_spec_store_bypass_disable_argument_ocil:questionnaire:1">
		47	······<ocil:title>Configure·Speculative·Store·Bypass·Mitigation</ocil:title>
54	······<ocil:actions>	48	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-a~~ccount~~s~~_max_c~~o~~ncurrent~~_~~login~~_~~sessio~~ns_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-grub2_spec_store_bypass_disable_argument_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	50	······</ocil:actions>
57	····</ocil:questionnaire>	51	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-~~set~~_password_hashing_a~~lgori~~th~~m_s~~y~~stemau~~th_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-dir_perms_world_writable_sticky_bits_ocil:questionnaire:1">
59	······<ocil:title>Set·~~PAM''s~~·~~Passw~~ord·Ha~~shing·Algor~~ithm</ocil:title>	53	······<ocil:title>Verify·that·All·World-Writable·Directories·Have·Sticky·Bits·Set</ocil:title>
60	······<ocil:actions>	54	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~set~~_password_hashing_a~~lgori~~th~~m_s~~y~~stemau~~th_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-dir_perms_world_writable_sticky_bits_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	56	······</ocil:actions>
63	····</ocil:questionnaire>	57	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-accounts_r~~oot~~_gid_zero_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-accounts_password_minlen_login_defs_ocil:questionnaire:1">
65	······<ocil:title>Ve~~rify·R~~oot·~~Has~~·A·~~Primary·GID·0~~</ocil:title>	59	······<ocil:title>Set·Password·Minimum·Length·in·login.defs</ocil:title>
66	······<ocil:actions>	60	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-accounts_r~~oot~~_gid_zero_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-accounts_password_minlen_login_defs_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	62	······</ocil:actions>
69	····</ocil:questionnaire>	63	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_adjtimex_ocil:questionnaire:1">
71	······<ocil:ti~~tle>Recor~~d~~·attempt~~s~~·to·al~~t~~er·time·through·~~a~~djtimex</~~ocil:title>	64	····<ocil:questionnaire·id="ocil:ssg-account_passwords_pam_faillock_dir_ocil:questionnaire:1">
		65	······<ocil:title>Account·Lockouts·Must·Persist</ocil:title>
72	······<ocil:actions>	66	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-a~~udi~~t_~~rule~~s_time_a~~djtimex~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-account_passwords_pam_faillock_dir_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	68	······</ocil:actions>
75	····</ocil:questionnaire>	69	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-postfix_client_configure_mail_alias_postmaster_ocil:questionnaire:1">
77	······<ocil:t~~itle>C~~onf~~igu~~re·S~~ystem·to·Forw~~ard·Al~~l·Ma~~il~~·From·P~~o~~stmaster·to·Th~~e~~·Ro~~ot~~·Acco~~u~~nt</~~o~~cil:title~~>	70	····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_renameat_ocil:questionnaire:1">
		71	······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·renameat</ocil:title>
78	······<ocil:actions>	72	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-po~~stf~~ix_~~cli~~ent_~~con~~fi~~gur~~e~~_ma~~il_~~alia~~s_~~post~~master_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_renameat_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	74	······</ocil:actions>
81	····</ocil:questionnaire>	75	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-file_permissions_ssh~~d_pub~~_~~key~~_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-file_permissions_unauthorized_sgid_ocil:questionnaire:1">
83	······<ocil:title>~~Verify·Perm~~issi~~ons~~·~~on·S~~S~~H·Serv~~e~~r·Pu~~blic·*~~.pub·Key·F~~iles</ocil:title>	77	······<ocil:title>Ensure·All·SGID·Executables·Are·Authorized</ocil:title>
84	······<ocil:actions>	78	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-file_permissions_ssh~~d_pub~~_~~key~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-file_permissions_unauthorized_sgid_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	80	······</ocil:actions>
87	····</ocil:questionnaire>	81	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-~~kerne~~l~~_config_debug_~~sg_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-sshd_limit_user_access_ocil:questionnaire:1">
89	······<ocil:title>~~Enable·checks~~·on·s~~catt~~er~~-gath~~er·(SG)·~~table·op~~e~~ratio~~ns</ocil:title>	83	······<ocil:title>Limit·Users'·SSH·Access</ocil:title>
90	······<ocil:actions>	84	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~kerne~~l~~_config_debug_~~sg_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-sshd_limit_user_access_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	86	······</ocil:actions>
93	····</ocil:questionnaire>	87	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-~~file_~~gr~~oupowner~~_cron~~_daily~~_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-grub2_l1tf_argument_ocil:questionnaire:1">
95	······<ocil:title>~~Ver~~ify·~~Group·Who~~·~~Owns~~·~~cron.da~~ily</ocil:title>	89	······<ocil:title>Configure·L1·Terminal·Fault·mitigations</ocil:title>
96	······<ocil:actions>	90	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~file_~~gr~~oupowner~~_cron~~_daily~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-grub2_l1tf_argument_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	92	······</ocil:actions>
99	····</ocil:questionnaire>	93	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-~~packag~~e_~~telnet_remov~~ed_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-service_qpidd_disabled_ocil:questionnaire:1">
101	······<ocil:title>~~Remov~~e·te~~lnet~~·~~Clients~~</ocil:title>	95	······<ocil:title>Disable·Apache·Qpid·(qpidd)</ocil:title>
102	······<ocil:actions>	96	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_~~telnet_remov~~ed_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-service_qpidd_disabled_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	98	······</ocil:actions>
105	····</ocil:questionnaire>	99	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-~~conf~~igure_b~~ind~~_~~crypto_po~~licy_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-service_ufw_enabled_ocil:questionnaire:1">
107	······<ocil:title>~~Configu~~re~~·BIND·to~~·u~~se·Syst~~em·~~Crypto·Po~~licy</ocil:title>	101	······<ocil:title>Verify·ufw·Enabled</ocil:title>
108	······<ocil:actions>	102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~conf~~igure_b~~ind~~_~~crypto_po~~licy_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-service_ufw_enabled_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	104	······</ocil:actions>
111	····</ocil:questionnaire>	105	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-sshd_di~~sable~~_gssapi_a~~uth~~_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-sshd_print_last_log_ocil:questionnaire:1">
113	······<ocil:title>Disable·GSSAPI·Au~~the~~ntication</ocil:title>	107	······<ocil:title>Enable·SSH·Print·Last·Log</ocil:title>
114	······<ocil:actions>	108	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-sshd_di~~sable~~_gssapi_a~~uth~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-sshd_print_last_log_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	110	······</ocil:actions>
117	····</ocil:questionnaire>	111	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-file~~_own~~e~~r_cr~~on_daily_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-service_autofs_disabled_ocil:questionnaire:1">
119	······<ocil:title>~~Verify·Own~~er·on~~·cr~~o~~n.daily~~</ocil:title>	113	······<ocil:title>Disable·the·Automounter</ocil:title>
120	······<ocil:actions>	114	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-file~~_own~~e~~r_cr~~on_daily_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-service_autofs_disabled_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	116	······</ocil:actions>
123	····</ocil:questionnaire>	117	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-dir_~~own~~ership~~_li~~b~~rary_dirs~~_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-service_ip6tables_enabled_ocil:questionnaire:1">
125	······<ocil:title>Verify·~~tha~~t~~·Sh~~a~~red·Li~~br~~ary~~·~~Directori~~es·Have·~~Root·Ow~~n~~ership~~</ocil:title>	119	······<ocil:title>Verify·ip6tables·Enabled·if·Using·IPv6</ocil:title>
Max diff block lines reached; 859678/872013 bytes (98.59%) of diff not shown.


Offset 3, 5259 lines modified		Offset 3, 5259 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-service_nftables_disabled_ocil:questionnaire:1">
11	······<ocil:title>Verify·nftables·Service·is·Disabled</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-service_nftables_disabled_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-sshd_disab~~le_~~root_~~login~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-no_rsh_trust_files_ocil:questionnaire:1">
17	······<ocil:title>D~~isabl~~e·~~SSH~~·~~Roo~~t·~~Login~~</ocil:title>	11	······<ocil:title>Remove·Rsh·Trust·Files</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-sshd_disab~~le_~~root_~~login~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-no_rsh_trust_files_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-~~timer~~_~~logr~~o~~tate_enabl~~ed_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_lcredit_ocil:questionnaire:1">
23	······<ocil:title>En~~abl~~e·logrotate·~~Tim~~er</ocil:title>	17	······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Minimum·Lowercase·Characters</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~timer~~_~~logr~~o~~tate_enabl~~ed_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_lcredit_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-~~sys~~ctl_ne~~t_ipv4~~_conf_de~~faul~~t_secure_~~red~~irects_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-file_owner_etc_shells_ocil:questionnaire:1">
29	······<ocil:title>~~Configure·~~Ker~~nel~~·~~Parameter~~·for·~~Accep~~ting·~~Secu~~re·~~Redir~~ects~~·By~~·~~Def~~ault</ocil:title>	23	······<ocil:title>Verify·Who·Owns·/etc/shells·File</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~sys~~ctl_ne~~t_ipv4~~_conf_de~~faul~~t_secure_~~red~~irects_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-file_owner_etc_shells_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_~~ipv6~~_~~conf~~_~~def~~ault_accep~~t_r~~a_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_yama_ptrace_scope_ocil:questionnaire:1">
35	······<ocil:title>Dis~~able·Ac~~cept~~ing~~·~~Rout~~er·A~~dver~~ti~~sem~~ents·on·al~~l·IPv6·I~~nt~~erfa~~ces~~·by·~~De~~faul~~t</ocil:title>	29	······<ocil:title>Restrict·usage·of·ptrace·to·descendant·processes</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-sysctl_net_~~ipv6~~_~~conf~~_~~def~~ault_accep~~t_r~~a_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-sysctl_kernel_yama_ptrace_scope_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-no_f~~orwa~~rd~~_fil~~es_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-package_vsftpd_removed_ocil:questionnaire:1">
41	······<ocil:title>Verif~~y·No·.forwar~~d·~~Files·Exist~~</ocil:title>	35	······<ocil:title>Uninstall·vsftpd·Package</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-no_f~~orwa~~rd~~_fil~~es_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-package_vsftpd_removed_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-package_talk-server_removed_ocil:questionnaire:1">
47	······<ocil:title~~>Un~~insta~~ll·~~t~~alk-~~ser~~ver·P~~ackage</ocil:title>	40	····<ocil:questionnaire·id="ocil:ssg-accounts_passwords_pam_faillock_deny_root_ocil:questionnaire:1">
		41	······<ocil:title>Configure·the·root·Account·for·Failed·Password·Attempts</ocil:title>
48	······<ocil:actions>	42	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-pa~~ckage~~_ta~~lk-server~~_re~~moved~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-accounts_passwords_pam_faillock_deny_root_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	44	······</ocil:actions>
51	····</ocil:questionnaire>	45	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-~~sys~~ctl~~_ker~~nel_r~~and~~o~~miz~~e_va~~_space~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_daily_ocil:questionnaire:1">
53	······<ocil:title>~~Enab~~le~~·Rando~~mized·L~~ayout~~·of·Vir~~tual·Ad~~d~~ress·Space~~</ocil:title>	47	······<ocil:title>Verify·Owner·on·cron.daily</ocil:title>
54	······<ocil:actions>	48	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~sys~~ctl~~_ker~~nel_r~~and~~o~~miz~~e_va~~_space~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-file_owner_cron_daily_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	50	······</ocil:actions>
57	····</ocil:questionnaire>	51	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-~~aud~~it_~~rules_d~~a~~c_m~~odif~~icat~~i~~on_~~lse~~txatt~~r_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-no_forward_files_ocil:questionnaire:1">
59	······<ocil:title>Recor~~d·Events·that·Mod~~ify~~·the~~·~~System~~'s·D~~isc~~r~~etio~~nary·~~Acc~~e~~ss·Control~~s·-·~~lse~~txattr</ocil:title>	53	······<ocil:title>Verify·No·.forward·Files·Exist</ocil:title>
60	······<ocil:actions>	54	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~aud~~it_~~rules_d~~a~~c_m~~odif~~icat~~i~~on_~~lse~~txatt~~r_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-no_forward_files_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	56	······</ocil:actions>
63	····</ocil:questionnaire>	57	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-file_~~group~~owner~~_backup~~_etc_gshadow_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-file_owner_etc_gshadow_ocil:questionnaire:1">
65	······<ocil:title>Verify·G~~roup~~·Who·Owns~~·Backup~~·gshadow·File</ocil:title>	59	······<ocil:title>Verify·User·Who·Owns·gshadow·File</ocil:title>
66	······<ocil:actions>	60	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-file_~~group~~owner~~_backup~~_etc_gshadow_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-file_owner_etc_gshadow_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	62	······</ocil:actions>
69	····</ocil:questionnaire>	63	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-f~~ile_groupowner~~_etc_motd_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-accounts_umask_etc_login_defs_ocil:questionnaire:1">
71	······<ocil:title>~~Verify~~·Gr~~oup~~·Owne~~rship~~·~~of·Mes~~sage·of·the·~~Day·Ba~~nner</ocil:title>	65	······<ocil:title>Ensure·the·Default·Umask·is·Set·Correctly·in·login.defs</ocil:title>
72	······<ocil:actions>	66	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-f~~ile_groupowner~~_etc_motd_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-accounts_umask_etc_login_defs_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	68	······</ocil:actions>
75	····</ocil:questionnaire>	69	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_dmesg_restrict_ocil:questionnaire:1">
77	······<ocil:tit~~le>Restr~~i~~ct·A~~ccess~~·to·K~~e~~rne~~l~~·Mess~~a~~ge·Bu~~ffer</ocil:title>	70	····<ocil:questionnaire·id="ocil:ssg-firewalld_loopback_traffic_trusted_ocil:questionnaire:1">
		71	······<ocil:title>Configure·Firewalld·to·Trust·Loopback·Traffic</ocil:title>
78	······<ocil:actions>	72	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~sysct~~l_~~kernel~~_~~dmesg~~_restrict_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-firewalld_loopback_traffic_trusted_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	74	······</ocil:actions>
81	····</ocil:questionnaire>	75	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-~~package_ypser~~v_removed_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-mount_option_dev_shm_nodev_ocil:questionnaire:1">
83	······<ocil:title>~~Uninstall~~·yp~~serv~~·~~Package~~</ocil:title>	77	······<ocil:title>Add·nodev·Option·to·/dev/shm</ocil:title>
84	······<ocil:actions>	78	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~package_ypser~~v_removed_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nodev_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	80	······</ocil:actions>
87	····</ocil:questionnaire>	81	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-rs~~yslog_fi~~les_per~~miss~~ions_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_x11_forwarding_ocil:questionnaire:1">
89	······<ocil:title>~~Ensure·~~Sys~~tem·Log·~~Files·H~~ave~~·Corr~~ect·~~Per~~mis~~sions</ocil:title>	83	······<ocil:title>Disable·X11·Forwarding</ocil:title>
90	······<ocil:actions>	84	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-rs~~yslog_fi~~les_per~~miss~~ions_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-sshd_disable_x11_forwarding_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	86	······</ocil:actions>
93	····</ocil:questionnaire>	87	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_enforce_root_ocil:questionnaire:1">
95	······<ocil:~~title>E~~nsure·~~PAM·Enforces·Passwo~~r~~d·Requi~~r~~ements·-·Enfo~~rce·fo~~r·root·Us~~e~~r</~~o~~cil:title~~>	88	····<ocil:questionnaire·id="ocil:ssg-file_groupownership_audit_binaries_ocil:questionnaire:1">
		89	······<ocil:title>Verify·that·audit·tools·are·owned·by·group·root</ocil:title>
96	······<ocil:actions>	90	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~accounts_~~p~~assword_~~p~~am_enforce_~~r~~oot~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-file_groupownership_audit_binaries_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	92	······</ocil:actions>
99	····</ocil:questionnaire>	93	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_send_redirects_ocil:questionnaire:1">
101	······<ocil:~~title>Dis~~able·~~Kernel·Paramet~~er·for~~·Sen~~ding·~~ICMP·R~~edir~~ect~~s·o~~n·all·IPv4·I~~nte~~rfa~~ces~~·by·D~~e~~fau~~lt</o~~cil:title~~>	94	····<ocil:questionnaire·id="ocil:ssg-network_nmcli_permissions_ocil:questionnaire:1">
		95	······<ocil:title>Prevent·non-Privileged·Users·from·Modifying·Network·Interfaces·using·nmcli</ocil:title>
102	······<ocil:actions>	96	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~sysctl_~~net~~_ipv4_~~conf_de~~fau~~lt_se~~nd_~~r~~edirect~~s_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-network_nmcli_permissions_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	98	······</ocil:actions>
105	····</ocil:questionnaire>	99	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-file_groupownership_audit_configuration_ocil:questionnaire:1">
107	······<ocil:~~title>~~Audit·Conf~~igu~~rati~~on·F~~iles·Mu~~st·Be·Owned·By·Gr~~o~~up·root</~~o~~cil:title~~>	100	····<ocil:questionnaire·id="ocil:ssg-sudo_custom_logfile_ocil:questionnaire:1">
		101	······<ocil:title>Ensure·Sudo·Logfile·Exists·-·sudo·logfile</ocil:title>
108	······<ocil:actions>	102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~file_gr~~oupo~~wnership~~_audit_conf~~igurat~~ion_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-sudo_custom_logfile_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	104	······</ocil:actions>
111	····</ocil:questionnaire>	105	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-~~file_p~~er~~miss~~i~~ons_backup_etc_p~~a~~ssw~~d_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-package_audispd-plugins_installed_ocil:questionnaire:1">
113	······<ocil:title>~~Verify·Perm~~is~~sions·o~~n·Back~~up·p~~a~~sswd·Fi~~le</ocil:title>	107	······<ocil:title>Install·audispd-plugins·Package</ocil:title>
114	······<ocil:actions>	108	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~file_p~~er~~miss~~i~~ons_backup_etc_p~~a~~ssw~~d_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-package_audispd-plugins_installed_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	110	······</ocil:actions>
117	····</ocil:questionnaire>	111	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-accoun~~ts_use~~r_dot_~~gro~~up_ow~~nership~~_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-dconf_db_up_to_date_ocil:questionnaire:1">
119	······<ocil:title>User·~~Ini~~ti~~alizati~~on·~~Fil~~es·Must·Be·~~Group-Owne~~d·By·The~~·Primary·Group~~</ocil:title>	113	······<ocil:title>Make·sure·that·the·dconf·databases·are·up-to-date·with·regards·to·respective·keyfiles</ocil:title>
120	······<ocil:actions>	114	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-accoun~~ts_use~~r_dot_~~gro~~up_ow~~nership~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-dconf_db_up_to_date_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	116	······</ocil:actions>
123	····</ocil:questionnaire>	117	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-~~rpm~~_verify_own~~ership~~_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_umount_ocil:questionnaire:1">
Max diff block lines reached; 1008370/1020884 bytes (98.77%) of diff not shown.


Offset 3, 7075 lines modified		Offset 3, 6783 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-file_~~owner_cr~~on_ho~~urly~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-file_permissions_unauthorized_suid_ocil:questionnaire:1">
		11	······<ocil:title>Ensure·All·SUID·Executables·Are·Authorized</ocil:title>
11	······<ocil:title>Verify·Owner·on·cron.hourly</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-file_owner_cron_hourly_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-package_aide_installed_ocil:questionnaire:1">
17	······<ocil:title>Install·AIDE</ocil:title>
18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-package_aide_installed_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>
21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-chronyd_specify_remote_server_ocil:questionnaire:1">
23	······<ocil:title>A·remote·time·server·for·Chrony·is·configured</ocil:title>
24	······<ocil:actions>	12	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~chronyd_spec~~ify_~~remo~~t~~e_s~~e~~rver~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-file_permissions_unauthorized_suid_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	14	······</ocil:actions>
27	····</ocil:questionnaire>	15	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-~~par~~t~~ition~~_~~for~~_~~dev~~_~~shm~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-accounts_umask_etc_login_defs_ocil:questionnaire:1">
29	······<ocil:title>Ensure·/de~~v/sh~~m·is·confi~~gur~~ed</ocil:title>	17	······<ocil:title>Ensure·the·Default·Umask·is·Set·Correctly·in·login.defs</ocil:title>
30	······<ocil:actions>	18	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~par~~t~~ition~~_~~for~~_~~dev~~_~~shm~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-accounts_umask_etc_login_defs_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	20	······</ocil:actions>
33	····</ocil:questionnaire>	21	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-~~aud~~it_~~rules~~_media_~~export~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-service_squid_disabled_ocil:questionnaire:1">
35	······<ocil:title>Ens~~ure·~~a~~uditd·Co~~lle~~cts·Information·on~~·~~Export~~i~~ng·to·Me~~d~~ia·(successful)~~</ocil:title>	23	······<ocil:title>Disable·Squid</ocil:title>
36	······<ocil:actions>	24	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~aud~~it_~~rules~~_media_~~export~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-service_squid_disabled_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	26	······</ocil:actions>
39	····</ocil:questionnaire>	27	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-no~~_shelllog~~in~~_for_~~s~~ystem~~a~~ccounts~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-accounts_polyinstantiated_tmp_ocil:questionnaire:1">
41	······<ocil:title>Ensure·t~~hat·Sy~~st~~em·Accou~~nts·Do~~·No~~t·Run·a~~·Sh~~e~~ll·~~Upo~~n·Login~~</ocil:title>	29	······<ocil:title>Configure·Polyinstantiation·of·/tmp·Directories</ocil:title>
42	······<ocil:actions>	30	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-no~~_shelllog~~in~~_for_~~s~~ystem~~a~~ccounts~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-accounts_polyinstantiated_tmp_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	32	······</ocil:actions>
45	····</ocil:questionnaire>	33	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-~~par~~tition_for~~_tmp~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_send_redirects_ocil:questionnaire:1">
47	······<ocil:title>Ensure·/tmp·Lo~~cat~~ed·On·Separate·Part~~ition~~</ocil:title>	35	······<ocil:title>Disable·Kernel·Parameter·for·Sending·ICMP·Redirects·on·all·IPv4·Interfaces</ocil:title>
48	······<ocil:actions>	36	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~par~~tition_for~~_tmp~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_send_redirects_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	38	······</ocil:actions>
51	····</ocil:questionnaire>	39	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-serv~~ice~~_ip6t~~ables~~_~~enabl~~ed_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-grub2_spectre_v2_argument_ocil:questionnaire:1">
53	······<ocil:title>Verif~~y·ip6tabl~~es·~~Enabled~~·if·~~Usin~~g~~·IPv6~~</ocil:title>	41	······<ocil:title>Enforce·Spectre·v2·mitigation</ocil:title>
54	······<ocil:actions>	42	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-serv~~ice~~_ip6t~~ables~~_~~enabl~~ed_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-grub2_spectre_v2_argument_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	44	······</ocil:actions>
57	····</ocil:questionnaire>	45	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-kernel_config_~~randomize~~_me~~mory~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-kernel_config_acpi_custom_method_ocil:questionnaire:1">
59	······<ocil:title>Random~~ize~~·the·kernel·me~~mory~~·~~sec~~tions</ocil:title>	47	······<ocil:title>Do·not·allow·ACPI·methods·to·be·inserted/replaced·at·run·time</ocil:title>
60	······<ocil:actions>	48	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-kernel_config_~~randomize~~_me~~mory~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-kernel_config_acpi_custom_method_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	50	······</ocil:actions>
63	····</ocil:questionnaire>	51	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-audit_privileged_commands_shutdown_ocil:questionnaire:1">
65	······<ocil:~~title>E~~nsure·~~aud~~itd·Col~~lect~~s~~·Inform~~at~~ion·~~on·~~the·Us~~e~~·of·Privi~~leged·Comm~~ands·-·~~shutdown</ocil:~~title~~>	52	····<ocil:questionnaire·id="ocil:ssg-package_logrotate_installed_ocil:questionnaire:1">
		53	······<ocil:title>Ensure·logrotate·is·Installed</ocil:title>
66	······<ocil:actions>	54	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~audit_~~pri~~vile~~ged_co~~mmands~~_~~shu~~t~~down~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-package_logrotate_installed_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	56	······</ocil:actions>
69	····</ocil:questionnaire>	57	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-servi~~ce_yp~~serv_disa~~ble~~d_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_passwd_ocil:questionnaire:1">
71	······<ocil:title>Di~~sabl~~e~~·yp~~s~~erv~~·~~Serv~~ice</ocil:title>	59	······<ocil:title>Verify·Permissions·on·passwd·File</ocil:title>
72	······<ocil:actions>	60	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-servi~~ce_yp~~serv_disa~~ble~~d_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_passwd_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	62	······</ocil:actions>
75	····</ocil:questionnaire>	63	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-fi~~le_~~owner_~~var~~_lo~~g_sysl~~og_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-accounts_tmout_ocil:questionnaire:1">
77	······<ocil:title>Veri~~fy·Us~~er~~·Who·Owns·/~~v~~ar/log/~~syslog·File</ocil:title>	65	······<ocil:title>Set·Interactive·Session·Timeout</ocil:title>
78	······<ocil:actions>	66	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-fi~~le_~~owner_~~var~~_lo~~g_sysl~~og_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-accounts_tmout_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	68	······</ocil:actions>
81	····</ocil:questionnaire>	69	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-kernel_config_debug_credentials_ocil:questionnaire:1">
83	······<ocil:~~title>E~~nable·~~che~~cks~~·on·credentia~~l~~·manag~~e~~ment</~~ocil:title>	70	····<ocil:questionnaire·id="ocil:ssg-rsyslog_files_ownership_ocil:questionnaire:1">
		71	······<ocil:title>Ensure·Log·Files·Are·Owned·By·Appropriate·User</ocil:title>
84	······<ocil:actions>	72	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-kern~~el_c~~o~~nfi~~g_~~debug~~_c~~red~~en~~tials~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-rsyslog_files_ownership_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	74	······</ocil:actions>
87	····</ocil:questionnaire>	75	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-~~audit_rules_~~kernel_mo~~dule~~_lo~~ading~~_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-kernel_config_proc_kcore_ocil:questionnaire:1">
89	······<ocil:title>Ens~~ure·~~a~~uditd·Co~~llects·~~Inf~~ormat~~ion·on~~·Ker~~nel~~·~~Module·L~~o~~ading·and·Unl~~o~~adi~~ng</ocil:title>	77	······<ocil:title>Disable·support·for·/proc/kkcore</ocil:title>
90	······<ocil:actions>	78	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~audit_rules_~~kernel_mo~~dule~~_lo~~ading~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-kernel_config_proc_kcore_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	80	······</ocil:actions>
93	····</ocil:questionnaire>	81	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-file_per~~missions~~_~~una~~u~~thor~~ized_s~~uid~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_key_ocil:questionnaire:1">
95	······<ocil:title>~~Ens~~ure~~·All~~·SU~~ID·Ex~~e~~cutables~~·Are·Autho~~riz~~ed</ocil:title>	83	······<ocil:title>Specify·module·signing·key·to·use</ocil:title>
96	······<ocil:actions>	84	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-file_per~~missions~~_~~una~~u~~thor~~ized_s~~uid~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_key_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	86	······</ocil:actions>
99	····</ocil:questionnaire>	87	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-pa~~rtitio~~n~~_for~~_var_l~~og_au~~dit_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-sshd_enable_strictmodes_ocil:questionnaire:1">
101	······<ocil:title>En~~sur~~e·/v~~ar/l~~o~~g/audi~~t·Locat~~ed·On~~·~~Separat~~e·P~~artit~~ion</ocil:title>	89	······<ocil:title>Enable·Use·of·Strict·Mode·Checking</ocil:title>
102	······<ocil:actions>	90	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-pa~~rtitio~~n~~_for~~_var_l~~og_au~~dit_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-sshd_enable_strictmodes_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	92	······</ocil:actions>
105	····</ocil:questionnaire>	93	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-audit_rules_mac_modification_usr_share_ocil:questionnaire:1">
107	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·th~~at·M~~odi~~fy·the·Sy~~stem~~'s·Mandatory·Acc~~ess·Control~~s·i~~n·usr/s~~hare~~</o~~cil:title~~>	94	····<ocil:questionnaire·id="ocil:ssg-service_smb_disabled_ocil:questionnaire:1">
		95	······<ocil:title>Disable·Samba</ocil:title>
108	······<ocil:actions>	96	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~audi~~t_r~~ules~~_~~mac~~_mod~~ificat~~i~~on_u~~sr_~~share~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-service_smb_disabled_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	98	······</ocil:actions>
111	····</ocil:questionnaire>	99	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-file_permissions_var_log_messages_ocil:questionnaire:1">
113	······<ocil:ti~~tle>V~~eri~~fy·Permi~~ssions·o~~n·/var/l~~o~~g/me~~s~~sag~~e~~s·F~~ile</o~~cil:title~~>	100	····<ocil:questionnaire·id="ocil:ssg-selinux_not_disabled_ocil:questionnaire:1">
		101	······<ocil:title>Ensure·SELinux·is·Not·Disabled</ocil:title>
114	······<ocil:actions>	102	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~file_~~pe~~rmis~~sion~~s_v~~ar_log_mes~~sag~~es_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-selinux_not_disabled_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	104	······</ocil:actions>
117	····</ocil:questionnaire>	105	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_rp_filter_ocil:questionnaire:1">
119	······<ocil:title>E~~nable·Ke~~rnel·~~Parameter·to·U~~s~~e·Rev~~erse~~·Path~~·Filteri~~ng·~~on~~·all·IPv4·In~~terfa~~ces·by·Defa~~u~~lt</~~o~~cil:title~~>	106	····<ocil:questionnaire·id="ocil:ssg-file_permissions_systemmap_ocil:questionnaire:1">
		107	······<ocil:title>Verify·Permissions·on·System.map·Files</ocil:title>
120	······<ocil:actions>	108	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-sy~~sctl~~_net_ipv~~4_c~~onf_~~defaul~~t~~_rp_filter~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-file_permissions_systemmap_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	110	······</ocil:actions>
123	····</ocil:questionnaire>	111	····</ocil:questionnaire>
Max diff block lines reached; 996632/1008642 bytes (98.81%) of diff not shown.


Offset 3, 4741 lines modified		Offset 3, 4741 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_all_accept_source_route_ocil:questionnaire:1">
11	······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Source-Routed·Packets·on·all·IPv6·Interfaces</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-ke~~rnel~~_~~config~~_~~module~~_~~sig~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-sshd_enable_gssapi_auth_ocil:questionnaire:1">
17	······<ocil:title>Enable·~~module~~·~~signa~~ture·verification</ocil:title>	11	······<ocil:title>Enable·GSSAPI·Authentication</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-ke~~rnel~~_~~config~~_~~module~~_~~sig~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-sshd_enable_gssapi_auth_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-grub2_~~passw~~ord_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_group_ocil:questionnaire:1">
23	······<ocil:title>Se~~t·Boot·Loader~~·~~Pas~~sword~~·in~~·g~~rub2~~</ocil:title>	17	······<ocil:title>Verify·Group·Who·Owns·group·File</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-grub2_~~passw~~ord_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_group_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_truncate_ocil:questionnaire:1">
29	······<ocil:~~title>Reco~~rd·~~Unsu~~c~~ces~~s~~ful·Ac~~ce~~ss·At~~temp~~ts·t~~o~~·Fil~~e~~s·-·~~t~~run~~cate</ocil:title>	22	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_accept_redirects_ocil:questionnaire:1">
		23	······<ocil:title>Disable·Kernel·Parameter·for·Accepting·ICMP·Redirects·by·Default·on·IPv4·Interfaces</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~audi~~t_~~rul~~es_~~unsuc~~cessf~~ul_~~file_~~modifica~~t~~ion_t~~runcate_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_accept_redirects_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_ftruncate_ocil:questionnaire:1">
35	······<ocil:~~title>Reco~~rd·~~Unsu~~ccessful~~·Acce~~ss~~·Attempts·to·Files·-·ftruncat~~e</o~~cil:title~~>	28	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_group_ocil:questionnaire:1">
		29	······<ocil:title>Verify·Permissions·on·Backup·group·File</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-audi~~t_ru~~les_un~~succe~~ss~~ful_f~~i~~le_m~~od~~ific~~a~~tion~~_ft~~runcate~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_group_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-~~file_~~permissions_~~etc~~_shadow_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-partition_for_var_log_audit_ocil:questionnaire:1">
41	······<ocil:title>Ver~~ify·Perm~~i~~ssi~~ons·on·sha~~dow~~·File</ocil:title>	35	······<ocil:title>Ensure·/var/log/audit·Located·On·Separate·Partition</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~file_~~permissions_~~etc~~_shadow_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-partition_for_var_log_audit_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-ensure_gpgcheck_globally_activated_ocil:questionnaire:1">
47	······<ocil:~~title>E~~nsure·~~gpg~~c~~heck·Enab~~led·~~In·Ma~~i~~n·yum·Confi~~guration</ocil:title>	40	····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_gshadow_ocil:questionnaire:1">
		41	······<ocil:title>Verify·Permissions·on·gshadow·File</ocil:title>
48	······<ocil:actions>	42	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-en~~sur~~e_gp~~gch~~e~~ck_globally_activ~~a~~ted~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_gshadow_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	44	······</ocil:actions>
51	····</ocil:questionnaire>	45	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-fi~~le_groupowner~~s~~hip_~~au~~dit~~_co~~nfig~~uration_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-disable_host_auth_ocil:questionnaire:1">
53	······<ocil:title>~~Audit·Con~~figura~~tion·F~~iles·Must·B~~e·O~~wned·~~By·Group·ro~~ot</ocil:title>	47	······<ocil:title>Disable·Host-Based·Authentication</ocil:title>
54	······<ocil:actions>	48	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-fi~~le_groupowner~~s~~hip_~~au~~dit~~_co~~nfig~~uration_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-disable_host_auth_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	50	······</ocil:actions>
57	····</ocil:questionnaire>	51	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-g~~nom~~e_g~~dm_disable_xdmcp~~_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_var_log_ocil:questionnaire:1">
59	······<ocil:title>Di~~sable·XDMCP~~·in·GDM</ocil:title>	53	······<ocil:title>Verify·Group·Who·Owns·/var/log·Directory</ocil:title>
60	······<ocil:actions>	54	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-g~~nom~~e_g~~dm_disable_xdmcp~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-file_groupowner_var_log_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	56	······</ocil:actions>
63	····</ocil:questionnaire>	57	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-file_pe~~rmissions~~_cron_d_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
65	······<ocil:title>Verify·Per~~missio~~ns·on·cr~~on.d~~</ocil:title>	59	······<ocil:title>Verify·User·Who·Owns·/var/log·Directory</ocil:title>
66	······<ocil:actions>	60	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-file_pe~~rmissions~~_cron_d_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	62	······</ocil:actions>
69	····</ocil:questionnaire>	63	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~sshd_s~~e~~t_max_sessions~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-configure_crypto_policy_ocil:questionnaire:1">
71	······<ocil:title>~~Set~~·SSH·~~MaxSessions~~·limit</ocil:title>	65	······<ocil:title>Configure·System·Cryptography·Policy</ocil:title>
72	······<ocil:actions>	66	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~sshd_s~~e~~t_max_sessions~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-configure_crypto_policy_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	68	······</ocil:actions>
75	····</ocil:questionnaire>	69	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-~~audi~~td_lo~~cal~~_e~~vents~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-no_empty_passwords_etc_shadow_ocil:questionnaire:1">
77	······<ocil:title>Include·~~Local~~·Events·in·Au~~dit·L~~ogs</ocil:title>	71	······<ocil:title>Ensure·There·Are·No·Accounts·With·Blank·or·Null·Passwords</ocil:title>
78	······<ocil:actions>	72	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~audi~~td_lo~~cal~~_e~~vents~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-no_empty_passwords_etc_shadow_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	74	······</ocil:actions>
81	····</ocil:questionnaire>	75	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_~~def~~ault_secure_r~~edi~~r~~ect~~s_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_all_accept_ra_ocil:questionnaire:1">
83	······<ocil:title>Configure·~~Kernel·Parame~~te~~r·fo~~r·Accepti~~ng·Secure·Redirects~~·~~By·De~~fa~~ult~~</ocil:title>	77	······<ocil:title>Configure·Accepting·Router·Advertisements·on·All·IPv6·Interfaces</ocil:title>
84	······<ocil:actions>	78	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_~~def~~ault_secure_r~~edi~~r~~ect~~s_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_all_accept_ra_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	80	······</ocil:actions>
87	····</ocil:questionnaire>	81	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-serv~~ice~~_~~sshd~~_dis~~abled~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_kptr_restrict_ocil:questionnaire:1">
89	······<ocil:title>Dis~~able~~·~~SSH~~·Server·~~If·Po~~ss~~ibl~~e</ocil:title>	83	······<ocil:title>Restrict·Exposed·Kernel·Pointer·Addresses·Access</ocil:title>
90	······<ocil:actions>	84	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-serv~~ice~~_~~sshd~~_dis~~abled~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-sysctl_kernel_kptr_restrict_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	86	······</ocil:actions>
93	····</ocil:questionnaire>	87	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-dire~~cto~~r~~y_p~~er~~miss~~ions_~~var_~~l~~og_a~~udit_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-service_auditd_enabled_ocil:questionnaire:1">
95	······<ocil:title>~~System~~·Audi~~t·Logs·Mus~~t~~·Have·Mo~~d~~e·0750·or·Less~~·Per~~mis~~sive</ocil:title>	89	······<ocil:title>Enable·auditd·Service</ocil:title>
96	······<ocil:actions>	90	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-dire~~cto~~r~~y_p~~er~~miss~~ions_~~var_~~l~~og_a~~udit_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-service_auditd_enabled_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	92	······</ocil:actions>
99	····</ocil:questionnaire>	93	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-file_gro~~upowner~~_c~~ron_~~d_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_shadow_ocil:questionnaire:1">
101	······<ocil:title>Verify·Group·~~Who·Own~~s~~·cr~~o~~n.d~~</ocil:title>	95	······<ocil:title>Verify·Permissions·on·Backup·shadow·File</ocil:title>
102	······<ocil:actions>	96	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-file_gro~~upowner~~_c~~ron_~~d_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_shadow_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	98	······</ocil:actions>
105	····</ocil:questionnaire>	99	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_rp_filter_ocil:questionnaire:1">
107	······<ocil:title>E~~nable·Ke~~rnel·P~~arameter·to·U~~se·Reverse~~·Pa~~th~~·Fil~~ter~~ing·on·~~all~~·IPv4·Interfac~~es</o~~cil:title~~>	100	····<ocil:questionnaire·id="ocil:ssg-service_httpd_disabled_ocil:questionnaire:1">
		101	······<ocil:title>Disable·httpd·Service</ocil:title>
108	······<ocil:actions>	102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-s~~ysctl_n~~e~~t_i~~pv4_c~~onf_all~~_~~rp_fi~~lter_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-service_httpd_disabled_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	104	······</ocil:actions>
111	····</ocil:questionnaire>	105	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-audit_rules_kernel_module_loading_init_ocil:questionnaire:1">
113	······<ocil:~~title>E~~nsure·~~aud~~itd·Co~~lle~~c~~ts·Informati~~on·o~~n·Ke~~rne~~l·Mo~~d~~ule·L~~o~~ading·-·in~~it_~~mod~~u~~le</~~o~~cil:title~~>	106	····<ocil:questionnaire·id="ocil:ssg-configure_bind_crypto_policy_ocil:questionnaire:1">
		107	······<ocil:title>Configure·BIND·to·use·System·Crypto·Policy</ocil:title>
114	······<ocil:actions>	108	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-a~~udit_r~~ules_kernel_~~module~~_lo~~ading~~_init_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-configure_bind_crypto_policy_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	110	······</ocil:actions>
117	····</ocil:questionnaire>	111	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-sud~~oers~~_no~~_root~~_tar~~get~~_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-sshd_set_loglevel_verbose_ocil:questionnaire:1">
119	······<ocil:title>~~Don't·tar~~get·r~~oot~~·user·in·the~~·sud~~o~~ers·file~~</ocil:title>	113	······<ocil:title>Set·SSH·Daemon·LogLevel·to·VERBOSE</ocil:title>
120	······<ocil:actions>	114	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-sud~~oers~~_no~~_root~~_tar~~get~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-sshd_set_loglevel_verbose_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	116	······</ocil:actions>
123	····</ocil:questionnaire>	117	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-security_~~patche~~s_up_~~to_dat~~e_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-service_rdisc_disabled_ocil:questionnaire:1">
Max diff block lines reached; 995562/1008004 bytes (98.77%) of diff not shown.


Offset 19, 27 lines modified		Offset 19, 27 lines modified
19	····</ds:checklists>	19	····</ds:checklists>
20	····<ds:checks>	20	····<ds:checks>
21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-rhel10-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-rhel10-oval.xml"/>	21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-rhel10-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-rhel10-oval.xml"/>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-rhel10-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-rhel10-ocil.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-rhel10-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-rhel10-ocil.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-rhel10-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-rhel10-cpe-oval.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-rhel10-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-rhel10-cpe-oval.xml"/>
24	····</ds:checks>	24	····</ds:checks>
25	··</ds:data-stream>	25	··</ds:data-stream>
26	··<ds:component·id="scap_org.open-scap_comp_ssg-rhel10-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	26	··<ds:component·id="scap_org.open-scap_comp_ssg-rhel10-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28	······<cpe-dict:cpe-item·name="cpe:/o:redhat:enterprise_linux:10">	28	······<cpe-dict:cpe-item·name="cpe:/o:redhat:enterprise_linux:10">
29	········<cpe-dict:title·xml:lang="en-us">Red·Hat·Enterprise·Linux·10</cpe-dict:title>	29	········<cpe-dict:title·xml:lang="en-us">Red·Hat·Enterprise·Linux·10</cpe-dict:title>
30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml">oval:ssg-installed_OS_is_rhel10:def:1</cpe-dict:check>	30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml">oval:ssg-installed_OS_is_rhel10:def:1</cpe-dict:check>
31	······</cpe-dict:cpe-item>	31	······</cpe-dict:cpe-item>
32	······<cpe-dict:cpe-item·name="cpe:/o:centos:centos:10">	32	······<cpe-dict:cpe-item·name="cpe:/o:centos:centos:10">
33	········<cpe-dict:title·xml:lang="en-us">CentOS·Stream·10</cpe-dict:title>	33	········<cpe-dict:title·xml:lang="en-us">CentOS·Stream·10</cpe-dict:title>
34	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml">oval:ssg-installed_OS_is_centos10:def:1</cpe-dict:check>	34	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml">oval:ssg-installed_OS_is_centos10:def:1</cpe-dict:check>
35	······</cpe-dict:cpe-item>	35	······</cpe-dict:cpe-item>
36	····</cpe-dict:cpe-list>	36	····</cpe-dict:cpe-list>
37	··</ds:component>	37	··</ds:component>
38	··<ds:component·id="scap_org.open-scap_comp_ssg-rhel10-xccdf.xml"·timestamp="2025-02-28T20:08:00">	38	··<ds:component·id="scap_org.open-scap_comp_ssg-rhel10-xccdf.xml"·timestamp="2025-03-01T22:08:00">
39	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-10"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	39	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-10"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
40	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	40	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
41	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·10</xccdf-1.2:title>	41	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·10</xccdf-1.2:title>
42	······<xccdf-1.2:description>	42	······<xccdf-1.2:description>
43	········This·guide·presents·a·catalog·of·security-relevant	43	········This·guide·presents·a·catalog·of·security-relevant
44	configuration·settings·for·Red·Hat·Enterprise·Linux·10.·It·is·a·rendering·of	44	configuration·settings·for·Red·Hat·Enterprise·Linux·10.·It·is·a·rendering·of
45	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	45	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 366, 25 lines modified		Offset 366, 25 lines modified
366	··········</cpe-lang:logical-test>	366	··········</cpe-lang:logical-test>
367	········</cpe-lang:platform>	367	········</cpe-lang:platform>
368	········<cpe-lang:platform·id="package_bash">	368	········<cpe-lang:platform·id="package_bash">
369	··········<cpe-lang:logical-test·operator="AND"·negate="false">	369	··········<cpe-lang:logical-test·operator="AND"·negate="false">
370	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>	370	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>
371	··········</cpe-lang:logical-test>	371	··········</cpe-lang:logical-test>
372	········</cpe-lang:platform>	372	········</cpe-lang:platform>
373	········<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">
374	··········<cpe-lang:logical-test·operator="AND"·negate="false">
375	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>
376	··········</cpe-lang:logical-test>
377	········</cpe-lang:platform>
378	········<cpe-lang:platform·id="os_linux_rhel_gt_or_eq_8_7_and_os_linux_rhel_ne_9_0">	373	········<cpe-lang:platform·id="os_linux_rhel_gt_or_eq_8_7_and_os_linux_rhel_ne_9_0">
379	··········<cpe-lang:logical-test·operator="AND"·negate="false">	374	··········<cpe-lang:logical-test·operator="AND"·negate="false">
380	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_gt_or_eq_8_7:def:1"/>	375	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_gt_or_eq_8_7:def:1"/>
381	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_ne_9_0:def:1"/>	376	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_ne_9_0:def:1"/>
382	··········</cpe-lang:logical-test>	377	··········</cpe-lang:logical-test>
383	········</cpe-lang:platform>	378	········</cpe-lang:platform>
		379	········<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">
		380	··········<cpe-lang:logical-test·operator="AND"·negate="false">
		381	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>
		382	··········</cpe-lang:logical-test>
		383	········</cpe-lang:platform>
384	········<cpe-lang:platform·id="not_s390x_arch">	384	········<cpe-lang:platform·id="not_s390x_arch">
385	··········<cpe-lang:logical-test·operator="AND"·negate="false">	385	··········<cpe-lang:logical-test·operator="AND"·negate="false">
386	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/>	386	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/>
387	··········</cpe-lang:logical-test>	387	··········</cpe-lang:logical-test>
388	········</cpe-lang:platform>	388	········</cpe-lang:platform>
389	········<cpe-lang:platform·id="package_tmux">	389	········<cpe-lang:platform·id="package_tmux">
390	··········<cpe-lang:logical-test·operator="AND"·negate="false">	390	··········<cpe-lang:logical-test·operator="AND"·negate="false">
Offset 213008, 15 lines modified		Offset 213008, 15 lines modified
213008	··············<xccdf-1.2:check-content-ref·href="ssg-rhel10-ocil.xml"·name="ocil:ssg-audit_perm_change_success_ppc64le_ocil:questionnaire:1"/>	213008	··············<xccdf-1.2:check-content-ref·href="ssg-rhel10-ocil.xml"·name="ocil:ssg-audit_perm_change_success_ppc64le_ocil:questionnaire:1"/>
213009	············</xccdf-1.2:check>	213009	············</xccdf-1.2:check>
213010	··········</xccdf-1.2:Rule>	213010	··········</xccdf-1.2:Rule>
213011	········</xccdf-1.2:Group>	213011	········</xccdf-1.2:Group>
213012	······</xccdf-1.2:Group>	213012	······</xccdf-1.2:Group>
213013	····</xccdf-1.2:Benchmark>	213013	····</xccdf-1.2:Benchmark>
213014	··</ds:component>	213014	··</ds:component>
213015	··<ds:component·id="scap_org.open-scap_comp_ssg-rhel10-oval.xml"·timestamp="2025-02-28T20:08:00">	213015	··<ds:component·id="scap_org.open-scap_comp_ssg-rhel10-oval.xml"·timestamp="2025-03-01T22:08:00">
213016	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	213016	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
213017	······<oval-def:generator>	213017	······<oval-def:generator>
213018	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	213018	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
213019	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.5</oval:product_version>	213019	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.5</oval:product_version>
213020	········<oval:schema_version>5.11</oval:schema_version>	213020	········<oval:schema_version>5.11</oval:schema_version>
213021	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	213021	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>
213022	······</oval-def:generator>	213022	······</oval-def:generator>
Offset 261685, 6855 lines modified		Offset 261685, 6855 lines modified
261685	············</oval-def:arithmetic>	261685	············</oval-def:arithmetic>
261686	············<oval-def:variable_component·var_ref="oval:ssg-var_third_digit_of_umask_from_var_accounts_user_umask:var:1"/>	261686	············<oval-def:variable_component·var_ref="oval:ssg-var_third_digit_of_umask_from_var_accounts_user_umask:var:1"/>
261687	··········</oval-def:arithmetic>	261687	··········</oval-def:arithmetic>
261688	········</oval-def:local_variable>	261688	········</oval-def:local_variable>
261689	······</oval-def:variables>	261689	······</oval-def:variables>
261690	····</oval-def:oval_definitions>	261690	····</oval-def:oval_definitions>
261691	··</ds:component>	261691	··</ds:component>
261692	··<ds:component·id="scap_org.open-scap_comp_ssg-rhel10-ocil.xml"·timestamp="2025-02-28T20:08:00">	261692	··<ds:component·id="scap_org.open-scap_comp_ssg-rhel10-ocil.xml"·timestamp="2025-03-01T22:08:00">
261693	····<ocil:ocil>	261693	····<ocil:ocil>
261694	······<ocil:generator>	261694	······<ocil:generator>
261695	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	261695	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
261696	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>	261696	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>
261697	········<ocil:schema_version>2.0</ocil:schema_version>	261697	········<ocil:schema_version>2.0</ocil:schema_version>
261698	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	261698	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
261699	······</ocil:generator>	261699	······</ocil:generator>
261700	······<ocil:questionnaires>	261700	······<ocil:questionnaires>
		261701	········<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_unix_rounds_system_auth_ocil:questionnaire:1">
		261702	··········<ocil:title>Set·number·of·Password·Hashing·Rounds·-·system-auth</ocil:title>
261701	········<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_sudoers_ocil:questionnaire:1">
261702	··········<ocil:title>Verify·Permissions·On·/etc/sudoers·File</ocil:title>
261703	··········<ocil:actions>
261704	············<ocil:test_action_ref>ocil:ssg-file_permissions_etc_sudoers_action:testaction:1</ocil:test_action_ref>
261705	··········</ocil:actions>
261706	········</ocil:questionnaire>
261707	········<ocil:questionnaire·id="ocil:ssg-grub2_audit_backlog_limit_argument_ocil:questionnaire:1">
261708	··········<ocil:title>Extend·Audit·Backlog·Limit·for·the·Audit·Daemon</ocil:title>
261709	··········<ocil:actions>
261710	············<ocil:test_action_ref>ocil:ssg-grub2_audit_backlog_limit_argument_action:testaction:1</ocil:test_action_ref>
261711	··········</ocil:actions>
261712	········</ocil:questionnaire>
261713	········<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_ip_local_port_range_ocil:questionnaire:1">
261714	··········<ocil:title>Set·Kernel·Parameter·to·Increase·Local·Port·Range</ocil:title>
261715	··········<ocil:actions>
261716	············<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_ip_local_port_range_action:testaction:1</ocil:test_action_ref>
261717	··········</ocil:actions>
261718	········</ocil:questionnaire>
261719	········<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_motd_ocil:questionnaire:1">
261720	··········<ocil:title>Verify·Group·Ownership·of·Message·of·the·Day·Banner</ocil:title>
261721	··········<ocil:actions>	261703	··········<ocil:actions>
261722	············<ocil:test_action_ref>ocil:ssg-~~file~~_groupowner_etc_motd_action:testaction:1</ocil:test_action_ref>	261704	············<ocil:test_action_ref>ocil:ssg-accounts_password_pam_unix_rounds_system_auth_action:testaction:1</ocil:test_action_ref>
261723	··········</ocil:actions>	261705	··········</ocil:actions>
261724	········</ocil:questionnaire>	261706	········</ocil:questionnaire>
261725	········<ocil:questionnaire·id="ocil:ssg-~~jou~~r~~nald~~_sto~~rage~~_ocil:questionnaire:1">	261707	········<ocil:questionnaire·id="ocil:ssg-audit_rules_execution_chcon_ocil:questionnaire:1">
261726	··········<ocil:title>~~Ensu~~re·jour~~nal~~d~~·is~~·con~~figured·t~~o·write~~·log·file~~s·to·~~persis~~ten~~t·disk~~</ocil:title>	261708	··········<ocil:title>Record·Any·Attempts·to·Run·chcon</ocil:title>
261727	··········<ocil:actions>	261709	··········<ocil:actions>
261728	············<ocil:test_action_ref>ocil:ssg-~~jou~~r~~nald~~_sto~~rage~~_action:testaction:1</ocil:test_action_ref>	261710	············<ocil:test_action_ref>ocil:ssg-audit_rules_execution_chcon_action:testaction:1</ocil:test_action_ref>
261729	··········</ocil:actions>	261711	··········</ocil:actions>
261730	········</ocil:questionnaire>	261712	········</ocil:questionnaire>
261731	········<ocil:questionnaire·id="ocil:ssg-~~package_vsftpd_r~~e~~moved~~_ocil:questionnaire:1">	261713	········<ocil:questionnaire·id="ocil:ssg-file_cron_allow_exists_ocil:questionnaire:1">
261732	··········<ocil:title>Un~~ins~~ta~~ll·vsftpd·P~~a~~ckag~~e</ocil:title>	261714	··········<ocil:title>Ensure·that·/etc/cron.allow·exists</ocil:title>
261733	··········<ocil:actions>	261715	··········<ocil:actions>
261734	············<ocil:test_action_ref>ocil:ssg-~~package_vsftpd_r~~e~~moved~~_action:testaction:1</ocil:test_action_ref>	261716	············<ocil:test_action_ref>ocil:ssg-file_cron_allow_exists_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 2228199/2238222 bytes (99.55%) of diff not shown.


Offset 329, 25 lines modified		Offset 329, 25 lines modified
329	······</cpe-lang:logical-test>	329	······</cpe-lang:logical-test>
330	····</cpe-lang:platform>	330	····</cpe-lang:platform>
331	····<cpe-lang:platform·id="package_bash">	331	····<cpe-lang:platform·id="package_bash">
332	······<cpe-lang:logical-test·operator="AND"·negate="false">	332	······<cpe-lang:logical-test·operator="AND"·negate="false">
333	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>	333	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>
334	······</cpe-lang:logical-test>	334	······</cpe-lang:logical-test>
335	····</cpe-lang:platform>	335	····</cpe-lang:platform>
336	····<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">
337	······<cpe-lang:logical-test·operator="AND"·negate="false">
338	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>
339	······</cpe-lang:logical-test>
340	····</cpe-lang:platform>
341	····<cpe-lang:platform·id="os_linux_rhel_gt_or_eq_8_7_and_os_linux_rhel_ne_9_0">	336	····<cpe-lang:platform·id="os_linux_rhel_gt_or_eq_8_7_and_os_linux_rhel_ne_9_0">
342	······<cpe-lang:logical-test·operator="AND"·negate="false">	337	······<cpe-lang:logical-test·operator="AND"·negate="false">
343	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_gt_or_eq_8_7:def:1"/>	338	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_gt_or_eq_8_7:def:1"/>
344	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_ne_9_0:def:1"/>	339	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_ne_9_0:def:1"/>
345	······</cpe-lang:logical-test>	340	······</cpe-lang:logical-test>
346	····</cpe-lang:platform>	341	····</cpe-lang:platform>
		342	····<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">
		343	······<cpe-lang:logical-test·operator="AND"·negate="false">
		344	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>
		345	······</cpe-lang:logical-test>
		346	····</cpe-lang:platform>
347	····<cpe-lang:platform·id="not_s390x_arch">	347	····<cpe-lang:platform·id="not_s390x_arch">
348	······<cpe-lang:logical-test·operator="AND"·negate="false">	348	······<cpe-lang:logical-test·operator="AND"·negate="false">
349	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/>	349	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/>
350	······</cpe-lang:logical-test>	350	······</cpe-lang:logical-test>
351	····</cpe-lang:platform>	351	····</cpe-lang:platform>
352	····<cpe-lang:platform·id="package_tmux">	352	····<cpe-lang:platform·id="package_tmux">
353	······<cpe-lang:logical-test·operator="AND"·negate="false">	353	······<cpe-lang:logical-test·operator="AND"·negate="false">


Offset 396, 23 lines modified		Offset 396, 23 lines modified
396	······</cpe-lang:logical-test>	396	······</cpe-lang:logical-test>
397	····</cpe-lang:platform>	397	····</cpe-lang:platform>
398	····<cpe-lang:platform·id="package_bash">	398	····<cpe-lang:platform·id="package_bash">
399	······<cpe-lang:logical-test·operator="AND"·negate="false">	399	······<cpe-lang:logical-test·operator="AND"·negate="false">
400	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>	400	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>
401	······</cpe-lang:logical-test>	401	······</cpe-lang:logical-test>
402	····</cpe-lang:platform>	402	····</cpe-lang:platform>
403	····<cpe-lang:platform·id="os_linux_rhel_gt_or_eq_8_7~~_and_os_linux_rhel_ne_9_0~~">	403	····<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">
404	······<cpe-lang:logical-test·operator="AND"·negate="false">	404	······<cpe-lang:logical-test·operator="AND"·negate="false">
405	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_gt_or_eq_8_7:def:1"/>	405	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>
406	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_ne_9_0:def:1"/>
407	······</cpe-lang:logical-test>	406	······</cpe-lang:logical-test>
408	····</cpe-lang:platform>	407	····</cpe-lang:platform>
409	····<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">	408	····<cpe-lang:platform·id="os_linux_rhel_gt_or_eq_8_7_and_os_linux_rhel_ne_9_0">
410	······<cpe-lang:logical-test·operator="AND"·negate="false">	409	······<cpe-lang:logical-test·operator="AND"·negate="false">
411	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>	410	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_gt_or_eq_8_7:def:1"/>
		411	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_ne_9_0:def:1"/>
412	······</cpe-lang:logical-test>	412	······</cpe-lang:logical-test>
413	····</cpe-lang:platform>	413	····</cpe-lang:platform>
414	····<cpe-lang:platform·id="not_s390x_arch">	414	····<cpe-lang:platform·id="not_s390x_arch">
415	······<cpe-lang:logical-test·operator="AND"·negate="false">	415	······<cpe-lang:logical-test·operator="AND"·negate="false">
416	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/>	416	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/>
417	······</cpe-lang:logical-test>	417	······</cpe-lang:logical-test>
418	····</cpe-lang:platform>	418	····</cpe-lang:platform>


Offset 3, 8028 lines modified		Offset 3, 8028 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_sudoedit_ocil:questionnaire:1">
11	······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·sudoedit</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_sudoedit_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_ocil:questionnaire:1">
17	······<ocil:title>Enable·module·signature·verification</ocil:title>
18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>
21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-file_p~~ermissio~~ns_cr~~on_allow~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-display_login_attempts_ocil:questionnaire:1">
23	······<ocil:title>~~Verify~~·P~~erm~~iss~~ion~~s·on·/etc~~/cron.allow·f~~ile</ocil:title>	11	······<ocil:title>Ensure·PAM·Displays·Last·Logon/Access·Notification</ocil:title>
24	······<ocil:actions>	12	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-file_p~~ermissio~~ns_cr~~on_allow~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-display_login_attempts_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	14	······</ocil:actions>
27	····</ocil:questionnaire>	15	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-kernel_c~~onfi~~g_s~~lab~~_~~fre~~e~~list_~~hardened_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-service_sssd_enabled_ocil:questionnaire:1">
29	······<ocil:title>~~Hard~~en·slab·fre~~elist~~·met~~adata~~</ocil:title>	17	······<ocil:title>Enable·the·SSSD·Service</ocil:title>
30	······<ocil:actions>	18	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-kernel_c~~onfi~~g_s~~lab~~_~~fre~~e~~list_~~hardened_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-service_sssd_enabled_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	20	······</ocil:actions>
33	····</ocil:questionnaire>	21	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-accounts_polyinstantiated_var_tmp_ocil:questionnaire:1">
35	······<ocil:title>Co~~nfi~~gu~~re·Po~~lyins~~tantiat~~i~~on·~~of~~·/var/tm~~p~~·Di~~r~~ect~~ories</ocil:title>	22	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_open_rule_order_ocil:questionnaire:1">
		23	······<ocil:title>Ensure·auditd·Rules·For·Unauthorized·Attempts·To·open·Are·Ordered·Correctly</ocil:title>
36	······<ocil:actions>	24	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-a~~cco~~unts_polyi~~nst~~antiated_~~var~~_~~tmp~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_open_rule_order_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	26	······</ocil:actions>
39	····</ocil:questionnaire>	27	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-accou~~nts_~~p~~assword~~_~~pam~~_mi~~nclass~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-group_unique_id_ocil:questionnaire:1">
41	······<ocil:title>Ensure·PA~~M·Enf~~orces·Pa~~ssword~~·Re~~quir~~eme~~nts·-~~·Minimum·~~Diff~~er~~ent~~·~~Categori~~es</ocil:title>	29	······<ocil:title>Ensure·All·Groups·on·the·System·Have·Unique·Group·ID</ocil:title>
42	······<ocil:actions>	30	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-accou~~nts_~~p~~assword~~_~~pam~~_mi~~nclass~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-group_unique_id_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	32	······</ocil:actions>
45	····</ocil:questionnaire>	33	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-disable_users_cor~~edump~~s_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-sysctl_fs_protected_hardlinks_ocil:questionnaire:1">
47	······<ocil:title>Disable·Core·Dumps·for·All·~~User~~s</ocil:title>	35	······<ocil:title>Enable·Kernel·Parameter·to·Enforce·DAC·on·Hardlinks</ocil:title>
48	······<ocil:actions>	36	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-disable_users_cor~~edump~~s_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-sysctl_fs_protected_hardlinks_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	38	······</ocil:actions>
51	····</ocil:questionnaire>	39	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-clean_components_post_updating_ocil:questionnaire:1">
53	······<ocil:~~title>E~~nsure·d~~nf·Removes·Pr~~evious~~·Packag~~e~~·Ver~~s~~ions</~~ocil:title>	40	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_efi_user_cfg_ocil:questionnaire:1">
		41	······<ocil:title>Verify·/boot/grub2/user.cfg·Group·Ownership</ocil:title>
54	······<ocil:actions>	42	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-clea~~n_c~~omponents_p~~ost~~_u~~pdatin~~g_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-file_groupowner_efi_user_cfg_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	44	······</ocil:actions>
57	····</ocil:questionnaire>	45	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-~~package_~~sssd~~-ip~~a~~_in~~sta~~lle~~d_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-sssd_enable_smartcards_ocil:questionnaire:1">
59	······<ocil:title>Install·~~sssd-ipa~~·~~Package~~</ocil:title>	47	······<ocil:title>Enable·Smartcards·in·SSSD</ocil:title>
60	······<ocil:actions>	48	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~package_~~sssd~~-ip~~a~~_in~~sta~~lle~~d_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-sssd_enable_smartcards_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	50	······</ocil:actions>
63	····</ocil:questionnaire>	51	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-file_group~~own~~er_c~~ron_m~~ont~~hly~~_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-no_empty_passwords_ocil:questionnaire:1">
65	······<ocil:title>Ve~~rify~~·Gro~~up·Wh~~o·Owns·~~cron.~~m~~onthly~~</ocil:title>	53	······<ocil:title>Prevent·Login·to·Accounts·With·Empty·Password</ocil:title>
66	······<ocil:actions>	54	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-file_group~~own~~er_c~~ron_m~~ont~~hly~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-no_empty_passwords_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	56	······</ocil:actions>
69	····</ocil:questionnaire>	57	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~package_~~fir~~ewalld_~~in~~stalled~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-kernel_config_security_yama_ocil:questionnaire:1">
71	······<ocil:title>Install~~·fir~~e~~walld~~·~~Package~~</ocil:title>	59	······<ocil:title>Enable·Yama·support</ocil:title>
72	······<ocil:actions>	60	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~package_~~fir~~ewalld_~~in~~stalled~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-kernel_config_security_yama_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	62	······</ocil:actions>
75	····</ocil:questionnaire>	63	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-kernel_config_gcc_plugin_structleak_byref_all_ocil:questionnaire:1">
77	······<ocil:title~~>zer~~o-i~~nit·every~~thing·p~~assed·by·referenc~~e</ocil:title>	64	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_rp_filter_ocil:questionnaire:1">
		65	······<ocil:title>Enable·Kernel·Parameter·to·Use·Reverse·Path·Filtering·on·all·IPv4·Interfaces</ocil:title>
78	······<ocil:actions>	66	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~kerne~~l_config_~~gcc~~_p~~lug~~in_~~struct~~leak_~~byref_all~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_rp_filter_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	68	······</ocil:actions>
81	····</ocil:questionnaire>	69	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-~~network~~_~~sniffer_~~di~~sabled~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-aide_check_audit_tools_ocil:questionnaire:1">
83	······<ocil:title>Ensure·~~System·is~~·Not·~~Act~~ing·a~~s·a~~·Ne~~twork~~·Sn~~iffer~~</ocil:title>	71	······<ocil:title>Configure·AIDE·to·Verify·the·Audit·Tools</ocil:title>
84	······<ocil:actions>	72	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~network~~_~~sniffer_~~di~~sabled~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-aide_check_audit_tools_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	74	······</ocil:actions>
87	····</ocil:questionnaire>	75	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-mount_option_var_log_audit_nodev_ocil:questionnaire:1">
89	······<ocil:title~~>Add·n~~od~~ev·Op~~tion~~·to·/v~~ar/l~~og/audit</~~ocil:title>	76	····<ocil:questionnaire·id="ocil:ssg-audit_rules_successful_file_modification_open_by_handle_at_o_creat_ocil:questionnaire:1">
		77	······<ocil:title>Record·Successful·Creation·Attempts·to·Files·-·open_by_handle_at·O_CREAT</ocil:title>
90	······<ocil:actions>	78	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-mount_option_~~var~~_~~log_~~audit_~~nod~~ev_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-audit_rules_successful_file_modification_open_by_handle_at_o_creat_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	80	······</ocil:actions>
93	····</ocil:questionnaire>	81	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_unix_remember_ocil:questionnaire:1">
95	······<ocil:title~~>Limit·Pa~~sswor~~d·Reuse</~~ocil:title>	82	····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_daily_ocil:questionnaire:1">
		83	······<ocil:title>Verify·Owner·on·cron.daily</ocil:title>
96	······<ocil:actions>	84	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~accounts~~_~~pas~~sw~~ord~~_pa~~m_u~~nix_~~remember~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-file_owner_cron_daily_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	86	······</ocil:actions>
99	····</ocil:questionnaire>	87	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-accounts_pa~~sswor~~ds_p~~am_f~~aillock_d~~eny_roo~~t_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-grub2_page_poison_argument_ocil:questionnaire:1">
101	······<ocil:title>Con~~figure·th~~e·~~root~~·~~Acc~~ount·for·Fai~~led·Pas~~swo~~rd·Attempts~~</ocil:title>	89	······<ocil:title>Enable·page·allocator·poisoning</ocil:title>
102	······<ocil:actions>	90	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-accounts_pa~~sswor~~ds_p~~am_f~~aillock_d~~eny_roo~~t_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-grub2_page_poison_argument_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	92	······</ocil:actions>
105	····</ocil:questionnaire>	93	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-auditd_audispd_encrypt_sent_records_ocil:questionnaire:1">
107	······<ocil:~~title>E~~n~~crypt~~·~~Audit·Records·S~~e~~nt·With·audispd·Pl~~u~~gin</~~ocil:title>	94	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_efi_grub2_cfg_ocil:questionnaire:1">
		95	······<ocil:title>Verify·the·UEFI·Boot·Loader·grub.cfg·Group·Ownership</ocil:title>
108	······<ocil:actions>	96	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-auditd_a~~udis~~pd_encr~~ypt~~_sent_r~~ecords~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-file_groupowner_efi_grub2_cfg_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	98	······</ocil:actions>
111	····</ocil:questionnaire>	99	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-s~~ysctl~~_~~net~~_ip~~v6_conf~~_a~~ll_au~~toconf_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-gnome_gdm_disable_automatic_login_ocil:questionnaire:1">
113	······<ocil:title>Co~~nfigur~~e·A~~uto~~·~~Confi~~gurat~~ion·~~o~~n·All~~·IP~~v6·I~~n~~terfaces~~</ocil:title>	101	······<ocil:title>Disable·GDM·Automatic·Login</ocil:title>
114	······<ocil:actions>	102	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-s~~ysctl~~_~~net~~_ip~~v6_conf~~_a~~ll_au~~toconf_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-gnome_gdm_disable_automatic_login_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	104	······</ocil:actions>
117	····</ocil:questionnaire>	105	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-p~~ackage~~_~~MFEh~~iplsm_installed_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-kernel_config_legacy_vsyscall_emulate_ocil:questionnaire:1">
119	······<ocil:title>Install~~·th~~e·Hos~~t·Intr~~us~~ion·Prevention~~·~~Syst~~em~~·(HIPS)·M~~o~~dul~~e</ocil:title>	107	······<ocil:title>Disable·vsyscall·emulation</ocil:title>
120	······<ocil:actions>	108	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-p~~ackage~~_~~MFEh~~iplsm_installed_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-kernel_config_legacy_vsyscall_emulate_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	110	······</ocil:actions>
123	····</ocil:questionnaire>	111	····</ocil:questionnaire>
Max diff block lines reached; 2047843/2060132 bytes (99.40%) of diff not shown.


Offset 3, 749 lines modified		Offset 3, 749 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-~~bann~~e~~r_e~~tc_issue_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-service_autofs_disabled_ocil:questionnaire:1">
11	······<ocil:title>~~Modify~~·the·System·Lo~~gin·B~~anner</ocil:title>	11	······<ocil:title>Disable·the·Automounter</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-~~bann~~e~~r_e~~tc_issue_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-service_autofs_disabled_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-~~package~~_~~rsy~~nc_~~removed~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-rsyslog_cron_logging_ocil:questionnaire:1">
17	······<ocil:title>Un~~install~~·rsync·~~Package~~</ocil:title>	17	······<ocil:title>Ensure·cron·Is·Logging·To·Rsyslog</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~package~~_~~rsy~~nc_~~removed~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-rsyslog_cron_logging_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-~~rsyslog~~_~~files~~_perm~~issions~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-package_rsync_removed_ocil:questionnaire:1">
23	······<ocil:title>En~~sure·System·Log·F~~iles·Have·Cor~~rect~~·P~~ermissions~~</ocil:title>	23	······<ocil:title>Uninstall·rsync·Package</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~rsyslog~~_~~files~~_perm~~issions~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-package_rsync_removed_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_ocredit_ocil:questionnaire:1">
29	······<ocil:~~title>E~~nsure·PA~~M·Enforce~~s~~·Pa~~s~~sword·R~~equir~~ements·-·Minimum·S~~peci~~al·Character~~s</o~~cil:title~~>	28	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_rp_filter_ocil:questionnaire:1">
		29	······<ocil:title>Enable·Kernel·Parameter·to·Use·Reverse·Path·Filtering·on·all·IPv4·Interfaces·by·Default</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-ac~~cou~~nts_p~~assw~~ord_pa~~m_oc~~redit_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_rp_filter_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-~~set_passwor~~d~~_hash~~ing_a~~lgorithm~~_systemauth_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-disable_host_auth_ocil:questionnaire:1">
35	······<ocil:title>~~Set·PAM''~~s~~·Pas~~sword·~~Has~~hing·~~Algor~~ithm</ocil:title>	35	······<ocil:title>Disable·Host-Based·Authentication</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~set_passwor~~d~~_hash~~ing_a~~lgorithm~~_systemauth_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-disable_host_auth_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_dcredit_ocil:questionnaire:1">
41	······<ocil:~~title>E~~nsure·~~PAM·Enf~~orces~~·Pa~~ss~~word·R~~equire~~ment~~s~~·-·Mi~~n~~imum·Dig~~i~~t·Charact~~ers</o~~cil:title~~>	40	····<ocil:questionnaire·id="ocil:ssg-service_rsyslog_enabled_ocil:questionnaire:1">
		41	······<ocil:title>Enable·rsyslog·Service</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-a~~ccounts~~_~~pas~~sword_pa~~m_dcr~~edit_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-service_rsyslog_enabled_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_enforce_root_ocil:questionnaire:1">
47	······<ocil:~~title>E~~nsure·~~PAM·Enf~~orces~~·Pa~~ss~~word·R~~equi~~reme~~nts~~·-·Enforc~~e·fo~~r·root·Us~~e~~r</~~o~~cil:title~~>	46	····<ocil:questionnaire·id="ocil:ssg-selinux_not_disabled_ocil:questionnaire:1">
		47	······<ocil:title>Ensure·SELinux·is·Not·Disabled</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-a~~ccou~~nts_~~pass~~wo~~rd_pa~~m_~~enforc~~e~~_roo~~t_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-selinux_not_disabled_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-sudo_restrict_privilege_elevation_to_authorized_ocil:questionnaire:1">
53	······<ocil:title>T~~he·~~operating·~~system·mu~~st~~·re~~strict~~·privil~~eg~~e·e~~levation~~·to·a~~u~~thoriz~~e~~d·pers~~onn~~el</o~~cil:~~title~~>	52	····<ocil:questionnaire·id="ocil:ssg-service_sshd_enabled_ocil:questionnaire:1">
		53	······<ocil:title>Enable·the·OpenSSH·Service</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-s~~udo_r~~e~~strict_p~~rivilege_~~elevation~~_to_a~~uthor~~ized_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-service_sshd_enabled_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-sysct~~l_n~~e~~t_ipv4~~_conf~~_all_accep~~t~~_sou~~rce_ro~~ute~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-package_nfs-utils_removed_ocil:questionnaire:1">
59	······<ocil:title>Disabl~~e·Kerne~~l·~~Parameter~~·f~~or·Accep~~ti~~ng·Source-Rout~~ed·Pack~~ets·on·all·IPv4·Interf~~aces</ocil:title>	59	······<ocil:title>Uninstall·nfs-utils·Package</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-sysct~~l_n~~e~~t_ipv4~~_conf~~_all_accep~~t~~_sou~~rce_ro~~ute~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-package_nfs-utils_removed_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~fil~~e_g~~roupow~~ne~~r_etc_p~~a~~ssw~~d_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-ensure_gpgcheck_never_disabled_ocil:questionnaire:1">
65	······<ocil:title>Ve~~rify~~·~~Group~~·~~Who~~·Owns·pa~~sswd~~·File</ocil:title>	65	······<ocil:title>Ensure·gpgcheck·Enabled·for·All·dnf·Package·Repositories</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~fil~~e_g~~roupow~~ne~~r_etc_p~~a~~ssw~~d_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-ensure_gpgcheck_never_disabled_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-sshd_set_max_auth_tries_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-sshd_set_max_auth_tries_ocil:questionnaire:1">
71	······<ocil:title>Set·SSH·authentication·attempt·limit</ocil:title>	71	······<ocil:title>Set·SSH·authentication·attempt·limit</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-sshd_set_max_auth_tries_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-sshd_set_max_auth_tries_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-~~packag~~e_chrony_~~ins~~t~~alled~~_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-require_emergency_target_auth_ocil:questionnaire:1">
77	······<ocil:title>The·Chron~~y·packa~~ge~~·is~~·installed</ocil:title>	77	······<ocil:title>Require·Authentication·for·Emergency·Systemd·Target</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_chrony_~~ins~~t~~alled~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-require_emergency_target_auth_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-packa~~ge_~~ntp_installed_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_retry_ocil:questionnaire:1">
83	······<ocil:title>Inst~~all~~·the·ntp·service</ocil:title>	83	······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Authentication·Retry·Prompts·Permitted·Per-Session</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-packa~~ge_~~ntp_installed_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_retry_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-g~~rub2~~_password_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-file_permissions_ungroupowned_ocil:questionnaire:1">
89	······<ocil:title>~~Set·Boot·Load~~er·~~Pass~~word·in·gr~~ub2~~</ocil:title>	89	······<ocil:title>Ensure·All·Files·Are·Owned·by·a·Group</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-g~~rub2~~_password_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-file_permissions_ungroupowned_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-banner_~~etc_motd~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-sshd_do_not_permit_user_env_ocil:questionnaire:1">
95	······<ocil:title>Mo~~dify~~·~~the~~·S~~ystem~~·M~~essage·of·th~~e~~·Day·Ban~~ner</ocil:title>	95	······<ocil:title>Do·Not·Allow·SSH·Environment·Options</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-banner_~~etc_motd~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-sshd_do_not_permit_user_env_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-~~packa~~ge~~_tf~~tp_r~~emove~~d_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_passwd_ocil:questionnaire:1">
101	······<ocil:title>Remove·~~tftp~~·Da~~emon~~</ocil:title>	101	······<ocil:title>Verify·Group·Who·Owns·passwd·File</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~packa~~ge~~_tf~~tp_r~~emove~~d_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_passwd_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_~~uni~~x_remem~~ber~~_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_ocredit_ocil:questionnaire:1">
107	······<ocil:title>~~Limit~~·Password·Reuse</ocil:title>	107	······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Minimum·Special·Characters</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_~~uni~~x_remem~~ber~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_ocredit_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-pa~~ckage~~_~~aide~~_inst~~alle~~d_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-grub2_uefi_password_ocil:questionnaire:1">
113	······<ocil:title>Install·~~AIDE~~</ocil:title>	113	······<ocil:title>Set·the·UEFI·Boot·Loader·Password</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-pa~~ckage~~_~~aide~~_inst~~alle~~d_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-grub2_uefi_password_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-rsyslog_cron_logging_ocil:questionnaire:1">
119	······<ocil:~~title>E~~nsure·c~~ron·I~~s~~·Logg~~in~~g·T~~o~~·Rsysl~~o~~g</~~ocil:title>	118	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1">
		119	······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Source-Routed·Packets·on·all·IPv4·Interfaces</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-rsyslog_cron_lo~~gging~~_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	122	······</ocil:actions>
123	····</ocil:questionnaire>	123	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_retry_ocil:questionnaire:1">
Max diff block lines reached; 218158/230404 bytes (94.68%) of diff not shown.