/usr/bin/diffoscope --timeout 7200 --html /srv/reproducible-results/rbuild-debian/r-b-build.Sv2UvbQD/scap-security-guide_0.1.76-1.diffoscope.html --text /srv/reproducible-results/rbuild-debian/r-b-build.Sv2UvbQD/scap-security-guide_0.1.76-1.diffoscope.txt --json /srv/reproducible-results/rbuild-debian/r-b-build.Sv2UvbQD/scap-security-guide_0.1.76-1.diffoscope.json --profile=- /srv/reproducible-results/rbuild-debian/r-b-build.Sv2UvbQD/b1/scap-security-guide_0.1.76-1_arm64.changes /srv/reproducible-results/rbuild-debian/r-b-build.Sv2UvbQD/b2/scap-security-guide_0.1.76-1

⊟

93.7 MB

/srv/reproducible-results/rbuild-debian/r-b-build.Sv2UvbQD/b1/scap-security-guide_0.1.76-1_arm64.changes vs.

/srv/reproducible-results/rbuild-debian/r-b-build.Sv2UvbQD/b2/scap-security-guide_0.1.76-1_arm64.changes ¶

⊟

824 B

Files ¶

⊟

428 KB

ssg-applications_0.1.76-1_all.deb ¶

⊟

367 B

file list ¶

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

428 KB

data.tar.xz ¶

⊟

428 KB

data.tar ¶

⊟

78.7 KB

⊟

78.6 KB

⊟

70.1 KB

⊟

70.0 KB

Ordering differences only

⊟

91.7 KB

⊟

91.6 KB

⊟

83.1 KB

⊟

83.0 KB

Ordering differences only

⊟

55.7 KB

⊟

55.6 KB

⊟

48.6 KB

⊟

48.5 KB

Ordering differences only

⊟

9.94 MB

ssg-debderived_0.1.76-1_all.deb ¶

⊟

452 B

file list ¶

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

9.94 MB

data.tar.xz ¶

⊟

9.94 MB

data.tar ¶

⊟

698 KB

⊟

698 KB

⊟

664 KB

⊟

664 KB

Ordering differences only

⊟

725 KB

⊟

725 KB

⊟

690 KB

⊟

690 KB

Ordering differences only

⊟

1.37 MB

⊟

1.37 MB

⊟

1.31 MB

⊟

1.31 MB

Ordering differences only

⊟

1.43 MB

⊟

1.42 MB

⊟

1.36 MB

⊟

1.36 MB

Ordering differences only

⊟

924 KB

⊟

924 KB

⊟

881 KB

⊟

881 KB

Ordering differences only

⊟

3.73 MB

ssg-debian_0.1.76-1_all.deb ¶

⊟

367 B

file list ¶

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

3.73 MB

data.tar.xz ¶

⊟

3.73 MB

data.tar ¶

⊟

734 KB

⊟

734 KB

⊟

699 KB

⊟

699 KB

Ordering differences only

⊟

1.19 MB

⊟

1.19 MB

⊟

1.14 MB

⊟

1.14 MB

Ordering differences only

⊟

79.6 MB

ssg-nondebian_0.1.76-1_all.deb ¶

⊟

452 B

file list ¶

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

79.6 MB

data.tar.xz ¶

⊟

79.6 MB

data.tar ¶

⊟

3.49 KB

⊟

1.87 KB

⊟

3.21 KB

⊟

2.48 KB

⊟

3.49 KB

⊟

2.0 KB

⊟

6.48 KB

⊟

5.11 KB

⊟

3.56 KB

⊟

2.07 KB

⊟

1.31 KB

⊟

1.18 KB

⊟

1.12 KB

⊟

999 B

⊟

1.12 KB

⊟

999 B

⊟

754 KB

⊟

754 KB

⊟

718 KB

⊟

718 KB

Ordering differences only

⊟

899 KB

⊟

899 KB

⊟

857 KB

⊟

857 KB

Ordering differences only

⊟

897 KB

⊟

896 KB

⊟

855 KB

⊟

855 KB

Ordering differences only

⊟

1.02 MB

⊟

1.02 MB

⊟

1000 KB

⊟

1000 KB

Ordering differences only

⊟

1.01 MB

⊟

1.01 MB

⊟

988 KB

⊟

988 KB

Ordering differences only

⊟

1.01 MB

⊟

1.01 MB

⊟

985 KB

⊟

985 KB

Ordering differences only

⊟

3.42 MB

⊟

3.42 MB

⊟

2.3 KB

⊟

2.19 KB

Ordering differences only

⊟

2.16 MB

⊟

2.16 MB

⊟

2.29 KB

⊟

2.19 KB

Ordering differences only

⊟

3.28 MB

⊟

3.28 MB

⊟

2.28 KB

⊟

2.18 KB

Ordering differences only

⊟

2.05 MB

⊟

2.05 MB

⊟

1.97 MB

⊟

1.97 MB

Ordering differences only

⊟

244 KB

⊟

243 KB

⊟

228 KB

⊟

228 KB

Ordering differences only

⊟

5.76 KB

⊟

5.65 KB

⊟

882 KB

⊟

882 KB

⊟

845 KB

⊟

845 KB

Ordering differences only

⊟

1.81 MB

⊟

1.81 MB

⊟

1.74 MB

⊟

1.74 MB

Ordering differences only

⊟

2.19 MB

⊟

2.19 MB

⊟

2.1 MB

⊟

2.1 MB

Ordering differences only

⊟

2.28 KB

⊟

2.18 KB

Ordering differences only

⊟

2.59 MB

⊟

2.59 MB

⊟

2.48 MB

⊟

2.48 MB

Ordering differences only

⊟

2.06 MB

⊟

2.06 MB

⊟

1.97 MB

⊟

1.97 MB

Ordering differences only

⊟

2.47 KB

⊟

2.37 KB

Ordering differences only

⊟

940 KB

⊟

940 KB

⊟

896 KB

⊟

895 KB

Ordering differences only

⊟

557 KB

⊟

557 KB

⊟

529 KB

⊟

529 KB

Ordering differences only

⊟

676 KB

⊟

676 KB

⊟

643 KB

⊟

643 KB

Ordering differences only

⊟

1.6 MB

⊟

1.6 MB

⊟

1.54 MB

⊟

1.54 MB

Ordering differences only

⊟

2.16 MB

⊟

2.16 MB

⊟

2.05 MB

⊟

2.05 MB

Ordering differences only

⊟

2.3 KB

⊟

2.2 KB

Ordering differences only

⊟

3.42 MB

⊟

3.42 MB

⊟

3.28 MB

⊟

3.28 MB

Ordering differences only

⊟

2.29 KB

⊟

2.19 KB

Ordering differences only

⊟

3.27 MB

⊟

3.27 MB

⊟

3.14 MB

⊟

3.14 MB

Ordering differences only

⊟

2.29 KB

⊟

2.19 KB

Ordering differences only

⊟

1.57 MB

⊟

1.57 MB

⊟

1.5 MB

⊟

1.5 MB

Ordering differences only

⊟

1.79 MB

⊟

1.79 MB

⊟

1.71 MB

⊟

1.71 MB

Ordering differences only

⊟

2.49 KB

⊟

2.39 KB

Ordering differences only

⊟

1.88 MB

⊟

1.88 MB

⊟

1.8 MB

⊟

1.8 MB

Ordering differences only

⊟

1.01 MB

⊟

1.01 MB

⊟

985 KB

⊟

985 KB

Ordering differences only


Offset 1, 6 lines modified		Offset 1, 6 lines modified

1	·~~5c7fc~~0861da07~~24c3b9c581~~dabb6~~1e59~~·153736·admin·optional·ssg-applications_0.1.76-1_all.deb	1	·29368b30f466df009e7a66775dd60b9a·153748·admin·optional·ssg-applications_0.1.76-1_all.deb
2	·ea0c1f19113a8a6c0a6e8b10e8e208a9·32632·admin·optional·ssg-base_0.1.76-1_all.deb	2	·ea0c1f19113a8a6c0a6e8b10e8e208a9·32632·admin·optional·ssg-base_0.1.76-1_all.deb
3	·7fa024acaab020a5524de10ea54b1961·3725596·admin·optional·ssg-debderived_0.1.76-1_all.deb
4	·c75ab2fa0ea0b629f363d3588cd658a2·1232464·admin·optional·ssg-debian_0.1.76-1_all.deb
5	·8561079919ce~~903d0~~a49f8b3~~f6dd2760~~·371~~00756~~·admin·optional·ssg-~~non~~debian_0.1.76-1_all.deb	3	·b706962ed402fa46e2d8a483c9aea4f5·3725380·admin·optional·ssg-debderived_0.1.76-1_all.deb
		4	·13b5ac8064457eed9641b83294552ed4·1232392·admin·optional·ssg-debian_0.1.76-1_all.deb
		5	·d3cab936bf2112cb82dbda6755bdc811·37100432·admin·optional·ssg-nondebian_0.1.76-1_all.deb


Offset 1, 3 lines modified		Offset 1, 3 lines modified
1	-rw-r--r--···0········0········0········4·2025-03-01·08:08:00.000000·debian-binary	1	-rw-r--r--···0········0········0········4·2025-03-01·08:08:00.000000·debian-binary
2	-rw-r--r--···0········0········0·····1728·2025-03-01·08:08:00.000000·control.tar.xz	2	-rw-r--r--···0········0········0·····1728·2025-03-01·08:08:00.000000·control.tar.xz
3	-rw-r--r--···0········0········0···151816·2025-03-01·08:08:00.000000·data.tar.xz	3	-rw-r--r--···0········0········0···151828·2025-03-01·08:08:00.000000·data.tar.xz


Offset 19, 23 lines modified		Offset 19, 23 lines modified
19	····</ds:checklists>	19	····</ds:checklists>
20	····<ds:checks>	20	····<ds:checks>
21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-oval.xml"/>	21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-oval.xml"/>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-ocil.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-ocil.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-cpe-oval.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-cpe-oval.xml"/>
24	····</ds:checks>	24	····</ds:checks>
25	··</ds:data-stream>	25	··</ds:data-stream>
26	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	26	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28	······<cpe-dict:cpe-item·name="cpe:/a:google:chromium-browser">	28	······<cpe-dict:cpe-item·name="cpe:/a:google:chromium-browser">
29	········<cpe-dict:title·xml:lang="en-us">Google·Chromium·Browser</cpe-dict:title>	29	········<cpe-dict:title·xml:lang="en-us">Google·Chromium·Browser</cpe-dict:title>
30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-chromium-cpe-oval.xml">oval:ssg-installed_app_is_chromium:def:1</cpe-dict:check>	30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-chromium-cpe-oval.xml">oval:ssg-installed_app_is_chromium:def:1</cpe-dict:check>
31	······</cpe-dict:cpe-item>	31	······</cpe-dict:cpe-item>
32	····</cpe-dict:cpe-list>	32	····</cpe-dict:cpe-list>
33	··</ds:component>	33	··</ds:component>
34	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-xccdf.xml"·timestamp="2025-02-28T20:08:00">	34	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-xccdf.xml"·timestamp="2025-03-01T22:08:00">
35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>	37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>
38	······<xccdf-1.2:description>	38	······<xccdf-1.2:description>
39	········This·guide·presents·a·catalog·of·security-relevant	39	········This·guide·presents·a·catalog·of·security-relevant
40	configuration·settings·for·Chromium.·It·is·a·rendering·of	40	configuration·settings·for·Chromium.·It·is·a·rendering·of
41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 1675, 15 lines modified		Offset 1675, 15 lines modified
1675	··········<xccdf-1.2:check·system="http://scap.nist.gov/schema/ocil/2">	1675	··········<xccdf-1.2:check·system="http://scap.nist.gov/schema/ocil/2">
1676	············<xccdf-1.2:check-content-ref·href="ssg-chromium-ocil.xml"·name="ocil:ssg-chromium_whitelist_plugin_urls_ocil:questionnaire:1"/>	1676	············<xccdf-1.2:check-content-ref·href="ssg-chromium-ocil.xml"·name="ocil:ssg-chromium_whitelist_plugin_urls_ocil:questionnaire:1"/>
1677	··········</xccdf-1.2:check>	1677	··········</xccdf-1.2:check>
1678	········</xccdf-1.2:Rule>	1678	········</xccdf-1.2:Rule>
1679	······</xccdf-1.2:Group>	1679	······</xccdf-1.2:Group>
1680	····</xccdf-1.2:Benchmark>	1680	····</xccdf-1.2:Benchmark>
1681	··</ds:component>	1681	··</ds:component>
1682	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-oval.xml"·timestamp="2025-02-28T20:08:00">	1682	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-oval.xml"·timestamp="2025-03-01T22:08:00">
1683	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	1683	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
1684	······<oval-def:generator>	1684	······<oval-def:generator>
1685	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	1685	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
1686	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>	1686	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>
1687	········<oval:schema_version>5.11</oval:schema_version>	1687	········<oval:schema_version>5.11</oval:schema_version>
1688	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	1688	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>
1689	······</oval-def:generator>	1689	······</oval-def:generator>
Offset 2539, 360 lines modified		Offset 2539, 360 lines modified
2539	········<oval-def:external_variable·id="oval:ssg-var_enable_encrypted_searching:var:1"·version="1"·datatype="string"·comment="Expected·search·provider·name"/>	2539	········<oval-def:external_variable·id="oval:ssg-var_enable_encrypted_searching:var:1"·version="1"·datatype="string"·comment="Expected·search·provider·name"/>
2540	········<oval-def:external_variable·id="oval:ssg-var_extension_whitelist:var:1"·version="1"·datatype="string"·comment="Expected·approved·extensions"/>	2540	········<oval-def:external_variable·id="oval:ssg-var_extension_whitelist:var:1"·version="1"·datatype="string"·comment="Expected·approved·extensions"/>
2541	········<oval-def:external_variable·id="oval:ssg-var_auth_schema:var:1"·version="1"·datatype="string"·comment="Expected·HTTP·authentication·type"/>	2541	········<oval-def:external_variable·id="oval:ssg-var_auth_schema:var:1"·version="1"·datatype="string"·comment="Expected·HTTP·authentication·type"/>
2542	········<oval-def:external_variable·id="oval:ssg-var_trusted_home_page:var:1"·version="1"·datatype="string"·comment="Expected·home·page"/>	2542	········<oval-def:external_variable·id="oval:ssg-var_trusted_home_page:var:1"·version="1"·datatype="string"·comment="Expected·home·page"/>
2543	······</oval-def:variables>	2543	······</oval-def:variables>
2544	····</oval-def:oval_definitions>	2544	····</oval-def:oval_definitions>
2545	··</ds:component>	2545	··</ds:component>
2546	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-ocil.xml"·timestamp="2025-02-28T20:08:00">	2546	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-ocil.xml"·timestamp="2025-03-01T22:08:00">
2547	····<ocil:ocil>	2547	····<ocil:ocil>
2548	······<ocil:generator>	2548	······<ocil:generator>
2549	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	2549	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
2550	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>	2550	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>
2551	········<ocil:schema_version>2.0</ocil:schema_version>	2551	········<ocil:schema_version>2.0</ocil:schema_version>
2552	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	2552	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
2553	······</ocil:generator>	2553	······</ocil:generator>
2554	······<ocil:questionnaires>	2554	······<ocil:questionnaires>
2555	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~incognito_m~~ode_ocil:questionnaire:1">	2555	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_saved_passwords_ocil:questionnaire:1">
2556	··········<ocil:title>Disable·~~Incognito·M~~ode</ocil:title>	2556	··········<ocil:title>Disable·Saved·Passwords</ocil:title>
2557	··········<ocil:actions>	2557	··········<ocil:actions>
2558	············<ocil:test_action_ref>ocil:ssg-chromium_disable_~~incognito_m~~ode_action:testaction:1</ocil:test_action_ref>	2558	············<ocil:test_action_ref>ocil:ssg-chromium_disable_saved_passwords_action:testaction:1</ocil:test_action_ref>
2559	··········</ocil:actions>	2559	··········</ocil:actions>
2560	········</ocil:questionnaire>	2560	········</ocil:questionnaire>
2561	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~cloud~~_pr~~int_sharing~~_ocil:questionnaire:1">	2561	········<ocil:questionnaire·id="ocil:ssg-chromium_default_search_provider_name_ocil:questionnaire:1">
2562	··········<ocil:title>Disable·~~Cloud~~·Pr~~int·Sharing~~</ocil:title>	2562	··········<ocil:title>Set·the·Default·Search·Provider's·URL</ocil:title>
2563	··········<ocil:actions>	2563	··········<ocil:actions>
2564	············<ocil:test_action_ref>ocil:ssg-chromium_disable_~~cloud~~_pr~~int_sharing~~_action:testaction:1</ocil:test_action_ref>	2564	············<ocil:test_action_ref>ocil:ssg-chromium_default_search_provider_name_action:testaction:1</ocil:test_action_ref>
2565	··········</ocil:actions>	2565	··········</ocil:actions>
2566	········</ocil:questionnaire>	2566	········</ocil:questionnaire>
2567	········<ocil:questionnaire·id="ocil:ssg-chromium_enable_browser~~_his~~t~~ory~~_ocil:questionnaire:1">	2567	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_metrics_reporting_ocil:questionnaire:1">
2568	··········<ocil:title>Enable·~~Sav~~ing·the·Bro~~wse~~r~~·His~~t~~ory~~</ocil:title>	2568	··········<ocil:title>Disable·Metrics·Reporting</ocil:title>
2569	··········<ocil:actions>	2569	··········<ocil:actions>
		2570	············<ocil:test_action_ref>ocil:ssg-chromium_disable_metrics_reporting_action:testaction:1</ocil:test_action_ref>
		2571	··········</ocil:actions>
		2572	········</ocil:questionnaire>
		2573	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_google_sync_ocil:questionnaire:1">
		2574	··········<ocil:title>Disable·Data·Synchronization·to·Google</ocil:title>
		2575	··········<ocil:actions>
2570	············<ocil:test_action_ref>ocil:ssg-chromium_enable_browser_hist~~ory~~_action:testaction:1</ocil:test_action_ref>	2576	············<ocil:test_action_ref>ocil:ssg-chromium_disable_google_sync_action:testaction:1</ocil:test_action_ref>
2571	··········</ocil:actions>	2577	··········</ocil:actions>
2572	········</ocil:questionnaire>	2578	········</ocil:questionnaire>
2573	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_protocol_schemas_ocil:questionnaire:1">	2579	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_protocol_schemas_ocil:questionnaire:1">
2574	··········<ocil:title>Disable·Insecure·And·Obsolete·Protocol·Schemas</ocil:title>	2580	··········<ocil:title>Disable·Insecure·And·Obsolete·Protocol·Schemas</ocil:title>
2575	··········<ocil:actions>	2581	··········<ocil:actions>
2576	············<ocil:test_action_ref>ocil:ssg-chromium_disable_protocol_schemas_action:testaction:1</ocil:test_action_ref>	2582	············<ocil:test_action_ref>ocil:ssg-chromium_disable_protocol_schemas_action:testaction:1</ocil:test_action_ref>
2577	··········</ocil:actions>	2583	··········</ocil:actions>
2578	········</ocil:questionnaire>	2584	········</ocil:questionnaire>
2579	········<ocil:questionnaire·id="ocil:ssg-chromium_~~default~~_sear~~ch_pr~~ovi~~der~~_ocil:questionnaire:1">	2585	········<ocil:questionnaire·id="ocil:ssg-chromium_plugins_require_authorization_ocil:questionnaire:1">
2580	··········<ocil:title>~~Enabl~~e·the·~~Default~~·~~Search·Pr~~ovider</ocil:title>	2586	··········<ocil:title>Require·Outdated·Plugins·to·be·Authorized</ocil:title>
2581	··········<ocil:actions>	2587	··········<ocil:actions>
2582	············<ocil:test_action_ref>ocil:ssg-chromium_~~default~~_sear~~ch_pr~~ovi~~der~~_action:testaction:1</ocil:test_action_ref>	2588	············<ocil:test_action_ref>ocil:ssg-chromium_plugins_require_authorization_action:testaction:1</ocil:test_action_ref>
2583	··········</ocil:actions>	2589	··········</ocil:actions>
2584	········</ocil:questionnaire>	2590	········</ocil:questionnaire>
2585	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~outd~~a~~ted_plug~~ins_ocil:questionnaire:1">	2591	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_3d_graphics_api_ocil:questionnaire:1">
2586	··········<ocil:title>Disable·Out~~dated~~·~~Plug~~ins</ocil:title>	2592	··········<ocil:title>Disable·the·3D·Graphics·APIs</ocil:title>
2587	··········<ocil:actions>	2593	··········<ocil:actions>
2588	············<ocil:test_action_ref>ocil:ssg-chromium_disable_~~outd~~a~~ted_plug~~ins_action:testaction:1</ocil:test_action_ref>	2594	············<ocil:test_action_ref>ocil:ssg-chromium_disable_3d_graphics_api_action:testaction:1</ocil:test_action_ref>
2589	··········</ocil:actions>	2595	··········</ocil:actions>
2590	········</ocil:questionnaire>	2596	········</ocil:questionnaire>
2591	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~saved~~_~~passwords~~_ocil:questionnaire:1">	2597	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_plugin_blacklist_ocil:questionnaire:1">
2592	··········<ocil:title>Disable·~~Saved~~·~~Passwords~~</ocil:title>	2598	··········<ocil:title>Disable·All·Plugins·by·Default</ocil:title>
2593	··········<ocil:actions>	2599	··········<ocil:actions>
2594	············<ocil:test_action_ref>ocil:ssg-chromium_disable_~~saved~~_~~passwords~~_action:testaction:1</ocil:test_action_ref>	2600	············<ocil:test_action_ref>ocil:ssg-chromium_disable_plugin_blacklist_action:testaction:1</ocil:test_action_ref>
2595	··········</ocil:actions>	2601	··········</ocil:actions>
2596	········</ocil:questionnaire>	2602	········</ocil:questionnaire>
2597	········<ocil:questionnaire·id="ocil:ssg-chromium_~~whi~~tel~~ist~~_plugin~~_url~~s_ocil:questionnaire:1">	2603	········<ocil:questionnaire·id="ocil:ssg-chromium_default_block_plugins_ocil:questionnaire:1">
2598	··········<ocil:title>E~~nable~~·Plugins~~·for~~·Only·~~Appro~~ved~~·URLs~~</ocil:title>	2604	··········<ocil:title>Block·Plugins·by·Default</ocil:title>
2599	··········<ocil:actions>	2605	··········<ocil:actions>
2600	············<ocil:test_action_ref>ocil:ssg-chromium_~~whi~~tel~~ist~~_plugin~~_url~~s_action:testaction:1</ocil:test_action_ref>	2606	············<ocil:test_action_ref>ocil:ssg-chromium_default_block_plugins_action:testaction:1</ocil:test_action_ref>
2601	··········</ocil:actions>	2607	··········</ocil:actions>
2602	········</ocil:questionnaire>	2608	········</ocil:questionnaire>
2603	········<ocil:questionnaire·id="ocil:ssg-chromium_pol~~icy~~_file_ocil:questionnaire:1">	2609	········<ocil:questionnaire·id="ocil:ssg-chromium_enable_safe_browsing_ocil:questionnaire:1">
2604	··········<ocil:title>En~~sur~~e·the·~~Chromium~~·~~Policy~~·Co~~nfigur~~ation·File·E~~xists~~</ocil:title>	2610	··········<ocil:title>Enable·the·Safe·Browsing·Feature</ocil:title>
2605	··········<ocil:actions>	2611	··········<ocil:actions>
2606	············<ocil:test_action_ref>ocil:ssg-chromium_pol~~icy~~_file_action:testaction:1</ocil:test_action_ref>	2612	············<ocil:test_action_ref>ocil:ssg-chromium_enable_safe_browsing_action:testaction:1</ocil:test_action_ref>
2607	··········</ocil:actions>	2613	··········</ocil:actions>
2608	········</ocil:questionnaire>	2614	········</ocil:questionnaire>
2609	········<ocil:questionnaire·id="ocil:ssg-chromium_ext~~ension_wh~~i~~tel~~ist_ocil:questionnaire:1">	2615	········<ocil:questionnaire·id="ocil:ssg-chromium_http_authentication_ocil:questionnaire:1">
2610	··········<ocil:title>E~~nable·Only·Approved~~·Extensions</ocil:title>	2616	··········<ocil:title>Set·Chromium's·HTTP·Authentication·Scheme</ocil:title>
2611	··········<ocil:actions>	2617	··········<ocil:actions>
2612	············<ocil:test_action_ref>ocil:ssg-chromium_ext~~ension_wh~~i~~tel~~ist_action:testaction:1</ocil:test_action_ref>	2618	············<ocil:test_action_ref>ocil:ssg-chromium_http_authentication_action:testaction:1</ocil:test_action_ref>
2613	··········</ocil:actions>	2619	··········</ocil:actions>
2614	········</ocil:questionnaire>	2620	········</ocil:questionnaire>
2615	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_password_~~manag~~er_ocil:questionnaire:1">	2621	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_session_cookies_ocil:questionnaire:1">
2616	··········<ocil:title>Disable·~~Chromium·~~Password·~~Manag~~er</ocil:title>	2622	··········<ocil:title>Disable·Session·Cookies</ocil:title>
2617	··········<ocil:actions>	2623	··········<ocil:actions>
2618	············<ocil:test_action_ref>ocil:ssg-chromium_disable_password_~~manag~~er_action:testaction:1</ocil:test_action_ref>	2624	············<ocil:test_action_ref>ocil:ssg-chromium_disable_session_cookies_action:testaction:1</ocil:test_action_ref>
2619	··········</ocil:actions>	2625	··········</ocil:actions>
Max diff block lines reached; 68300/80346 bytes (85.01%) of diff not shown.


Offset 3, 351 lines modified		Offset 3, 351 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~incognito_m~~ode_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_saved_passwords_ocil:questionnaire:1">
11	······<ocil:title>Disable·~~Incognito·M~~ode</ocil:title>	11	······<ocil:title>Disable·Saved·Passwords</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-chromium_disable_~~incognito_m~~ode_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-chromium_disable_saved_passwords_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~cloud~~_pr~~int_sharing~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-chromium_default_search_provider_name_ocil:questionnaire:1">
17	······<ocil:title>Disable·~~Cloud~~·Pr~~int·Sharing~~</ocil:title>	17	······<ocil:title>Set·the·Default·Search·Provider's·URL</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-chromium_disable_~~cloud~~_pr~~int_sharing~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-chromium_default_search_provider_name_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-chromium_enable_browser~~_his~~t~~ory~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_metrics_reporting_ocil:questionnaire:1">
23	······<ocil:title>Enable·~~Sav~~ing·the·Bro~~wse~~r~~·His~~t~~ory~~</ocil:title>	23	······<ocil:title>Disable·Metrics·Reporting</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
		25	········<ocil:test_action_ref>ocil:ssg-chromium_disable_metrics_reporting_action:testaction:1</ocil:test_action_ref>
		26	······</ocil:actions>
		27	····</ocil:questionnaire>
		28	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_google_sync_ocil:questionnaire:1">
		29	······<ocil:title>Disable·Data·Synchronization·to·Google</ocil:title>
		30	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-chromium_enable_browser_hist~~ory~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-chromium_disable_google_sync_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	32	······</ocil:actions>
27	····</ocil:questionnaire>	33	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_protocol_schemas_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_protocol_schemas_ocil:questionnaire:1">
29	······<ocil:title>Disable·Insecure·And·Obsolete·Protocol·Schemas</ocil:title>	35	······<ocil:title>Disable·Insecure·And·Obsolete·Protocol·Schemas</ocil:title>
30	······<ocil:actions>	36	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-chromium_disable_protocol_schemas_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-chromium_disable_protocol_schemas_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	38	······</ocil:actions>
33	····</ocil:questionnaire>	39	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-chromium_~~default~~_sear~~ch_pr~~ovi~~der~~_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-chromium_plugins_require_authorization_ocil:questionnaire:1">
35	······<ocil:title>~~Enabl~~e·the·~~Default~~·~~Search·Pr~~ovider</ocil:title>	41	······<ocil:title>Require·Outdated·Plugins·to·be·Authorized</ocil:title>
36	······<ocil:actions>	42	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-chromium_~~default~~_sear~~ch_pr~~ovi~~der~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-chromium_plugins_require_authorization_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	44	······</ocil:actions>
39	····</ocil:questionnaire>	45	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~outd~~a~~ted_plug~~ins_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_3d_graphics_api_ocil:questionnaire:1">
41	······<ocil:title>Disable·Out~~dated~~·~~Plug~~ins</ocil:title>	47	······<ocil:title>Disable·the·3D·Graphics·APIs</ocil:title>
42	······<ocil:actions>	48	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-chromium_disable_~~outd~~a~~ted_plug~~ins_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-chromium_disable_3d_graphics_api_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	50	······</ocil:actions>
45	····</ocil:questionnaire>	51	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~saved~~_~~passwords~~_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_plugin_blacklist_ocil:questionnaire:1">
47	······<ocil:title>Disable·~~Saved~~·~~Passwords~~</ocil:title>	53	······<ocil:title>Disable·All·Plugins·by·Default</ocil:title>
48	······<ocil:actions>	54	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-chromium_disable_~~saved~~_~~passwords~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-chromium_disable_plugin_blacklist_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	56	······</ocil:actions>
51	····</ocil:questionnaire>	57	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-chromium_~~whi~~tel~~ist~~_plugin~~_url~~s_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-chromium_default_block_plugins_ocil:questionnaire:1">
53	······<ocil:title>E~~nable~~·Plugins~~·for~~·Only·~~Appro~~ved~~·URLs~~</ocil:title>	59	······<ocil:title>Block·Plugins·by·Default</ocil:title>
54	······<ocil:actions>	60	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-chromium_~~whi~~tel~~ist~~_plugin~~_url~~s_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-chromium_default_block_plugins_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	62	······</ocil:actions>
57	····</ocil:questionnaire>	63	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-chromium_pol~~icy~~_file_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-chromium_enable_safe_browsing_ocil:questionnaire:1">
59	······<ocil:title>En~~sur~~e·the·~~Chromium~~·~~Policy~~·Co~~nfigur~~ation·File·E~~xists~~</ocil:title>	65	······<ocil:title>Enable·the·Safe·Browsing·Feature</ocil:title>
60	······<ocil:actions>	66	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-chromium_pol~~icy~~_file_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-chromium_enable_safe_browsing_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	68	······</ocil:actions>
63	····</ocil:questionnaire>	69	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-chromium_ext~~ension_wh~~i~~tel~~ist_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-chromium_http_authentication_ocil:questionnaire:1">
65	······<ocil:title>E~~nable·Only·Approved~~·Extensions</ocil:title>	71	······<ocil:title>Set·Chromium's·HTTP·Authentication·Scheme</ocil:title>
66	······<ocil:actions>	72	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-chromium_ext~~ension_wh~~i~~tel~~ist_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-chromium_http_authentication_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	74	······</ocil:actions>
69	····</ocil:questionnaire>	75	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_password_~~manag~~er_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_session_cookies_ocil:questionnaire:1">
71	······<ocil:title>Disable·~~Chromium·~~Password·~~Manag~~er</ocil:title>	77	······<ocil:title>Disable·Session·Cookies</ocil:title>
72	······<ocil:actions>	78	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-chromium_disable_password_~~manag~~er_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-chromium_disable_session_cookies_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	80	······</ocil:actions>
75	····</ocil:questionnaire>	81	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-chromium_~~block_~~des~~ktop~~_n~~otif~~i~~cati~~ons_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_incognito_mode_ocil:questionnaire:1">
77	······<ocil:title>~~Prevent·~~Des~~ktop~~·~~Notif~~i~~cati~~ons</ocil:title>	83	······<ocil:title>Disable·Incognito·Mode</ocil:title>
78	······<ocil:actions>	84	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-chromium_~~block_~~des~~ktop~~_n~~otif~~i~~cati~~ons_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-chromium_disable_incognito_mode_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	86	······</ocil:actions>
81	····</ocil:questionnaire>	87	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_network_prediction_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_network_prediction_ocil:questionnaire:1">
83	······<ocil:title>Disable·Network·Prediction</ocil:title>	89	······<ocil:title>Disable·Network·Prediction</ocil:title>
84	······<ocil:actions>	90	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-chromium_disable_network_prediction_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-chromium_disable_network_prediction_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	92	······</ocil:actions>
87	····</ocil:questionnaire>	93	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-chromium_enable_approved_plugins_ocil:questionnaire:1">
89	······<ocil:title>Enable·Only·Approved·Plugins</ocil:title>
90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-chromium_enable_approved_plugins_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>
93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~plug~~in_blacklist_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-chromium_disallow_location_tracking_ocil:questionnaire:1">
95	······<ocil:title>Disable·~~All·Plug~~ins·by~~·Default~~</ocil:title>	95	······<ocil:title>Disable·Location·Tracking</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-chromium_disable_~~plug~~in_blacklist_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-chromium_disallow_location_tracking_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_firewall_traversal_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_firewall_traversal_ocil:questionnaire:1">
101	······<ocil:title>Disable·Chromium's·Ability·to·Traverse·Firewalls</ocil:title>	101	······<ocil:title>Disable·Chromium's·Ability·to·Traverse·Firewalls</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-chromium_disable_firewall_traversal_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-chromium_disable_firewall_traversal_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_t~~hirdpa~~rty_~~cooki~~es_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_password_manager_ocil:questionnaire:1">
107	······<ocil:title>Disable·3rd·Pa~~rty~~·~~Cooki~~es</ocil:title>	107	······<ocil:title>Disable·Chromium·Password·Manager</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-chromium_disable_t~~hirdpa~~rty_~~cooki~~es_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-chromium_disable_password_manager_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~pop~~ups_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_search_suggestions_ocil:questionnaire:1">
113	······<ocil:title>Disable·~~Pop~~ups</ocil:title>	113	······<ocil:title>Disable·Search·Suggestion</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-chromium_disable_~~pop~~ups_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-chromium_disable_search_suggestions_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-chromium_default_search_pr~~ovide~~r~~_na~~me_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_cleartext_passwords_ocil:questionnaire:1">
119	······<ocil:title>~~Set·th~~e·~~Default·S~~earch·Pr~~ovide~~r's~~·URL~~</ocil:title>	119	······<ocil:title>Disable·Use·of·Cleartext·Passwords</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-chromium_default_search_pr~~ovide~~r~~_na~~me_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-chromium_disable_cleartext_passwords_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	122	······</ocil:actions>
123	····</ocil:questionnaire>	123	····</ocil:questionnaire>
Max diff block lines reached; 59808/71527 bytes (83.62%) of diff not shown.


Offset 19, 15 lines modified		Offset 19, 15 lines modified
19	····</ds:checklists>	19	····</ds:checklists>
20	····<ds:checks>	20	····<ds:checks>
21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-oval.xml"/>	21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-oval.xml"/>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-ocil.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-ocil.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-cpe-oval.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-cpe-oval.xml"/>
24	····</ds:checks>	24	····</ds:checks>
25	··</ds:data-stream>	25	··</ds:data-stream>
26	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	26	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28	······<cpe-dict:cpe-item·name="cpe:/a:amazon:elastic_kubernetes_service:1">	28	······<cpe-dict:cpe-item·name="cpe:/a:amazon:elastic_kubernetes_service:1">
29	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service</cpe-dict:title>	29	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service</cpe-dict:title>
30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks:def:1</cpe-dict:check>	30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks:def:1</cpe-dict:check>
31	······</cpe-dict:cpe-item>	31	······</cpe-dict:cpe-item>
32	······<cpe-dict:cpe-item·name="cpe:/a:amazon:elastic_kubernetes_service_node:1.21">	32	······<cpe-dict:cpe-item·name="cpe:/a:amazon:elastic_kubernetes_service_node:1.21">
33	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·1.21</cpe-dict:title>	33	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·1.21</cpe-dict:title>
Offset 35, 15 lines modified		Offset 35, 15 lines modified
35	······</cpe-dict:cpe-item>	35	······</cpe-dict:cpe-item>
36	······<cpe-dict:cpe-item·name="cpe:/o:amazon:elastic_kubernetes_service_node:1">	36	······<cpe-dict:cpe-item·name="cpe:/o:amazon:elastic_kubernetes_service_node:1">
37	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·Node</cpe-dict:title>	37	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·Node</cpe-dict:title>
38	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks_node:def:1</cpe-dict:check>	38	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks_node:def:1</cpe-dict:check>
39	······</cpe-dict:cpe-item>	39	······</cpe-dict:cpe-item>
40	····</cpe-dict:cpe-list>	40	····</cpe-dict:cpe-list>
41	··</ds:component>	41	··</ds:component>
42	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-xccdf.xml"·timestamp="2025-02-28T20:08:00">	42	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-xccdf.xml"·timestamp="2025-03-01T22:08:00">
43	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	43	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
44	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	44	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
45	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>	45	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>
46	······<xccdf-1.2:description>	46	······<xccdf-1.2:description>
47	········This·guide·presents·a·catalog·of·security-relevant	47	········This·guide·presents·a·catalog·of·security-relevant
48	configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of	48	configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of
49	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	49	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 1545, 15 lines modified		Offset 1545, 15 lines modified
1545	··············<xccdf-1.2:check-content-ref·href="ssg-eks-ocil.xml"·name="ocil:ssg-file_permissions_worker_kubeconfig_ocil:questionnaire:1"/>	1545	··············<xccdf-1.2:check-content-ref·href="ssg-eks-ocil.xml"·name="ocil:ssg-file_permissions_worker_kubeconfig_ocil:questionnaire:1"/>
1546	············</xccdf-1.2:check>	1546	············</xccdf-1.2:check>
1547	··········</xccdf-1.2:Rule>	1547	··········</xccdf-1.2:Rule>
1548	········</xccdf-1.2:Group>	1548	········</xccdf-1.2:Group>
1549	······</xccdf-1.2:Group>	1549	······</xccdf-1.2:Group>
1550	····</xccdf-1.2:Benchmark>	1550	····</xccdf-1.2:Benchmark>
1551	··</ds:component>	1551	··</ds:component>
1552	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-oval.xml"·timestamp="2025-02-28T20:08:00">	1552	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-oval.xml"·timestamp="2025-03-01T22:08:00">
1553	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	1553	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
1554	······<oval-def:generator>	1554	······<oval-def:generator>
1555	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	1555	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
1556	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>	1556	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>
1557	········<oval:schema_version>5.11</oval:schema_version>	1557	········<oval:schema_version>5.11</oval:schema_version>
1558	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	1558	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>
1559	······</oval-def:generator>	1559	······</oval-def:generator>
Offset 2166, 234 lines modified		Offset 2166, 234 lines modified
2166	········<oval-def:external_variable·id="oval:ssg-var_streaming_connection_timeouts:var:1"·version="1"·datatype="string"·comment="variable"/>	2166	········<oval-def:external_variable·id="oval:ssg-var_streaming_connection_timeouts:var:1"·version="1"·datatype="string"·comment="variable"/>
2167	········<oval-def:local_variable·id="oval:ssg-kubelet_read_only_port_secured_file_location:var:1"·version="1"·datatype="string"·comment="The·actual·path·of·the·file·to·scan.">	2167	········<oval-def:local_variable·id="oval:ssg-kubelet_read_only_port_secured_file_location:var:1"·version="1"·datatype="string"·comment="The·actual·path·of·the·file·to·scan.">
2168	··········<oval-def:literal_component>/etc/kubernetes/compliance-operator/kubeletconfig/openscap-kubeletconfig</oval-def:literal_component>	2168	··········<oval-def:literal_component>/etc/kubernetes/compliance-operator/kubeletconfig/openscap-kubeletconfig</oval-def:literal_component>
2169	········</oval-def:local_variable>	2169	········</oval-def:local_variable>
2170	······</oval-def:variables>	2170	······</oval-def:variables>
2171	····</oval-def:oval_definitions>	2171	····</oval-def:oval_definitions>
2172	··</ds:component>	2172	··</ds:component>
2173	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-ocil.xml"·timestamp="2025-02-28T20:08:00">	2173	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-ocil.xml"·timestamp="2025-03-01T22:08:00">
2174	····<ocil:ocil>	2174	····<ocil:ocil>
2175	······<ocil:generator>	2175	······<ocil:generator>
2176	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	2176	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
2177	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>	2177	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>
2178	········<ocil:schema_version>2.0</ocil:schema_version>	2178	········<ocil:schema_version>2.0</ocil:schema_version>
2179	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	2179	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
2180	······</ocil:generator>	2180	······</ocil:generator>
2181	······<ocil:questionnaires>	2181	······<ocil:questionnaires>
2182	········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_~~prote~~c~~t_k~~ernel_~~def~~a~~ults~~_ocil:questionnaire:1">	2182	········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_cert_rotation_ocil:questionnaire:1">
2183	··········<ocil:title>kubelet·-·Enable·~~Pro~~tect~~·Kernel~~·~~Def~~a~~ults~~</ocil:title>	2183	··········<ocil:title>kubelet·-·Enable·Certificate·Rotation</ocil:title>
2184	··········<ocil:actions>	2184	··········<ocil:actions>
2185	············<ocil:test_action_ref>ocil:ssg-kubelet_enable_~~prote~~c~~t_k~~ernel_~~def~~a~~ults~~_action:testaction:1</ocil:test_action_ref>	2185	············<ocil:test_action_ref>ocil:ssg-kubelet_enable_cert_rotation_action:testaction:1</ocil:test_action_ref>
2186	··········</ocil:actions>	2186	··········</ocil:actions>
2187	········</ocil:questionnaire>	2187	········</ocil:questionnaire>
2188	········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_streaming_connections_deprecated_ocil:questionnaire:1">
2189	··········<ocil:title~~>kubelet·-~~·~~Do·N~~o~~t·Di~~s~~able·S~~tre~~aming·Timeout~~s</ocil:title>	2188	········<ocil:questionnaire·id="ocil:ssg-control_plane_access_ocil:questionnaire:1">
		2189	··········<ocil:title>Restrict·Access·to·the·Control·Plane·Endpoint</ocil:title>
2190	··········<ocil:actions>	2190	··········<ocil:actions>
2191	············<ocil:test_action_ref>ocil:ssg-~~kubelet~~_en~~able_s~~tr~~eami~~ng_~~con~~ne~~ctions~~_~~depr~~ec~~ated~~_action:testaction:1</ocil:test_action_ref>	2191	············<ocil:test_action_ref>ocil:ssg-control_plane_access_action:testaction:1</ocil:test_action_ref>
2192	··········</ocil:actions>	2192	··········</ocil:actions>
2193	········</ocil:questionnaire>	2193	········</ocil:questionnaire>
2194	········<ocil:questionnaire·id="ocil:ssg-~~endpoint_c~~on~~fig~~uration_ocil:questionnaire:1">	2194	········<ocil:questionnaire·id="ocil:ssg-file_groupowner_kubelet_conf_ocil:questionnaire:1">
2195	··········<ocil:title>Ensure·~~Priva~~t~~e·E~~n~~dpoin~~t~~·Access~~</ocil:title>	2195	··········<ocil:title>Verify·Group·Who·Owns·The·Kubelet·Configuration·File</ocil:title>
2196	··········<ocil:actions>	2196	··········<ocil:actions>
2197	············<ocil:test_action_ref>ocil:ssg-~~endpoint_c~~on~~fig~~uration_action:testaction:1</ocil:test_action_ref>	2197	············<ocil:test_action_ref>ocil:ssg-file_groupowner_kubelet_conf_action:testaction:1</ocil:test_action_ref>
2198	··········</ocil:actions>	2198	··········</ocil:actions>
2199	········</ocil:questionnaire>	2199	········</ocil:questionnaire>
2200	········<ocil:questionnaire·id="ocil:ssg-dedicated_service_accounts_ocil:questionnaire:1">	2200	········<ocil:questionnaire·id="ocil:ssg-dedicated_service_accounts_ocil:questionnaire:1">
2201	··········<ocil:title>Use·Dedicated·Service·Accounts</ocil:title>	2201	··········<ocil:title>Use·Dedicated·Service·Accounts</ocil:title>
2202	··········<ocil:actions>	2202	··········<ocil:actions>
2203	············<ocil:test_action_ref>ocil:ssg-dedicated_service_accounts_action:testaction:1</ocil:test_action_ref>	2203	············<ocil:test_action_ref>ocil:ssg-dedicated_service_accounts_action:testaction:1</ocil:test_action_ref>
2204	··········</ocil:actions>	2204	··········</ocil:actions>
2205	········</ocil:questionnaire>	2205	········</ocil:questionnaire>
2206	········<ocil:questionnaire·id="ocil:ssg-file_~~group~~owner_kubelet_conf_ocil:questionnaire:1">	2206	········<ocil:questionnaire·id="ocil:ssg-file_owner_kubelet_conf_ocil:questionnaire:1">
2207	··········<ocil:title>Verify·G~~roup~~·Who·Owns·The·Kubelet·Configuration·File</ocil:title>	2207	··········<ocil:title>Verify·User·Who·Owns·The·Kubelet·Configuration·File</ocil:title>
2208	··········<ocil:actions>	2208	··········<ocil:actions>
2209	············<ocil:test_action_ref>ocil:ssg-file_~~group~~owner_kubelet_conf_action:testaction:1</ocil:test_action_ref>	2209	············<ocil:test_action_ref>ocil:ssg-file_owner_kubelet_conf_action:testaction:1</ocil:test_action_ref>
2210	··········</ocil:actions>	2210	··········</ocil:actions>
2211	········</ocil:questionnaire>	2211	········</ocil:questionnaire>
2212	········<ocil:questionnaire·id="ocil:ssg-con~~figure_~~net~~work~~_policie~~s_n~~a~~mespaces~~_ocil:questionnaire:1">	2212	········<ocil:questionnaire·id="ocil:ssg-endpoint_configuration_ocil:questionnaire:1">
2213	··········<ocil:title>Ensure·~~that·ap~~plicat~~ion·Namespac~~es·~~have·Ne~~t~~work~~·~~Pol~~icies~~·defined~~.</ocil:title>	2213	··········<ocil:title>Ensure·Private·Endpoint·Access</ocil:title>
2214	··········<ocil:actions>	2214	··········<ocil:actions>
2215	············<ocil:test_action_ref>ocil:ssg-con~~figure_~~net~~work~~_policie~~s_n~~a~~mespaces~~_action:testaction:1</ocil:test_action_ref>	2215	············<ocil:test_action_ref>ocil:ssg-endpoint_configuration_action:testaction:1</ocil:test_action_ref>
2216	··········</ocil:actions>	2216	··········</ocil:actions>
2217	········</ocil:questionnaire>	2217	········</ocil:questionnaire>
2218	········<ocil:questionnaire·id="ocil:ssg-registry_~~access~~_ocil:questionnaire:1">	2218	········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_client_cert_rotation_ocil:questionnaire:1">
2219	··········<ocil:title>~~Minimize~~·~~user~~·~~acc~~ess·t~~o·Am~~azo~~n·ECR~~</ocil:title>	2219	··········<ocil:title>kubelet·-·Enable·Client·Certificate·Rotation</ocil:title>
2220	··········<ocil:actions>	2220	··········<ocil:actions>
2221	············<ocil:test_action_ref>ocil:ssg-registry_~~access~~_action:testaction:1</ocil:test_action_ref>	2221	············<ocil:test_action_ref>ocil:ssg-kubelet_enable_client_cert_rotation_action:testaction:1</ocil:test_action_ref>
2222	··········</ocil:actions>	2222	··········</ocil:actions>
2223	········</ocil:questionnaire>	2223	········</ocil:questionnaire>
2224	········<ocil:questionnaire·id="ocil:ssg-fargate_ocil:questionnaire:1">	2224	········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_streaming_connections_ocil:questionnaire:1">
2225	··········<ocil:title>~~Consider~~·~~Farga~~t~~e·for·Un~~tr~~usted·Workl~~oads</ocil:title>	2225	··········<ocil:title>kubelet·-·Do·Not·Disable·Streaming·Timeouts</ocil:title>
2226	··········<ocil:actions>	2226	··········<ocil:actions>
2227	············<ocil:test_action_ref>ocil:ssg-fargate_action:testaction:1</ocil:test_action_ref>	2227	············<ocil:test_action_ref>ocil:ssg-kubelet_enable_streaming_connections_action:testaction:1</ocil:test_action_ref>
2228	··········</ocil:actions>	2228	··········</ocil:actions>
2229	········</ocil:questionnaire>	2229	········</ocil:questionnaire>
2230	········<ocil:questionnaire·id="ocil:ssg-file_~~own~~e~~r_ku~~belet_conf_ocil:questionnaire:1">	2230	········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_iptables_util_chains_ocil:questionnaire:1">
2231	··········<ocil:title>~~Verify~~·~~User·Who·Owns·The~~·~~Kub~~e~~let~~·Configuration~~·File~~</ocil:title>	2231	··········<ocil:title>kubelet·-·Allow·Automatic·Firewall·Configuration</ocil:title>
2232	··········<ocil:actions>	2232	··········<ocil:actions>
2233	············<ocil:test_action_ref>ocil:ssg-file_~~own~~e~~r_ku~~belet_conf_action:testaction:1</ocil:test_action_ref>	2233	············<ocil:test_action_ref>ocil:ssg-kubelet_enable_iptables_util_chains_action:testaction:1</ocil:test_action_ref>
2234	··········</ocil:actions>	2234	··········</ocil:actions>
2235	········</ocil:questionnaire>	2235	········</ocil:questionnaire>
2236	········<ocil:questionnaire·id="ocil:ssg-file_~~permissi~~ons_kubele~~t_conf~~_ocil:questionnaire:1">	2236	········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_protect_kernel_defaults_ocil:questionnaire:1">
2237	··········<ocil:title>~~Verify·Permissions·~~on~~·The~~·Ku~~bel~~et·Configurat~~ion·Fil~~e</ocil:title>	2237	··········<ocil:title>kubelet·-·Enable·Protect·Kernel·Defaults</ocil:title>
2238	··········<ocil:actions>	2238	··········<ocil:actions>
2239	············<ocil:test_action_ref>ocil:ssg-file_~~permissi~~ons_kubele~~t_conf~~_action:testaction:1</ocil:test_action_ref>	2239	············<ocil:test_action_ref>ocil:ssg-kubelet_enable_protect_kernel_defaults_action:testaction:1</ocil:test_action_ref>
2240	··········</ocil:actions>	2240	··········</ocil:actions>
2241	········</ocil:questionnaire>	2241	········</ocil:questionnaire>
2242	········<ocil:questionnaire·id="ocil:ssg-~~file_gr~~ou~~powner~~_wo~~rker_kubeco~~nfig_ocil:questionnaire:1">	2242	········<ocil:questionnaire·id="ocil:ssg-audit_logging_ocil:questionnaire:1">
2243	··········<ocil:title>~~Verify~~·~~Group~~·Who~~·Ow~~n~~s·Th~~e·~~Work~~er·~~Kubec~~on~~fig·~~File</ocil:title>	2243	··········<ocil:title>Ensure·Audit·Logging·is·Enabled</ocil:title>
Max diff block lines reached; 81749/93676 bytes (87.27%) of diff not shown.


Offset 3, 225 lines modified		Offset 3, 225 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_~~prote~~c~~t_k~~ernel_~~def~~a~~ults~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_cert_rotation_ocil:questionnaire:1">
11	······<ocil:title>kubelet·-·Enable·~~Pro~~tect~~·Kernel~~·~~Def~~a~~ults~~</ocil:title>	11	······<ocil:title>kubelet·-·Enable·Certificate·Rotation</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_~~prote~~c~~t_k~~ernel_~~def~~a~~ults~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_cert_rotation_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_streaming_connections_deprecated_ocil:questionnaire:1">
17	······<ocil:title~~>kubelet·-~~·~~Do·N~~o~~t·Di~~s~~able·S~~tre~~aming·Timeout~~s</ocil:title>	16	····<ocil:questionnaire·id="ocil:ssg-control_plane_access_ocil:questionnaire:1">
		17	······<ocil:title>Restrict·Access·to·the·Control·Plane·Endpoint</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~kubelet~~_en~~able_s~~tr~~eami~~ng_~~con~~ne~~ctions~~_~~depr~~ec~~ated~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-control_plane_access_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-~~endpoint_c~~on~~fig~~uration_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_kubelet_conf_ocil:questionnaire:1">
23	······<ocil:title>Ensure·~~Priva~~t~~e·E~~n~~dpoin~~t~~·Access~~</ocil:title>	23	······<ocil:title>Verify·Group·Who·Owns·The·Kubelet·Configuration·File</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~endpoint_c~~on~~fig~~uration_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-file_groupowner_kubelet_conf_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-dedicated_service_accounts_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-dedicated_service_accounts_ocil:questionnaire:1">
29	······<ocil:title>Use·Dedicated·Service·Accounts</ocil:title>	29	······<ocil:title>Use·Dedicated·Service·Accounts</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-dedicated_service_accounts_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-dedicated_service_accounts_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-file_~~group~~owner_kubelet_conf_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-file_owner_kubelet_conf_ocil:questionnaire:1">
35	······<ocil:title>Verify·G~~roup~~·Who·Owns·The·Kubelet·Configuration·File</ocil:title>	35	······<ocil:title>Verify·User·Who·Owns·The·Kubelet·Configuration·File</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-file_~~group~~owner_kubelet_conf_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-file_owner_kubelet_conf_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-con~~figure_~~net~~work~~_policie~~s_n~~a~~mespaces~~_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-endpoint_configuration_ocil:questionnaire:1">
41	······<ocil:title>Ensure·~~that·ap~~plicat~~ion·Namespac~~es·~~have·Ne~~t~~work~~·~~Pol~~icies~~·defined~~.</ocil:title>	41	······<ocil:title>Ensure·Private·Endpoint·Access</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-con~~figure_~~net~~work~~_policie~~s_n~~a~~mespaces~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-endpoint_configuration_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-registry_~~access~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_client_cert_rotation_ocil:questionnaire:1">
47	······<ocil:title>~~Minimize~~·~~user~~·~~acc~~ess·t~~o·Am~~azo~~n·ECR~~</ocil:title>	47	······<ocil:title>kubelet·-·Enable·Client·Certificate·Rotation</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-registry_~~access~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_client_cert_rotation_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-fargate_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_streaming_connections_ocil:questionnaire:1">
53	······<ocil:title>~~Consider~~·~~Farga~~t~~e·for·Un~~tr~~usted·Workl~~oads</ocil:title>	53	······<ocil:title>kubelet·-·Do·Not·Disable·Streaming·Timeouts</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-fargate_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_streaming_connections_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-file_~~own~~e~~r_ku~~belet_conf_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_iptables_util_chains_ocil:questionnaire:1">
59	······<ocil:title>~~Verify~~·~~User·Who·Owns·The~~·~~Kub~~e~~let~~·Configuration~~·File~~</ocil:title>	59	······<ocil:title>kubelet·-·Allow·Automatic·Firewall·Configuration</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-file_~~own~~e~~r_ku~~belet_conf_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_iptables_util_chains_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-file_~~permissi~~ons_kubele~~t_conf~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_protect_kernel_defaults_ocil:questionnaire:1">
65	······<ocil:title>~~Verify·Permissions·~~on~~·The~~·Ku~~bel~~et·Configurat~~ion·Fil~~e</ocil:title>	65	······<ocil:title>kubelet·-·Enable·Protect·Kernel·Defaults</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-file_~~permissi~~ons_kubele~~t_conf~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_protect_kernel_defaults_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~file_gr~~ou~~powner~~_wo~~rker_kubeco~~nfig_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-audit_logging_ocil:questionnaire:1">
71	······<ocil:title>~~Verify~~·~~Group~~·Who~~·Ow~~n~~s·Th~~e·~~Work~~er·~~Kubec~~on~~fig·~~File</ocil:title>	71	······<ocil:title>Ensure·Audit·Logging·is·Enabled</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~file_gr~~ou~~powner~~_wo~~rker_kubeco~~nfig_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-audit_logging_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-~~appr~~oved_re~~gistries~~_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-file_owner_worker_kubeconfig_ocil:questionnaire:1">
77	······<ocil:title>~~Onl~~y·use·~~approved~~·~~contain~~er·regi~~str~~ies</ocil:title>	77	······<ocil:title>Verify·User·Who·Owns·The·Worker·Kubeconfig·File</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~appr~~oved_re~~gistries~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-file_owner_worker_kubeconfig_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-control_plane_access_ocil:questionnaire:1">
83	······<ocil:tit~~le>Restr~~i~~ct·A~~ccess~~·to·th~~e~~·Contr~~o~~l·Plan~~e~~·Endp~~oint</ocil:title>	82	····<ocil:questionnaire·id="ocil:ssg-file_permissions_kubelet_conf_ocil:questionnaire:1">
		83	······<ocil:title>Verify·Permissions·on·The·Kubelet·Configuration·File</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~cont~~rol_~~plane_ac~~c~~ess~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-file_permissions_kubelet_conf_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-image_scanning_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-image_scanning_ocil:questionnaire:1">
89	······<ocil:title>Ensure·Image·Vulnerability·Scanning</ocil:title>	89	······<ocil:title>Ensure·Image·Vulnerability·Scanning</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-image_scanning_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-image_scanning_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-~~file~~_owne~~r_wo~~rker_~~kubeconfig~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-configure_tls_ocil:questionnaire:1">
		95	······<ocil:title>Encrypt·Traffic·to·Load·Balancers·and·Workloads</ocil:title>
95	······<ocil:title>Verify·User·Who·Owns·The·Worker·Kubeconfig·File</ocil:title>
96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-file_owner_worker_kubeconfig_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>
99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_cert_rotation_ocil:questionnaire:1">
101	······<ocil:title>kubelet·-·Enable·Certificate·Rotation</ocil:title>
102	······<ocil:actions>	96	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~kubelet~~_en~~able_ce~~rt_~~rota~~tion_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-configure_tls_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	98	······</ocil:actions>
105	····</ocil:questionnaire>	99	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-configure_network_policy_ocil:questionnaire:1">
107	······<ocil:~~title>E~~nsure·~~Netw~~or~~k·P~~o~~licy·is·Ena~~b~~led</~~ocil:title>	100	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_worker_kubeconfig_ocil:questionnaire:1">
		101	······<ocil:title>Verify·Group·Who·Owns·The·Worker·Kubeconfig·File</ocil:title>
108	······<ocil:actions>	102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~confi~~gu~~re_~~network_po~~licy~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-file_groupowner_worker_kubeconfig_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	104	······</ocil:actions>
111	····</ocil:questionnaire>	105	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-kubelet_read_only_port_secured_ocil:questionnaire:1">
113	······<ocil:~~title>kubelet~~·~~-·Ensure·that·th~~e~~·--~~r~~ead-~~onl~~y-p~~or~~t·is·s~~ec~~ured</~~ocil:title>	106	····<ocil:questionnaire·id="ocil:ssg-file_permissions_worker_kubeconfig_ocil:questionnaire:1">
		107	······<ocil:title>Verify·Permissions·on·the·Worker·Kubeconfig·File</ocil:title>
114	······<ocil:actions>	108	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~kub~~e~~let_read_~~only_port_sec~~ured~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-file_permissions_worker_kubeconfig_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	110	······</ocil:actions>
117	····</ocil:questionnaire>	111	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-~~audit_log~~g~~ing~~_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-fargate_ocil:questionnaire:1">
119	······<ocil:title>Ensure·~~Audi~~t·Lo~~ggi~~n~~g·i~~s·~~Enab~~led</ocil:title>	113	······<ocil:title>Consider·Fargate·for·Untrusted·Workloads</ocil:title>
120	······<ocil:actions>	114	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-~~audit_log~~g~~ing~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-fargate_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	116	······</ocil:actions>
123	····</ocil:questionnaire>	117	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-~~conf~~igur~~e_tls~~_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-iam_integration_ocil:questionnaire:1">
Max diff block lines reached; 73274/84877 bytes (86.33%) of diff not shown.


Offset 3, 506 lines modified		Offset 3, 450 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-enhanced_tracking_ocil:questionnaire:1">
11	······<ocil:title>Enabled·Firefox·Enhanced·Tracking·Protection</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-firefox_policy-enhanced_tracking_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-development_tools_ocil:questionnaire:1">
17	······<ocil:title>Disable·Firefox·Development·Tools</ocil:title>
18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-firefox_policy-development_tools_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>
21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_changes_ocil:questionnaire:1">
23	······<ocil:title>Disable·JavaScript's·Raise·Or·Lower·Windows·Capability</ocil:title>
24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_changes_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>
27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-privat~~e_brows~~ing_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-cryptomining_ocil:questionnaire:1">
29	······<ocil:title>Firefox·privat~~e·brows~~ing·~~mus~~t·be·di~~sable~~d.</ocil:title>	11	······<ocil:title>Enabled·Firefox·Cryptomining·protection</ocil:title>
30	······<ocil:actions>	12	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-firefox_policy-privat~~e_brows~~ing_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-firefox_policy-cryptomining_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	14	······</ocil:actions>
33	····</ocil:questionnaire>	15	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-~~installed_~~firefox_v~~ers~~i~~on_suppor~~ted_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-telemetry_ocil:questionnaire:1">
35	······<ocil:title>~~Supported·Ver~~si~~on·of~~·Firefox·~~Installed~~</ocil:title>	17	······<ocil:title>Disable·Firefox·Telemetry</ocil:title>
36	······<ocil:actions>	18	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~installed_~~firefox_v~~ers~~i~~on_suppor~~ted_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-firefox_policy-telemetry_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	20	······</ocil:actions>
39	····</ocil:questionnaire>	21	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_resizing_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_resizing_ocil:questionnaire:1">
41	······<ocil:title>Disable·JavaScript's·Moving·Or·Resizing·Windows·Capability</ocil:title>	23	······<ocil:title>Disable·JavaScript's·Moving·Or·Resizing·Windows·Capability</ocil:title>
42	······<ocil:actions>	24	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_resizing_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_resizing_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	26	······</ocil:actions>
45	····</ocil:questionnaire>	27	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-firefox_p~~referen~~c~~es-enable~~_c~~a_tru~~st_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_changes_ocil:questionnaire:1">
47	······<ocil:title>Enable·Shared·Sys~~tem~~·Certi~~fic~~a~~tes~~</ocil:title>	29	······<ocil:title>Disable·JavaScript's·Raise·Or·Lower·Windows·Capability</ocil:title>
48	······<ocil:actions>	30	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-firefox_p~~referen~~c~~es-enable~~_c~~a_tru~~st_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_changes_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	32	······</ocil:actions>
51	····</ocil:questionnaire>	33	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-fi~~nger~~p~~rinting~~_p~~rot~~e~~cti~~on_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-autoplay_video_ocil:questionnaire:1">
53	······<ocil:title>~~Enabled·~~Firefox·~~Fingerprin~~t~~ing~~·P~~rotection~~</ocil:title>	35	······<ocil:title>Firefox·autoplay·must·be·disabled.</ocil:title>
54	······<ocil:actions>	36	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-firefox_policy-fi~~nger~~p~~rinting~~_p~~rot~~e~~cti~~on_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-firefox_policy-autoplay_video_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	38	······</ocil:actions>
57	····</ocil:questionnaire>	39	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-sear~~ch_update~~_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-verification_ocil:questionnaire:1">
59	······<ocil:title>Disable·~~Ins~~t~~alled·Se~~arch·P~~lug~~i~~ns·Upd~~at~~e·Check~~ing</ocil:title>	41	······<ocil:title>Enable·Certificate·Verification</ocil:title>
60	······<ocil:actions>	42	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-firefox_policy-sear~~ch_update~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-firefox_policy-verification_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	44	······</ocil:actions>
63	····</ocil:questionnaire>	45	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-telemetry_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-extension_recommendation_ocil:questionnaire:1">
65	······<ocil:title>Disable·Firefox·Telemetry</ocil:title>	47	······<ocil:title>Disabled·Firefox·Extension·Recommendations</ocil:title>
66	······<ocil:actions>	48	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-firefox_policy-telemetry_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-firefox_policy-extension_recommendation_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	50	······</ocil:actions>
69	····</ocil:questionnaire>	51	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_studies_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_studies_ocil:questionnaire:1">
71	······<ocil:title>Disable·Firefox·Studies</ocil:title>	53	······<ocil:title>Disable·Firefox·Studies</ocil:title>
72	······<ocil:actions>	54	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_studies_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_studies_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	56	······</ocil:actions>
75	····</ocil:questionnaire>	57	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-~~cryptom~~in~~ing~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-pop-up_windows_ocil:questionnaire:1">
		59	······<ocil:title>Enable·Firefox·Pop-up·Blocker</ocil:title>
77	······<ocil:title>Enabled·Firefox·Cryptomining·protection</ocil:title>
78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-firefox_policy-cryptomining_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>
81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-extension_update_ocil:questionnaire:1">
83	······<ocil:title>Firefox·must·be·configured·to·not·automatically·update·installed·add-ons·and·plugins.</ocil:title>
84	······<ocil:actions>	60	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-firefox_policy-ex~~tension_up~~d~~ate~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-firefox_policy-pop-up_windows_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	62	······</ocil:actions>
87	····</ocil:questionnaire>	63	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-~~extens~~ion_r~~ecommenda~~tion_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-forget_button_ocil:questionnaire:1">
89	······<ocil:title>Di~~sabled·Fi~~re~~fox~~·~~Ext~~e~~nsi~~on·Rec~~omm~~endations</ocil:title>	65	······<ocil:title>Firefox·must·prevent·the·user·from·quickly·deleting·data.</ocil:title>
90	······<ocil:actions>	66	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-firefox_policy-~~extens~~ion_r~~ecommenda~~tion_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-firefox_policy-forget_button_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	68	······</ocil:actions>
93	····</ocil:questionnaire>	69	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-firefox_p~~oli~~cy-autoplay_vi~~deo~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-firefox_preferences-auto-download_actions_ocil:questionnaire:1">
95	······<ocil:title>Fi~~refox~~·autoplay·must·be·~~disabl~~ed.</ocil:title>	71	······<ocil:title>Disable·auto-download·for·proscribed·MIME·types.</ocil:title>
96	······<ocil:actions>	72	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-firefox_p~~oli~~cy-autoplay_vi~~deo~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-firefox_preferences-auto-download_actions_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	74	······</ocil:actions>
99	····</ocil:questionnaire>	75	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-firefox_~~policy-~~sea~~rch~~_su~~gges~~tion_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-installed_firefox_version_supported_ocil:questionnaire:1">
101	······<ocil:title>F~~iref~~ox·se~~arc~~h·~~sug~~gestions·~~must·be~~·disabled.</ocil:title>	77	······<ocil:title>Supported·Version·of·Firefox·Installed</ocil:title>
102	······<ocil:actions>	78	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-firefox_~~policy-~~sea~~rch~~_su~~gges~~tion_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-installed_firefox_version_supported_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	80	······</ocil:actions>
105	····</ocil:questionnaire>	81	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-firefox_p~~referen~~c~~es-aut~~o-d~~own~~lo~~ad_ac~~tions_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-development_tools_ocil:questionnaire:1">
107	······<ocil:title>Disable·~~auto-download·~~for·~~proscrib~~e~~d·MI~~ME·~~type~~s.</ocil:title>	83	······<ocil:title>Disable·Firefox·Development·Tools</ocil:title>
108	······<ocil:actions>	84	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-firefox_p~~referen~~c~~es-aut~~o-d~~own~~lo~~ad_ac~~tions_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-firefox_policy-development_tools_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	86	······</ocil:actions>
111	····</ocil:questionnaire>	87	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-firefox_p~~oli~~c~~y-dis~~able_~~pocke~~t_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1">
113	······<ocil:title>Disable·Fire~~fox~~·Pocket</ocil:title>	89	······<ocil:title>Enable·Shared·System·Certificates</ocil:title>
114	······<ocil:actions>	90	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-firefox_p~~oli~~c~~y-dis~~able_~~pocke~~t_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-firefox_preferences-enable_ca_trust_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	92	······</ocil:actions>
117	····</ocil:questionnaire>	93	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-network_prediction_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-network_prediction_ocil:questionnaire:1">
119	······<ocil:title>Disable·Firefox·network·prediction</ocil:title>	95	······<ocil:title>Disable·Firefox·network·prediction</ocil:title>
120	······<ocil:actions>	96	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-firefox_policy-network_prediction_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-firefox_policy-network_prediction_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	98	······</ocil:actions>
123	····</ocil:questionnaire>	99	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-content_~~blo~~cker_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-enhanced_tracking_ocil:questionnaire:1">
125	······<ocil:title>En~~sur~~e·~~the·C~~o~~nte~~nt·~~Blo~~cker·u~~Blo~~ck~~·Orig~~in·is·~~Ins~~t~~alled~~</ocil:title>	101	······<ocil:title>Enabled·Firefox·Enhanced·Tracking·Protection</ocil:title>
126	······<ocil:actions>	102	······<ocil:actions>
127	········<ocil:test_action_ref>ocil:ssg-firefox_policy-content_~~blo~~cker_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-firefox_policy-enhanced_tracking_action:testaction:1</ocil:test_action_ref>
128	······</ocil:actions>	104	······</ocil:actions>
Max diff block lines reached; 38359/49553 bytes (77.41%) of diff not shown.


Offset 3, 7205 lines modified		Offset 3, 7205 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-k~~ern~~el_co~~nfig~~_~~hibernati~~on_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-file_owner_etc_gshadow_ocil:questionnaire:1">
11	······<ocil:title>Di~~sabl~~e·h~~iber~~nation</ocil:title>	11	······<ocil:title>Verify·User·Who·Owns·gshadow·File</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-k~~ern~~el_co~~nfig~~_~~hibernati~~on_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-file_owner_etc_gshadow_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-~~sshd~~_disable_root_~~log~~in_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_unlinkat_ocil:questionnaire:1">
17	······<ocil:title>Disable·~~SSH~~·Root·~~Log~~in</ocil:title>	17	······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·unlinkat</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_disable_root_~~log~~in_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_unlinkat_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-~~kernel~~_co~~nfig_ipv6~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-rsyslog_remote_loghost_ocil:questionnaire:1">
23	······<ocil:title>Disable·the~~·IPv6~~·protocol</ocil:title>	23	······<ocil:title>Ensure·Logs·Sent·To·Remote·Host</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~kernel~~_co~~nfig_ipv6~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-rsyslog_remote_loghost_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-kernel_config_mo~~dule~~_sig_key_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-kernel_config_compat_brk_ocil:questionnaire:1">
29	······<ocil:title>~~Specify~~·mo~~dule·s~~igning·~~key·to·use~~</ocil:title>	29	······<ocil:title>Disable·compatibility·with·brk()</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-kernel_config_mo~~dule~~_sig_key_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-kernel_config_compat_brk_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-partit~~ion~~_~~for_tmp~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-service_ip6tables_enabled_ocil:questionnaire:1">
35	······<ocil:title>Ensur~~e·/tm~~p·~~Locat~~ed·On~~·Separate·Partition~~</ocil:title>	35	······<ocil:title>Verify·ip6tables·Enabled·if·Using·IPv6</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-partit~~ion~~_~~for_tmp~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-service_ip6tables_enabled_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_shared_media_ocil:questionnaire:1">
41	······<ocil:t~~itle>C~~onf~~igu~~re·~~Send~~i~~ng·an~~d~~·Ac~~c~~eptin~~g·Sha~~red·M~~edi~~a·Re~~dir~~ect~~s~~·for·All·IPv4·Interfac~~es</o~~cil:title~~>	40	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_adjtimex_ocil:questionnaire:1">
		41	······<ocil:title>Record·attempts·to·alter·time·through·adjtimex</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~sysc~~tl_~~net_ipv4~~_~~conf_all~~_sha~~red_~~media_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-audit_rules_time_adjtimex_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-~~accoun~~t~~s_mi~~n~~imum~~_~~age~~_log~~in_defs~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-partition_for_var_log_ocil:questionnaire:1">
47	······<ocil:title>Se~~t·P~~a~~ssw~~ord·~~Minimum~~·~~Age~~</ocil:title>	47	······<ocil:title>Ensure·/var/log·Located·On·Separate·Partition</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~accoun~~t~~s_mi~~n~~imum~~_~~age~~_log~~in_defs~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-partition_for_var_log_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-~~rsyslog_~~files_groupownership_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_shadow_ocil:questionnaire:1">
53	······<ocil:title>~~Ensu~~re~~·Log~~·~~Files~~·~~Are~~·Own~~ed·B~~y·~~Appr~~o~~priat~~e·G~~roup~~</ocil:title>	53	······<ocil:title>Verify·Group·Who·Owns·shadow·File</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~rsyslog_~~files_groupownership_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_shadow_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-s~~ysc~~tl_fs_suid_~~dump~~able_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-set_iptables_default_rule_forward_ocil:questionnaire:1">
59	······<ocil:title>Disable·~~Cor~~e·~~Dumps~~·for·~~SUID·progr~~ams</ocil:title>	59	······<ocil:title>Set·Default·iptables·Policy·for·Forwarded·Packets</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-s~~ysc~~tl_fs_suid_~~dump~~able_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-set_iptables_default_rule_forward_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
65	······<ocil:~~title>E~~nsure·~~aud~~itd·Co~~lle~~c~~ts·F~~il~~e·Deleti~~o~~n·Ev~~ents·by·Us~~er·-·r~~e~~name</~~ocil:title>	64	····<ocil:questionnaire·id="ocil:ssg-accounts_polyinstantiated_tmp_ocil:questionnaire:1">
		65	······<ocil:title>Configure·Polyinstantiation·of·/tmp·Directories</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-a~~udit_r~~ules~~_file~~_deletion_~~eve~~nt~~s_r~~ename_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-accounts_polyinstantiated_tmp_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~sshd~~_di~~sabl~~e_rho~~sts~~_rsa_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-kernel_config_page_poisoning_no_sanity_ocil:questionnaire:1">
71	······<ocil:title>Disable~~·SSH~~·~~Sup~~po~~rt·for·R~~hosts·RS~~A·Au~~t~~hen~~tica~~tion~~</ocil:title>	71	······<ocil:title>Enable·poison·without·sanity·check</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_di~~sabl~~e_rho~~sts~~_rsa_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-kernel_config_page_poisoning_no_sanity_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_watch_localtime_ocil:questionnaire:1">
77	······<ocil:ti~~tle>Recor~~d·~~Attempt~~s~~·to·Alt~~e~~r·the·localti~~m~~e·F~~il~~e</~~ocil:title>	76	····<ocil:questionnaire·id="ocil:ssg-kernel_config_binfmt_misc_ocil:questionnaire:1">
		77	······<ocil:title>Disable·kernel·support·for·MISC·binaries</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~audi~~t_rules_ti~~me_watch_localt~~ime_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-kernel_config_binfmt_misc_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-~~kerne~~l_config_debug_sg_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-disable_host_auth_ocil:questionnaire:1">
83	······<ocil:title>Enable·~~checks~~·on·s~~cat~~ter-gather·~~(SG~~)·table·~~oper~~ations</ocil:title>	83	······<ocil:title>Disable·Host-Based·Authentication</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~kerne~~l_config_debug_sg_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-disable_host_auth_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-~~sshd_~~di~~sab~~le_user_kn~~own~~_~~hosts~~_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
89	······<ocil:title>~~Disab~~le~~·SSH~~·Su~~ppo~~rt·~~for~~·~~User~~·Known·H~~osts~~</ocil:title>	89	······<ocil:title>Verify·User·Who·Owns·group·File</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~sshd_~~di~~sab~~le_user_kn~~own~~_~~hosts~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-s~~shd~~_set_log~~lev~~el_verbose_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-accounts_max_concurrent_login_sessions_ocil:questionnaire:1">
95	······<ocil:title>Set·~~SSH~~·Daemon·LogLe~~vel~~·to·~~VERBOSE~~</ocil:title>	95	······<ocil:title>Limit·the·Number·of·Concurrent·Login·Sessions·Allowed·Per·User</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-s~~shd~~_set_log~~lev~~el_verbose_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-accounts_max_concurrent_login_sessions_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-~~serv~~ice_~~ufw~~_en~~able~~d_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-mount_option_dev_shm_nosuid_ocil:questionnaire:1">
101	······<ocil:title>~~Verify·~~ufw·En~~abl~~ed</ocil:title>	101	······<ocil:title>Add·nosuid·Option·to·/dev/shm</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~serv~~ice_~~ufw~~_en~~able~~d_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nosuid_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-a~~udit~~_~~rul~~es_~~mac~~_modi~~fic~~ation_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-file_ownership_audit_configuration_ocil:questionnaire:1">
107	······<ocil:title>R~~ecord~~·Even~~ts·th~~at~~·Mod~~i~~fy·t~~he·S~~yst~~em's·Mandat~~ory~~·~~Acc~~ess·C~~ontr~~ols</ocil:title>	107	······<ocil:title>Audit·Configuration·Files·Must·Be·Owned·By·Root</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-a~~udit~~_~~rul~~es_~~mac~~_modi~~fic~~ation_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-file_ownership_audit_configuration_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-gru~~b2_~~enab~~le_iommu~~_~~force~~_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_group_ocil:questionnaire:1">
113	······<ocil:title>~~IOMMU~~·co~~nfigur~~a~~tion~~·~~direct~~ive</ocil:title>	113	······<ocil:title>Verify·Group·Who·Owns·Backup·group·File</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-gru~~b2_~~enab~~le_iommu~~_~~force~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-file_groupowner_backup_etc_group_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-~~packag~~e_nss~~-tool~~s~~_install~~ed_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-file_permissions_sshd_pub_key_ocil:questionnaire:1">
119	······<ocil:title>~~Ensur~~e·nss-tools·is·~~instal~~led</ocil:title>	119	······<ocil:title>Verify·Permissions·on·SSH·Server·Public·*.pub·Key·Files</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_nss~~-tool~~s~~_install~~ed_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-file_permissions_sshd_pub_key_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	122	······</ocil:actions>
123	····</ocil:questionnaire>	123	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-d~~ir_permissi~~ons_bina~~ry_dirs~~_ocil:questionnaire:1">	124	····<ocil:questionnaire·id="ocil:ssg-package_chrony_installed_ocil:questionnaire:1">
125	······<ocil:title>~~Verify~~·tha~~t·S~~y~~stem~~·Executable·~~Director~~ies~~·Have~~·Res~~tric~~tiv~~e·P~~e~~rmission~~s</ocil:title>	125	······<ocil:title>The·Chrony·package·is·installed</ocil:title>
126	······<ocil:actions>	126	······<ocil:actions>
Max diff block lines reached; 666989/679695 bytes (98.13%) of diff not shown.


Offset 3, 3989 lines modified		Offset 3, 3989 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-auditd_l~~og_format~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-package_audit_installed_ocil:questionnaire:1">
11	······<ocil:title>Resolve·in~~form~~a~~tion~~·~~before·wri~~ting·to·a~~udi~~t·l~~ogs~~</ocil:title>	11	······<ocil:title>Ensure·the·audit·Subsystem·is·Installed</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-auditd_l~~og_format~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-package_audit_installed_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-f~~ile_pe~~r~~mis~~s~~ions~~_audit_confi~~guratio~~n_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_chown_ocil:questionnaire:1">
17	······<ocil:title>~~Audit~~·Con~~figur~~ation·~~Fil~~es·~~Permiss~~ions·are·~~640·or~~·Mo~~re·Re~~s~~tri~~c~~tive~~</ocil:title>	17	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·chown</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-f~~ile_pe~~r~~mis~~s~~ions~~_audit_confi~~guratio~~n_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_chown_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-pac~~kage~~_syslo~~gng_in~~stalled_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-accounts_password_all_shadowed_ocil:questionnaire:1">
23	······<ocil:title>~~Ens~~ure·syslo~~g-ng·i~~s·~~Inst~~alled</ocil:title>	23	······<ocil:title>Verify·All·Account·Password·Hashes·are·Shadowed</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-pac~~kage~~_syslo~~gng_in~~stalled_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-accounts_password_all_shadowed_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-~~sysctl_~~kernel_ran~~domize_v~~a~~_space~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-kernel_config_compat_vdso_ocil:questionnaire:1">
29	······<ocil:title>Enable·~~Random~~ize~~d·Layout~~·~~of·V~~irt~~ual~~·~~Addres~~s·S~~pac~~e</ocil:title>	29	······<ocil:title>Disable·the·32-bit·vDSO</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~sysctl_~~kernel_ran~~domize_v~~a~~_space~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-kernel_config_compat_vdso_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-~~acc~~ounts_~~no_uid~~_exc~~ept_zero~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-file_owner_backup_etc_gshadow_ocil:questionnaire:1">
35	······<ocil:title>Verify·~~Only~~·Root·Has~~·UID~~·0</ocil:title>	35	······<ocil:title>Verify·User·Who·Owns·Backup·gshadow·File</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~acc~~ounts_~~no_uid~~_exc~~ept_zero~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_gshadow_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-~~no_empty~~_pas~~swords_e~~tc_s~~hadow~~_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_root_login_ocil:questionnaire:1">
41	······<ocil:title>Ens~~ure·Ther~~e·~~Are~~·No~~·Acc~~o~~unts·Wi~~t~~h·Blank·or·Null~~·~~Pass~~wo~~rds~~</ocil:title>	41	······<ocil:title>Disable·SSH·Root·Login</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~no_empty~~_pas~~swords_e~~tc_s~~hadow~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-sshd_disable_root_login_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-sys~~ctl_~~fs_suid_~~dum~~pable_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-sshd_set_keepalive_ocil:questionnaire:1">
47	······<ocil:title>~~Disable~~·Core·~~Dumps~~·fo~~r·SUID~~·~~prog~~rams</ocil:title>	47	······<ocil:title>Set·SSH·Client·Alive·Count·Max</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-sys~~ctl_~~fs_suid_~~dum~~pable_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-sshd_set_keepalive_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-ke~~rnel~~_module_tipc_~~disab~~led_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-sudo_custom_logfile_ocil:questionnaire:1">
53	······<ocil:title>Disable·~~TIPC~~·Support</ocil:title>	53	······<ocil:title>Ensure·Sudo·Logfile·Exists·-·sudo·logfile</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-ke~~rnel~~_module_tipc_~~disab~~led_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-sudo_custom_logfile_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-~~acc~~ounts_pass~~word~~_~~all~~_shadowed_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-file_owner_backup_etc_shadow_ocil:questionnaire:1">
59	······<ocil:title>Verify·~~All·A~~ccount·~~Pas~~swor~~d·Ha~~s~~hes·are~~·Shadowed</ocil:title>	59	······<ocil:title>Verify·Group·Who·Owns·Backup·shadow·File</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~acc~~ounts_pass~~word~~_~~all~~_shadowed_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_shadow_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-selinux_not~~_dis~~abled_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-selinux_state_ocil:questionnaire:1">
65	······<ocil:title>Ensure·SELinux·is·~~Not·Disabled~~</ocil:title>	65	······<ocil:title>Ensure·SELinux·State·is·Enforcing</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-selinux_not~~_dis~~abled_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-selinux_state_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-k~~ern~~el_~~conf~~ig_seccomp_~~filter~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-file_permissions_var_log_ocil:questionnaire:1">
71	······<ocil:title>~~Enab~~le~~·use~~·~~of·Berkeley~~·P~~acket·Fi~~lter·wi~~th·~~seccomp</ocil:title>	71	······<ocil:title>Verify·Permissions·on·/var/log·Directory</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-k~~ern~~el_~~conf~~ig_seccomp_~~filter~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-file_permissions_var_log_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-~~auditd_data~~_retention_m~~ax_~~log_file_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_ocil:questionnaire:1">
77	······<ocil:title>Confi~~gur~~e·aud~~itd~~·Ma~~x·Log·F~~i~~le·S~~ize</ocil:title>	77	······<ocil:title>Enable·module·signature·verification</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~auditd_data~~_retention_m~~ax_~~log_file_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-auditd_audispd~~_syslog_plug~~in_ac~~tivated~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchown_ocil:questionnaire:1">
83	······<ocil:title>Con~~figure~~·auditd·to·use·a~~udispd'~~s·~~sys~~log·~~plugi~~n</ocil:title>	83	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fchown</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-auditd_audispd~~_syslog_plug~~in_ac~~tivated~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchown_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
89	······<ocil:ti~~tle>V~~eri~~fy·U~~s~~er·Wh~~o~~·Own~~s·group·Fil~~e</~~ocil:title>	88	····<ocil:questionnaire·id="ocil:ssg-account_passwords_pam_faillock_audit_ocil:questionnaire:1">
		89	······<ocil:title>Account·Lockouts·Must·Be·Logged</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~file~~_ow~~ner~~_~~etc~~_group_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-account_passwords_pam_faillock_audit_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-g~~rub2~~_n~~osma~~p~~_argum~~ent_abs~~ent~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_passwd_ocil:questionnaire:1">
95	······<ocil:title>~~Ensu~~re·~~SMAP~~·i~~s·not~~·~~disabled~~·~~during~~·~~boot~~</ocil:title>	95	······<ocil:title>Verify·Group·Who·Owns·passwd·File</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-g~~rub2~~_n~~osma~~p~~_argum~~ent_abs~~ent~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_passwd_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
101	······<ocil:~~title>Ver~~ify·P~~ermiss~~ions~~·on·Back~~u~~p·passwd·Fi~~le</ocil:title>	100	····<ocil:questionnaire·id="ocil:ssg-selinux_not_disabled_ocil:questionnaire:1">
		101	······<ocil:title>Ensure·SELinux·is·Not·Disabled</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~file_~~pe~~rmis~~sions_~~backup~~_et~~c_p~~a~~ssw~~d_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-selinux_not_disabled_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-~~aid~~e_~~disable_si~~le~~ntrep~~orts_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_force_ocil:questionnaire:1">
107	······<ocil:title>~~Conf~~igure~~·AIDE·To~~·No~~tify·P~~erson~~nel~~·if·Baseline~~·Conf~~ig~~uratio~~n~~s·Are·Alter~~ed</ocil:title>	107	······<ocil:title>Require·modules·to·be·validly·signed</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~aid~~e_~~disable_si~~le~~ntrep~~orts_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_force_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-~~mou~~n~~t_opti~~on_no~~exec~~_re~~mova~~ble_partitions_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-kernel_config_debug_notifiers_ocil:questionnaire:1">
113	······<ocil:title>~~Add~~·n~~oex~~ec·~~Option~~·to·~~Rem~~o~~vabl~~e·M~~edi~~a·~~Partit~~ions</ocil:title>	113	······<ocil:title>Enable·checks·on·notifier·call·chains</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~mou~~n~~t_opti~~on_no~~exec~~_re~~mova~~ble_partitions_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-kernel_config_debug_notifiers_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-postfix_client_configure_mail_alias_ocil:questionnaire:1">
119	······<ocil:t~~itle>C~~onf~~igu~~re·~~System·to·Forward·All·M~~ai~~l·F~~or~~·The·Ro~~ot~~·Acco~~u~~nt</~~o~~cil:title~~>	118	····<ocil:questionnaire·id="ocil:ssg-no_empty_passwords_ocil:questionnaire:1">
		119	······<ocil:title>Prevent·Login·to·Accounts·With·Empty·Password</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-po~~stfix~~_~~cli~~e~~nt_configure~~_mai~~l_alia~~s_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-no_empty_passwords_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	122	······</ocil:actions>
123	····</ocil:questionnaire>	123	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-~~file~~_p~~erm~~issions_~~sys~~temmap_ocil:questionnaire:1">	124	····<ocil:questionnaire·id="ocil:ssg-accounts_polyinstantiated_var_tmp_ocil:questionnaire:1">
125	······<ocil:title>~~Ver~~ify·P~~erm~~issions·on·~~System.ma~~p·Files</ocil:title>	125	······<ocil:title>Configure·Polyinstantiation·of·/var/tmp·Directories</ocil:title>
126	······<ocil:actions>	126	······<ocil:actions>
Max diff block lines reached; 693550/706326 bytes (98.19%) of diff not shown.


Offset 3, 9138 lines modified		Offset 3, 9003 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-file_owner_grub2_cfg_ocil:questionnaire:1">
11	······<ocil:title>Verify·/boot/grub/grub.cfg·User·Ownership</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-file_owner_grub2_cfg_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-~~packag~~e_~~cron~~_installed_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-kernel_module_sctp_disabled_ocil:questionnaire:1">
17	······<ocil:title>Install~~·th~~e·~~cron~~·~~service~~</ocil:title>	11	······<ocil:title>Disable·SCTP·Support</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_~~cron~~_installed_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-kernel_module_sctp_disabled_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-package_rsh-server_removed_ocil:questionnaire:1">
23	······<ocil:ti~~tle>Un~~i~~nstal~~l·rsh-serve~~r·P~~ac~~kage</~~ocil:title>	16	····<ocil:questionnaire·id="ocil:ssg-kernel_config_legacy_ptys_ocil:questionnaire:1">
		17	······<ocil:title>Disable·legacy·(BSD)·PTY·support</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-p~~ackage~~_~~rsh-serv~~e~~r_removed~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-kernel_config_legacy_ptys_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-kernel_module_ipv6_option_disabled_ocil:questionnaire:1">
29	······<ocil:~~title>Dis~~able·~~IPv6·Networking·S~~uppo~~rt·Au~~tomatic·~~Loa~~d~~ing</~~ocil:title>	22	····<ocil:questionnaire·id="ocil:ssg-accounts_polyinstantiated_tmp_ocil:questionnaire:1">
		23	······<ocil:title>Configure·Polyinstantiation·of·/tmp·Directories</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~ker~~nel_module_ip~~v6_op~~ti~~on_~~d~~isabled~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-accounts_polyinstantiated_tmp_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-sshd~~_disabl~~e_k~~erb_auth~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-sudo_remove_nopasswd_ocil:questionnaire:1">
35	······<ocil:title>Disable·Kerb~~eros·~~Authentication</ocil:title>	29	······<ocil:title>Ensure·Users·Re-Authenticate·for·Privilege·Escalation·-·sudo·NOPASSWD</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-sshd~~_disabl~~e_k~~erb_auth~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-sudo_remove_nopasswd_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-grub2_systemd_debug-shell_argument_absent_ocil:questionnaire:1">
41	······<ocil:~~title>E~~nsure·de~~bug-she~~ll·s~~erv~~ice·is~~·not·en~~able~~d·during·b~~oot</ocil:title>	34	····<ocil:questionnaire·id="ocil:ssg-aide_disable_silentreports_ocil:questionnaire:1">
		35	······<ocil:title>Configure·AIDE·To·Notify·Personnel·if·Baseline·Configurations·Are·Altered</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~grub2_syst~~emd_d~~ebug~~-shell_ar~~gum~~ent~~_absent~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-aide_disable_silentreports_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-~~kern~~el~~_co~~n~~fig_~~mo~~dule~~_sig_~~force~~_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-sudoers_no_command_negation_ocil:questionnaire:1">
47	······<ocil:title>~~Requ~~ire·mod~~ule~~s·to·be·va~~lidly~~·signed</ocil:title>	41	······<ocil:title>Don't·define·allowed·commands·in·sudoers·by·means·of·exclusion</ocil:title>
48	······<ocil:actions>	42	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~kern~~el~~_co~~n~~fig_~~mo~~dule~~_sig_~~force~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-sudoers_no_command_negation_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	44	······</ocil:actions>
51	····</ocil:questionnaire>	45	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-~~file~~_~~own~~e~~rsh~~i~~p_ssh~~d_~~priv~~a~~te_key~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_at_ocil:questionnaire:1">
53	······<ocil:title>Verify·Ownership·on·~~SSH~~·~~Server~~·Private~~·*_key·Key·Files~~</ocil:title>	47	······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·at</ocil:title>
54	······<ocil:actions>	48	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~file~~_~~own~~e~~rsh~~i~~p_ssh~~d_~~priv~~a~~te_key~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_at_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	50	······</ocil:actions>
57	····</ocil:questionnaire>	51	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-sysct~~l_n~~et_ipv~~4_conf~~_~~all_~~a~~rp_fi~~lter_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-package_iptables_installed_ocil:questionnaire:1">
59	······<ocil:title>Con~~figure·ARP~~·filt~~ering·for·~~All~~·IP~~v4·In~~terf~~aces</ocil:title>	53	······<ocil:title>Install·iptables·Package</ocil:title>
60	······<ocil:actions>	54	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-sysct~~l_n~~et_ipv~~4_conf~~_~~all_~~a~~rp_fi~~lter_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-package_iptables_installed_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	56	······</ocil:actions>
63	····</ocil:questionnaire>	57	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~file_~~g~~rou~~pown~~er_crontab~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-package_ntp_installed_ocil:questionnaire:1">
65	······<ocil:title>~~Verify·Group~~·Who·O~~wns~~·~~Crontab~~</ocil:title>	59	······<ocil:title>Install·the·ntp·service</ocil:title>
66	······<ocil:actions>	60	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~file_~~g~~rou~~pown~~er_crontab~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-package_ntp_installed_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	62	······</ocil:actions>
69	····</ocil:questionnaire>	63	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-fi~~le_~~owner_backup_~~etc~~_group_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-permissions_local_var_log_ocil:questionnaire:1">
71	······<ocil:title>Verify·User·~~Who·Ow~~ns·~~Back~~up·group·File</ocil:title>	65	······<ocil:title>Verify·permissions·of·log·files</ocil:title>
72	······<ocil:actions>	66	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-fi~~le_~~owner_backup_~~etc~~_group_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-permissions_local_var_log_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	68	······</ocil:actions>
75	····</ocil:questionnaire>	69	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fremovexattr_ocil:questionnaire:1">
77	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·th~~at·M~~odi~~fy·the·Sy~~s~~tem's·Dis~~cre~~tio~~nary·~~Acc~~e~~ss·Co~~ntro~~ls·-·fremov~~exattr</o~~cil:title~~>	70	····<ocil:questionnaire·id="ocil:ssg-grub2_mce_argument_ocil:questionnaire:1">
		71	······<ocil:title>Force·kernel·panic·on·uncorrected·MCEs</ocil:title>
78	······<ocil:actions>	72	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~audit~~_ru~~les_d~~ac_m~~odifi~~c~~atio~~n_fre~~mov~~exattr_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-grub2_mce_argument_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	74	······</ocil:actions>
81	····</ocil:questionnaire>	75	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-kernel_config_ipv6_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-kernel_config_ipv6_ocil:questionnaire:1">
83	······<ocil:title>Disable·the·IPv6·protocol</ocil:title>	77	······<ocil:title>Disable·the·IPv6·protocol</ocil:title>
84	······<ocil:actions>	78	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-kernel_config_ipv6_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-kernel_config_ipv6_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	80	······</ocil:actions>
87	····</ocil:questionnaire>	81	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-file_owner_var_log_messages_ocil:questionnaire:1">
89	······<ocil:title>Verify·User·Who·Owns·/var/log/messages·File</ocil:title>
90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-file_owner_var_log_messages_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>
93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-kernel_config_bin~~fmt~~_~~misc~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-kernel_config_page_poisoning_zero_ocil:questionnaire:1">
95	······<ocil:title>Dis~~abl~~e·ker~~nel·~~s~~uppor~~t·for·~~MISC·b~~inaries</ocil:title>	83	······<ocil:title>Use·zero·for·poisoning·instead·of·debugging·value</ocil:title>
96	······<ocil:actions>	84	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-kernel_config_bin~~fmt~~_~~misc~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-kernel_config_page_poisoning_zero_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	86	······</ocil:actions>
99	····</ocil:questionnaire>	87	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-file_permissions_crontab_ocil:questionnaire:1">
101	······<ocil:ti~~tle>V~~eri~~fy·Permi~~ssions·o~~n·cro~~nta~~b</~~ocil:title>	88	····<ocil:questionnaire·id="ocil:ssg-package_nss-tools_installed_ocil:questionnaire:1">
		89	······<ocil:title>Ensure·nss-tools·is·installed</ocil:title>
102	······<ocil:actions>	90	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~file_p~~e~~rmi~~ssions_c~~ron~~tab_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-package_nss-tools_installed_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	92	······</ocil:actions>
105	····</ocil:questionnaire>	93	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-service_chronyd_enabled_ocil:questionnaire:1">
107	······<ocil:ti~~tle>Th~~e·~~Chr~~onyd·s~~erv~~ice·is·e~~nabled</~~ocil:title>	94	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fremovexattr_ocil:questionnaire:1">
		95	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fremovexattr</ocil:title>
108	······<ocil:actions>	96	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-se~~rvi~~ce_chron~~yd_~~e~~nabled~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fremovexattr_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	98	······</ocil:actions>
111	····</ocil:questionnaire>	99	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-package_telnet_removed_ocil:questionnaire:1">
113	······<ocil:title~~>Rem~~o~~ve·~~telnet~~·Cli~~ent~~s</~~ocil:title>	100	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_default_accept_ra_ocil:questionnaire:1">
		101	······<ocil:title>Disable·Accepting·Router·Advertisements·on·all·IPv6·Interfaces·by·Default</ocil:title>
114	······<ocil:actions>	102	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-pac~~kag~~e_~~tel~~net_re~~moved~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_default_accept_ra_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	104	······</ocil:actions>
117	····</ocil:questionnaire>	105	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_umount_ocil:questionnaire:1">
119	······<ocil:~~title>E~~nsure·~~aud~~itd·Col~~lect~~s~~·Informat~~i~~on·on·th~~e~~·Us~~e·o~~f·Privi~~lege~~d·C~~o~~mmands·-·~~umount</o~~cil:title~~>	106	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_root_login_ocil:questionnaire:1">
		107	······<ocil:title>Disable·SSH·Root·Login</ocil:title>
120	······<ocil:actions>	108	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-a~~udit~~_rules~~_pri~~vileged_co~~mman~~ds_umo~~unt~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-sshd_disable_root_login_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 1359739/1371157 bytes (99.17%) of diff not shown.


Offset 3, 10614 lines modified		Offset 3, 10152 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_icmp_echo_ignore_broadcasts_ocil:questionnaire:1">
11	······<ocil:~~title>E~~nable·~~Kernel·Paramet~~er~~·to·Ig~~n~~ore·ICMP·Br~~oa~~dcast·Echo·Re~~quests·on~~·IPv4·I~~nter~~fac~~e~~s</ocil~~:~~tit~~le>	10	····<ocil:questionnaire·id="ocil:ssg-kernel_config_debug_notifiers_ocil:questionnaire:1">
		11	······<ocil:title>Enable·checks·on·notifier·call·chains</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-~~sysctl_~~net_i~~pv4_~~icmp_ec~~ho_i~~g~~nore~~_bro~~adcast~~s_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-kernel_config_debug_notifiers_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-acc~~ount~~_~~pas~~swords_p~~am_f~~aill~~ock_a~~udit_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-package_rsyslog_installed_ocil:questionnaire:1">
17	······<ocil:title>A~~cco~~unt·L~~ockouts~~·Must·~~Be·Logg~~ed</ocil:title>	17	······<ocil:title>Ensure·rsyslog·is·Installed</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-acc~~ount~~_~~pas~~swords_p~~am_f~~aill~~ock_a~~udit_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-package_rsyslog_installed_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-auditd_wr~~ite~~_logs_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-file_owner_sshd_config_ocil:questionnaire:1">
23	······<ocil:title>Write·~~Audit~~·~~Logs~~·to~~·the~~·Disk</ocil:title>	23	······<ocil:title>Verify·Owner·on·SSH·Server·config·file</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-auditd_wr~~ite~~_logs_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-file_owner_sshd_config_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-kernel_config_legacy_ptys_ocil:questionnaire:1">
29	······<ocil:title~~>Di~~s~~abl~~e·l~~egacy·(BSD)·PTY·sup~~p~~ort</~~ocil:title>	28	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_openat_ocil:questionnaire:1">
		29	······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·openat</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-kernel_config_legacy_p~~tys~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_openat_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-sshd_use_a~~ppr~~oved_ma~~cs_ordered_sti~~g_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-sshd_enable_pam_ocil:questionnaire:1">
35	······<ocil:title>~~Use·~~On~~ly·FIPS·140-2·V~~a~~lid~~ated·MACs</ocil:title>	35	······<ocil:title>Enable·PAM</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-sshd_use_a~~ppr~~oved_ma~~cs_ordered_sti~~g_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-sshd_enable_pam_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-~~file~~_owner_v~~ar_l~~og_m~~essag~~es_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-mount_option_tmp_noexec_ocil:questionnaire:1">
41	······<ocil:title>~~Verify~~·User·~~Who~~·O~~wns·/var/l~~o~~g/messages~~·~~File~~</ocil:title>	41	······<ocil:title>Add·noexec·Option·to·/tmp</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~file~~_owner_v~~ar_l~~og_m~~essag~~es_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-mount_option_tmp_noexec_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-audit_rules_mac_modification_usr_share_ocil:questionnaire:1">
47	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·th~~at·M~~odi~~fy·the·~~Syst~~em'~~s·Mand~~atory·Acc~~e~~ss·Co~~ntro~~ls·~~in~~·usr/~~s~~hare~~</o~~cil:title~~>	46	····<ocil:questionnaire·id="ocil:ssg-sshd_set_loglevel_info_ocil:questionnaire:1">
		47	······<ocil:title>Set·LogLevel·to·INFO</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-a~~udit~~_~~rule~~s_mac_mo~~dificat~~ion~~_usr_sha~~re_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-sshd_set_loglevel_info_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-file_pe~~rmiss~~ions_e~~tc_i~~ssue_net_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_unlinkat_ocil:questionnaire:1">
53	······<ocil:title>~~Verify~~·~~permissi~~o~~ns·on~~·~~System·Log~~in·~~Ban~~ner·for·Re~~mote~~·~~Con~~ne~~ctions~~</ocil:title>	53	······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·unlinkat</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-file_pe~~rmiss~~ions_e~~tc_i~~ssue_net_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_unlinkat_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-file_group_owner~~ship~~_var~~_log_audit~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_monthly_ocil:questionnaire:1">
59	······<ocil:title>~~System~~·~~Audit~~·L~~ogs~~·~~Must·Be~~·Grou~~p·Ow~~ne~~d·B~~y~~·Root~~</ocil:title>	59	······<ocil:title>Verify·Group·Who·Owns·cron.monthly</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-file_group_owner~~ship~~_var~~_log_audit~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_monthly_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-package_cyrus-imapd_removed_ocil:questionnaire:1">
65	······<ocil:title~~>Un~~instal~~l·cy~~rus-imapd·~~Packag~~e</ocil:title>	64	····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_audit_rules_ocil:questionnaire:1">
		65	······<ocil:title>Verify·Permissions·on·/etc/audit/audit.rules</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~packag~~e~~_cyru~~s~~-im~~apd~~_remov~~ed_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_audit_rules_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-package_net-snmp_removed_ocil:questionnaire:1">
71	······<ocil:title~~>Un~~ins~~tal~~l·net-sn~~mp·P~~ac~~kag~~e</ocil:title>	70	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_default_accept_source_route_ocil:questionnaire:1">
		71	······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Source-Routed·Packets·on·IPv6·Interfaces·by·Default</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-pac~~kag~~e_net~~-snm~~p_remo~~ved~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_default_accept_source_route_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-file_ownership_library_dirs_ocil:questionnaire:1">
77	······<ocil:ti~~tle>V~~eri~~fy·that·Sh~~a~~red·Library·Fil~~e~~s·Have·Ro~~o~~t·Ownership</~~ocil:title>	76	····<ocil:questionnaire·id="ocil:ssg-audit_rules_kernel_module_loading_delete_ocil:questionnaire:1">
		77	······<ocil:title>Ensure·auditd·Collects·Information·on·Kernel·Module·Unloading·-·delete_module</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-file_owne~~rship~~_l~~ibrary~~_d~~irs~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_delete_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-kernel_config_dev~~kme~~m_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-kernel_config_ipv6_ocil:questionnaire:1">
83	······<ocil:title>Disable·/dev~~/kmem~~·vir~~tual·devi~~c~~e·supp~~ort</ocil:title>	83	······<ocil:title>Disable·the·IPv6·protocol</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-kernel_config_dev~~kme~~m_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-kernel_config_ipv6_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-dir_permissions_library_dirs_ocil:questionnaire:1">
89	······<ocil:~~title>Ver~~ify·~~that·Shared·Libr~~a~~ry·Di~~rectories·Have·Res~~tri~~cti~~ve·P~~e~~rmi~~ssion~~s</~~ocil:~~title~~>	88	····<ocil:questionnaire·id="ocil:ssg-package_logrotate_installed_ocil:questionnaire:1">
		89	······<ocil:title>Ensure·logrotate·is·Installed</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~dir_p~~e~~rmissions~~_~~libr~~a~~ry_~~d~~irs~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-package_logrotate_installed_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-a~~udit~~_~~rules~~_~~sud~~o~~ers~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-package_vsftpd_removed_ocil:questionnaire:1">
95	······<ocil:title>En~~sure·auditd·Collects·System·Adm~~inistrator·~~Actions·-~~·/etc/s~~udo~~ers</ocil:title>	95	······<ocil:title>Uninstall·vsftpd·Package</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-a~~udit~~_~~rules~~_~~sud~~o~~ers~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-package_vsftpd_removed_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-sshd_dis~~abl~~e_user~~_kn~~own~~_host~~s_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-sshd_use_strong_macs_ocil:questionnaire:1">
101	······<ocil:title>Dis~~abl~~e·~~SSH~~·S~~uppor~~t~~·for·Use~~r~~·Kn~~own~~·Host~~s</ocil:title>	101	······<ocil:title>Use·Only·Strong·MACs</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-sshd_dis~~abl~~e_user~~_kn~~own~~_host~~s_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-sshd_use_strong_macs_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-~~journ~~ald_compress_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_space_left_action_ocil:questionnaire:1">
107	······<ocil:title>Ensure·jour~~nal~~d·is~~·configur~~ed·to·c~~ompress~~·l~~arge·log~~·~~files~~</ocil:title>	107	······<ocil:title>Configure·auditd·space_left·Action·on·Low·Disk·Space</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~journ~~ald_compress_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_space_left_action_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-kernel_confi~~g_module_sig~~_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_chown_ocil:questionnaire:1">
113	······<ocil:title>En~~able~~·module·signa~~tur~~e·ver~~ificati~~on</ocil:title>	113	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·chown</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-kernel_confi~~g_module_sig~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_chown_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-no_~~forward_fi~~les_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-package_ntp_installed_ocil:questionnaire:1">
119	······<ocil:title>Ve~~rify·No~~·~~.forward~~·~~File~~s~~·Ex~~ist</ocil:title>	119	······<ocil:title>Install·the·ntp·service</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-no_~~forward_fi~~les_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-package_ntp_installed_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	122	······</ocil:actions>
Max diff block lines reached; 1416020/1428328 bytes (99.14%) of diff not shown.


Offset 3, 7337 lines modified		Offset 3, 6885 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
		10	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_secure_redirects_ocil:questionnaire:1">
		11	······<ocil:title>Configure·Kernel·Parameter·for·Accepting·Secure·Redirects·By·Default</ocil:title>
10	····<ocil:questionnaire·id="ocil:ssg-audit_rules_kernel_module_loading_init_ocil:questionnaire:1">
11	······<ocil:title>Ensure·auditd·Collects·Information·on·Kernel·Module·Loading·-·init_module</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_init_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fremovexattr_ocil:questionnaire:1">
17	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fremovexattr</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~audi~~t_~~rul~~es_~~dac~~_modif~~ica~~t~~ion_f~~re~~movexat~~tr_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_secure_redirects_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-pa~~ckage_rsy~~nc_~~removed~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-partition_for_tmp_ocil:questionnaire:1">
23	······<ocil:title>Un~~ins~~tall·~~rsync~~·Pa~~ckage~~</ocil:title>	17	······<ocil:title>Ensure·/tmp·Located·On·Separate·Partition</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-pa~~ckage_rsy~~nc_~~removed~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-partition_for_tmp_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-file_ownership_audit_binaries_ocil:questionnaire:1">
29	······<ocil:ti~~tle>V~~eri~~fy·that·audit·t~~o~~ols·a~~re·o~~wned·by·~~root</ocil:title>	22	····<ocil:questionnaire·id="ocil:ssg-accounts_root_gid_zero_ocil:questionnaire:1">
		23	······<ocil:title>Verify·Root·Has·A·Primary·GID·0</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-fi~~le_~~owners~~hip~~_a~~udi~~t_bi~~naries~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-accounts_root_gid_zero_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-partition_for_dev_shm_ocil:questionnaire:1">
35	······<ocil:title~~>En~~s~~ure·/~~de~~v/shm·~~is·c~~onf~~igured</ocil:title>	28	····<ocil:questionnaire·id="ocil:ssg-aide_periodic_checking_systemd_timer_ocil:questionnaire:1">
		29	······<ocil:title>Configure·Systemd·Timer·Execution·of·AIDE</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-partition_~~for_dev~~_shm_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-aide_periodic_checking_systemd_timer_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-nftables_ensure_default_deny_policy_ocil:questionnaire:1">
41	······<ocil:~~title>E~~nsure·~~nftab~~les~~·De~~faul~~t·D~~e~~ny·F~~i~~rew~~a~~ll·Poli~~c~~y</~~ocil:title>	34	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_shadow_ocil:questionnaire:1">
		35	······<ocil:title>Verify·Permissions·on·Backup·shadow·File</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-nftables_ens~~ure_def~~a~~ult_d~~eny_~~policy~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_shadow_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-~~mou~~nt_~~opti~~o~~n_d~~e~~v_shm~~_nosuid_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-kernel_module_tipc_disabled_ocil:questionnaire:1">
47	······<ocil:title>~~Add·nos~~uid~~·Option·to~~·/~~dev/shm~~</ocil:title>	41	······<ocil:title>Disable·TIPC·Support</ocil:title>
48	······<ocil:actions>	42	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~mou~~nt_~~opti~~o~~n_d~~e~~v_shm~~_nosuid_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-kernel_module_tipc_disabled_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	44	······</ocil:actions>
51	····</ocil:questionnaire>	45	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-pac~~kage~~_cron_~~inst~~alled_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_maxrepeat_ocil:questionnaire:1">
53	······<ocil:title>Install·the·~~cro~~n·ser~~vic~~e</ocil:title>	47	······<ocil:title>Set·Password·Maximum·Consecutive·Repeating·Characters</ocil:title>
54	······<ocil:actions>	48	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-pac~~kage~~_cron_~~inst~~alled_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_maxrepeat_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	50	······</ocil:actions>
57	····</ocil:questionnaire>	51	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-~~systemd~~_~~jou~~r~~nal~~_uplo~~ad_url~~_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-accounts_user_dot_group_ownership_ocil:questionnaire:1">
59	······<ocil:title>Confi~~gur~~e·syst~~emd-j~~ourn~~al-uplo~~ad·~~URL~~</ocil:title>	53	······<ocil:title>User·Initialization·Files·Must·Be·Group-Owned·By·The·Primary·Group</ocil:title>
60	······<ocil:actions>	54	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~systemd~~_~~jou~~r~~nal~~_uplo~~ad_url~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-accounts_user_dot_group_ownership_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	56	······</ocil:actions>
63	····</ocil:questionnaire>	57	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~file_owne~~r_etc_issue_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-accounts_root_path_dirs_no_write_ocil:questionnaire:1">
65	······<ocil:title>Ve~~rify~~·o~~wners~~hip·of·~~Syst~~em·Login·~~Bann~~er</ocil:title>	59	······<ocil:title>Ensure·that·Root's·Path·Does·Not·Include·World·or·Group-Writable·Directories</ocil:title>
66	······<ocil:actions>	60	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~file_owne~~r_etc_issue_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-accounts_root_path_dirs_no_write_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	62	······</ocil:actions>
69	····</ocil:questionnaire>	63	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~file~~_owner_crontab_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_enforce_root_ocil:questionnaire:1">
71	······<ocil:title>Ver~~ify~~·Owner·on·crontab</ocil:title>	65	······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Enforce·for·root·User</ocil:title>
72	······<ocil:actions>	66	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~file~~_owner_crontab_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_enforce_root_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	68	······</ocil:actions>
75	····</ocil:questionnaire>	69	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-file_~~group~~owner_ba~~ckup_e~~tc_g~~roup~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-file_owner_at_deny_ocil:questionnaire:1">
77	······<ocil:title>Verify·G~~roup~~·Who·Owns·~~Backup·group~~·File</ocil:title>	71	······<ocil:title>Verify·User·Who·Owns·/etc/at.deny·file</ocil:title>
78	······<ocil:actions>	72	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-file_~~group~~owner_ba~~ckup_e~~tc_g~~roup~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-file_owner_at_deny_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	74	······</ocil:actions>
81	····</ocil:questionnaire>	75	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-~~service~~_a~~utofs~~_~~disab~~led_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-accounts_umask_etc_profile_ocil:questionnaire:1">
83	······<ocil:title>Disable·the·Automounter</ocil:title>	77	······<ocil:title>Ensure·the·Default·Umask·is·Set·Correctly·in·/etc/profile</ocil:title>
84	······<ocil:actions>	78	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~service~~_a~~utofs~~_~~disab~~led_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-accounts_umask_etc_profile_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	80	······</ocil:actions>
87	····</ocil:questionnaire>	81	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-file_gr~~oupowner~~_etc_~~gshadow~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_audit_rules_ocil:questionnaire:1">
89	······<ocil:title>Verify·Group·~~Who·Owns·gsh~~ad~~ow·Fi~~le</ocil:title>	83	······<ocil:title>Verify·Permissions·on·/etc/audit/audit.rules</ocil:title>
90	······<ocil:actions>	84	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-file_gr~~oupowner~~_etc_~~gshadow~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_audit_rules_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	86	······</ocil:actions>
93	····</ocil:questionnaire>	87	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-~~set_n~~ftable~~s_l~~oop~~back~~_tr~~affic~~_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_crontab_ocil:questionnaire:1">
95	······<ocil:title>Set·nf~~table~~s·~~Config~~ur~~ati~~o~~n·f~~or·Loo~~pback~~·Tr~~affic~~</ocil:title>	89	······<ocil:title>Verify·Group·Who·Owns·Crontab</ocil:title>
96	······<ocil:actions>	90	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~set_n~~ftable~~s_l~~oop~~back~~_tr~~affic~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-file_groupowner_crontab_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	92	······</ocil:actions>
99	····</ocil:questionnaire>	93	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-audit_rules_~~unsucc~~e~~ssful~~_file_mo~~difica~~tion_~~ftrunc~~ate_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_renameat_ocil:questionnaire:1">
101	······<ocil:title>Re~~cor~~d·~~Unsuc~~ces~~sfu~~l·~~Acc~~e~~ss·Attemp~~ts·to·Files·-·~~ftrunc~~ate</ocil:title>	95	······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·renameat</ocil:title>
102	······<ocil:actions>	96	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-audit_rules_~~unsucc~~e~~ssful~~_file_mo~~difica~~tion_~~ftrunc~~ate_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_renameat_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	98	······</ocil:actions>
105	····</ocil:questionnaire>	99	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-~~ssh~~d_~~lim~~it_~~user~~_ac~~cess~~_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-auditd_data_disk_full_action_ocil:questionnaire:1">
107	······<ocil:title>Limit·Users'·SSH·~~Access~~</ocil:title>	101	······<ocil:title>Configure·auditd·Disk·Full·Action·when·Disk·Space·Is·Full</ocil:title>
108	······<ocil:actions>	102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~ssh~~d_~~lim~~it_~~user~~_ac~~cess~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-auditd_data_disk_full_action_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	104	······</ocil:actions>
111	····</ocil:questionnaire>	105	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-mount_option_var_no~~suid~~_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-mount_option_dev_shm_noexec_ocil:questionnaire:1">
113	······<ocil:title>Add·no~~suid~~·Option·to·/var</ocil:title>	107	······<ocil:title>Add·noexec·Option·to·/dev/shm</ocil:title>
114	······<ocil:actions>	108	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-mount_option_var_no~~suid~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_noexec_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	110	······</ocil:actions>
117	····</ocil:questionnaire>	111	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-accounts_umask_etc_profile_ocil:questionnaire:1">
119	······<ocil:~~title>E~~nsure·th~~e·Defau~~l~~t·Um~~as~~k·is·S~~et·~~Cor~~re~~ctly·i~~n~~·/etc/profil~~e</ocil:title>	112	····<ocil:questionnaire·id="ocil:ssg-file_permissions_sshd_pub_key_ocil:questionnaire:1">
		113	······<ocil:title>Verify·Permissions·on·SSH·Server·Public·*.pub·Key·Files</ocil:title>
120	······<ocil:actions>	114	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-~~account~~s~~_uma~~s~~k_etc~~_p~~rofile~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-file_permissions_sshd_pub_key_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	116	······</ocil:actions>
123	····</ocil:questionnaire>	117	····</ocil:questionnaire>
Max diff block lines reached; 889949/902383 bytes (98.62%) of diff not shown.


Offset 3, 5359 lines modified		Offset 3, 5350 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-dire~~ctory~~_permissions_var_lo~~g_aud~~it_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-file_permissions_unauthorized_world_writable_ocil:questionnaire:1">
		11	······<ocil:title>Ensure·No·World-Writable·Files·Exist</ocil:title>
11	······<ocil:title>System·Audit·Logs·Must·Have·Mode·0750·or·Less·Permissive</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-directory_permissions_var_log_audit_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_unlinkat_ocil:questionnaire:1">
17	······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·unlinkat</ocil:title>
18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_unlinkat_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>
21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-file_owner_backup_etc_shadow_ocil:questionnaire:1">
23	······<ocil:title>Verify·Group·Who·Owns·Backup·shadow·File</ocil:title>
24	······<ocil:actions>	12	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-file_own~~er_backup~~_~~etc~~_sha~~dow~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-file_permissions_unauthorized_world_writable_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	14	······</ocil:actions>
27	····</ocil:questionnaire>	15	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-audit_rules_~~unsucc~~e~~ssful~~_file_mo~~difica~~ti~~on_open~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_rmdir_ocil:questionnaire:1">
29	······<ocil:title>Re~~cor~~d·~~Unsuc~~ces~~sfu~~l·~~Acc~~e~~ss·Attemp~~ts·to·Files·-·~~open~~</ocil:title>	17	······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·rmdir</ocil:title>
30	······<ocil:actions>	18	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-audit_rules_~~unsucc~~e~~ssful~~_file_mo~~difica~~ti~~on_open~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rmdir_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	20	······</ocil:actions>
33	····</ocil:questionnaire>	21	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-a~~cco~~unts_n~~o_ui~~d~~_excep~~t_~~zero~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-audit_rules_sysadmin_actions_ocil:questionnaire:1">
35	······<ocil:title>Verify·Only·~~Roo~~t·Has·~~UID·0~~</ocil:title>	23	······<ocil:title>Ensure·auditd·Collects·System·Administrator·Actions</ocil:title>
36	······<ocil:actions>	24	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-a~~cco~~unts_n~~o_ui~~d~~_excep~~t_~~zero~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-audit_rules_sysadmin_actions_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	26	······</ocil:actions>
39	····</ocil:questionnaire>	27	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_openat_ocil:questionnaire:1">
41	······<ocil:title>~~Rec~~o~~rd·U~~n~~succ~~es~~sful·A~~c~~ces~~s~~·Att~~e~~mpts·t~~o·Fil~~es·-·op~~e~~nat</~~ocil:title>	28	····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_ocil:questionnaire:1">
		29	······<ocil:title>Enable·module·signature·verification</ocil:title>
42	······<ocil:actions>	30	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~audi~~t_rules_~~unsuc~~c~~essfu~~l_file_mod~~ification~~_~~openat~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	32	······</ocil:actions>
45	····</ocil:questionnaire>	33	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-file_ownership_sshd_private_key_ocil:questionnaire:1">
47	······<ocil:ti~~tle>V~~eri~~fy·Owner~~s~~hip·~~on~~·SSH·S~~erve~~r·Priv~~ate~~·*_key·Key·Fil~~es</o~~cil:title~~>	34	····<ocil:questionnaire·id="ocil:ssg-account_use_centralized_automated_auth_ocil:questionnaire:1">
		35	······<ocil:title>Use·Centralized·and·Automated·Authentication</ocil:title>
48	······<ocil:actions>	36	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~fil~~e_ownershi~~p_s~~shd_~~priv~~ate_~~key~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-account_use_centralized_automated_auth_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	38	······</ocil:actions>
51	····</ocil:questionnaire>	39	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-ss~~hd_rek~~ey_~~limi~~t_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-accounts_polyinstantiated_var_tmp_ocil:questionnaire:1">
53	······<ocil:title>Fo~~rce·f~~re~~que~~nt~~·sess~~ion·~~key·~~r~~enegot~~iation</ocil:title>	41	······<ocil:title>Configure·Polyinstantiation·of·/var/tmp·Directories</ocil:title>
54	······<ocil:actions>	42	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-ss~~hd_rek~~ey_~~limi~~t_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-accounts_polyinstantiated_var_tmp_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	44	······</ocil:actions>
57	····</ocil:questionnaire>	45	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-sud~~o_requi~~r~~e_authe~~n~~ticat~~ion_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-dir_ownership_binary_dirs_ocil:questionnaire:1">
59	······<ocil:title>~~Ensure·U~~ser~~s·Re-Au~~th~~entica~~te~~·for·Privi~~le~~ge·Escala~~t~~ion·-·~~s~~udo~~</ocil:title>	47	······<ocil:title>Verify·that·System·Executable·Have·Root·Ownership</ocil:title>
60	······<ocil:actions>	48	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-sud~~o_requi~~r~~e_authe~~n~~ticat~~ion_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-dir_ownership_binary_dirs_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	50	······</ocil:actions>
63	····</ocil:questionnaire>	51	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~grub2_~~spec_st~~ore_~~bypass_disable_argument_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-set_iptables_default_rule_ocil:questionnaire:1">
65	······<ocil:title>~~Config~~ure·Spe~~culat~~ive·Store·B~~ypass·Mitigation~~</ocil:title>	53	······<ocil:title>Set·Default·iptables·Policy·for·Incoming·Packets</ocil:title>
66	······<ocil:actions>	54	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~grub2_~~spec_st~~ore_~~bypass_disable_argument_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-set_iptables_default_rule_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	56	······</ocil:actions>
69	····</ocil:questionnaire>	57	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~kernel_c~~on~~fig~~_page_poiso~~ning_z~~ero_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-sudoers_no_root_target_ocil:questionnaire:1">
71	······<ocil:title>~~Use·zero·for~~·po~~isoning~~·inst~~ead·~~of·debu~~gging~~·value</ocil:title>	59	······<ocil:title>Don't·target·root·user·in·the·sudoers·file</ocil:title>
72	······<ocil:actions>	60	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~kernel_c~~on~~fig~~_page_poiso~~ning_z~~ero_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-sudoers_no_root_target_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	62	······</ocil:actions>
75	····</ocil:questionnaire>	63	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fremovexattr_ocil:questionnaire:1">
77	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·~~that·Modify·the·Sys~~t~~em's·D~~is~~cre~~tiona~~ry·Ac~~ce~~ss·Contro~~ls~~·-·frem~~ovexattr~~</oci~~l:~~tit~~le>	64	····<ocil:questionnaire·id="ocil:ssg-accounts_polyinstantiated_tmp_ocil:questionnaire:1">
		65	······<ocil:title>Configure·Polyinstantiation·of·/tmp·Directories</ocil:title>
78	······<ocil:actions>	66	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-a~~udit_r~~ules~~_dac~~_modification~~_fremov~~exattr_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-accounts_polyinstantiated_tmp_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	68	······</ocil:actions>
81	····</ocil:questionnaire>	69	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-file_gr~~oupowne~~r_~~etc~~_pa~~sswd~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-file_ownership_var_log_audit_ocil:questionnaire:1">
83	······<ocil:title>~~Verify~~·~~Group~~·~~Who~~·~~Owns~~·~~pass~~wd·~~File~~</ocil:title>	71	······<ocil:title>System·Audit·Logs·Must·Be·Owned·By·Root</ocil:title>
84	······<ocil:actions>	72	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-file_gr~~oupowne~~r_~~etc~~_pa~~sswd~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-file_ownership_var_log_audit_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	74	······</ocil:actions>
87	····</ocil:questionnaire>	75	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-harden_~~ssh~~_~~cli~~ent~~_cryp~~to_policy_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
89	······<ocil:title>Har~~den·SSH~~·cl~~ien~~t·~~Crypt~~o·Policy</ocil:title>	77	······<ocil:title>Configure·auditd·mail_acct·Action·on·Low·Disk·Space</ocil:title>
90	······<ocil:actions>	78	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-harden_~~ssh~~_~~cli~~ent~~_cryp~~to_policy_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	80	······</ocil:actions>
93	····</ocil:questionnaire>	81	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_var_log_syslog_ocil:questionnaire:1">
95	······<ocil:title~~>Ver~~i~~fy·G~~roup~~·Who·Owns·/v~~a~~r/log/~~s~~yslog·F~~ile</ocil:title>	82	····<ocil:questionnaire·id="ocil:ssg-rsyslog_encrypt_offload_defaultnetstreamdriver_ocil:questionnaire:1">
		83	······<ocil:title>Ensure·Rsyslog·Encrypts·Off-Loaded·Audit·Records</ocil:title>
96	······<ocil:actions>	84	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-file_groupo~~wner_v~~a~~r_log_~~s~~yslog~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_defaultnetstreamdriver_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	86	······</ocil:actions>
99	····</ocil:questionnaire>	87	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-chronyd_specify_remote_server_ocil:questionnaire:1">
101	······<ocil:tit~~le>A·~~re~~mote·t~~i~~me·~~serve~~r·fo~~r~~·Chrony·is·c~~onfig~~ured</~~ocil:title>	88	····<ocil:questionnaire·id="ocil:ssg-audit_rules_kernel_module_loading_finit_ocil:questionnaire:1">
		89	······<ocil:title>Ensure·auditd·Collects·Information·on·Kernel·Module·Loading·and·Unloading·-·finit_module</ocil:title>
102	······<ocil:actions>	90	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-chr~~onyd~~_spe~~cify_r~~emo~~te_server~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_finit_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	92	······</ocil:actions>
105	····</ocil:questionnaire>	93	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-kernel_config_hibernation_ocil:questionnaire:1">
107	······<ocil:title>Disable·hi~~ber~~nat~~ion</~~ocil:title>	94	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_shadow_ocil:questionnaire:1">
		95	······<ocil:title>Verify·Permissions·on·Backup·shadow·File</ocil:title>
108	······<ocil:actions>	96	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-ker~~nel_c~~on~~fig_hib~~e~~rnati~~on_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_shadow_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	98	······</ocil:actions>
111	····</ocil:questionnaire>	99	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-~~file~~_~~own~~e~~rsh~~ip_l~~ibrary_dir~~s_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_ocil:questionnaire:1">
113	······<ocil:title>~~Verify~~·tha~~t·Share~~d·~~Library~~·Files·~~Hav~~e·Ro~~ot·Ow~~n~~ership~~</ocil:title>	101	······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User</ocil:title>
114	······<ocil:actions>	102	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~file~~_~~own~~e~~rsh~~ip_l~~ibrary_dir~~s_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	104	······</ocil:actions>
117	····</ocil:questionnaire>	105	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-audit_rules_sysadmin_actions_ocil:questionnaire:1">
119	······<ocil:~~title>E~~nsure·~~aud~~itd·Coll~~ects·Syst~~e~~m·Adm~~i~~nistrat~~o~~r·Actions</~~ocil:title>	106	····<ocil:questionnaire·id="ocil:ssg-kernel_config_page_poisoning_zero_ocil:questionnaire:1">
		107	······<ocil:title>Use·zero·for·poisoning·instead·of·debugging·value</ocil:title>
120	······<ocil:actions>	108	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-~~audit~~_~~rules~~_~~sysadm~~in~~_actions~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-kernel_config_page_poisoning_zero_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 703619/715807 bytes (98.30%) of diff not shown.


Offset 21, 23 lines modified		Offset 21, 23 lines modified
21	····<ds:checks>	21	····<ds:checks>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-debian12-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-debian12-oval.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-debian12-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-debian12-oval.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-debian12-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-debian12-ocil.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-debian12-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-debian12-ocil.xml"/>
24	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-debian12-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-debian12-cpe-oval.xml"/>	24	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-debian12-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-debian12-cpe-oval.xml"/>
25	······<ds:component-ref·id="scap_org.open-scap_cref_security-oval-oval-definitions-bookworm.xml.bz2"·xlink:href="https://www.debian.org/security/oval/oval-definitions-bookworm.xml.bz2"/>	25	······<ds:component-ref·id="scap_org.open-scap_cref_security-oval-oval-definitions-bookworm.xml.bz2"·xlink:href="https://www.debian.org/security/oval/oval-definitions-bookworm.xml.bz2"/>
26	····</ds:checks>	26	····</ds:checks>
27	··</ds:data-stream>	27	··</ds:data-stream>
28	··<ds:component·id="scap_org.open-scap_comp_ssg-debian12-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	28	··<ds:component·id="scap_org.open-scap_comp_ssg-debian12-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
29	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	29	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
30	······<cpe-dict:cpe-item·name="cpe:/o:debian:debian_linux:12">	30	······<cpe-dict:cpe-item·name="cpe:/o:debian:debian_linux:12">
31	········<cpe-dict:title·xml:lang="en-us">Debian·Linux·12</cpe-dict:title>	31	········<cpe-dict:title·xml:lang="en-us">Debian·Linux·12</cpe-dict:title>
32	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian12-cpe-oval.xml">oval:ssg-installed_OS_is_debian12:def:1</cpe-dict:check>	32	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian12-cpe-oval.xml">oval:ssg-installed_OS_is_debian12:def:1</cpe-dict:check>
33	······</cpe-dict:cpe-item>	33	······</cpe-dict:cpe-item>
34	····</cpe-dict:cpe-list>	34	····</cpe-dict:cpe-list>
35	··</ds:component>	35	··</ds:component>
36	··<ds:component·id="scap_org.open-scap_comp_ssg-debian12-xccdf.xml"·timestamp="2025-02-28T20:08:00">	36	··<ds:component·id="scap_org.open-scap_comp_ssg-debian12-xccdf.xml"·timestamp="2025-03-01T22:08:00">
37	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_DEBIAN-12"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	37	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_DEBIAN-12"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
38	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	38	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
39	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Debian·12</xccdf-1.2:title>	39	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Debian·12</xccdf-1.2:title>
40	······<xccdf-1.2:description>	40	······<xccdf-1.2:description>
41	········This·guide·presents·a·catalog·of·security-relevant	41	········This·guide·presents·a·catalog·of·security-relevant
42	configuration·settings·for·Debian·12.·It·is·a·rendering·of	42	configuration·settings·for·Debian·12.·It·is·a·rendering·of
43	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	43	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 110245, 15 lines modified		Offset 110245, 15 lines modified
110245	··············<xccdf-1.2:check-content-ref·href="ssg-debian12-ocil.xml"·name="ocil:ssg-auditd_write_logs_ocil:questionnaire:1"/>	110245	··············<xccdf-1.2:check-content-ref·href="ssg-debian12-ocil.xml"·name="ocil:ssg-auditd_write_logs_ocil:questionnaire:1"/>
110246	············</xccdf-1.2:check>	110246	············</xccdf-1.2:check>
110247	··········</xccdf-1.2:Rule>	110247	··········</xccdf-1.2:Rule>
110248	········</xccdf-1.2:Group>	110248	········</xccdf-1.2:Group>
110249	······</xccdf-1.2:Group>	110249	······</xccdf-1.2:Group>
110250	····</xccdf-1.2:Benchmark>	110250	····</xccdf-1.2:Benchmark>
110251	··</ds:component>	110251	··</ds:component>
110252	··<ds:component·id="scap_org.open-scap_comp_ssg-debian12-oval.xml"·timestamp="2025-02-28T20:08:00">	110252	··<ds:component·id="scap_org.open-scap_comp_ssg-debian12-oval.xml"·timestamp="2025-03-01T22:08:00">
110253	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	110253	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
110254	······<oval-def:generator>	110254	······<oval-def:generator>
110255	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	110255	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
110256	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>	110256	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>
110257	········<oval:schema_version>5.11</oval:schema_version>	110257	········<oval:schema_version>5.11</oval:schema_version>
110258	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	110258	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>
110259	······</oval-def:generator>	110259	······</oval-def:generator>
Offset 140530, 9186 lines modified		Offset 140530, 9635 lines modified
140530	············</oval-def:arithmetic>	140530	············</oval-def:arithmetic>
140531	············<oval-def:variable_component·var_ref="oval:ssg-var_third_digit_of_umask_from_var_accounts_user_umask:var:1"/>	140531	············<oval-def:variable_component·var_ref="oval:ssg-var_third_digit_of_umask_from_var_accounts_user_umask:var:1"/>
140532	··········</oval-def:arithmetic>	140532	··········</oval-def:arithmetic>
140533	········</oval-def:local_variable>	140533	········</oval-def:local_variable>
140534	······</oval-def:variables>	140534	······</oval-def:variables>
140535	····</oval-def:oval_definitions>	140535	····</oval-def:oval_definitions>
140536	··</ds:component>	140536	··</ds:component>
140537	··<ds:component·id="scap_org.open-scap_comp_ssg-debian12-ocil.xml"·timestamp="2025-02-28T20:08:00">	140537	··<ds:component·id="scap_org.open-scap_comp_ssg-debian12-ocil.xml"·timestamp="2025-03-01T22:08:00">
140538	····<ocil:ocil>	140538	····<ocil:ocil>
140539	······<ocil:generator>	140539	······<ocil:generator>
140540	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	140540	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
140541	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>	140541	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>
140542	········<ocil:schema_version>2.0</ocil:schema_version>	140542	········<ocil:schema_version>2.0</ocil:schema_version>
140543	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	140543	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
140544	······</ocil:generator>	140544	······</ocil:generator>
140545	······<ocil:questionnaires>	140545	······<ocil:questionnaires>
140546	········<ocil:questionnaire·id="ocil:ssg-kernel_co~~nfig~~_de~~bug_sg~~_ocil:questionnaire:1">	140546	········<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_kptr_restrict_ocil:questionnaire:1">
		140547	··········<ocil:title>Restrict·Exposed·Kernel·Pointer·Addresses·Access</ocil:title>
140547	··········<ocil:title>Enable·checks·on·scatter-gather·(SG)·table·operations</ocil:title>
140548	··········<ocil:actions>
140549	············<ocil:test_action_ref>ocil:ssg-kernel_config_debug_sg_action:testaction:1</ocil:test_action_ref>
140550	··········</ocil:actions>
140551	········</ocil:questionnaire>
140552	········<ocil:questionnaire·id="ocil:ssg-chronyd_specify_remote_server_ocil:questionnaire:1">
140553	··········<ocil:title>A·remote·time·server·for·Chrony·is·configured</ocil:title>
140554	··········<ocil:actions>	140548	··········<ocil:actions>
140555	············<ocil:test_action_ref>ocil:ssg-c~~hronyd~~_spe~~cify~~_~~remote_~~ser~~ver~~_action:testaction:1</ocil:test_action_ref>	140549	············<ocil:test_action_ref>ocil:ssg-sysctl_kernel_kptr_restrict_action:testaction:1</ocil:test_action_ref>
140556	··········</ocil:actions>	140550	··········</ocil:actions>
140557	········</ocil:questionnaire>	140551	········</ocil:questionnaire>
140558	········<ocil:questionnaire·id="ocil:ssg-~~mou~~n~~t_opt~~ion_~~boo~~t_no~~exec~~_ocil:questionnaire:1">	140552	········<ocil:questionnaire·id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
140559	··········<ocil:title>Add·n~~oexe~~c~~·Op~~t~~ion·~~to·~~/boot~~</ocil:title>	140553	··········<ocil:title>Harden·SSH·client·Crypto·Policy</ocil:title>
140560	··········<ocil:actions>	140554	··········<ocil:actions>
140561	············<ocil:test_action_ref>ocil:ssg-~~mou~~n~~t_opt~~ion_~~boo~~t_no~~exec~~_action:testaction:1</ocil:test_action_ref>	140555	············<ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
140562	··········</ocil:actions>	140556	··········</ocil:actions>
140563	········</ocil:questionnaire>	140557	········</ocil:questionnaire>
140564	········<ocil:questionnaire·id="ocil:ssg-~~direc~~tory_owner~~_etc_s~~e~~linux~~_ocil:questionnaire:1">	140558	········<ocil:questionnaire·id="ocil:ssg-accounts_users_home_files_groupownership_ocil:questionnaire:1">
140565	··········<ocil:title>Verify·User·Who·~~Owns~~·/etc/selinux·Dir~~ect~~ory</ocil:title>	140559	··········<ocil:title>All·User·Files·and·Directories·In·The·Home·Directory·Must·Be·Group-Owned·By·The·Primary·Group</ocil:title>
140566	··········<ocil:actions>	140560	··········<ocil:actions>
140567	············<ocil:test_action_ref>ocil:ssg-~~direc~~tory_owner~~_etc_s~~e~~linux~~_action:testaction:1</ocil:test_action_ref>	140561	············<ocil:test_action_ref>ocil:ssg-accounts_users_home_files_groupownership_action:testaction:1</ocil:test_action_ref>
140568	··········</ocil:actions>	140562	··········</ocil:actions>
140569	········</ocil:questionnaire>	140563	········</ocil:questionnaire>
140570	········<ocil:questionnaire·id="ocil:ssg-file_owner_bac~~kup~~_etc_~~gshadow~~_ocil:questionnaire:1">	140564	········<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_crypttab_ocil:questionnaire:1">
140571	··········<ocil:title>Verify·~~User~~·Who·Owns·Bac~~kup·gsh~~adow·File</ocil:title>	140565	··········<ocil:title>Verify·Group·Who·Owns·/etc/crypttab·File</ocil:title>
140572	··········<ocil:actions>	140566	··········<ocil:actions>
140573	············<ocil:test_action_ref>ocil:ssg-file_owner_bac~~kup~~_etc_~~gshadow~~_action:testaction:1</ocil:test_action_ref>	140567	············<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_crypttab_action:testaction:1</ocil:test_action_ref>
140574	··········</ocil:actions>	140568	··········</ocil:actions>
140575	········</ocil:questionnaire>	140569	········</ocil:questionnaire>
140576	········<ocil:questionnaire·id="ocil:ssg-configure_user_data_backups_ocil:questionnaire:1">	140570	········<ocil:questionnaire·id="ocil:ssg-configure_user_data_backups_ocil:questionnaire:1">
140577	··········<ocil:title>Configure·Backups·of·User·Data</ocil:title>	140571	··········<ocil:title>Configure·Backups·of·User·Data</ocil:title>
140578	··········<ocil:actions>	140572	··········<ocil:actions>
140579	············<ocil:test_action_ref>ocil:ssg-configure_user_data_backups_action:testaction:1</ocil:test_action_ref>	140573	············<ocil:test_action_ref>ocil:ssg-configure_user_data_backups_action:testaction:1</ocil:test_action_ref>
140580	··········</ocil:actions>	140574	··········</ocil:actions>
140581	········</ocil:questionnaire>	140575	········</ocil:questionnaire>
140582	········<ocil:questionnaire·id="ocil:ssg-rsyslog_remote_l~~ogho~~st_ocil:questionnaire:1">	140576	········<ocil:questionnaire·id="ocil:ssg-rsyslog_encrypt_offload_defaultnetstreamdriver_ocil:questionnaire:1">
		140577	··········<ocil:title>Ensure·Rsyslog·Encrypts·Off-Loaded·Audit·Records</ocil:title>
140583	··········<ocil:title>Ensure·Logs·Sent·To·Remote·Host</ocil:title>
140584	··········<ocil:actions>
140585	············<ocil:test_action_ref>ocil:ssg-rsyslog_remote_loghost_action:testaction:1</ocil:test_action_ref>
140586	··········</ocil:actions>
140587	········</ocil:questionnaire>
140588	········<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_opasswd_ocil:questionnaire:1">
140589	··········<ocil:title>Record·Events·that·Modify·User/Group·Information·-·/etc/security/opasswd</ocil:title>
140590	··········<ocil:actions>	140578	··········<ocil:actions>
140591	············<ocil:test_action_ref>ocil:ssg-~~audit~~_~~rules_usergr~~oup_modif~~ica~~t~~ion_op~~a~~sswd~~_action:testaction:1</ocil:test_action_ref>	140579	············<ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_defaultnetstreamdriver_action:testaction:1</ocil:test_action_ref>
140592	··········</ocil:actions>	140580	··········</ocil:actions>
140593	········</ocil:questionnaire>	140581	········</ocil:questionnaire>
140594	········<ocil:questionnaire·id="ocil:ssg-~~packa~~g~~e_rsh-s~~erver_re~~mov~~ed_ocil:questionnaire:1">	140582	········<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_ipsec_secrets_ocil:questionnaire:1">
140595	··········<ocil:title>Uni~~nstall~~·rsh-server~~·Packag~~e</ocil:title>	140583	··········<ocil:title>Verify·Group·Who·Owns·/etc/ipsec.secrets·File</ocil:title>
140596	··········<ocil:actions>	140584	··········<ocil:actions>
140597	············<ocil:test_action_ref>ocil:ssg-~~packa~~g~~e_rsh-s~~erver_re~~mov~~ed_action:testaction:1</ocil:test_action_ref>	140585	············<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_ipsec_secrets_action:testaction:1</ocil:test_action_ref>
140598	··········</ocil:actions>	140586	··········</ocil:actions>
140599	········</ocil:questionnaire>	140587	········</ocil:questionnaire>
140600	········<ocil:questionnaire·id="ocil:ssg-pa~~ckage_cron~~_ins~~talle~~d_ocil:questionnaire:1">	140588	········<ocil:questionnaire·id="ocil:ssg-disallow_bypass_password_sudo_ocil:questionnaire:1">
140601	··········<ocil:title>Install·~~the·c~~ron·service</ocil:title>	140589	··········<ocil:title>Disallow·Configuration·to·Bypass·Password·Requirements·for·Privilege·Escalation</ocil:title>
140602	··········<ocil:actions>	140590	··········<ocil:actions>
140603	············<ocil:test_action_ref>ocil:ssg-pa~~ckage_cron~~_ins~~talle~~d_action:testaction:1</ocil:test_action_ref>	140591	············<ocil:test_action_ref>ocil:ssg-disallow_bypass_password_sudo_action:testaction:1</ocil:test_action_ref>
140604	··········</ocil:actions>	140592	··········</ocil:actions>
140605	········</ocil:questionnaire>	140593	········</ocil:questionnaire>
140606	········<ocil:questionnaire·id="ocil:ssg-a~~ccounts~~_p~~oly~~i~~nstanti~~a~~ted_tmp~~_ocil:questionnaire:1">	140594	········<ocil:questionnaire·id="ocil:ssg-aide_verify_acls_ocil:questionnaire:1">
140607	··········<ocil:title>Configure·~~Polyinstant~~i~~ation·of~~·/tmp·Di~~rectorie~~s</ocil:title>	140595	··········<ocil:title>Configure·AIDE·to·Verify·Access·Control·Lists·(ACLs)</ocil:title>
140608	··········<ocil:actions>	140596	··········<ocil:actions>
140609	············<ocil:test_action_ref>ocil:ssg-a~~ccounts~~_p~~oly~~i~~nstanti~~a~~ted_tmp~~_action:testaction:1</ocil:test_action_ref>	140597	············<ocil:test_action_ref>ocil:ssg-aide_verify_acls_action:testaction:1</ocil:test_action_ref>
140610	··········</ocil:actions>	140598	··········</ocil:actions>
140611	········</ocil:questionnaire>	140599	········</ocil:questionnaire>
140612	········<ocil:questionnaire·id="ocil:ssg-~~service~~_~~ntp~~_en~~abled~~_ocil:questionnaire:1">	140600	········<ocil:questionnaire·id="ocil:ssg-audit_sudo_log_events_ocil:questionnaire:1">
140613	··········<ocil:title>~~Enabl~~e·the~~·NTP~~·Daemon</ocil:title>	140601	··········<ocil:title>Record·Attempts·to·perform·maintenance·activities</ocil:title>
140614	··········<ocil:actions>	140602	··········<ocil:actions>
Max diff block lines reached; 1237841/1249445 bytes (99.07%) of diff not shown.


Offset 3, 9177 lines modified		Offset 3, 9626 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-kernel_co~~nfig~~_de~~bug_sg~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_kptr_restrict_ocil:questionnaire:1">
		11	······<ocil:title>Restrict·Exposed·Kernel·Pointer·Addresses·Access</ocil:title>
11	······<ocil:title>Enable·checks·on·scatter-gather·(SG)·table·operations</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-kernel_config_debug_sg_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-chronyd_specify_remote_server_ocil:questionnaire:1">
17	······<ocil:title>A·remote·time·server·for·Chrony·is·configured</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-c~~hronyd~~_spe~~cify~~_~~remote_~~ser~~ver~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-sysctl_kernel_kptr_restrict_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-~~mou~~n~~t_opt~~ion_~~boo~~t_no~~exec~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-harden_ssh_client_crypto_policy_ocil:questionnaire:1">
23	······<ocil:title>Add·n~~oexe~~c~~·Op~~t~~ion·~~to·~~/boot~~</ocil:title>	17	······<ocil:title>Harden·SSH·client·Crypto·Policy</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~mou~~n~~t_opt~~ion_~~boo~~t_no~~exec~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-harden_ssh_client_crypto_policy_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-directory_owner_etc_selinux_ocil:questionnaire:1">
29	······<ocil:ti~~tle>V~~eri~~fy·U~~s~~er·Wh~~o~~·Own~~s~~·/etc/s~~e~~linux·Di~~r~~ect~~or~~y</~~ocil:title>	22	····<ocil:questionnaire·id="ocil:ssg-accounts_users_home_files_groupownership_ocil:questionnaire:1">
		23	······<ocil:title>All·User·Files·and·Directories·In·The·Home·Directory·Must·Be·Group-Owned·By·The·Primary·Group</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~direc~~tory_owner~~_etc_s~~e~~linux~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-accounts_users_home_files_groupownership_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-file_owner_bac~~kup~~_etc_~~gshadow~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_crypttab_ocil:questionnaire:1">
35	······<ocil:title>Verify·~~User~~·Who·Owns·Bac~~kup·gsh~~adow·File</ocil:title>	29	······<ocil:title>Verify·Group·Who·Owns·/etc/crypttab·File</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-file_owner_bac~~kup~~_etc_~~gshadow~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_crypttab_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-configure_user_data_backups_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-configure_user_data_backups_ocil:questionnaire:1">
41	······<ocil:title>Configure·Backups·of·User·Data</ocil:title>	35	······<ocil:title>Configure·Backups·of·User·Data</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-configure_user_data_backups_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-configure_user_data_backups_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-rsyslog_remote_l~~ogho~~st_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-rsyslog_encrypt_offload_defaultnetstreamdriver_ocil:questionnaire:1">
		41	······<ocil:title>Ensure·Rsyslog·Encrypts·Off-Loaded·Audit·Records</ocil:title>
47	······<ocil:title>Ensure·Logs·Sent·To·Remote·Host</ocil:title>
48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-rsyslog_remote_loghost_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>
51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_opasswd_ocil:questionnaire:1">
53	······<ocil:title>Record·Events·that·Modify·User/Group·Information·-·/etc/security/opasswd</ocil:title>
54	······<ocil:actions>	42	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~audit~~_~~rules_usergr~~oup_modif~~ica~~t~~ion_op~~a~~sswd~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_defaultnetstreamdriver_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	44	······</ocil:actions>
57	····</ocil:questionnaire>	45	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-~~packa~~g~~e_rsh-s~~erver_re~~mov~~ed_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_ipsec_secrets_ocil:questionnaire:1">
59	······<ocil:title>Uni~~nstall~~·rsh-server~~·Packag~~e</ocil:title>	47	······<ocil:title>Verify·Group·Who·Owns·/etc/ipsec.secrets·File</ocil:title>
60	······<ocil:actions>	48	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~packa~~g~~e_rsh-s~~erver_re~~mov~~ed_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_ipsec_secrets_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	50	······</ocil:actions>
63	····</ocil:questionnaire>	51	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-pa~~ckage_cron~~_ins~~talle~~d_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-disallow_bypass_password_sudo_ocil:questionnaire:1">
65	······<ocil:title>Install·~~the·c~~ron·service</ocil:title>	53	······<ocil:title>Disallow·Configuration·to·Bypass·Password·Requirements·for·Privilege·Escalation</ocil:title>
66	······<ocil:actions>	54	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-pa~~ckage_cron~~_ins~~talle~~d_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-disallow_bypass_password_sudo_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	56	······</ocil:actions>
69	····</ocil:questionnaire>	57	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-a~~ccounts~~_p~~oly~~i~~nstanti~~a~~ted_tmp~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-aide_verify_acls_ocil:questionnaire:1">
71	······<ocil:title>Configure·~~Polyinstant~~i~~ation·of~~·/tmp·Di~~rectorie~~s</ocil:title>	59	······<ocil:title>Configure·AIDE·to·Verify·Access·Control·Lists·(ACLs)</ocil:title>
72	······<ocil:actions>	60	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-a~~ccounts~~_p~~oly~~i~~nstanti~~a~~ted_tmp~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-aide_verify_acls_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	62	······</ocil:actions>
75	····</ocil:questionnaire>	63	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-~~service~~_~~ntp~~_en~~abled~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-audit_sudo_log_events_ocil:questionnaire:1">
77	······<ocil:title>~~Enabl~~e·the~~·NTP~~·Daemon</ocil:title>	65	······<ocil:title>Record·Attempts·to·perform·maintenance·activities</ocil:title>
78	······<ocil:actions>	66	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~service~~_~~ntp~~_en~~abled~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-audit_sudo_log_events_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	68	······</ocil:actions>
81	····</ocil:questionnaire>	69	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-~~sshd~~_en~~abl~~e~~_strictmodes~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_efi_grub2_cfg_ocil:questionnaire:1">
83	······<ocil:title>~~Enabl~~e·Use·of·Strict·Mode·Che~~cking~~</ocil:title>	71	······<ocil:title>Verify·the·UEFI·Boot·Loader·grub.cfg·Group·Ownership</ocil:title>
84	······<ocil:actions>	72	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_en~~abl~~e~~_strictmodes~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-file_groupowner_efi_grub2_cfg_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	74	······</ocil:actions>
87	····</ocil:questionnaire>	75	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_sudo_ocil:questionnaire:1">
89	······<ocil:~~title>E~~nsure·aud~~itd·Collect~~s~~·Informa~~ti~~on·on·the·Use·of·Privileg~~ed·Co~~mmands·-·s~~u~~do</~~o~~cil:title~~>	76	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1">
		77	······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Source-Routed·Packets·on·all·IPv4·Interfaces</ocil:title>
90	······<ocil:actions>	78	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~audi~~t_~~rul~~es_priv~~ileged~~_~~comm~~a~~nds~~_sudo_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	80	······</ocil:actions>
93	····</ocil:questionnaire>	81	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-audit_privileged_commands_shutdown_ocil:questionnaire:1">
95	······<ocil:~~title>E~~nsure·~~aud~~itd·Col~~lect~~s~~·Informat~~i~~on·on·th~~e·Use·~~of·Privilege~~d·Comm~~ands·-·~~shutdown</ocil:~~title~~>	82	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_empty_passwords_ocil:questionnaire:1">
		83	······<ocil:title>Disable·SSH·Access·via·Empty·Passwords</ocil:title>
96	······<ocil:actions>	84	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-a~~udit~~_~~privi~~lege~~d_comm~~ands_s~~hut~~down_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-sshd_disable_empty_passwords_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	86	······</ocil:actions>
99	····</ocil:questionnaire>	87	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-~~file_~~pe~~rmis~~sion~~s_ss~~hd_privat~~e_k~~ey_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-selinux_state_ocil:questionnaire:1">
101	······<ocil:title>~~Verify·Permissi~~ons~~·on~~·SSH·~~Server~~·Private·*_key·~~Key·Files~~</ocil:title>	89	······<ocil:title>Ensure·SELinux·State·is·Enforcing</ocil:title>
102	······<ocil:actions>	90	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~file_~~pe~~rmis~~sion~~s_ss~~hd_privat~~e_k~~ey_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-selinux_state_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	92	······</ocil:actions>
105	····</ocil:questionnaire>	93	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_secure_redirects_ocil:questionnaire:1">
107	······<ocil:t~~itle>C~~onf~~igu~~re·~~Kernel·Paramet~~er~~·for·Ac~~c~~ept~~ing·S~~ecu~~r~~e·R~~ed~~irects·B~~y·Defaul~~t</~~ocil:title>	94	····<ocil:questionnaire·id="ocil:ssg-kernel_config_hardened_usercopy_fallback_ocil:questionnaire:1">
		95	······<ocil:title>Do·not·allow·usercopy·whitelist·violations·to·fallback·to·object·size</ocil:title>
108	······<ocil:actions>	96	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~sysct~~l_~~net_~~ipv4_co~~nf_~~def~~ault_~~sec~~ure~~_~~redire~~cts_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-kernel_config_hardened_usercopy_fallback_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	98	······</ocil:actions>
111	····</ocil:questionnaire>	99	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-audit_rules_~~uns~~ucc~~essful_file~~_modification_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_umount_ocil:questionnaire:1">
113	······<ocil:title>~~Ensu~~re·~~audi~~td·~~Collec~~ts·U~~nauthoriz~~e~~d·Acc~~ess·~~Att~~e~~mpts·to~~·~~Fil~~es·(un~~successf~~ul)</ocil:title>	101	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·umount</ocil:title>
114	······<ocil:actions>	102	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-audit_rules_~~uns~~ucc~~essful_file~~_modification_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_umount_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	104	······</ocil:actions>
117	····</ocil:questionnaire>	105	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-~~sysc~~tl_ker~~nel_yama_~~pt~~rac~~e_scope_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-auditd_write_logs_ocil:questionnaire:1">
119	······<ocil:title>~~Res~~trict~~·usag~~e·~~of·p~~t~~race~~·to·desce~~ndant~~·~~proc~~esses</ocil:title>	107	······<ocil:title>Write·Audit·Logs·to·the·Disk</ocil:title>
120	······<ocil:actions>	108	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-~~sysc~~tl_ker~~nel_yama_~~pt~~rac~~e_scope_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-auditd_write_logs_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	110	······</ocil:actions>
123	····</ocil:questionnaire>	111	····</ocil:questionnaire>
Max diff block lines reached; 1179902/1192051 bytes (98.98%) of diff not shown.


Offset 19, 23 lines modified		Offset 19, 23 lines modified
19	····</ds:checklists>	19	····</ds:checklists>
20	····<ds:checks>	20	····<ds:checks>
21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-oval.xml"/>	21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-oval.xml"/>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-ocil.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-ocil.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-cpe-oval.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-cpe-oval.xml"/>
24	····</ds:checks>	24	····</ds:checks>
25	··</ds:data-stream>	25	··</ds:data-stream>
26	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	26	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28	······<cpe-dict:cpe-item·name="cpe:/a:mozilla:firefox">	28	······<cpe-dict:cpe-item·name="cpe:/a:mozilla:firefox">
29	········<cpe-dict:title·xml:lang="en-us">Mozilla·Firefox</cpe-dict:title>	29	········<cpe-dict:title·xml:lang="en-us">Mozilla·Firefox</cpe-dict:title>
30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-firefox-cpe-oval.xml">oval:ssg-installed_app_is_firefox:def:1</cpe-dict:check>	30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-firefox-cpe-oval.xml">oval:ssg-installed_app_is_firefox:def:1</cpe-dict:check>
31	······</cpe-dict:cpe-item>	31	······</cpe-dict:cpe-item>
32	····</cpe-dict:cpe-list>	32	····</cpe-dict:cpe-list>
33	··</ds:component>	33	··</ds:component>
34	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-xccdf.xml"·timestamp="2025-02-28T20:08:00">	34	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-xccdf.xml"·timestamp="2025-03-01T22:08:00">
35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>	37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>
38	······<xccdf-1.2:description>	38	······<xccdf-1.2:description>
39	········This·guide·presents·a·catalog·of·security-relevant	39	········This·guide·presents·a·catalog·of·security-relevant
40	configuration·settings·for·Firefox.·It·is·a·rendering·of	40	configuration·settings·for·Firefox.·It·is·a·rendering·of
41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 3488, 15 lines modified		Offset 3488, 15 lines modified
3488	··············<xccdf-1.2:check-content-ref·href="ssg-firefox-ocil.xml"·name="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1"/>	3488	··············<xccdf-1.2:check-content-ref·href="ssg-firefox-ocil.xml"·name="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1"/>
3489	············</xccdf-1.2:check>	3489	············</xccdf-1.2:check>
3490	··········</xccdf-1.2:Rule>	3490	··········</xccdf-1.2:Rule>
3491	········</xccdf-1.2:Group>	3491	········</xccdf-1.2:Group>
3492	······</xccdf-1.2:Group>	3492	······</xccdf-1.2:Group>
3493	····</xccdf-1.2:Benchmark>	3493	····</xccdf-1.2:Benchmark>
3494	··</ds:component>	3494	··</ds:component>
3495	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-oval.xml"·timestamp="2025-02-28T20:08:00">	3495	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-oval.xml"·timestamp="2025-03-01T22:08:00">
3496	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	3496	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
3497	······<oval-def:generator>	3497	······<oval-def:generator>
3498	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	3498	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
3499	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>	3499	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>
3500	········<oval:schema_version>5.11</oval:schema_version>	3500	········<oval:schema_version>5.11</oval:schema_version>
3501	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	3501	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>


Offset 21, 23 lines modified		Offset 21, 23 lines modified
21	····<ds:checks>	21	····<ds:checks>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-oval.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-oval.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-ocil.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-ocil.xml"/>
24	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-cpe-oval.xml"/>	24	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-cpe-oval.xml"/>
25	······<ds:component-ref·id="scap_org.open-scap_cref_oval-com.ubuntu.xenial.usn.oval.xml.bz2"·xlink:href="https://security-metadata.canonical.com/oval/com.ubuntu.xenial.usn.oval.xml.bz2"/>	25	······<ds:component-ref·id="scap_org.open-scap_cref_oval-com.ubuntu.xenial.usn.oval.xml.bz2"·xlink:href="https://security-metadata.canonical.com/oval/com.ubuntu.xenial.usn.oval.xml.bz2"/>
26	····</ds:checks>	26	····</ds:checks>
27	··</ds:data-stream>	27	··</ds:data-stream>
28	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	28	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
29	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	29	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
30	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~">	30	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~">
31	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·16.04·(Xenial)</cpe-dict:title>	31	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·16.04·(Xenial)</cpe-dict:title>
32	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1604-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1604:def:1</cpe-dict:check>	32	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1604-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1604:def:1</cpe-dict:check>
33	······</cpe-dict:cpe-item>	33	······</cpe-dict:cpe-item>
34	····</cpe-dict:cpe-list>	34	····</cpe-dict:cpe-list>
35	··</ds:component>	35	··</ds:component>
36	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-xccdf.xml"·timestamp="2025-02-28T20:08:00">	36	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-xccdf.xml"·timestamp="2025-03-01T22:08:00">
37	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-XENIAL"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	37	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-XENIAL"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
38	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	38	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
39	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·16.04</xccdf-1.2:title>	39	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·16.04</xccdf-1.2:title>
40	······<xccdf-1.2:description>	40	······<xccdf-1.2:description>
41	········This·guide·presents·a·catalog·of·security-relevant	41	········This·guide·presents·a·catalog·of·security-relevant
42	configuration·settings·for·Ubuntu·16.04.·It·is·a·rendering·of	42	configuration·settings·for·Ubuntu·16.04.·It·is·a·rendering·of
43	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	43	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 63230, 15 lines modified		Offset 63230, 15 lines modified
63230	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu1604-ocil.xml"·name="ocil:ssg-auditd_write_logs_ocil:questionnaire:1"/>	63230	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu1604-ocil.xml"·name="ocil:ssg-auditd_write_logs_ocil:questionnaire:1"/>
63231	············</xccdf-1.2:check>	63231	············</xccdf-1.2:check>
63232	··········</xccdf-1.2:Rule>	63232	··········</xccdf-1.2:Rule>
63233	········</xccdf-1.2:Group>	63233	········</xccdf-1.2:Group>
63234	······</xccdf-1.2:Group>	63234	······</xccdf-1.2:Group>
63235	····</xccdf-1.2:Benchmark>	63235	····</xccdf-1.2:Benchmark>
63236	··</ds:component>	63236	··</ds:component>
63237	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-oval.xml"·timestamp="2025-02-28T20:08:00">	63237	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-oval.xml"·timestamp="2025-03-01T22:08:00">
63238	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	63238	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
63239	······<oval-def:generator>	63239	······<oval-def:generator>
63240	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	63240	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
63241	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>	63241	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>
63242	········<oval:schema_version>5.11</oval:schema_version>	63242	········<oval:schema_version>5.11</oval:schema_version>
63243	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	63243	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>


Offset 21, 23 lines modified		Offset 21, 23 lines modified
21	····<ds:checks>	21	····<ds:checks>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-oval.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-oval.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-ocil.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-ocil.xml"/>
24	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-cpe-oval.xml"/>	24	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-cpe-oval.xml"/>
25	······<ds:component-ref·id="scap_org.open-scap_cref_oval-com.ubuntu.bionic.usn.oval.xml.bz2"·xlink:href="https://security-metadata.canonical.com/oval/com.ubuntu.bionic.usn.oval.xml.bz2"/>	25	······<ds:component-ref·id="scap_org.open-scap_cref_oval-com.ubuntu.bionic.usn.oval.xml.bz2"·xlink:href="https://security-metadata.canonical.com/oval/com.ubuntu.bionic.usn.oval.xml.bz2"/>
26	····</ds:checks>	26	····</ds:checks>
27	··</ds:data-stream>	27	··</ds:data-stream>
28	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	28	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
29	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	29	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
30	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~">	30	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~">
31	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·18.04·(Bionic·Beaver)</cpe-dict:title>	31	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·18.04·(Bionic·Beaver)</cpe-dict:title>
32	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1804-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1804:def:1</cpe-dict:check>	32	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1804-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1804:def:1</cpe-dict:check>
33	······</cpe-dict:cpe-item>	33	······</cpe-dict:cpe-item>
34	····</cpe-dict:cpe-list>	34	····</cpe-dict:cpe-list>
35	··</ds:component>	35	··</ds:component>
36	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-xccdf.xml"·timestamp="2025-02-28T20:08:00">	36	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-xccdf.xml"·timestamp="2025-03-01T22:08:00">
37	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-BIONIC"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	37	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-BIONIC"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
38	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	38	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
39	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·18.04</xccdf-1.2:title>	39	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·18.04</xccdf-1.2:title>
40	······<xccdf-1.2:description>	40	······<xccdf-1.2:description>
41	········This·guide·presents·a·catalog·of·security-relevant	41	········This·guide·presents·a·catalog·of·security-relevant
42	configuration·settings·for·Ubuntu·18.04.·It·is·a·rendering·of	42	configuration·settings·for·Ubuntu·18.04.·It·is·a·rendering·of
43	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	43	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 67111, 15 lines modified		Offset 67111, 15 lines modified
67111	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu1804-ocil.xml"·name="ocil:ssg-auditd_write_logs_ocil:questionnaire:1"/>	67111	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu1804-ocil.xml"·name="ocil:ssg-auditd_write_logs_ocil:questionnaire:1"/>
67112	············</xccdf-1.2:check>	67112	············</xccdf-1.2:check>
67113	··········</xccdf-1.2:Rule>	67113	··········</xccdf-1.2:Rule>
67114	········</xccdf-1.2:Group>	67114	········</xccdf-1.2:Group>
67115	······</xccdf-1.2:Group>	67115	······</xccdf-1.2:Group>
67116	····</xccdf-1.2:Benchmark>	67116	····</xccdf-1.2:Benchmark>
67117	··</ds:component>	67117	··</ds:component>
67118	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-oval.xml"·timestamp="2025-02-28T20:08:00">	67118	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-oval.xml"·timestamp="2025-03-01T22:08:00">
67119	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	67119	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
67120	······<oval-def:generator>	67120	······<oval-def:generator>
67121	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	67121	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
67122	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>	67122	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>
67123	········<oval:schema_version>5.11</oval:schema_version>	67123	········<oval:schema_version>5.11</oval:schema_version>
67124	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	67124	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>


Offset 19, 23 lines modified		Offset 19, 23 lines modified
19	····</ds:checklists>	19	····</ds:checklists>
20	····<ds:checks>	20	····<ds:checks>
21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-oval.xml"/>	21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-oval.xml"/>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-ocil.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-ocil.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-cpe-oval.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-cpe-oval.xml"/>
24	····</ds:checks>	24	····</ds:checks>
25	··</ds:data-stream>	25	··</ds:data-stream>
26	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	26	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~">	28	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~">
29	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·20.04·(Focal·Fossa)</cpe-dict:title>	29	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·20.04·(Focal·Fossa)</cpe-dict:title>
30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu2004-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu2004:def:1</cpe-dict:check>	30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu2004-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu2004:def:1</cpe-dict:check>
31	······</cpe-dict:cpe-item>	31	······</cpe-dict:cpe-item>
32	····</cpe-dict:cpe-list>	32	····</cpe-dict:cpe-list>
33	··</ds:component>	33	··</ds:component>
34	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-xccdf.xml"·timestamp="2025-02-28T20:08:00">	34	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-xccdf.xml"·timestamp="2025-03-01T22:08:00">
35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_20-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_20-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·20.04</xccdf-1.2:title>	37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·20.04</xccdf-1.2:title>
38	······<xccdf-1.2:description>	38	······<xccdf-1.2:description>
39	········This·guide·presents·a·catalog·of·security-relevant	39	········This·guide·presents·a·catalog·of·security-relevant
40	configuration·settings·for·Ubuntu·20.04.·It·is·a·rendering·of	40	configuration·settings·for·Ubuntu·20.04.·It·is·a·rendering·of
41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 143123, 15 lines modified		Offset 143123, 15 lines modified
143123	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu2004-ocil.xml"·name="ocil:ssg-file_permissions_etc_audit_rulesd_ocil:questionnaire:1"/>	143123	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu2004-ocil.xml"·name="ocil:ssg-file_permissions_etc_audit_rulesd_ocil:questionnaire:1"/>
143124	············</xccdf-1.2:check>	143124	············</xccdf-1.2:check>
143125	··········</xccdf-1.2:Rule>	143125	··········</xccdf-1.2:Rule>
143126	········</xccdf-1.2:Group>	143126	········</xccdf-1.2:Group>
143127	······</xccdf-1.2:Group>	143127	······</xccdf-1.2:Group>
143128	····</xccdf-1.2:Benchmark>	143128	····</xccdf-1.2:Benchmark>
143129	··</ds:component>	143129	··</ds:component>
143130	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-oval.xml"·timestamp="2025-02-28T20:08:00">	143130	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-oval.xml"·timestamp="2025-03-01T22:08:00">
143131	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	143131	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
143132	······<oval-def:generator>	143132	······<oval-def:generator>
143133	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	143133	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
143134	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>	143134	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>
143135	········<oval:schema_version>5.11</oval:schema_version>	143135	········<oval:schema_version>5.11</oval:schema_version>
143136	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	143136	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>


Offset 8559, 18 lines modified		Offset 8559, 18 lines modified
000216e0:·616e·6420·7573·6520·7468·6520·696e·666f··and·use·the·info		000216e0:·616e·6420·7573·6520·7468·6520·696e·666f··and·use·the·info
000216f0:·726d·6174·696f·6e20·746f·2070·6f74·656e··rmation·to·poten		000216f0:·726d·6174·696f·6e20·746f·2070·6f74·656e··rmation·to·poten
00021700:·7469·616c·6c79·2063·6f6d·7072·6f6d·6973··tially·compromis		00021700:·7469·616c·6c79·2063·6f6d·7072·6f6d·6973··tially·compromis
00021710:·6520·7468·6520·696e·7465·6772·6974·7920··e·the·integrity·		00021710:·6520·7468·6520·696e·7465·6772·6974·7920··e·the·integrity·
00021720:·6f66·2074·6865·2073·7973·7465·6d20·616e··of·the·system·an		00021720:·6f66·2074·6865·2073·7973·7465·6d20·616e··of·the·system·an
00021730:·640a·6e65·7477·6f72·6b28·7329·2e0a·2020··d.network(s)..··		00021730:·640a·6e65·7477·6f72·6b28·7329·2e0a·2020··d.network(s)..··
00021740:·3c2f·7464·3e0a·2020·3c74·643e·7661·725f··</td>.··<td>var_		00021740:·3c2f·7464·3e0a·2020·3c74·643e·7661·725f··</td>.··<td>var_
00021750:·736e·6d70·645f·726f·5f73·7472·696e·673d··snmpd_ro_string=		00021750:·736e·6d70·645f·7277·5f73·7472·696e·673d··snmpd_rw_string=
00021760:·6368·616e·6765·6d65·726f·3c62·722f·3e76··changemero<br/>v		00021760:·6368·616e·6765·6d65·7277·3c62·722f·3e76··changemerw<br/>v
00021770:·6172·5f73·6e6d·7064·5f72·775f·7374·7269··ar_snmpd_rw_stri		00021770:·6172·5f73·6e6d·7064·5f72·6f5f·7374·7269··ar_snmpd_ro_stri
00021780:·6e67·3d63·6861·6e67·656d·6572·773c·2f74··ng=changemerw</t		00021780:·6e67·3d63·6861·6e67·656d·6572·6f3c·2f74··ng=changemero</t
00021790:·643e·0a3c·2f74·723e·0a3c·7472·3e0a·2020··d>.</tr>.<tr>.··		00021790:·643e·0a3c·2f74·723e·0a3c·7472·3e0a·2020··d>.</tr>.<tr>.··
000217a0:·3c74·643e·5343·2d35·3c2f·7464·3e0a·2020··<td>SC-5</td>.··		000217a0:·3c74·643e·5343·2d35·3c2f·7464·3e0a·2020··<td>SC-5</td>.··
000217b0:·3c74·643e·4e2f·413c·2f74·643e·0a20·203c··<td>N/A</td>.··<		000217b0:·3c74·643e·4e2f·413c·2f74·643e·0a20·203c··<td>N/A</td>.··<
000217c0:·7464·3e43·6f6e·6669·6775·7265·204b·6572··td>Configure·Ker		000217c0:·7464·3e43·6f6e·6669·6775·7265·204b·6572··td>Configure·Ker
000217d0:·6e65·6c20·746f·2052·6174·6520·4c69·6d69··nel·to·Rate·Limi		000217d0:·6e65·6c20·746f·2052·6174·6520·4c69·6d69··nel·to·Rate·Limi
000217e0:·7420·5365·6e64·696e·6720·6f66·2044·7570··t·Sending·of·Dup		000217e0:·7420·5365·6e64·696e·6720·6f66·2044·7570··t·Sending·of·Dup
000217f0:·6c69·6361·7465·2054·4350·2041·636b·6e6f··licate·TCP·Ackno		000217f0:·6c69·6361·7465·2054·4350·2041·636b·6e6f··licate·TCP·Ackno


Offset 2919, 16 lines modified		Offset 2919, 16 lines modified
2919	··············································································network·management	2919	··············································································network·management
2920	··············································································protocol·(SNMP)	2920	··············································································protocol·(SNMP)
2921	··············································································community·strings	2921	··············································································community·strings
2922	··············································································must·be·changed·to	2922	··············································································must·be·changed·to
2923	··································Edit·/etc/snmp/snmpd.conf,·remove·or·change·maintain·security.	2923	··································Edit·/etc/snmp/snmpd.conf,·remove·or·change·maintain·security.
2924	··································the·default·community·strings·of·public·and·If·the·service·is	2924	··································the·default·community·strings·of·public·and·If·the·service·is
2925	··································private.·This·profile·configures·new·read-··running·with·the	2925	··································private.·This·profile·configures·new·read-··running·with·the
2926	········N/·Ensure·Default·SNMP····only·community·string·to·changemero·and·····default·············var_snmpd_ro_string=changemero	2926	········N/·Ensure·Default·SNMP····only·community·string·to·changemero·and·····default·············var_snmpd_rw_string=changemerw
2927	IA-5(e)·A··Password·Is·Not·Used···read-write·community·string·to·changemerw.··authenticators,·····var_snmpd_rw_string=changemerw	2927	IA-5(e)·A··Password·Is·Not·Used···read-write·community·string·to·changemerw.··authenticators,·····var_snmpd_ro_string=changemero
2928	··································Once·the·default·community·strings·have·····then·anyone·can	2928	··································Once·the·default·community·strings·have·····then·anyone·can
2929	··································been·changed,·restart·the·SNMP·service:·····gather·data·about	2929	··································been·changed,·restart·the·SNMP·service:·····gather·data·about
2930	··································$·sudo·systemctl·restart·snmpd··············the·system·and·the	2930	··································$·sudo·systemctl·restart·snmpd··············the·system·and·the
2931	··············································································network·and·use·the	2931	··············································································network·and·use·the
2932	··············································································information·to	2932	··············································································information·to
2933	··············································································potentially	2933	··············································································potentially
2934	··············································································compromise·the	2934	··············································································compromise·the


Offset 4133, 15 lines modified		Offset 4133, 15 lines modified
4133	<pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>	4133	<pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>
4134	··</td>	4134	··</td>
4135	··<td·xml:lang="en-US">	4135	··<td·xml:lang="en-US">
4136	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling	4136	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4137	time-based·limit,·effects·of·potential·attacks·against	4137	time-based·limit,·effects·of·potential·attacks·against
4138	encryption·keys·are·limited.	4138	encryption·keys·are·limited.
4139	··</td>	4139	··</td>
4140	··<td>var_rekey_limit_time=1~~hou~~r<br/>var_rekey_limit_size=1G</td>	4140	··<td>var_rekey_limit_size=1G<br/>var_rekey_limit_time=1hour</td>
4141	</tr>	4141	</tr>
4142	<tr>	4142	<tr>
4143	··<td></td>	4143	··<td></td>
4144	··<td>N/A</td>	4144	··<td>N/A</td>
4145	··<td>SSH·server·uses·strong·entropy·to·seed</td>	4145	··<td>SSH·server·uses·strong·entropy·to·seed</td>
4146	··<td·xml:lang="en-US">	4146	··<td·xml:lang="en-US">
4147	To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.	4147	To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.


Offset 3401, 16 lines modified		Offset 3401, 16 lines modified
3401	··················································································································generator·used·by	3401	··················································································································generator·used·by
3402	··················································································································SSH·would·be·known	3402	··················································································································SSH·would·be·known
3403	··················································································································to·potential	3403	··················································································································to·potential
3404	··················································································································attackers.	3404	··················································································································attackers.
3405	··················································································································By·decreasing·the	3405	··················································································································By·decreasing·the
3406	·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,·····limit·based·on·the	3406	·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,·····limit·based·on·the
3407	········Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············amount·of·data·and	3407	········Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············amount·of·data·and
3408	·····N/·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·var_rekey_limit_time=1~~hou~~r	3408	·····N/·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·var_rekey_limit_size=1G
3409	·····A··renegotiation····sshd_config:·············································································limit,·effects·of···var_rekey_limit_size=1G	3409	·····A··renegotiation····sshd_config:·············································································limit,·effects·of···var_rekey_limit_time=1hour
3410	·························RekeyLimit·1G·1hour······································································potential·attacks	3410	·························RekeyLimit·1G·1hour······································································potential·attacks
3411	··················································································································against·encryption	3411	··················································································································against·encryption
3412	··················································································································keys·are·limited.	3412	··················································································································keys·are·limited.
3413	··················································································································SSH·implementation	3413	··················································································································SSH·implementation
3414	··················································································································in·Oracle·Linux·8	3414	··················································································································in·Oracle·Linux·8
3415	··················································································································uses·the·openssl	3415	··················································································································uses·the·openssl
3416	··················································································································library,·which	3416	··················································································································library,·which


Offset 24427, 17 lines modified		Offset 24427, 17 lines modified
0005f6a0:·6e67·0a74·696d·652d·6261·7365·6420·6c69··ng.time-based·li		0005f6a0:·6e67·0a74·696d·652d·6261·7365·6420·6c69··ng.time-based·li
0005f6b0:·6d69·742c·2065·6666·6563·7473·206f·6620··mit,·effects·of·		0005f6b0:·6d69·742c·2065·6666·6563·7473·206f·6620··mit,·effects·of·
0005f6c0:·706f·7465·6e74·6961·6c20·6174·7461·636b··potential·attack		0005f6c0:·706f·7465·6e74·6961·6c20·6174·7461·636b··potential·attack
0005f6d0:·7320·6167·6169·6e73·740a·656e·6372·7970··s·against.encryp		0005f6d0:·7320·6167·6169·6e73·740a·656e·6372·7970··s·against.encryp
0005f6e0:·7469·6f6e·206b·6579·7320·6172·6520·6c69··tion·keys·are·li		0005f6e0:·7469·6f6e·206b·6579·7320·6172·6520·6c69··tion·keys·are·li
0005f6f0:·6d69·7465·642e·0a20·203c·2f74·643e·0a20··mited..··</td>.·		0005f6f0:·6d69·7465·642e·0a20·203c·2f74·643e·0a20··mited..··</td>.·
0005f700:·203c·7464·3e76·6172·5f72·656b·6579·5f6c···<td>var_rekey_l		0005f700:·203c·7464·3e76·6172·5f72·656b·6579·5f6c···<td>var_rekey_l
		0005f710:·696d·6974·5f73·697a·653d·3147·3c62·722f··imit_size=1G<br/
		0005f720:·3e76·6172·5f72·656b·6579·5f6c·696d·6974··>var_rekey_limit
0005f710:~~·696d·6974~~·5f74·696d·653d·3168·6f75·723c··~~imit~~_time=1hour<		0005f730:·5f74·696d·653d·3168·6f75·723c·2f74·643e··_time=1hour</td>
0005f720:·6272·2f3e·7661·725f·7265·6b65·795f·6c69··br/>var_rekey_li
0005f730:·6d69·745f·7369·7a65·3d31·473c·2f74·643e··mit_size=1G</td>
0005f740:·0a3c·2f74·723e·0a3c·7472·3e0a·2020·3c74··.</tr>.<tr>.··<t		0005f740:·0a3c·2f74·723e·0a3c·7472·3e0a·2020·3c74··.</tr>.<tr>.··<t
0005f750:·643e·3c2f·7464·3e0a·2020·3c74·643e·4e2f··d></td>.··<td>N/		0005f750:·643e·3c2f·7464·3e0a·2020·3c74·643e·4e2f··d></td>.··<td>N/
0005f760:·413c·2f74·643e·0a20·203c·7464·3e53·5348··A</td>.··<td>SSH		0005f760:·413c·2f74·643e·0a20·203c·7464·3e53·5348··A</td>.··<td>SSH
0005f770:·2073·6572·7665·7220·7573·6573·2073·7472···server·uses·str		0005f770:·2073·6572·7665·7220·7573·6573·2073·7472···server·uses·str
0005f780:·6f6e·6720·656e·7472·6f70·7920·746f·2073··ong·entropy·to·s		0005f780:·6f6e·6720·656e·7472·6f70·7920·746f·2073··ong·entropy·to·s
0005f790:·6565·643c·2f74·643e·0a20·203c·7464·2078··eed</td>.··<td·x		0005f790:·6565·643c·2f74·643e·0a20·203c·7464·2078··eed</td>.··<td·x
0005f7a0:·6d6c·3a6c·616e·673d·2265·6e2d·5553·223e··ml:lang="en-US">		0005f7a0:·6d6c·3a6c·616e·673d·2265·6e2d·5553·223e··ml:lang="en-US">


Offset 7774, 16 lines modified		Offset 7774, 16 lines modified
7774	·································private·key.··········································system·where·the	7774	·································private·key.··········································system·where·the
7775	·······················································································associated·public	7775	·······················································································associated·public
7776	·······················································································key·has·been	7776	·······················································································key·has·been
7777	·······················································································installed.	7777	·······················································································installed.
7778	·································The·RekeyLimit·parameter·specifies·how·often·the······By·decreasing·the	7778	·································The·RekeyLimit·parameter·specifies·how·often·the······By·decreasing·the
7779	·································session·key·of·the·is·renegotiated,·both·in·terms·of··limit·based·on·the	7779	·································session·key·of·the·is·renegotiated,·both·in·terms·of··limit·based·on·the
7780	···········Force·frequent········amount·of·data·that·may·be·transmitted·and·the·time···amount·of·data·and	7780	···········Force·frequent········amount·of·data·that·may·be·transmitted·and·the·time···amount·of·data·and
7781	········N/·session·key···········elapsed.··············································enabling·time-based·var_rekey_limit_time=1~~hou~~r	7781	········N/·session·key···········elapsed.··············································enabling·time-based·var_rekey_limit_size=1G
7782	········A··renegotiation·········To·decrease·the·default·limits,·add·or·correct·the····limit,·effects·of···var_rekey_limit_size=1G	7782	········A··renegotiation·········To·decrease·the·default·limits,·add·or·correct·the····limit,·effects·of···var_rekey_limit_time=1hour
7783	·································following·line·in·/etc/ssh/sshd_config:···············potential·attacks	7783	·································following·line·in·/etc/ssh/sshd_config:···············potential·attacks
7784	·································RekeyLimit·1G·1hour···································against·encryption	7784	·································RekeyLimit·1G·1hour···································against·encryption
7785	·······················································································keys·are·limited.	7785	·······················································································keys·are·limited.
7786	·······················································································SSH·implementation	7786	·······················································································SSH·implementation
7787	·······················································································in·Oracle·Linux·8	7787	·······················································································in·Oracle·Linux·8
7788	·······················································································uses·the·openssl	7788	·······················································································uses·the·openssl
7789	·······················································································library,·which	7789	·······················································································library,·which


Offset 4075, 15 lines modified		Offset 4075, 15 lines modified
4075	<tt>RekeyLimit</tt>.	4075	<tt>RekeyLimit</tt>.
4076	··</td>	4076	··</td>
4077	··<td·xml:lang="en-US">	4077	··<td·xml:lang="en-US">
4078	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling	4078	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4079	time-based·limit,·effects·of·potential·attacks·against	4079	time-based·limit,·effects·of·potential·attacks·against
4080	encryption·keys·are·limited.	4080	encryption·keys·are·limited.
4081	··</td>	4081	··</td>
4082	··<td>var_ssh_client_rekey_limit_size=1G<br/>var_ssh_client_rekey_limit_time=1~~hou~~r</td>	4082	··<td>var_ssh_client_rekey_limit_time=1hour<br/>var_ssh_client_rekey_limit_size=1G</td>
4083	</tr>	4083	</tr>
4084	<tr>	4084	<tr>
4085	··<td></td>	4085	··<td></td>
4086	··<td>CCE-83349-1</td>	4086	··<td>CCE-83349-1</td>
4087	··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>	4087	··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>
4088	··<td·xml:lang="en-US">	4088	··<td·xml:lang="en-US">
4089	To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure	4089	To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure
Offset 4138, 15 lines modified		Offset 4138, 15 lines modified
4138	<pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>	4138	<pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>
4139	··</td>	4139	··</td>
4140	··<td·xml:lang="en-US">	4140	··<td·xml:lang="en-US">
4141	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling	4141	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4142	time-based·limit,·effects·of·potential·attacks·against	4142	time-based·limit,·effects·of·potential·attacks·against
4143	encryption·keys·are·limited.	4143	encryption·keys·are·limited.
4144	··</td>	4144	··</td>
4145	··<td>var_rekey_limit_time=1~~hou~~r<br/>var_rekey_limit_size=1G</td>	4145	··<td>var_rekey_limit_size=1G<br/>var_rekey_limit_time=1hour</td>
4146	</tr>	4146	</tr>
4147	<tr>	4147	<tr>
4148	··<td></td>	4148	··<td></td>
4149	··<td>CCE-82462-3</td>	4149	··<td>CCE-82462-3</td>
4150	··<td>SSH·server·uses·strong·entropy·to·seed</td>	4150	··<td>SSH·server·uses·strong·entropy·to·seed</td>
4151	··<td·xml:lang="en-US">	4151	··<td·xml:lang="en-US">
4152	To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.	4152	To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.


Offset 3356, 16 lines modified		Offset 3356, 16 lines modified
3356	······················································································································options,·which·can	3356	······················································································································options,·which·can
3357	······················································································································help·protect	3357	······················································································································help·protect
3358	······················································································································programs·which·use	3358	······················································································································programs·which·use
3359	······················································································································it.	3359	······················································································································it.
3360	·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in····By·decreasing·the	3360	·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in····By·decreasing·the
3361	·····························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the····limit·based·on·the	3361	·····························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the····limit·based·on·the
3362	·····CCE-···Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····amount·of·data·and	3362	·····CCE-···Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····amount·of·data·and
3363	·····82880-·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·var_ssh_client_rekey_limit_size=1G	3363	·····82880-·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·var_ssh_client_rekey_limit_time=1hour
3364	·····6······renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·limit,·effects·of···var_ssh_client_rekey_limit_time=1~~hou~~r	3364	·····6······renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·limit,·effects·of···var_ssh_client_rekey_limit_size=1G
3365	············for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order··potential·attacks	3365	············for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order··potential·attacks
3366	·····························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf······against·encryption	3366	·····························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf······against·encryption
3367	·····························containing·definition·of·RekeyLimit.·····················································keys·are·limited.	3367	·····························containing·definition·of·RekeyLimit.·····················································keys·are·limited.
3368	······················································································································Some·SSH	3368	······················································································································Some·SSH
3369	······················································································································implementations·use	3369	······················································································································implementations·use
3370	······················································································································the·openssl·library	3370	······················································································································the·openssl·library
3371	······················································································································for·entropy,·which	3371	······················································································································for·entropy,·which
Offset 3416, 16 lines modified		Offset 3416, 16 lines modified
3416	······················································································································generator·used·by	3416	······················································································································generator·used·by
3417	······················································································································SSH·would·be·known	3417	······················································································································SSH·would·be·known
3418	······················································································································to·potential	3418	······················································································································to·potential
3419	······················································································································attackers.	3419	······················································································································attackers.
3420	······················································································································By·decreasing·the	3420	······················································································································By·decreasing·the
3421	·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,·····limit·based·on·the	3421	·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,·····limit·based·on·the
3422	·····CCE-···Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············amount·of·data·and	3422	·····CCE-···Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············amount·of·data·and
3423	·····82177-·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·var_rekey_limit_time=1~~hou~~r	3423	·····82177-·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·var_rekey_limit_size=1G
3424	·····7······renegotiation····sshd_config:·············································································limit,·effects·of···var_rekey_limit_size=1G	3424	·····7······renegotiation····sshd_config:·············································································limit,·effects·of···var_rekey_limit_time=1hour
3425	·····························RekeyLimit·1G·1hour······································································potential·attacks	3425	·····························RekeyLimit·1G·1hour······································································potential·attacks
3426	······················································································································against·encryption	3426	······················································································································against·encryption
3427	······················································································································keys·are·limited.	3427	······················································································································keys·are·limited.
3428	······················································································································SSH·implementation	3428	······················································································································SSH·implementation
3429	······················································································································in·Red·Hat	3429	······················································································································in·Red·Hat
3430	······················································································································Enterprise·Linux·8	3430	······················································································································Enterprise·Linux·8
3431	······················································································································uses·the·openssl	3431	······················································································································uses·the·openssl


Offset 24277, 17 lines modified		Offset 24277, 17 lines modified
0005ed40:·696e·670a·7469·6d65·2d62·6173·6564·206c··ing.time-based·l		0005ed40:·696e·670a·7469·6d65·2d62·6173·6564·206c··ing.time-based·l
0005ed50:·696d·6974·2c20·6566·6665·6374·7320·6f66··imit,·effects·of		0005ed50:·696d·6974·2c20·6566·6665·6374·7320·6f66··imit,·effects·of
0005ed60:·2070·6f74·656e·7469·616c·2061·7474·6163···potential·attac		0005ed60:·2070·6f74·656e·7469·616c·2061·7474·6163···potential·attac
0005ed70:·6b73·2061·6761·696e·7374·0a65·6e63·7279··ks·against.encry		0005ed70:·6b73·2061·6761·696e·7374·0a65·6e63·7279··ks·against.encry
0005ed80:·7074·696f·6e20·6b65·7973·2061·7265·206c··ption·keys·are·l		0005ed80:·7074·696f·6e20·6b65·7973·2061·7265·206c··ption·keys·are·l
0005ed90:·696d·6974·6564·2e0a·2020·3c2f·7464·3e0a··imited..··</td>.		0005ed90:·696d·6974·6564·2e0a·2020·3c2f·7464·3e0a··imited..··</td>.
0005eda0:·2020·3c74·643e·7661·725f·7265·6b65·795f····<td>var_rekey_		0005eda0:·2020·3c74·643e·7661·725f·7265·6b65·795f····<td>var_rekey_
0005edb0:·6c69·6d69·745f·7369·7a65·3d31·~~473c~~·6272··limit_size=1~~G<b~~r		0005edb0:·6c69·6d69·745f·7469·6d65·3d31·686f·7572··limit_time=1hour
0005edc0:·2f3e·7661·725f·7265·6b65·795f·6c69·6d69··/>var_rekey_limi
0005edd0:·~~745f~~·7~~469~~·~~6d65~~·~~3d31~~·~~686f~~·7572·~~3c2f~~·7464··~~t_time=1hour</td~~		0005edc0:·3c62·722f·3e76·6172·5f72·656b·6579·5f6c··<br/>var_rekey_l
		0005edd0:·696d·6974·5f73·697a·653d·3147·3c2f·7464··imit_size=1G</td
0005ede0:·3e0a·3c2f·7472·3e0a·3c74·723e·0a20·203c··>.</tr>.<tr>.··<		0005ede0:·3e0a·3c2f·7472·3e0a·3c74·723e·0a20·203c··>.</tr>.<tr>.··<
0005edf0:·7464·3e3c·2f74·643e·0a20·203c·7464·3e43··td></td>.··<td>C		0005edf0:·7464·3e3c·2f74·643e·0a20·203c·7464·3e43··td></td>.··<td>C
0005ee00:·4345·2d38·3234·3632·2d33·3c2f·7464·3e0a··CE-82462-3</td>.		0005ee00:·4345·2d38·3234·3632·2d33·3c2f·7464·3e0a··CE-82462-3</td>.
0005ee10:·2020·3c74·643e·5353·4820·7365·7276·6572····<td>SSH·server		0005ee10:·2020·3c74·643e·5353·4820·7365·7276·6572····<td>SSH·server
0005ee20:·2075·7365·7320·7374·726f·6e67·2065·6e74···uses·strong·ent		0005ee20:·2075·7365·7320·7374·726f·6e67·2065·6e74···uses·strong·ent
0005ee30:·726f·7079·2074·6f20·7365·6564·3c2f·7464··ropy·to·seed</td		0005ee30:·726f·7079·2074·6f20·7365·6564·3c2f·7464··ropy·to·seed</td
0005ee40:·3e0a·2020·3c74·6420·786d·6c3a·6c61·6e67··>.··<td·xml:lang		0005ee40:·3e0a·2020·3c74·6420·786d·6c3a·6c61·6e67··>.··<td·xml:lang


Offset 7644, 16 lines modified		Offset 7644, 16 lines modified
7644	·····································corresponding·private·key.····························system·where·the	7644	·····································corresponding·private·key.····························system·where·the
7645	···························································································associated·public	7645	···························································································associated·public
7646	···························································································key·has·been	7646	···························································································key·has·been
7647	···························································································installed.	7647	···························································································installed.
7648	·····································The·RekeyLimit·parameter·specifies·how·often·the······By·decreasing·the	7648	·····································The·RekeyLimit·parameter·specifies·how·often·the······By·decreasing·the
7649	·····································session·key·of·the·is·renegotiated,·both·in·terms·of··limit·based·on·the	7649	·····································session·key·of·the·is·renegotiated,·both·in·terms·of··limit·based·on·the
7650	········CCE-···Force·frequent········amount·of·data·that·may·be·transmitted·and·the·time···amount·of·data·and	7650	········CCE-···Force·frequent········amount·of·data·that·may·be·transmitted·and·the·time···amount·of·data·and
7651	········82177-·session·key···········elapsed.··············································enabling·time-based·var_rekey_limit_size=1G	7651	········82177-·session·key···········elapsed.··············································enabling·time-based·var_rekey_limit_time=1hour
7652	········7······renegotiation·········To·decrease·the·default·limits,·add·or·correct·the····limit,·effects·of···var_rekey_limit_time=1~~hou~~r	7652	········7······renegotiation·········To·decrease·the·default·limits,·add·or·correct·the····limit,·effects·of···var_rekey_limit_size=1G
7653	·····································following·line·in·/etc/ssh/sshd_config:···············potential·attacks	7653	·····································following·line·in·/etc/ssh/sshd_config:···············potential·attacks
7654	·····································RekeyLimit·1G·1hour···································against·encryption	7654	·····································RekeyLimit·1G·1hour···································against·encryption
7655	···························································································keys·are·limited.	7655	···························································································keys·are·limited.
7656	···························································································SSH·implementation	7656	···························································································SSH·implementation
7657	···························································································in·Red·Hat	7657	···························································································in·Red·Hat
7658	···························································································Enterprise·Linux·8	7658	···························································································Enterprise·Linux·8
7659	···························································································uses·the·openssl	7659	···························································································uses·the·openssl


Offset 1, 10 lines modified		Offset 1, 10 lines modified
1	<?xml·version="1.0"·encoding="utf-8"?>	1	<?xml·version="1.0"·encoding="utf-8"?>
2	<xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">	2	<xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">
3	··<xccdf-1.2:version·time="2025-02-28T20:08:00">1</xccdf-1.2:version>	3	··<xccdf-1.2:version·time="2025-03-01T22:08:00">1</xccdf-1.2:version>
4	··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">	4	··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">
5	····<xccdf-1.2:title·override="true">DISA·STIG·for·Oracle·Linux·8</xccdf-1.2:title>	5	····<xccdf-1.2:title·override="true">DISA·STIG·for·Oracle·Linux·8</xccdf-1.2:title>
6	····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the	6	····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the
7	DISA·STIG·for·Oracle·Linux·8·V2R3.</xccdf-1.2:description>	7	DISA·STIG·for·Oracle·Linux·8·V2R3.</xccdf-1.2:description>
8	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs"·selected="false"/>	8	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs"·selected="false"/>
9	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_logon_fail_delay"·selected="false"/>	9	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_logon_fail_delay"·selected="false"/>
10	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions"·selected="false"/>	10	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions"·selected="false"/>


Offset 3, 3295 lines modified		Offset 3, 3295 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-f~~ile_owner~~_s~~shd~~_config_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-partition_for_home_ocil:questionnaire:1">
11	······<ocil:title>~~Verify~~·~~Own~~er·o~~n·SSH~~·Ser~~ver~~·~~conf~~ig·file</ocil:title>	11	······<ocil:title>Ensure·/home·Located·On·Separate·Partition</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-f~~ile_owner~~_s~~shd~~_config_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-partition_for_home_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-file_~~cron_deny~~_~~not~~_~~exist~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-file_ownership_sshd_pub_key_ocil:questionnaire:1">
17	······<ocil:title>Ens~~ure~~·~~that~~·/et~~c/c~~r~~on.deny~~·~~does~~·~~not~~·~~exist~~</ocil:title>	17	······<ocil:title>Verify·Ownership·on·SSH·Server·Public·*.pub·Key·Files</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-file_~~cron_deny~~_~~not~~_~~exist~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-file_ownership_sshd_pub_key_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_crontab_ocil:questionnaire:1">
23	······<ocil:title~~>Ver~~i~~fy·Gr~~oup~~·Wh~~o~~·Owns·Cr~~o~~ntab</~~ocil:title>	22	····<ocil:questionnaire·id="ocil:ssg-accounts_passwords_pam_faillock_deny_ocil:questionnaire:1">
		23	······<ocil:title>Lock·Accounts·After·Failed·Password·Attempts</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~file~~_group~~owner_~~c~~rontab~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-accounts_passwords_pam_faillock_deny_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-file_owner_~~etc~~_~~group~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_daily_ocil:questionnaire:1">
29	······<ocil:title>Verify·User·Who~~·Ow~~ns·gro~~up·F~~ile</ocil:title>	29	······<ocil:title>Verify·Owner·on·cron.daily</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-file_owner_~~etc~~_~~group~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-file_owner_cron_daily_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-audit_rules_~~dac~~_~~modif~~i~~catio~~n_~~fchown~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_renameat_ocil:questionnaire:1">
35	······<ocil:title>~~Reco~~rd·~~Events·~~that·Mod~~ify·~~the·S~~yst~~e~~m's~~·Discretion~~ary~~·~~Acces~~s·C~~ontrols~~·-·~~fchown~~</ocil:title>	35	······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·renameat</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-audit_rules_~~dac~~_~~modif~~i~~catio~~n_~~fchown~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_renameat_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_send_redirects_ocil:questionnaire:1">
41	······<ocil:title~~>Di~~s~~able·Ke~~rnel·Pa~~rameter·for·Sen~~ding~~·ICMP·Red~~irects~~·on·all·IPv4·Int~~erfac~~es·by·Defa~~u~~lt</~~o~~cil:title~~>	40	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_settimeofday_ocil:questionnaire:1">
		41	······<ocil:title>Record·attempts·to·alter·time·through·settimeofday</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~sysc~~tl_~~net_ipv4~~_~~conf_d~~e~~fault~~_se~~nd_r~~edi~~rects~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-audit_rules_time_settimeofday_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-sshd_enable_warning_banner_net_ocil:questionnaire:1">
47	······<ocil:~~title>E~~nable·~~SSH·Wa~~rn~~ing·Bann~~er</ocil:title>	46	····<ocil:questionnaire·id="ocil:ssg-kernel_module_cramfs_disabled_ocil:questionnaire:1">
		47	······<ocil:title>Disable·Mounting·of·cramfs</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_~~enab~~le_war~~ning~~_ba~~nner_n~~et_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-kernel_module_cramfs_disabled_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-account_password_pam_faillock_password_auth_ocil:questionnaire:1">
53	······<ocil:t~~itle>C~~onf~~igu~~r~~e·th~~e·~~Use·~~of·~~the·pam_~~faillo~~ck.s~~o·Module·~~in·~~th~~e·/etc/pam.d/pa~~ssword-a~~uth·F~~ile~~.</ocil~~:~~tit~~le>	52	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_at_allow_ocil:questionnaire:1">
		53	······<ocil:title>Verify·Group·Who·Owns·/etc/at.allow·file</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-a~~ccount_pass~~w~~ord~~_pam_faillo~~ck_pass~~w~~ord_auth~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-file_groupowner_at_allow_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-mou~~nt_op~~tion_var_log_~~nos~~uid_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-audit_rules_immutable_ocil:questionnaire:1">
59	······<ocil:title>Add·nosui~~d·Op~~tion·~~to·/v~~ar/log</ocil:title>	59	······<ocil:title>Make·the·auditd·Configuration·Immutable</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-mou~~nt_op~~tion_var_log_~~nos~~uid_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-audit_rules_immutable_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-package_b~~ind~~_~~remov~~ed_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-package_nftables_installed_ocil:questionnaire:1">
65	······<ocil:title>Uninstall·b~~ind~~·Package</ocil:title>	65	······<ocil:title>Install·nftables·Package</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-package_b~~ind~~_~~remov~~ed_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-package_nftables_installed_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_motd_ocil:questionnaire:1">
71	······<ocil:ti~~tle>V~~eri~~fy·Group·Ownership·of·M~~e~~ssage·~~of~~·the·Day·B~~an~~ner</~~ocil:title>	70	····<ocil:questionnaire·id="ocil:ssg-audit_rules_networkconfig_modification_ocil:questionnaire:1">
		71	······<ocil:title>Record·Events·that·Modify·the·System's·Network·Environment</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-file_groupo~~wner~~_etc~~_motd~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-audit_rules_networkconfig_modification_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-file_~~permission~~_~~user_ini~~t_~~files~~_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_gshadow_ocil:questionnaire:1">
77	······<ocil:title>~~Ensu~~re~~·All~~·User~~·Initializati~~on·F~~ile~~s·Ha~~ve·Mode·0740·Or~~·Less·~~Permiss~~ive</ocil:title>	77	······<ocil:title>Verify·Group·Who·Owns·Backup·gshadow·File</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-file_~~permission~~_~~user_ini~~t_~~files~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-file_groupowner_backup_etc_gshadow_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-file_per~~missions~~_etc_gsha~~dow~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_issue_ocil:questionnaire:1">
83	······<ocil:title>Verify·Per~~missio~~ns·on·gs~~had~~ow·~~Fil~~e</ocil:title>	83	······<ocil:title>Verify·Group·Ownership·of·System·Login·Banner</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-file_per~~missions~~_etc_gsha~~dow~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_issue_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-~~file_pe~~rmissions_ungrou~~pown~~ed_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-rsyslog_nolisten_ocil:questionnaire:1">
89	······<ocil:title>Ensure·Al~~l·Fil~~es·Are·Owned·by·a·Gr~~oup~~</ocil:title>	89	······<ocil:title>Ensure·rsyslog·Does·Not·Accept·Remote·Messages·Unless·Acting·As·Log·Server</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~file_pe~~rmissions_ungrou~~pown~~ed_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-rsyslog_nolisten_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-accounts_user_interactive_home_directory_exists_ocil:questionnaire:1">
95	······<ocil:ti~~tle>All~~·~~Interactive·Us~~er~~s·H~~o~~me·Dire~~c~~tor~~ie~~s·Must·Exi~~st</o~~cil:title~~>	94	····<ocil:questionnaire·id="ocil:ssg-kernel_module_dccp_disabled_ocil:questionnaire:1">
		95	······<ocil:title>Disable·DCCP·Support</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~accounts_u~~ser_in~~teractiv~~e_~~home~~_di~~rectory_~~e~~xist~~s_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-kernel_module_dccp_disabled_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-mount_option_var_log_audit_nosuid_ocil:questionnaire:1">
101	······<ocil:title>Ad~~d·no~~sui~~d·O~~ption~~·to·/var/lo~~g~~/au~~di~~t</~~ocil:title>	100	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_gshadow_ocil:questionnaire:1">
		101	······<ocil:title>Verify·Permissions·on·Backup·gshadow·File</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~mount_opt~~i~~on_var~~_~~log_audi~~t~~_no~~suid_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_gshadow_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-ser~~vic~~e~~_snmpd~~_d~~isab~~led_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_hourly_ocil:questionnaire:1">
107	······<ocil:title>Di~~sable~~·s~~nmpd·Service~~</ocil:title>	107	······<ocil:title>Verify·Group·Who·Owns·cron.hourly</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-ser~~vic~~e~~_snmpd~~_d~~isab~~led_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_hourly_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-accounts_~~uma~~sk_etc_bas~~hrc~~_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-accounts_password_set_max_life_existing_ocil:questionnaire:1">
113	······<ocil:title>~~Ensu~~re·th~~e·Default~~·Bas~~h·Uma~~sk·i~~s·Set·Corr~~e~~ctly~~</ocil:title>	113	······<ocil:title>Set·Existing·Passwords·Maximum·Age</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-accounts_~~uma~~sk_etc_bas~~hrc~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-accounts_password_set_max_life_existing_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-~~file_ow~~ner_~~backup~~_~~etc~~_gshadow_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-partition_for_var_ocil:questionnaire:1">
119	······<ocil:title>~~Verify~~·~~Use~~r·Who~~·Owns~~·~~Backu~~p~~·gshadow·F~~ile</ocil:title>	119	······<ocil:title>Ensure·/var·Located·On·Separate·Partition</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-~~file_ow~~ner_~~backup~~_~~etc~~_gshadow_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-partition_for_var_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	122	······</ocil:actions>
Max diff block lines reached; 722380/734706 bytes (98.32%) of diff not shown.


Offset 3, 2759 lines modified		Offset 3, 2759 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-~~file_p~~er~~miss~~ions_~~crontab~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-package_ypbind_removed_ocil:questionnaire:1">
		11	······<ocil:title>Remove·NIS·Client</ocil:title>
11	······<ocil:title>Verify·Permissions·on·crontab</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-file_permissions_crontab_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-auditd_data_disk_full_action_ocil:questionnaire:1">
17	······<ocil:title>Configure·auditd·Disk·Full·Action·when·Disk·Space·Is·Full</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-a~~uditd~~_~~data_d~~isk_~~full_action~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-package_ypbind_removed_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-coredump_disable_storage_ocil:questionnaire:1">
23	······<ocil:title>Disable~~·stor~~i~~ng·~~core·d~~ump</~~ocil:title>	16	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_icmp_echo_ignore_broadcasts_ocil:questionnaire:1">
		17	······<ocil:title>Enable·Kernel·Parameter·to·Ignore·ICMP·Broadcast·Echo·Requests·on·IPv4·Interfaces</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-coredump_di~~sabl~~e_storage_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_icmp_echo_ignore_broadcasts_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-ac~~cou~~nts_no_uid_excep~~t_z~~ero_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-kernel_config_seccomp_filter_ocil:questionnaire:1">
29	······<ocil:title>Verif~~y·On~~ly·~~Roo~~t·~~Has~~·~~UID~~·0</ocil:title>	23	······<ocil:title>Enable·use·of·Berkeley·Packet·Filter·with·seccomp</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-ac~~cou~~nts_no_uid_excep~~t_z~~ero_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-kernel_config_seccomp_filter_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-~~sshd~~_pri~~nt_las~~t_~~log~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-kernel_config_compat_brk_ocil:questionnaire:1">
35	······<ocil:title>Enable·~~SSH·Pr~~int·~~Last~~·~~Log~~</ocil:title>	29	······<ocil:title>Disable·compatibility·with·brk()</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_pri~~nt_las~~t_~~log~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-kernel_config_compat_brk_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-installed_OS_is_FIPS_certified_ocil:questionnaire:1">
41	······<ocil:ti~~tle>Th~~e·Ins~~talled·O~~perati~~ng·Sy~~ste~~m·I~~s~~·FIPS·140-2·C~~ertifi~~ed</~~o~~cil:title~~>	34	····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_shadow_ocil:questionnaire:1">
		35	······<ocil:title>Verify·Permissions·on·shadow·File</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~inst~~alle~~d_OS_~~is~~_FIPS~~_ce~~rtifie~~d_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_shadow_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-audi~~t_ru~~les_d~~ac_~~m~~odif~~ication_~~setxattr~~_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-file_permissions_grub2_cfg_ocil:questionnaire:1">
47	······<ocil:title>Recor~~d·Events·that·Mod~~ify·~~the·Sys~~t~~em's·Di~~scre~~tiona~~ry~~·Ac~~cess·Controls~~·-·~~s~~etxattr~~</ocil:title>	41	······<ocil:title>Verify·/boot/grub2/grub.cfg·Permissions</ocil:title>
48	······<ocil:actions>	42	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-audi~~t_ru~~les_d~~ac_~~m~~odif~~ication_~~setxattr~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-file_permissions_grub2_cfg_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	44	······</ocil:actions>
51	····</ocil:questionnaire>	45	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-~~account~~_~~disabl~~e_~~pos~~t_pw_~~expi~~ration_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-selinux_confinement_of_daemons_ocil:questionnaire:1">
53	······<ocil:title>~~Set·Acc~~o~~unt·Expir~~ation·~~Follow~~ing·~~Inactivity~~</ocil:title>	47	······<ocil:title>Ensure·No·Daemons·are·Unconfined·by·SELinux</ocil:title>
54	······<ocil:actions>	48	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~account~~_~~disabl~~e_~~pos~~t_pw_~~expi~~ration_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-selinux_confinement_of_daemons_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	50	······</ocil:actions>
57	····</ocil:questionnaire>	51	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-accounts_max_concurrent_login_sessions_ocil:questionnaire:1">
59	······<ocil:title>Li~~mit·th~~e·N~~umber·of·Concurr~~en~~t·Log~~i~~n·Se~~ssions~~·Allowed·P~~e~~r·Us~~er</ocil:title>	52	····<ocil:questionnaire·id="ocil:ssg-file_permissions_var_log_messages_ocil:questionnaire:1">
		53	······<ocil:title>Verify·Permissions·on·/var/log/messages·File</ocil:title>
60	······<ocil:actions>	54	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-a~~ccounts_~~m~~ax_c~~oncu~~rrent~~_login_sess~~ion~~s_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-file_permissions_var_log_messages_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	56	······</ocil:actions>
63	····</ocil:questionnaire>	57	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-file_owne~~rship_var_~~log_~~audit~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-kernel_config_slub_debug_ocil:questionnaire:1">
65	······<ocil:title>~~System~~·~~Audit~~·Logs·~~Must·Be·Ow~~ned·~~By·R~~oot</ocil:title>	59	······<ocil:title>Enable·SLUB·debugging·support</ocil:title>
66	······<ocil:actions>	60	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-file_owne~~rship_var_~~log_~~audit~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-kernel_config_slub_debug_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	62	······</ocil:actions>
69	····</ocil:questionnaire>	63	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~gno~~me~~_gdm~~_d~~isable~~_xd~~mcp~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-kernel_config_bug_ocil:questionnaire:1">
71	······<ocil:title>Disable·~~XDMCP~~·in·GDM</ocil:title>	65	······<ocil:title>Enable·support·for·BUG()</ocil:title>
72	······<ocil:actions>	66	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~gno~~me~~_gdm~~_d~~isable~~_xd~~mcp~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-kernel_config_bug_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	68	······</ocil:actions>
75	····</ocil:questionnaire>	69	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_pwhistory_remember_password_auth_ocil:questionnaire:1">
77	······<ocil:title~~>Limit·Pas~~s~~word·Reu~~se~~:·p~~a~~ssword-auth</~~ocil:title>	70	····<ocil:questionnaire·id="ocil:ssg-sshd_set_max_auth_tries_ocil:questionnaire:1">
		71	······<ocil:title>Set·SSH·authentication·attempt·limit</ocil:title>
78	······<ocil:actions>	72	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~accounts_pa~~ssword~~_pam~~_~~pwhi~~s~~tory_r~~emember_pass~~word_auth~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-sshd_set_max_auth_tries_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	74	······</ocil:actions>
81	····</ocil:questionnaire>	75	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-~~chronyd~~_run_as_chro~~ny_user~~_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-file_at_deny_not_exist_ocil:questionnaire:1">
83	······<ocil:title>Ensure·that·~~chronyd·is·runni~~ng·under·chrony·use~~r·accoun~~t</ocil:title>	77	······<ocil:title>Ensure·that·/etc/at.deny·does·not·exist</ocil:title>
84	······<ocil:actions>	78	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~chronyd~~_run_as_chro~~ny_user~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-file_at_deny_not_exist_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	80	······</ocil:actions>
87	····</ocil:questionnaire>	81	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-~~configu~~r~~e_s~~sh_~~crypto~~_~~policy~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-rpm_verify_hashes_ocil:questionnaire:1">
89	······<ocil:title>~~Configu~~re~~·SSH~~·to~~·us~~e·System·Crypto·~~Policy~~</ocil:title>	83	······<ocil:title>Verify·File·Hashes·with·RPM</ocil:title>
90	······<ocil:actions>	84	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~configu~~r~~e_s~~sh_~~crypto~~_~~policy~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-rpm_verify_hashes_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	86	······</ocil:actions>
93	····</ocil:questionnaire>	87	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-sudoers_explicit_command_args_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-sudoers_explicit_command_args_ocil:questionnaire:1">
95	······<ocil:title>Explicit·arguments·in·sudo·specifications</ocil:title>	89	······<ocil:title>Explicit·arguments·in·sudo·specifications</ocil:title>
96	······<ocil:actions>	90	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-sudoers_explicit_command_args_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-sudoers_explicit_command_args_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	92	······</ocil:actions>
99	····</ocil:questionnaire>	93	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-service_oddjobd_disabled_ocil:questionnaire:1">
101	······<ocil:title>Disable·Od~~d·J~~o~~b·D~~aemon·(~~oddj~~obd~~)</~~ocil:title>	94	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lchown_ocil:questionnaire:1">
		95	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·lchown</ocil:title>
102	······<ocil:actions>	96	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-ser~~vice~~_~~oddjob~~d_disabled_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_lchown_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	98	······</ocil:actions>
105	····</ocil:questionnaire>	99	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_kptr_restrict_ocil:questionnaire:1">
107	······<ocil:t~~itle>Restr~~ict·~~Exposed·Kernel·P~~oint~~er·Add~~res~~ses·A~~c~~cess</~~ocil:title>	100	····<ocil:questionnaire·id="ocil:ssg-account_passwords_pam_faillock_dir_ocil:questionnaire:1">
		101	······<ocil:title>Account·Lockouts·Must·Persist</ocil:title>
108	······<ocil:actions>	102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~sysc~~t~~l_kernel_k~~ptr_~~restri~~ct_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-account_passwords_pam_faillock_dir_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	104	······</ocil:actions>
111	····</ocil:questionnaire>	105	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-ser~~vice_sshd_dis~~abled_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_allow_ocil:questionnaire:1">
113	······<ocil:title>Di~~sable~~·~~SSH~~·Se~~rve~~r~~·If·P~~o~~ssib~~le</ocil:title>	107	······<ocil:title>Verify·Group·Who·Owns·/etc/cron.allow·file</ocil:title>
114	······<ocil:actions>	108	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-ser~~vice_sshd_dis~~abled_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_allow_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	110	······</ocil:actions>
117	····</ocil:questionnaire>	111	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-no_direct_root_~~logins~~_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-chronyd_specify_remote_server_ocil:questionnaire:1">
119	······<ocil:title>Direct·root·Lo~~gin~~s·Not~~·Allow~~ed</ocil:title>	113	······<ocil:title>A·remote·time·server·for·Chrony·is·configured</ocil:title>
120	······<ocil:actions>	114	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-no_direct_root_~~logins~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-chronyd_specify_remote_server_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	116	······</ocil:actions>
Max diff block lines reached; 866003/877623 bytes (98.68%) of diff not shown.


Offset 3, 5403 lines modified		Offset 3, 5403 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-package_libreswan_installed_ocil:questionnaire:1">
11	······<ocil:title>Install·libreswan·Package</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-package_libreswan_installed_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-file_~~group~~owner_cron_~~allow~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-file_owner_var_log_messages_ocil:questionnaire:1">
17	······<ocil:title>Verify·G~~roup~~·Who·Owns·/~~etc~~/~~cron.allow~~·file</ocil:title>	11	······<ocil:title>Verify·User·Who·Owns·/var/log/messages·File</ocil:title>
18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_allow_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>
21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-sudo_custom_logfile_ocil:questionnaire:1">
23	······<ocil:title>Ensure·Sudo·Logfile·Exists·-·sudo·logfile</ocil:title>
24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-sudo_custom_logfile_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>
27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_default_disable_ipv6_ocil:questionnaire:1">
29	······<ocil:title>Disable·IPv6·Addressing·on·IPv6·Interfaces·by·Default</ocil:title>
30	······<ocil:actions>	12	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~sysctl_~~net_i~~pv6~~_conf_de~~fault_d~~isable~~_ipv~~6_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-file_owner_var_log_messages_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	14	······</ocil:actions>
33	····</ocil:questionnaire>	15	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-kernel_config_acpi_custom_method_ocil:questionnaire:1">
35	······<ocil:t~~itle>D~~o·n~~ot·allow·ACPI·metho~~d~~s·to·b~~e~~·in~~ser~~ted/replaced·~~at~~·run·time</~~ocil:title>	16	····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_gshadow_ocil:questionnaire:1">
		17	······<ocil:title>Record·Events·that·Modify·User/Group·Information·-·/etc/gshadow</ocil:title>
36	······<ocil:actions>	18	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-kernel_~~config~~_~~acp~~i_c~~ust~~om_~~meth~~od_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-audit_rules_usergroup_modification_gshadow_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	20	······</ocil:actions>
39	····</ocil:questionnaire>	21	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-~~aud~~it_rules_dac~~_modifica~~tion_chmod_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-selinux_confinement_of_daemons_ocil:questionnaire:1">
41	······<ocil:title>~~Record·~~Events·t~~hat~~·Mo~~dify·the~~·System~~'s·~~Dis~~cretio~~nary·Acces~~s·Co~~n~~trols~~·~~-·chmod~~</ocil:title>	23	······<ocil:title>Ensure·No·Daemons·are·Unconfined·by·SELinux</ocil:title>
42	······<ocil:actions>	24	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~aud~~it_rules_dac~~_modifica~~tion_chmod_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-selinux_confinement_of_daemons_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	26	······</ocil:actions>
45	····</ocil:questionnaire>	27	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_settimeofday_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_settimeofday_ocil:questionnaire:1">
47	······<ocil:title>Record·attempts·to·alter·time·through·settimeofday</ocil:title>	29	······<ocil:title>Record·attempts·to·alter·time·through·settimeofday</ocil:title>
48	······<ocil:actions>	30	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-audit_rules_time_settimeofday_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-audit_rules_time_settimeofday_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	32	······</ocil:actions>
51	····</ocil:questionnaire>	33	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_kerb_auth_ocil:questionnaire:1">
53	······<ocil:title>Disable·Kerberos·Authentication</ocil:title>
54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-sshd_disable_kerb_auth_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>
57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-~~audit_~~r~~ule~~s_~~immu~~table_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-file_permissions_crontab_ocil:questionnaire:1">
59	······<ocil:title>Make~~·the~~·~~auditd·C~~on~~figura~~tion·~~Immu~~table</ocil:title>	35	······<ocil:title>Verify·Permissions·on·crontab</ocil:title>
60	······<ocil:actions>	36	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~audit_~~r~~ule~~s_~~immu~~table_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-file_permissions_crontab_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	38	······</ocil:actions>
63	····</ocil:questionnaire>	39	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~audit~~_~~privileg~~ed_~~comm~~a~~nds_i~~nit_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-grub2_slab_nomerge_argument_ocil:questionnaire:1">
65	······<ocil:title>Ens~~ure·~~a~~uditd·Co~~lle~~cts~~·Information·on·the·Us~~e·of~~·~~Pri~~vi~~leg~~ed·Comm~~ands~~·-·init</ocil:title>	41	······<ocil:title>Disable·merging·of·slabs·with·similar·size</ocil:title>
66	······<ocil:actions>	42	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~audit~~_~~privileg~~ed_~~comm~~a~~nds_i~~nit_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-grub2_slab_nomerge_argument_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	44	······</ocil:actions>
69	····</ocil:questionnaire>	45	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-pac~~kage~~_xinetd_rem~~oved~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-kernel_config_panic_timeout_ocil:questionnaire:1">
71	······<ocil:title>~~Uni~~n~~sta~~ll·xinetd·~~Package~~</ocil:title>	47	······<ocil:title>Kernel·panic·timeout</ocil:title>
72	······<ocil:actions>	48	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-pac~~kage~~_xinetd_rem~~oved~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-kernel_config_panic_timeout_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	50	······</ocil:actions>
75	····</ocil:questionnaire>	51	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-aud~~it_ru~~les_sysadmin_a~~ctio~~ns_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-sshd_enable_warning_banner_net_ocil:questionnaire:1">
77	······<ocil:title>En~~sure·~~a~~uditd·Co~~lle~~cts~~·S~~yst~~em·A~~dmi~~ni~~strat~~or·A~~ctions~~</ocil:title>	53	······<ocil:title>Enable·SSH·Warning·Banner</ocil:title>
78	······<ocil:actions>	54	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-aud~~it_ru~~les_sysadmin_a~~ctio~~ns_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-sshd_enable_warning_banner_net_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	56	······</ocil:actions>
81	····</ocil:questionnaire>	57	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-package_libselinux_installed_ocil:questionnaire:1">
83	······<ocil:title~~>In~~s~~tall·l~~ibse~~linux·P~~acka~~ge</~~ocil:title>	58	····<ocil:questionnaire·id="ocil:ssg-configure_user_data_backups_ocil:questionnaire:1">
		59	······<ocil:title>Configure·Backups·of·User·Data</ocil:title>
84	······<ocil:actions>	60	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~packa~~g~~e_lib~~sel~~inux_installed~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-configure_user_data_backups_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	62	······</ocil:actions>
87	····</ocil:questionnaire>	63	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-kernel_config_panic_timeout_ocil:questionnaire:1">
89	······<ocil:title~~>Kerne~~l·panic·time~~out</~~ocil:title>	64	····<ocil:questionnaire·id="ocil:ssg-accounts_max_concurrent_login_sessions_ocil:questionnaire:1">
		65	······<ocil:title>Limit·the·Number·of·Concurrent·Login·Sessions·Allowed·Per·User</ocil:title>
90	······<ocil:actions>	66	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~ker~~nel_con~~fig~~_~~pan~~ic_~~time~~out_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-accounts_max_concurrent_login_sessions_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	68	······</ocil:actions>
93	····</ocil:questionnaire>	69	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-~~gru~~b~~2_audi~~t_argument_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_root_login_ocil:questionnaire:1">
95	······<ocil:title>Enabl~~e·Auditing·for·Process~~e~~s·Which~~·Start·Prio~~r·t~~o·the·~~Aud~~i~~t·Daemo~~n</ocil:title>	71	······<ocil:title>Disable·SSH·Root·Login</ocil:title>
96	······<ocil:actions>	72	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~gru~~b~~2_audi~~t_argument_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-sshd_disable_root_login_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	74	······</ocil:actions>
99	····</ocil:questionnaire>	75	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-harden_~~ssh_cl~~ient_~~crypto_p~~olicy_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-rpm_verify_permissions_ocil:questionnaire:1">
101	······<ocil:title>Har~~den~~·~~SSH~~·~~cli~~ent·Cr~~ypt~~o·~~Policy~~</ocil:title>	77	······<ocil:title>Verify·and·Correct·File·Permissions·with·RPM</ocil:title>
102	······<ocil:actions>	78	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-harden_~~ssh_cl~~ient_~~crypto_p~~olicy_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-rpm_verify_permissions_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	80	······</ocil:actions>
105	····</ocil:questionnaire>	81	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-sudoers_no_root_target_ocil:questionnaire:1">
107	······<ocil:ti~~tle>Don't·target·root·us~~er·i~~n·the·s~~ud~~oers·~~fi~~le</~~ocil:title>	82	····<ocil:questionnaire·id="ocil:ssg-file_permissions_audit_configuration_ocil:questionnaire:1">
		83	······<ocil:title>Audit·Configuration·Files·Permissions·are·640·or·More·Restrictive</ocil:title>
108	······<ocil:actions>	84	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~sudo~~ers_no_~~roo~~t_~~tar~~get_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-file_permissions_audit_configuration_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	86	······</ocil:actions>
111	····</ocil:questionnaire>	87	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-a~~udit~~_rules_dac_~~modific~~at~~ion~~_~~lse~~tx~~attr~~_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-sshd_set_max_auth_tries_ocil:questionnaire:1">
113	······<ocil:title>~~Record·E~~vents·t~~hat~~·~~Modif~~y·the~~·Sy~~st~~em's·D~~iscretion~~ary~~·~~Acc~~e~~ss·C~~ont~~rols·-~~·l~~setxat~~tr</ocil:title>	89	······<ocil:title>Set·SSH·authentication·attempt·limit</ocil:title>
114	······<ocil:actions>	90	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-a~~udit~~_rules_dac_~~modific~~at~~ion~~_~~lse~~tx~~attr~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-sshd_set_max_auth_tries_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	92	······</ocil:actions>
117	····</ocil:questionnaire>	93	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-disallow_bypass_password_sudo_ocil:questionnaire:1">
119	······<ocil:title~~>Di~~sallo~~w·C~~onfiguratio~~n·t~~o·~~Bypa~~ss·Passwo~~rd·Req~~u~~ireme~~nts·fo~~r·Priv~~ile~~ge·Es~~cal~~ation</~~o~~cil:title~~>	94	····<ocil:questionnaire·id="ocil:ssg-accounts_logon_fail_delay_ocil:questionnaire:1">
		95	······<ocil:title>Ensure·the·Logon·Failure·Delay·is·Set·Correctly·in·login.defs</ocil:title>
120	······<ocil:actions>	96	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-~~disallow~~_b~~ypass~~_pass~~wor~~d_~~sudo~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-accounts_logon_fail_delay_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	98	······</ocil:actions>
123	····</ocil:questionnaire>	99	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-~~package~~_te~~lne~~t_re~~moved~~_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-sshd_do_not_permit_user_env_ocil:questionnaire:1">
Max diff block lines reached; 864047/875340 bytes (98.71%) of diff not shown.


Offset 3, 6850 lines modified		Offset 3, 6803 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-acc~~oun~~ts_set_post_~~pw_exis~~ting_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-auditd_data_disk_full_action_ocil:questionnaire:1">
11	······<ocil:title>Se~~t·ex~~is~~ting~~·pa~~sswo~~rd~~s·a~~·period·~~of·ina~~ctivity·~~before·they·be~~e~~n·locked~~</ocil:title>	11	······<ocil:title>Configure·auditd·Disk·Full·Action·when·Disk·Space·Is·Full</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-acc~~oun~~ts_set_post_~~pw_exis~~ting_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-auditd_data_disk_full_action_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-file_~~owner~~_et~~c_pas~~swd_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-display_login_attempts_ocil:questionnaire:1">
17	······<ocil:title>Verify·Us~~er·Wh~~o~~·Own~~s·~~passwd·F~~ile</ocil:title>	17	······<ocil:title>Ensure·PAM·Displays·Last·Logon/Access·Notification</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-file_~~owner~~_et~~c_pas~~swd_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-display_login_attempts_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-~~audi~~t_~~rules_system_shutdown~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-mount_option_var_log_noexec_ocil:questionnaire:1">
23	······<ocil:title>~~Shu~~tdown·Syste~~m·W~~hen·Auditing·~~Failures·Occur~~</ocil:title>	23	······<ocil:title>Add·noexec·Option·to·/var/log</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~audi~~t_~~rules_system_shutdown~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-mount_option_var_log_noexec_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-~~dconf_gnom~~e_~~screen~~sa~~ver_i~~dle_d~~elay~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-service_nfs_disabled_ocil:questionnaire:1">
29	······<ocil:title>~~Set·GNOME3·Sc~~re~~ensav~~er·I~~nac~~t~~ivi~~ty·Ti~~meout~~</ocil:title>	29	······<ocil:title>Disable·Network·File·System·(nfs)</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~dconf_gnom~~e_~~screen~~sa~~ver_i~~dle_d~~elay~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-service_nfs_disabled_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-~~file_owner_cron~~_we~~ekly~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-package_dnsmasq_removed_ocil:questionnaire:1">
35	······<ocil:title>Verify~~·Owner~~·on~~·cron.wee~~kly</ocil:title>	35	······<ocil:title>Uninstall·dnsmasq·Package</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~file_owner_cron~~_we~~ekly~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-package_dnsmasq_removed_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-chronyd_specify_remote_server_ocil:questionnaire:1">
41	······<ocil:tit~~le>A·~~re~~mote·t~~i~~me·~~s~~erver·f~~or~~·Ch~~r~~ony·is·confi~~g~~ure~~d</ocil:title>	40	····<ocil:questionnaire·id="ocil:ssg-file_owner_backup_etc_gshadow_ocil:questionnaire:1">
		41	······<ocil:title>Verify·User·Who·Owns·Backup·gshadow·File</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~chr~~onyd_spec~~ify~~_remote_s~~erver~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_gshadow_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-has_no~~nlo~~cal~~_mta~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lchown_ocil:questionnaire:1">
47	······<ocil:title>~~Ensu~~re·~~Mail~~·Tra~~nsfer~~·Age~~nt·is·not~~·Listening·~~on·any~~·non-loop~~back~~·A~~ddress~~</ocil:title>	47	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·lchown</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-has_no~~nlo~~cal~~_mta~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_lchown_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-mount_~~opti~~on_~~tmp~~_noexec_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-accounts_root_gid_zero_ocil:questionnaire:1">
53	······<ocil:title>~~Add~~·no~~exec~~·~~Opt~~i~~on·to·/tmp~~</ocil:title>	53	······<ocil:title>Verify·Root·Has·A·Primary·GID·0</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-mount_~~opti~~on_~~tmp~~_noexec_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-accounts_root_gid_zero_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-audit_rules_kernel_module_loading_query_ocil:questionnaire:1">
59	······<ocil:~~title>E~~nsure·~~aud~~itd·Co~~lle~~ct~~s·Inform~~a~~tion·on·Kern~~el~~·Mo~~dule~~·Loa~~ding·a~~nd·Un~~load~~ing·-·~~quer~~y_m~~o~~dule</oc~~il:~~title~~>	58	····<ocil:questionnaire·id="ocil:ssg-package_aide_installed_ocil:questionnaire:1">
		59	······<ocil:title>Install·AIDE</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~audit_rules_~~kernel_module_~~load~~in~~g_query~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-package_aide_installed_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-file_permissions_sshd_config_ocil:questionnaire:1">
65	······<ocil:ti~~tle>V~~eri~~fy·Permi~~ss~~ions·on·SSH·Se~~rver·confi~~g·file</~~ocil:title>	64	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_ocil:questionnaire:1">
		65	······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·unix_chkpwd</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-file_p~~erm~~i~~ssi~~ons_~~sshd~~_c~~onfig~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~file~~_~~groupo~~wn~~er_cro~~n~~tab~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-sshd_enable_warning_banner_ocil:questionnaire:1">
71	······<ocil:title>~~Verify~~·Gr~~oup~~·Wh~~o·Ow~~ns·Cron~~tab~~</ocil:title>	71	······<ocil:title>Enable·SSH·Warning·Banner</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~file~~_~~groupo~~wn~~er_cro~~n~~tab~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-sshd_enable_warning_banner_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-r~~sys~~log_remo~~te_~~l~~ogh~~ost_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-set_firewalld_default_zone_ocil:questionnaire:1">
77	······<ocil:title>~~Ens~~ure~~·Logs~~·Sent·To·Rem~~ote~~·~~Hos~~t</ocil:title>	77	······<ocil:title>Set·Default·firewalld·Zone·for·Incoming·Packets</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-r~~sys~~log_remo~~te_~~l~~ogh~~ost_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-set_firewalld_default_zone_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-accounts_minimum_age_login_defs_ocil:questionnaire:1">
83	······<ocil:title~~>Set·Pa~~sswor~~d·M~~in~~imum·Age</~~ocil:title>	82	····<ocil:questionnaire·id="ocil:ssg-file_permissions_sshd_config_ocil:questionnaire:1">
		83	······<ocil:title>Verify·Permissions·on·SSH·Server·config·file</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-a~~ccounts_~~mini~~mum~~_~~age~~_login_d~~efs~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-file_permissions_sshd_config_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-~~fil~~e_at_de~~ny_not_exist~~_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-package_tftp-server_removed_ocil:questionnaire:1">
89	······<ocil:title>Ensu~~re·~~that~~·/e~~tc/at.d~~eny·do~~es·no~~t·exist~~</ocil:title>	89	······<ocil:title>Uninstall·tftp-server·Package</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~fil~~e_at_de~~ny_not_exist~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-package_tftp-server_removed_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-~~packag~~e_audit_in~~stalle~~d_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchmodat_ocil:questionnaire:1">
95	······<ocil:title>~~Ensu~~re·the·audit·~~Subs~~ystem·is·Installed</ocil:title>	95	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fchmodat</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_audit_in~~stalle~~d_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchmodat_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-a~~udit~~_rules_e~~xecu~~t~~ion_chacl~~_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-sshd_set_maxstartups_ocil:questionnaire:1">
101	······<ocil:title>~~Reco~~rd·~~Any~~·At~~tempt~~s·to·Run~~·chacl~~</ocil:title>	101	······<ocil:title>Ensure·SSH·MaxStartups·is·configured</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-a~~udit~~_rules_e~~xecu~~t~~ion_chacl~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-sshd_set_maxstartups_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_maxrepeat_ocil:questionnaire:1">
107	······<ocil:ti~~tle>S~~e~~t·Password·M~~aximu~~m·Co~~nsecutive~~·Repe~~atin~~g·C~~har~~act~~e~~rs</~~ocil:title>	106	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at_ocil:questionnaire:1">
		107	······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·open_by_handle_at</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-a~~cco~~unts_pass~~word~~_~~pam~~_maxrepeat_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-file~~_grou~~p~~own~~er_u~~ser_cfg~~_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-libreswan_approved_tunnels_ocil:questionnaire:1">
113	······<ocil:title>Verify·~~/bo~~o~~t/gr~~u~~b2/user.~~c~~fg·Group·Ow~~ne~~rship~~</ocil:title>	113	······<ocil:title>Verify·Any·Configured·IPSec·Tunnel·Connections</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-file~~_grou~~p~~own~~er_u~~ser_cfg~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-libreswan_approved_tunnels_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-sudo_custom_logfile_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_opasswd_ocil:questionnaire:1">
119	······<ocil:title>~~Ensu~~re·~~Sudo~~·Logfile·~~Exis~~ts·-·su~~do·l~~o~~gfile~~</ocil:title>	119	······<ocil:title>Record·Events·that·Modify·User/Group·Information·-·/etc/security/opasswd</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-sudo_custom_logfile_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-audit_rules_usergroup_modification_opasswd_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	122	······</ocil:actions>
123	····</ocil:questionnaire>	123	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-f~~ile_pe~~r~~mission~~s_cr~~on_week~~ly_ocil:questionnaire:1">	124	····<ocil:questionnaire·id="ocil:ssg-audit_rules_immutable_ocil:questionnaire:1">
Max diff block lines reached; 1011491/1024143 bytes (98.76%) of diff not shown.


Offset 3, 7322 lines modified		Offset 3, 7370 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-service_iptables_enabled_ocil:questionnaire:1">
11	······<ocil:title>Verify·iptables·Enabled</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-service_iptables_enabled_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-package_libr~~esw~~an_installed_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-package_cron_installed_ocil:questionnaire:1">
17	······<ocil:title>Install·l~~ibreswa~~n·~~Packag~~e</ocil:title>	11	······<ocil:title>Install·the·cron·service</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-package_libr~~esw~~an_installed_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-package_cron_installed_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-~~file~~_p~~erm~~i~~ssi~~ons_e~~tc_g~~roup_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-audit_privileged_commands_poweroff_ocil:questionnaire:1">
23	······<ocil:title>Verify·Permi~~ssi~~ons·on·group·~~Fil~~e</ocil:title>	17	······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·poweroff</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~file~~_p~~erm~~i~~ssi~~ons_e~~tc_g~~roup_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-audit_privileged_commands_poweroff_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-~~ensu~~re_red~~hat~~_~~gpgkey_~~in~~stall~~ed_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-kernel_config_kexec_ocil:questionnaire:1">
29	······<ocil:title>Ensure·Red·~~Hat~~·G~~PG·K~~ey·~~Ins~~talled</ocil:title>	23	······<ocil:title>Disable·kexec·system·call</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~ensu~~re_red~~hat~~_~~gpgkey_~~in~~stall~~ed_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-kernel_config_kexec_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_sshd_config_ocil:questionnaire:1">
35	······<ocil:ti~~tle>V~~eri~~fy·Group·Who·Ow~~ns~~·SSH·Se~~rve~~r·c~~on~~fig·f~~i~~le</~~ocil:title>	28	····<ocil:questionnaire·id="ocil:ssg-accounts_max_concurrent_login_sessions_ocil:questionnaire:1">
		29	······<ocil:title>Limit·the·Number·of·Concurrent·Login·Sessions·Allowed·Per·User</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~file~~_grou~~pow~~n~~er_sshd~~_~~conf~~ig_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-accounts_max_concurrent_login_sessions_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-a~~ccounts_~~u~~mask~~_etc_~~pro~~f~~ile~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-auditd_freq_ocil:questionnaire:1">
41	······<ocil:title>En~~sur~~e~~·the~~·De~~faul~~t·~~Uma~~sk·is·Se~~t·Correct~~ly·in·~~/etc/pr~~ofile</ocil:title>	35	······<ocil:title>Set·number·of·records·to·cause·an·explicit·flush·to·audit·logs</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-a~~ccounts_~~u~~mask~~_etc_~~pro~~f~~ile~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-auditd_freq_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
47	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·th~~at·M~~odi~~fy·the·~~Sys~~tem'~~s~~·Di~~screti~~onary·Acc~~es~~s·C~~ontrol~~s·-·fch~~owna~~t</oc~~il:~~title~~>	40	····<ocil:questionnaire·id="ocil:ssg-sshd_set_keepalive_0_ocil:questionnaire:1">
		41	······<ocil:title>Set·SSH·Client·Alive·Count·Max·to·zero</ocil:title>
48	······<ocil:actions>	42	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-a~~udit~~_~~rule~~s_dac_~~modific~~ation_~~fchowna~~t_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-sshd_set_keepalive_0_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	44	······</ocil:actions>
51	····</ocil:questionnaire>	45	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_creat_ocil:questionnaire:1">
53	······<ocil:~~title>Reco~~rd·~~Unsu~~ccessful·~~Acc~~ess~~·Attempt~~s~~·to·Files·-·c~~re~~at</~~ocil:title>	46	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_group_ocil:questionnaire:1">
		47	······<ocil:title>Verify·Permissions·on·Backup·group·File</ocil:title>
54	······<ocil:actions>	48	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-audi~~t_ru~~les_un~~succe~~ss~~ful_file~~_~~modifica~~tion_cr~~eat~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_group_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	50	······</ocil:actions>
57	····</ocil:questionnaire>	51	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-selinux_~~state~~_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_d_ocil:questionnaire:1">
59	······<ocil:title>~~Ensu~~re~~·SE~~Linux·S~~tat~~e·is·Enfor~~cing~~</ocil:title>	53	······<ocil:title>Verify·Owner·on·cron.d</ocil:title>
60	······<ocil:actions>	54	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-selinux_~~state~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-file_owner_cron_d_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	56	······</ocil:actions>
63	····</ocil:questionnaire>	57	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-auditd_overflow_a~~cti~~on_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-partition_for_var_log_ocil:questionnaire:1">
65	······<ocil:title>Ap~~prop~~r~~iat~~e·~~Action·Must~~·b~~e·Se~~tup·When·the~~·In~~terna~~l·Audi~~t~~·Ev~~ent·Qu~~eue·~~is·~~Full~~</ocil:title>	59	······<ocil:title>Ensure·/var/log·Located·On·Separate·Partition</ocil:title>
66	······<ocil:actions>	60	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-auditd_overflow_a~~cti~~on_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-partition_for_var_log_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	62	······</ocil:actions>
69	····</ocil:questionnaire>	63	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~no_rsh~~_trust_files_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_space_left_action_ocil:questionnaire:1">
71	······<ocil:title>~~Remov~~e·Rs~~h·Trus~~t·Files</ocil:title>	65	······<ocil:title>Configure·auditd·space_left·Action·on·Low·Disk·Space</ocil:title>
72	······<ocil:actions>	66	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~no_rsh~~_trust_files_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_space_left_action_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	68	······</ocil:actions>
75	····</ocil:questionnaire>	69	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-~~dir~~_owne~~rsh~~ip_~~libr~~a~~ry_dir~~s_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-no_empty_passwords_ocil:questionnaire:1">
77	······<ocil:title>Ver~~ify·tha~~t~~·Shared~~·Lib~~rary~~·~~Dire~~cto~~rie~~s·~~Have~~·~~Roo~~t~~·Ownership~~</ocil:title>	71	······<ocil:title>Prevent·Login·to·Accounts·With·Empty·Password</ocil:title>
78	······<ocil:actions>	72	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~dir~~_owne~~rsh~~ip_~~libr~~a~~ry_dir~~s_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-no_empty_passwords_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	74	······</ocil:actions>
81	····</ocil:questionnaire>	75	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-audit_privileged_commands_shutdown_ocil:questionnaire:1">
83	······<ocil:~~title>E~~nsure·~~aud~~itd·Col~~lect~~s~~·Info~~rma~~tion·~~on~~·the·Us~~e~~·of·Pr~~ivil~~eged·C~~omm~~ands·-·~~shutdown</ocil:~~title~~>	76	····<ocil:questionnaire·id="ocil:ssg-kernel_config_page_table_isolation_ocil:questionnaire:1">
		77	······<ocil:title>Remove·the·kernel·mapping·in·user·mode</ocil:title>
84	······<ocil:actions>	78	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~audit~~_pri~~vile~~ged_~~command~~s_~~shu~~tdown_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-kernel_config_page_table_isolation_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	80	······</ocil:actions>
87	····</ocil:questionnaire>	81	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-kernel_config_debug_notifiers_ocil:questionnaire:1">
89	······<ocil:~~title>E~~nable·c~~hecks·on·noti~~fier~~·call·ch~~a~~ins</~~ocil:title>	82	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_at_allow_ocil:questionnaire:1">
		83	······<ocil:title>Verify·Group·Who·Owns·/etc/at.allow·file</ocil:title>
90	······<ocil:actions>	84	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-k~~ern~~el_~~config_d~~ebug_not~~ifiers~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-file_groupowner_at_allow_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	86	······</ocil:actions>
93	····</ocil:questionnaire>	87	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-file~~_ow~~ner_~~backup_e~~tc_~~shad~~ow_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-prefer_64bit_os_ocil:questionnaire:1">
95	······<ocil:title>Ver~~ify~~·~~Group~~·~~Who~~·Owns·~~Backup~~·sh~~adow·Fil~~e</ocil:title>	89	······<ocil:title>Prefer·to·use·a·64-bit·Operating·System·when·supported</ocil:title>
96	······<ocil:actions>	90	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-file~~_ow~~ner_~~backup_e~~tc_~~shad~~ow_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-prefer_64bit_os_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	92	······</ocil:actions>
99	····</ocil:questionnaire>	93	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_open_ocil:questionnaire:1">
101	······<ocil:~~title>Reco~~rd·~~Unsu~~ccess~~ful·Ac~~ces~~s·A~~t~~tempts·to·Files·-·op~~e~~n</~~o~~cil:title~~>	94	····<ocil:questionnaire·id="ocil:ssg-service_autofs_disabled_ocil:questionnaire:1">
		95	······<ocil:title>Disable·the·Automounter</ocil:title>
102	······<ocil:actions>	96	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~audit_rule~~s_u~~nsuc~~cessful_file_modifica~~tion_~~open_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-service_autofs_disabled_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	98	······</ocil:actions>
105	····</ocil:questionnaire>	99	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_log_martians_ocil:questionnaire:1">
107	······<ocil:title>E~~nable·Ke~~rnel·~~Paremeter·to·Lo~~g~~·Ma~~rti~~an·Pa~~ckets~~·on~~·al~~l·IPv4·Int~~e~~rfa~~ces~~·by·D~~e~~fau~~lt</o~~cil:title~~>	100	····<ocil:questionnaire·id="ocil:ssg-service_syslogng_enabled_ocil:questionnaire:1">
		101	······<ocil:title>Enable·syslog-ng·Service</ocil:title>
108	······<ocil:actions>	102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-s~~ysctl_n~~e~~t_i~~pv4_conf_de~~fau~~lt~~_lo~~g_m~~artians~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-service_syslogng_enabled_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	104	······</ocil:actions>
111	····</ocil:questionnaire>	105	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-aud~~it_ru~~les_~~immutable~~_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_tcp_forwarding_ocil:questionnaire:1">
113	······<ocil:title>M~~ake·th~~e·~~auditd~~·Conf~~igu~~ration~~·Immutabl~~e</ocil:title>	107	······<ocil:title>Disable·SSH·TCP·Forwarding</ocil:title>
114	······<ocil:actions>	108	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-aud~~it_ru~~les_~~immutable~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-sshd_disable_tcp_forwarding_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	110	······</ocil:actions>
117	····</ocil:questionnaire>	111	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-~~file_~~g~~roup~~o~~wner_ba~~ckup_etc_p~~asswd~~_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-configure_openssl_crypto_policy_ocil:questionnaire:1">
119	······<ocil:title>~~Ver~~ify·~~Group~~·~~Who~~·~~Own~~s·~~Backup~~·~~passwd~~·File</ocil:title>	113	······<ocil:title>Configure·OpenSSL·library·to·use·System·Crypto·Policy</ocil:title>
120	······<ocil:actions>	114	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-~~file_~~g~~roup~~o~~wner_ba~~ckup_etc_p~~asswd~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-configure_openssl_crypto_policy_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	116	······</ocil:actions>
Max diff block lines reached; 999635/1011638 bytes (98.81%) of diff not shown.


Offset 3, 6663 lines modified		Offset 3, 6762 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_default_accept_redirects_ocil:questionnaire:1">
11	······<ocil:title>Disable·Kernel·Parameter·for·Accepting·ICMP·Redirects·by·Default·on·IPv6·Interfaces</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_default_accept_redirects_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-kernel_config_debug_fs_ocil:questionnaire:1">
17	······<ocil:title>Disable·kernel·debugfs</ocil:title>
18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-kernel_config_debug_fs_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>
21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-service_rdisc_disabled_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-service_auditd_enabled_ocil:questionnaire:1">
23	······<ocil:title>Disabl~~e·N~~e~~twork~~·Rou~~ter·~~Di~~scove~~ry·Dae~~mon·(~~rdisc)</ocil:title>	11	······<ocil:title>Enable·auditd·Service</ocil:title>
24	······<ocil:actions>	12	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-service_rdisc_disabled_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-service_auditd_enabled_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	14	······</ocil:actions>
27	····</ocil:questionnaire>	15	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-kerne~~l_conf~~i~~g_pani~~c_ti~~meout~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-coredump_disable_backtraces_ocil:questionnaire:1">
29	······<ocil:title>Ker~~nel·~~p~~ani~~c·ti~~meout~~</ocil:title>	17	······<ocil:title>Disable·core·dump·backtraces</ocil:title>
30	······<ocil:actions>	18	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-kerne~~l_conf~~i~~g_pani~~c_ti~~meout~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-coredump_disable_backtraces_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	20	······</ocil:actions>
33	····</ocil:questionnaire>	21	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-sud~~oer~~s~~_no~~_ro~~ot_target~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">
35	······<ocil:title>D~~on't~~·~~targ~~e~~t·r~~o~~ot·us~~er·~~in·th~~e·s~~udoers~~·file</ocil:title>	23	······<ocil:title>Disable·Compression·Or·Set·Compression·to·delayed</ocil:title>
36	······<ocil:actions>	24	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-sud~~oer~~s~~_no~~_ro~~ot_target~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	26	······</ocil:actions>
39	····</ocil:questionnaire>	27	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-partition_~~for~~_dev_shm_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_issue_ocil:questionnaire:1">
41	······<ocil:title>~~Ensu~~r~~e·/dev/~~shm·is·con~~figur~~ed</ocil:title>	29	······<ocil:title>Verify·permissions·on·System·Login·Banner</ocil:title>
42	······<ocil:actions>	30	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-partition_~~for~~_dev_shm_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_issue_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	32	······</ocil:actions>
45	····</ocil:questionnaire>	33	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1">
47	······<ocil:title~~>Di~~s~~able·Ker~~n~~el·Pa~~rameter·f~~or·Ac~~c~~ept~~in~~g·Source-Ro~~uted·~~Packet~~s·on·all~~·IPv4·Interfac~~es</o~~cil:title~~>	34	····<ocil:questionnaire·id="ocil:ssg-sshd_use_priv_separation_ocil:questionnaire:1">
		35	······<ocil:title>Enable·Use·of·Privilege·Separation</ocil:title>
48	······<ocil:actions>	36	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-sysctl_~~net~~_ip~~v4_conf_all~~_accep~~t_so~~urc~~e_r~~oute_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-sshd_use_priv_separation_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	38	······</ocil:actions>
51	····</ocil:questionnaire>	39	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_shared_media_ocil:questionnaire:1">
53	······<ocil:t~~itle>C~~onf~~igu~~re·~~Send~~i~~ng·an~~d~~·Ac~~c~~eptin~~g·Sha~~red·Media·Redirects·~~f~~or·~~All~~·IPv4·Interfac~~es</o~~cil:title~~>	40	····<ocil:questionnaire·id="ocil:ssg-accounts_logon_fail_delay_ocil:questionnaire:1">
		41	······<ocil:title>Ensure·the·Logon·Failure·Delay·is·Set·Correctly·in·login.defs</ocil:title>
54	······<ocil:actions>	42	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-sysc~~tl_~~net_i~~pv4_c~~onf_all_~~share~~d_me~~dia~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-accounts_logon_fail_delay_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	44	······</ocil:actions>
57	····</ocil:questionnaire>	45	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-account_disable_post_pw_expiration_ocil:questionnaire:1">
59	······<ocil:ti~~tle>S~~e~~t·Acc~~o~~unt·Expiration·Foll~~o~~wing·Inactiv~~i~~ty</~~ocil:title>	46	····<ocil:questionnaire·id="ocil:ssg-sysctl_fs_protected_hardlinks_ocil:questionnaire:1">
		47	······<ocil:title>Enable·Kernel·Parameter·to·Enforce·DAC·on·Hardlinks</ocil:title>
60	······<ocil:actions>	48	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-ac~~coun~~t~~_di~~s~~able~~_post~~_pw_expi~~ration_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-sysctl_fs_protected_hardlinks_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	50	······</ocil:actions>
63	····</ocil:questionnaire>	51	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-service_named_disabled_ocil:questionnaire:1">
65	······<ocil:title>Disable·named~~·Se~~rvic~~e</~~ocil:title>	52	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_ftruncate_ocil:questionnaire:1">
		53	······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·ftruncate</ocil:title>
66	······<ocil:actions>	54	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-s~~ervi~~ce_named_disa~~bled~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_ftruncate_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	56	······</ocil:actions>
69	····</ocil:questionnaire>	57	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_route_localnet_ocil:questionnaire:1">
71	······<ocil:~~title>Pr~~event~~·Rout~~ing·~~Externa~~l~~·Traf~~fic~~·to·L~~o~~cal·Loop~~back·~~on·All·IPv4·Interfac~~es</o~~cil:title~~>	58	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_group_ocil:questionnaire:1">
		59	······<ocil:title>Verify·Group·Who·Owns·Backup·group·File</ocil:title>
72	······<ocil:actions>	60	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~sys~~ctl_net_~~ipv4_co~~nf_a~~ll_rou~~te_~~localnet~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-file_groupowner_backup_etc_group_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	62	······</ocil:actions>
75	····</ocil:questionnaire>	63	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-~~sys~~ctl_ne~~t_ipv4~~_conf~~_all~~_log_~~martians~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-file_owner_grub2_cfg_ocil:questionnaire:1">
77	······<ocil:title>~~Enable·~~Ker~~nel~~·Pa~~rame~~te~~r·to·Lo~~g~~·Ma~~r~~tian·Pa~~ckets·on~~·all~~·~~IPv4~~·Interf~~aces~~</ocil:title>	65	······<ocil:title>Verify·/boot/grub2/grub.cfg·User·Ownership</ocil:title>
78	······<ocil:actions>	66	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~sys~~ctl_ne~~t_ipv4~~_conf~~_all~~_log_~~martians~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-file_owner_grub2_cfg_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	68	······</ocil:actions>
81	····</ocil:questionnaire>	69	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1">
83	······<ocil:t~~itle>C~~onf~~igu~~re·~~aud~~itd~~·max_~~l~~og_file_~~a~~ction·U~~p~~on·Re~~a~~ching·Maxim~~u~~m·L~~o~~g·Siz~~e</o~~cil:title~~>	70	····<ocil:questionnaire·id="ocil:ssg-disallow_bypass_password_sudo_ocil:questionnaire:1">
		71	······<ocil:title>Disallow·Configuration·to·Bypass·Password·Requirements·for·Privilege·Escalation</ocil:title>
84	······<ocil:actions>	72	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-audi~~td_~~dat~~a_retention~~_ma~~x_l~~o~~g_fi~~le_a~~cti~~on_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-disallow_bypass_password_sudo_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	74	······</ocil:actions>
87	····</ocil:questionnaire>	75	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-file_~~owner~~ship_var_~~log~~_a~~udit~~_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_passwd_ocil:questionnaire:1">
89	······<ocil:title>~~System~~·~~Aud~~i~~t·L~~ogs·~~Must·Be·Owned·By~~·~~Root~~</ocil:title>	77	······<ocil:title>Verify·Permissions·on·Backup·passwd·File</ocil:title>
90	······<ocil:actions>	78	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-file_~~owner~~ship_var_~~log~~_a~~udit~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	80	······</ocil:actions>
93	····</ocil:questionnaire>	81	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-service_nfs_disabled_ocil:questionnaire:1">
95	······<ocil:title>Disa~~ble·Net~~wor~~k·File·Syst~~e~~m·(nfs)</~~ocil:title>	82	····<ocil:questionnaire·id="ocil:ssg-accounts_password_set_max_life_existing_ocil:questionnaire:1">
		83	······<ocil:title>Set·Existing·Passwords·Maximum·Age</ocil:title>
96	······<ocil:actions>	84	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-ser~~vic~~e_nfs_disa~~bled~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-accounts_password_set_max_life_existing_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	86	······</ocil:actions>
99	····</ocil:questionnaire>	87	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-file_owner_c~~ron~~_~~hou~~rly_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-file_owner_backup_etc_group_ocil:questionnaire:1">
101	······<ocil:title>Verify·Owner·on·c~~ron.h~~ourly</ocil:title>	89	······<ocil:title>Verify·User·Who·Owns·Backup·group·File</ocil:title>
102	······<ocil:actions>	90	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-file_owner_c~~ron~~_~~hou~~rly_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_group_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	92	······</ocil:actions>
105	····</ocil:questionnaire>	93	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-s~~ervice~~_http~~d_d~~is~~abl~~ed_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-sshd_do_not_permit_user_env_ocil:questionnaire:1">
107	······<ocil:title>Di~~sable~~·~~httpd~~·Service</ocil:title>	95	······<ocil:title>Do·Not·Allow·SSH·Environment·Options</ocil:title>
108	······<ocil:actions>	96	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-s~~ervice~~_http~~d_d~~is~~abl~~ed_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-sshd_do_not_permit_user_env_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	98	······</ocil:actions>
111	····</ocil:questionnaire>	99	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-k~~ern~~el_~~conf~~i~~g_securi~~ty_~~yama~~_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_motd_ocil:questionnaire:1">
113	······<ocil:title>~~Enable~~·Yama·s~~upp~~ort</ocil:title>	101	······<ocil:title>Verify·permissions·on·Message·of·the·Day·Banner</ocil:title>
114	······<ocil:actions>	102	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-k~~ern~~el_~~conf~~i~~g_securi~~ty_~~yama~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_motd_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	104	······</ocil:actions>
117	····</ocil:questionnaire>	105	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-accounts_password_last_change_is_in_past_ocil:questionnaire:1">
119	······<ocil:~~title>E~~nsure·~~all·users·~~las~~t·pa~~s~~sword·cha~~nge~~·date·is·in·the·pa~~st</o~~cil:title~~>	106	····<ocil:questionnaire·id="ocil:ssg-file_owner_var_log_ocil:questionnaire:1">
		107	······<ocil:title>Verify·User·Who·Owns·/var/log·Directory</ocil:title>
120	······<ocil:actions>	108	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-~~accounts~~_~~pas~~sw~~ord~~_last_chang~~e_is_in_past~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-file_owner_var_log_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 996512/1008357 bytes (98.83%) of diff not shown.


Offset 407, 25 lines modified		Offset 407, 25 lines modified
407	······</cpe-lang:logical-test>	407	······</cpe-lang:logical-test>
408	····</cpe-lang:platform>	408	····</cpe-lang:platform>
409	····<cpe-lang:platform·id="package_bash">	409	····<cpe-lang:platform·id="package_bash">
410	······<cpe-lang:logical-test·operator="AND"·negate="false">	410	······<cpe-lang:logical-test·operator="AND"·negate="false">
411	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>	411	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>
412	······</cpe-lang:logical-test>	412	······</cpe-lang:logical-test>
413	····</cpe-lang:platform>	413	····</cpe-lang:platform>
414	····<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">
415	······<cpe-lang:logical-test·operator="AND"·negate="false">
416	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>
417	······</cpe-lang:logical-test>
418	····</cpe-lang:platform>
419	····<cpe-lang:platform·id="os_linux_rhel_gt_or_eq_8_7_and_os_linux_rhel_ne_9_0">	414	····<cpe-lang:platform·id="os_linux_rhel_gt_or_eq_8_7_and_os_linux_rhel_ne_9_0">
420	······<cpe-lang:logical-test·operator="AND"·negate="false">	415	······<cpe-lang:logical-test·operator="AND"·negate="false">
421	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_gt_or_eq_8_7:def:1"/>	416	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_gt_or_eq_8_7:def:1"/>
422	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_ne_9_0:def:1"/>	417	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_ne_9_0:def:1"/>
423	······</cpe-lang:logical-test>	418	······</cpe-lang:logical-test>
424	····</cpe-lang:platform>	419	····</cpe-lang:platform>
		420	····<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">
		421	······<cpe-lang:logical-test·operator="AND"·negate="false">
		422	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>
		423	······</cpe-lang:logical-test>
		424	····</cpe-lang:platform>
425	····<cpe-lang:platform·id="not_s390x_arch">	425	····<cpe-lang:platform·id="not_s390x_arch">
426	······<cpe-lang:logical-test·operator="AND"·negate="false">	426	······<cpe-lang:logical-test·operator="AND"·negate="false">
427	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/>	427	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/>
428	······</cpe-lang:logical-test>	428	······</cpe-lang:logical-test>
429	····</cpe-lang:platform>	429	····</cpe-lang:platform>
430	····<cpe-lang:platform·id="package_tmux">	430	····<cpe-lang:platform·id="package_tmux">
431	······<cpe-lang:logical-test·operator="AND"·negate="false">	431	······<cpe-lang:logical-test·operator="AND"·negate="false">


Offset 19, 27 lines modified		Offset 19, 27 lines modified
19	····</ds:checklists>	19	····</ds:checklists>
20	····<ds:checks>	20	····<ds:checks>
21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-rhel10-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-rhel10-oval.xml"/>	21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-rhel10-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-rhel10-oval.xml"/>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-rhel10-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-rhel10-ocil.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-rhel10-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-rhel10-ocil.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-rhel10-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-rhel10-cpe-oval.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-rhel10-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-rhel10-cpe-oval.xml"/>
24	····</ds:checks>	24	····</ds:checks>
25	··</ds:data-stream>	25	··</ds:data-stream>
26	··<ds:component·id="scap_org.open-scap_comp_ssg-rhel10-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	26	··<ds:component·id="scap_org.open-scap_comp_ssg-rhel10-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28	······<cpe-dict:cpe-item·name="cpe:/o:redhat:enterprise_linux:10">	28	······<cpe-dict:cpe-item·name="cpe:/o:redhat:enterprise_linux:10">
29	········<cpe-dict:title·xml:lang="en-us">Red·Hat·Enterprise·Linux·10</cpe-dict:title>	29	········<cpe-dict:title·xml:lang="en-us">Red·Hat·Enterprise·Linux·10</cpe-dict:title>
30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml">oval:ssg-installed_OS_is_rhel10:def:1</cpe-dict:check>	30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml">oval:ssg-installed_OS_is_rhel10:def:1</cpe-dict:check>
31	······</cpe-dict:cpe-item>	31	······</cpe-dict:cpe-item>
32	······<cpe-dict:cpe-item·name="cpe:/o:centos:centos:10">	32	······<cpe-dict:cpe-item·name="cpe:/o:centos:centos:10">
33	········<cpe-dict:title·xml:lang="en-us">CentOS·Stream·10</cpe-dict:title>	33	········<cpe-dict:title·xml:lang="en-us">CentOS·Stream·10</cpe-dict:title>
34	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml">oval:ssg-installed_OS_is_centos10:def:1</cpe-dict:check>	34	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml">oval:ssg-installed_OS_is_centos10:def:1</cpe-dict:check>
35	······</cpe-dict:cpe-item>	35	······</cpe-dict:cpe-item>
36	····</cpe-dict:cpe-list>	36	····</cpe-dict:cpe-list>
37	··</ds:component>	37	··</ds:component>
38	··<ds:component·id="scap_org.open-scap_comp_ssg-rhel10-xccdf.xml"·timestamp="2025-02-28T20:08:00">	38	··<ds:component·id="scap_org.open-scap_comp_ssg-rhel10-xccdf.xml"·timestamp="2025-03-01T22:08:00">
39	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-10"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	39	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-10"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
40	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	40	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
41	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·10</xccdf-1.2:title>	41	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·10</xccdf-1.2:title>
42	······<xccdf-1.2:description>	42	······<xccdf-1.2:description>
43	········This·guide·presents·a·catalog·of·security-relevant	43	········This·guide·presents·a·catalog·of·security-relevant
44	configuration·settings·for·Red·Hat·Enterprise·Linux·10.·It·is·a·rendering·of	44	configuration·settings·for·Red·Hat·Enterprise·Linux·10.·It·is·a·rendering·of
45	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	45	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 366, 25 lines modified		Offset 366, 25 lines modified
366	··········</cpe-lang:logical-test>	366	··········</cpe-lang:logical-test>
367	········</cpe-lang:platform>	367	········</cpe-lang:platform>
368	········<cpe-lang:platform·id="package_bash">	368	········<cpe-lang:platform·id="package_bash">
369	··········<cpe-lang:logical-test·operator="AND"·negate="false">	369	··········<cpe-lang:logical-test·operator="AND"·negate="false">
370	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>	370	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>
371	··········</cpe-lang:logical-test>	371	··········</cpe-lang:logical-test>
372	········</cpe-lang:platform>	372	········</cpe-lang:platform>
373	········<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">
374	··········<cpe-lang:logical-test·operator="AND"·negate="false">
375	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>
376	··········</cpe-lang:logical-test>
377	········</cpe-lang:platform>
378	········<cpe-lang:platform·id="os_linux_rhel_gt_or_eq_8_7_and_os_linux_rhel_ne_9_0">	373	········<cpe-lang:platform·id="os_linux_rhel_gt_or_eq_8_7_and_os_linux_rhel_ne_9_0">
379	··········<cpe-lang:logical-test·operator="AND"·negate="false">	374	··········<cpe-lang:logical-test·operator="AND"·negate="false">
380	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_gt_or_eq_8_7:def:1"/>	375	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_gt_or_eq_8_7:def:1"/>
381	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_ne_9_0:def:1"/>	376	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_ne_9_0:def:1"/>
382	··········</cpe-lang:logical-test>	377	··········</cpe-lang:logical-test>
383	········</cpe-lang:platform>	378	········</cpe-lang:platform>
		379	········<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">
		380	··········<cpe-lang:logical-test·operator="AND"·negate="false">
		381	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>
		382	··········</cpe-lang:logical-test>
		383	········</cpe-lang:platform>
384	········<cpe-lang:platform·id="not_s390x_arch">	384	········<cpe-lang:platform·id="not_s390x_arch">
385	··········<cpe-lang:logical-test·operator="AND"·negate="false">	385	··········<cpe-lang:logical-test·operator="AND"·negate="false">
386	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/>	386	············<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/>
387	··········</cpe-lang:logical-test>	387	··········</cpe-lang:logical-test>
388	········</cpe-lang:platform>	388	········</cpe-lang:platform>
389	········<cpe-lang:platform·id="package_tmux">	389	········<cpe-lang:platform·id="package_tmux">
390	··········<cpe-lang:logical-test·operator="AND"·negate="false">	390	··········<cpe-lang:logical-test·operator="AND"·negate="false">
Offset 213008, 15 lines modified		Offset 213008, 15 lines modified
213008	··············<xccdf-1.2:check-content-ref·href="ssg-rhel10-ocil.xml"·name="ocil:ssg-audit_perm_change_success_ppc64le_ocil:questionnaire:1"/>	213008	··············<xccdf-1.2:check-content-ref·href="ssg-rhel10-ocil.xml"·name="ocil:ssg-audit_perm_change_success_ppc64le_ocil:questionnaire:1"/>
213009	············</xccdf-1.2:check>	213009	············</xccdf-1.2:check>
213010	··········</xccdf-1.2:Rule>	213010	··········</xccdf-1.2:Rule>
213011	········</xccdf-1.2:Group>	213011	········</xccdf-1.2:Group>
213012	······</xccdf-1.2:Group>	213012	······</xccdf-1.2:Group>
213013	····</xccdf-1.2:Benchmark>	213013	····</xccdf-1.2:Benchmark>
213014	··</ds:component>	213014	··</ds:component>
213015	··<ds:component·id="scap_org.open-scap_comp_ssg-rhel10-oval.xml"·timestamp="2025-02-28T20:08:00">	213015	··<ds:component·id="scap_org.open-scap_comp_ssg-rhel10-oval.xml"·timestamp="2025-03-01T22:08:00">
213016	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	213016	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
213017	······<oval-def:generator>	213017	······<oval-def:generator>
213018	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	213018	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
213019	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>	213019	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.2</oval:product_version>
213020	········<oval:schema_version>5.11</oval:schema_version>	213020	········<oval:schema_version>5.11</oval:schema_version>
213021	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	213021	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>
213022	······</oval-def:generator>	213022	······</oval-def:generator>
Offset 261685, 13145 lines modified		Offset 261685, 13748 lines modified
261685	············</oval-def:arithmetic>	261685	············</oval-def:arithmetic>
261686	············<oval-def:variable_component·var_ref="oval:ssg-var_third_digit_of_umask_from_var_accounts_user_umask:var:1"/>	261686	············<oval-def:variable_component·var_ref="oval:ssg-var_third_digit_of_umask_from_var_accounts_user_umask:var:1"/>
261687	··········</oval-def:arithmetic>	261687	··········</oval-def:arithmetic>
261688	········</oval-def:local_variable>	261688	········</oval-def:local_variable>
261689	······</oval-def:variables>	261689	······</oval-def:variables>
261690	····</oval-def:oval_definitions>	261690	····</oval-def:oval_definitions>
261691	··</ds:component>	261691	··</ds:component>
261692	··<ds:component·id="scap_org.open-scap_comp_ssg-rhel10-ocil.xml"·timestamp="2025-02-28T20:08:00">	261692	··<ds:component·id="scap_org.open-scap_comp_ssg-rhel10-ocil.xml"·timestamp="2025-03-01T22:08:00">
261693	····<ocil:ocil>	261693	····<ocil:ocil>
261694	······<ocil:generator>	261694	······<ocil:generator>
261695	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	261695	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
261696	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>	261696	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>
261697	········<ocil:schema_version>2.0</ocil:schema_version>	261697	········<ocil:schema_version>2.0</ocil:schema_version>
261698	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	261698	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
261699	······</ocil:generator>	261699	······</ocil:generator>
261700	······<ocil:questionnaires>	261700	······<ocil:questionnaires>
261701	········<ocil:questionnaire·id="ocil:ssg-audit_~~modify~~_f~~ail~~ed_p~~pc64le~~_ocil:questionnaire:1">	261701	········<ocil:questionnaire·id="ocil:ssg-use_pam_wheel_for_su_ocil:questionnaire:1">
261702	··········<ocil:title>Confi~~gur~~e·audi~~ting~~·of·~~unsucc~~essful·~~file·modif~~ication~~s·(ppc64le)~~</ocil:title>	261702	··········<ocil:title>Enforce·usage·of·pam_wheel·for·su·authentication</ocil:title>
261703	··········<ocil:actions>	261703	··········<ocil:actions>
261704	············<ocil:test_action_ref>ocil:ssg-audit_~~modify~~_f~~ail~~ed_p~~pc64le~~_action:testaction:1</ocil:test_action_ref>	261704	············<ocil:test_action_ref>ocil:ssg-use_pam_wheel_for_su_action:testaction:1</ocil:test_action_ref>
261705	··········</ocil:actions>	261705	··········</ocil:actions>
261706	········</ocil:questionnaire>	261706	········</ocil:questionnaire>
261707	········<ocil:questionnaire·id="ocil:ssg-~~file~~_permissions_user_~~cfg~~_ocil:questionnaire:1">	261707	········<ocil:questionnaire·id="ocil:ssg-root_permissions_syslibrary_files_ocil:questionnaire:1">
261708	··········<ocil:title>Verify·~~/boot/grub2/us~~e~~r.cfg·Perm~~issions<~~/ocil:~~t~~itl~~e>	261708	··········<ocil:title>Verify·the·system-wide·library·files·in·directories
		261709	"/lib",·"/lib64",·"/usr/lib/"·and·"/usr/lib64"·are·group-owned·by·root.</ocil:title>
261709	··········<ocil:actions>	261710	··········<ocil:actions>
261710	············<ocil:test_action_ref>ocil:ssg-~~file~~_permissions_user_~~cfg~~_action:testaction:1</ocil:test_action_ref>	261711	············<ocil:test_action_ref>ocil:ssg-root_permissions_syslibrary_files_action:testaction:1</ocil:test_action_ref>
261711	··········</ocil:actions>	261712	··········</ocil:actions>
261712	········</ocil:questionnaire>	261713	········</ocil:questionnaire>
261713	········<ocil:questionnaire·id="ocil:ssg-accounts_users_home_files_permissions_ocil:questionnaire:1">
261714	··········<ocil:title~~>All·User·F~~iles·and·D~~ire~~cto~~rie~~s~~·In·T~~h~~e·H~~ome~~·Dir~~e~~ctory~~·Mu~~st·H~~ave·~~Mode·0750·Or·L~~ess·P~~ermiss~~ive~~</ocil~~:~~tit~~le>	261714	········<ocil:questionnaire·id="ocil:ssg-sshd_enable_pubkey_auth_ocil:questionnaire:1">
		261715	··········<ocil:title>Enable·Public·Key·Authentication</ocil:title>
261715	··········<ocil:actions>	261716	··········<ocil:actions>
261716	············<ocil:test_action_ref>ocil:ssg-~~accounts_u~~sers_home~~_fi~~les_p~~ermissions~~_action:testaction:1</ocil:test_action_ref>	261717	············<ocil:test_action_ref>ocil:ssg-sshd_enable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
261717	··········</ocil:actions>	261718	··········</ocil:actions>
261718	········</ocil:questionnaire>	261719	········</ocil:questionnaire>
261719	········<ocil:questionnaire·id="ocil:ssg-xwi~~ndow~~s_runlevel_target_ocil:questionnaire:1">	261720	········<ocil:questionnaire·id="ocil:ssg-service_systemd-journald_enabled_ocil:questionnaire:1">
261720	··········<ocil:title>Disable·~~Graphical·Envir~~onmen~~t·St~~a~~rtup·~~By·Setti~~ng·Default·Tar~~get</ocil:title>	261721	··········<ocil:title>Enable·systemd-journald·Service</ocil:title>
261721	··········<ocil:actions>	261722	··········<ocil:actions>
261722	············<ocil:test_action_ref>ocil:ssg-xwi~~ndow~~s_runlevel_target_action:testaction:1</ocil:test_action_ref>	261723	············<ocil:test_action_ref>ocil:ssg-service_systemd-journald_enabled_action:testaction:1</ocil:test_action_ref>
261723	··········</ocil:actions>	261724	··········</ocil:actions>
261724	········</ocil:questionnaire>	261725	········</ocil:questionnaire>
261725	········<ocil:questionnaire·id="ocil:ssg-file_~~groupown~~er_~~etc_sudoers~~_ocil:questionnaire:1">	261726	········<ocil:questionnaire·id="ocil:ssg-disable_ctrlaltdel_burstaction_ocil:questionnaire:1">
261726	··········<ocil:title>Veri~~fy·Group~~·~~Who·Owns·/~~et~~c/s~~u~~doers·F~~ile</ocil:title>	261727	··········<ocil:title>Disable·Ctrl-Alt-Del·Burst·Action</ocil:title>
261727	··········<ocil:actions>	261728	··········<ocil:actions>
261728	············<ocil:test_action_ref>ocil:ssg-file_~~groupown~~er_~~etc_sudoers~~_action:testaction:1</ocil:test_action_ref>	261729	············<ocil:test_action_ref>ocil:ssg-disable_ctrlaltdel_burstaction_action:testaction:1</ocil:test_action_ref>
261729	··········</ocil:actions>	261730	··········</ocil:actions>
261730	········</ocil:questionnaire>	261731	········</ocil:questionnaire>
261731	········<ocil:questionnaire·id="ocil:ssg-~~audit~~_~~ospp_~~gene~~ral~~_~~ppc64~~le_ocil:questionnaire:1">	261732	········<ocil:questionnaire·id="ocil:ssg-kernel_config_debug_fs_ocil:questionnaire:1">
261732	··········<ocil:title>~~Perform~~·gener~~al·co~~n~~figurati~~on·o~~f·A~~u~~dit~~·f~~or·OSPP·(ppc64le~~)</ocil:title>	261733	··········<ocil:title>Disable·kernel·debugfs</ocil:title>
261733	··········<ocil:actions>	261734	··········<ocil:actions>
261734	············<ocil:test_action_ref>ocil:ssg-~~audit~~_~~ospp_~~gene~~ral~~_~~ppc64~~le_action:testaction:1</ocil:test_action_ref>	261735	············<ocil:test_action_ref>ocil:ssg-kernel_config_debug_fs_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 2252331/2263323 bytes (99.51%) of diff not shown.


Offset 329, 25 lines modified		Offset 329, 25 lines modified
329	······</cpe-lang:logical-test>	329	······</cpe-lang:logical-test>
330	····</cpe-lang:platform>	330	····</cpe-lang:platform>
331	····<cpe-lang:platform·id="package_bash">	331	····<cpe-lang:platform·id="package_bash">
332	······<cpe-lang:logical-test·operator="AND"·negate="false">	332	······<cpe-lang:logical-test·operator="AND"·negate="false">
333	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>	333	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>
334	······</cpe-lang:logical-test>	334	······</cpe-lang:logical-test>
335	····</cpe-lang:platform>	335	····</cpe-lang:platform>
336	····<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">
337	······<cpe-lang:logical-test·operator="AND"·negate="false">
338	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>
339	······</cpe-lang:logical-test>
340	····</cpe-lang:platform>
341	····<cpe-lang:platform·id="os_linux_rhel_gt_or_eq_8_7_and_os_linux_rhel_ne_9_0">	336	····<cpe-lang:platform·id="os_linux_rhel_gt_or_eq_8_7_and_os_linux_rhel_ne_9_0">
342	······<cpe-lang:logical-test·operator="AND"·negate="false">	337	······<cpe-lang:logical-test·operator="AND"·negate="false">
343	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_gt_or_eq_8_7:def:1"/>	338	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_gt_or_eq_8_7:def:1"/>
344	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_ne_9_0:def:1"/>	339	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_ne_9_0:def:1"/>
345	······</cpe-lang:logical-test>	340	······</cpe-lang:logical-test>
346	····</cpe-lang:platform>	341	····</cpe-lang:platform>
		342	····<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">
		343	······<cpe-lang:logical-test·operator="AND"·negate="false">
		344	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>
		345	······</cpe-lang:logical-test>
		346	····</cpe-lang:platform>
347	····<cpe-lang:platform·id="not_s390x_arch">	347	····<cpe-lang:platform·id="not_s390x_arch">
348	······<cpe-lang:logical-test·operator="AND"·negate="false">	348	······<cpe-lang:logical-test·operator="AND"·negate="false">
349	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/>	349	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/>
350	······</cpe-lang:logical-test>	350	······</cpe-lang:logical-test>
351	····</cpe-lang:platform>	351	····</cpe-lang:platform>
352	····<cpe-lang:platform·id="package_tmux">	352	····<cpe-lang:platform·id="package_tmux">
353	······<cpe-lang:logical-test·operator="AND"·negate="false">	353	······<cpe-lang:logical-test·operator="AND"·negate="false">