/usr/bin/diffoscope --timeout 7200 --html /srv/reproducible-results/rbuild-debian/r-b-build.VsiIv6mL/scap-security-guide_0.1.76-1.diffoscope.html --text /srv/reproducible-results/rbuild-debian/r-b-build.VsiIv6mL/scap-security-guide_0.1.76-1.diffoscope.txt --json /srv/reproducible-results/rbuild-debian/r-b-build.VsiIv6mL/scap-security-guide_0.1.76-1.diffoscope.json --profile=- /srv/reproducible-results/rbuild-debian/r-b-build.VsiIv6mL/b1/scap-security-guide_0.1.76-1_arm64.changes /srv/reproducible-results/rbuild-debian/r-b-build.VsiIv6mL/b2/scap-security-guide_0.1.76-1

⊟

93.7 MB

/srv/reproducible-results/rbuild-debian/r-b-build.VsiIv6mL/b1/scap-security-guide_0.1.76-1_arm64.changes vs.

/srv/reproducible-results/rbuild-debian/r-b-build.VsiIv6mL/b2/scap-security-guide_0.1.76-1_arm64.changes ¶

⊟

824 B

Files ¶

⊟

402 KB

ssg-applications_0.1.76-1_all.deb ¶

⊟

367 B

file list ¶

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

401 KB

data.tar.xz ¶

⊟

401 KB

data.tar ¶

⊟

78.9 KB

⊟

78.8 KB

⊟

70.3 KB

⊟

70.2 KB

Ordering differences only

⊟

78.0 KB

⊟

77.9 KB

⊟

69.5 KB

⊟

69.4 KB

Ordering differences only

⊟

55.8 KB

⊟

55.7 KB

⊟

48.7 KB

⊟

48.6 KB

Ordering differences only

⊟

9.93 MB

ssg-debderived_0.1.76-1_all.deb ¶

⊟

367 B

file list ¶

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

9.93 MB

data.tar.xz ¶

⊟

9.93 MB

data.tar ¶

⊟

696 KB

⊟

696 KB

⊟

662 KB

⊟

662 KB

Ordering differences only

⊟

725 KB

⊟

725 KB

⊟

690 KB

⊟

689 KB

Ordering differences only

⊟

1.36 MB

⊟

1.36 MB

⊟

1.3 MB

⊟

1.3 MB

Ordering differences only

⊟

1.43 MB

⊟

1.43 MB

⊟

1.36 MB

⊟

1.36 MB

Ordering differences only

⊟

926 KB

⊟

926 KB

⊟

884 KB

⊟

884 KB

Ordering differences only

⊟

3.72 MB

ssg-debian_0.1.76-1_all.deb ¶

⊟

452 B

file list ¶

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

3.72 MB

data.tar.xz ¶

⊟

3.72 MB

data.tar ¶

⊟

734 KB

⊟

734 KB

⊟

699 KB

⊟

699 KB

Ordering differences only

⊟

1.19 MB

⊟

1.19 MB

⊟

1.13 MB

⊟

1.13 MB

Ordering differences only

⊟

79.7 MB

ssg-nondebian_0.1.76-1_all.deb ¶

⊟

452 B

file list ¶

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

79.7 MB

data.tar.xz ¶

⊟

79.7 MB

data.tar ¶

⊟

3.5 KB

⊟

1.87 KB

⊟

6.32 KB

⊟

4.98 KB

⊟

6.48 KB

⊟

5.11 KB

⊟

1.31 KB

⊟

1.18 KB

⊟

1.12 KB

⊟

999 B

⊟

1.12 KB

⊟

999 B

⊟

755 KB

⊟

755 KB

⊟

719 KB

⊟

719 KB

Ordering differences only

⊟

897 KB

⊟

897 KB

⊟

855 KB

⊟

855 KB

Ordering differences only

⊟

898 KB

⊟

898 KB

⊟

856 KB

⊟

856 KB

Ordering differences only

⊟

1.02 MB

⊟

1.02 MB

⊟

998 KB

⊟

998 KB

Ordering differences only

⊟

1.01 MB

⊟

1.01 MB

⊟

984 KB

⊟

984 KB

Ordering differences only

⊟

1.01 MB

⊟

1.01 MB

⊟

985 KB

⊟

985 KB

Ordering differences only

⊟

3.41 MB

⊟

3.41 MB

⊟

2.15 MB

⊟

2.15 MB

⊟

2.5 KB

⊟

2.4 KB

Ordering differences only

⊟

3.29 MB

⊟

3.29 MB

⊟

2.05 MB

⊟

2.05 MB

⊟

1.96 MB

⊟

1.96 MB

Ordering differences only

⊟

243 KB

⊟

243 KB

⊟

228 KB

⊟

228 KB

Ordering differences only

⊟

9.12 KB

⊟

9.02 KB

⊟

4.0 KB

⊟

3.89 KB

Ordering differences only

⊟

886 KB

⊟

886 KB

⊟

849 KB

⊟

849 KB

Ordering differences only

⊟

1.81 MB

⊟

1.81 MB

⊟

1.74 MB

⊟

1.73 MB

Ordering differences only

⊟

2.19 MB

⊟

2.19 MB

⊟

2.1 MB

⊟

2.1 MB

Ordering differences only

⊟

2.59 MB

⊟

2.59 MB

⊟

2.48 MB

⊟

2.48 MB

Ordering differences only

⊟

2.27 KB

⊟

2.17 KB

Ordering differences only

⊟

2.06 MB

⊟

2.06 MB

⊟

1.97 MB

⊟

1.97 MB

Ordering differences only

⊟

939 KB

⊟

939 KB

⊟

894 KB

⊟

894 KB

Ordering differences only

⊟

560 KB

⊟

560 KB

⊟

532 KB

⊟

532 KB

Ordering differences only

⊟

680 KB

⊟

680 KB

⊟

646 KB

⊟

646 KB

Ordering differences only

⊟

1.62 MB

⊟

1.62 MB

⊟

1.55 MB

⊟

1.55 MB

Ordering differences only

⊟

2.47 KB

⊟

2.37 KB

Ordering differences only

⊟

2.15 MB

⊟

2.15 MB

⊟

2.06 MB

⊟

2.06 MB

Ordering differences only

⊟

2.5 KB

⊟

2.4 KB

Ordering differences only

⊟

3.41 MB

⊟

3.41 MB

⊟

3.27 MB

⊟

3.27 MB

Ordering differences only

⊟

3.29 MB

⊟

3.29 MB

⊟

3.16 MB

⊟

3.16 MB

Ordering differences only

⊟

1.57 MB

⊟

1.57 MB

⊟

1.5 MB

⊟

1.5 MB

Ordering differences only

⊟

1.78 MB

⊟

1.78 MB

⊟

1.71 MB

⊟

1.71 MB

Ordering differences only

⊟

1.88 MB

⊟

1.88 MB

⊟

1.8 MB

⊟

1.8 MB

Ordering differences only

⊟

1.01 MB

⊟

1.01 MB

⊟

988 KB

⊟

988 KB

Ordering differences only


Offset 1, 6 lines modified		Offset 1, 6 lines modified

1	·~~c58~~7~~6af82a37cd0~~d~~6aeb3ad281ef0092~~·153~~832~~·admin·optional·ssg-applications_0.1.76-1_all.deb	1	·4177346ee1b6451d7c1613cf5f44a6b6·153740·admin·optional·ssg-applications_0.1.76-1_all.deb
2	·ea0c1f19113a8a6c0a6e8b10e8e208a9·32632·admin·optional·ssg-base_0.1.76-1_all.deb	2	·ea0c1f19113a8a6c0a6e8b10e8e208a9·32632·admin·optional·ssg-base_0.1.76-1_all.deb
3	·bf7bac2809ae4741dfbfcfc0db40ab0a·3725628·admin·optional·ssg-debderived_0.1.76-1_all.deb
4	·fcd3eb20c308d0a21bf0e3e00278c909·1232392·admin·optional·ssg-debian_0.1.76-1_all.deb
5	·5~~15571b~~41fade~~0102~~2~~7c2~~f~~94e4609929~~·371~~007~~56·admin·optional·ssg-~~non~~debian_0.1.76-1_all.deb	3	·c88e8e42baee3fc6124affc29224cd85·3725852·admin·optional·ssg-debderived_0.1.76-1_all.deb
		4	·20f9dfa3980fc7b181f978e2989303ac·1232184·admin·optional·ssg-debian_0.1.76-1_all.deb
		5	·f73dffb0b8e85ebe6b507af289d02441·37100544·admin·optional·ssg-nondebian_0.1.76-1_all.deb


Offset 1, 3 lines modified		Offset 1, 3 lines modified
1	-rw-r--r--···0········0········0········4·2025-03-01·08:08:00.000000·debian-binary	1	-rw-r--r--···0········0········0········4·2025-03-01·08:08:00.000000·debian-binary
2	-rw-r--r--···0········0········0·····1728·2025-03-01·08:08:00.000000·control.tar.xz	2	-rw-r--r--···0········0········0·····1728·2025-03-01·08:08:00.000000·control.tar.xz
3	-rw-r--r--···0········0········0···151~~912~~·2025-03-01·08:08:00.000000·data.tar.xz	3	-rw-r--r--···0········0········0···151820·2025-03-01·08:08:00.000000·data.tar.xz


Offset 19, 23 lines modified		Offset 19, 23 lines modified
19	····</ds:checklists>	19	····</ds:checklists>
20	····<ds:checks>	20	····<ds:checks>
21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-oval.xml"/>	21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-oval.xml"/>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-ocil.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-ocil.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-cpe-oval.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-chromium-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-chromium-cpe-oval.xml"/>
24	····</ds:checks>	24	····</ds:checks>
25	··</ds:data-stream>	25	··</ds:data-stream>
26	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	26	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28	······<cpe-dict:cpe-item·name="cpe:/a:google:chromium-browser">	28	······<cpe-dict:cpe-item·name="cpe:/a:google:chromium-browser">
29	········<cpe-dict:title·xml:lang="en-us">Google·Chromium·Browser</cpe-dict:title>	29	········<cpe-dict:title·xml:lang="en-us">Google·Chromium·Browser</cpe-dict:title>
30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-chromium-cpe-oval.xml">oval:ssg-installed_app_is_chromium:def:1</cpe-dict:check>	30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-chromium-cpe-oval.xml">oval:ssg-installed_app_is_chromium:def:1</cpe-dict:check>
31	······</cpe-dict:cpe-item>	31	······</cpe-dict:cpe-item>
32	····</cpe-dict:cpe-list>	32	····</cpe-dict:cpe-list>
33	··</ds:component>	33	··</ds:component>
34	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-xccdf.xml"·timestamp="2025-02-28T20:08:00">	34	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-xccdf.xml"·timestamp="2025-03-01T22:08:00">
35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>	37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>
38	······<xccdf-1.2:description>	38	······<xccdf-1.2:description>
39	········This·guide·presents·a·catalog·of·security-relevant	39	········This·guide·presents·a·catalog·of·security-relevant
40	configuration·settings·for·Chromium.·It·is·a·rendering·of	40	configuration·settings·for·Chromium.·It·is·a·rendering·of
41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 1675, 15 lines modified		Offset 1675, 15 lines modified
1675	··········<xccdf-1.2:check·system="http://scap.nist.gov/schema/ocil/2">	1675	··········<xccdf-1.2:check·system="http://scap.nist.gov/schema/ocil/2">
1676	············<xccdf-1.2:check-content-ref·href="ssg-chromium-ocil.xml"·name="ocil:ssg-chromium_whitelist_plugin_urls_ocil:questionnaire:1"/>	1676	············<xccdf-1.2:check-content-ref·href="ssg-chromium-ocil.xml"·name="ocil:ssg-chromium_whitelist_plugin_urls_ocil:questionnaire:1"/>
1677	··········</xccdf-1.2:check>	1677	··········</xccdf-1.2:check>
1678	········</xccdf-1.2:Rule>	1678	········</xccdf-1.2:Rule>
1679	······</xccdf-1.2:Group>	1679	······</xccdf-1.2:Group>
1680	····</xccdf-1.2:Benchmark>	1680	····</xccdf-1.2:Benchmark>
1681	··</ds:component>	1681	··</ds:component>
1682	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-oval.xml"·timestamp="2025-02-28T20:08:00">	1682	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-oval.xml"·timestamp="2025-03-01T22:08:00">
1683	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	1683	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
1684	······<oval-def:generator>	1684	······<oval-def:generator>
1685	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	1685	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
1686	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.4</oval:product_version>	1686	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.4</oval:product_version>
1687	········<oval:schema_version>5.11</oval:schema_version>	1687	········<oval:schema_version>5.11</oval:schema_version>
1688	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	1688	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>
1689	······</oval-def:generator>	1689	······</oval-def:generator>
Offset 2539, 813 lines modified		Offset 2539, 813 lines modified
2539	········<oval-def:external_variable·id="oval:ssg-var_enable_encrypted_searching:var:1"·version="1"·datatype="string"·comment="Expected·search·provider·name"/>	2539	········<oval-def:external_variable·id="oval:ssg-var_enable_encrypted_searching:var:1"·version="1"·datatype="string"·comment="Expected·search·provider·name"/>
2540	········<oval-def:external_variable·id="oval:ssg-var_extension_whitelist:var:1"·version="1"·datatype="string"·comment="Expected·approved·extensions"/>	2540	········<oval-def:external_variable·id="oval:ssg-var_extension_whitelist:var:1"·version="1"·datatype="string"·comment="Expected·approved·extensions"/>
2541	········<oval-def:external_variable·id="oval:ssg-var_auth_schema:var:1"·version="1"·datatype="string"·comment="Expected·HTTP·authentication·type"/>	2541	········<oval-def:external_variable·id="oval:ssg-var_auth_schema:var:1"·version="1"·datatype="string"·comment="Expected·HTTP·authentication·type"/>
2542	········<oval-def:external_variable·id="oval:ssg-var_trusted_home_page:var:1"·version="1"·datatype="string"·comment="Expected·home·page"/>	2542	········<oval-def:external_variable·id="oval:ssg-var_trusted_home_page:var:1"·version="1"·datatype="string"·comment="Expected·home·page"/>
2543	······</oval-def:variables>	2543	······</oval-def:variables>
2544	····</oval-def:oval_definitions>	2544	····</oval-def:oval_definitions>
2545	··</ds:component>	2545	··</ds:component>
2546	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-ocil.xml"·timestamp="2025-02-28T20:08:00">	2546	··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-ocil.xml"·timestamp="2025-03-01T22:08:00">
2547	····<ocil:ocil>	2547	····<ocil:ocil>
2548	······<ocil:generator>	2548	······<ocil:generator>
2549	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	2549	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
2550	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>	2550	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>
2551	········<ocil:schema_version>2.0</ocil:schema_version>	2551	········<ocil:schema_version>2.0</ocil:schema_version>
2552	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	2552	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
2553	······</ocil:generator>	2553	······</ocil:generator>
2554	······<ocil:questionnaires>	2554	······<ocil:questionnaires>
2555	········<ocil:questionnaire·id="ocil:ssg-chromium_enable_approved_plugins_ocil:questionnaire:1">
2556	··········<ocil:title>Enable·Only·Approved·Plugins</ocil:title>
2557	··········<ocil:actions>
2558	············<ocil:test_action_ref>ocil:ssg-chromium_enable_approved_plugins_action:testaction:1</ocil:test_action_ref>
2559	··········</ocil:actions>
2560	········</ocil:questionnaire>
2561	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~auto~~compl~~ete~~_ocil:questionnaire:1">	2555	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_popups_ocil:questionnaire:1">
2562	··········<ocil:title>Disable·~~the·Au~~to~~Fill·Fea~~ture</ocil:title>	2556	··········<ocil:title>Disable·Popups</ocil:title>
2563	··········<ocil:actions>	2557	··········<ocil:actions>
2564	············<ocil:test_action_ref>ocil:ssg-chromium_disable_~~auto~~compl~~ete~~_action:testaction:1</ocil:test_action_ref>	2558	············<ocil:test_action_ref>ocil:ssg-chromium_disable_popups_action:testaction:1</ocil:test_action_ref>
2565	··········</ocil:actions>	2559	··········</ocil:actions>
2566	········</ocil:questionnaire>	2560	········</ocil:questionnaire>
2567	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~password~~_manager_ocil:questionnaire:1">	2561	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_incognito_mode_ocil:questionnaire:1">
2568	··········<ocil:title>Disable·~~Chr~~o~~mium·Passw~~ord·Manager</ocil:title>	2562	··········<ocil:title>Disable·Incognito·Mode</ocil:title>
2569	··········<ocil:actions>	2563	··········<ocil:actions>
2570	············<ocil:test_action_ref>ocil:ssg-chromium_disable_~~password~~_manager_action:testaction:1</ocil:test_action_ref>	2564	············<ocil:test_action_ref>ocil:ssg-chromium_disable_incognito_mode_action:testaction:1</ocil:test_action_ref>
2571	··········</ocil:actions>	2565	··········</ocil:actions>
2572	········</ocil:questionnaire>	2566	········</ocil:questionnaire>
2573	········<ocil:questionnaire·id="ocil:ssg-chromium_disallow_l~~ocat~~ion_~~track~~ing_ocil:questionnaire:1">	2567	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_metrics_reporting_ocil:questionnaire:1">
2574	··········<ocil:title>Disable·L~~ocat~~ion·~~Track~~ing</ocil:title>	2568	··········<ocil:title>Disable·Metrics·Reporting</ocil:title>
2575	··········<ocil:actions>	2569	··········<ocil:actions>
2576	············<ocil:test_action_ref>ocil:ssg-chromium_disallow_l~~ocat~~ion_~~track~~ing_action:testaction:1</ocil:test_action_ref>	2570	············<ocil:test_action_ref>ocil:ssg-chromium_disable_metrics_reporting_action:testaction:1</ocil:test_action_ref>
2577	··········</ocil:actions>	2571	··········</ocil:actions>
2578	········</ocil:questionnaire>	2572	········</ocil:questionnaire>
2579	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~thi~~rdp~~arty_cook~~ies_ocil:questionnaire:1">	2573	········<ocil:questionnaire·id="ocil:ssg-chromium_enable_encrypted_searching_ocil:questionnaire:1">
2580	··········<ocil:title>Disable·3r~~d·Party·Cook~~ies</ocil:title>	2574	··········<ocil:title>Enable·Encrypted·Searching</ocil:title>
2581	··········<ocil:actions>	2575	··········<ocil:actions>
2582	············<ocil:test_action_ref>ocil:ssg-chromium_disable_~~thi~~rdp~~arty_cook~~ies_action:testaction:1</ocil:test_action_ref>	2576	············<ocil:test_action_ref>ocil:ssg-chromium_enable_encrypted_searching_action:testaction:1</ocil:test_action_ref>
2583	··········</ocil:actions>	2577	··········</ocil:actions>
2584	········</ocil:questionnaire>	2578	········</ocil:questionnaire>
2585	········<ocil:questionnaire·id="ocil:ssg-chromium_~~disab~~le_aut~~omatic~~_installation_ocil:questionnaire:1">	2579	········<ocil:questionnaire·id="ocil:ssg-chromium_blacklist_extension_installation_ocil:questionnaire:1">
2586	··········<ocil:title>Disable·A~~utoma~~t~~ic·S~~e~~arch·And·I~~ns~~tallat~~ion·of·~~Plugins~~</ocil:title>	2580	··········<ocil:title>Disable·All·Extensions·by·Default</ocil:title>
2587	··········<ocil:actions>	2581	··········<ocil:actions>
2588	············<ocil:test_action_ref>ocil:ssg-chromium_~~disab~~le_aut~~omatic~~_installation_action:testaction:1</ocil:test_action_ref>	2582	············<ocil:test_action_ref>ocil:ssg-chromium_blacklist_extension_installation_action:testaction:1</ocil:test_action_ref>
2589	··········</ocil:actions>	2583	··········</ocil:actions>
2590	········</ocil:questionnaire>	2584	········</ocil:questionnaire>
2591	········<ocil:questionnaire·id="ocil:ssg-chromium_enable_browser_history_ocil:questionnaire:1">	2585	········<ocil:questionnaire·id="ocil:ssg-chromium_enable_browser_history_ocil:questionnaire:1">
2592	··········<ocil:title>Enable·Saving·the·Browser·History</ocil:title>	2586	··········<ocil:title>Enable·Saving·the·Browser·History</ocil:title>
2593	··········<ocil:actions>	2587	··········<ocil:actions>
2594	············<ocil:test_action_ref>ocil:ssg-chromium_enable_browser_history_action:testaction:1</ocil:test_action_ref>	2588	············<ocil:test_action_ref>ocil:ssg-chromium_enable_browser_history_action:testaction:1</ocil:test_action_ref>
2595	··········</ocil:actions>	2589	··········</ocil:actions>
2596	········</ocil:questionnaire>	2590	········</ocil:questionnaire>
2597	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~sea~~rc~~h_suggest~~ions_ocil:questionnaire:1">	2591	········<ocil:questionnaire·id="ocil:ssg-chromium_enable_approved_plugins_ocil:questionnaire:1">
2598	··········<ocil:title>Disable·~~Search·Sugg~~estion</ocil:title>	2592	··········<ocil:title>Enable·Only·Approved·Plugins</ocil:title>
2599	··········<ocil:actions>	2593	··········<ocil:actions>
2600	············<ocil:test_action_ref>ocil:ssg-chromium_disable_~~sea~~rc~~h_suggest~~ions_action:testaction:1</ocil:test_action_ref>	2594	············<ocil:test_action_ref>ocil:ssg-chromium_enable_approved_plugins_action:testaction:1</ocil:test_action_ref>
2601	··········</ocil:actions>	2595	··········</ocil:actions>
2602	········</ocil:questionnaire>	2596	········</ocil:questionnaire>
2603	········<ocil:questionnaire·id="ocil:ssg-chromium_default_~~search~~_~~provider~~_ocil:questionnaire:1">	2597	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_google_sync_ocil:questionnaire:1">
2604	··········<ocil:title>Enable·~~the~~·~~Default·Se~~a~~rch~~·Pro~~vid~~er</ocil:title>	2598	··········<ocil:title>Disable·Data·Synchronization·to·Google</ocil:title>
2605	··········<ocil:actions>	2599	··········<ocil:actions>
2606	············<ocil:test_action_ref>ocil:ssg-chromium_default_~~search~~_~~provider~~_action:testaction:1</ocil:test_action_ref>	2600	············<ocil:test_action_ref>ocil:ssg-chromium_disable_google_sync_action:testaction:1</ocil:test_action_ref>
2607	··········</ocil:actions>	2601	··········</ocil:actions>
2608	········</ocil:questionnaire>	2602	········</ocil:questionnaire>
2609	········<ocil:questionnaire·id="ocil:ssg-chromium_~~check~~_~~cer~~t~~_revo~~c~~ation~~_ocil:questionnaire:1">	2603	········<ocil:questionnaire·id="ocil:ssg-chromium_disable_protocol_schemas_ocil:questionnaire:1">
2610	··········<ocil:title>Enable·On~~lin~~e·~~OCSP/CRL·C~~e~~rtifi~~c~~ate·C~~hecks</ocil:title>	2604	··········<ocil:title>Disable·Insecure·And·Obsolete·Protocol·Schemas</ocil:title>
2611	··········<ocil:actions>	2605	··········<ocil:actions>
2612	············<ocil:test_action_ref>ocil:ssg-chromium_~~check~~_~~cer~~t~~_revo~~c~~ation~~_action:testaction:1</ocil:test_action_ref>	2606	············<ocil:test_action_ref>ocil:ssg-chromium_disable_protocol_schemas_action:testaction:1</ocil:test_action_ref>
2613	··········</ocil:actions>	2607	··········</ocil:actions>
2614	········</ocil:questionnaire>	2608	········</ocil:questionnaire>
2615	········<ocil:questionnaire·id="ocil:ssg-chromium_~~disabl~~e_~~3d_grap~~hi~~cs_api~~_ocil:questionnaire:1">	2609	········<ocil:questionnaire·id="ocil:ssg-chromium_extension_whitelist_ocil:questionnaire:1">
2616	··········<ocil:title>Disable·~~the~~·~~3D·Graphics·API~~s</ocil:title>	2610	··········<ocil:title>Enable·Only·Approved·Extensions</ocil:title>
2617	··········<ocil:actions>	2611	··········<ocil:actions>
2618	············<ocil:test_action_ref>ocil:ssg-chromium_~~disabl~~e_~~3d_grap~~hi~~cs_api~~_action:testaction:1</ocil:test_action_ref>	2612	············<ocil:test_action_ref>ocil:ssg-chromium_extension_whitelist_action:testaction:1</ocil:test_action_ref>
2619	··········</ocil:actions>	2613	··········</ocil:actions>
2620	········</ocil:questionnaire>	2614	········</ocil:questionnaire>
2621	········<ocil:questionnaire·id="ocil:ssg-chromium_whitelist_plugin_urls_ocil:questionnaire:1">	2615	········<ocil:questionnaire·id="ocil:ssg-chromium_whitelist_plugin_urls_ocil:questionnaire:1">
2622	··········<ocil:title>Enable·Plugins·for·Only·Approved·URLs</ocil:title>	2616	··········<ocil:title>Enable·Plugins·for·Only·Approved·URLs</ocil:title>
2623	··········<ocil:actions>	2617	··········<ocil:actions>
2624	············<ocil:test_action_ref>ocil:ssg-chromium_whitelist_plugin_urls_action:testaction:1</ocil:test_action_ref>	2618	············<ocil:test_action_ref>ocil:ssg-chromium_whitelist_plugin_urls_action:testaction:1</ocil:test_action_ref>
2625	··········</ocil:actions>	2619	··········</ocil:actions>
Max diff block lines reached; 68785/80560 bytes (85.38%) of diff not shown.


Offset 3, 795 lines modified		Offset 3, 795 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-chromium_enable_approved_plugins_ocil:questionnaire:1">
11	······<ocil:title>Enable·Only·Approved·Plugins</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-chromium_enable_approved_plugins_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~auto~~compl~~ete~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_popups_ocil:questionnaire:1">
17	······<ocil:title>Disable·~~the·Au~~to~~Fill·Fea~~ture</ocil:title>	11	······<ocil:title>Disable·Popups</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-chromium_disable_~~auto~~compl~~ete~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-chromium_disable_popups_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~password~~_manager_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_incognito_mode_ocil:questionnaire:1">
23	······<ocil:title>Disable·~~Chr~~o~~mium·Passw~~ord·Manager</ocil:title>	17	······<ocil:title>Disable·Incognito·Mode</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-chromium_disable_~~password~~_manager_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-chromium_disable_incognito_mode_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-chromium_disallow_l~~ocat~~ion_~~track~~ing_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_metrics_reporting_ocil:questionnaire:1">
29	······<ocil:title>Disable·L~~ocat~~ion·~~Track~~ing</ocil:title>	23	······<ocil:title>Disable·Metrics·Reporting</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-chromium_disallow_l~~ocat~~ion_~~track~~ing_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-chromium_disable_metrics_reporting_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~thi~~rdp~~arty_cook~~ies_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-chromium_enable_encrypted_searching_ocil:questionnaire:1">
35	······<ocil:title>Disable·3r~~d·Party·Cook~~ies</ocil:title>	29	······<ocil:title>Enable·Encrypted·Searching</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-chromium_disable_~~thi~~rdp~~arty_cook~~ies_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-chromium_enable_encrypted_searching_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-chromium_~~disab~~le_aut~~omatic~~_installation_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-chromium_blacklist_extension_installation_ocil:questionnaire:1">
41	······<ocil:title>Disable·A~~utoma~~t~~ic·S~~e~~arch·And·I~~ns~~tallat~~ion·of·~~Plugins~~</ocil:title>	35	······<ocil:title>Disable·All·Extensions·by·Default</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-chromium_~~disab~~le_aut~~omatic~~_installation_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-chromium_blacklist_extension_installation_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-chromium_enable_browser_history_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-chromium_enable_browser_history_ocil:questionnaire:1">
47	······<ocil:title>Enable·Saving·the·Browser·History</ocil:title>	41	······<ocil:title>Enable·Saving·the·Browser·History</ocil:title>
48	······<ocil:actions>	42	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-chromium_enable_browser_history_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-chromium_enable_browser_history_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	44	······</ocil:actions>
51	····</ocil:questionnaire>	45	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~sea~~rc~~h_suggest~~ions_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-chromium_enable_approved_plugins_ocil:questionnaire:1">
53	······<ocil:title>Disable·~~Search·Sugg~~estion</ocil:title>	47	······<ocil:title>Enable·Only·Approved·Plugins</ocil:title>
54	······<ocil:actions>	48	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-chromium_disable_~~sea~~rc~~h_suggest~~ions_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-chromium_enable_approved_plugins_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	50	······</ocil:actions>
57	····</ocil:questionnaire>	51	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-chromium_default_~~search~~_~~provider~~_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_google_sync_ocil:questionnaire:1">
59	······<ocil:title>Enable·~~the~~·~~Default·Se~~a~~rch~~·Pro~~vid~~er</ocil:title>	53	······<ocil:title>Disable·Data·Synchronization·to·Google</ocil:title>
60	······<ocil:actions>	54	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-chromium_default_~~search~~_~~provider~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-chromium_disable_google_sync_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	56	······</ocil:actions>
63	····</ocil:questionnaire>	57	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-chromium_~~check~~_~~cer~~t~~_revo~~c~~ation~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_protocol_schemas_ocil:questionnaire:1">
65	······<ocil:title>Enable·On~~lin~~e·~~OCSP/CRL·C~~e~~rtifi~~c~~ate·C~~hecks</ocil:title>	59	······<ocil:title>Disable·Insecure·And·Obsolete·Protocol·Schemas</ocil:title>
66	······<ocil:actions>	60	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-chromium_~~check~~_~~cer~~t~~_revo~~c~~ation~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-chromium_disable_protocol_schemas_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	62	······</ocil:actions>
69	····</ocil:questionnaire>	63	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-chromium_~~disabl~~e_~~3d_grap~~hi~~cs_api~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-chromium_extension_whitelist_ocil:questionnaire:1">
71	······<ocil:title>Disable·~~the~~·~~3D·Graphics·API~~s</ocil:title>	65	······<ocil:title>Enable·Only·Approved·Extensions</ocil:title>
72	······<ocil:actions>	66	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-chromium_~~disabl~~e_~~3d_grap~~hi~~cs_api~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-chromium_extension_whitelist_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	68	······</ocil:actions>
75	····</ocil:questionnaire>	69	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-chromium_whitelist_plugin_urls_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-chromium_whitelist_plugin_urls_ocil:questionnaire:1">
77	······<ocil:title>Enable·Plugins·for·Only·Approved·URLs</ocil:title>	71	······<ocil:title>Enable·Plugins·for·Only·Approved·URLs</ocil:title>
78	······<ocil:actions>	72	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-chromium_whitelist_plugin_urls_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-chromium_whitelist_plugin_urls_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	74	······</ocil:actions>
81	····</ocil:questionnaire>	75	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_protoc~~ol_~~s~~chem~~as_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_automatic_installation_ocil:questionnaire:1">
83	······<ocil:title>Disable·~~Inse~~cure·And·Obso~~lete·Pr~~otocol·~~Schema~~s</ocil:title>	77	······<ocil:title>Disable·Automatic·Search·And·Installation·of·Plugins</ocil:title>
84	······<ocil:actions>	78	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-chromium_disable_protoc~~ol_~~s~~chem~~as_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-chromium_disable_automatic_installation_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	80	······</ocil:actions>
87	····</ocil:questionnaire>	81	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_~~clou~~d_p~~rint~~_~~shar~~ing_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_thirdparty_cookies_ocil:questionnaire:1">
89	······<ocil:title>Disable·Cloud·P~~rint~~·~~Shar~~ing</ocil:title>	83	······<ocil:title>Disable·3rd·Party·Cookies</ocil:title>
90	······<ocil:actions>	84	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-chromium_disable_~~clou~~d_p~~rint~~_~~shar~~ing_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-chromium_disable_thirdparty_cookies_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	86	······</ocil:actions>
93	····</ocil:questionnaire>	87	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-chromium_di~~sable~~_cleart~~ext_passw~~ords_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-chromium_check_cert_revocation_ocil:questionnaire:1">
95	······<ocil:title>Disable·Use·~~of·~~C~~lea~~rt~~ext·Password~~s</ocil:title>	89	······<ocil:title>Enable·Online·OCSP/CRL·Certificate·Checks</ocil:title>
96	······<ocil:actions>	90	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-chromium_di~~sable~~_cleart~~ext_passw~~ords_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-chromium_check_cert_revocation_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	92	······</ocil:actions>
99	····</ocil:questionnaire>	93	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-chromium_d~~isable~~_fi~~rewal~~l~~_trav~~e~~rsal~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-chromium_policy_file_ocil:questionnaire:1">
101	······<ocil:title>Dis~~abl~~e·Chromium's·Ability·to·Trav~~erse~~·Fire~~wall~~s</ocil:title>	95	······<ocil:title>Ensure·the·Chromium·Policy·Configuration·File·Exists</ocil:title>
102	······<ocil:actions>	96	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-chromium_d~~isable~~_fi~~rewal~~l~~_trav~~e~~rsal~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-chromium_policy_file_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	98	······</ocil:actions>
105	····</ocil:questionnaire>	99	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_metr~~ics~~_~~reporting~~_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_cleartext_passwords_ocil:questionnaire:1">
107	······<ocil:title>Disable·Metr~~ics~~·~~Reporting~~</ocil:title>	101	······<ocil:title>Disable·Use·of·Cleartext·Passwords</ocil:title>
108	······<ocil:actions>	102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-chromium_disable_metr~~ics~~_~~reporting~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-chromium_disable_cleartext_passwords_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	104	······</ocil:actions>
111	····</ocil:questionnaire>	105	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-chromium_enable_~~safe~~_br~~ows~~ing_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_network_prediction_ocil:questionnaire:1">
113	······<ocil:title>Enable·the~~·Safe~~·Browsi~~ng·Fe~~at~~ure~~</ocil:title>	107	······<ocil:title>Disable·Network·Prediction</ocil:title>
114	······<ocil:actions>	108	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-chromium_enable_~~safe~~_br~~ows~~ing_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-chromium_disable_network_prediction_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	110	······</ocil:actions>
117	····</ocil:questionnaire>	111	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-chromium_enable_en~~crypted~~_se~~arch~~ing_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-chromium_disable_session_cookies_ocil:questionnaire:1">
119	······<ocil:title>Enable·En~~crypted~~·Se~~arch~~ing</ocil:title>	113	······<ocil:title>Disable·Session·Cookies</ocil:title>
120	······<ocil:actions>	114	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-chromium_enable_en~~crypted~~_se~~arch~~ing_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-chromium_disable_session_cookies_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	116	······</ocil:actions>
123	····</ocil:questionnaire>	117	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-chromium_~~disable~~_~~incog~~ni~~to_m~~ode_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-chromium_http_authentication_ocil:questionnaire:1">
125	······<ocil:title>Dis~~able~~·~~Incog~~nito·~~Mod~~e</ocil:title>	119	······<ocil:title>Set·Chromium's·HTTP·Authentication·Scheme</ocil:title>
126	······<ocil:actions>	120	······<ocil:actions>
127	········<ocil:test_action_ref>ocil:ssg-chromium_~~disable~~_~~incog~~ni~~to_m~~ode_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-chromium_http_authentication_action:testaction:1</ocil:test_action_ref>
128	······</ocil:actions>	122	······</ocil:actions>
129	····</ocil:questionnaire>	123	····</ocil:questionnaire>
Max diff block lines reached; 59378/71723 bytes (82.79%) of diff not shown.


Offset 19, 15 lines modified		Offset 19, 15 lines modified
19	····</ds:checklists>	19	····</ds:checklists>
20	····<ds:checks>	20	····<ds:checks>
21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-oval.xml"/>	21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-oval.xml"/>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-ocil.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-ocil.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-cpe-oval.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-eks-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-eks-cpe-oval.xml"/>
24	····</ds:checks>	24	····</ds:checks>
25	··</ds:data-stream>	25	··</ds:data-stream>
26	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	26	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28	······<cpe-dict:cpe-item·name="cpe:/a:amazon:elastic_kubernetes_service:1">	28	······<cpe-dict:cpe-item·name="cpe:/a:amazon:elastic_kubernetes_service:1">
29	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service</cpe-dict:title>	29	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service</cpe-dict:title>
30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks:def:1</cpe-dict:check>	30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks:def:1</cpe-dict:check>
31	······</cpe-dict:cpe-item>	31	······</cpe-dict:cpe-item>
32	······<cpe-dict:cpe-item·name="cpe:/a:amazon:elastic_kubernetes_service_node:1.21">	32	······<cpe-dict:cpe-item·name="cpe:/a:amazon:elastic_kubernetes_service_node:1.21">
33	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·1.21</cpe-dict:title>	33	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·1.21</cpe-dict:title>
Offset 35, 15 lines modified		Offset 35, 15 lines modified
35	······</cpe-dict:cpe-item>	35	······</cpe-dict:cpe-item>
36	······<cpe-dict:cpe-item·name="cpe:/o:amazon:elastic_kubernetes_service_node:1">	36	······<cpe-dict:cpe-item·name="cpe:/o:amazon:elastic_kubernetes_service_node:1">
37	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·Node</cpe-dict:title>	37	········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·Node</cpe-dict:title>
38	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks_node:def:1</cpe-dict:check>	38	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks_node:def:1</cpe-dict:check>
39	······</cpe-dict:cpe-item>	39	······</cpe-dict:cpe-item>
40	····</cpe-dict:cpe-list>	40	····</cpe-dict:cpe-list>
41	··</ds:component>	41	··</ds:component>
42	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-xccdf.xml"·timestamp="2025-02-28T20:08:00">	42	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-xccdf.xml"·timestamp="2025-03-01T22:08:00">
43	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	43	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
44	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	44	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
45	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>	45	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>
46	······<xccdf-1.2:description>	46	······<xccdf-1.2:description>
47	········This·guide·presents·a·catalog·of·security-relevant	47	········This·guide·presents·a·catalog·of·security-relevant
48	configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of	48	configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of
49	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	49	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 1545, 15 lines modified		Offset 1545, 15 lines modified
1545	··············<xccdf-1.2:check-content-ref·href="ssg-eks-ocil.xml"·name="ocil:ssg-file_permissions_worker_kubeconfig_ocil:questionnaire:1"/>	1545	··············<xccdf-1.2:check-content-ref·href="ssg-eks-ocil.xml"·name="ocil:ssg-file_permissions_worker_kubeconfig_ocil:questionnaire:1"/>
1546	············</xccdf-1.2:check>	1546	············</xccdf-1.2:check>
1547	··········</xccdf-1.2:Rule>	1547	··········</xccdf-1.2:Rule>
1548	········</xccdf-1.2:Group>	1548	········</xccdf-1.2:Group>
1549	······</xccdf-1.2:Group>	1549	······</xccdf-1.2:Group>
1550	····</xccdf-1.2:Benchmark>	1550	····</xccdf-1.2:Benchmark>
1551	··</ds:component>	1551	··</ds:component>
1552	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-oval.xml"·timestamp="2025-02-28T20:08:00">	1552	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-oval.xml"·timestamp="2025-03-01T22:08:00">
1553	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	1553	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
1554	······<oval-def:generator>	1554	······<oval-def:generator>
1555	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	1555	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
1556	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.4</oval:product_version>	1556	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.4</oval:product_version>
1557	········<oval:schema_version>5.11</oval:schema_version>	1557	········<oval:schema_version>5.11</oval:schema_version>
1558	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	1558	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>
1559	······</oval-def:generator>	1559	······</oval-def:generator>
Offset 2166, 330 lines modified		Offset 2166, 330 lines modified
2166	········<oval-def:external_variable·id="oval:ssg-var_streaming_connection_timeouts:var:1"·version="1"·datatype="string"·comment="variable"/>	2166	········<oval-def:external_variable·id="oval:ssg-var_streaming_connection_timeouts:var:1"·version="1"·datatype="string"·comment="variable"/>
2167	········<oval-def:local_variable·id="oval:ssg-kubelet_read_only_port_secured_file_location:var:1"·version="1"·datatype="string"·comment="The·actual·path·of·the·file·to·scan.">	2167	········<oval-def:local_variable·id="oval:ssg-kubelet_read_only_port_secured_file_location:var:1"·version="1"·datatype="string"·comment="The·actual·path·of·the·file·to·scan.">
2168	··········<oval-def:literal_component>/etc/kubernetes/compliance-operator/kubeletconfig/openscap-kubeletconfig</oval-def:literal_component>	2168	··········<oval-def:literal_component>/etc/kubernetes/compliance-operator/kubeletconfig/openscap-kubeletconfig</oval-def:literal_component>
2169	········</oval-def:local_variable>	2169	········</oval-def:local_variable>
2170	······</oval-def:variables>	2170	······</oval-def:variables>
2171	····</oval-def:oval_definitions>	2171	····</oval-def:oval_definitions>
2172	··</ds:component>	2172	··</ds:component>
2173	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-ocil.xml"·timestamp="2025-02-28T20:08:00">	2173	··<ds:component·id="scap_org.open-scap_comp_ssg-eks-ocil.xml"·timestamp="2025-03-01T22:08:00">
2174	····<ocil:ocil>	2174	····<ocil:ocil>
2175	······<ocil:generator>	2175	······<ocil:generator>
2176	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	2176	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
2177	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>	2177	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>
2178	········<ocil:schema_version>2.0</ocil:schema_version>	2178	········<ocil:schema_version>2.0</ocil:schema_version>
2179	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	2179	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
2180	······</ocil:generator>	2180	······</ocil:generator>
2181	······<ocil:questionnaires>	2181	······<ocil:questionnaires>
2182	········<ocil:questionnaire·id="ocil:ssg-kubelet_configure_client_ca_ocil:questionnaire:1">
2183	··········<ocil:title>kubelet·-·Configure·the·Client·CA·Certificate</ocil:title>
2184	··········<ocil:actions>
2185	············<ocil:test_action_ref>ocil:ssg-kubelet_configure_client_ca_action:testaction:1</ocil:test_action_ref>
2186	··········</ocil:actions>
2187	········</ocil:questionnaire>
2188	········<ocil:questionnaire·id="ocil:ssg-configure_network_policy_ocil:questionnaire:1">	2182	········<ocil:questionnaire·id="ocil:ssg-configure_network_policy_ocil:questionnaire:1">
2189	··········<ocil:title>Ensure·Network·Policy·is·Enabled</ocil:title>	2183	··········<ocil:title>Ensure·Network·Policy·is·Enabled</ocil:title>
2190	··········<ocil:actions>	2184	··········<ocil:actions>
2191	············<ocil:test_action_ref>ocil:ssg-configure_network_policy_action:testaction:1</ocil:test_action_ref>	2185	············<ocil:test_action_ref>ocil:ssg-configure_network_policy_action:testaction:1</ocil:test_action_ref>
2192	··········</ocil:actions>	2186	··········</ocil:actions>
2193	········</ocil:questionnaire>	2187	········</ocil:questionnaire>
2194	········<ocil:questionnaire·id="ocil:ssg-f~~ile_~~owner_worke~~r_kubeconfig~~_ocil:questionnaire:1">	2188	········<ocil:questionnaire·id="ocil:ssg-approved_registries_ocil:questionnaire:1">
2195	··········<ocil:title>Ve~~rif~~y·User·~~Who·Owns~~·T~~he·Work~~er·Kube~~con~~fi~~g·F~~ile</ocil:title>	2189	··········<ocil:title>Only·use·approved·container·registries</ocil:title>
2196	··········<ocil:actions>	2190	··········<ocil:actions>
2197	············<ocil:test_action_ref>ocil:ssg-f~~ile_~~owner_worke~~r_kubeconfig~~_action:testaction:1</ocil:test_action_ref>	2191	············<ocil:test_action_ref>ocil:ssg-approved_registries_action:testaction:1</ocil:test_action_ref>
2198	··········</ocil:actions>	2192	··········</ocil:actions>
2199	········</ocil:questionnaire>	2193	········</ocil:questionnaire>
2200	········<ocil:questionnaire·id="ocil:ssg-file_owner_kubelet_conf_ocil:questionnaire:1">	2194	········<ocil:questionnaire·id="ocil:ssg-file_permissions_worker_kubeconfig_ocil:questionnaire:1">
2201	··········<ocil:title>Verify·User~~·Wh~~o~~·Owns~~·The·K~~ubel~~et·Co~~nfigurat~~ion·File</ocil:title>	2195	··········<ocil:title>Verify·Permissions·on·the·Worker·Kubeconfig·File</ocil:title>
2202	··········<ocil:actions>	2196	··········<ocil:actions>
		2197	············<ocil:test_action_ref>ocil:ssg-file_permissions_worker_kubeconfig_action:testaction:1</ocil:test_action_ref>
		2198	··········</ocil:actions>
		2199	········</ocil:questionnaire>
		2200	········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_server_cert_rotation_ocil:questionnaire:1">
		2201	··········<ocil:title>kubelet·-·Enable·Server·Certificate·Rotation</ocil:title>
		2202	··········<ocil:actions>
		2203	············<ocil:test_action_ref>ocil:ssg-kubelet_enable_server_cert_rotation_action:testaction:1</ocil:test_action_ref>
		2204	··········</ocil:actions>
		2205	········</ocil:questionnaire>
		2206	········<ocil:questionnaire·id="ocil:ssg-file_groupowner_kubelet_conf_ocil:questionnaire:1">
		2207	··········<ocil:title>Verify·Group·Who·Owns·The·Kubelet·Configuration·File</ocil:title>
		2208	··········<ocil:actions>
2203	············<ocil:test_action_ref>ocil:ssg-file_owner_kubelet_conf_action:testaction:1</ocil:test_action_ref>	2209	············<ocil:test_action_ref>ocil:ssg-file_groupowner_kubelet_conf_action:testaction:1</ocil:test_action_ref>
2204	··········</ocil:actions>	2210	··········</ocil:actions>
2205	········</ocil:questionnaire>	2211	········</ocil:questionnaire>
2206	········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_streaming_connections_ocil:questionnaire:1">	2212	········<ocil:questionnaire·id="ocil:ssg-kubelet_enable_streaming_connections_ocil:questionnaire:1">
2207	··········<ocil:title>kubelet·-·Do·Not·Disable·Streaming·Timeouts</ocil:title>	2213	··········<ocil:title>kubelet·-·Do·Not·Disable·Streaming·Timeouts</ocil:title>
2208	··········<ocil:actions>	2214	··········<ocil:actions>
2209	············<ocil:test_action_ref>ocil:ssg-kubelet_enable_streaming_connections_action:testaction:1</ocil:test_action_ref>	2215	············<ocil:test_action_ref>ocil:ssg-kubelet_enable_streaming_connections_action:testaction:1</ocil:test_action_ref>
2210	··········</ocil:actions>	2216	··········</ocil:actions>
2211	········</ocil:questionnaire>	2217	········</ocil:questionnaire>
2212	········<ocil:questionnaire·id="ocil:ssg-~~con~~trol_p~~lane_a~~c~~cess~~_ocil:questionnaire:1">	2218	········<ocil:questionnaire·id="ocil:ssg-kubelet_read_only_port_secured_ocil:questionnaire:1">
2213	··········<ocil:title>R~~estric~~t·~~Acce~~ss·to·the·~~Contr~~ol~~·Plane~~·~~Endpoint~~</ocil:title>	2219	··········<ocil:title>kubelet·-·Ensure·that·the·--read-only-port·is·secured</ocil:title>
2214	··········<ocil:actions>	2220	··········<ocil:actions>
2215	············<ocil:test_action_ref>ocil:ssg-~~con~~trol_p~~lane_a~~c~~cess~~_action:testaction:1</ocil:test_action_ref>	2221	············<ocil:test_action_ref>ocil:ssg-kubelet_read_only_port_secured_action:testaction:1</ocil:test_action_ref>
2216	··········</ocil:actions>	2222	··········</ocil:actions>
2217	········</ocil:questionnaire>	2223	········</ocil:questionnaire>
2218	········<ocil:questionnaire·id="ocil:ssg-iam_inte~~grati~~on_ocil:questionnaire:1">	2224	········<ocil:questionnaire·id="ocil:ssg-file_permissions_kubelet_conf_ocil:questionnaire:1">
2219	··········<ocil:title>Manage·Users·wi~~th·AWS~~·~~IAM~~</ocil:title>	2225	··········<ocil:title>Verify·Permissions·on·The·Kubelet·Configuration·File</ocil:title>
2220	··········<ocil:actions>	2226	··········<ocil:actions>
2221	············<ocil:test_action_ref>ocil:ssg-iam_inte~~grati~~on_action:testaction:1</ocil:test_action_ref>	2227	············<ocil:test_action_ref>ocil:ssg-file_permissions_kubelet_conf_action:testaction:1</ocil:test_action_ref>
2222	··········</ocil:actions>	2228	··········</ocil:actions>
2223	········</ocil:questionnaire>	2229	········</ocil:questionnaire>
2224	········<ocil:questionnaire·id="ocil:ssg-~~file_permiss~~ion~~s_wo~~rker_~~kubeconfig~~_ocil:questionnaire:1">	2230	········<ocil:questionnaire·id="ocil:ssg-configure_tls_ocil:questionnaire:1">
2225	··········<ocil:title>Ver~~ify~~·Per~~missions~~·~~on·the·Work~~er·~~Kubec~~onf~~ig·File~~</ocil:title>	2231	··········<ocil:title>Encrypt·Traffic·to·Load·Balancers·and·Workloads</ocil:title>
2226	··········<ocil:actions>	2232	··········<ocil:actions>
2227	············<ocil:test_action_ref>ocil:ssg-~~file_permiss~~ion~~s_wo~~rker_~~kubeconfig~~_action:testaction:1</ocil:test_action_ref>	2233	············<ocil:test_action_ref>ocil:ssg-configure_tls_action:testaction:1</ocil:test_action_ref>
2228	··········</ocil:actions>	2234	··········</ocil:actions>
2229	········</ocil:questionnaire>	2235	········</ocil:questionnaire>
2230	········<ocil:questionnaire·id="ocil:ssg-~~kubelet_e~~na~~ble_protect_ke~~r~~nel_de~~faults_ocil:questionnaire:1">	2236	········<ocil:questionnaire·id="ocil:ssg-fargate_ocil:questionnaire:1">
2231	··········<ocil:title>~~kubel~~et·~~-·En~~able·Pro~~tect·Kern~~el·~~Default~~s</ocil:title>	2237	··········<ocil:title>Consider·Fargate·for·Untrusted·Workloads</ocil:title>
2232	··········<ocil:actions>	2238	··········<ocil:actions>
Max diff block lines reached; 67983/79679 bytes (85.32%) of diff not shown.


Offset 3, 321 lines modified		Offset 3, 321 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-kubelet_configure_client_ca_ocil:questionnaire:1">
11	······<ocil:title>kubelet·-·Configure·the·Client·CA·Certificate</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-kubelet_configure_client_ca_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-configure_network_policy_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-configure_network_policy_ocil:questionnaire:1">
17	······<ocil:title>Ensure·Network·Policy·is·Enabled</ocil:title>	11	······<ocil:title>Ensure·Network·Policy·is·Enabled</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-configure_network_policy_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-configure_network_policy_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-file_owner_worker_kubeconfig_ocil:questionnaire:1">
23	······<ocil:title~~>Verify·User·Wh~~o~~·Own~~s·~~The·Wo~~rk~~er·Kub~~e~~con~~fi~~g·F~~ile</ocil:title>	16	····<ocil:questionnaire·id="ocil:ssg-approved_registries_ocil:questionnaire:1">
		17	······<ocil:title>Only·use·approved·container·registries</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-f~~ile_~~owner_worke~~r_kubeconfig~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-approved_registries_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-file_owner_kubelet_conf_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-file_permissions_worker_kubeconfig_ocil:questionnaire:1">
29	······<ocil:title>Verify·User~~·Wh~~o~~·Owns~~·The·K~~ubel~~et·Co~~nfigurat~~ion·File</ocil:title>	23	······<ocil:title>Verify·Permissions·on·the·Worker·Kubeconfig·File</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
		25	········<ocil:test_action_ref>ocil:ssg-file_permissions_worker_kubeconfig_action:testaction:1</ocil:test_action_ref>
		26	······</ocil:actions>
		27	····</ocil:questionnaire>
		28	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_server_cert_rotation_ocil:questionnaire:1">
		29	······<ocil:title>kubelet·-·Enable·Server·Certificate·Rotation</ocil:title>
		30	······<ocil:actions>
		31	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_server_cert_rotation_action:testaction:1</ocil:test_action_ref>
		32	······</ocil:actions>
		33	····</ocil:questionnaire>
		34	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_kubelet_conf_ocil:questionnaire:1">
		35	······<ocil:title>Verify·Group·Who·Owns·The·Kubelet·Configuration·File</ocil:title>
		36	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-file_owner_kubelet_conf_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-file_groupowner_kubelet_conf_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	38	······</ocil:actions>
33	····</ocil:questionnaire>	39	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_streaming_connections_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_streaming_connections_ocil:questionnaire:1">
35	······<ocil:title>kubelet·-·Do·Not·Disable·Streaming·Timeouts</ocil:title>	41	······<ocil:title>kubelet·-·Do·Not·Disable·Streaming·Timeouts</ocil:title>
36	······<ocil:actions>	42	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_streaming_connections_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_streaming_connections_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	44	······</ocil:actions>
39	····</ocil:questionnaire>	45	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-~~con~~trol_p~~lane_a~~c~~cess~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-kubelet_read_only_port_secured_ocil:questionnaire:1">
41	······<ocil:title>R~~estric~~t·~~Acce~~ss·to·the·~~Contr~~ol~~·Plane~~·~~Endpoint~~</ocil:title>	47	······<ocil:title>kubelet·-·Ensure·that·the·--read-only-port·is·secured</ocil:title>
42	······<ocil:actions>	48	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~con~~trol_p~~lane_a~~c~~cess~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-kubelet_read_only_port_secured_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	50	······</ocil:actions>
45	····</ocil:questionnaire>	51	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-iam_inte~~grati~~on_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-file_permissions_kubelet_conf_ocil:questionnaire:1">
47	······<ocil:title>Manage·Users·wi~~th·AWS~~·~~IAM~~</ocil:title>	53	······<ocil:title>Verify·Permissions·on·The·Kubelet·Configuration·File</ocil:title>
48	······<ocil:actions>	54	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-iam_inte~~grati~~on_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-file_permissions_kubelet_conf_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	56	······</ocil:actions>
51	····</ocil:questionnaire>	57	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-~~file_permiss~~ion~~s_wo~~rker_~~kubeconfig~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-configure_tls_ocil:questionnaire:1">
53	······<ocil:title>Ver~~ify~~·Per~~missions~~·~~on·the·Work~~er·~~Kubec~~onf~~ig·File~~</ocil:title>	59	······<ocil:title>Encrypt·Traffic·to·Load·Balancers·and·Workloads</ocil:title>
54	······<ocil:actions>	60	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~file_permiss~~ion~~s_wo~~rker_~~kubeconfig~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-configure_tls_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	62	······</ocil:actions>
57	····</ocil:questionnaire>	63	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-~~kubelet_e~~na~~ble_protect_ke~~r~~nel_de~~faults_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-fargate_ocil:questionnaire:1">
59	······<ocil:title>~~kubel~~et·~~-·En~~able·Pro~~tect·Kern~~el·~~Default~~s</ocil:title>	65	······<ocil:title>Consider·Fargate·for·Untrusted·Workloads</ocil:title>
60	······<ocil:actions>	66	······<ocil:actions>
		67	········<ocil:test_action_ref>ocil:ssg-fargate_action:testaction:1</ocil:test_action_ref>
		68	······</ocil:actions>
		69	····</ocil:questionnaire>
		70	····<ocil:questionnaire·id="ocil:ssg-kubelet_anonymous_auth_ocil:questionnaire:1">
		71	······<ocil:title>Disable·Anonymous·Authentication·to·the·Kubelet</ocil:title>
		72	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-kubelet_ena~~ble_p~~ro~~tect_ker~~n~~el_def~~aults_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-kubelet_anonymous_auth_action:testaction:1</ocil:test_action_ref>
		74	······</ocil:actions>
		75	····</ocil:questionnaire>
		76	····<ocil:questionnaire·id="ocil:ssg-control_plane_access_ocil:questionnaire:1">
		77	······<ocil:title>Restrict·Access·to·the·Control·Plane·Endpoint</ocil:title>
		78	······<ocil:actions>
		79	········<ocil:test_action_ref>ocil:ssg-control_plane_access_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	80	······</ocil:actions>
63	····</ocil:questionnaire>	81	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_streaming_connections_deprecated_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_streaming_connections_deprecated_ocil:questionnaire:1">
65	······<ocil:title>kubelet·-·Do·Not·Disable·Streaming·Timeouts</ocil:title>	83	······<ocil:title>kubelet·-·Do·Not·Disable·Streaming·Timeouts</ocil:title>
66	······<ocil:actions>	84	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_streaming_connections_deprecated_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_streaming_connections_deprecated_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	86	······</ocil:actions>
69	····</ocil:questionnaire>	87	····</ocil:questionnaire>
		88	····<ocil:questionnaire·id="ocil:ssg-kubelet_configure_client_ca_ocil:questionnaire:1">
		89	······<ocil:title>kubelet·-·Configure·the·Client·CA·Certificate</ocil:title>
		90	······<ocil:actions>
		91	········<ocil:test_action_ref>ocil:ssg-kubelet_configure_client_ca_action:testaction:1</ocil:test_action_ref>
		92	······</ocil:actions>
		93	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-audit_logging_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-audit_logging_ocil:questionnaire:1">
71	······<ocil:title>Ensure·Audit·Logging·is·Enabled</ocil:title>	95	······<ocil:title>Ensure·Audit·Logging·is·Enabled</ocil:title>
72	······<ocil:actions>	96	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-audit_logging_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-audit_logging_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	98	······</ocil:actions>
75	····</ocil:questionnaire>	99	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-con~~figu~~re_tls_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-kubelet_enable_cert_rotation_ocil:questionnaire:1">
77	······<ocil:title>~~Encryp~~t~~·Traffic~~·to·Loa~~d·Balancers·~~and·Wor~~kloads~~</ocil:title>	101	······<ocil:title>kubelet·-·Enable·Certificate·Rotation</ocil:title>
78	······<ocil:actions>	102	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-con~~figu~~re_tls_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-kubelet_enable_cert_rotation_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	104	······</ocil:actions>
81	····</ocil:questionnaire>	105	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-kubelet_~~authorization~~_mode_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-file_owner_kubelet_conf_ocil:questionnaire:1">
83	······<ocil:title>~~Ensure~~·~~aut~~ho~~rization~~·~~is·s~~et·to~~·Webh~~ook</ocil:title>	107	······<ocil:title>Verify·User·Who·Owns·The·Kubelet·Configuration·File</ocil:title>
84	······<ocil:actions>	108	······<ocil:actions>
		109	········<ocil:test_action_ref>ocil:ssg-file_owner_kubelet_conf_action:testaction:1</ocil:test_action_ref>
		110	······</ocil:actions>
		111	····</ocil:questionnaire>
		112	····<ocil:questionnaire·id="ocil:ssg-endpoint_configuration_ocil:questionnaire:1">
		113	······<ocil:title>Ensure·Private·Endpoint·Access</ocil:title>
		114	······<ocil:actions>
		115	········<ocil:test_action_ref>ocil:ssg-endpoint_configuration_action:testaction:1</ocil:test_action_ref>
		116	······</ocil:actions>
		117	····</ocil:questionnaire>
		118	····<ocil:questionnaire·id="ocil:ssg-private_nodes_ocil:questionnaire:1">
		119	······<ocil:title>Ensure·Cluster·Private·Nodes</ocil:title>
		120	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~kubelet_auth~~orization_mode_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-private_nodes_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	122	······</ocil:actions>
Max diff block lines reached; 61525/70903 bytes (86.77%) of diff not shown.


Offset 3, 295 lines modified		Offset 3, 295 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-~~autop~~l~~ay_vid~~eo_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-disable_pocket_ocil:questionnaire:1">
		11	······<ocil:title>Disable·Firefox·Pocket</ocil:title>
11	······<ocil:title>Firefox·autoplay·must·be·disabled.</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-firefox_policy-autoplay_video_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1">
17	······<ocil:title>Enable·Shared·System·Certificates</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-firefox_p~~referen~~c~~es-en~~able_ca~~_trus~~t_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-firefox_policy-disable_pocket_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-firefox_p~~oli~~cy-~~verific~~ation_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-firefox_preferences-auto-download_actions_ocil:questionnaire:1">
23	······<ocil:title>Enable·~~Certific~~ate·Veri~~fica~~t~~ion~~</ocil:title>	17	······<ocil:title>Disable·auto-download·for·proscribed·MIME·types.</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-firefox_p~~oli~~cy-~~verific~~ation_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-firefox_preferences-auto-download_actions_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-p~~rivate_br~~ows~~ing~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-pop-up_windows_ocil:questionnaire:1">
29	······<ocil:title>F~~irefox~~·private·bro~~wsin~~g·m~~ust·be~~·d~~isabl~~ed.</ocil:title>	23	······<ocil:title>Enable·Firefox·Pop-up·Blocker</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-firefox_policy-p~~rivate_br~~ows~~ing~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-firefox_policy-pop-up_windows_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_resizing_ocil:questionnaire:1">
35	······<ocil:~~title>Dis~~able·~~JavaS~~cript's·~~Mov~~ing~~·Or·R~~e~~siz~~i~~ng·Window~~s~~·Capabili~~t~~y</~~ocil:title>	28	····<ocil:questionnaire·id="ocil:ssg-installed_firefox_version_supported_ocil:questionnaire:1">
		29	······<ocil:title>Supported·Version·of·Firefox·Installed</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~firefox_pol~~i~~cy-javascr~~ipt_~~wind~~ow_r~~esizing~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-installed_firefox_version_supported_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-~~extens~~ion_~~recommend~~a~~tion~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_changes_ocil:questionnaire:1">
41	······<ocil:title>Disable~~d·Fi~~r~~efox~~·~~Ext~~e~~nsi~~on·~~Rec~~o~~mmend~~ati~~ons~~</ocil:title>	35	······<ocil:title>Disable·JavaScript's·Raise·Or·Lower·Windows·Capability</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-firefox_policy-~~extens~~ion_~~recommend~~a~~tion~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_changes_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-search_suggestion_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-search_suggestion_ocil:questionnaire:1">
47	······<ocil:title>Firefox·search·suggestions·must·be·disabled.</ocil:title>	41	······<ocil:title>Firefox·search·suggestions·must·be·disabled.</ocil:title>
48	······<ocil:actions>	42	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-firefox_policy-search_suggestion_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-firefox_policy-search_suggestion_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	44	······</ocil:actions>
51	····</ocil:questionnaire>	45	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-sear~~ch_update~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-verification_ocil:questionnaire:1">
		47	······<ocil:title>Enable·Certificate·Verification</ocil:title>
53	······<ocil:title>Disable·Installed·Search·Plugins·Update·Checking</ocil:title>
54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-firefox_policy-search_update_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>
57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-fingerprinting_protection_ocil:questionnaire:1">
59	······<ocil:title>Enabled·Firefox·Fingerprinting·Protection</ocil:title>
60	······<ocil:actions>	48	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-firefox_policy-~~fin~~gerprinti~~ng_prot~~ection_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-firefox_policy-verification_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	50	······</ocil:actions>
63	····</ocil:questionnaire>	51	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_~~changes~~_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-javascript_window_resizing_ocil:questionnaire:1">
65	······<ocil:title>Disable·JavaScript's·Raise·Or·~~Lower~~·Windows·Capability</ocil:title>	53	······<ocil:title>Disable·JavaScript's·Moving·Or·Resizing·Windows·Capability</ocil:title>
66	······<ocil:actions>	54	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_~~changes~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-firefox_policy-javascript_window_resizing_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	56	······</ocil:actions>
69	····</ocil:questionnaire>	57	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-forget~~_button~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-cryptomining_ocil:questionnaire:1">
71	······<ocil:title>~~Firefox~~·~~must~~·preve~~nt·the~~·user~~·fr~~om~~·qu~~i~~ckly~~·d~~ele~~t~~ing·data.~~</ocil:title>	59	······<ocil:title>Enabled·Firefox·Cryptomining·protection</ocil:title>
72	······<ocil:actions>	60	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-firefox_policy-forget~~_button~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-firefox_policy-cryptomining_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	62	······</ocil:actions>
75	····</ocil:questionnaire>	63	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-firefox_p~~refere~~nce~~s-auto-downl~~oad_actions_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-fingerprinting_protection_ocil:questionnaire:1">
77	······<ocil:title>Disable~~·auto-d~~own~~load·fo~~r·pro~~scr~~ibed·M~~IME·types.~~</ocil:title>	65	······<ocil:title>Enabled·Firefox·Fingerprinting·Protection</ocil:title>
78	······<ocil:actions>	66	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-firefox_p~~refere~~nce~~s-auto-downl~~oad_actions_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-firefox_policy-fingerprinting_protection_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	68	······</ocil:actions>
81	····</ocil:questionnaire>	69	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-firefox_p~~oli~~cy-po~~p-up~~_win~~dows~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-firefox_preferences-dod_root_certificate_installed_ocil:questionnaire:1">
83	······<ocil:title>~~Enable~~·~~Firefox·Pop-up·Blocker~~</ocil:title>	71	······<ocil:title>The·DoD·Root·Certificate·Exists</ocil:title>
84	······<ocil:actions>	72	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-firefox_p~~oli~~cy-po~~p-up~~_win~~dows~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-firefox_preferences-dod_root_certificate_installed_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	74	······</ocil:actions>
87	····</ocil:questionnaire>	75	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-crypt~~omin~~ing_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-private_browsing_ocil:questionnaire:1">
89	······<ocil:title>~~Enabled·~~Firefox·Crypt~~omin~~ing·~~pro~~tection</ocil:title>	77	······<ocil:title>Firefox·private·browsing·must·be·disabled.</ocil:title>
90	······<ocil:actions>	78	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-firefox_policy-crypt~~omin~~ing_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-firefox_policy-private_browsing_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	80	······</ocil:actions>
93	····</ocil:questionnaire>	81	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-development_tools_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-development_tools_ocil:questionnaire:1">
95	······<ocil:title>Disable·Firefox·Development·Tools</ocil:title>	83	······<ocil:title>Disable·Firefox·Development·Tools</ocil:title>
96	······<ocil:actions>	84	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-firefox_policy-development_tools_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-firefox_policy-development_tools_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	86	······</ocil:actions>
99	····</ocil:questionnaire>	87	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-enhanced_~~tra~~cking_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-content_blocker_ocil:questionnaire:1">
101	······<ocil:title>En~~abl~~ed·~~Firef~~o~~x·E~~n~~han~~ced·~~Tra~~cking·~~Pro~~te~~ction~~</ocil:title>	89	······<ocil:title>Ensure·the·Content·Blocker·uBlock·Origin·is·Installed</ocil:title>
102	······<ocil:actions>	90	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-firefox_policy-enhanced_~~tra~~cking_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-firefox_policy-content_blocker_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	92	······</ocil:actions>
105	····</ocil:questionnaire>	93	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-firefox_p~~olicy-disabl~~e_depreca~~ted~~_c~~ipher~~s_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1">
107	······<ocil:title>Disable·Firefox·~~depr~~e~~cat~~e~~d·c~~i~~pher~~s</ocil:title>	95	······<ocil:title>Enable·Shared·System·Certificates</ocil:title>
108	······<ocil:actions>	96	······<ocil:actions>
		97	········<ocil:test_action_ref>ocil:ssg-firefox_preferences-enable_ca_trust_action:testaction:1</ocil:test_action_ref>
		98	······</ocil:actions>
		99	····</ocil:questionnaire>
		100	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-network_prediction_ocil:questionnaire:1">
		101	······<ocil:title>Disable·Firefox·network·prediction</ocil:title>
		102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-firefox_policy-~~disable~~_depr~~ecat~~ed_ci~~phers~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-firefox_policy-network_prediction_action:testaction:1</ocil:test_action_ref>
		104	······</ocil:actions>
		105	····</ocil:questionnaire>
		106	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-autoplay_video_ocil:questionnaire:1">
		107	······<ocil:title>Firefox·autoplay·must·be·disabled.</ocil:title>
		108	······<ocil:actions>
		109	········<ocil:test_action_ref>ocil:ssg-firefox_policy-autoplay_video_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-extension_update_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-firefox_policy-extension_update_ocil:questionnaire:1">
113	······<ocil:title>Firefox·must·be·configured·to·not·automatically·update·installed·add-ons·and·plugins.</ocil:title>	113	······<ocil:title>Firefox·must·be·configured·to·not·automatically·update·installed·add-ons·and·plugins.</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
Max diff block lines reached; 38371/49637 bytes (77.30%) of diff not shown.


Offset 21, 23 lines modified		Offset 21, 23 lines modified
21	····<ds:checks>	21	····<ds:checks>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-oval.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-oval.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-ocil.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-ocil.xml"/>
24	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-cpe-oval.xml"/>	24	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1604-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1604-cpe-oval.xml"/>
25	······<ds:component-ref·id="scap_org.open-scap_cref_oval-com.ubuntu.xenial.usn.oval.xml.bz2"·xlink:href="https://security-metadata.canonical.com/oval/com.ubuntu.xenial.usn.oval.xml.bz2"/>	25	······<ds:component-ref·id="scap_org.open-scap_cref_oval-com.ubuntu.xenial.usn.oval.xml.bz2"·xlink:href="https://security-metadata.canonical.com/oval/com.ubuntu.xenial.usn.oval.xml.bz2"/>
26	····</ds:checks>	26	····</ds:checks>
27	··</ds:data-stream>	27	··</ds:data-stream>
28	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	28	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
29	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	29	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
30	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~">	30	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~">
31	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·16.04·(Xenial)</cpe-dict:title>	31	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·16.04·(Xenial)</cpe-dict:title>
32	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1604-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1604:def:1</cpe-dict:check>	32	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1604-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1604:def:1</cpe-dict:check>
33	······</cpe-dict:cpe-item>	33	······</cpe-dict:cpe-item>
34	····</cpe-dict:cpe-list>	34	····</cpe-dict:cpe-list>
35	··</ds:component>	35	··</ds:component>
36	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-xccdf.xml"·timestamp="2025-02-28T20:08:00">	36	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-xccdf.xml"·timestamp="2025-03-01T22:08:00">
37	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-XENIAL"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	37	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-XENIAL"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
38	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	38	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
39	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·16.04</xccdf-1.2:title>	39	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·16.04</xccdf-1.2:title>
40	······<xccdf-1.2:description>	40	······<xccdf-1.2:description>
41	········This·guide·presents·a·catalog·of·security-relevant	41	········This·guide·presents·a·catalog·of·security-relevant
42	configuration·settings·for·Ubuntu·16.04.·It·is·a·rendering·of	42	configuration·settings·for·Ubuntu·16.04.·It·is·a·rendering·of
43	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	43	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 63230, 15 lines modified		Offset 63230, 15 lines modified
63230	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu1604-ocil.xml"·name="ocil:ssg-auditd_write_logs_ocil:questionnaire:1"/>	63230	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu1604-ocil.xml"·name="ocil:ssg-auditd_write_logs_ocil:questionnaire:1"/>
63231	············</xccdf-1.2:check>	63231	············</xccdf-1.2:check>
63232	··········</xccdf-1.2:Rule>	63232	··········</xccdf-1.2:Rule>
63233	········</xccdf-1.2:Group>	63233	········</xccdf-1.2:Group>
63234	······</xccdf-1.2:Group>	63234	······</xccdf-1.2:Group>
63235	····</xccdf-1.2:Benchmark>	63235	····</xccdf-1.2:Benchmark>
63236	··</ds:component>	63236	··</ds:component>
63237	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-oval.xml"·timestamp="2025-02-28T20:08:00">	63237	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-oval.xml"·timestamp="2025-03-01T22:08:00">
63238	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	63238	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
63239	······<oval-def:generator>	63239	······<oval-def:generator>
63240	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	63240	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
63241	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.4</oval:product_version>	63241	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.4</oval:product_version>
63242	········<oval:schema_version>5.11</oval:schema_version>	63242	········<oval:schema_version>5.11</oval:schema_version>
63243	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	63243	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>
63244	······</oval-def:generator>	63244	······</oval-def:generator>
Offset 79818, 4346 lines modified		Offset 79818, 4346 lines modified
79818	············</oval-def:arithmetic>	79818	············</oval-def:arithmetic>
79819	············<oval-def:variable_component·var_ref="oval:ssg-var_third_digit_of_umask_from_var_accounts_user_umask:var:1"/>	79819	············<oval-def:variable_component·var_ref="oval:ssg-var_third_digit_of_umask_from_var_accounts_user_umask:var:1"/>
79820	··········</oval-def:arithmetic>	79820	··········</oval-def:arithmetic>
79821	········</oval-def:local_variable>	79821	········</oval-def:local_variable>
79822	······</oval-def:variables>	79822	······</oval-def:variables>
79823	····</oval-def:oval_definitions>	79823	····</oval-def:oval_definitions>
79824	··</ds:component>	79824	··</ds:component>
79825	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-ocil.xml"·timestamp="2025-02-28T20:08:00">	79825	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-ocil.xml"·timestamp="2025-03-01T22:08:00">
79826	····<ocil:ocil>	79826	····<ocil:ocil>
79827	······<ocil:generator>	79827	······<ocil:generator>
79828	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	79828	········<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
79829	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>	79829	········<ocil:product_version>ssg:·0.1.76</ocil:product_version>
79830	········<ocil:schema_version>2.0</ocil:schema_version>	79830	········<ocil:schema_version>2.0</ocil:schema_version>
79831	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	79831	········<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
79832	······</ocil:generator>	79832	······</ocil:generator>
79833	······<ocil:questionnaires>	79833	······<ocil:questionnaires>
79834	········<ocil:questionnaire·id="ocil:ssg-accounts_minimum_age_login_defs_ocil:questionnaire:1">
79835	··········<ocil:title>Set·Password·Minimum·Age</ocil:title>
79836	··········<ocil:actions>
79837	············<ocil:test_action_ref>ocil:ssg-accounts_minimum_age_login_defs_action:testaction:1</ocil:test_action_ref>
79838	··········</ocil:actions>
79839	········</ocil:questionnaire>
79840	········<ocil:questionnaire·id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
79841	··········<ocil:title>Disable·PubkeyAuthentication·Authentication</ocil:title>
79842	··········<ocil:actions>
79843	············<ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
79844	··········</ocil:actions>
79845	········</ocil:questionnaire>
79846	········<ocil:questionnaire·id="ocil:ssg-audit_rules_time_watch_localtime_ocil:questionnaire:1">
79847	··········<ocil:title>Record·Attempts·to·Alter·the·localtime·File</ocil:title>
79848	··········<ocil:actions>
79849	············<ocil:test_action_ref>ocil:ssg-audit_rules_time_watch_localtime_action:testaction:1</ocil:test_action_ref>
79850	··········</ocil:actions>
79851	········</ocil:questionnaire>
79852	········<ocil:questionnaire·id="ocil:ssg-kernel_config_~~ipv6~~_ocil:questionnaire:1">	79834	········<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_ocil:questionnaire:1">
79853	··········<ocil:title>Disable·the·~~IPv6~~·pr~~oto~~col</ocil:title>	79835	··········<ocil:title>Enable·module·signature·verification</ocil:title>
79854	··········<ocil:actions>	79836	··········<ocil:actions>
79855	············<ocil:test_action_ref>ocil:ssg-kernel_config_~~ipv6~~_action:testaction:1</ocil:test_action_ref>	79837	············<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_action:testaction:1</ocil:test_action_ref>
79856	··········</ocil:actions>	79838	··········</ocil:actions>
79857	········</ocil:questionnaire>	79839	········</ocil:questionnaire>
79858	········<ocil:questionnaire·id="ocil:ssg-k~~ern~~el_~~confi~~g_r~~and~~o~~mize~~_~~memory~~_ocil:questionnaire:1">	79840	········<ocil:questionnaire·id="ocil:ssg-file_groupowner_var_log_ocil:questionnaire:1">
79859	··········<ocil:title>~~Randomize~~·the·~~kernel·mem~~o~~ry·s~~ections</ocil:title>	79841	··········<ocil:title>Verify·Group·Who·Owns·/var/log·Directory</ocil:title>
79860	··········<ocil:actions>	79842	··········<ocil:actions>
79861	············<ocil:test_action_ref>ocil:ssg-k~~ern~~el_~~confi~~g_r~~and~~o~~mize~~_~~memory~~_action:testaction:1</ocil:test_action_ref>	79843	············<ocil:test_action_ref>ocil:ssg-file_groupowner_var_log_action:testaction:1</ocil:test_action_ref>
79862	··········</ocil:actions>	79844	··········</ocil:actions>
79863	········</ocil:questionnaire>	79845	········</ocil:questionnaire>
79864	········<ocil:questionnaire·id="ocil:ssg-kern~~el_c~~on~~fig~~_mo~~dule~~_sig_ocil:questionnaire:1">	79846	········<ocil:questionnaire·id="ocil:ssg-partition_for_var_log_ocil:questionnaire:1">
79865	··········<ocil:title>En~~abl~~e·~~modu~~l~~e·sign~~at~~ure~~·ver~~ific~~ation</ocil:title>	79847	··········<ocil:title>Ensure·/var/log·Located·On·Separate·Partition</ocil:title>
79866	··········<ocil:actions>	79848	··········<ocil:actions>
79867	············<ocil:test_action_ref>ocil:ssg-kern~~el_c~~on~~fig~~_mo~~dule~~_sig_action:testaction:1</ocil:test_action_ref>	79849	············<ocil:test_action_ref>ocil:ssg-partition_for_var_log_action:testaction:1</ocil:test_action_ref>
79868	··········</ocil:actions>	79850	··········</ocil:actions>
79869	········</ocil:questionnaire>	79851	········</ocil:questionnaire>
79870	········<ocil:questionnaire·id="ocil:ssg-~~sshd~~_~~disable_kerb~~_~~auth~~_ocil:questionnaire:1">	79852	········<ocil:questionnaire·id="ocil:ssg-kernel_config_binfmt_misc_ocil:questionnaire:1">
79871	··········<ocil:title>Disable·Kerberos·~~Authent~~ication</ocil:title>	79853	··········<ocil:title>Disable·kernel·support·for·MISC·binaries</ocil:title>
79872	··········<ocil:actions>	79854	··········<ocil:actions>
79873	············<ocil:test_action_ref>ocil:ssg-~~sshd~~_~~disable_kerb~~_~~auth~~_action:testaction:1</ocil:test_action_ref>	79855	············<ocil:test_action_ref>ocil:ssg-kernel_config_binfmt_misc_action:testaction:1</ocil:test_action_ref>
79874	··········</ocil:actions>	79856	··········</ocil:actions>
79875	········</ocil:questionnaire>	79857	········</ocil:questionnaire>
79876	········<ocil:questionnaire·id="ocil:ssg-s~~shd_enab~~le~~_st~~r~~ictmod~~es_ocil:questionnaire:1">	79858	········<ocil:questionnaire·id="ocil:ssg-rsyslog_files_groupownership_ocil:questionnaire:1">
79877	··········<ocil:title>En~~abl~~e·Use·of·~~Strict~~·Mo~~de·Ch~~e~~cking~~</ocil:title>	79859	··········<ocil:title>Ensure·Log·Files·Are·Owned·By·Appropriate·Group</ocil:title>
79878	··········<ocil:actions>	79860	··········<ocil:actions>
79879	············<ocil:test_action_ref>ocil:ssg-s~~shd_enab~~le~~_st~~r~~ictmod~~es_action:testaction:1</ocil:test_action_ref>	79861	············<ocil:test_action_ref>ocil:ssg-rsyslog_files_groupownership_action:testaction:1</ocil:test_action_ref>
79880	··········</ocil:actions>	79862	··········</ocil:actions>
79881	········</ocil:questionnaire>	79863	········</ocil:questionnaire>
79882	········<ocil:questionnaire·id="ocil:ssg-package_openssh-server_installed_ocil:questionnaire:1">	79864	········<ocil:questionnaire·id="ocil:ssg-package_openssh-server_installed_ocil:questionnaire:1">
79883	··········<ocil:title>Install·the·OpenSSH·Server·Package</ocil:title>	79865	··········<ocil:title>Install·the·OpenSSH·Server·Package</ocil:title>
79884	··········<ocil:actions>	79866	··········<ocil:actions>
79885	············<ocil:test_action_ref>ocil:ssg-package_openssh-server_installed_action:testaction:1</ocil:test_action_ref>	79867	············<ocil:test_action_ref>ocil:ssg-package_openssh-server_installed_action:testaction:1</ocil:test_action_ref>
79886	··········</ocil:actions>	79868	··········</ocil:actions>
79887	········</ocil:questionnaire>	79869	········</ocil:questionnaire>
79888	········<ocil:questionnaire·id="ocil:ssg-a~~cco~~u~~nts_no_ui~~d_~~except~~_zero_ocil:questionnaire:1">	79870	········<ocil:questionnaire·id="ocil:ssg-auditd_freq_ocil:questionnaire:1">
		79871	··········<ocil:title>Set·number·of·records·to·cause·an·explicit·flush·to·audit·logs</ocil:title>
79889	··········<ocil:title>Verify·Only·Root·Has·UID·0</ocil:title>
79890	··········<ocil:actions>
79891	············<ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
79892	··········</ocil:actions>
79893	········</ocil:questionnaire>
79894	········<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_setxattr_ocil:questionnaire:1">
79895	··········<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·setxattr</ocil:title>
79896	··········<ocil:actions>	79872	··········<ocil:actions>
79897	············<ocil:test_action_ref>ocil:ssg-audit~~_rules_~~dac_~~modi~~f~~ication_~~se~~txatt~~r_action:testaction:1</ocil:test_action_ref>	79873	············<ocil:test_action_ref>ocil:ssg-auditd_freq_action:testaction:1</ocil:test_action_ref>
79898	··········</ocil:actions>	79874	··········</ocil:actions>
79899	········</ocil:questionnaire>	79875	········</ocil:questionnaire>
79900	········<ocil:questionnaire·id="ocil:ssg-no_empty_pas~~swords~~_ocil:questionnaire:1">	79876	········<ocil:questionnaire·id="ocil:ssg-sshd_do_not_permit_user_env_ocil:questionnaire:1">
79901	··········<ocil:title>~~Preve~~nt·Lo~~gin·~~to·Acco~~unts~~·~~With·E~~m~~pty~~·P~~assw~~ord</ocil:title>	79877	··········<ocil:title>Do·Not·Allow·SSH·Environment·Options</ocil:title>
79902	··········<ocil:actions>	79878	··········<ocil:actions>
79903	············<ocil:test_action_ref>ocil:ssg-no_empty_pas~~swords~~_action:testaction:1</ocil:test_action_ref>	79879	············<ocil:test_action_ref>ocil:ssg-sshd_do_not_permit_user_env_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 701676/712562 bytes (98.47%) of diff not shown.


Offset 3, 4337 lines modified		Offset 3, 4337 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-accounts_minimum_age_login_defs_ocil:questionnaire:1">
11	······<ocil:title>Set·Password·Minimum·Age</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-accounts_minimum_age_login_defs_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
17	······<ocil:title>Disable·PubkeyAuthentication·Authentication</ocil:title>
18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>
21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_watch_localtime_ocil:questionnaire:1">
23	······<ocil:title>Record·Attempts·to·Alter·the·localtime·File</ocil:title>
24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-audit_rules_time_watch_localtime_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>
27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-kernel_config_~~ipv6~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_ocil:questionnaire:1">
29	······<ocil:title>Disable·the·~~IPv6~~·pr~~oto~~col</ocil:title>	11	······<ocil:title>Enable·module·signature·verification</ocil:title>
30	······<ocil:actions>	12	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-kernel_config_~~ipv6~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	14	······</ocil:actions>
33	····</ocil:questionnaire>	15	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-k~~ern~~el_~~confi~~g_r~~and~~o~~mize~~_~~memory~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_var_log_ocil:questionnaire:1">
35	······<ocil:title>~~Randomize~~·the·~~kernel·mem~~o~~ry·s~~ections</ocil:title>	17	······<ocil:title>Verify·Group·Who·Owns·/var/log·Directory</ocil:title>
36	······<ocil:actions>	18	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-k~~ern~~el_~~confi~~g_r~~and~~o~~mize~~_~~memory~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-file_groupowner_var_log_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	20	······</ocil:actions>
39	····</ocil:questionnaire>	21	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-kern~~el_c~~on~~fig~~_mo~~dule~~_sig_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-partition_for_var_log_ocil:questionnaire:1">
41	······<ocil:title>En~~abl~~e·~~modu~~l~~e·sign~~at~~ure~~·ver~~ific~~ation</ocil:title>	23	······<ocil:title>Ensure·/var/log·Located·On·Separate·Partition</ocil:title>
42	······<ocil:actions>	24	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-kern~~el_c~~on~~fig~~_mo~~dule~~_sig_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-partition_for_var_log_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	26	······</ocil:actions>
45	····</ocil:questionnaire>	27	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-~~sshd~~_~~disable_kerb~~_~~auth~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-kernel_config_binfmt_misc_ocil:questionnaire:1">
47	······<ocil:title>Disable·Kerberos·~~Authent~~ication</ocil:title>	29	······<ocil:title>Disable·kernel·support·for·MISC·binaries</ocil:title>
48	······<ocil:actions>	30	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_~~disable_kerb~~_~~auth~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-kernel_config_binfmt_misc_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	32	······</ocil:actions>
51	····</ocil:questionnaire>	33	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-sshd_enable_strictmodes_ocil:questionnaire:1">
53	······<ocil:~~title>E~~nable·~~Use·~~o~~f·St~~ri~~ct·M~~o~~de·Ch~~ec~~king</~~ocil:title>	34	····<ocil:questionnaire·id="ocil:ssg-rsyslog_files_groupownership_ocil:questionnaire:1">
		35	······<ocil:title>Ensure·Log·Files·Are·Owned·By·Appropriate·Group</ocil:title>
54	······<ocil:actions>	36	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-s~~shd_enab~~le~~_st~~r~~ictmod~~es_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-rsyslog_files_groupownership_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	38	······</ocil:actions>
57	····</ocil:questionnaire>	39	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-package_openssh-server_installed_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-package_openssh-server_installed_ocil:questionnaire:1">
59	······<ocil:title>Install·the·OpenSSH·Server·Package</ocil:title>	41	······<ocil:title>Install·the·OpenSSH·Server·Package</ocil:title>
60	······<ocil:actions>	42	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-package_openssh-server_installed_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-package_openssh-server_installed_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	44	······</ocil:actions>
63	····</ocil:questionnaire>	45	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-a~~cco~~u~~nts_no_ui~~d_~~except~~_zero_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-auditd_freq_ocil:questionnaire:1">
		47	······<ocil:title>Set·number·of·records·to·cause·an·explicit·flush·to·audit·logs</ocil:title>
65	······<ocil:title>Verify·Only·Root·Has·UID·0</ocil:title>
66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>
69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_setxattr_ocil:questionnaire:1">
71	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·setxattr</ocil:title>
72	······<ocil:actions>	48	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-audit~~_rules_~~dac_~~modi~~f~~ication_~~se~~txatt~~r_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-auditd_freq_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	50	······</ocil:actions>
75	····</ocil:questionnaire>	51	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-no_empty_pas~~swords~~_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-sshd_do_not_permit_user_env_ocil:questionnaire:1">
77	······<ocil:title>~~Preve~~nt·Lo~~gin·~~to·Acco~~unts~~·~~With·E~~m~~pty~~·P~~assw~~ord</ocil:title>	53	······<ocil:title>Do·Not·Allow·SSH·Environment·Options</ocil:title>
78	······<ocil:actions>	54	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-no_empty_pas~~swords~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-sshd_do_not_permit_user_env_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	56	······</ocil:actions>
81	····</ocil:questionnaire>	57	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-~~servic~~e_c~~hro~~nyd_~~enabl~~ed_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-package_openldap-clients_removed_ocil:questionnaire:1">
83	······<ocil:title>The·~~Chronyd·serv~~i~~ce·is~~·enabled</ocil:title>	59	······<ocil:title>Ensure·LDAP·client·is·not·installed</ocil:title>
84	······<ocil:actions>	60	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~servic~~e_c~~hro~~nyd_~~enabl~~ed_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-package_openldap-clients_removed_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	62	······</ocil:actions>
87	····</ocil:questionnaire>	63	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-secur~~etty~~_~~roo~~t~~_logi~~n~~_co~~nsole~~_onl~~y_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-service_timesyncd_enabled_ocil:questionnaire:1">
89	······<ocil:title>Re~~strict~~·~~Vir~~t~~ual·Consol~~e~~·Root~~·~~Log~~ins</ocil:title>	65	······<ocil:title>Enable·systemd_timesyncd·Service</ocil:title>
90	······<ocil:actions>	66	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-secur~~etty~~_~~roo~~t~~_logi~~n~~_co~~nsole~~_onl~~y_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-service_timesyncd_enabled_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	68	······</ocil:actions>
93	····</ocil:questionnaire>	69	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-auditd_local_events_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_max_log_file_action_stig_ocil:questionnaire:1">
95	······<ocil:title>Include·~~Loc~~al~~·Ev~~ents·in·~~Aud~~it·Logs</ocil:title>	71	······<ocil:title>Configure·auditd·max_log_file_action·Upon·Reaching·Maximum·Log·Size</ocil:title>
96	······<ocil:actions>	72	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-auditd_local_events_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_max_log_file_action_stig_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	74	······</ocil:actions>
99	····</ocil:questionnaire>	75	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-~~fil~~e_own~~er_back~~up_e~~tc_~~gshadow_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_all_ocil:questionnaire:1">
101	······<ocil:title>~~Verify~~·Us~~er·Who·Own~~s·~~Backup~~·~~gsh~~a~~dow·Fi~~le</ocil:title>	77	······<ocil:title>Enable·automatic·signing·of·all·modules</ocil:title>
102	······<ocil:actions>	78	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~fil~~e_own~~er_back~~up_e~~tc_~~gshadow_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_all_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	80	······</ocil:actions>
105	····</ocil:questionnaire>	81	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-~~pac~~kage_openld~~ap-cl~~ients_~~removed~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-kernel_config_security_ocil:questionnaire:1">
107	······<ocil:title>En~~sur~~e·LD~~AP·cli~~ent·is·~~not·~~i~~nstall~~ed</ocil:title>	83	······<ocil:title>Enable·different·security·models</ocil:title>
108	······<ocil:actions>	84	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~pac~~kage_openld~~ap-cl~~ients_~~removed~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-kernel_config_security_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	86	······</ocil:actions>
111	····</ocil:questionnaire>	87	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-~~audit~~_~~rules~~_dac_mo~~dif~~i~~cat~~ion~~_chown~~_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-kernel_config_page_poisoning_zero_ocil:questionnaire:1">
113	······<ocil:title>~~Record~~·Events·t~~hat~~·Modi~~fy·the~~·System's·~~Discreti~~o~~nar~~y·Acce~~ss·Co~~n~~trols·~~-·~~chown~~</ocil:title>	89	······<ocil:title>Use·zero·for·poisoning·instead·of·debugging·value</ocil:title>
114	······<ocil:actions>	90	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~audit~~_~~rules~~_dac_mo~~dif~~i~~cat~~ion~~_chown~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-kernel_config_page_poisoning_zero_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	92	······</ocil:actions>
117	····</ocil:questionnaire>	93	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-a~~udit_r~~ules_~~dac_mod~~i~~fic~~atio~~n_lchown~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-accounts_polyinstantiated_tmp_ocil:questionnaire:1">
119	······<ocil:title>Reco~~rd·Eve~~nt~~s·that~~·Modify~~·the·~~Syst~~em's·D~~i~~scr~~etion~~ary~~·Ac~~cess~~·Contr~~ols·-·lchown~~</ocil:title>	95	······<ocil:title>Configure·Polyinstantiation·of·/tmp·Directories</ocil:title>
120	······<ocil:actions>	96	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-a~~udit_r~~ules_~~dac_mod~~i~~fic~~atio~~n_lchown~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-accounts_polyinstantiated_tmp_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	98	······</ocil:actions>
123	····</ocil:questionnaire>	99	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-file_pe~~rmiss~~i~~ons_var~~_log_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-kernel_config_debug_list_ocil:questionnaire:1">
125	······<ocil:title>~~Verify~~·P~~ermis~~sion~~s·o~~n~~·/var/log·D~~i~~rec~~t~~ory~~</ocil:title>	101	······<ocil:title>Enable·checks·on·linked·list·manipulation</ocil:title>
126	······<ocil:actions>	102	······<ocil:actions>
127	········<ocil:test_action_ref>ocil:ssg-file_pe~~rmiss~~i~~ons_var~~_log_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-kernel_config_debug_list_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 666295/677683 bytes (98.32%) of diff not shown.


Offset 3, 2949 lines modified		Offset 3, 2949 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-s~~shd~~_se~~t_l~~ogleve~~l_info~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-service_systemd-journald_enabled_ocil:questionnaire:1">
11	······<ocil:title>Set·Lo~~gLevel~~·~~to·INFO~~</ocil:title>	11	······<ocil:title>Enable·systemd-journald·Service</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-s~~shd~~_se~~t_l~~ogleve~~l_info~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-service_systemd-journald_enabled_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
17	······<ocil:t~~itle>C~~onf~~igu~~re·~~aud~~i~~td·ma~~il~~_acct·Action·~~on~~·Low·Disk·Space</~~ocil:title>	16	····<ocil:questionnaire·id="ocil:ssg-kernel_config_security_yama_ocil:questionnaire:1">
		17	······<ocil:title>Enable·Yama·support</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~auditd_data~~_retenti~~on_a~~ction_mail_a~~cct~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-kernel_config_security_yama_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-grub2_no~~sme~~p_~~argument~~_~~abs~~ent_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-mount_option_tmp_nodev_ocil:questionnaire:1">
23	······<ocil:title>~~Ensure·SMEP·is~~·not·d~~isabl~~ed·~~dur~~ing·boot</ocil:title>	23	······<ocil:title>Add·nodev·Option·to·/tmp</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-grub2_no~~sme~~p_~~argument~~_~~abs~~ent_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-mount_option_tmp_nodev_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-file_owner_var_log_syslog_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-file_owner_var_log_messages_ocil:questionnaire:1">
29	······<ocil:title>Verify·User·Who·Owns·/var/log/syslog·File</ocil:title>	29	······<ocil:title>Verify·User·Who·Owns·/var/log/messages·File</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-file_owner_var_log_syslog_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-file_owner_var_log_messages_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-~~grub2_s~~p~~ect~~re~~_v2~~_~~argument~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-prefer_64bit_os_ocil:questionnaire:1">
35	······<ocil:title>Enforce·Spectre·v2·~~mitiga~~tion</ocil:title>	35	······<ocil:title>Prefer·to·use·a·64-bit·Operating·System·when·supported</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~grub2_s~~p~~ect~~re~~_v2~~_~~argument~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-prefer_64bit_os_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-file_permissions_unauthorized_world_writable_ocil:questionnaire:1">
41	······<ocil:~~title>E~~nsure·~~No·W~~orld-Writable~~·Fil~~e~~s·Ex~~ist</ocil:title>	40	····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_ocil:questionnaire:1">
		41	······<ocil:title>Record·Events·that·Modify·User/Group·Information</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-f~~ile_pe~~r~~mission~~s_una~~utho~~ri~~zed~~_world_writa~~ble~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-audit_rules_usergroup_modification_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-kernel_config_randomize_memory_ocil:questionnaire:1">
47	······<ocil:title~~>Rand~~omi~~ze·the·kern~~el·me~~mory·sec~~t~~ion~~s</ocil:title>	46	····<ocil:questionnaire·id="ocil:ssg-sshd_set_max_auth_tries_ocil:questionnaire:1">
		47	······<ocil:title>Set·SSH·authentication·attempt·limit</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-ke~~rnel~~_~~config~~_ran~~domize~~_m~~emory~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-sshd_set_max_auth_tries_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-core~~dump_d~~i~~sab~~le_b~~acktr~~aces_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_hash_ocil:questionnaire:1">
53	······<ocil:title>Di~~sabl~~e·core·~~dump~~·~~backtrac~~es</ocil:title>	53	······<ocil:title>Specify·the·hash·to·use·when·signing·modules</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-core~~dump_d~~i~~sab~~le_b~~acktr~~aces_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_hash_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-a~~cco~~unt_~~unique_n~~ame_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_watch_localtime_ocil:questionnaire:1">
59	······<ocil:title>~~Ensu~~re~~·All~~·A~~ccoun~~ts~~·on~~·the·System·Have·~~Uniqu~~e·~~Nam~~es</ocil:title>	59	······<ocil:title>Record·Attempts·to·Alter·the·localtime·File</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-a~~cco~~unt_~~unique_n~~ame_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-audit_rules_time_watch_localtime_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-file_groupownership_sshd_pub_key_ocil:questionnaire:1">
65	······<ocil:ti~~tle>V~~eri~~fy·Group·Ownersh~~ip·on~~·SSH·Ser~~ver~~·Publi~~c~~·*.p~~u~~b·Key·Fil~~es</o~~cil:title~~>	64	····<ocil:questionnaire·id="ocil:ssg-partition_for_var_log_ocil:questionnaire:1">
		65	······<ocil:title>Ensure·/var/log·Located·On·Separate·Partition</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~file~~_gr~~oupow~~n~~ership~~_s~~shd~~_~~pub~~_~~key~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-partition_for_var_log_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-postfix_client_configure_relayhost_ocil:questionnaire:1">
71	······<ocil:t~~itle>C~~onf~~igu~~re·S~~ystem·to·Forw~~ard~~·All·M~~a~~il·~~t~~hrough·~~a~~·speci~~fi~~c·hos~~t</ocil:title>	70	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1">
		71	······<ocil:title>Configure·auditd·max_log_file_action·Upon·Reaching·Maximum·Log·Size</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~pos~~t~~fix~~_~~cli~~ent_con~~figure~~_rela~~yhost~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_max_log_file_action_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_~~rem~~o~~vexat~~tr_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchown_ocil:questionnaire:1">
77	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·~~rem~~o~~vexat~~tr</ocil:title>	77	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fchown</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_~~rem~~o~~vexat~~tr_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchown_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-secure~~tty_root~~_log~~in_console_only~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_sha512_ocil:questionnaire:1">
83	······<ocil:title>~~Rest~~rict·Virtual·Console·~~Root~~·~~Logins~~</ocil:title>	83	······<ocil:title>Sign·kernel·modules·with·SHA-512</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-secure~~tty_root~~_log~~in_console_only~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_sha512_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-~~package_aud~~it_~~installed~~_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-kernel_config_proc_kcore_ocil:questionnaire:1">
89	······<ocil:title>Ens~~ure·th~~e·au~~dit·Subsystem~~·~~is·Installed~~</ocil:title>	89	······<ocil:title>Disable·support·for·/proc/kkcore</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~package_aud~~it_~~installed~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-kernel_config_proc_kcore_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-auditd_freq_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-aide_disable_silentreports_ocil:questionnaire:1">
95	······<ocil:title>Se~~t·number~~·of·reco~~rds~~·to·cause·an·~~expl~~i~~cit·flush~~·t~~o·audi~~t·~~logs~~</ocil:title>	95	······<ocil:title>Configure·AIDE·To·Notify·Personnel·if·Baseline·Configurations·Are·Altered</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-auditd_freq_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-aide_disable_silentreports_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-d~~isplay~~_login_a~~tte~~mpts_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-auditd_log_format_ocil:questionnaire:1">
101	······<ocil:title>Ensure·~~PAM·Displ~~ay~~s·Last·L~~o~~gon/Access~~·No~~tif~~i~~cation~~</ocil:title>	101	······<ocil:title>Resolve·information·before·writing·to·audit·logs</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-d~~isplay~~_login_a~~tte~~mpts_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-auditd_log_format_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-~~service_~~ip6t~~able~~s_~~ena~~bled_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-auditd_freq_ocil:questionnaire:1">
107	······<ocil:title>Verify·~~ip6t~~ables·~~Enab~~led·if·~~Using~~·~~IPv6~~</ocil:title>	107	······<ocil:title>Set·number·of·records·to·cause·an·explicit·flush·to·audit·logs</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~service_~~ip6t~~able~~s_~~ena~~bled_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-auditd_freq_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-s~~erv~~ice_a~~utof~~s_di~~sabled~~_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-auditd_data_disk_error_action_stig_ocil:questionnaire:1">
113	······<ocil:title>Disa~~ble~~·~~the~~·Automo~~unte~~r</ocil:title>	113	······<ocil:title>Configure·auditd·Disk·Error·Action·on·Disk·Error</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-s~~erv~~ice_a~~utof~~s_di~~sabled~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-auditd_data_disk_error_action_stig_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-rsyslog_~~fil~~es_pe~~rmissions~~_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-file_owner_etc_passwd_ocil:questionnaire:1">
119	······<ocil:title>~~Ensure~~·System·~~Log~~·F~~ile~~s·Ha~~ve·Correct~~·~~Permis~~sions</ocil:title>	119	······<ocil:title>Verify·User·Who·Owns·passwd·File</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-rsyslog_~~fil~~es_pe~~rmissions~~_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-file_owner_etc_passwd_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	122	······</ocil:actions>
123	····</ocil:questionnaire>	123	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-~~auditd_~~over~~flow~~_action_ocil:questionnaire:1">	124	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_gshadow_ocil:questionnaire:1">
Max diff block lines reached; 693264/705909 bytes (98.21%) of diff not shown.


Offset 3, 8945 lines modified		Offset 3, 8898 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-grub2_uefi_password_ocil:questionnaire:1">
11	······<ocil:title~~>Set·the·UEFI·Boo~~t·Loade~~r·P~~asswo~~rd</~~ocil:title>	10	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_accept_source_route_ocil:questionnaire:1">
		11	······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Source-Routed·Packets·on·IPv4·Interfaces·by·Default</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-~~grub2~~_uefi_password_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_accept_source_route_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-no_rs~~h_t~~rust_~~fil~~es_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-package_iptables-persistent_removed_ocil:questionnaire:1">
17	······<ocil:title>Remove·Rs~~h·T~~rust·~~Files~~</ocil:title>	17	······<ocil:title>Remove·iptables-persistent·Package</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-no_rs~~h_t~~rust_~~fil~~es_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-package_iptables-persistent_removed_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-sudo_~~add_r~~e~~quiretty~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-coredump_disable_storage_ocil:questionnaire:1">
23	······<ocil:title>Ens~~ure·~~Onl~~y·Us~~ers·Lo~~gged~~·In~~·To·Real·tty·Ca~~n·~~Exe~~c~~ute·Sud~~o·-·sud~~o·req~~u~~iret~~ty</ocil:title>	23	······<ocil:title>Disable·storing·core·dump</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-sudo_~~add_r~~e~~quiretty~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-coredump_disable_storage_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-ss~~hd_us~~e_stron~~g_k~~ex_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-service_iptables_enabled_ocil:questionnaire:1">
29	······<ocil:title>Use·~~Onl~~y·St~~rong·K~~ey·E~~xcha~~n~~ge·~~a~~lgorithms~~</ocil:title>	29	······<ocil:title>Verify·iptables·Enabled</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-ss~~hd_us~~e_stron~~g_k~~ex_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-service_iptables_enabled_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_max_log_file_action_stig_ocil:questionnaire:1">
35	······<ocil:t~~itle>C~~onf~~igu~~re·~~aud~~itd~~·max_~~l~~og_fil~~e~~_acti~~on~~·Upon·Re~~a~~ching·Maxi~~m~~um·L~~o~~g·Siz~~e</o~~cil:title~~>	34	····<ocil:questionnaire·id="ocil:ssg-kernel_config_randomize_memory_ocil:questionnaire:1">
		35	······<ocil:title>Randomize·the·kernel·memory·sections</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~auditd_data~~_retention_max_log_file_a~~cti~~o~~n_st~~ig_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-kernel_config_randomize_memory_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-accounts_passwords_pam_faillock_audit_ocil:questionnaire:1">
41	······<ocil:title>Ac~~count·L~~o~~ckouts·Must·B~~e~~·Logg~~ed</ocil:title>	40	····<ocil:questionnaire·id="ocil:ssg-dconf_gnome_banner_enabled_ocil:questionnaire:1">
		41	······<ocil:title>Enable·GNOME3·Login·Warning·Banner</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-accounts_~~pas~~swo~~rds_p~~am_fa~~illock_~~a~~udit~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-dconf_gnome_banner_enabled_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-sudo_vdsm_n~~opa~~s~~swd~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-accounts_password_last_change_is_in_past_ocil:questionnaire:1">
47	······<ocil:title>Only·the·~~VDSM~~·User·Can·Use·s~~udo~~·~~NOPASSWD~~</ocil:title>	47	······<ocil:title>Ensure·all·users·last·password·change·date·is·in·the·past</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-sudo_vdsm_n~~opa~~s~~swd~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-accounts_password_last_change_is_in_past_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-disable_users_coredumps_ocil:questionnaire:1">
53	······<ocil:title>Dis~~able·Cor~~e~~·Dumps·f~~o~~r·A~~ll~~·Us~~er~~s</~~ocil:title>	52	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_all_accept_redirects_ocil:questionnaire:1">
		53	······<ocil:title>Disable·Accepting·ICMP·Redirects·for·All·IPv6·Interfaces</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-disable_~~users~~_cored~~ump~~s_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_all_accept_redirects_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-sysctl_ke~~rnel~~_~~dmesg~~_restrict_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_ocil:questionnaire:1">
59	······<ocil:title>Res~~tri~~ct·Access·to·Kernel·~~Message·Bu~~ffer</ocil:title>	59	······<ocil:title>Disable·Accepting·Packets·Routed·Between·Local·Interfaces</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-sysctl_ke~~rnel~~_~~dmesg~~_restrict_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_local_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~sshd_di~~s~~able~~_~~rhos~~t~~s_rsa~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-accounts_no_uid_except_zero_ocil:questionnaire:1">
65	······<ocil:title>~~Disab~~le~~·SSH~~·~~Support·for~~·Rhosts·~~RSA~~·~~Authentication~~</ocil:title>	65	······<ocil:title>Verify·Only·Root·Has·UID·0</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~sshd_di~~s~~able~~_~~rhos~~t~~s_rsa~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-accounts_no_uid_except_zero_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-file_~~group~~o~~wner_e~~tc_motd_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_removexattr_ocil:questionnaire:1">
71	······<ocil:title>Ve~~rify~~·~~Group~~·~~Ownersh~~ip·of·Message·of·the·~~Day~~·~~Bann~~er</ocil:title>	71	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·removexattr</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-file_~~group~~o~~wner_e~~tc_motd_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_removexattr_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
77	······<ocil:~~title>E~~nsure·~~Rsyslog·Authe~~n~~ticat~~es·~~Off-L~~o~~aded·Audit·Record~~s</o~~cil:title~~>	76	····<ocil:questionnaire·id="ocil:ssg-no_direct_root_logins_ocil:questionnaire:1">
		77	······<ocil:title>Direct·root·Logins·Not·Allowed</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~rsys~~log_encrypt_~~off~~load_~~act~~ionsends~~treamdriverauthmode~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-no_direct_root_logins_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-pa~~rtiti~~on~~_fo~~r_tmp_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-package_openssh-server_installed_ocil:questionnaire:1">
83	······<ocil:title>Ens~~ure·/~~tmp·~~Loc~~ate~~d·On~~·Separ~~ate~~·Part~~ition~~</ocil:title>	83	······<ocil:title>Install·the·OpenSSH·Server·Package</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-pa~~rtiti~~on~~_fo~~r_tmp_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-package_openssh-server_installed_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchmodat_ocil:questionnaire:1">
89	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·th~~at·M~~odify~~·the·Syst~~e~~m's·Discr~~et~~ion~~ar~~y·Acc~~es~~s·Contr~~ol~~s·-·fchmoda~~t</o~~cil:title~~>	88	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_shadow_ocil:questionnaire:1">
		89	······<ocil:title>Verify·User·Who·Owns·Backup·shadow·File</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-audi~~t_ru~~les_~~dac_m~~o~~dific~~a~~tion~~_fc~~hmo~~dat_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-file_groupowner_backup_etc_shadow_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-~~ntpd_c~~onfi~~gure_~~rest~~rictions~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-mount_option_var_tmp_nodev_ocil:questionnaire:1">
95	······<ocil:title>~~Configure~~·s~~erv~~er·restric~~tions~~·~~for·n~~tpd</ocil:title>	95	······<ocil:title>Add·nodev·Option·to·/var/tmp</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~ntpd_c~~onfi~~gure_~~rest~~rictions~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-mount_option_var_tmp_nodev_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-s~~et_~~i~~ptab~~les_de~~fault~~_rule~~_for~~w~~ard~~_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-audit_rules_session_events_wtmp_ocil:questionnaire:1">
101	······<ocil:title>Set·De~~faul~~t·ipt~~abl~~es·~~Policy·f~~or·~~Forw~~a~~rded~~·Pa~~cke~~ts</ocil:title>	101	······<ocil:title>Record·Attempts·to·Alter·Process·and·Session·Initiation·Information·wtmp</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-s~~et_~~i~~ptab~~les_de~~fault~~_rule~~_for~~w~~ard~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-audit_rules_session_events_wtmp_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-dir_perms_world_writable_sticky_bits_ocil:questionnaire:1">
107	······<ocil:~~title>Ver~~ify·~~that·Al~~l·W~~orld~~-Writab~~le·Direc~~tor~~ies·H~~a~~ve·Sticky·Bits·S~~e~~t</~~ocil:title>	106	····<ocil:questionnaire·id="ocil:ssg-grub2_spec_store_bypass_disable_argument_ocil:questionnaire:1">
		107	······<ocil:title>Configure·Speculative·Store·Bypass·Mitigation</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~dir~~_perms_~~world_wr~~itable_st~~icky_bi~~ts_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-grub2_spec_store_bypass_disable_argument_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_ssh_keysign_ocil:questionnaire:1">
113	······<ocil:~~title>E~~nsure·~~aud~~itd·Co~~llect~~s~~·Inform~~a~~tion·on·~~th~~e·Use·~~of~~·Pr~~ivi~~leged·Com~~mand~~s·-·ssh-k~~eysign</ocil:~~title~~>	112	····<ocil:questionnaire·id="ocil:ssg-zipl_audit_backlog_limit_argument_ocil:questionnaire:1">
		113	······<ocil:title>Extend·Audit·Backlog·Limit·for·the·Audit·Daemon·in·zIPL</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-a~~udit~~_ru~~les~~_p~~rivi~~leged_commands_~~ssh_k~~e~~ysi~~gn_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-zipl_audit_backlog_limit_argument_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_default_accept_ra_ocil:questionnaire:1">
119	······<ocil:~~title>Dis~~able·~~Accept~~in~~g·Router·Adv~~ertis~~eme~~n~~ts·~~on·all~~·IPv6·Interfa~~ces~~·by·D~~e~~fau~~lt</o~~cil:title~~>	118	····<ocil:questionnaire·id="ocil:ssg-file_permissions_cron_allow_ocil:questionnaire:1">
		119	······<ocil:title>Verify·Permissions·on·/etc/cron.allow·file</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
Max diff block lines reached; 1353920/1366580 bytes (99.07%) of diff not shown.


Offset 3, 7504 lines modified		Offset 3, 7504 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-file~~_group~~own~~ersh~~ip_ss~~hd_pri~~vat~~e_k~~ey_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-selinux_state_ocil:questionnaire:1">
11	······<ocil:title>~~Verify·G~~roup·~~Ownersh~~i~~p·o~~n·SSH·S~~erver·Pri~~vate·*_key·~~Key·Files~~</ocil:title>	11	······<ocil:title>Ensure·SELinux·State·is·Enforcing</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-file~~_group~~own~~ersh~~ip_ss~~hd_pri~~vat~~e_k~~ey_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-selinux_state_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_ftruncate_ocil:questionnaire:1">
17	······<ocil:~~title>Reco~~rd·~~Unsu~~ccessful~~·Acc~~ess·~~Attempts·to·F~~iles~~·-·ftrunca~~te</o~~cil:title~~>	16	····<ocil:questionnaire·id="ocil:ssg-file_ownership_library_dirs_ocil:questionnaire:1">
		17	······<ocil:title>Verify·that·Shared·Library·Files·Have·Root·Ownership</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-audi~~t_ru~~les_~~unsucc~~ess~~ful_~~file_modification_ftr~~uncat~~e_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-file_ownership_library_dirs_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-~~ker~~nel_config_debug_~~creden~~tials_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_log_martians_ocil:questionnaire:1">
23	······<ocil:title>Enable·che~~cks~~·on·creden~~tia~~l·management</ocil:title>	23	······<ocil:title>Enable·Kernel·Paremeter·to·Log·Martian·Packets·on·all·IPv4·Interfaces·by·Default</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~ker~~nel_config_debug_~~creden~~tials_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_log_martians_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-sshd_set_idle_~~tim~~e~~out~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_default_accept_ra_ocil:questionnaire:1">
29	······<ocil:title>Set·~~SSH~~·Client·Alive·Interval</ocil:title>	29	······<ocil:title>Disable·Accepting·Router·Advertisements·on·all·IPv6·Interfaces·by·Default</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-sshd_set_idle_~~tim~~e~~out~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_default_accept_ra_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-audit_rules_sudoers_d_ocil:questionnaire:1">
35	······<ocil:~~title>E~~nsure·~~aud~~itd·Coll~~ects·S~~yst~~em·Admin~~i~~strat~~or~~·Actions·-·/~~e~~tc/su~~doers~~.d/</~~ocil:title>	34	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_send_redirects_ocil:questionnaire:1">
		35	······<ocil:title>Disable·Kernel·Parameter·for·Sending·ICMP·Redirects·on·all·IPv4·Interfaces·by·Default</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~aud~~it_rules_sudoer~~s_d~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_send_redirects_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_default_accept_redirects_ocil:questionnaire:1">
41	······<ocil:title~~>Di~~s~~able·Ke~~rnel·~~Parameter·for·Ac~~cept~~ing·ICMP·Redir~~ect~~s·by·Def~~au~~lt·o~~n~~·IPv6·Interfac~~es</o~~cil:title~~>	40	····<ocil:questionnaire·id="ocil:ssg-sysctl_fs_protected_hardlinks_ocil:questionnaire:1">
		41	······<ocil:title>Enable·Kernel·Parameter·to·Enforce·DAC·on·Hardlinks</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ip~~v6_~~co~~nf_defaul~~t_accept_~~redirect~~s_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-sysctl_fs_protected_hardlinks_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-a~~udit~~d_local_e~~vents~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-smartcard_configure_cert_checking_ocil:questionnaire:1">
47	······<ocil:title>Include·~~Loc~~a~~l·Ev~~ents·in·Au~~dit·Logs~~</ocil:title>	47	······<ocil:title>Configure·Smart·Card·Certificate·Status·Checking</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-a~~udit~~d_local_e~~vents~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-smartcard_configure_cert_checking_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-~~sysc~~tl_~~net~~_i~~pv4_co~~nf_all~~_send_r~~ed~~irects~~_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-vlock_installed_ocil:questionnaire:1">
53	······<ocil:title>~~Disable~~·Kernel·Paramete~~r·f~~o~~r·Send~~in~~g·ICMP·R~~ed~~ire~~cts·on·all·~~IPv4·I~~n~~terfaces~~</ocil:title>	53	······<ocil:title>Check·that·vlock·is·installed·to·allow·session·locking</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~sysc~~tl_~~net~~_i~~pv4_co~~nf_all~~_send_r~~ed~~irects~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-vlock_installed_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-~~no_direct~~_root_~~log~~ins_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-sysctl_fs_protected_symlinks_ocil:questionnaire:1">
59	······<ocil:title>Dire~~ct·~~root·Logins·Not·All~~owed~~</ocil:title>	59	······<ocil:title>Enable·Kernel·Parameter·to·Enforce·DAC·on·Symlinks</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~no_direct~~_root_~~log~~ins_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-sysctl_fs_protected_symlinks_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-mo~~unt_opt~~ion_~~var_log_aud~~it_n~~osuid~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-postfix_client_configure_mail_alias_ocil:questionnaire:1">
65	······<ocil:title>A~~dd·nos~~uid·~~Option~~·to·/var/lo~~g/audi~~t</ocil:title>	65	······<ocil:title>Configure·System·to·Forward·All·Mail·For·The·Root·Account</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-mo~~unt_opt~~ion_~~var_log_aud~~it_n~~osuid~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-postfix_client_configure_mail_alias_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-kernel_config_de~~bug_n~~otifiers_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-kernel_config_page_poisoning_zero_ocil:questionnaire:1">
71	······<ocil:title>~~Enabl~~e·~~check~~s·on·notifie~~r·call·ch~~a~~ins~~</ocil:title>	71	······<ocil:title>Use·zero·for·poisoning·instead·of·debugging·value</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-kernel_config_de~~bug_n~~otifiers_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-kernel_config_page_poisoning_zero_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchown_ocil:questionnaire:1">
77	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·th~~at·M~~odi~~fy·the·Syst~~e~~m's·Discret~~ion~~ary·Acc~~e~~ss·Contro~~l~~s·-·fch~~own</ocil:~~title~~>	76	····<ocil:questionnaire·id="ocil:ssg-package_openldap-clients_removed_ocil:questionnaire:1">
		77	······<ocil:title>Ensure·LDAP·client·is·not·installed</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-a~~udit_rul~~es_da~~c_modif~~ication_~~fch~~own_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-package_openldap-clients_removed_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-~~fil~~e_~~perm~~iss~~ions_c~~rontab_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-kernel_config_hibernation_ocil:questionnaire:1">
83	······<ocil:title>Veri~~fy·P~~e~~rmi~~ssion~~s·o~~n~~·cr~~on~~tab~~</ocil:title>	83	······<ocil:title>Disable·hibernation</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~fil~~e_~~perm~~iss~~ions_c~~rontab_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-kernel_config_hibernation_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_shadow_ocil:questionnaire:1">
89	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·th~~at·M~~odify·Us~~er/Group·Inform~~a~~tion·-·/etc/~~shadow</ocil:title>	88	····<ocil:questionnaire·id="ocil:ssg-disallow_bypass_password_sudo_ocil:questionnaire:1">
		89	······<ocil:title>Disallow·Configuration·to·Bypass·Password·Requirements·for·Privilege·Escalation</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-audit~~_ru~~les_~~usergr~~oup_~~modification~~_shadow_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-disallow_bypass_password_sudo_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_var_log_ocil:questionnaire:1">
95	······<ocil:title~~>Ver~~i~~fy·Gro~~u~~p·Who·Owns·/va~~r/log·Direc~~tory</~~ocil:title>	94	····<ocil:questionnaire·id="ocil:ssg-audit_rules_networkconfig_modification_ocil:questionnaire:1">
		95	······<ocil:title>Record·Events·that·Modify·the·System's·Network·Environment</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-file_groupo~~wner~~_~~var_l~~og_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-audit_rules_networkconfig_modification_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-installed_OS_is_FIPS_certified_ocil:questionnaire:1">
101	······<ocil:ti~~tle>Th~~e·~~Instal~~l~~ed·Operatin~~g·Syst~~em·Is·FIPS·140-2·C~~e~~rtif~~i~~ed</~~ocil:title>	100	····<ocil:questionnaire·id="ocil:ssg-rsyslog_encrypt_offload_defaultnetstreamdriver_ocil:questionnaire:1">
		101	······<ocil:title>Ensure·Rsyslog·Encrypts·Off-Loaded·Audit·Records</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-installed_~~OS_is_FIPS_c~~e~~rtif~~ied_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-rsyslog_encrypt_offload_defaultnetstreamdriver_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-ch~~ronyd~~_run_~~as_~~chron~~y_user~~_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-audit_rules_execution_chcon_ocil:questionnaire:1">
107	······<ocil:title>~~Ensu~~re~~·that·~~chronyd~~·is~~·~~runn~~ing·~~und~~er~~·chrony~~·u~~ser~~·account</ocil:title>	107	······<ocil:title>Record·Any·Attempts·to·Run·chcon</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-ch~~ronyd~~_run_~~as_~~chron~~y_user~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-audit_rules_execution_chcon_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-~~sshd~~_use_approved_macs_ordered~~_st~~ig_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_sudoedit_ocil:questionnaire:1">
113	······<ocil:title>Use·Only·~~FIPS~~·~~140-2~~·~~Val~~i~~dat~~ed·~~MAC~~s</ocil:title>	113	······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·sudoedit</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_use_approved_macs_ordered~~_st~~ig_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_sudoedit_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-sshd_li~~mit~~_user_~~access~~_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_rp_filter_ocil:questionnaire:1">
119	······<ocil:title>Limit·Users'·~~SSH~~·Access</ocil:title>	119	······<ocil:title>Enable·Kernel·Parameter·to·Use·Reverse·Path·Filtering·on·all·IPv4·Interfaces·by·Default</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-sshd_li~~mit~~_user_~~access~~_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_rp_filter_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	122	······</ocil:actions>
Max diff block lines reached; 1416441/1429334 bytes (99.10%) of diff not shown.


Offset 3, 3943 lines modified		Offset 3, 3943 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-au~~dit~~d_data_d~~isk_~~er~~ror~~_a~~cti~~on_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-sshd_set_loglevel_info_ocil:questionnaire:1">
11	······<ocil:title>~~Configu~~re~~·audi~~td·Di~~sk·Error~~·Act~~ion·~~o~~n·Disk~~·E~~rror~~</ocil:title>	11	······<ocil:title>Set·LogLevel·to·INFO</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-au~~dit~~d_data_d~~isk_~~er~~ror~~_a~~cti~~on_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-sshd_set_loglevel_info_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-~~serv~~ice_~~dovec~~ot_di~~sable~~d_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-mount_option_var_log_audit_nosuid_ocil:questionnaire:1">
17	······<ocil:title>Di~~sable~~·Dov~~ecot·Service~~</ocil:title>	17	······<ocil:title>Add·nosuid·Option·to·/var/log/audit</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~serv~~ice_~~dovec~~ot_di~~sable~~d_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-mount_option_var_log_audit_nosuid_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-g~~nom~~e~~_gdm~~_~~disable_xdmcp~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-file_owner_crontab_ocil:questionnaire:1">
23	······<ocil:title>D~~isable~~·~~XDMCP~~·in·~~GDM~~</ocil:title>	23	······<ocil:title>Verify·Owner·on·crontab</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-g~~nom~~e~~_gdm~~_~~disable_xdmcp~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-file_owner_crontab_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-~~sshd_s~~et_i~~dle~~_tim~~eout~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-package_rsh_removed_ocil:questionnaire:1">
29	······<ocil:title>~~Set·SSH·~~Client·Al~~ive·Interval~~</ocil:title>	29	······<ocil:title>Uninstall·rsh·Package</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~sshd_s~~et_i~~dle~~_tim~~eout~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-package_rsh_removed_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-sysctl_ke~~rnel~~_~~yama~~_~~ptrac~~e_~~scop~~e_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_send_redirects_ocil:questionnaire:1">
35	······<ocil:title>Restr~~ict~~·usage·of·~~ptrace~~·to·descendant·~~proc~~esses</ocil:title>	35	······<ocil:title>Disable·Kernel·Parameter·for·Sending·ICMP·Redirects·on·all·IPv4·Interfaces</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-sysctl_ke~~rnel~~_~~yama~~_~~ptrac~~e_~~scop~~e_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_send_redirects_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_rp_filter_ocil:questionnaire:1">
41	······<ocil:~~title>E~~nable·~~Kernel·Paramet~~er~~·to·U~~se~~·Revers~~e~~·Path·Fil~~ter~~ing·on·~~all~~·IPv4·Interfac~~es</o~~cil:title~~>	40	····<ocil:questionnaire·id="ocil:ssg-kernel_module_usb-storage_disabled_ocil:questionnaire:1">
		41	······<ocil:title>Disable·Modprobe·Loading·of·USB·Storage·Driver</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~sysct~~l_~~net_ipv4_conf_~~all_~~rp_fi~~lter_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-kernel_module_usb-storage_disabled_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_ftruncate_ocil:questionnaire:1">
47	······<ocil:title>~~Rec~~o~~rd·Unsuccessfu~~l~~·Access·A~~t~~tempt~~s~~·to·F~~ile~~s·-·ftru~~n~~cat~~e</ocil:title>	46	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_usermod_ocil:questionnaire:1">
		47	······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·usermod</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-audit_rules_~~unsuccessful_f~~ile_modific~~atio~~n~~_ftruncate~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_usermod_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-a~~uditd_da~~ta_r~~etention~~_max_~~log_fi~~le~~_actio~~n_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_minlen_ocil:questionnaire:1">
53	······<ocil:title>Configure·~~auditd~~·ma~~x_l~~og~~_file_~~a~~cti~~on·~~Upon·R~~e~~aching~~·Maximum·Log~~·Size~~</ocil:title>	53	······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Minimum·Length</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-a~~uditd_da~~ta_r~~etention~~_max_~~log_fi~~le~~_actio~~n_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_minlen_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_truncate_ocil:questionnaire:1">
59	······<ocil:~~title>Reco~~rd·~~Unsu~~c~~ces~~s~~ful·Ac~~ce~~ss·At~~temp~~ts·t~~o~~·Fil~~e~~s·-·~~t~~runc~~at~~e</~~ocil:title>	58	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_log_martians_ocil:questionnaire:1">
		59	······<ocil:title>Enable·Kernel·Paremeter·to·Log·Martian·Packets·on·all·IPv4·Interfaces·by·Default</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~audi~~t~~_ru~~les_un~~successful~~_~~file~~_modif~~ica~~tion_~~trunc~~ate_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_log_martians_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-dconf_gnome_banner_enabled_ocil:questionnaire:1">
65	······<ocil:titl~~e>En~~able~~·GNOME3·L~~ogi~~n·W~~a~~rni~~n~~g·B~~an~~ner</~~ocil:title>	64	····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_opasswd_ocil:questionnaire:1">
		65	······<ocil:title>Record·Events·that·Modify·User/Group·Information·-·/etc/security/opasswd</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-d~~conf~~_gnom~~e_b~~a~~nner~~_ena~~ble~~d_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-audit_rules_usergroup_modification_opasswd_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-accounts_passwords_pam_faillock_unlock_time_ocil:questionnaire:1">
71	······<ocil:ti~~tle>Set~~·~~Lock~~o~~ut·~~Ti~~me·for·Fa~~i~~led·Pa~~s~~sword·Attempts</~~ocil:title>	70	····<ocil:questionnaire·id="ocil:ssg-audit_rules_execution_chacl_ocil:questionnaire:1">
		71	······<ocil:title>Record·Any·Attempts·to·Run·chacl</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-a~~cco~~u~~nts~~_~~password~~s_~~pam_fa~~illo~~ck_u~~nlock_~~time~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-audit_rules_execution_chacl_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-~~file_pe~~r~~missio~~n~~s_b~~ackup_etc_shadow_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-journald_storage_ocil:questionnaire:1">
77	······<ocil:title>~~Verify~~·Permissions·on·~~Backu~~p·s~~hadow~~·File</ocil:title>	77	······<ocil:title>Ensure·journald·is·configured·to·write·log·files·to·persistent·disk</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~file_pe~~r~~missio~~n~~s_b~~ackup_etc_shadow_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-journald_storage_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-~~file_permiss~~ions_ba~~cku~~p_~~etc~~_p~~asswd~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-mount_option_var_log_nodev_ocil:questionnaire:1">
83	······<ocil:title>V~~erify·P~~e~~rmiss~~ions·on·~~Backup~~·pa~~sswd·File~~</ocil:title>	83	······<ocil:title>Add·nodev·Option·to·/var/log</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~file_permiss~~ions_ba~~cku~~p_~~etc~~_p~~asswd~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-mount_option_var_log_nodev_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-file_ownership_var_log_audit_stig_ocil:questionnaire:1">
89	······<ocil:tit~~le>Syst~~em·~~Audit·Log~~s~~·Mu~~s~~t·B~~e~~·Own~~ed~~·By·Root</~~ocil:title>	88	····<ocil:questionnaire·id="ocil:ssg-service_named_disabled_ocil:questionnaire:1">
		89	······<ocil:title>Disable·named·Service</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~file_ow~~ner~~ship~~_var_~~log~~_audi~~t_stig~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-service_named_disabled_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-~~file_perm~~iss~~ions_~~at_~~allow~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-rsyslog_filecreatemode_ocil:questionnaire:1">
95	······<ocil:title>Ve~~rif~~y~~·Permissions~~·on·/e~~tc/at.allow·~~file</ocil:title>	95	······<ocil:title>Ensure·rsyslog·Default·File·Permissions·Configured</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~file_perm~~iss~~ions_~~at_~~allow~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-rsyslog_filecreatemode_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_rmmod_ocil:questionnaire:1">
101	······<ocil:~~title>E~~nsure·~~aud~~itd·Col~~lect~~s~~·Inf~~ormation·on·the·Use·~~of·Priv~~i~~lege~~d·Comm~~ands·-·rmm~~od<~~/oc~~il:~~title~~>	100	····<ocil:questionnaire·id="ocil:ssg-mount_option_dev_shm_nosuid_ocil:questionnaire:1">
		101	······<ocil:title>Add·nosuid·Option·to·/dev/shm</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~audi~~t_~~rules~~_priv~~ileg~~ed_commands~~_rm~~mod_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-mount_option_dev_shm_nosuid_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_motd_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-disable_users_coredumps_ocil:questionnaire:1">
107	······<ocil:title>Veri~~fy·p~~e~~rmis~~sions·on~~·Mes~~s~~age~~·of·the·~~Day~~·Banner</ocil:title>	107	······<ocil:title>Disable·Core·Dumps·for·All·Users</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_motd_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-disable_users_coredumps_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-sshd_limit_user_access_ocil:questionnaire:1">
113	······<ocil:title>Limit·User~~s'·SSH·A~~cces~~s</~~ocil:title>	112	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_modprobe_ocil:questionnaire:1">
		113	······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·modprobe</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_limit_us~~er_access~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_modprobe_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-audit_rules_login_~~even~~ts_~~faill~~ock_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_gshadow_ocil:questionnaire:1">
119	······<ocil:title>Record·Attempts·to·Alter·Lo~~gon~~·~~and·Log~~out·~~Even~~ts·-·~~faillock~~</ocil:title>	119	······<ocil:title>Record·Events·that·Modify·User/Group·Information·-·/etc/gshadow</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-audit_rules_login_~~even~~ts_~~faill~~ock_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-audit_rules_usergroup_modification_gshadow_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 891976/904596 bytes (98.60%) of diff not shown.


Offset 3, 2491 lines modified		Offset 3, 2491 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-no_~~all_~~s~~qua~~sh_~~exports~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-file_permissions_sshd_pub_key_ocil:questionnaire:1">
11	······<ocil:title>~~Ensure~~·~~All-Squa~~shing·~~Disa~~bled·~~On·All·Export~~s</ocil:title>	11	······<ocil:title>Verify·Permissions·on·SSH·Server·Public·*.pub·Key·Files</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-no_~~all_~~s~~qua~~sh_~~exports~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-file_permissions_sshd_pub_key_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-~~grub2~~_no~~smep_~~argument_abs~~ent~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-snmpd_not_default_password_ocil:questionnaire:1">
17	······<ocil:title>Ensure·~~SMEP·is~~·~~not~~·dis~~able~~d·~~during~~·~~boot~~</ocil:title>	17	······<ocil:title>Ensure·Default·SNMP·Password·Is·Not·Used</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~grub2~~_no~~smep_~~argument_abs~~ent~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-snmpd_not_default_password_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fremovexattr_ocil:questionnaire:1">
23	······<ocil:title>~~Rec~~o~~rd·Eve~~n~~ts·t~~ha~~t·Mod~~i~~fy·t~~he·Sy~~stem's·Di~~s~~cret~~iona~~ry·A~~ccess·Cont~~rols·-·fremov~~exattr</o~~cil:title~~>	22	····<ocil:questionnaire·id="ocil:ssg-disable_host_auth_ocil:questionnaire:1">
		23	······<ocil:title>Disable·Host-Based·Authentication</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-audit~~_ru~~le~~s_dac~~_mo~~dific~~at~~ion~~_~~fremovex~~attr_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-disable_host_auth_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-kernel_config_x86_vsyscall_emulation_ocil:questionnaire:1">
29	······<ocil:title>Dis~~able·x86·vsy~~s~~cal~~l~~·emu~~lation</ocil:title>	28	····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_rename_ocil:questionnaire:1">
		29	······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·rename</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-k~~ernel~~_~~config_x86~~_~~vsyscall~~_e~~mulatio~~n_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_rename_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-sud~~oer~~s~~_no~~_~~root~~_tar~~get~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_kerb_auth_ocil:questionnaire:1">
35	······<ocil:title>D~~on't~~·target·roo~~t·u~~ser·in·the~~·sudoers·f~~ile</ocil:title>	35	······<ocil:title>Disable·Kerberos·Authentication</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-sud~~oer~~s~~_no~~_~~root~~_tar~~get~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-sshd_disable_kerb_auth_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-dir~~_ownersh~~ip_~~binary~~_dirs_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-kernel_config_seccomp_filter_ocil:questionnaire:1">
41	······<ocil:title>~~Verify~~·t~~hat~~·~~Syst~~e~~m·Ex~~e~~cut~~able·~~Hav~~e~~·Roo~~t·~~Own~~e~~rshi~~p</ocil:title>	41	······<ocil:title>Enable·use·of·Berkeley·Packet·Filter·with·seccomp</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-dir~~_ownersh~~ip_~~binary~~_dirs_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-kernel_config_seccomp_filter_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-kernel_module_ipv6_option_disabled_ocil:questionnaire:1">
47	······<ocil:~~title>Dis~~able·~~IPv6·Networking·Suppo~~r~~t·Automati~~c~~·Lo~~adin~~g</~~ocil:title>	46	····<ocil:questionnaire·id="ocil:ssg-file_owner_backup_etc_shadow_ocil:questionnaire:1">
		47	······<ocil:title>Verify·Group·Who·Owns·Backup·shadow·File</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-k~~ern~~el_module~~_ipv6_o~~p~~tion~~_dis~~abled~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_shadow_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-~~no_~~netrc_fi~~les~~_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-kernel_config_bug_ocil:questionnaire:1">
53	······<ocil:title>~~Verify~~·N~~o·net~~rc·Fi~~les~~·~~Exist~~</ocil:title>	53	······<ocil:title>Enable·support·for·BUG()</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~no_~~netrc_fi~~les~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-kernel_config_bug_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-~~fil~~e_ow~~nersh~~ip_var_log_~~audit~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-gnome_gdm_disable_xdmcp_ocil:questionnaire:1">
59	······<ocil:title>~~System·Au~~di~~t·Logs·Mu~~s~~t·B~~e·~~Owned~~·By·R~~oot~~</ocil:title>	59	······<ocil:title>Disable·XDMCP·in·GDM</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~fil~~e_ow~~nersh~~ip_var_log_~~audit~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-gnome_gdm_disable_xdmcp_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_passwd_ocil:questionnaire:1">
65	······<ocil:ti~~tle>V~~eri~~fy·Group·Who·Ow~~n~~s·Ba~~c~~kup·passwd·F~~ile</ocil:title>	64	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_arp_filter_ocil:questionnaire:1">
		65	······<ocil:title>Configure·ARP·filtering·for·All·IPv4·Interfaces</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-file_~~groupow~~ner_backup_~~etc~~_~~passwd~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_arp_filter_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_p~~asswd~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_group_ocil:questionnaire:1">
71	······<ocil:title>Verify·Permissions·on·Backup·p~~asswd~~·File</ocil:title>	71	······<ocil:title>Verify·Permissions·on·Backup·group·File</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_p~~asswd~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_group_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-~~file~~_~~permiss~~io~~ns_var~~_lo~~g_syslog~~_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-grub2_enable_iommu_force_ocil:questionnaire:1">
77	······<ocil:title>V~~erify~~·~~Perm~~is~~sions·~~on·/var~~/log/syslog·F~~ile</ocil:title>	77	······<ocil:title>IOMMU·configuration·directive</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~file~~_~~permiss~~io~~ns_var~~_lo~~g_syslog~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-grub2_enable_iommu_force_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_ocil:questionnaire:1">
83	······<ocil:~~title>E~~nsure·~~aud~~itd·Co~~lle~~ct~~s·Unauthor~~i~~zed·Access·Att~~e~~mpts~~·to·Fil~~es·(u~~nsuccess~~ful)~~</o~~cil:title~~>	82	····<ocil:questionnaire·id="ocil:ssg-selinux_not_disabled_ocil:questionnaire:1">
		83	······<ocil:title>Ensure·SELinux·is·Not·Disabled</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~audit_rules_un~~s~~ucc~~e~~ssf~~ul_f~~ile~~_modifica~~tion~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-selinux_not_disabled_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-grub2_spectre_v2_argument_ocil:questionnaire:1">
89	······<ocil:title~~>Enf~~orce·Spe~~ctre·v2·mi~~tig~~ation</~~ocil:title>	88	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_gshadow_ocil:questionnaire:1">
		89	······<ocil:title>Verify·Group·Who·Owns·Backup·gshadow·File</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-gru~~b2_spe~~c~~tre~~_~~v2_argument~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-file_groupowner_backup_etc_gshadow_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-package_~~MFEhiplsm~~_installed_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-package_logrotate_installed_ocil:questionnaire:1">
95	······<ocil:title>Ins~~tall·~~the·Ho~~st·In~~tr~~usi~~o~~n·Prev~~ention·Syst~~em·(HIPS)·Mo~~d~~ule~~</ocil:title>	95	······<ocil:title>Ensure·logrotate·is·Installed</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-package_~~MFEhiplsm~~_installed_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-package_logrotate_installed_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-~~partiti~~on_fo~~r_srv~~_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-rsyslog_remote_loghost_ocil:questionnaire:1">
101	······<ocil:title>Ensure·~~/srv~~·L~~oca~~ted·On·Separate·Pa~~rti~~t~~ion~~</ocil:title>	101	······<ocil:title>Ensure·Logs·Sent·To·Remote·Host</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~partiti~~on_fo~~r_srv~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-rsyslog_remote_loghost_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-dir_permissions_library_dirs_ocil:questionnaire:1">
107	······<ocil:title>Verify~~·th~~a~~t·Shared·L~~i~~brary·D~~irectories·~~Have·Re~~s~~trictive·Perm~~i~~ssion~~s</o~~cil:title~~>	106	····<ocil:questionnaire·id="ocil:ssg-file_ownership_sshd_pub_key_ocil:questionnaire:1">
		107	······<ocil:title>Verify·Ownership·on·SSH·Server·Public·*.pub·Key·Files</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-dir_~~permi~~ssions_~~library~~_d~~irs~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-file_ownership_sshd_pub_key_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-accounts_polyinstantiated_var_tmp_ocil:questionnaire:1">
113	······<ocil:t~~itle>C~~onf~~igu~~re·Pol~~yinstan~~tiat~~ion·of·/v~~ar/t~~mp·Dire~~c~~tori~~es</o~~cil:title~~>	112	····<ocil:questionnaire·id="ocil:ssg-set_ip6tables_default_rule_ocil:questionnaire:1">
		113	······<ocil:title>Set·Default·ip6tables·Policy·for·Incoming·Packets</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~acco~~unts_p~~olyinstanti~~a~~ted~~_var_~~tmp~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-set_ip6tables_default_rule_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-audi~~t_ru~~les_file_~~delet~~ion_e~~vents~~_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_group_ocil:questionnaire:1">
119	······<ocil:title>~~Ensu~~re~~·au~~ditd·~~Col~~le~~cts~~·File~~·Deleti~~on·E~~vents~~·by~~·Us~~er</ocil:title>	119	······<ocil:title>Verify·Permissions·on·group·File</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-audi~~t_ru~~les_file_~~delet~~ion_e~~vents~~_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_group_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 703452/715679 bytes (98.29%) of diff not shown.


Offset 3, 7914 lines modified		Offset 3, 7921 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
		10	····<ocil:questionnaire·id="ocil:ssg-grub2_nosmap_argument_absent_ocil:questionnaire:1">
		11	······<ocil:title>Ensure·SMAP·is·not·disabled·during·boot</ocil:title>
		12	······<ocil:actions>
		13	········<ocil:test_action_ref>ocil:ssg-grub2_nosmap_argument_absent_action:testaction:1</ocil:test_action_ref>
		14	······</ocil:actions>
		15	····</ocil:questionnaire>
10	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_ftruncate_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_ftruncate_ocil:questionnaire:1">
11	······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·ftruncate</ocil:title>	17	······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·ftruncate</ocil:title>
12	······<ocil:actions>	18	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_ftruncate_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_ftruncate_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	20	······</ocil:actions>
15	····</ocil:questionnaire>	21	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-~~packag~~e_sudo_~~ins~~t~~all~~ed_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-dir_system_commands_root_owned_ocil:questionnaire:1">
17	······<ocil:title>~~Ins~~tall·sudo·Pa~~ckag~~e</ocil:title>	23	······<ocil:title>Verify·that·system·commands·directories·have·root·ownership</ocil:title>
18	······<ocil:actions>	24	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_sudo_~~ins~~t~~all~~ed_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-dir_system_commands_root_owned_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	26	······</ocil:actions>
21	····</ocil:questionnaire>	27	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_default_accept_redirects_ocil:questionnaire:1">
23	······<ocil:title~~>Di~~s~~able·Ker~~n~~el·Pa~~rameter·f~~or·Ac~~c~~eptin~~g·I~~CMP·Re~~di~~rects·by·Def~~a~~ult·on·IPv6·Interfac~~es</o~~cil:title~~>	28	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_root_password_login_ocil:questionnaire:1">
		29	······<ocil:title>Disable·SSH·root·Login·with·a·Password·(Insecure)</ocil:title>
24	······<ocil:actions>	30	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-sysctl_~~net~~_i~~pv6_conf_d~~e~~faul~~t_a~~ccept_~~red~~irects~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-sshd_disable_root_password_login_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	32	······</ocil:actions>
27	····</ocil:questionnaire>	33	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-coredump_disable~~_backtrac~~es_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-grub2_slab_nomerge_argument_ocil:questionnaire:1">
29	······<ocil:title>Disable·core·~~dump·~~b~~ack~~traces</ocil:title>	35	······<ocil:title>Disable·merging·of·slabs·with·similar·size</ocil:title>
30	······<ocil:actions>	36	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-coredump_disable~~_backtrac~~es_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-grub2_slab_nomerge_argument_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	38	······</ocil:actions>
33	····</ocil:questionnaire>	39	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_max_log_file_action_stig_ocil:questionnaire:1">
35	······<ocil:t~~itle>C~~onf~~igu~~re·~~aud~~i~~td·max_log~~_file_actio~~n·Upon·Re~~a~~chi~~n~~g·Maximum·Log·Siz~~e</o~~cil:title~~>	40	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchownat_ocil:questionnaire:1">
		41	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fchownat</ocil:title>
36	······<ocil:actions>	42	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-audit~~d_data~~_rete~~ntio~~n_max_log_file_action_~~stig~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchownat_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	44	······</ocil:actions>
39	····</ocil:questionnaire>	45	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-acc~~oun~~ts_users_home_files_~~gro~~u~~pownership~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-audit_rules_kernel_module_loading_ocil:questionnaire:1">
41	······<ocil:title>~~All~~·User~~·Fil~~es·and·Di~~rect~~ories·In~~·The·~~Ho~~me·D~~ir~~ect~~ory·M~~ust·Be~~·~~Gro~~u~~p-Owne~~d~~·By~~·~~The~~·~~Prim~~a~~ry·Group~~</ocil:title>	47	······<ocil:title>Ensure·auditd·Collects·Information·on·Kernel·Module·Loading·and·Unloading</ocil:title>
42	······<ocil:actions>	48	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-acc~~oun~~ts_users_home_files_~~gro~~u~~pownership~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	50	······</ocil:actions>
45	····</ocil:questionnaire>	51	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_efi_user_cfg_ocil:questionnaire:1">
47	······<ocil:ti~~tle>V~~eri~~fy·/boot/~~gru~~b2/u~~ser~~.cfg·Group·Ownership</~~ocil:title>	52	····<ocil:questionnaire·id="ocil:ssg-accounts_passwords_pam_faillock_audit_ocil:questionnaire:1">
		53	······<ocil:title>Account·Lockouts·Must·Be·Logged</ocil:title>
48	······<ocil:actions>	54	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~file_grou~~pow~~ner~~_efi~~_user~~_~~cfg~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-accounts_passwords_pam_faillock_audit_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	56	······</ocil:actions>
51	····</ocil:questionnaire>	57	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-ke~~rnel~~_~~con~~fi~~g_panic_~~on_o~~ops~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_root_login_ocil:questionnaire:1">
53	······<ocil:title>~~Kerne~~l·~~panic~~·o~~ops~~</ocil:title>	59	······<ocil:title>Disable·SSH·Root·Login</ocil:title>
54	······<ocil:actions>	60	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-ke~~rnel~~_~~con~~fi~~g_panic_~~on_o~~ops~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-sshd_disable_root_login_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	62	······</ocil:actions>
57	····</ocil:questionnaire>	63	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_ker~~b_auth~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_x11_forwarding_ocil:questionnaire:1">
59	······<ocil:title>Disable·~~Kerberos~~·~~Authenticat~~ion</ocil:title>	65	······<ocil:title>Disable·X11·Forwarding</ocil:title>
60	······<ocil:actions>	66	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-sshd_disable_ker~~b_auth~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-sshd_disable_x11_forwarding_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	68	······</ocil:actions>
63	····</ocil:questionnaire>	69	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~packa~~ge_~~talk-s~~e~~rver_rem~~oved_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-grub2_uefi_password_ocil:questionnaire:1">
65	······<ocil:title>~~Uninstall~~·~~talk-serv~~er·Pa~~ckage~~</ocil:title>	71	······<ocil:title>Set·the·UEFI·Boot·Loader·Password</ocil:title>
66	······<ocil:actions>	72	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~packa~~ge_~~talk-s~~e~~rver_rem~~oved_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-grub2_uefi_password_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	74	······</ocil:actions>
69	····</ocil:questionnaire>	75	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_backup_etc_shadow_ocil:questionnaire:1">
71	······<ocil:ti~~tle>V~~eri~~fy·U~~s~~er·Who·Own~~s·Bac~~kup·sh~~ado~~w·File</~~ocil:title>	76	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchmod_ocil:questionnaire:1">
		77	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fchmod</ocil:title>
72	······<ocil:actions>	78	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~file_g~~r~~oupowner~~_~~backup_e~~tc_~~shad~~ow_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchmod_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	80	······</ocil:actions>
75	····</ocil:questionnaire>	81	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchown_ocil:questionnaire:1">
77	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·th~~at·M~~odify~~·the·Syst~~e~~m's·D~~is~~cretion~~ar~~y·Acces~~s~~·Contro~~l~~s·-·fch~~own</ocil:~~title~~>	82	····<ocil:questionnaire·id="ocil:ssg-file_permissions_var_log_syslog_ocil:questionnaire:1">
		83	······<ocil:title>Verify·Permissions·on·/var/log/syslog·File</ocil:title>
78	······<ocil:actions>	84	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-audit~~_rul~~es~~_dac_m~~o~~dificati~~on_~~fchown~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-file_permissions_var_log_syslog_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	86	······</ocil:actions>
81	····</ocil:questionnaire>	87	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-~~apparmor~~_conf~~igu~~red_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_rp_filter_ocil:questionnaire:1">
83	······<ocil:title>Ensure·~~AppA~~rmor·is·Active·and·Con~~figur~~ed</ocil:title>	89	······<ocil:title>Enable·Kernel·Parameter·to·Use·Reverse·Path·Filtering·on·all·IPv4·Interfaces</ocil:title>
84	······<ocil:actions>	90	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~apparmor~~_conf~~igu~~red_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_rp_filter_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	92	······</ocil:actions>
87	····</ocil:questionnaire>	93	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_perf_cpu_time_max_percent_ocil:questionnaire:1">
89	······<ocil:ti~~tle>Lim~~i~~t·CPU·con~~sump~~tion·of·~~t~~he·Perf·sy~~st~~em</~~ocil:title>	94	····<ocil:questionnaire·id="ocil:ssg-package_gnutls-utils_installed_ocil:questionnaire:1">
		95	······<ocil:title>Ensure·gnutls-utils·is·installed</ocil:title>
90	······<ocil:actions>	96	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-sysc~~tl_~~kernel_~~perf_cp~~u_time_m~~ax_perc~~ent_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-package_gnutls-utils_installed_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	98	······</ocil:actions>
93	····</ocil:questionnaire>	99	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-~~packag~~e_~~talk~~_re~~moved~~_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-sshd_set_login_grace_time_ocil:questionnaire:1">
95	······<ocil:title>Uninsta~~ll·talk~~·~~Packa~~ge</ocil:title>	101	······<ocil:title>Ensure·SSH·LoginGraceTime·is·configured</ocil:title>
96	······<ocil:actions>	102	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_~~talk~~_re~~moved~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-sshd_set_login_grace_time_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	104	······</ocil:actions>
99	····</ocil:questionnaire>	105	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-audit_~~privi~~leged_co~~mma~~nds_~~rebo~~ot_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-audit_rules_login_events_tallylog_ocil:questionnaire:1">
101	······<ocil:title>~~Ensu~~re~~·audit~~d·~~Collec~~ts·~~Informa~~tion·on·the~~·Use·~~of·P~~rivile~~ge~~d·Comma~~nds·-·~~rebo~~ot</ocil:title>	107	······<ocil:title>Record·Attempts·to·Alter·Logon·and·Logout·Events·-·tallylog</ocil:title>
102	······<ocil:actions>	108	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-audit_~~privi~~leged_co~~mma~~nds_~~rebo~~ot_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-audit_rules_login_events_tallylog_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	110	······</ocil:actions>
105	····</ocil:questionnaire>	111	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-dis~~able_h~~ost_a~~uth~~_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_minclass_ocil:questionnaire:1">
107	······<ocil:title>Dis~~able~~·Hos~~t-Ba~~sed·Authentication</ocil:title>	113	······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Minimum·Different·Categories</ocil:title>
108	······<ocil:actions>	114	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-dis~~able_h~~ost_a~~uth~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_minclass_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	116	······</ocil:actions>
111	····</ocil:questionnaire>	117	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-~~ssh~~d_set_keepal~~ive~~_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_action_mail_acct_ocil:questionnaire:1">
113	······<ocil:title>Se~~t·SSH~~·Cl~~ien~~t·Alive·Co~~unt~~·Max</ocil:title>	119	······<ocil:title>Configure·auditd·mail_acct·Action·on·Low·Disk·Space</ocil:title>
114	······<ocil:actions>	120	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~ssh~~d_set_keepal~~ive~~_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_action_mail_acct_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	122	······</ocil:actions>
117	····</ocil:questionnaire>	123	····</ocil:questionnaire>
Max diff block lines reached; 1174183/1186571 bytes (98.96%) of diff not shown.


Offset 19, 23 lines modified		Offset 19, 23 lines modified
19	····</ds:checklists>	19	····</ds:checklists>
20	····<ds:checks>	20	····<ds:checks>
21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-oval.xml"/>	21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-oval.xml"/>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-ocil.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-ocil.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-cpe-oval.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-firefox-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-firefox-cpe-oval.xml"/>
24	····</ds:checks>	24	····</ds:checks>
25	··</ds:data-stream>	25	··</ds:data-stream>
26	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	26	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28	······<cpe-dict:cpe-item·name="cpe:/a:mozilla:firefox">	28	······<cpe-dict:cpe-item·name="cpe:/a:mozilla:firefox">
29	········<cpe-dict:title·xml:lang="en-us">Mozilla·Firefox</cpe-dict:title>	29	········<cpe-dict:title·xml:lang="en-us">Mozilla·Firefox</cpe-dict:title>
30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-firefox-cpe-oval.xml">oval:ssg-installed_app_is_firefox:def:1</cpe-dict:check>	30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-firefox-cpe-oval.xml">oval:ssg-installed_app_is_firefox:def:1</cpe-dict:check>
31	······</cpe-dict:cpe-item>	31	······</cpe-dict:cpe-item>
32	····</cpe-dict:cpe-list>	32	····</cpe-dict:cpe-list>
33	··</ds:component>	33	··</ds:component>
34	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-xccdf.xml"·timestamp="2025-02-28T20:08:00">	34	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-xccdf.xml"·timestamp="2025-03-01T22:08:00">
35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>	37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>
38	······<xccdf-1.2:description>	38	······<xccdf-1.2:description>
39	········This·guide·presents·a·catalog·of·security-relevant	39	········This·guide·presents·a·catalog·of·security-relevant
40	configuration·settings·for·Firefox.·It·is·a·rendering·of	40	configuration·settings·for·Firefox.·It·is·a·rendering·of
41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 3488, 15 lines modified		Offset 3488, 15 lines modified
3488	··············<xccdf-1.2:check-content-ref·href="ssg-firefox-ocil.xml"·name="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1"/>	3488	··············<xccdf-1.2:check-content-ref·href="ssg-firefox-ocil.xml"·name="ocil:ssg-firefox_preferences-enable_ca_trust_ocil:questionnaire:1"/>
3489	············</xccdf-1.2:check>	3489	············</xccdf-1.2:check>
3490	··········</xccdf-1.2:Rule>	3490	··········</xccdf-1.2:Rule>
3491	········</xccdf-1.2:Group>	3491	········</xccdf-1.2:Group>
3492	······</xccdf-1.2:Group>	3492	······</xccdf-1.2:Group>
3493	····</xccdf-1.2:Benchmark>	3493	····</xccdf-1.2:Benchmark>
3494	··</ds:component>	3494	··</ds:component>
3495	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-oval.xml"·timestamp="2025-02-28T20:08:00">	3495	··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-oval.xml"·timestamp="2025-03-01T22:08:00">
3496	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	3496	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
3497	······<oval-def:generator>	3497	······<oval-def:generator>
3498	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	3498	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
3499	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.4</oval:product_version>	3499	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.4</oval:product_version>
3500	········<oval:schema_version>5.11</oval:schema_version>	3500	········<oval:schema_version>5.11</oval:schema_version>
3501	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	3501	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>


Offset 21, 23 lines modified		Offset 21, 23 lines modified
21	····<ds:checks>	21	····<ds:checks>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-oval.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-oval.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-ocil.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-ocil.xml"/>
24	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-cpe-oval.xml"/>	24	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu1804-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu1804-cpe-oval.xml"/>
25	······<ds:component-ref·id="scap_org.open-scap_cref_oval-com.ubuntu.bionic.usn.oval.xml.bz2"·xlink:href="https://security-metadata.canonical.com/oval/com.ubuntu.bionic.usn.oval.xml.bz2"/>	25	······<ds:component-ref·id="scap_org.open-scap_cref_oval-com.ubuntu.bionic.usn.oval.xml.bz2"·xlink:href="https://security-metadata.canonical.com/oval/com.ubuntu.bionic.usn.oval.xml.bz2"/>
26	····</ds:checks>	26	····</ds:checks>
27	··</ds:data-stream>	27	··</ds:data-stream>
28	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	28	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
29	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	29	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
30	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~">	30	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~">
31	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·18.04·(Bionic·Beaver)</cpe-dict:title>	31	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·18.04·(Bionic·Beaver)</cpe-dict:title>
32	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1804-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1804:def:1</cpe-dict:check>	32	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1804-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1804:def:1</cpe-dict:check>
33	······</cpe-dict:cpe-item>	33	······</cpe-dict:cpe-item>
34	····</cpe-dict:cpe-list>	34	····</cpe-dict:cpe-list>
35	··</ds:component>	35	··</ds:component>
36	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-xccdf.xml"·timestamp="2025-02-28T20:08:00">	36	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-xccdf.xml"·timestamp="2025-03-01T22:08:00">
37	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-BIONIC"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	37	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-BIONIC"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
38	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	38	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
39	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·18.04</xccdf-1.2:title>	39	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·18.04</xccdf-1.2:title>
40	······<xccdf-1.2:description>	40	······<xccdf-1.2:description>
41	········This·guide·presents·a·catalog·of·security-relevant	41	········This·guide·presents·a·catalog·of·security-relevant
42	configuration·settings·for·Ubuntu·18.04.·It·is·a·rendering·of	42	configuration·settings·for·Ubuntu·18.04.·It·is·a·rendering·of
43	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	43	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 67111, 15 lines modified		Offset 67111, 15 lines modified
67111	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu1804-ocil.xml"·name="ocil:ssg-auditd_write_logs_ocil:questionnaire:1"/>	67111	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu1804-ocil.xml"·name="ocil:ssg-auditd_write_logs_ocil:questionnaire:1"/>
67112	············</xccdf-1.2:check>	67112	············</xccdf-1.2:check>
67113	··········</xccdf-1.2:Rule>	67113	··········</xccdf-1.2:Rule>
67114	········</xccdf-1.2:Group>	67114	········</xccdf-1.2:Group>
67115	······</xccdf-1.2:Group>	67115	······</xccdf-1.2:Group>
67116	····</xccdf-1.2:Benchmark>	67116	····</xccdf-1.2:Benchmark>
67117	··</ds:component>	67117	··</ds:component>
67118	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-oval.xml"·timestamp="2025-02-28T20:08:00">	67118	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-oval.xml"·timestamp="2025-03-01T22:08:00">
67119	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	67119	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
67120	······<oval-def:generator>	67120	······<oval-def:generator>
67121	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	67121	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
67122	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.4</oval:product_version>	67122	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.4</oval:product_version>
67123	········<oval:schema_version>5.11</oval:schema_version>	67123	········<oval:schema_version>5.11</oval:schema_version>
67124	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	67124	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>


Offset 19, 23 lines modified		Offset 19, 23 lines modified
19	····</ds:checklists>	19	····</ds:checklists>
20	····<ds:checks>	20	····<ds:checks>
21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-oval.xml"/>	21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-oval.xml"/>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-ocil.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-ocil.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-cpe-oval.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2004-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2004-cpe-oval.xml"/>
24	····</ds:checks>	24	····</ds:checks>
25	··</ds:data-stream>	25	··</ds:data-stream>
26	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	26	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~">	28	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~">
29	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·20.04·(Focal·Fossa)</cpe-dict:title>	29	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·20.04·(Focal·Fossa)</cpe-dict:title>
30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu2004-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu2004:def:1</cpe-dict:check>	30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu2004-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu2004:def:1</cpe-dict:check>
31	······</cpe-dict:cpe-item>	31	······</cpe-dict:cpe-item>
32	····</cpe-dict:cpe-list>	32	····</cpe-dict:cpe-list>
33	··</ds:component>	33	··</ds:component>
34	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-xccdf.xml"·timestamp="2025-02-28T20:08:00">	34	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-xccdf.xml"·timestamp="2025-03-01T22:08:00">
35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_20-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_20-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·20.04</xccdf-1.2:title>	37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·20.04</xccdf-1.2:title>
38	······<xccdf-1.2:description>	38	······<xccdf-1.2:description>
39	········This·guide·presents·a·catalog·of·security-relevant	39	········This·guide·presents·a·catalog·of·security-relevant
40	configuration·settings·for·Ubuntu·20.04.·It·is·a·rendering·of	40	configuration·settings·for·Ubuntu·20.04.·It·is·a·rendering·of
41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 143123, 15 lines modified		Offset 143123, 15 lines modified
143123	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu2004-ocil.xml"·name="ocil:ssg-file_permissions_etc_audit_rulesd_ocil:questionnaire:1"/>	143123	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu2004-ocil.xml"·name="ocil:ssg-file_permissions_etc_audit_rulesd_ocil:questionnaire:1"/>
143124	············</xccdf-1.2:check>	143124	············</xccdf-1.2:check>
143125	··········</xccdf-1.2:Rule>	143125	··········</xccdf-1.2:Rule>
143126	········</xccdf-1.2:Group>	143126	········</xccdf-1.2:Group>
143127	······</xccdf-1.2:Group>	143127	······</xccdf-1.2:Group>
143128	····</xccdf-1.2:Benchmark>	143128	····</xccdf-1.2:Benchmark>
143129	··</ds:component>	143129	··</ds:component>
143130	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-oval.xml"·timestamp="2025-02-28T20:08:00">	143130	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-oval.xml"·timestamp="2025-03-01T22:08:00">
143131	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	143131	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
143132	······<oval-def:generator>	143132	······<oval-def:generator>
143133	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	143133	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
143134	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.4</oval:product_version>	143134	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.4</oval:product_version>
143135	········<oval:schema_version>5.11</oval:schema_version>	143135	········<oval:schema_version>5.11</oval:schema_version>
143136	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	143136	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>


Offset 19, 23 lines modified		Offset 19, 23 lines modified
19	····</ds:checklists>	19	····</ds:checklists>
20	····<ds:checks>	20	····<ds:checks>
21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2204-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2204-oval.xml"/>	21	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2204-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2204-oval.xml"/>
22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2204-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2204-ocil.xml"/>	22	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2204-ocil.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2204-ocil.xml"/>
23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2204-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2204-cpe-oval.xml"/>	23	······<ds:component-ref·id="scap_org.open-scap_cref_ssg-ubuntu2204-cpe-oval.xml"·xlink:href="#scap_org.open-scap_comp_ssg-ubuntu2204-cpe-oval.xml"/>
24	····</ds:checks>	24	····</ds:checks>
25	··</ds:data-stream>	25	··</ds:data-stream>
26	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2204-cpe-dictionary.xml"·timestamp="2025-02-28T20:08:00">	26	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2204-cpe-dictionary.xml"·timestamp="2025-03-01T22:08:00">
27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">	27	····<cpe-dict:cpe-list·xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0·http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
28	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:22.04::~~lts~~~">	28	······<cpe-dict:cpe-item·name="cpe:/o:canonical:ubuntu_linux:22.04::~~lts~~~">
29	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·22.04·(Jammy·Jellyfish)</cpe-dict:title>	29	········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·22.04·(Jammy·Jellyfish)</cpe-dict:title>
30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu2204-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu2204:def:1</cpe-dict:check>	30	········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu2204-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu2204:def:1</cpe-dict:check>
31	······</cpe-dict:cpe-item>	31	······</cpe-dict:cpe-item>
32	····</cpe-dict:cpe-list>	32	····</cpe-dict:cpe-list>
33	··</ds:component>	33	··</ds:component>
34	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2204-xccdf.xml"·timestamp="2025-02-28T20:08:00">	34	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2204-xccdf.xml"·timestamp="2025-03-01T22:08:00">
35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_22-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">	35	····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_22-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>	36	······<xccdf-1.2:status·date="2025-03-01">draft</xccdf-1.2:status>
37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·22.04</xccdf-1.2:title>	37	······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·22.04</xccdf-1.2:title>
38	······<xccdf-1.2:description>	38	······<xccdf-1.2:description>
39	········This·guide·presents·a·catalog·of·security-relevant	39	········This·guide·presents·a·catalog·of·security-relevant
40	configuration·settings·for·Ubuntu·22.04.·It·is·a·rendering·of	40	configuration·settings·for·Ubuntu·22.04.·It·is·a·rendering·of
41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)	41	content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
Offset 148842, 15 lines modified		Offset 148842, 15 lines modified
148842	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu2204-ocil.xml"·name="ocil:ssg-file_permissions_etc_audit_rulesd_ocil:questionnaire:1"/>	148842	··············<xccdf-1.2:check-content-ref·href="ssg-ubuntu2204-ocil.xml"·name="ocil:ssg-file_permissions_etc_audit_rulesd_ocil:questionnaire:1"/>
148843	············</xccdf-1.2:check>	148843	············</xccdf-1.2:check>
148844	··········</xccdf-1.2:Rule>	148844	··········</xccdf-1.2:Rule>
148845	········</xccdf-1.2:Group>	148845	········</xccdf-1.2:Group>
148846	······</xccdf-1.2:Group>	148846	······</xccdf-1.2:Group>
148847	····</xccdf-1.2:Benchmark>	148847	····</xccdf-1.2:Benchmark>
148848	··</ds:component>	148848	··</ds:component>
148849	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2204-oval.xml"·timestamp="2025-02-28T20:08:00">	148849	··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2204-oval.xml"·timestamp="2025-03-01T22:08:00">
148850	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">	148850	····<oval-def:oval_definitions·xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5·oval-common-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5·oval-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#independent·independent-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#unix·unix-definitions-schema.xsd··http://oval.mitre.org/XMLSchema/oval-definitions-5#linux·linux-definitions-schema.xsd">
148851	······<oval-def:generator>	148851	······<oval-def:generator>
148852	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>	148852	········<oval:product_name>OVALFileLinker·from·SCAP·Security·Guide</oval:product_name>
148853	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.4</oval:product_version>	148853	········<oval:product_version>ssg:·[0,·1,·76],·python:·3.13.4</oval:product_version>
148854	········<oval:schema_version>5.11</oval:schema_version>	148854	········<oval:schema_version>5.11</oval:schema_version>
148855	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>	148855	········<oval:timestamp>2025-03-01T08:08:00</oval:timestamp>


Offset 8560, 18 lines modified		Offset 8560, 18 lines modified
000216f0:·6b0a·616e·6420·7573·6520·7468·6520·696e··k.and·use·the·in		000216f0:·6b0a·616e·6420·7573·6520·7468·6520·696e··k.and·use·the·in
00021700:·666f·726d·6174·696f·6e20·746f·2070·6f74··formation·to·pot		00021700:·666f·726d·6174·696f·6e20·746f·2070·6f74··formation·to·pot
00021710:·656e·7469·616c·6c79·2063·6f6d·7072·6f6d··entially·comprom		00021710:·656e·7469·616c·6c79·2063·6f6d·7072·6f6d··entially·comprom
00021720:·6973·6520·7468·6520·696e·7465·6772·6974··ise·the·integrit		00021720:·6973·6520·7468·6520·696e·7465·6772·6974··ise·the·integrit
00021730:·7920·6f66·2074·6865·2073·7973·7465·6d20··y·of·the·system·		00021730:·7920·6f66·2074·6865·2073·7973·7465·6d20··y·of·the·system·
00021740:·616e·640a·6e65·7477·6f72·6b28·7329·2e0a··and.network(s)..		00021740:·616e·640a·6e65·7477·6f72·6b28·7329·2e0a··and.network(s)..
00021750:·2020·3c2f·7464·3e0a·2020·3c74·643e·7661····</td>.··<td>va		00021750:·2020·3c2f·7464·3e0a·2020·3c74·643e·7661····</td>.··<td>va
00021760:·725f·736e·6d70·645f·7277·5f73·7472·696e··r_snmpd_rw_strin		00021760:·725f·736e·6d70·645f·726f·5f73·7472·696e··r_snmpd_ro_strin
00021770:·673d·6368·616e·6765·6d65·7277·3c62·722f··g=changemerw<br/		00021770:·673d·6368·616e·6765·6d65·726f·3c62·722f··g=changemero<br/
00021780:·3e76·6172·5f73·6e6d·7064·5f72·6f5f·7374··>var_snmpd_ro_st		00021780:·3e76·6172·5f73·6e6d·7064·5f72·775f·7374··>var_snmpd_rw_st
00021790:·7269·6e67·3d63·6861·6e67·656d·6572·6f3c··ring=changemero<		00021790:·7269·6e67·3d63·6861·6e67·656d·6572·773c··ring=changemerw<
000217a0:·2f74·643e·0a3c·2f74·723e·0a3c·7472·3e0a··/td>.</tr>.<tr>.		000217a0:·2f74·643e·0a3c·2f74·723e·0a3c·7472·3e0a··/td>.</tr>.<tr>.
000217b0:·2020·3c74·643e·5343·2d35·3c2f·7464·3e0a····<td>SC-5</td>.		000217b0:·2020·3c74·643e·5343·2d35·3c2f·7464·3e0a····<td>SC-5</td>.
000217c0:·2020·3c74·643e·4e2f·413c·2f74·643e·0a20····<td>N/A</td>.·		000217c0:·2020·3c74·643e·4e2f·413c·2f74·643e·0a20····<td>N/A</td>.·
000217d0:·203c·7464·3e43·6f6e·6669·6775·7265·204b···<td>Configure·K		000217d0:·203c·7464·3e43·6f6e·6669·6775·7265·204b···<td>Configure·K
000217e0:·6572·6e65·6c20·746f·2052·6174·6520·4c69··ernel·to·Rate·Li		000217e0:·6572·6e65·6c20·746f·2052·6174·6520·4c69··ernel·to·Rate·Li
000217f0:·6d69·7420·5365·6e64·696e·6720·6f66·2044··mit·Sending·of·D		000217f0:·6d69·7420·5365·6e64·696e·6720·6f66·2044··mit·Sending·of·D
00021800:·7570·6c69·6361·7465·2054·4350·2041·636b··uplicate·TCP·Ack		00021800:·7570·6c69·6361·7465·2054·4350·2041·636b··uplicate·TCP·Ack


Offset 2919, 16 lines modified		Offset 2919, 16 lines modified
2919	··············································································network·management	2919	··············································································network·management
2920	··············································································protocol·(SNMP)	2920	··············································································protocol·(SNMP)
2921	··············································································community·strings	2921	··············································································community·strings
2922	··············································································must·be·changed·to	2922	··············································································must·be·changed·to
2923	··································Edit·/etc/snmp/snmpd.conf,·remove·or·change·maintain·security.	2923	··································Edit·/etc/snmp/snmpd.conf,·remove·or·change·maintain·security.
2924	··································the·default·community·strings·of·public·and·If·the·service·is	2924	··································the·default·community·strings·of·public·and·If·the·service·is
2925	··································private.·This·profile·configures·new·read-··running·with·the	2925	··································private.·This·profile·configures·new·read-··running·with·the
2926	········N/·Ensure·Default·SNMP····only·community·string·to·changemero·and·····default·············var_snmpd_rw_string=changemerw	2926	········N/·Ensure·Default·SNMP····only·community·string·to·changemero·and·····default·············var_snmpd_ro_string=changemero
2927	IA-5(e)·A··Password·Is·Not·Used···read-write·community·string·to·changemerw.··authenticators,·····var_snmpd_ro_string=changemero	2927	IA-5(e)·A··Password·Is·Not·Used···read-write·community·string·to·changemerw.··authenticators,·····var_snmpd_rw_string=changemerw
2928	··································Once·the·default·community·strings·have·····then·anyone·can	2928	··································Once·the·default·community·strings·have·····then·anyone·can
2929	··································been·changed,·restart·the·SNMP·service:·····gather·data·about	2929	··································been·changed,·restart·the·SNMP·service:·····gather·data·about
2930	··································$·sudo·systemctl·restart·snmpd··············the·system·and·the	2930	··································$·sudo·systemctl·restart·snmpd··············the·system·and·the
2931	··············································································network·and·use·the	2931	··············································································network·and·use·the
2932	··············································································information·to	2932	··············································································information·to
2933	··············································································potentially	2933	··············································································potentially
2934	··············································································compromise·the	2934	··············································································compromise·the


Offset 4070, 15 lines modified		Offset 4070, 15 lines modified
4070	<tt>RekeyLimit</tt>.	4070	<tt>RekeyLimit</tt>.
4071	··</td>	4071	··</td>
4072	··<td·xml:lang="en-US">	4072	··<td·xml:lang="en-US">
4073	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling	4073	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4074	time-based·limit,·effects·of·potential·attacks·against	4074	time-based·limit,·effects·of·potential·attacks·against
4075	encryption·keys·are·limited.	4075	encryption·keys·are·limited.
4076	··</td>	4076	··</td>
4077	··<td>var_ssh_client_rekey_limit_time=1~~hou~~r<br/>var_ssh_client_rekey_limit_size=1G</td>	4077	··<td>var_ssh_client_rekey_limit_size=1G<br/>var_ssh_client_rekey_limit_time=1hour</td>
4078	</tr>	4078	</tr>
4079	<tr>	4079	<tr>
4080	··<td></td>	4080	··<td></td>
4081	··<td>N/A</td>	4081	··<td>N/A</td>
4082	··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>	4082	··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>
4083	··<td·xml:lang="en-US">	4083	··<td·xml:lang="en-US">
4084	To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure	4084	To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure
Offset 4133, 15 lines modified		Offset 4133, 15 lines modified
4133	<pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>	4133	<pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>
4134	··</td>	4134	··</td>
4135	··<td·xml:lang="en-US">	4135	··<td·xml:lang="en-US">
4136	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling	4136	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4137	time-based·limit,·effects·of·potential·attacks·against	4137	time-based·limit,·effects·of·potential·attacks·against
4138	encryption·keys·are·limited.	4138	encryption·keys·are·limited.
4139	··</td>	4139	··</td>
4140	··<td>var_rekey_limit_time=1~~hou~~r<br/>var_rekey_limit_size=1G</td>	4140	··<td>var_rekey_limit_size=1G<br/>var_rekey_limit_time=1hour</td>
4141	</tr>	4141	</tr>
4142	<tr>	4142	<tr>
4143	··<td></td>	4143	··<td></td>
4144	··<td>N/A</td>	4144	··<td>N/A</td>
4145	··<td>SSH·server·uses·strong·entropy·to·seed</td>	4145	··<td>SSH·server·uses·strong·entropy·to·seed</td>
4146	··<td·xml:lang="en-US">	4146	··<td·xml:lang="en-US">
4147	To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.	4147	To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.


Offset 3341, 16 lines modified		Offset 3341, 16 lines modified
3341	··················································································································options,·which·can	3341	··················································································································options,·which·can
3342	··················································································································help·protect	3342	··················································································································help·protect
3343	··················································································································programs·which·use	3343	··················································································································programs·which·use
3344	··················································································································it.	3344	··················································································································it.
3345	·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in····By·decreasing·the	3345	·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in····By·decreasing·the
3346	·························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the····limit·based·on·the	3346	·························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the····limit·based·on·the
3347	········Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····amount·of·data·and	3347	········Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····amount·of·data·and
3348	·····N/·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·var_ssh_client_rekey_limit_time=1~~hou~~r	3348	·····N/·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·var_ssh_client_rekey_limit_size=1G
3349	·····A··renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·limit,·effects·of···var_ssh_client_rekey_limit_size=1G	3349	·····A··renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·limit,·effects·of···var_ssh_client_rekey_limit_time=1hour
3350	········for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order··potential·attacks	3350	········for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order··potential·attacks
3351	·························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf······against·encryption	3351	·························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf······against·encryption
3352	·························containing·definition·of·RekeyLimit.·····················································keys·are·limited.	3352	·························containing·definition·of·RekeyLimit.·····················································keys·are·limited.
3353	··················································································································Some·SSH	3353	··················································································································Some·SSH
3354	··················································································································implementations·use	3354	··················································································································implementations·use
3355	··················································································································the·openssl·library	3355	··················································································································the·openssl·library
3356	··················································································································for·entropy,·which	3356	··················································································································for·entropy,·which
Offset 3401, 16 lines modified		Offset 3401, 16 lines modified
3401	··················································································································generator·used·by	3401	··················································································································generator·used·by
3402	··················································································································SSH·would·be·known	3402	··················································································································SSH·would·be·known
3403	··················································································································to·potential	3403	··················································································································to·potential
3404	··················································································································attackers.	3404	··················································································································attackers.
3405	··················································································································By·decreasing·the	3405	··················································································································By·decreasing·the
3406	·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,·····limit·based·on·the	3406	·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,·····limit·based·on·the
3407	········Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············amount·of·data·and	3407	········Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············amount·of·data·and
3408	·····N/·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·var_rekey_limit_time=1~~hou~~r	3408	·····N/·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·var_rekey_limit_size=1G
3409	·····A··renegotiation····sshd_config:·············································································limit,·effects·of···var_rekey_limit_size=1G	3409	·····A··renegotiation····sshd_config:·············································································limit,·effects·of···var_rekey_limit_time=1hour
3410	·························RekeyLimit·1G·1hour······································································potential·attacks	3410	·························RekeyLimit·1G·1hour······································································potential·attacks
3411	··················································································································against·encryption	3411	··················································································································against·encryption
3412	··················································································································keys·are·limited.	3412	··················································································································keys·are·limited.
3413	··················································································································SSH·implementation	3413	··················································································································SSH·implementation
3414	··················································································································in·Oracle·Linux·8	3414	··················································································································in·Oracle·Linux·8
3415	··················································································································uses·the·openssl	3415	··················································································································uses·the·openssl
3416	··················································································································library,·which	3416	··················································································································library,·which


Offset 4075, 15 lines modified		Offset 4075, 15 lines modified
4075	<tt>RekeyLimit</tt>.	4075	<tt>RekeyLimit</tt>.
4076	··</td>	4076	··</td>
4077	··<td·xml:lang="en-US">	4077	··<td·xml:lang="en-US">
4078	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling	4078	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4079	time-based·limit,·effects·of·potential·attacks·against	4079	time-based·limit,·effects·of·potential·attacks·against
4080	encryption·keys·are·limited.	4080	encryption·keys·are·limited.
4081	··</td>	4081	··</td>
4082	··<td>var_ssh_client_rekey_limit_size=1G<br/>var_ssh_client_rekey_limit_time=1~~hou~~r</td>	4082	··<td>var_ssh_client_rekey_limit_time=1hour<br/>var_ssh_client_rekey_limit_size=1G</td>
4083	</tr>	4083	</tr>
4084	<tr>	4084	<tr>
4085	··<td></td>	4085	··<td></td>
4086	··<td>CCE-83349-1</td>	4086	··<td>CCE-83349-1</td>
4087	··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>	4087	··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>
4088	··<td·xml:lang="en-US">	4088	··<td·xml:lang="en-US">
4089	To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure	4089	To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure
Offset 4138, 15 lines modified		Offset 4138, 15 lines modified
4138	<pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>	4138	<pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>
4139	··</td>	4139	··</td>
4140	··<td·xml:lang="en-US">	4140	··<td·xml:lang="en-US">
4141	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling	4141	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4142	time-based·limit,·effects·of·potential·attacks·against	4142	time-based·limit,·effects·of·potential·attacks·against
4143	encryption·keys·are·limited.	4143	encryption·keys·are·limited.
4144	··</td>	4144	··</td>
4145	··<td>var_rekey_limit_time=1~~hou~~r<br/>var_rekey_limit_size=1G</td>	4145	··<td>var_rekey_limit_size=1G<br/>var_rekey_limit_time=1hour</td>
4146	</tr>	4146	</tr>
4147	<tr>	4147	<tr>
4148	··<td></td>	4148	··<td></td>
4149	··<td>CCE-82462-3</td>	4149	··<td>CCE-82462-3</td>
4150	··<td>SSH·server·uses·strong·entropy·to·seed</td>	4150	··<td>SSH·server·uses·strong·entropy·to·seed</td>
4151	··<td·xml:lang="en-US">	4151	··<td·xml:lang="en-US">
4152	To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.	4152	To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.


Offset 3356, 16 lines modified		Offset 3356, 16 lines modified
3356	······················································································································options,·which·can	3356	······················································································································options,·which·can
3357	······················································································································help·protect	3357	······················································································································help·protect
3358	······················································································································programs·which·use	3358	······················································································································programs·which·use
3359	······················································································································it.	3359	······················································································································it.
3360	·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in····By·decreasing·the	3360	·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in····By·decreasing·the
3361	·····························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the····limit·based·on·the	3361	·····························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the····limit·based·on·the
3362	·····CCE-···Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····amount·of·data·and	3362	·····CCE-···Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····amount·of·data·and
3363	·····82880-·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·var_ssh_client_rekey_limit_size=1G	3363	·····82880-·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·var_ssh_client_rekey_limit_time=1hour
3364	·····6······renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·limit,·effects·of···var_ssh_client_rekey_limit_time=1~~hou~~r	3364	·····6······renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·limit,·effects·of···var_ssh_client_rekey_limit_size=1G
3365	············for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order··potential·attacks	3365	············for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order··potential·attacks
3366	·····························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf······against·encryption	3366	·····························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf······against·encryption
3367	·····························containing·definition·of·RekeyLimit.·····················································keys·are·limited.	3367	·····························containing·definition·of·RekeyLimit.·····················································keys·are·limited.
3368	······················································································································Some·SSH	3368	······················································································································Some·SSH
3369	······················································································································implementations·use	3369	······················································································································implementations·use
3370	······················································································································the·openssl·library	3370	······················································································································the·openssl·library
3371	······················································································································for·entropy,·which	3371	······················································································································for·entropy,·which
Offset 3416, 16 lines modified		Offset 3416, 16 lines modified
3416	······················································································································generator·used·by	3416	······················································································································generator·used·by
3417	······················································································································SSH·would·be·known	3417	······················································································································SSH·would·be·known
3418	······················································································································to·potential	3418	······················································································································to·potential
3419	······················································································································attackers.	3419	······················································································································attackers.
3420	······················································································································By·decreasing·the	3420	······················································································································By·decreasing·the
3421	·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,·····limit·based·on·the	3421	·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,·····limit·based·on·the
3422	·····CCE-···Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············amount·of·data·and	3422	·····CCE-···Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············amount·of·data·and
3423	·····82177-·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·var_rekey_limit_time=1~~hou~~r	3423	·····82177-·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·var_rekey_limit_size=1G
3424	·····7······renegotiation····sshd_config:·············································································limit,·effects·of···var_rekey_limit_size=1G	3424	·····7······renegotiation····sshd_config:·············································································limit,·effects·of···var_rekey_limit_time=1hour
3425	·····························RekeyLimit·1G·1hour······································································potential·attacks	3425	·····························RekeyLimit·1G·1hour······································································potential·attacks
3426	······················································································································against·encryption	3426	······················································································································against·encryption
3427	······················································································································keys·are·limited.	3427	······················································································································keys·are·limited.
3428	······················································································································SSH·implementation	3428	······················································································································SSH·implementation
3429	······················································································································in·Red·Hat	3429	······················································································································in·Red·Hat
3430	······················································································································Enterprise·Linux·8	3430	······················································································································Enterprise·Linux·8
3431	······················································································································uses·the·openssl	3431	······················································································································uses·the·openssl


Offset 1, 10 lines modified		Offset 1, 10 lines modified
1	<?xml·version="1.0"·encoding="utf-8"?>	1	<?xml·version="1.0"·encoding="utf-8"?>
2	<xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">	2	<xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">
3	··<xccdf-1.2:version·time="2025-02-28T20:08:00">1</xccdf-1.2:version>	3	··<xccdf-1.2:version·time="2025-03-01T22:08:00">1</xccdf-1.2:version>
4	··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">	4	··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">
5	····<xccdf-1.2:title·override="true">DISA·STIG·for·Oracle·Linux·8</xccdf-1.2:title>	5	····<xccdf-1.2:title·override="true">DISA·STIG·for·Oracle·Linux·8</xccdf-1.2:title>
6	····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the	6	····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the
7	DISA·STIG·for·Oracle·Linux·8·V2R3.</xccdf-1.2:description>	7	DISA·STIG·for·Oracle·Linux·8·V2R3.</xccdf-1.2:description>
8	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs"·selected="false"/>	8	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs"·selected="false"/>
9	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_logon_fail_delay"·selected="false"/>	9	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_logon_fail_delay"·selected="false"/>
10	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions"·selected="false"/>	10	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions"·selected="false"/>


Offset 3, 3087 lines modified		Offset 3, 3087 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
		10	····<ocil:questionnaire·id="ocil:ssg-accounts_set_post_pw_existing_ocil:questionnaire:1">
		11	······<ocil:title>Set·existing·passwords·a·period·of·inactivity·before·they·been·locked</ocil:title>
10	····<ocil:questionnaire·id="ocil:ssg-set_password_hashing_algorithm_logindefs_ocil:questionnaire:1">
11	······<ocil:title>Set·Password·Hashing·Algorithm·in·/etc/login.defs</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-set_password_hashing_algorithm_logindefs_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lremovexattr_ocil:questionnaire:1">
17	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·lremovexattr</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-a~~udit_r~~ules_~~dac~~_mo~~dific~~at~~ion~~_lremo~~vexattr~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-accounts_set_post_pw_existing_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-file_~~at_de~~ny_not_exist_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-file_permissions_home_directories_ocil:questionnaire:1">
23	······<ocil:title>Ensure·t~~hat~~·/etc/at.deny·does·~~not·ex~~ist</ocil:title>	17	······<ocil:title>All·Interactive·User·Home·Directories·Must·Have·mode·0750·Or·Less·Permissive</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-file_~~at_de~~ny_not_exist_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-file_permissions_home_directories_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-~~seli~~nux_state_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-accounts_umask_etc_bashrc_ocil:questionnaire:1">
29	······<ocil:title>Ensure·~~SELin~~ux·State·is·~~Enf~~orc~~ing~~</ocil:title>	23	······<ocil:title>Ensure·the·Default·Bash·Umask·is·Set·Correctly</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~seli~~nux_state_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-accounts_umask_etc_bashrc_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_secure_redirects_ocil:questionnaire:1">
35	······<ocil:title~~>Di~~s~~able·Ke~~rnel·P~~arameter·for·Ac~~c~~ept~~ing·Secure·~~ICMP·Re~~dire~~cts~~·o~~n·all·IP~~v~~4·Interfac~~es</o~~cil:title~~>	28	····<ocil:questionnaire·id="ocil:ssg-package_cyrus-imapd_removed_ocil:questionnaire:1">
		29	······<ocil:title>Uninstall·cyrus-imapd·Package</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-sysct~~l_n~~e~~t_ipv4~~_c~~onf_all_secure~~_re~~dir~~ects_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-package_cyrus-imapd_removed_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_creat_ocil:questionnaire:1">
41	······<ocil:~~title>Reco~~rd·~~Unsu~~ccessful~~·Access·Attemp~~t~~s·t~~o·~~Files·-·cr~~eat</o~~cil:title~~>	34	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_motd_ocil:questionnaire:1">
		35	······<ocil:title>Verify·Group·Ownership·of·Message·of·the·Day·Banner</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-audi~~t_ru~~les_~~uns~~ucc~~essful~~_f~~ile~~_mo~~difica~~t~~ion_crea~~t_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_motd_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-audit_rules_ker~~nel~~_modul~~e_lo~~adin~~g_init~~_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_shadow_ocil:questionnaire:1">
47	······<ocil:title>~~Ensu~~re~~·audit~~d·Collects·~~Informat~~ion·on·Ker~~nel·Module·Lo~~ading·-·~~init_module~~</ocil:title>	41	······<ocil:title>Record·Events·that·Modify·User/Group·Information·-·/etc/shadow</ocil:title>
48	······<ocil:actions>	42	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-audit_rules_ker~~nel~~_modul~~e_lo~~adin~~g_init~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-audit_rules_usergroup_modification_shadow_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	44	······</ocil:actions>
51	····</ocil:questionnaire>	45	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_send_redirects_ocil:questionnaire:1">
53	······<ocil:title~~>Di~~s~~able·Ke~~rnel·P~~arameter·for·Sen~~d~~ing·ICMP·R~~edirec~~ts·~~on·a~~ll·IPv4·Interfac~~es</o~~cil:title~~>	46	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_tcp_forwarding_ocil:questionnaire:1">
		47	······<ocil:title>Disable·SSH·TCP·Forwarding</ocil:title>
54	······<ocil:actions>	48	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-sysctl_~~net~~_i~~pv4_conf~~_~~all~~_~~send_~~redi~~rec~~ts_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-sshd_disable_tcp_forwarding_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	50	······</ocil:actions>
57	····</ocil:questionnaire>	51	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-~~mou~~nt_option_~~var~~_~~log~~_nodev_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_secure_redirects_ocil:questionnaire:1">
59	······<ocil:title>~~Add~~·nodev·Option·to·/var~~/log~~</ocil:title>	53	······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Secure·ICMP·Redirects·on·all·IPv4·Interfaces</ocil:title>
60	······<ocil:actions>	54	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~mou~~nt_option_~~var~~_~~log~~_nodev_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_secure_redirects_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	56	······</ocil:actions>
63	····</ocil:questionnaire>	57	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_d_ocil:questionnaire:1">
65	······<ocil:title~~>Ver~~i~~fy·Ow~~ne~~r·on·cron.d</~~ocil:title>	58	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_admin_space_left_action_ocil:questionnaire:1">
		59	······<ocil:title>Configure·auditd·admin_space_left·Action·on·Low·Disk·Space</ocil:title>
66	······<ocil:actions>	60	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-file_owner_cron_d_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_admin_space_left_action_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	62	······</ocil:actions>
69	····</ocil:questionnaire>	63	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~acc~~ount_~~unique_name~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_hourly_ocil:questionnaire:1">
71	······<ocil:title>~~Ensu~~re~~·All~~·Accou~~nts·o~~n·the·Sy~~stem~~·~~Have·U~~n~~ique·Names~~</ocil:title>	65	······<ocil:title>Verify·Group·Who·Owns·cron.hourly</ocil:title>
72	······<ocil:actions>	66	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~acc~~ount_~~unique_name~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_hourly_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	68	······</ocil:actions>
75	····</ocil:questionnaire>	69	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-accounts_password_last_change_is_in_past_ocil:questionnaire:1">
77	······<ocil:~~title>E~~nsure·~~all·user~~s~~·la~~s~~t·passwo~~r~~d·ch~~ange~~·date·~~i~~s·in·the·pa~~st</o~~cil:title~~>	70	····<ocil:questionnaire·id="ocil:ssg-sudo_require_reauthentication_ocil:questionnaire:1">
		71	······<ocil:title>Require·Re-Authentication·When·Using·the·sudo·Command</ocil:title>
78	······<ocil:actions>	72	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~acc~~ounts_p~~asswo~~rd_last_ch~~ang~~e_is_i~~n_past~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-sudo_require_reauthentication_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	74	······</ocil:actions>
81	····</ocil:questionnaire>	75	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-a~~cco~~unts_pa~~ssw~~ord~~_pam_m~~inlen_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_chown_ocil:questionnaire:1">
83	······<ocil:title>Ens~~ure·PA~~M~~·En~~f~~orces~~·Pas~~sword~~·R~~equi~~rements·-·Min~~imum~~·~~Length~~</ocil:title>	77	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·chown</ocil:title>
84	······<ocil:actions>	78	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-a~~cco~~unts_pa~~ssw~~ord~~_pam_m~~inlen_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_chown_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	80	······</ocil:actions>
87	····</ocil:questionnaire>	81	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-sudo_custom_logfile_ocil:questionnaire:1">
89	······<ocil:~~title>E~~nsure·~~Sud~~o~~·Lo~~g~~fil~~e~~·Exists·~~-~~·sudo·logfil~~e</ocil:title>	82	····<ocil:questionnaire·id="ocil:ssg-package_openldap-clients_removed_ocil:questionnaire:1">
		83	······<ocil:title>Ensure·LDAP·client·is·not·installed</ocil:title>
90	······<ocil:actions>	84	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-sudo_c~~ustom~~_~~logfile~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-package_openldap-clients_removed_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	86	······</ocil:actions>
93	····</ocil:questionnaire>	87	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-~~file~~_~~permis~~sions_~~sshd~~_private_~~key~~_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-sshd_set_idle_timeout_ocil:questionnaire:1">
95	······<ocil:title>~~Verify·~~Pe~~rmissions·o~~n·SSH·~~Server~~·Private·*_ke~~y·K~~ey~~·Fi~~les</ocil:title>	89	······<ocil:title>Set·SSH·Client·Alive·Interval</ocil:title>
96	······<ocil:actions>	90	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~file~~_~~permis~~sions_~~sshd~~_private_~~key~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-sshd_set_idle_timeout_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	92	······</ocil:actions>
99	····</ocil:questionnaire>	93	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-~~aide~~_b~~uild_dat~~a~~bas~~e_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-sshd_set_keepalive_ocil:questionnaire:1">
101	······<ocil:title>~~Build·and·T~~est·A~~IDE~~·Database</ocil:title>	95	······<ocil:title>Set·SSH·Client·Alive·Count·Max</ocil:title>
102	······<ocil:actions>	96	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~aide~~_b~~uild_dat~~a~~bas~~e_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-sshd_set_keepalive_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	98	······</ocil:actions>
105	····</ocil:questionnaire>	99	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-jo~~urn~~ald_compress_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_redirects_ocil:questionnaire:1">
107	······<ocil:title>Ensure·~~journald·is·configu~~red·to·com~~press~~·~~large·log·~~files</ocil:title>	101	······<ocil:title>Disable·Accepting·ICMP·Redirects·for·All·IPv4·Interfaces</ocil:title>
108	······<ocil:actions>	102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-jo~~urn~~ald_compress_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_redirects_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	104	······</ocil:actions>
111	····</ocil:questionnaire>	105	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-su~~do_r~~e~~qui~~re_reaut~~hentication~~_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-banner_etc_issue_net_ocil:questionnaire:1">
113	······<ocil:title>R~~equ~~ire·Re~~-Auth~~en~~ticat~~ion·~~Whe~~n~~·Using~~·the·~~sudo~~·Co~~mma~~nd</ocil:title>	107	······<ocil:title>Modify·the·System·Login·Banner·for·Remote·Connections</ocil:title>
114	······<ocil:actions>	108	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-su~~do_r~~e~~qui~~re_reaut~~hentication~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-banner_etc_issue_net_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	110	······</ocil:actions>
117	····</ocil:questionnaire>	111	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-file_~~owner~~_et~~c_m~~otd_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-aide_check_audit_tools_ocil:questionnaire:1">
119	······<ocil:title>V~~eri~~fy~~·own~~e~~rship~~·of·Me~~ssage·of~~·the·~~Day·Banner~~</ocil:title>	113	······<ocil:title>Configure·AIDE·to·Verify·the·Audit·Tools</ocil:title>
120	······<ocil:actions>	114	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-file_~~owner~~_et~~c_m~~otd_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-aide_check_audit_tools_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 723722/736089 bytes (98.32%) of diff not shown.


Offset 3, 5607 lines modified		Offset 3, 5607 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_watch_localtime_ocil:questionnaire:1">
11	······<ocil:title>Record·Attempts·to·Alter·the·localtime·File</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-audit_rules_time_watch_localtime_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-grub2_l1tf_argument_ocil:questionnaire:1">
17	······<ocil:title>Configure·L1·Terminal·Fault·mitigations</ocil:title>
18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-grub2_l1tf_argument_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>
21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-grub2_spec_store_bypass_disable_argument_ocil:questionnaire:1">
23	······<ocil:title>Configure·Speculative·Store·Bypass·Mitigation</ocil:title>
24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-grub2_spec_store_bypass_disable_argument_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>
27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-fi~~le_owne~~r_~~crontab~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-partition_for_dev_shm_ocil:questionnaire:1">
29	······<ocil:title>Ver~~ify·Owner~~·on·cron~~tab~~</ocil:title>	11	······<ocil:title>Ensure·/dev/shm·is·configured</ocil:title>
30	······<ocil:actions>	12	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-fi~~le_owne~~r_~~crontab~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-partition_for_dev_shm_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	14	······</ocil:actions>
33	····</ocil:questionnaire>	15	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-~~fil~~e_o~~wner~~_~~backup~~_~~etc~~_passwd_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_all_ocil:questionnaire:1">
35	······<ocil:title>~~Verify~~·~~User·Who·Owns·Backup~~·pa~~sswd·Fi~~le</ocil:title>	17	······<ocil:title>Enable·automatic·signing·of·all·modules</ocil:title>
36	······<ocil:actions>	18	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~fil~~e_o~~wner~~_~~backup~~_~~etc~~_passwd_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_all_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	20	······</ocil:actions>
39	····</ocil:questionnaire>	21	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-account_un~~ique_i~~d_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-package_logrotate_installed_ocil:questionnaire:1">
41	······<ocil:title>Ensure·All~~·Acc~~o~~unt~~s·on·t~~he·Sy~~stem·Have·Un~~ique·U~~s~~er·IDs~~</ocil:title>	23	······<ocil:title>Ensure·logrotate·is·Installed</ocil:title>
42	······<ocil:actions>	24	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-account_un~~ique_i~~d_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-package_logrotate_installed_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	26	······</ocil:actions>
45	····</ocil:questionnaire>	27	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_removexattr_ocil:questionnaire:1">
47	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·th~~at·M~~odi~~fy·the·Sy~~ste~~m's~~·Discreti~~onary·Acc~~ess·Controls~~·-·removexat~~tr</o~~cil:title~~>	28	····<ocil:questionnaire·id="ocil:ssg-service_ip6tables_enabled_ocil:questionnaire:1">
		29	······<ocil:title>Verify·ip6tables·Enabled·if·Using·IPv6</ocil:title>
48	······<ocil:actions>	30	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~audit_ru~~les~~_da~~c_modi~~fic~~a~~tion~~_re~~movexattr~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-service_ip6tables_enabled_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	32	······</ocil:actions>
51	····</ocil:questionnaire>	33	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-~~file_grou~~p~~own~~ership_~~sshd~~_~~pub~~_~~key~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-partition_for_srv_ocil:questionnaire:1">
53	······<ocil:title>~~Verify~~·G~~roup~~·Ow~~nership~~·on·SSH~~·Se~~r~~ver~~·P~~ubl~~i~~c·*.pub·Key·~~Files</ocil:title>	35	······<ocil:title>Ensure·/srv·Located·On·Separate·Partition</ocil:title>
54	······<ocil:actions>	36	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~file_grou~~p~~own~~ership_~~sshd~~_~~pub~~_~~key~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-partition_for_srv_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	38	······</ocil:actions>
57	····</ocil:questionnaire>	39	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-s~~ysctl_n~~et_ipv4_tcp~~_syncooki~~es_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-service_cron_enabled_ocil:questionnaire:1">
59	······<ocil:title>Enable·~~Kernel·Parameter·to·Use·TCP·Syn~~c~~ookies~~·on~~·Network~~·Interfaces</ocil:title>	41	······<ocil:title>Enable·cron·Service</ocil:title>
60	······<ocil:actions>	42	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-s~~ysctl_n~~et_ipv4_tcp~~_syncooki~~es_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-service_cron_enabled_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	44	······</ocil:actions>
63	····</ocil:questionnaire>	45	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-file_at_deny_not_exist_ocil:questionnaire:1">
65	······<ocil:~~title>E~~nsure·~~that·/~~e~~tc/at.d~~e~~ny·d~~o~~es·not·ex~~ist</ocil:title>	46	····<ocil:questionnaire·id="ocil:ssg-ensure_gpgcheck_globally_activated_ocil:questionnaire:1">
		47	······<ocil:title>Ensure·gpgcheck·Enabled·In·Main·yum·Configuration</ocil:title>
66	······<ocil:actions>	48	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~fil~~e_~~at_d~~eny_not_exist_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-ensure_gpgcheck_globally_activated_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	50	······</ocil:actions>
69	····</ocil:questionnaire>	51	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-s~~shd_dis~~a~~ble_kerb_auth~~_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-service_auditd_enabled_ocil:questionnaire:1">
71	······<ocil:title>Disable·Ke~~rberos~~·~~Aut~~hentic~~atio~~n</ocil:title>	53	······<ocil:title>Enable·auditd·Service</ocil:title>
72	······<ocil:actions>	54	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-s~~shd_dis~~a~~ble_kerb_auth~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-service_auditd_enabled_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	56	······</ocil:actions>
75	····</ocil:questionnaire>	57	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_arp_ignore_ocil:questionnaire:1">
77	······<ocil:t~~itle>C~~onf~~igu~~re·~~Resp~~o~~nse·Mode·of·ARP·R~~equ~~ests·fo~~r·A~~ll·IPv4·Interfac~~es</o~~cil:title~~>	58	····<ocil:questionnaire·id="ocil:ssg-rpm_verify_permissions_ocil:questionnaire:1">
		59	······<ocil:title>Verify·and·Correct·File·Permissions·with·RPM</ocil:title>
78	······<ocil:actions>	60	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~sysctl~~_net_i~~pv4_con~~f_a~~ll_a~~r~~p_ign~~ore_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-rpm_verify_permissions_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	62	······</ocil:actions>
81	····</ocil:questionnaire>	63	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-con~~fig~~ure_ss~~h_cryp~~t~~o_p~~o~~licy~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-coredump_disable_storage_ocil:questionnaire:1">
83	······<ocil:title>Co~~nfigur~~e·~~SSH~~·to~~·use~~·S~~yst~~em·~~Cry~~p~~to·Policy~~</ocil:title>	65	······<ocil:title>Disable·storing·core·dump</ocil:title>
84	······<ocil:actions>	66	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-con~~fig~~ure_ss~~h_cryp~~t~~o_p~~o~~licy~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-coredump_disable_storage_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	68	······</ocil:actions>
87	····</ocil:questionnaire>	69	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-file_~~group~~o~~wner~~_~~cron~~_~~hou~~rly_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_send_redirects_ocil:questionnaire:1">
89	······<ocil:title>Ver~~ify~~·Gr~~oup~~·~~Who~~·Owns·cron~~.hou~~rly</ocil:title>	71	······<ocil:title>Disable·Kernel·Parameter·for·Sending·ICMP·Redirects·on·all·IPv4·Interfaces</ocil:title>
90	······<ocil:actions>	72	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-file_~~group~~o~~wner~~_~~cron~~_~~hou~~rly_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_send_redirects_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	74	······</ocil:actions>
93	····</ocil:questionnaire>	75	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-sshd_set_~~kee~~p~~alive_0~~_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_compression_ocil:questionnaire:1">
95	······<ocil:title>~~Set·SSH~~·Client·~~Aliv~~e·Co~~unt·Max~~·to·zero</ocil:title>	77	······<ocil:title>Disable·Compression·Or·Set·Compression·to·delayed</ocil:title>
96	······<ocil:actions>	78	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-sshd_set_~~kee~~p~~alive_0~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-sshd_disable_compression_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	80	······</ocil:actions>
99	····</ocil:questionnaire>	81	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-~~kernel~~_co~~nfig_s~~ec~~uri~~t~~y_yama~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-ensure_logrotate_activated_ocil:questionnaire:1">
101	······<ocil:title>En~~abl~~e·Yama·s~~upp~~ort</ocil:title>	83	······<ocil:title>Ensure·Logrotate·Runs·Periodically</ocil:title>
102	······<ocil:actions>	84	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~kernel~~_co~~nfig_s~~ec~~uri~~t~~y_yama~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-ensure_logrotate_activated_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	86	······</ocil:actions>
105	····</ocil:questionnaire>	87	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_clock_settime_ocil:questionnaire:1">
107	······<ocil:title~~>Rec~~o~~rd·Attempts·~~to~~·Alt~~er·Tim~~e·Through·c~~lock_s~~ett~~ime</ocil:title>	88	····<ocil:questionnaire·id="ocil:ssg-directory_permissions_var_log_audit_ocil:questionnaire:1">
		89	······<ocil:title>System·Audit·Logs·Must·Have·Mode·0750·or·Less·Permissive</ocil:title>
108	······<ocil:actions>	90	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~audi~~t_rules~~_time~~_clock_s~~ett~~ime_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-directory_permissions_var_log_audit_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	92	······</ocil:actions>
111	····</ocil:questionnaire>	93	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-~~account~~s~~_passw~~ord_pa~~m_uc~~redit_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_root_password_login_ocil:questionnaire:1">
113	······<ocil:title>Ensure·~~PAM~~·~~Enfo~~r~~ces·Passw~~ord·R~~equ~~ir~~emen~~ts·-·~~Minimum·Upperca~~se·Char~~act~~ers</ocil:title>	95	······<ocil:title>Disable·SSH·root·Login·with·a·Password·(Insecure)</ocil:title>
114	······<ocil:actions>	96	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~account~~s~~_passw~~ord_pa~~m_uc~~redit_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-sshd_disable_root_password_login_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	98	······</ocil:actions>
117	····</ocil:questionnaire>	99	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode_ocil:questionnaire:1">
119	······<ocil:~~title>E~~nsure·~~Rsys~~l~~og·Aut~~h~~ent~~icat~~es·Off-Lo~~ad~~ed·Aud~~i~~t·Record~~s</o~~cil:title~~>	100	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_kerb_auth_ocil:questionnaire:1">
		101	······<ocil:title>Disable·Kerberos·Authentication</ocil:title>
120	······<ocil:actions>	102	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-rsys~~log_encrypt_offlo~~ad_actions~~endstr~~e~~amd~~riverauth~~mode~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-sshd_disable_kerb_auth_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	104	······</ocil:actions>
123	····</ocil:questionnaire>	105	····</ocil:questionnaire>
124	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_ocil:questionnaire:1">
Max diff block lines reached; 863595/875423 bytes (98.65%) of diff not shown.


Offset 3, 5774 lines modified		Offset 3, 5799 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_tcp_syncookies_ocil:questionnaire:1">
11	······<ocil:title>Enable·Kernel·Parameter·to·Use·TCP·Syncookies·on·Network·Interfaces</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_tcp_syncookies_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-kernel_config_mod~~ule~~_~~sig~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_creat_ocil:questionnaire:1">
17	······<ocil:title>~~Enable~~·~~mod~~ule·s~~igna~~t~~ure~~·~~ver~~i~~fication~~</ocil:title>	11	······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·creat</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-kernel_config_mod~~ule~~_~~sig~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_creat_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-package_cron_installed_ocil:questionnaire:1">
23	······<ocil:title~~>Insta~~l~~l·t~~he~~·cr~~on·ser~~vice</~~ocil:title>	16	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_root_password_login_ocil:questionnaire:1">
		17	······<ocil:title>Disable·SSH·root·Login·with·a·Password·(Insecure)</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~pack~~age_cron_instal~~led~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-sshd_disable_root_password_login_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-~~file_p~~e~~rmiss~~ion~~s_s~~s~~hd_config~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-package_ntp_installed_ocil:questionnaire:1">
29	······<ocil:title>~~Verify·Per~~mis~~sions·on~~·~~SSH~~·Serv~~er·config·f~~ile</ocil:title>	23	······<ocil:title>Install·the·ntp·service</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~file_p~~e~~rmiss~~ion~~s_s~~s~~hd_config~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-package_ntp_installed_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_group_ocil:questionnaire:1">
35	······<ocil:ti~~tle>V~~eri~~fy·Permi~~ss~~ion~~s·on~~·Ba~~c~~kup·gro~~u~~p·F~~ile</ocil:title>	28	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_default_disable_ipv6_ocil:questionnaire:1">
		29	······<ocil:title>Disable·IPv6·Addressing·on·IPv6·Interfaces·by·Default</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~file~~_permi~~ssi~~ons_~~back~~up_~~etc_grou~~p_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_default_disable_ipv6_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-file_per~~mis~~sions_bac~~kup_e~~t~~c_sha~~dow_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-auditd_overflow_action_ocil:questionnaire:1">
41	······<ocil:title>Ver~~ify·Permiss~~ions·on·B~~ack~~up·shadow·File</ocil:title>	35	······<ocil:title>Appropriate·Action·Must·be·Setup·When·the·Internal·Audit·Event·Queue·is·Full</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-file_per~~mis~~sions_bac~~kup_e~~t~~c_sha~~dow_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-auditd_overflow_action_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-postfix_network_listening_disabled_ocil:questionnaire:1">
47	······<ocil:~~title>Dis~~able·Postfi~~x·N~~etwo~~rk·Lis~~ten~~ing</~~ocil:title>	40	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_fchmod_ocil:questionnaire:1">
		41	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·fchmod</ocil:title>
48	······<ocil:actions>	42	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~postfix_n~~e~~twork~~_li~~sten~~ing_di~~sable~~d_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_fchmod_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	44	······</ocil:actions>
51	····</ocil:questionnaire>	45	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-package_ypbind_removed_ocil:questionnaire:1">
53	······<ocil:title>Remove~~·NIS·C~~lient</ocil:title>	46	····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_unlink_ocil:questionnaire:1">
		47	······<ocil:title>Ensure·auditd·Collects·File·Deletion·Events·by·User·-·unlink</ocil:title>
54	······<ocil:actions>	48	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_~~ypbin~~d_removed_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-audit_rules_file_deletion_events_unlink_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	50	······</ocil:actions>
57	····</ocil:questionnaire>	51	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-accounts_passwords_pam_faillock_audit_ocil:questionnaire:1">
59	······<ocil:title~~>Acc~~o~~unt·Locko~~uts~~·Must·Be·L~~ogge~~d</~~ocil:title>	52	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_setxattr_ocil:questionnaire:1">
		53	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·setxattr</ocil:title>
60	······<ocil:actions>	54	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-a~~cco~~unts_pa~~ssw~~ords_~~pam_fa~~i~~llock_audit~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_setxattr_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	56	······</ocil:actions>
63	····</ocil:questionnaire>	57	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-file_~~owne~~r_~~backup_e~~t~~c_shad~~ow_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_group_ocil:questionnaire:1">
65	······<ocil:title>Ve~~rify~~·~~Group~~·Who~~·Own~~s~~·Back~~up·shadow·~~Fil~~e</ocil:title>	59	······<ocil:title>Record·Events·that·Modify·User/Group·Information·-·/etc/group</ocil:title>
66	······<ocil:actions>	60	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-file_~~owne~~r_~~backup_e~~t~~c_shad~~ow_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-audit_rules_usergroup_modification_group_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	62	······</ocil:actions>
69	····</ocil:questionnaire>	63	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-package_sudo_installed_ocil:questionnaire:1">
71	······<ocil:title~~>In~~stall·sudo·Packa~~ge</~~ocil:title>	64	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lsetxattr_ocil:questionnaire:1">
		65	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·lsetxattr</ocil:title>
72	······<ocil:actions>	66	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_sudo_inst~~alled~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_lsetxattr_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	68	······</ocil:actions>
75	····</ocil:questionnaire>	69	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_truncate_ocil:questionnaire:1">
77	······<ocil:title>~~Rec~~o~~rd·U~~n~~succ~~es~~sful·A~~c~~ces~~s·A~~ttempt~~s~~·to·F~~iles~~·-·truncate</~~ocil:title>	70	····<ocil:questionnaire·id="ocil:ssg-rsyslog_files_permissions_ocil:questionnaire:1">
		71	······<ocil:title>Ensure·System·Log·Files·Have·Correct·Permissions</ocil:title>
78	······<ocil:actions>	72	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~audit_~~r~~ules_un~~s~~ucce~~ss~~ful~~_file~~_modif~~icatio~~n_tru~~n~~cat~~e_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-rsyslog_files_permissions_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	74	······</ocil:actions>
81	····</ocil:questionnaire>	75	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-~~file~~_~~per~~mis~~sions_hom~~e_~~dirs~~_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
83	······<ocil:title>Ensure·~~that·Us~~e~~r·Home·Dir~~ectories·are·not·Grou~~p-Wri~~table~~·or·World-Re~~ad~~able~~</ocil:title>	77	······<ocil:title>Disable·PubkeyAuthentication·Authentication</ocil:title>
84	······<ocil:actions>	78	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~file~~_~~per~~mis~~sions_hom~~e_~~dirs~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	80	······</ocil:actions>
87	····</ocil:questionnaire>	81	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-~~gid_~~pa~~sswd~~_gro~~up_~~same_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-package_cron_installed_ocil:questionnaire:1">
89	······<ocil:title>~~All·G~~I~~Ds·referenced·i~~n·/et~~c/p~~asswd·~~mus~~t·be·~~defined·i~~n·/e~~tc/group~~</ocil:title>	83	······<ocil:title>Install·the·cron·service</ocil:title>
90	······<ocil:actions>	84	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~gid_~~pa~~sswd~~_gro~~up_~~same_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-package_cron_installed_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	86	······</ocil:actions>
93	····</ocil:questionnaire>	87	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_key_ocil:questionnaire:1">
95	······<ocil:title~~>Spe~~ci~~fy·mo~~dule·si~~gning·key·~~to~~·us~~e</ocil:title>	88	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_openat_ocil:questionnaire:1">
		89	······<ocil:title>Record·Unsuccessful·Access·Attempts·to·Files·-·openat</ocil:title>
96	······<ocil:actions>	90	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-kernel_config_mod~~ule_s~~ig_key_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_openat_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	92	······</ocil:actions>
99	····</ocil:questionnaire>	93	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-service_qpidd_disabled_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-service_qpidd_disabled_ocil:questionnaire:1">
101	······<ocil:title>Disable·Apache·Qpid·(qpidd)</ocil:title>	95	······<ocil:title>Disable·Apache·Qpid·(qpidd)</ocil:title>
102	······<ocil:actions>	96	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-service_qpidd_disabled_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-service_qpidd_disabled_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	98	······</ocil:actions>
105	····</ocil:questionnaire>	99	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-s~~shd~~_~~allow_onl~~y_pr~~otoc~~ol2_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-rpm_verify_permissions_ocil:questionnaire:1">
107	······<ocil:title>~~Allow~~·Only·~~SSH~~·Pro~~tocol~~·2</ocil:title>	101	······<ocil:title>Verify·and·Correct·File·Permissions·with·RPM</ocil:title>
108	······<ocil:actions>	102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-s~~shd~~_~~allow_onl~~y_pr~~otoc~~ol2_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-rpm_verify_permissions_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	104	······</ocil:actions>
111	····</ocil:questionnaire>	105	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-~~rsyslog~~_~~file~~s_gro~~upown~~er~~ship~~_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-chronyd_run_as_chrony_user_ocil:questionnaire:1">
113	······<ocil:title>Ensure·~~Log~~·~~Files~~·Ar~~e·Ow~~n~~ed·By·App~~ro~~priat~~e·Group</ocil:title>	107	······<ocil:title>Ensure·that·chronyd·is·running·under·chrony·user·account</ocil:title>
114	······<ocil:actions>	108	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~rsyslog~~_~~file~~s_gro~~upown~~er~~ship~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-chronyd_run_as_chrony_user_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	110	······</ocil:actions>
117	····</ocil:questionnaire>	111	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-file_permissions_cron_hourly_ocil:questionnaire:1">
119	······<ocil:ti~~tle>V~~eri~~fy·Permi~~ssions·on·cron.ho~~urly</~~ocil:title>	112	····<ocil:questionnaire·id="ocil:ssg-audit_rules_networkconfig_modification_ocil:questionnaire:1">
		113	······<ocil:title>Record·Events·that·Modify·the·System's·Network·Environment</ocil:title>
120	······<ocil:actions>	114	······<ocil:actions>
Max diff block lines reached; 864787/876809 bytes (98.63%) of diff not shown.


Offset 3, 6805 lines modified		Offset 3, 6649 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-~~package_a~~ide_~~install~~ed_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-mount_option_home_nodev_ocil:questionnaire:1">
		11	······<ocil:title>Add·nodev·Option·to·/home</ocil:title>
11	······<ocil:title>Install·AIDE</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-package_aide_installed_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_passwd_ocil:questionnaire:1">
17	······<ocil:title>Record·Events·that·Modify·User/Group·Information·-·/etc/passwd</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~audit~~_rules_~~usergr~~oup~~_modi~~fi~~cati~~o~~n_passwd~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-mount_option_home_nodev_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-~~accoun~~ts_password~~_pa~~m_dictch~~eck~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-no_empty_passwords_etc_shadow_ocil:questionnaire:1">
23	······<ocil:title>Ensure·~~PAM·Enfo~~rces·~~Passw~~ord·R~~equireme~~nts·-·~~Prev~~ent·~~the·Use~~·of·D~~iction~~ar~~y·W~~ords</ocil:title>	17	······<ocil:title>Ensure·There·Are·No·Accounts·With·Blank·or·Null·Passwords</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~accoun~~ts_password~~_pa~~m_dictch~~eck~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-no_empty_passwords_etc_shadow_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-xwindows_runlevel_target_ocil:questionnaire:1">
29	······<ocil:~~title>Dis~~able·G~~raphi~~cal·E~~nvironmen~~t·~~Star~~t~~up·By·Setti~~n~~g·D~~efault~~·Ta~~rget</ocil:title>	22	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_send_redirects_ocil:questionnaire:1">
		23	······<ocil:title>Disable·Kernel·Parameter·for·Sending·ICMP·Redirects·on·all·IPv4·Interfaces·by·Default</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~xwi~~n~~dows~~_runlevel_target_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_send_redirects_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-~~file~~_pe~~rmissio~~ns~~_etc~~_gr~~oup~~_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-sshd_enable_pam_ocil:questionnaire:1">
35	······<ocil:title>~~Verify·Permissions·~~on·g~~roup~~·F~~ile~~</ocil:title>	29	······<ocil:title>Enable·PAM</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~file~~_pe~~rmissio~~ns~~_etc~~_gr~~oup~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-sshd_enable_pam_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-kernel_m~~odule_~~sctp_disabled_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_shells_ocil:questionnaire:1">
41	······<ocil:title>Di~~sabl~~e~~·SCTP·Supp~~ort</ocil:title>	35	······<ocil:title>Verify·Permissions·on·/etc/shells·File</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-kernel_m~~odule_~~sctp_disabled_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_shells_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-file_permissions_crontab_ocil:questionnaire:1">
47	······<ocil:ti~~tle>V~~eri~~fy·Permi~~ssions·on~~·cr~~ont~~ab</~~ocil:title>	40	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_max_log_file_action_ocil:questionnaire:1">
		41	······<ocil:title>Configure·auditd·max_log_file_action·Upon·Reaching·Maximum·Log·Size</ocil:title>
48	······<ocil:actions>	42	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-file_per~~miss~~ions_~~cron~~tab_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_max_log_file_action_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	44	······</ocil:actions>
51	····</ocil:questionnaire>	45	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-~~package_au~~dis~~pd-pl~~u~~gin~~s_~~installed~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-disable_users_coredumps_ocil:questionnaire:1">
53	······<ocil:title>Install·~~audispd-~~pl~~ugins~~·~~Packag~~e</ocil:title>	47	······<ocil:title>Disable·Core·Dumps·for·All·Users</ocil:title>
54	······<ocil:actions>	48	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~package_au~~dis~~pd-pl~~u~~gin~~s_~~installed~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-disable_users_coredumps_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	50	······</ocil:actions>
57	····</ocil:questionnaire>	51	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_group_ocil:questionnaire:1">
59	······<ocil:ti~~tle>V~~eri~~fy·Permi~~ss~~ions·on·Back~~up·group·Fi~~le</~~ocil:title>	52	····<ocil:questionnaire·id="ocil:ssg-audit_rules_usergroup_modification_shadow_ocil:questionnaire:1">
		53	······<ocil:title>Record·Events·that·Modify·User/Group·Information·-·/etc/shadow</ocil:title>
60	······<ocil:actions>	54	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-file_per~~mis~~sions_~~backup_e~~tc_~~group~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-audit_rules_usergroup_modification_shadow_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	56	······</ocil:actions>
63	····</ocil:questionnaire>	57	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-file_~~own~~e~~r_et~~c_passwd_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_userhelper_ocil:questionnaire:1">
65	······<ocil:title>Verify·User·Who·~~Owns~~·passwd·File</ocil:title>	59	······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·userhelper</ocil:title>
66	······<ocil:actions>	60	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-file_~~own~~e~~r_et~~c_passwd_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_userhelper_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	62	······</ocil:actions>
69	····</ocil:questionnaire>	63	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-file_pe~~rmiss~~ions_etc_shadow_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-audit_rules_execution_chcon_ocil:questionnaire:1">
71	······<ocil:title>Verify·~~Per~~miss~~ions·o~~n·shado~~w·Fil~~e</ocil:title>	65	······<ocil:title>Record·Any·Attempts·to·Run·chcon</ocil:title>
72	······<ocil:actions>	66	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-file_pe~~rmiss~~ions_etc_shadow_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-audit_rules_execution_chcon_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	68	······</ocil:actions>
75	····</ocil:questionnaire>	69	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-~~packag~~e_rsync_r~~emoved~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-file_permissions_cron_daily_ocil:questionnaire:1">
77	······<ocil:title>Uni~~nstall·r~~sync·Package</ocil:title>	71	······<ocil:title>Verify·Permissions·on·cron.daily</ocil:title>
78	······<ocil:actions>	72	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~packag~~e_rsync_r~~emoved~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-file_permissions_cron_daily_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	74	······</ocil:actions>
81	····</ocil:questionnaire>	75	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-enable_authselect_ocil:questionnaire:1">
83	······<ocil:title~~>Enab~~le·aut~~hsele~~ct</ocil:title>	76	····<ocil:questionnaire·id="ocil:ssg-firewalld_loopback_traffic_trusted_ocil:questionnaire:1">
		77	······<ocil:title>Configure·Firewalld·to·Trust·Loopback·Traffic</ocil:title>
84	······<ocil:actions>	78	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-enable_aut~~hsele~~ct_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-firewalld_loopback_traffic_trusted_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	80	······</ocil:actions>
87	····</ocil:questionnaire>	81	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-directory_permissions_var_log_audit_ocil:questionnaire:1">
89	······<ocil:title~~>System·Aud~~i~~t·L~~og~~s·Mu~~st~~·Hav~~e~~·Mod~~e·~~0750·or·Le~~s~~s·P~~ermi~~ssiv~~e</o~~cil:title~~>	82	····<ocil:questionnaire·id="ocil:ssg-service_rsyncd_disabled_ocil:questionnaire:1">
		83	······<ocil:title>Ensure·rsyncd·service·is·disabled</ocil:title>
90	······<ocil:actions>	84	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-dire~~cto~~r~~y_p~~ermission~~s_v~~ar_l~~og_~~a~~udit~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-service_rsyncd_disabled_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	86	······</ocil:actions>
93	····</ocil:questionnaire>	87	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-package_pam_pwquality_installed_ocil:questionnaire:1">
95	······<ocil:title~~>Insta~~l~~l·pam~~_~~pwqua~~l~~ity·Pack~~a~~ge</~~ocil:title>	88	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_x11_forwarding_ocil:questionnaire:1">
		89	······<ocil:title>Disable·X11·Forwarding</ocil:title>
96	······<ocil:actions>	90	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~package~~_pa~~m_pwquality~~_~~inst~~a~~lled~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-sshd_disable_x11_forwarding_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	92	······</ocil:actions>
99	····</ocil:questionnaire>	93	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-rpm_ve~~rify_~~owners~~hip~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-kernel_module_usb-storage_disabled_ocil:questionnaire:1">
101	······<ocil:title>~~Verify~~·and·Co~~rrect~~·~~Ownership·with~~·~~RPM~~</ocil:title>	95	······<ocil:title>Disable·Modprobe·Loading·of·USB·Storage·Driver</ocil:title>
102	······<ocil:actions>	96	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-rpm_ve~~rify_~~owners~~hip~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-kernel_module_usb-storage_disabled_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	98	······</ocil:actions>
105	····</ocil:questionnaire>	99	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-fi~~le_~~ownership_sshd_p~~riva~~t~~e_key~~_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_dictcheck_ocil:questionnaire:1">
107	······<ocil:title>Ve~~rify~~·~~Owne~~rs~~hip·~~on·~~SSH·S~~e~~rver~~·Private·*_key·Key·~~File~~s</ocil:title>	101	······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Prevent·the·Use·of·Dictionary·Words</ocil:title>
108	······<ocil:actions>	102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-fi~~le_~~ownership_sshd_p~~riva~~t~~e_key~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_dictcheck_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	104	······</ocil:actions>
111	····</ocil:questionnaire>	105	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-kernel_module_cramfs_disabled_ocil:questionnaire:1">
113	······<ocil:title>Disable·Mo~~unt~~i~~ng·~~o~~f·c~~r~~amfs</~~ocil:title>	106	····<ocil:questionnaire·id="ocil:ssg-audit_rules_mac_modification_usr_share_ocil:questionnaire:1">
		107	······<ocil:title>Record·Events·that·Modify·the·System's·Mandatory·Access·Controls·in·usr/share</ocil:title>
114	······<ocil:actions>	108	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-kernel_modu~~le_~~c~~ramfs~~_dis~~abl~~ed_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-audit_rules_mac_modification_usr_share_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	110	······</ocil:actions>
117	····</ocil:questionnaire>	111	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-set_password_hashing_algorithm_passwordauth_ocil:questionnaire:1">
119	······<ocil:ti~~tle>Set~~·~~PAM''s·Pa~~ss~~word·Hashing·Algo~~rit~~hm·-·password-a~~u~~th</~~o~~cil:title~~>	112	····<ocil:questionnaire·id="ocil:ssg-configure_ssh_crypto_policy_ocil:questionnaire:1">
		113	······<ocil:title>Configure·SSH·to·use·System·Crypto·Policy</ocil:title>
120	······<ocil:actions>	114	······<ocil:actions>
Max diff block lines reached; 1009560/1021639 bytes (98.82%) of diff not shown.


Offset 3, 7602 lines modified		Offset 3, 7692 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-se~~rvic~~e_~~dovec~~ot_disabled_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-file_owner_var_log_syslog_ocil:questionnaire:1">
11	······<ocil:title>Di~~sabl~~e·Doveco~~t·Serv~~ice</ocil:title>	11	······<ocil:title>Verify·User·Who·Owns·/var/log/syslog·File</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-se~~rvic~~e_~~dovec~~ot_disabled_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-file_owner_var_log_syslog_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_secure_redirects_ocil:questionnaire:1">
17	······<ocil:t~~itle>C~~onf~~igu~~re·~~Kernel·Param~~e~~ter·for·A~~ccep~~tin~~g~~·Secure·Red~~irect~~s·By·Defa~~u~~lt</~~o~~cil:title~~>	16	····<ocil:questionnaire·id="ocil:ssg-ensure_gpgcheck_globally_activated_ocil:questionnaire:1">
		17	······<ocil:title>Ensure·gpgcheck·Enabled·In·Main·yum·Configuration</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-sys~~ctl~~_net_ip~~v4_conf_def~~ault_sec~~ure_r~~ed~~irects~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-ensure_gpgcheck_globally_activated_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-sysct~~l_fs~~_prot~~ected~~_~~hardlinks~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-package_postfix_installed_ocil:questionnaire:1">
23	······<ocil:title>~~Enable·Ke~~rnel·P~~ara~~meter~~·to~~·~~Enforc~~e·DAC·on·Hardli~~nks~~</ocil:title>	23	······<ocil:title>The·Postfix·package·is·installed</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-sysct~~l_fs~~_prot~~ected~~_~~hardlinks~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-package_postfix_installed_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-~~file_groupow~~ner_etc_passwd_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-banner_etc_issue_ocil:questionnaire:1">
29	······<ocil:title>~~Ver~~ify·Gr~~oup~~·Wh~~o·Owns~~·~~passwd·Fil~~e</ocil:title>	29	······<ocil:title>Modify·the·System·Login·Banner</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~file_groupow~~ner_etc_passwd_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-banner_etc_issue_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-file_owner_~~crontab~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-service_rsyncd_disabled_ocil:questionnaire:1">
35	······<ocil:title>Ver~~ify·Own~~er~~·on~~·~~cront~~ab</ocil:title>	35	······<ocil:title>Ensure·rsyncd·service·is·disabled</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-file_owner_~~crontab~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-service_rsyncd_disabled_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-ker~~nel~~_~~config_hibe~~rna~~tio~~n_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-service_systemd-journald_enabled_ocil:questionnaire:1">
41	······<ocil:title>Disable·~~hib~~ernation</ocil:title>	41	······<ocil:title>Enable·systemd-journald·Service</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-ker~~nel~~_~~config_hibe~~rna~~tio~~n_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-service_systemd-journald_enabled_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_weekly_ocil:questionnaire:1">
47	······<ocil:title~~>Ver~~ify~~·Grou~~p~~·Wh~~o~~·Owns·cro~~n.we~~ekly</~~ocil:title>	46	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_send_redirects_ocil:questionnaire:1">
		47	······<ocil:title>Disable·Kernel·Parameter·for·Sending·ICMP·Redirects·on·all·IPv4·Interfaces·by·Default</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-file_~~group~~owner_~~cron~~_wee~~kly~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_send_redirects_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-kernel_config_security_writable_hooks_ocil:questionnaire:1">
53	······<ocil:title>Disable·mutable~~·hooks</~~ocil:title>	52	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lremovexattr_ocil:questionnaire:1">
		53	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·lremovexattr</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-kernel_~~config_se~~curity_wri~~tabl~~e_~~hooks~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_lremovexattr_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-file_permissions_cron_allow_ocil:questionnaire:1">
59	······<ocil:ti~~tle>V~~eri~~fy·Permi~~ss~~ions·~~o~~n·/etc/cron.allow·~~file</ocil:title>	58	····<ocil:questionnaire·id="ocil:ssg-accounts_umask_etc_profile_ocil:questionnaire:1">
		59	······<ocil:title>Ensure·the·Default·Umask·is·Set·Correctly·in·/etc/profile</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~file_per~~mis~~sions~~_cron_allow_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-accounts_umask_etc_profile_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_sha512_ocil:questionnaire:1">
65	······<ocil:title>Sig~~n·k~~e~~rnel·m~~o~~dule~~s~~·wit~~h~~·SHA-512</~~ocil:title>	64	····<ocil:questionnaire·id="ocil:ssg-file_groupownership_home_directories_ocil:questionnaire:1">
		65	······<ocil:title>All·Interactive·User·Home·Directories·Must·Be·Group-Owned·By·The·Primary·Group</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-ke~~rnel_c~~onfig_module_si~~g_sha512~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-file_groupownership_home_directories_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_key_ocil:questionnaire:1">
71	······<ocil:title~~>Spe~~ci~~fy·mo~~dule~~·signing·key·~~to·u~~se</~~ocil:title>	70	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_umount2_ocil:questionnaire:1">
		71	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·umount2</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-kernel_c~~onf~~i~~g_module~~_~~sig_key~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_umount2_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-fi~~le_~~owner_~~var_l~~og_~~syslog~~_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-sudoers_no_root_target_ocil:questionnaire:1">
77	······<ocil:title>~~Verify·Us~~er·Who·~~Owns~~·/~~var/log/syslog~~·File</ocil:title>	77	······<ocil:title>Don't·target·root·user·in·the·sudoers·file</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-fi~~le_~~owner_~~var_l~~og_~~syslog~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-sudoers_no_root_target_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-a~~udit~~_p~~riv~~i~~leged_c~~o~~mma~~nds_s~~hutdown~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-file_permissions_crontab_ocil:questionnaire:1">
83	······<ocil:title>~~Ensu~~re~~·au~~ditd·~~Col~~le~~cts·Info~~rmati~~on·~~on~~·the·U~~se·of·Pr~~ivileged·C~~o~~mma~~n~~ds·-·shu~~tdown</ocil:title>	83	······<ocil:title>Verify·Permissions·on·crontab</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-a~~udit~~_p~~riv~~i~~leged_c~~o~~mma~~nds_s~~hutdown~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-file_permissions_crontab_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-file_ownership_var_log_audit_ocil:questionnaire:1">
89	······<ocil:titl~~e>Sy~~st~~em·Aud~~it·Log~~s·Must·Be·Owned·By·Roo~~t</ocil:title>	88	····<ocil:questionnaire·id="ocil:ssg-postfix_client_configure_mail_alias_postmaster_ocil:questionnaire:1">
		89	······<ocil:title>Configure·System·to·Forward·All·Mail·From·Postmaster·to·The·Root·Account</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-file_owne~~rsh~~ip_var_log_a~~udit~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-postfix_client_configure_mail_alias_postmaster_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-~~file_g~~rou~~powner_grub2_cfg~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-audit_rules_media_export_ocil:questionnaire:1">
95	······<ocil:title>Verify·/boo~~t/grub2/g~~r~~ub.cfg~~·~~Group~~·~~Own~~ers~~hip~~</ocil:title>	95	······<ocil:title>Ensure·auditd·Collects·Information·on·Exporting·to·Media·(successful)</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~file_g~~rou~~powner_grub2_cfg~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-audit_rules_media_export_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_issue_ocil:questionnaire:1">
101	······<ocil:ti~~tle>V~~eri~~fy·permi~~ss~~ion~~s·on~~·System·L~~o~~gin·B~~anner</ocil:title>	100	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1">
		101	······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Source-Routed·Packets·on·all·IPv4·Interfaces</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~file~~_permi~~ssi~~ons_etc_~~issu~~e_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-dir_owne~~rship~~_l~~ibrary~~_d~~irs~~_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-audit_rules_kernel_module_loading_delete_ocil:questionnaire:1">
107	······<ocil:title>~~Verify~~·~~tha~~t·~~Shar~~ed·~~Lib~~ra~~ry·Directo~~ries·~~Hav~~e·Root·~~Own~~e~~rship~~</ocil:title>	107	······<ocil:title>Ensure·auditd·Collects·Information·on·Kernel·Module·Unloading·-·delete_module</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-dir_owne~~rship~~_l~~ibrary~~_d~~irs~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_delete_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-~~grub2~~_ena~~ble_~~i~~ommu~~_~~for~~ce_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_randomize_va_space_ocil:questionnaire:1">
113	······<ocil:title>~~IOMMU~~·confi~~gur~~ation·dire~~ctiv~~e</ocil:title>	113	······<ocil:title>Enable·Randomized·Layout·of·Virtual·Address·Space</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~grub2~~_ena~~ble_~~i~~ommu~~_~~for~~ce_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-sysctl_kernel_randomize_va_space_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-~~file_g~~rou~~pow~~ner_~~backup_~~etc_~~group~~_ocil:questionnaire:1">	118	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_stime_ocil:questionnaire:1">
119	······<ocil:title>Ve~~rify~~·~~Grou~~p~~·Wh~~o·~~Owns·Backup·g~~roup·File</ocil:title>	119	······<ocil:title>Record·Attempts·to·Alter·Time·Through·stime</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-~~file_g~~rou~~pow~~ner_~~backup_~~etc_~~group~~_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-audit_rules_time_stime_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 994547/1007102 bytes (98.75%) of diff not shown.


Offset 3, 6611 lines modified		Offset 3, 6605 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-banner_etc_issue_ocil:questionnaire:1">
11	······<ocil:title>Modify·the·System·Login·Banner</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-banner_etc_issue_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-accounts_umask_etc_login_defs_ocil:questionnaire:1">
17	······<ocil:title>Ensure·the·Default·Umask·is·Set·Correctly·in·login.defs</ocil:title>
18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-accounts_umask_etc_login_defs_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>
21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-sudo_requ~~ire~~_a~~uthent~~ication_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_chown_ocil:questionnaire:1">
23	······<ocil:title>~~Ensu~~re·Users·~~Re-Au~~then~~tica~~te~~·for·P~~rivi~~lege~~·Es~~cala~~tion·-·~~sudo~~</ocil:title>	11	······<ocil:title>Record·Events·that·Modify·the·System's·Discretionary·Access·Controls·-·chown</ocil:title>
24	······<ocil:actions>	12	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-sudo_requ~~ire~~_a~~uthent~~ication_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-audit_rules_dac_modification_chown_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	14	······</ocil:actions>
27	····</ocil:questionnaire>	15	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-pack~~age_MFEh~~ip~~lsm~~_installed_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-account_unique_name_ocil:questionnaire:1">
29	······<ocil:title>Inst~~all~~·~~the~~·H~~ost·I~~ntrusion·~~Preven~~tion·System·(H~~IPS)·Mod~~ule</ocil:title>	17	······<ocil:title>Ensure·All·Accounts·on·the·System·Have·Unique·Names</ocil:title>
30	······<ocil:actions>	18	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-pack~~age_MFEh~~ip~~lsm~~_installed_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-account_unique_name_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	20	······</ocil:actions>
33	····</ocil:questionnaire>	21	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_redirects_ocil:questionnaire:1">
35	······<ocil:~~title>Dis~~able·~~Accept~~i~~ng·ICMP·Redirec~~ts·f~~or·All·IPv4·Interfac~~e~~s</~~ocil:title>	22	····<ocil:questionnaire·id="ocil:ssg-accounts_minimum_age_login_defs_ocil:questionnaire:1">
		23	······<ocil:title>Set·Password·Minimum·Age</ocil:title>
36	······<ocil:actions>	24	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-sysc~~tl_~~net~~_ipv~~4_conf~~_all~~_accept_~~red~~i~~rect~~s_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-accounts_minimum_age_login_defs_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	26	······</ocil:actions>
39	····</ocil:questionnaire>	27	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-~~set_iptabl~~es_de~~faul~~t_rule_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-chronyd_server_directive_ocil:questionnaire:1">
41	······<ocil:title>~~Set·D~~e~~fault~~·i~~ptab~~les·Policy·~~for~~·~~Incoming~~·Pac~~kets~~</ocil:title>	29	······<ocil:title>Ensure·Chrony·is·only·configured·with·the·server·directive</ocil:title>
42	······<ocil:actions>	30	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~set_iptabl~~es_de~~faul~~t_rule_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-chronyd_server_directive_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	32	······</ocil:actions>
45	····</ocil:questionnaire>	33	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-configure_bind_crypto_policy_ocil:questionnaire:1">
47	······<ocil:title~~>Configure·BIND·t~~o·us~~e·Sy~~s~~tem·C~~r~~ypto·P~~oli~~cy</~~ocil:title>	34	····<ocil:questionnaire·id="ocil:ssg-accounts_password_warn_age_login_defs_ocil:questionnaire:1">
		35	······<ocil:title>Set·Password·Warning·Age</ocil:title>
48	······<ocil:actions>	36	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-con~~figure_bin~~d_cr~~ypto~~_policy_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-accounts_password_warn_age_login_defs_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	38	······</ocil:actions>
51	····</ocil:questionnaire>	39	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-~~ker~~nel_config_module_si~~g_sha512~~_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_route_localnet_ocil:questionnaire:1">
53	······<ocil:title>Sig~~n·k~~ernel·modules·~~with~~·~~SHA-512~~</ocil:title>	41	······<ocil:title>Prevent·Routing·External·Traffic·to·Local·Loopback·on·All·IPv4·Interfaces</ocil:title>
54	······<ocil:actions>	42	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~ker~~nel_config_module_si~~g_sha512~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_route_localnet_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	44	······</ocil:actions>
57	····</ocil:questionnaire>	45	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-~~dir_ownership~~_l~~ibrary_dir~~s_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-auditd_local_events_ocil:questionnaire:1">
59	······<ocil:title>~~Verify·that·Shar~~ed·Library·Direct~~orie~~s·H~~ave·Roo~~t·Ow~~ner~~s~~hip~~</ocil:title>	47	······<ocil:title>Include·Local·Events·in·Audit·Logs</ocil:title>
60	······<ocil:actions>	48	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~dir_ownership~~_l~~ibrary_dir~~s_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-auditd_local_events_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	50	······</ocil:actions>
63	····</ocil:questionnaire>	51	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-audit_rules_file_deletion_events_unlink_ocil:questionnaire:1">
65	······<ocil:~~title>E~~nsure·~~aud~~itd·Co~~lle~~c~~ts·F~~ile·~~Deleti~~on~~·Events·by·User·-·un~~lin~~k</~~ocil:title>	52	····<ocil:questionnaire·id="ocil:ssg-configure_ssh_crypto_policy_ocil:questionnaire:1">
		53	······<ocil:title>Configure·SSH·to·use·System·Crypto·Policy</ocil:title>
66	······<ocil:actions>	54	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-a~~udit_r~~ules_f~~ile~~_~~dele~~tio~~n_events~~_unlink_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-configure_ssh_crypto_policy_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	56	······</ocil:actions>
69	····</ocil:questionnaire>	57	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-file_~~own~~e~~r_cron~~_~~week~~ly_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-audit_rules_time_watch_localtime_ocil:questionnaire:1">
71	······<ocil:title>Ver~~ify~~·~~Own~~er·on·c~~ron.w~~eekly</ocil:title>	59	······<ocil:title>Record·Attempts·to·Alter·the·localtime·File</ocil:title>
72	······<ocil:actions>	60	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-file_~~own~~e~~r_cron~~_~~week~~ly_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-audit_rules_time_watch_localtime_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	62	······</ocil:actions>
75	····</ocil:questionnaire>	63	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-sshd_set_maxstartups_ocil:questionnaire:1">
77	······<ocil:~~title>E~~nsure·~~SSH·MaxStartu~~ps·is·con~~fig~~ured</ocil:title>	64	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_shadow_ocil:questionnaire:1">
		65	······<ocil:title>Verify·Permissions·on·Backup·shadow·File</ocil:title>
78	······<ocil:actions>	66	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_se~~t_max~~startups_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_shadow_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	68	······</ocil:actions>
81	····</ocil:questionnaire>	69	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-selinux_not_disabled_ocil:questionnaire:1">
83	······<ocil:title~~>En~~sure~~·SELi~~n~~ux·~~i~~s·No~~t·Di~~sabled</~~ocil:title>	70	····<ocil:questionnaire·id="ocil:ssg-file_groupownership_audit_configuration_ocil:questionnaire:1">
		71	······<ocil:title>Audit·Configuration·Files·Must·Be·Owned·By·Group·root</ocil:title>
84	······<ocil:actions>	72	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-selinux_not_disa~~bled~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-file_groupownership_audit_configuration_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	74	······</ocil:actions>
87	····</ocil:questionnaire>	75	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-file_owner_c~~ron_~~d_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_etc_passwd_ocil:questionnaire:1">
89	······<ocil:title>Verify·~~Owner~~·on·~~cron.~~d</ocil:title>	77	······<ocil:title>Verify·Group·Who·Owns·passwd·File</ocil:title>
90	······<ocil:actions>	78	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-file_owner_c~~ron_~~d_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-file_groupowner_etc_passwd_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	80	······</ocil:actions>
93	····</ocil:questionnaire>	81	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-configure_user_data_backups_ocil:questionnaire:1">
95	······<ocil:t~~itle>C~~onf~~igu~~re·Bac~~kup~~s~~·of·U~~ser~~·Da~~t~~a</~~ocil:title>	82	····<ocil:questionnaire·id="ocil:ssg-sshd_set_login_grace_time_ocil:questionnaire:1">
		83	······<ocil:title>Ensure·SSH·LoginGraceTime·is·configured</ocil:title>
96	······<ocil:actions>	84	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~configure~~_user_~~data~~_bac~~kups~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-sshd_set_login_grace_time_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	86	······</ocil:actions>
99	····</ocil:questionnaire>	87	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-file_owner_~~var~~_log_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-file_owner_cron_monthly_ocil:questionnaire:1">
101	······<ocil:title>Verify·User·Who~~·Ow~~ns·/var/log·~~Direc~~tory</ocil:title>	89	······<ocil:title>Verify·Owner·on·cron.monthly</ocil:title>
102	······<ocil:actions>	90	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-file_owner_~~var~~_log_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-file_owner_cron_monthly_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	92	······</ocil:actions>
105	····</ocil:questionnaire>	93	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-~~grub2~~_e~~nab~~le_iom~~mu_force~~_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-kernel_config_bug_ocil:questionnaire:1">
107	······<ocil:title>I~~OMMU·configu~~rat~~ion~~·dir~~ective~~</ocil:title>	95	······<ocil:title>Enable·support·for·BUG()</ocil:title>
108	······<ocil:actions>	96	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~grub2~~_e~~nab~~le_iom~~mu_force~~_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-kernel_config_bug_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	98	······</ocil:actions>
111	····</ocil:questionnaire>	99	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-service_rdisc_disabled_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-service_rdisc_disabled_ocil:questionnaire:1">
113	······<ocil:title>Disable·Network·Router·Discovery·Daemon·(rdisc)</ocil:title>	101	······<ocil:title>Disable·Network·Router·Discovery·Daemon·(rdisc)</ocil:title>
114	······<ocil:actions>	102	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-service_rdisc_disabled_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-service_rdisc_disabled_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	104	······</ocil:actions>
117	····</ocil:questionnaire>	105	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_ocil:questionnaire:1">
119	······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands</ocil:title>
120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>
123	····</ocil:questionnaire>
Max diff block lines reached; 997249/1008700 bytes (98.86%) of diff not shown.


Offset 329, 23 lines modified		Offset 329, 23 lines modified
329	······</cpe-lang:logical-test>	329	······</cpe-lang:logical-test>
330	····</cpe-lang:platform>	330	····</cpe-lang:platform>
331	····<cpe-lang:platform·id="package_bash">	331	····<cpe-lang:platform·id="package_bash">
332	······<cpe-lang:logical-test·operator="AND"·negate="false">	332	······<cpe-lang:logical-test·operator="AND"·negate="false">
333	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>	333	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-package_bash:def:1"/>
334	······</cpe-lang:logical-test>	334	······</cpe-lang:logical-test>
335	····</cpe-lang:platform>	335	····</cpe-lang:platform>
336	····<cpe-lang:platform·id="os_linux_rhel_gt_or_eq_8_7~~_and_os_linux_rhel_ne_9_0~~">	336	····<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">
337	······<cpe-lang:logical-test·operator="AND"·negate="false">	337	······<cpe-lang:logical-test·operator="AND"·negate="false">
338	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_gt_or_eq_8_7:def:1"/>	338	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>
339	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_ne_9_0:def:1"/>
340	······</cpe-lang:logical-test>	339	······</cpe-lang:logical-test>
341	····</cpe-lang:platform>	340	····</cpe-lang:platform>
342	····<cpe-lang:platform·id="os_linux_ol_gt_or_eq_8_7">	341	····<cpe-lang:platform·id="os_linux_rhel_gt_or_eq_8_7_and_os_linux_rhel_ne_9_0">
343	······<cpe-lang:logical-test·operator="AND"·negate="false">	342	······<cpe-lang:logical-test·operator="AND"·negate="false">
344	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_ol_gt_or_eq_8_7:def:1"/>	343	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_gt_or_eq_8_7:def:1"/>
		344	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-os_linux_rhel_ne_9_0:def:1"/>
345	······</cpe-lang:logical-test>	345	······</cpe-lang:logical-test>
346	····</cpe-lang:platform>	346	····</cpe-lang:platform>
347	····<cpe-lang:platform·id="not_s390x_arch">	347	····<cpe-lang:platform·id="not_s390x_arch">
348	······<cpe-lang:logical-test·operator="AND"·negate="false">	348	······<cpe-lang:logical-test·operator="AND"·negate="false">
349	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/>	349	········<cpe-lang:check-fact-ref·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel10-cpe-oval.xml"·id-ref="oval:ssg-proc_sys_kernel_osrelease_arch_not_s390x:def:1"/>
350	······</cpe-lang:logical-test>	350	······</cpe-lang:logical-test>
351	····</cpe-lang:platform>	351	····</cpe-lang:platform>


Offset 3, 11140 lines modified		Offset 3, 11140 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_unlink_ocil:questionnaire:1">
11	······<ocil:~~title>Reco~~rd·~~Unsu~~ccessful~~·Delete·Attempts·to·Fi~~l~~es·-·unlink</~~o~~cil:title~~>	10	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_cron_hourly_ocil:questionnaire:1">
		11	······<ocil:title>Verify·Group·Who·Owns·cron.hourly</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-audi~~t_ru~~les_~~unsuccessf~~ul~~_fil~~e~~_modi~~fication_~~unlink~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-file_groupowner_cron_hourly_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_var_log_messages_ocil:questionnaire:1">
17	······<ocil:ti~~tle>V~~eri~~fy·Group·Who·Owns·/var/~~log~~/mes~~s~~age~~s~~·Fi~~le</ocil:title>	16	····<ocil:questionnaire·id="ocil:ssg-package_rsyslog-gnutls_installed_ocil:questionnaire:1">
		17	······<ocil:title>Ensure·rsyslog-gnutls·is·installed</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~file_~~g~~roupowner_var_~~log_messages_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-package_rsyslog-gnutls_installed_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-audit_rules_successful_file_modification_open_by_handle_at_ocil:questionnaire:1">
23	······<ocil:title>~~Rec~~ord~~·Succ~~es~~sful·A~~c~~ces~~s~~·Attempts·t~~o~~·File~~s·~~-·open_by~~_~~handle_~~at</ocil:title>	22	····<ocil:questionnaire·id="ocil:ssg-dconf_gnome_disable_wifi_notification_ocil:questionnaire:1">
		23	······<ocil:title>Disable·WIFI·Network·Notification·in·GNOME3</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~audit~~_~~rules~~_~~suc~~ces~~sful~~_file_modificati~~on_~~o~~pen_by_ha~~n~~dle_at~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-dconf_gnome_disable_wifi_notification_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-accounts_polyinstantiated_var_tmp_ocil:questionnaire:1">
29	······<ocil:t~~itle>C~~onf~~igu~~re·Po~~lyin~~s~~tant~~ia~~tion·of·/v~~a~~r/tmp·Di~~rectories</o~~cil:title~~>	28	····<ocil:questionnaire·id="ocil:ssg-wireless_disable_interfaces_ocil:questionnaire:1">
		29	······<ocil:title>Deactivate·Wireless·Network·Interfaces</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~account~~s_~~pol~~yi~~nstant~~iated_var_~~tmp~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-wireless_disable_interfaces_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-audit_rules_networkconfig_modification_ocil:questionnaire:1">
35	······<ocil:ti~~tle>Recor~~d·~~Events·that·M~~o~~dify·th~~e~~·Sy~~s~~tem's·Netw~~o~~rk·Env~~i~~ronm~~ent</o~~cil:title~~>	34	····<ocil:questionnaire·id="ocil:ssg-dconf_gnome_disable_automount_ocil:questionnaire:1">
		35	······<ocil:title>Disable·GNOME3·Automounting</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~audit~~_~~rules~~_ne~~tworkconfig_~~mo~~difi~~cat~~ion~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-dconf_gnome_disable_automount_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at_ocil:questionnaire:1">
41	······<ocil:title>~~Rec~~o~~rd·U~~n~~succ~~es~~sful·A~~c~~ces~~s~~·Att~~e~~mpts·to·Fil~~es·~~-·op~~en_b~~y_handl~~e_at</o~~cil:title~~>	40	····<ocil:questionnaire·id="ocil:ssg-service_cron_enabled_ocil:questionnaire:1">
		41	······<ocil:title>Enable·cron·Service</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~audit_rules_un~~s~~ucc~~e~~ssful~~_file_~~modifi~~cation_open~~_by_h~~andle_at_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-service_cron_enabled_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-~~set_ipt~~ables_d~~efault~~_rule_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-package_ypbind_removed_ocil:questionnaire:1">
47	······<ocil:title>Se~~t·D~~e~~fault~~·~~iptables~~·Poli~~cy·for·Incom~~in~~g·Packe~~ts</ocil:title>	47	······<ocil:title>Remove·NIS·Client</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~set_ipt~~ables_d~~efault~~_rule_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-package_ypbind_removed_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-rsyslog_remote_access_monitoring_ocil:questionnaire:1">
53	······<ocil:~~title>E~~nsure·r~~emote·acce~~s~~s·m~~et~~hod~~s·ar~~e·mon~~i~~tored·in·Rsys~~log</ocil:title>	52	····<ocil:questionnaire·id="ocil:ssg-set_password_hashing_algorithm_logindefs_ocil:questionnaire:1">
		53	······<ocil:title>Set·Password·Hashing·Algorithm·in·/etc/login.defs</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-rsy~~slog_rem~~ote_a~~ccess~~_monitoring_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-set_password_hashing_algorithm_logindefs_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-sysctl_crypto_fips_enabled_ocil:questionnaire:1">
59	······<ocil:ti~~tle>S~~e~~t·kerne~~l~~·par~~ameter~~·'cryp~~t~~o.fi~~ps_enab~~led'·to·1</~~ocil:title>	58	····<ocil:questionnaire·id="ocil:ssg-audit_rules_etc_group_open_by_handle_at_ocil:questionnaire:1">
		59	······<ocil:title>Record·Events·that·Modify·User/Group·Information·via·open_by_handle_at·syscall·-·/etc/group</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~sysc~~tl_crypto~~_fips~~_~~enab~~led_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-audit_rules_etc_group_open_by_handle_at_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~audit_~~r~~ule~~s~~_dac~~_~~modifica~~tion_fcho~~wnat~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_gshadow_ocil:questionnaire:1">
65	······<ocil:title>Recor~~d·Events·that·Mod~~ify·the~~·Syst~~em~~'s·D~~is~~cre~~tion~~ary~~·Acc~~ess~~·~~Contr~~o~~ls·~~-·~~fchownat~~</ocil:title>	65	······<ocil:title>Verify·Permissions·on·Backup·gshadow·File</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~audit_~~r~~ule~~s~~_dac~~_~~modifica~~tion_fcho~~wnat~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_gshadow_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_redirects_ocil:questionnaire:1">
71	······<ocil:~~title>Dis~~able·Acc~~eptin~~g~~·ICMP·R~~e~~dire~~cts·f~~or·A~~l~~l·IPv4·I~~nterfac~~es</~~ocil:title>	70	····<ocil:questionnaire·id="ocil:ssg-audit_rules_successful_file_modification_ftruncate_ocil:questionnaire:1">
		71	······<ocil:title>Record·Successful·Access·Attempts·to·Files·-·ftruncate</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~sysc~~t~~l_n~~et_~~ipv4_conf~~_all_acc~~ept_redi~~rects_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-audit_rules_successful_file_modification_ftruncate_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-accounts_authorized_local_users_ocil:questionnaire:1">
77	······<ocil:title~~>Only·Autho~~r~~ize~~d·Local·User~~·Accounts·Ex~~ist·on~~·Oper~~ati~~ng·Sys~~tem</ocil:title>	76	····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_audit_auditd_ocil:questionnaire:1">
		77	······<ocil:title>Verify·Permissions·on·/etc/audit/auditd.conf</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~accounts_auth~~o~~riz~~ed_~~local~~_u~~sers~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_audit_auditd_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-service_chronyd_or_ntpd_enabled_ocil:questionnaire:1">
83	······<ocil:title>Enabl~~e·th~~e~~·NTP·D~~aemon</ocil:title>	82	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_open_o_trunc_write_ocil:questionnaire:1">
		83	······<ocil:title>Record·Unsuccessful·Modification·Attempts·to·Files·-·open·O_TRUNC_WRITE</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-service_chron~~yd_or~~_nt~~pd_enabled~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_open_o_trunc_write_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_pwhistory_remember_system_auth_ocil:questionnaire:1">
89	······<ocil:tit~~le>Limit~~·~~Password·Reuse:·syst~~e~~m-auth</~~ocil:title>	88	····<ocil:questionnaire·id="ocil:ssg-banner_etc_motd_ocil:questionnaire:1">
		89	······<ocil:title>Modify·the·System·Message·of·the·Day·Banner</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~accounts_password_~~pa~~m_pwhistory_reme~~mber_system_auth_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-banner_etc_motd_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-harden_sshd_ciphers_openssh_conf_crypto_policy_ocil:questionnaire:1">
95	······<ocil:t~~itle>C~~onf~~igu~~re·~~SSH·Cl~~ien~~t·to·Us~~e~~·FIPS·140·Vali~~dated·Cip~~hers:·~~ope~~nssh.conf~~i~~g</~~o~~cil:title~~>	94	····<ocil:questionnaire·id="ocil:ssg-kernel_config_module_sig_all_ocil:questionnaire:1">
		95	······<ocil:title>Enable·automatic·signing·of·all·modules</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-harden~~_ss~~hd_c~~iphers_~~open~~ssh~~_con~~f_crypto~~_policy_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-kernel_config_module_sig_all_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_us~~erhelpe~~r_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_su_ocil:questionnaire:1">
101	······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·us~~erhelpe~~r</ocil:title>	101	······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·su</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_us~~erhelpe~~r_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_su_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-~~mount_option~~_ho~~me_n~~odev_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-sshd_x11_use_localhost_ocil:questionnaire:1">
107	······<ocil:title>~~Add~~·nodev·Option·to·/home</ocil:title>	107	······<ocil:title>Prevent·remote·hosts·from·connecting·to·the·proxy·display</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~mount_option~~_ho~~me_n~~odev_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-sshd_x11_use_localhost_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_rmmod_ocil:questionnaire:1">
113	······<ocil:~~title>E~~nsure·~~aud~~itd·Col~~lect~~s·~~Informa~~t~~ion~~·on·t~~he·Use·~~of~~·Privi~~l~~eged·Commands·-·~~rm~~mod</~~ocil:title>	112	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_default_accept_source_route_ocil:questionnaire:1">
		113	······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Source-Routed·Packets·on·IPv6·Interfaces·by·Default</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~audi~~t_~~rules~~_~~privil~~e~~ged~~_c~~ommands~~_r~~mmod~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_default_accept_source_route_action:testaction:1</ocil:test_action_ref>
Max diff block lines reached; 2046547/2059039 bytes (99.39%) of diff not shown.


Offset 3, 1662 lines modified		Offset 3, 1645 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
		10	····<ocil:questionnaire·id="ocil:ssg-accounts_passwords_pam_faillock_unlock_time_ocil:questionnaire:1">
		11	······<ocil:title>Set·Lockout·Time·for·Failed·Password·Attempts</ocil:title>
10	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_ocil:questionnaire:1">
11	······<ocil:title>Disable·Kernel·Parameter·for·Accepting·Source-Routed·Packets·on·all·IPv4·Interfaces</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_accept_source_route_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-sshd_limit_user_access_ocil:questionnaire:1">
17	······<ocil:title>Limit·Users'·SSH·Access</ocil:title>
18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-sshd_limit_user_access_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>
21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_icmp_echo_ignore_broadcasts_ocil:questionnaire:1">
23	······<ocil:title>Enable·Kernel·Parameter·to·Ignore·ICMP·Broadcast·Echo·Requests·on·IPv4·Interfaces</ocil:title>
24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_icmp_echo_ignore_broadcasts_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>
27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-package_telnet-server_removed_ocil:questionnaire:1">
29	······<ocil:title>Uninstall·telnet-server·Package</ocil:title>
30	······<ocil:actions>	12	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-pac~~kage~~_~~telnet-~~s~~erver~~_~~rem~~o~~ved~~_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-accounts_passwords_pam_faillock_unlock_time_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	14	······</ocil:actions>
33	····</ocil:questionnaire>	15	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_~~minlen~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_lcredit_ocil:questionnaire:1">
35	······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Minimum·Length</ocil:title>	17	······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Minimum·Lowercase·Characters</ocil:title>
36	······<ocil:actions>	18	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_~~minlen~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_lcredit_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	20	······</ocil:actions>
39	····</ocil:questionnaire>	21	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_~~uni~~x_remem~~ber~~_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_ocredit_ocil:questionnaire:1">
41	······<ocil:title>~~Limit~~·Password·Reuse</ocil:title>	23	······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Minimum·Special·Characters</ocil:title>
42	······<ocil:actions>	24	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_~~uni~~x_remem~~ber~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_ocredit_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	26	······</ocil:actions>
45	····</ocil:questionnaire>	27	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_rp_filter_ocil:questionnaire:1">
47	······<ocil:~~title>E~~nable·Ke~~rnel·Paramete~~r·~~to·Us~~e·Reverse~~·Path·Fil~~tering·~~on·~~a~~ll·IPv4·I~~nte~~rfa~~ces~~·by·D~~e~~fau~~lt</o~~cil:title~~>	28	····<ocil:questionnaire·id="ocil:ssg-require_emergency_target_auth_ocil:questionnaire:1">
		29	······<ocil:title>Require·Authentication·for·Emergency·Systemd·Target</ocil:title>
48	······<ocil:actions>	30	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~sysctl_~~net_ipv4_c~~onf_d~~e~~faul~~t_r~~p_filter~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-require_emergency_target_auth_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	32	······</ocil:actions>
51	····</ocil:questionnaire>	33	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-accounts_passwor~~ds_pam_faillock_~~d~~eny~~_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-grub2_password_ocil:questionnaire:1">
53	······<ocil:title>L~~ock~~·Accounts·~~After~~·Failed·Password·~~Attempts~~</ocil:title>	35	······<ocil:title>Set·Boot·Loader·Password·in·grub2</ocil:title>
54	······<ocil:actions>	36	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-accounts_passwor~~ds_pam_faillock_~~d~~eny~~_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-grub2_password_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	38	······</ocil:actions>
57	····</ocil:questionnaire>	39	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-disable~~_users~~_~~cor~~e~~dumps~~_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-auditd_data_retention_space_left_ocil:questionnaire:1">
59	······<ocil:title>Disa~~ble~~·~~Cor~~e~~·Dumps~~·for·~~All~~·~~Users~~</ocil:title>	41	······<ocil:title>Configure·auditd·space_left·on·Low·Disk·Space</ocil:title>
60	······<ocil:actions>	42	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-disable~~_users~~_~~cor~~e~~dumps~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-auditd_data_retention_space_left_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	44	······</ocil:actions>
63	····</ocil:questionnaire>	45	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-s~~erv~~ice_p~~sacct~~_enab~~led~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-sshd_disable_pubkey_auth_ocil:questionnaire:1">
65	······<ocil:title>Enable·P~~roc~~e~~ss·Accoun~~tin~~g·(psa~~cct)</ocil:title>	47	······<ocil:title>Disable·PubkeyAuthentication·Authentication</ocil:title>
66	······<ocil:actions>	48	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-s~~erv~~ice_p~~sacct~~_enab~~led~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-sshd_disable_pubkey_auth_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	50	······</ocil:actions>
69	····</ocil:questionnaire>	51	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~no_empty~~_p~~assword~~s_etc_~~sha~~dow_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-sshd_print_last_log_ocil:questionnaire:1">
71	······<ocil:title>En~~sur~~e·Th~~ere~~·Ar~~e·No·Acco~~un~~ts·Wi~~th·Bla~~nk·or·Nu~~ll·~~Pass~~words</ocil:title>	53	······<ocil:title>Enable·SSH·Print·Last·Log</ocil:title>
72	······<ocil:actions>	54	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~no_empty~~_p~~assword~~s_etc_~~sha~~dow_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-sshd_print_last_log_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	56	······</ocil:actions>
75	····</ocil:questionnaire>	57	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-require_singleuser_auth_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-require_singleuser_auth_ocil:questionnaire:1">
77	······<ocil:title>Require·Authentication·for·Single·User·Mode</ocil:title>	59	······<ocil:title>Require·Authentication·for·Single·User·Mode</ocil:title>
78	······<ocil:actions>	60	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-require_singleuser_auth_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-require_singleuser_auth_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	62	······</ocil:actions>
81	····</ocil:questionnaire>	63	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-sshd_dis~~abl~~e_~~pubkey~~_~~aut~~h_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-sshd_use_strong_ciphers_ocil:questionnaire:1">
83	······<ocil:title>Dis~~abl~~e·Pu~~bke~~yAuthen~~ticatio~~n·~~Aut~~he~~nticati~~on</ocil:title>	65	······<ocil:title>Use·Only·Strong·Ciphers</ocil:title>
84	······<ocil:actions>	66	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-sshd_dis~~abl~~e_~~pubkey~~_~~aut~~h_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-sshd_use_strong_ciphers_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	68	······</ocil:actions>
87	····</ocil:questionnaire>	69	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-service_d~~hcp~~d_disabled_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-service_sshd_enabled_ocil:questionnaire:1">
89	······<ocil:title>Disable·~~DHCP~~·Service</ocil:title>	71	······<ocil:title>Enable·the·OpenSSH·Service</ocil:title>
90	······<ocil:actions>	72	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-service_d~~hcp~~d_disabled_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-service_sshd_enabled_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	74	······</ocil:actions>
93	····</ocil:questionnaire>	75	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-~~sshd_s~~et_logleve~~l_ve~~rbose_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-file_owner_etc_group_ocil:questionnaire:1">
95	······<ocil:title>Set~~·SSH~~·Daemon·~~LogLevel~~·~~to·VERBOSE~~</ocil:title>	77	······<ocil:title>Verify·User·Who·Owns·group·File</ocil:title>
96	······<ocil:actions>	78	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~sshd_s~~et_logleve~~l_ve~~rbose_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-file_owner_etc_group_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	80	······</ocil:actions>
99	····</ocil:questionnaire>	81	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_ocredit_ocil:questionnaire:1">
101	······<ocil:~~title>E~~nsure·PA~~M·Enforce~~s~~·Pa~~s~~sword·R~~equir~~ements·-·Minimum·S~~peci~~al·Character~~s</o~~cil:title~~>	82	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_rp_filter_ocil:questionnaire:1">
		83	······<ocil:title>Enable·Kernel·Parameter·to·Use·Reverse·Path·Filtering·on·all·IPv4·Interfaces·by·Default</ocil:title>
102	······<ocil:actions>	84	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-ac~~cou~~nts_p~~assw~~ord_pa~~m_oc~~redit_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_rp_filter_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	86	······</ocil:actions>
105	····</ocil:questionnaire>	87	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_group_ocil:questionnaire:1">
107	······<ocil:ti~~tle>V~~eri~~fy·Permi~~ssi~~ons·~~on~~·grou~~p·File</ocil:title>	88	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_rp_filter_ocil:questionnaire:1">
		89	······<ocil:title>Enable·Kernel·Parameter·to·Use·Reverse·Path·Filtering·on·all·IPv4·Interfaces</ocil:title>
108	······<ocil:actions>	90	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~file~~_permi~~ssi~~ons_~~etc~~_~~group~~_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_rp_filter_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	92	······</ocil:actions>
111	····</ocil:questionnaire>	93	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-set_password_hashing_algorithm_passwordauth_ocil:questionnaire:1">
113	······<ocil:title>Set~~·PAM''s·Passw~~or~~d·Ha~~sh~~ing·Algo~~r~~ithm·-·password-a~~u~~th</~~o~~cil:title~~>	94	····<ocil:questionnaire·id="ocil:ssg-banner_etc_issue_ocil:questionnaire:1">
		95	······<ocil:title>Modify·the·System·Login·Banner</ocil:title>
114	······<ocil:actions>	96	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~set_~~pas~~swo~~r~~d_hashing~~_~~algor~~ithm_pass~~worda~~uth_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-banner_etc_issue_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	98	······</ocil:actions>
117	····</ocil:questionnaire>	99	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_send_redirects_ocil:questionnaire:1">
119	······<ocil:title~~>Di~~s~~able·Ker~~n~~el·~~Parame~~ter·f~~o~~r·Sending·ICMP·Red~~irects·on·~~all·IPv4·Interf~~aces·~~by·Defa~~u~~lt</~~o~~cil:title~~>	100	····<ocil:questionnaire·id="ocil:ssg-postfix_client_configure_mail_alias_ocil:questionnaire:1">
		101	······<ocil:title>Configure·System·to·Forward·All·Mail·For·The·Root·Account</ocil:title>
120	······<ocil:actions>	102	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-sysct~~l_net_~~i~~pv4~~_conf~~_de~~fault_~~send~~_redi~~rec~~ts_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-postfix_client_configure_mail_alias_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	104	······</ocil:actions>
Max diff block lines reached; 221487/232911 bytes (95.10%) of diff not shown.


Offset 3, 56 lines modified		Offset 3, 56 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-service_com_apple_auditd_enabled_ocil:questionnaire:1">
11	······<ocil:title>Enable·audit·Service</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-service_com_apple_auditd_enabled_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-audit_failure_halt_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-audit_failure_halt_ocil:questionnaire:1">
17	······<ocil:title>Shutdown·System·When·Auditing·Failures·Occur</ocil:title>	11	······<ocil:title>Shutdown·System·When·Auditing·Failures·Occur</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-audit_failure_halt_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-audit_failure_halt_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
		16	····<ocil:questionnaire·id="ocil:ssg-service_com_apple_auditd_enabled_ocil:questionnaire:1">
		17	······<ocil:title>Enable·audit·Service</ocil:title>
		18	······<ocil:actions>
		19	········<ocil:test_action_ref>ocil:ssg-service_com_apple_auditd_enabled_action:testaction:1</ocil:test_action_ref>
		20	······</ocil:actions>
		21	····</ocil:questionnaire>
22	··</ocil:questionnaires>	22	··</ocil:questionnaires>
23	··<ocil:test_actions>	23	··<ocil:test_actions>
24	····<ocil:boolean_question_test_action·id="ocil:ssg-s~~erv~~ice_~~com~~_appl~~e_a~~uditd_enabled_action:testaction:1"·question_ref="ocil:ssg-s~~erv~~ice_~~com~~_appl~~e_a~~uditd_enabled_question:question:1">	24	····<ocil:boolean_question_test_action·id="ocil:ssg-audit_failure_halt_action:testaction:1"·question_ref="ocil:ssg-audit_failure_halt_question:question:1">
25	······<ocil:when_true>	25	······<ocil:when_true>
26	········<ocil:result>PASS</ocil:result>	26	········<ocil:result>PASS</ocil:result>
27	······</ocil:when_true>	27	······</ocil:when_true>
28	······<ocil:when_false>	28	······<ocil:when_false>
29	········<ocil:result>FAIL</ocil:result>	29	········<ocil:result>FAIL</ocil:result>
30	······</ocil:when_false>	30	······</ocil:when_false>
31	····</ocil:boolean_question_test_action>	31	····</ocil:boolean_question_test_action>
32	····<ocil:boolean_question_test_action·id="ocil:ssg-~~aud~~it_failure_halt_action:testaction:1"·question_ref="ocil:ssg-~~aud~~it_failure_halt_question:question:1">	32	····<ocil:boolean_question_test_action·id="ocil:ssg-service_com_apple_auditd_enabled_action:testaction:1"·question_ref="ocil:ssg-service_com_apple_auditd_enabled_question:question:1">
33	······<ocil:when_true>	33	······<ocil:when_true>
34	········<ocil:result>PASS</ocil:result>	34	········<ocil:result>PASS</ocil:result>
35	······</ocil:when_true>	35	······</ocil:when_true>
36	······<ocil:when_false>	36	······<ocil:when_false>
37	········<ocil:result>FAIL</ocil:result>	37	········<ocil:result>FAIL</ocil:result>
38	······</ocil:when_false>	38	······</ocil:when_false>
39	····</ocil:boolean_question_test_action>	39	····</ocil:boolean_question_test_action>
40	··</ocil:test_actions>	40	··</ocil:test_actions>
41	··<ocil:questions>	41	··<ocil:questions>
		42	····<ocil:boolean_question·id="ocil:ssg-audit_failure_halt_question:question:1">
		43	······<ocil:question_text>To·verify·that·auditing·is·enabled·and·running,·run·the
		44	following·command:
		45	$·sudo·grep·-E·"^policy.*ahlt"·/etc/security/audit_control
		46	The·output·should·contain·ahlt
		47	······Is·it·the·case·that·auditing·is·not·configured·to·shut·down·on·audit·failure?</ocil:question_text>
		48	····</ocil:boolean_question>
42	····<ocil:boolean_question·id="ocil:ssg-service_com_apple_auditd_enabled_question:question:1">	49	····<ocil:boolean_question·id="ocil:ssg-service_com_apple_auditd_enabled_question:question:1">
43	······<ocil:question_text>To·verify·that·auditing·is·enabled·and·running,·run·the	50	······<ocil:question_text>To·verify·that·auditing·is·enabled·and·running,·run·the
44	following·command:	51	following·command:
45	$·sudo·launchctl·list·com.apple.auditd	52	$·sudo·launchctl·list·com.apple.auditd
46	The·output·should·return·process·information·for	53	The·output·should·return·process·information·for
47	com.apple.auditd	54	com.apple.auditd
48	······Is·it·the·case·that·auditing·is·not·enabled·or·running?</ocil:question_text>	55	······Is·it·the·case·that·auditing·is·not·enabled·or·running?</ocil:question_text>
49	····</ocil:boolean_question>	56	····</ocil:boolean_question>
50	····<ocil:boolean_question·id="ocil:ssg-audit_failure_halt_question:question:1">
51	······<ocil:question_text>To·verify·that·auditing·is·enabled·and·running,·run·the
52	following·command:
53	$·sudo·grep·-E·"^policy.*ahlt"·/etc/security/audit_control
54	The·output·should·contain·ahlt
55	······Is·it·the·case·that·auditing·is·not·configured·to·shut·down·on·audit·failure?</ocil:question_text>
56	····</ocil:boolean_question>
57	··</ocil:questions>	57	··</ocil:questions>
58	</ocil:ocil>	58	</ocil:ocil>


Offset 3, 5548 lines modified		Offset 3, 5373 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-~~fil~~e_pe~~rmissions~~_ovs_pid_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-kube_descheduler_operator_exists_ocil:questionnaire:1">
11	······<ocil:title>~~Verify~~·P~~ermissions·on~~·the~~·Op~~e~~n·vSwitch·Pr~~o~~ces~~s·~~ID·Fil~~e</ocil:title>	11	······<ocil:title>Ensure·that·the·Kube·Descheduler·operator·is·deployed</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-~~fil~~e_pe~~rmissions~~_ovs_pid_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-kube_descheduler_operator_exists_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-file_~~owner~~ship_var_log_oauth_audit_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-file_permissions_var_log_ocp_audit_ocil:questionnaire:1">
17	······<ocil:title>O~~Aut~~h·Audit·Logs·Must·~~Be·Owne~~d·By·~~Root~~</ocil:title>	17	······<ocil:title>OpenShift·Audit·Logs·Must·Have·Mode·0600</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-file_~~owner~~ship_var_log_oauth_audit_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-file_permissions_var_log_ocp_audit_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-mas~~ter_taint~~_no~~sched~~ule_ocil:questionnaire:1">	22	····<ocil:questionnaire·id="ocil:ssg-api_server_token_auth_ocil:questionnaire:1">
23	······<ocil:title>Veri~~fy·t~~ha~~t·Control·~~Plane·No~~des·a~~re·n~~ot·~~sched~~ulabl~~e~~·for·workl~~oads</ocil:title>	23	······<ocil:title>Disable·Token-based·Authentication</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-mas~~ter_taint~~_no~~sched~~ule_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-api_server_token_auth_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-kubelet_eviction_thresholds_set_soft_imagefs_available_ocil:questionnaire:1">
29	······<ocil:~~title>En~~sure~~·Evi~~ction~~·th~~reshold·~~Sett~~ings~~·Are·S~~et~~·-·ev~~ictionSo~~ft:·imagefs.ava~~il~~abl~~e</o~~cil:title~~>	28	····<ocil:questionnaire·id="ocil:ssg-file_permissions_worker_service_ocil:questionnaire:1">
		29	······<ocil:title>Verify·Permissions·on·the·OpenShift·Node·Service·File</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-kubelet_eviction~~_thre~~sho~~lds_s~~et_s~~oft_imag~~e~~fs_~~avai~~lab~~le_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-file_permissions_worker_service_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-file_~~group~~owner_~~pod~~_logs_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-file_owner_multus_conf_ocil:questionnaire:1">
35	······<ocil:title>~~Kub~~er~~nete~~s·~~Pod~~·~~Logs~~·Must·Be·Group·~~Own~~ed·By·~~Root~~</ocil:title>	35	······<ocil:title>Verify·User·Who·Owns·The·OpenShift·Multus·Container·Network·Interface·Plugin·Files</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-file_~~group~~owner_~~pod~~_logs_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-file_owner_multus_conf_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-~~fil~~e_~~grou~~powner~~_ovs_sys~~_i~~d_c~~onf_s3~~90x~~_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-etcd_peer_auto_tls_ocil:questionnaire:1">
41	······<ocil:title>Veri~~fy·Group·Who~~·~~Owns~~·The~~·Op~~e~~n·v~~S~~witch~~·Per~~sis~~ten~~t·Sys~~te~~m·I~~D</ocil:title>	41	······<ocil:title>Disable·etcd·Peer·Self-Signed·Certificates</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~fil~~e_~~grou~~powner~~_ovs_sys~~_i~~d_c~~onf_s3~~90x~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-etcd_peer_auto_tls_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-kubelet_eviction_thresholds_set_hard_memory_available_ocil:questionnaire:1">
47	······<ocil:~~title>En~~sure~~·Evi~~ction~~·th~~reshold·~~Sett~~ings~~·Are·S~~e~~t·-·~~e~~vic~~t~~ionHar~~d~~:·memo~~ry.~~ava~~il~~abl~~e</o~~cil:title~~>	46	····<ocil:questionnaire·id="ocil:ssg-file_owner_etcd_data_dir_ocil:questionnaire:1">
		47	······<ocil:title>Verify·User·Who·Owns·The·Etcd·Database·Directory</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-kubelet_~~evicti~~o~~n_t~~hre~~shold~~s_set~~_ha~~rd_~~memory~~_avail~~able~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-file_owner_etcd_data_dir_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-~~gen~~er~~al_backu~~p_solutio~~n_i~~ns~~talled~~_ocil:questionnaire:1">	52	····<ocil:questionnaire·id="ocil:ssg-file_owner_ip_allocations_ocil:questionnaire:1">
53	······<ocil:title>A·~~Backu~~p·Solution·Has·To·Be·Installed</ocil:title>	53	······<ocil:title>Verify·User·Who·Owns·The·OpenShift·SDN·Container·Network·Interface·Plugin·IP·Address·Allocations</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~gen~~er~~al_backu~~p_solutio~~n_i~~ns~~talled~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-file_owner_ip_allocations_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-~~fil~~e~~_groupown~~e~~r_o~~vn_cni~~_se~~rver_s~~ock~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-etcd_check_cipher_suite_ocil:questionnaire:1">
59	······<ocil:title>~~Verify~~·G~~roup~~·Wh~~o·Ow~~ns·~~The·OVNKubernet~~es·~~Sock~~et</ocil:title>	59	······<ocil:title>Ensure·ETCD·has·correct·cipher·suite</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-~~fil~~e~~_groupown~~e~~r_o~~vn_cni~~_se~~rver_s~~ock~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-etcd_check_cipher_suite_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~oauth_o~~r_o~~authclie~~nt~~_tok~~en_maxage_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-file_permissions_kube_controller_manager_ocil:questionnaire:1">
65	······<ocil:title>~~Con~~fi~~gure~~·~~OAu~~th·~~tok~~ens·to~~·expir~~e·after·a~~·set·~~peri~~od·o~~f·inactivity</ocil:title>	65	······<ocil:title>Verify·Permissions·on·the·Kubernetes·Controller·Manager·Pod·Specification·File</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~oauth_o~~r_o~~authclie~~nt~~_tok~~en_maxage_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-file_permissions_kube_controller_manager_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-~~api_serv~~er_au~~dit~~_log_~~max~~backup_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-file_owner_var_lib_etcd_ocil:questionnaire:1">
71	······<ocil:title>~~Con~~f~~igur~~e·the·~~Kub~~ern~~ete~~s·~~API~~·Server·~~Max~~imum·Ret~~ained·Aud~~i~~t·L~~ogs</ocil:title>	71	······<ocil:title>Verify·User·Who·Owns·The·OpenShift·etcd·Data·Directory</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-~~api_serv~~er_au~~dit~~_log_~~max~~backup_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-file_owner_var_lib_etcd_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-api_server_service_accoun~~t_lookup~~_ocil:questionnaire:1">	76	····<ocil:questionnaire·id="ocil:ssg-master_taint_noschedule_ocil:questionnaire:1">
77	······<ocil:title>~~Ensure~~·that·th~~e·se~~r~~vice-~~a~~ccou~~nt~~-lo~~o~~kup~~·arg~~umen~~t·is·set·to·true</ocil:title>	77	······<ocil:title>Verify·that·Control·Plane·Nodes·are·not·schedulable·for·workloads</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-api_server_service_accoun~~t_lookup~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-master_taint_noschedule_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-file_permissions_o~~vn_d~~b_~~files~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-file_permissions_var_log_kube_audit_ocil:questionnaire:1">
83	······<ocil:title>Ver~~ify·Perm~~i~~ssi~~ons·~~on·~~the·~~OVNKub~~e~~rnet~~e~~s·DB~~·f~~iles~~</ocil:title>	83	······<ocil:title>Kubernetes·Audit·Logs·Must·Have·Mode·0600</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-file_permissions_o~~vn_d~~b_~~files~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-file_permissions_var_log_kube_audit_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-security_profiles_~~operator~~_e~~xis~~ts_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-audit_profile_set_ocil:questionnaire:1">
89	······<ocil:title>~~Mak~~e·~~sure~~·the·Security·Profiles·Oper~~ato~~r·is·ins~~tall~~ed</ocil:title>	89	······<ocil:title>Ensure·that·the·cluster's·audit·profile·is·properly·set</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-security_profiles_~~operator~~_e~~xis~~ts_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-audit_profile_set_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-resource_requests_limits_in_deployment_ocil:questionnaire:1">
95	······<ocil:~~title>E~~nsure·~~that·al~~l~~·deployment~~s~~·has·~~r~~esou~~rce·limi~~ts</~~ocil:title>	94	····<ocil:questionnaire·id="ocil:ssg-ingress_controller_certificate_ocil:questionnaire:1">
		95	······<ocil:title>Ensure·that·the·default·Ingress·certificate·has·been·replaced</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-re~~sou~~rce_~~reques~~ts_lim~~its~~_~~in_deploym~~ent_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-ingress_controller_certificate_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-~~fil~~e~~_groupowner~~_kube~~_schedu~~ler_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-etcd_key_file_ocil:questionnaire:1">
101	······<ocil:title>~~Verify·G~~roup·Wh~~o·Ow~~ns·The·~~Kubern~~etes·~~Schedu~~ler·Pod·Sp~~ecifi~~cation·F~~ile~~</ocil:title>	101	······<ocil:title>Ensure·That·The·etcd·Key·File·Is·Correctly·Set</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~fil~~e~~_groupowner~~_kube~~_schedu~~ler_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-etcd_key_file_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-cluster_version_operator_exists_ocil:questionnaire:1">
107	······<ocil:~~title>E~~nsure·~~that·C~~lus~~ter·Vers~~i~~on·O~~pera~~tor·is·dep~~loye~~d</~~o~~cil:title~~>	106	····<ocil:questionnaire·id="ocil:ssg-scc_limit_ipc_namespace_ocil:questionnaire:1">
		107	······<ocil:title>Limit·Access·to·the·Host·IPC·Namespace</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-~~clu~~ster_v~~ers~~ion_oper~~ator_~~e~~xists~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-scc_limit_ipc_namespace_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-accounts_restrict_service_account_tokens_ocil:questionnaire:1">
113	······<ocil:t~~itle>Restr~~ict·~~Aut~~o~~mounting·~~o~~f·S~~er~~vic~~e~~·Accoun~~t~~·Tok~~ens</ocil:title>	112	····<ocil:questionnaire·id="ocil:ssg-resource_requests_limits_in_daemonset_ocil:questionnaire:1">
		113	······<ocil:title>Ensure·that·all·daemonsets·has·resource·limits</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-~~acc~~ou~~nts~~_res~~tric~~t_servi~~ce_account_t~~o~~kens~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-resource_requests_limits_in_daemonset_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-rbac_wildcard_use_ocil:questionnaire:1">
119	······<ocil:title>Minimize·~~Wild~~c~~ard·U~~sage·in~~·Clu~~s~~ter·~~a~~nd·Local·Roles</~~ocil:title>	118	····<ocil:questionnaire·id="ocil:ssg-scansetting_has_autoapplyremediations_ocil:questionnaire:1">
		119	······<ocil:title>Enable·AutoApplyRemediation·for·at·least·One·ScanSetting</ocil:title>
120	······<ocil:actions>	120	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-rbac_~~wildc~~ard~~_use~~_action:testaction:1</ocil:test_action_ref>	121	········<ocil:test_action_ref>ocil:ssg-scansetting_has_autoapplyremediations_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	122	······</ocil:actions>
123	····</ocil:questionnaire>	123	····</ocil:questionnaire>
Max diff block lines reached; 856241/869455 bytes (98.48%) of diff not shown.


Offset 3, 6328 lines modified		Offset 3, 6328 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-s~~shd_~~us~~e_di~~r~~ect~~ory_~~con~~fig~~urati~~on_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-accounts_root_gid_zero_ocil:questionnaire:1">
11	······<ocil:title>~~Distribute·the·SSH·Ser~~ve~~r·configu~~ration·to~~·mu~~lt~~iple~~·files~~·in~~·a·config·dir~~ectory.~~</ocil:title>	11	······<ocil:title>Verify·Root·Has·A·Primary·GID·0</ocil:title>
12	······<ocil:actions>	12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-s~~shd_~~us~~e_di~~r~~ect~~ory_~~con~~fig~~urati~~on_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-accounts_root_gid_zero_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>	14	······</ocil:actions>
15	····</ocil:questionnaire>	15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-~~package~~_telnet_~~rem~~o~~ved~~_ocil:questionnaire:1">	16	····<ocil:questionnaire·id="ocil:ssg-chronyd_client_only_ocil:questionnaire:1">
17	······<ocil:title>Remove·telnet·~~Cli~~e~~nts~~</ocil:title>	17	······<ocil:title>Disable·chrony·daemon·from·acting·as·server</ocil:title>
18	······<ocil:actions>	18	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~package~~_telnet_~~rem~~o~~ved~~_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-chronyd_client_only_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	20	······</ocil:actions>
21	····</ocil:questionnaire>	21	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-file_ownership_var_log_audit_stig_ocil:questionnaire:1">
23	······<ocil:title~~>System·Audit·Lo~~g~~s·Mus~~t~~·Be·Owned·By·Root</~~ocil:title>	22	····<ocil:questionnaire·id="ocil:ssg-package_gnutls-utils_installed_ocil:questionnaire:1">
		23	······<ocil:title>Ensure·gnutls-utils·is·installed</ocil:title>
24	······<ocil:actions>	24	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-fi~~le_own~~e~~rship_var_log~~_a~~udi~~t~~_stig~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-package_gnutls-utils_installed_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	26	······</ocil:actions>
27	····</ocil:questionnaire>	27	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lsetxattr_ocil:questionnaire:1">
29	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·th~~at·M~~odi~~fy·the·Sy~~s~~tem's·Dis~~c~~ret~~io~~nary·A~~c~~cess·Cont~~r~~ols·-·~~ls~~etxat~~tr</o~~cil:title~~>	28	····<ocil:questionnaire·id="ocil:ssg-kernel_config_strict_module_rwx_ocil:questionnaire:1">
		29	······<ocil:title>Make·the·module·text·and·rodata·read-only</ocil:title>
30	······<ocil:actions>	30	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-~~audi~~t_rules_dac_modification_~~lsetxattr~~_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-kernel_config_strict_module_rwx_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	32	······</ocil:actions>
33	····</ocil:questionnaire>	33	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-file_permissions_ungroupowned_ocil:questionnaire:1">
35	······<ocil:~~title>E~~nsure·~~All·F~~iles~~·Ar~~e~~·Ow~~ned~~·by·a·G~~r~~oup</~~ocil:title>	34	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_rp_filter_ocil:questionnaire:1">
		35	······<ocil:title>Enable·Kernel·Parameter·to·Use·Reverse·Path·Filtering·on·all·IPv4·Interfaces·by·Default</ocil:title>
36	······<ocil:actions>	36	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-~~file~~_permi~~ssi~~ons_ungr~~oupown~~ed_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_default_rp_filter_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	38	······</ocil:actions>
39	····</ocil:questionnaire>	39	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-auditd_~~dat~~a_rete~~ntion~~_a~~ction_m~~ail_~~acct~~_ocil:questionnaire:1">	40	····<ocil:questionnaire·id="ocil:ssg-set_firewalld_default_zone_ocil:questionnaire:1">
41	······<ocil:title>~~Configur~~e·auditd·~~mail_~~a~~cct~~·~~Act~~ion·on·~~Low·D~~isk·Space</ocil:title>	41	······<ocil:title>Set·Default·firewalld·Zone·for·Incoming·Packets</ocil:title>
42	······<ocil:actions>	42	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-auditd_~~dat~~a_rete~~ntion~~_a~~ction_m~~ail_~~acct~~_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-set_firewalld_default_zone_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	44	······</ocil:actions>
45	····</ocil:questionnaire>	45	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-aide_use_fips_has~~hes~~_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-file_owner_backup_etc_shadow_ocil:questionnaire:1">
47	······<ocil:title>C~~onf~~igure·~~AIDE~~·to·Use·F~~IPS~~·1~~40-2~~·~~for·Valid~~at~~ing~~·H~~ash~~es</ocil:title>	47	······<ocil:title>Verify·Group·Who·Owns·Backup·shadow·File</ocil:title>
48	······<ocil:actions>	48	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-aide_use_fips_has~~hes~~_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_shadow_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	50	······</ocil:actions>
51	····</ocil:questionnaire>	51	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-mount_option_nodev_removable_partitions_ocil:questionnaire:1">
53	······<ocil:title>Ad~~d·nodev·Option·~~t~~o·R~~e~~movable·Medi~~a~~·Pa~~r~~tit~~i~~ons</~~ocil:title>	52	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_all_rp_filter_ocil:questionnaire:1">
		53	······<ocil:title>Enable·Kernel·Parameter·to·Use·Reverse·Path·Filtering·on·all·IPv4·Interfaces</ocil:title>
54	······<ocil:actions>	54	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~moun~~t_opt~~ion~~_n~~odev~~_~~remov~~able_~~part~~it~~ions~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv4_conf_all_rp_filter_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	56	······</ocil:actions>
57	····</ocil:questionnaire>	57	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-wireless~~_di~~sa~~ble~~_~~interf~~a~~ces~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-file_permissions_backup_etc_gshadow_ocil:questionnaire:1">
59	······<ocil:title>Dea~~ctivat~~e·Wi~~reles~~s·~~Networ~~k·~~Interfaces~~</ocil:title>	59	······<ocil:title>Verify·Permissions·on·Backup·gshadow·File</ocil:title>
60	······<ocil:actions>	60	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-wireless~~_di~~sa~~ble~~_~~interf~~a~~ces~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-file_permissions_backup_etc_gshadow_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	62	······</ocil:actions>
63	····</ocil:questionnaire>	63	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_unix_chkpwd_ocil:questionnaire:1">
65	······<ocil:~~title>E~~nsure·~~aud~~itd·Coll~~ects·Informa~~t~~ion·on·~~th~~e·Us~~e·o~~f·Pr~~iv~~ileg~~e~~d·C~~o~~mma~~n~~ds·-·u~~n~~ix_chkpwd</o~~cil:~~title~~>	64	····<ocil:questionnaire·id="ocil:ssg-sshd_set_max_auth_tries_ocil:questionnaire:1">
		65	······<ocil:title>Set·SSH·authentication·attempt·limit</ocil:title>
66	······<ocil:actions>	66	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-a~~udit~~_~~rule~~s~~_privileg~~ed_~~com~~mands_~~unix~~_c~~hkpwd~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-sshd_set_max_auth_tries_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	68	······</ocil:actions>
69	····</ocil:questionnaire>	69	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-audit_r~~ules_syst~~em_~~shutd~~own_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-networkmanager_dns_mode_ocil:questionnaire:1">
71	······<ocil:title>Shutdo~~wn·Syst~~em·W~~hen~~·Aud~~iting~~·~~Fail~~u~~res·Occ~~ur</ocil:title>	71	······<ocil:title>NetworkManager·DNS·Mode·Must·Be·Must·Configured</ocil:title>
72	······<ocil:actions>	72	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-audit_r~~ules_syst~~em_~~shutd~~own_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-networkmanager_dns_mode_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	74	······</ocil:actions>
75	····</ocil:questionnaire>	75	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-audit_rules_dac_modification_lremovexattr_ocil:questionnaire:1">
77	······<ocil:title>~~Rec~~o~~rd·Ev~~e~~nts~~·th~~at·M~~odi~~fy·the·~~Sys~~tem'~~s·Discre~~tiona~~ry·Access~~·Contro~~l~~s·-·lremov~~exattr</o~~cil:title~~>	76	····<ocil:questionnaire·id="ocil:ssg-service_sssd_enabled_ocil:questionnaire:1">
		77	······<ocil:title>Enable·the·SSSD·Service</ocil:title>
78	······<ocil:actions>	78	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-~~audi~~t_r~~ules~~_~~dac_mo~~di~~fic~~a~~tion~~_l~~remov~~e~~xatt~~r_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-service_sssd_enabled_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	80	······</ocil:actions>
81	····</ocil:questionnaire>	81	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-dconf_gnome_session_idle_user_locks_ocil:questionnaire:1">
83	······<ocil:title~~>En~~s~~ure·Use~~rs·~~Cann~~o~~t·Chan~~ge~~·GNOME3·Sess~~i~~on·Idle·Setting~~s</o~~cil:title~~>	82	····<ocil:questionnaire·id="ocil:ssg-service_kdump_disabled_ocil:questionnaire:1">
		83	······<ocil:title>Disable·KDump·Kernel·Crash·Analyzer·(kdump)</ocil:title>
84	······<ocil:actions>	84	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-~~dconf_gnome_~~session_idle_~~user_~~locks_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-service_kdump_disabled_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	86	······</ocil:actions>
87	····</ocil:questionnaire>	87	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-file_per~~missions~~_~~etc_~~audit_rulesd_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-audit_rules_privileged_commands_chsh_ocil:questionnaire:1">
89	······<ocil:title>Verify·Permissions·on·/e~~tc/audit/~~rules.d~~/*.rule~~s</ocil:title>	89	······<ocil:title>Ensure·auditd·Collects·Information·on·the·Use·of·Privileged·Commands·-·chsh</ocil:title>
90	······<ocil:actions>	90	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-file_per~~missions~~_~~etc_~~audit_rulesd_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-audit_rules_privileged_commands_chsh_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	92	······</ocil:actions>
93	····</ocil:questionnaire>	93	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-file_permissions_unauthorized_suid_ocil:questionnaire:1">
95	······<ocil:~~title>E~~nsure·~~All·SUID·Exe~~cut~~able~~s·Ar~~e·Aut~~horized</ocil:title>	94	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_pwhistory_remember_password_auth_ocil:questionnaire:1">
		95	······<ocil:title>Limit·Password·Reuse:·password-auth</ocil:title>
96	······<ocil:actions>	96	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-~~file~~_permissions_~~unautho~~r~~ize~~d_suid_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_pwhistory_remember_password_auth_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	98	······</ocil:actions>
99	····</ocil:questionnaire>	99	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-sysctl_kernel_yama_ptrace_scope_ocil:questionnaire:1">
101	······<ocil:ti~~tle>R~~e~~stri~~c~~t·u~~sage·of·ptr~~ace·t~~o~~·descendant·pr~~oc~~ess~~es</o~~cil:title~~>	100	····<ocil:questionnaire·id="ocil:ssg-mount_option_boot_noexec_ocil:questionnaire:1">
		101	······<ocil:title>Add·noexec·Option·to·/boot</ocil:title>
102	······<ocil:actions>	102	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-~~sysc~~tl_~~kernel~~_~~yama_p~~t~~rac~~e_sc~~ope~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-mount_option_boot_noexec_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	104	······</ocil:actions>
105	····</ocil:questionnaire>	105	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-file_gr~~oupow~~n~~er_cron_~~d~~aily~~_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-file_permissions_etc_sudoers_ocil:questionnaire:1">
107	······<ocil:title>Verify·Gr~~oup·Who~~·O~~wns·~~cro~~n.da~~ily</ocil:title>	107	······<ocil:title>Verify·Permissions·On·/etc/sudoers·File</ocil:title>
108	······<ocil:actions>	108	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-file_gr~~oupow~~n~~er_cron_~~d~~aily~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-file_permissions_etc_sudoers_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	110	······</ocil:actions>
111	····</ocil:questionnaire>	111	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-sebool_~~kerber~~o~~s_e~~n~~abled~~_ocil:questionnaire:1">	112	····<ocil:questionnaire·id="ocil:ssg-sudoers_explicit_command_args_ocil:questionnaire:1">
113	······<ocil:title>Enabl~~e·the·kerb~~eros_en~~abled~~·~~SEL~~i~~nux·Bo~~olean</ocil:title>	113	······<ocil:title>Explicit·arguments·in·sudo·specifications</ocil:title>
114	······<ocil:actions>	114	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-sebool_~~kerber~~o~~s_e~~n~~abled~~_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-sudoers_explicit_command_args_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	116	······</ocil:actions>
117	····</ocil:questionnaire>	117	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-ensure_gpgcheck_globally_activated_ocil:questionnaire:1">
119	······<ocil:~~title>E~~nsure·~~gpg~~c~~heck·Enabl~~e~~d·In·Main·dnf·Configurat~~i~~on</~~ocil:title>	118	····<ocil:questionnaire·id="ocil:ssg-directory_groupowner_etc_selinux_ocil:questionnaire:1">
		119	······<ocil:title>Verify·Group·Who·Owns·/etc/selinux·Directory</ocil:title>
Max diff block lines reached; 1806750/1819121 bytes (99.32%) of diff not shown.


Offset 3, 10942 lines modified		Offset 3, 10942 lines modified
3	··<ocil:generator>	3	··<ocil:generator>
4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>	4	····<ocil:product_name>build_shorthand.py·from·SCAP·Security·Guide</ocil:product_name>
5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>	5	····<ocil:product_version>ssg:·0.1.76</ocil:product_version>
6	····<ocil:schema_version>2.0</ocil:schema_version>	6	····<ocil:schema_version>2.0</ocil:schema_version>
7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>	7	····<ocil:timestamp>2025-03-01T08:08:00</ocil:timestamp>
8	··</ocil:generator>	8	··</ocil:generator>
9	··<ocil:questionnaires>	9	··<ocil:questionnaires>
10	····<ocil:questionnaire·id="ocil:ssg-~~audit~~_~~rules~~_s~~ucc~~es~~sful~~_file_mo~~dif~~ication_~~fsetxattr~~_ocil:questionnaire:1">	10	····<ocil:questionnaire·id="ocil:ssg-dconf_gnome_screensaver_idle_activation_locked_ocil:questionnaire:1">
		11	······<ocil:title>Ensure·Users·Cannot·Change·GNOME3·Screensaver·Idle·Activation</ocil:title>
11	······<ocil:title>Record·Successful·Permission·Changes·to·Files·-·fsetxattr</ocil:title>
12	······<ocil:actions>
13	········<ocil:test_action_ref>ocil:ssg-audit_rules_successful_file_modification_fsetxattr_action:testaction:1</ocil:test_action_ref>
14	······</ocil:actions>
15	····</ocil:questionnaire>
16	····<ocil:questionnaire·id="ocil:ssg-package_policycoreutils_installed_ocil:questionnaire:1">
17	······<ocil:title>Install·policycoreutils·Package</ocil:title>
18	······<ocil:actions>	12	······<ocil:actions>
19	········<ocil:test_action_ref>ocil:ssg-~~packa~~ge_~~policycor~~eutils_installed_action:testaction:1</ocil:test_action_ref>	13	········<ocil:test_action_ref>ocil:ssg-dconf_gnome_screensaver_idle_activation_locked_action:testaction:1</ocil:test_action_ref>
20	······</ocil:actions>	14	······</ocil:actions>
21	····</ocil:questionnaire>	15	····</ocil:questionnaire>
22	····<ocil:questionnaire·id="ocil:ssg-kernel_config_unmap_kernel_at_el0_ocil:questionnaire:1">
23	······<ocil:~~title>U~~nma~~p·k~~ernel·~~when·runnin~~g~~·in·~~u~~sers~~pa~~ce·(ak~~a~~·KAISER)</~~ocil:title>	16	····<ocil:questionnaire·id="ocil:ssg-accounts_password_pam_minclass_ocil:questionnaire:1">
		17	······<ocil:title>Ensure·PAM·Enforces·Password·Requirements·-·Minimum·Different·Categories</ocil:title>
24	······<ocil:actions>	18	······<ocil:actions>
25	········<ocil:test_action_ref>ocil:ssg-~~ker~~nel_~~config_unm~~ap_kernel_a~~t_e~~l0_action:testaction:1</ocil:test_action_ref>	19	········<ocil:test_action_ref>ocil:ssg-accounts_password_pam_minclass_action:testaction:1</ocil:test_action_ref>
26	······</ocil:actions>	20	······</ocil:actions>
27	····</ocil:questionnaire>	21	····</ocil:questionnaire>
28	····<ocil:questionnaire·id="ocil:ssg-rpm_verify_ownership_ocil:questionnaire:1">
29	······<ocil:title~~>Ver~~i~~fy·~~and~~·Co~~rre~~ct·Own~~ershi~~p·w~~it~~h·RPM</~~ocil:title>	22	····<ocil:questionnaire·id="ocil:ssg-audit_rules_successful_file_modification_lsetxattr_ocil:questionnaire:1">
		23	······<ocil:title>Record·Successful·Permission·Changes·to·Files·-·lsetxattr</ocil:title>
30	······<ocil:actions>	24	······<ocil:actions>
31	········<ocil:test_action_ref>ocil:ssg-rpm_verify_owne~~rship~~_action:testaction:1</ocil:test_action_ref>	25	········<ocil:test_action_ref>ocil:ssg-audit_rules_successful_file_modification_lsetxattr_action:testaction:1</ocil:test_action_ref>
32	······</ocil:actions>	26	······</ocil:actions>
33	····</ocil:questionnaire>	27	····</ocil:questionnaire>
34	····<ocil:questionnaire·id="ocil:ssg-ensure_logrot~~ate~~_act~~ivat~~ed_ocil:questionnaire:1">	28	····<ocil:questionnaire·id="ocil:ssg-mount_option_boot_nodev_ocil:questionnaire:1">
35	······<ocil:title>~~Ensure~~·Log~~rotate·Ru~~ns·~~Per~~iod~~ically~~</ocil:title>	29	······<ocil:title>Add·nodev·Option·to·/boot</ocil:title>
36	······<ocil:actions>	30	······<ocil:actions>
37	········<ocil:test_action_ref>ocil:ssg-ensure_logrot~~ate~~_act~~ivat~~ed_action:testaction:1</ocil:test_action_ref>	31	········<ocil:test_action_ref>ocil:ssg-mount_option_boot_nodev_action:testaction:1</ocil:test_action_ref>
38	······</ocil:actions>	32	······</ocil:actions>
39	····</ocil:questionnaire>	33	····</ocil:questionnaire>
40	····<ocil:questionnaire·id="ocil:ssg-~~sshd~~_~~enab~~le_war~~nin~~g_~~ban~~ner_ocil:questionnaire:1">	34	····<ocil:questionnaire·id="ocil:ssg-grub2_vsyscall_argument_ocil:questionnaire:1">
41	······<ocil:title>Enable~~·SSH~~·~~Warning·B~~an~~ner~~</ocil:title>	35	······<ocil:title>Disable·vsyscalls</ocil:title>
42	······<ocil:actions>	36	······<ocil:actions>
43	········<ocil:test_action_ref>ocil:ssg-~~sshd~~_~~enab~~le_war~~nin~~g_~~ban~~ner_action:testaction:1</ocil:test_action_ref>	37	········<ocil:test_action_ref>ocil:ssg-grub2_vsyscall_argument_action:testaction:1</ocil:test_action_ref>
44	······</ocil:actions>	38	······</ocil:actions>
45	····</ocil:questionnaire>	39	····</ocil:questionnaire>
46	····<ocil:questionnaire·id="ocil:ssg-dir_ownership_binary_dirs_ocil:questionnaire:1">
47	······<ocil:~~title>Ver~~ify·~~that·System·Execu~~t~~abl~~e~~·Ha~~v~~e·R~~o~~ot·Owne~~rshi~~p</~~ocil:title>	40	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv6_conf_all_forwarding_ocil:questionnaire:1">
		41	······<ocil:title>Disable·Kernel·Parameter·for·IPv6·Forwarding</ocil:title>
48	······<ocil:actions>	42	······<ocil:actions>
49	········<ocil:test_action_ref>ocil:ssg-~~dir_ow~~nership_binary_dirs_action:testaction:1</ocil:test_action_ref>	43	········<ocil:test_action_ref>ocil:ssg-sysctl_net_ipv6_conf_all_forwarding_action:testaction:1</ocil:test_action_ref>
50	······</ocil:actions>	44	······</ocil:actions>
51	····</ocil:questionnaire>	45	····</ocil:questionnaire>
52	····<ocil:questionnaire·id="ocil:ssg-~~kerne~~l_c~~onfig_acpi~~_custo~~m_m~~e~~tho~~d_ocil:questionnaire:1">	46	····<ocil:questionnaire·id="ocil:ssg-package_uuidd_installed_ocil:questionnaire:1">
53	······<ocil:title>~~Do·not~~·a~~llow·ACPI·m~~e~~thods~~·~~to·be~~·insert~~ed/re~~placed~~·at·run·time~~</ocil:title>	47	······<ocil:title>Package·uuidd·Installed</ocil:title>
54	······<ocil:actions>	48	······<ocil:actions>
55	········<ocil:test_action_ref>ocil:ssg-~~kerne~~l_c~~onfig_acpi~~_custo~~m_m~~e~~tho~~d_action:testaction:1</ocil:test_action_ref>	49	········<ocil:test_action_ref>ocil:ssg-package_uuidd_installed_action:testaction:1</ocil:test_action_ref>
56	······</ocil:actions>	50	······</ocil:actions>
57	····</ocil:questionnaire>	51	····</ocil:questionnaire>
58	····<ocil:questionnaire·id="ocil:ssg-file_ownership_var_log_audit_ocil:questionnaire:1">
59	······<ocil:title~~>System·A~~udit~~·Log~~s·Mus~~t·Be·Own~~ed~~·By·R~~oo~~t</~~ocil:title>	52	····<ocil:questionnaire·id="ocil:ssg-audit_rules_successful_file_modification_open_ocil:questionnaire:1">
		53	······<ocil:title>Record·Successful·Access·Attempts·to·Files·-·open</ocil:title>
60	······<ocil:actions>	54	······<ocil:actions>
61	········<ocil:test_action_ref>ocil:ssg-file_~~own~~ers~~hip~~_~~var~~_log_a~~udit~~_action:testaction:1</ocil:test_action_ref>	55	········<ocil:test_action_ref>ocil:ssg-audit_rules_successful_file_modification_open_action:testaction:1</ocil:test_action_ref>
62	······</ocil:actions>	56	······</ocil:actions>
63	····</ocil:questionnaire>	57	····</ocil:questionnaire>
64	····<ocil:questionnaire·id="ocil:ssg-~~audit~~_rules_~~fil~~e~~_de~~le~~tion~~_ev~~ent~~s_rm~~dir~~_ocil:questionnaire:1">	58	····<ocil:questionnaire·id="ocil:ssg-grub2_enable_fips_mode_ocil:questionnaire:1">
65	······<ocil:title>En~~sure·~~a~~uditd·Co~~lle~~cts~~·F~~ile~~·~~Del~~e~~tion~~·Events·by·U~~ser·-·rmd~~ir</ocil:title>	59	······<ocil:title>Enable·FIPS·Mode·in·GRUB2</ocil:title>
66	······<ocil:actions>	60	······<ocil:actions>
67	········<ocil:test_action_ref>ocil:ssg-~~audit~~_rules_~~fil~~e~~_de~~le~~tion~~_ev~~ent~~s_rm~~dir~~_action:testaction:1</ocil:test_action_ref>	61	········<ocil:test_action_ref>ocil:ssg-grub2_enable_fips_mode_action:testaction:1</ocil:test_action_ref>
68	······</ocil:actions>	62	······</ocil:actions>
69	····</ocil:questionnaire>	63	····</ocil:questionnaire>
70	····<ocil:questionnaire·id="ocil:ssg-file_groupowner~~ship~~_sshd_p~~ub_key~~_ocil:questionnaire:1">	64	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_sshd_config_ocil:questionnaire:1">
71	······<ocil:title>Verify·Group·~~Owner~~sh~~ip·o~~n·SSH·Server·~~Publi~~c~~·*.pub·Key~~·Files</ocil:title>	65	······<ocil:title>Verify·Group·Who·Owns·SSH·Server·config·file</ocil:title>
72	······<ocil:actions>	66	······<ocil:actions>
73	········<ocil:test_action_ref>ocil:ssg-file_groupowner~~ship~~_sshd_p~~ub_key~~_action:testaction:1</ocil:test_action_ref>	67	········<ocil:test_action_ref>ocil:ssg-file_groupowner_sshd_config_action:testaction:1</ocil:test_action_ref>
74	······</ocil:actions>	68	······</ocil:actions>
75	····</ocil:questionnaire>	69	····</ocil:questionnaire>
76	····<ocil:questionnaire·id="ocil:ssg-mou~~nt_opt~~ion_~~nos~~uid_~~rem~~ote_~~files~~yst~~ems~~_ocil:questionnaire:1">	70	····<ocil:questionnaire·id="ocil:ssg-sudo_add_ignore_dot_ocil:questionnaire:1">
77	······<ocil:title>Mount·~~Rem~~o~~te·Fil~~es~~yste~~ms·with·nosuid</ocil:title>	71	······<ocil:title>Ensure·sudo·Ignores·Commands·In·Current·Dir·-·sudo·ignore_dot</ocil:title>
78	······<ocil:actions>	72	······<ocil:actions>
79	········<ocil:test_action_ref>ocil:ssg-mou~~nt_opt~~ion_~~nos~~uid_~~rem~~ote_~~files~~yst~~ems~~_action:testaction:1</ocil:test_action_ref>	73	········<ocil:test_action_ref>ocil:ssg-sudo_add_ignore_dot_action:testaction:1</ocil:test_action_ref>
80	······</ocil:actions>	74	······</ocil:actions>
81	····</ocil:questionnaire>	75	····</ocil:questionnaire>
82	····<ocil:questionnaire·id="ocil:ssg-aide_verify_ext_attributes_ocil:questionnaire:1">
83	······<ocil:t~~itle>C~~onf~~igu~~re·~~AIDE·to·Verify·Ex~~tende~~d·Attrib~~ute~~s</~~ocil:title>	76	····<ocil:questionnaire·id="ocil:ssg-audit_rules_kernel_module_loading_ocil:questionnaire:1">
		77	······<ocil:title>Ensure·auditd·Collects·Information·on·Kernel·Module·Loading·and·Unloading</ocil:title>
84	······<ocil:actions>	78	······<ocil:actions>
85	········<ocil:test_action_ref>ocil:ssg-aide_ver~~ify~~_~~ext_attributes~~_action:testaction:1</ocil:test_action_ref>	79	········<ocil:test_action_ref>ocil:ssg-audit_rules_kernel_module_loading_action:testaction:1</ocil:test_action_ref>
86	······</ocil:actions>	80	······</ocil:actions>
87	····</ocil:questionnaire>	81	····</ocil:questionnaire>
88	····<ocil:questionnaire·id="ocil:ssg-~~snmpd_n~~o~~t_d~~e~~fault~~_~~password~~_ocil:questionnaire:1">	82	····<ocil:questionnaire·id="ocil:ssg-file_groupowner_efi_user_cfg_ocil:questionnaire:1">
89	······<ocil:title>~~Ensure~~·Def~~ault·SNMP·Passwo~~r~~d·Is~~·Not·Used</ocil:title>	83	······<ocil:title>Verify·/boot/efi/EFI/redhat/user.cfg·Group·Ownership</ocil:title>
90	······<ocil:actions>	84	······<ocil:actions>
91	········<ocil:test_action_ref>ocil:ssg-~~snmpd_n~~o~~t_d~~e~~fault~~_~~password~~_action:testaction:1</ocil:test_action_ref>	85	········<ocil:test_action_ref>ocil:ssg-file_groupowner_efi_user_cfg_action:testaction:1</ocil:test_action_ref>
92	······</ocil:actions>	86	······</ocil:actions>
93	····</ocil:questionnaire>	87	····</ocil:questionnaire>
94	····<ocil:questionnaire·id="ocil:ssg-mount_opt~~ion~~_~~boo~~t~~_no~~auto_ocil:questionnaire:1">	88	····<ocil:questionnaire·id="ocil:ssg-security_patches_up_to_date_ocil:questionnaire:1">
95	······<ocil:title>~~Add~~·no~~auto~~·Opt~~ion~~·~~to·/boot~~</ocil:title>	89	······<ocil:title>Ensure·Software·Patches·Installed</ocil:title>
96	······<ocil:actions>	90	······<ocil:actions>
97	········<ocil:test_action_ref>ocil:ssg-mount_opt~~ion~~_~~boo~~t~~_no~~auto_action:testaction:1</ocil:test_action_ref>	91	········<ocil:test_action_ref>ocil:ssg-security_patches_up_to_date_action:testaction:1</ocil:test_action_ref>
98	······</ocil:actions>	92	······</ocil:actions>
99	····</ocil:questionnaire>	93	····</ocil:questionnaire>
100	····<ocil:questionnaire·id="ocil:ssg-dir_~~own~~e~~rsh~~ip_library_dirs_ocil:questionnaire:1">	94	····<ocil:questionnaire·id="ocil:ssg-ldap_client_start_tls_ocil:questionnaire:1">
101	······<ocil:title>V~~eri~~f~~y·that·Sha~~red·L~~ibrary~~·~~Dir~~ect~~orie~~s~~·Have~~·Root·Own~~ersh~~ip</ocil:title>	95	······<ocil:title>Configure·LDAP·Client·to·Use·TLS·For·All·Transactions</ocil:title>
102	······<ocil:actions>	96	······<ocil:actions>
103	········<ocil:test_action_ref>ocil:ssg-dir_~~own~~e~~rsh~~ip_library_dirs_action:testaction:1</ocil:test_action_ref>	97	········<ocil:test_action_ref>ocil:ssg-ldap_client_start_tls_action:testaction:1</ocil:test_action_ref>
104	······</ocil:actions>	98	······</ocil:actions>
105	····</ocil:questionnaire>	99	····</ocil:questionnaire>
106	····<ocil:questionnaire·id="ocil:ssg-file_owner_~~sshd~~_c~~onfig~~_ocil:questionnaire:1">	100	····<ocil:questionnaire·id="ocil:ssg-file_owner_backup_etc_passwd_ocil:questionnaire:1">
107	······<ocil:title>Verify·Owner·o~~n·SSH~~·~~Server~~·~~config~~·file</ocil:title>	101	······<ocil:title>Verify·User·Who·Owns·Backup·passwd·File</ocil:title>
108	······<ocil:actions>	102	······<ocil:actions>
109	········<ocil:test_action_ref>ocil:ssg-file_owner_~~sshd~~_c~~onfig~~_action:testaction:1</ocil:test_action_ref>	103	········<ocil:test_action_ref>ocil:ssg-file_owner_backup_etc_passwd_action:testaction:1</ocil:test_action_ref>
110	······</ocil:actions>	104	······</ocil:actions>
111	····</ocil:questionnaire>	105	····</ocil:questionnaire>
112	····<ocil:questionnaire·id="ocil:ssg-aide_~~perio~~dic_cron_c~~hecking~~_ocil:questionnaire:1">	106	····<ocil:questionnaire·id="ocil:ssg-dconf_db_up_to_date_ocil:questionnaire:1">
113	······<ocil:title>~~Config~~ure·Periodic·Execution·of·~~AIDE~~</ocil:title>	107	······<ocil:title>Make·sure·that·the·dconf·databases·are·up-to-date·with·regards·to·respective·keyfiles</ocil:title>
114	······<ocil:actions>	108	······<ocil:actions>
115	········<ocil:test_action_ref>ocil:ssg-aide_~~perio~~dic_cron_c~~hecking~~_action:testaction:1</ocil:test_action_ref>	109	········<ocil:test_action_ref>ocil:ssg-dconf_db_up_to_date_action:testaction:1</ocil:test_action_ref>
116	······</ocil:actions>	110	······</ocil:actions>
117	····</ocil:questionnaire>	111	····</ocil:questionnaire>
118	····<ocil:questionnaire·id="ocil:ssg-sysctl_net_ipv4_conf_default_log_martians_ocil:questionnaire:1">
119	······<ocil:~~title>E~~nable·~~Kernel·Paremeter·~~t~~o·Log·Martia~~n·Packets~~·on·a~~l~~l·IPv4·In~~t~~erfa~~c~~es·by·Defa~~u~~lt</~~o~~cil:title~~>	112	····<ocil:questionnaire·id="ocil:ssg-audit_rules_unsuccessful_file_modification_lchown_ocil:questionnaire:1">
		113	······<ocil:title>Record·Unsuccessful·Ownership·Changes·to·Files·-·lchown</ocil:title>
120	······<ocil:actions>	114	······<ocil:actions>
121	········<ocil:test_action_ref>ocil:ssg-~~sysc~~t~~l_n~~et_~~ipv4_~~conf~~_de~~fault_lo~~g_mar~~tians_action:testaction:1</ocil:test_action_ref>	115	········<ocil:test_action_ref>ocil:ssg-audit_rules_unsuccessful_file_modification_lchown_action:testaction:1</ocil:test_action_ref>
122	······</ocil:actions>	116	······</ocil:actions>
Max diff block lines reached; 2184521/2196832 bytes (99.44%) of diff not shown.