/usr/bin/diffoscope --timeout 7200 --html /srv/reproducible-results/rbuild-debian/r-b-build.QqFMbGIy/scap-security-guide_0.1.78-1.diffoscope.html --text /srv/reproducible-results/rbuild-debian/r-b-build.QqFMbGIy/scap-security-guide_0.1.78-1.diffoscope.txt --json /srv/reproducible-results/rbuild-debian/r-b-build.QqFMbGIy/scap-security-guide_0.1.78-1.diffoscope.json --profile=- /srv/reproducible-results/rbuild-debian/r-b-build.QqFMbGIy/b1/scap-security-guide_0.1.78-1_arm64.changes /srv/reproducible-results/rbuild-debian/r-b-build.QqFMbGIy/b2/scap-security-guide_0.1.78-1

⊟

20.4 KB

/srv/reproducible-results/rbuild-debian/r-b-build.QqFMbGIy/b1/scap-security-guide_0.1.78-1_arm64.changes vs.

/srv/reproducible-results/rbuild-debian/r-b-build.QqFMbGIy/b2/scap-security-guide_0.1.78-1_arm64.changes ¶

⊟

557 B

Files ¶


Offset 1, 6 lines modified		Offset 1, 6 lines modified

1	·9ba708400d9478b0e7b2967ff9944aee·153564·admin·optional·ssg-applications_0.1.78-1_all.deb	1	·9ba708400d9478b0e7b2967ff9944aee·153564·admin·optional·ssg-applications_0.1.78-1_all.deb
2	·532111b3db0ce4886d0faa619666125b·32876·admin·optional·ssg-base_0.1.78-1_all.deb	2	·532111b3db0ce4886d0faa619666125b·32876·admin·optional·ssg-base_0.1.78-1_all.deb
3	·a5083fde718989b0ace1e497373c6749·2380448·admin·optional·ssg-debderived_0.1.78-1_all.deb	3	·a5083fde718989b0ace1e497373c6749·2380448·admin·optional·ssg-debderived_0.1.78-1_all.deb
4	·65e6defd051759671bb2320f5dd7b1ec·2586744·admin·optional·ssg-debian_0.1.78-1_all.deb	4	·65e6defd051759671bb2320f5dd7b1ec·2586744·admin·optional·ssg-debian_0.1.78-1_all.deb
5	·~~54e7~~9~~bd81~~b41a249~~b35b79fb2~~7~~eae2c~~e·39973256·admin·optional·ssg-nondebian_0.1.78-1_all.deb	5	·61c2595615beca19a130ecdd870c60fe·39973268·admin·optional·ssg-nondebian_0.1.78-1_all.deb

⊟

19.7 KB

ssg-nondebian_0.1.78-1_all.deb ¶

⊟

367 B

file list ¶


Offset 1, 3 lines modified		Offset 1, 3 lines modified
1	-rw-r--r--···0········0········0········4·2025-09-12·08:13:30.000000·debian-binary	1	-rw-r--r--···0········0········0········4·2025-09-12·08:13:30.000000·debian-binary
2	-rw-r--r--···0········0········0····18848·2025-09-12·08:13:30.000000·control.tar.xz	2	-rw-r--r--···0········0········0····18848·2025-09-12·08:13:30.000000·control.tar.xz
3	-rw-r--r--···0········0········0·39954216·2025-09-12·08:13:30.000000·data.tar.xz	3	-rw-r--r--···0········0········0·39954228·2025-09-12·08:13:30.000000·data.tar.xz

⊟

98.0 B

control.tar.xz ¶

⊟

70.0 B

control.tar ¶

⊟

48.0 B

./md5sums ¶

⊟

30.0 B

./md5sums ¶

Files differ

⊟

19.1 KB

data.tar.xz ¶

⊟

19.1 KB

data.tar ¶

⊟

3.49 KB

./usr/share/doc/ssg-nondebian/table-ol7-nistrefs-stig.html ¶

⊟

1.87 KB

html2text {} ¶

⊟

3.56 KB

./usr/share/doc/ssg-nondebian/table-ol7-nistrefs-stig_gui.html ¶

⊟

1.87 KB

html2text {} ¶

⊟

6.32 KB

./usr/share/doc/ssg-nondebian/table-ol8-nistrefs-ospp.html ¶


Offset 4076, 15 lines modified		Offset 4076, 15 lines modified
4076	<tt>RekeyLimit</tt>.	4076	<tt>RekeyLimit</tt>.
4077	··</td>	4077	··</td>
4078	··<td·xml:lang="en-US">	4078	··<td·xml:lang="en-US">
4079	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling	4079	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4080	time-based·limit,·effects·of·potential·attacks·against	4080	time-based·limit,·effects·of·potential·attacks·against
4081	encryption·keys·are·limited.	4081	encryption·keys·are·limited.
4082	··</td>	4082	··</td>
4083	··<td>var_ssh_client_rekey_limit_time=1~~hou~~r<br/>var_ssh_client_rekey_limit_size=1G</td>	4083	··<td>var_ssh_client_rekey_limit_size=1G<br/>var_ssh_client_rekey_limit_time=1hour</td>
4084	</tr>	4084	</tr>
4085	<tr>	4085	<tr>
4086	··<td></td>	4086	··<td></td>
4087	··<td>N/A</td>	4087	··<td>N/A</td>
4088	··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>	4088	··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>
4089	··<td·xml:lang="en-US">	4089	··<td·xml:lang="en-US">
4090	To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure	4090	To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure
Offset 4139, 15 lines modified		Offset 4139, 15 lines modified
4139	<pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>	4139	<pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>
4140	··</td>	4140	··</td>
4141	··<td·xml:lang="en-US">	4141	··<td·xml:lang="en-US">
4142	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling	4142	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4143	time-based·limit,·effects·of·potential·attacks·against	4143	time-based·limit,·effects·of·potential·attacks·against
4144	encryption·keys·are·limited.	4144	encryption·keys·are·limited.
4145	··</td>	4145	··</td>
4146	··<td>var_rekey_limit_time=1~~hou~~r<br/>var_rekey_limit_size=1G</td>	4146	··<td>var_rekey_limit_size=1G<br/>var_rekey_limit_time=1hour</td>
4147	</tr>	4147	</tr>
4148	<tr>	4148	<tr>
4149	··<td></td>	4149	··<td></td>
4150	··<td>N/A</td>	4150	··<td>N/A</td>
4151	··<td>SSH·server·uses·strong·entropy·to·seed</td>	4151	··<td>SSH·server·uses·strong·entropy·to·seed</td>
4152	··<td·xml:lang="en-US">	4152	··<td·xml:lang="en-US">
4153	To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.	4153	To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.

⊟

4.98 KB

html2text {} ¶

⊟

3.29 KB

./usr/share/doc/ssg-nondebian/table-rhel8-nistrefs-ospp.html ¶


Offset 4146, 15 lines modified		Offset 4146, 15 lines modified
4146	<pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>	4146	<pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>
4147	··</td>	4147	··</td>
4148	··<td·xml:lang="en-US">	4148	··<td·xml:lang="en-US">
4149	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling	4149	By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4150	time-based·limit,·effects·of·potential·attacks·against	4150	time-based·limit,·effects·of·potential·attacks·against
4151	encryption·keys·are·limited.	4151	encryption·keys·are·limited.
4152	··</td>	4152	··</td>
4153	··<td>var_rekey_limit_time=1~~hou~~r<br/>var_rekey_limit_size=1G</td>	4153	··<td>var_rekey_limit_size=1G<br/>var_rekey_limit_time=1hour</td>
4154	</tr>	4154	</tr>
4155	<tr>	4155	<tr>
4156	··<td></td>	4156	··<td></td>
4157	··<td>CCE-82462-3</td>	4157	··<td>CCE-82462-3</td>
4158	··<td>SSH·server·uses·strong·entropy·to·seed</td>	4158	··<td>SSH·server·uses·strong·entropy·to·seed</td>
4159	··<td·xml:lang="en-US">	4159	··<td·xml:lang="en-US">
4160	To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.	4160	To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.

⊟

2.55 KB

html2text {} ¶

⊟

1.33 KB

./usr/share/scap-security-guide/tailoring/ol8_stig_delta_tailoring.xml ¶

⊟

1.19 KB

./usr/share/scap-security-guide/tailoring/ol8_stig_delta_tailoring.xml ¶


Offset 1, 10 lines modified		Offset 1, 10 lines modified
1	<?xml·version="1.0"·encoding="utf-8"?>	1	<?xml·version="1.0"·encoding="utf-8"?>
2	<xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">	2	<xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">
3	··<xccdf-1.2:version·time="2025-09-11T20:13:30">1</xccdf-1.2:version>	3	··<xccdf-1.2:version·time="2025-09-12T22:13:30">1</xccdf-1.2:version>
4	··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">	4	··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">
5	····<xccdf-1.2:title·override="true">DISA·STIG·for·Oracle·Linux·8</xccdf-1.2:title>	5	····<xccdf-1.2:title·override="true">DISA·STIG·for·Oracle·Linux·8</xccdf-1.2:title>
6	····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the	6	····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the
7	DISA·STIG·for·Oracle·Linux·8·V2R4.</xccdf-1.2:description>	7	DISA·STIG·for·Oracle·Linux·8·V2R4.</xccdf-1.2:description>
8	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_account_disable_inactivity_password_auth"·selected="false"/>	8	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_account_disable_inactivity_password_auth"·selected="false"/>
9	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_account_disable_inactivity_system_auth"·selected="false"/>	9	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_account_disable_inactivity_system_auth"·selected="false"/>
10	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration"·selected="false"/>	10	····<xccdf-1.2:select·idref="xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration"·selected="false"/>

⊟

1.12 KB

./usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml ¶

⊟

999 B

./usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml ¶


Offset 1, 10 lines modified		Offset 1, 10 lines modified
1	<?xml·version="1.0"·encoding="utf-8"?>	1	<?xml·version="1.0"·encoding="utf-8"?>
2	<xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">	2	<xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">
3	··<xccdf-1.2:version·time="2025-09-11T20:13:30">1</xccdf-1.2:version>	3	··<xccdf-1.2:version·time="2025-09-12T22:13:30">1</xccdf-1.2:version>
4	··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">	4	··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">
5	····<xccdf-1.2:title·override="true">DISA·STIG·for·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>	5	····<xccdf-1.2:title·override="true">DISA·STIG·for·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>
6	····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the	6	····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the
7	DISA·STIG·for·Red·Hat·Enterprise·Linux·8·V2R4.	7	DISA·STIG·for·Red·Hat·Enterprise·Linux·8·V2R4.

8	In·addition·to·being·applicable·to·Red·Hat·Enterprise·Linux·8,·this	8	In·addition·to·being·applicable·to·Red·Hat·Enterprise·Linux·8,·this
9	configuration·baseline·is·applicable·to·the·operating·system·tier·of	9	configuration·baseline·is·applicable·to·the·operating·system·tier·of


Offset 8559, 18 lines modified		Offset 8559, 18 lines modified
000216e0:·6b0a·616e·6420·7573·6520·7468·6520·696e··k.and·use·the·in		000216e0:·6b0a·616e·6420·7573·6520·7468·6520·696e··k.and·use·the·in
000216f0:·666f·726d·6174·696f·6e20·746f·2070·6f74··formation·to·pot		000216f0:·666f·726d·6174·696f·6e20·746f·2070·6f74··formation·to·pot
00021700:·656e·7469·616c·6c79·2063·6f6d·7072·6f6d··entially·comprom		00021700:·656e·7469·616c·6c79·2063·6f6d·7072·6f6d··entially·comprom
00021710:·6973·6520·7468·6520·696e·7465·6772·6974··ise·the·integrit		00021710:·6973·6520·7468·6520·696e·7465·6772·6974··ise·the·integrit
00021720:·7920·6f66·2074·6865·2073·7973·7465·6d20··y·of·the·system·		00021720:·7920·6f66·2074·6865·2073·7973·7465·6d20··y·of·the·system·
00021730:·616e·640a·6e65·7477·6f72·6b28·7329·2e0a··and.network(s)..		00021730:·616e·640a·6e65·7477·6f72·6b28·7329·2e0a··and.network(s)..
00021740:·2020·3c2f·7464·3e0a·2020·3c74·643e·7661····</td>.··<td>va		00021740:·2020·3c2f·7464·3e0a·2020·3c74·643e·7661····</td>.··<td>va
00021750:·725f·736e·6d70·645f·726f·5f73·7472·696e··r_snmpd_ro_strin		00021750:·725f·736e·6d70·645f·7277·5f73·7472·696e··r_snmpd_rw_strin
00021760:·673d·6368·616e·6765·6d65·726f·3c62·722f··g=changemero<br/		00021760:·673d·6368·616e·6765·6d65·7277·3c62·722f··g=changemerw<br/
00021770:·3e76·6172·5f73·6e6d·7064·5f72·775f·7374··>var_snmpd_rw_st		00021770:·3e76·6172·5f73·6e6d·7064·5f72·6f5f·7374··>var_snmpd_ro_st
00021780:·7269·6e67·3d63·6861·6e67·656d·6572·773c··ring=changemerw<		00021780:·7269·6e67·3d63·6861·6e67·656d·6572·6f3c··ring=changemero<
00021790:·2f74·643e·0a3c·2f74·723e·0a3c·7472·3e0a··/td>.</tr>.<tr>.		00021790:·2f74·643e·0a3c·2f74·723e·0a3c·7472·3e0a··/td>.</tr>.<tr>.
000217a0:·2020·3c74·643e·5343·2d35·3c2f·7464·3e0a····<td>SC-5</td>.		000217a0:·2020·3c74·643e·5343·2d35·3c2f·7464·3e0a····<td>SC-5</td>.
000217b0:·2020·3c74·643e·4e2f·413c·2f74·643e·0a20····<td>N/A</td>.·		000217b0:·2020·3c74·643e·4e2f·413c·2f74·643e·0a20····<td>N/A</td>.·
000217c0:·203c·7464·3e43·6f6e·6669·6775·7265·204b···<td>Configure·K		000217c0:·203c·7464·3e43·6f6e·6669·6775·7265·204b···<td>Configure·K
000217d0:·6572·6e65·6c20·746f·2052·6174·6520·4c69··ernel·to·Rate·Li		000217d0:·6572·6e65·6c20·746f·2052·6174·6520·4c69··ernel·to·Rate·Li
000217e0:·6d69·7420·5365·6e64·696e·6720·6f66·2044··mit·Sending·of·D		000217e0:·6d69·7420·5365·6e64·696e·6720·6f66·2044··mit·Sending·of·D
000217f0:·7570·6c69·6361·7465·2054·4350·2041·636b··uplicate·TCP·Ack		000217f0:·7570·6c69·6361·7465·2054·4350·2041·636b··uplicate·TCP·Ack


Offset 2893, 16 lines modified		Offset 2893, 16 lines modified
2893	··············································································network·management	2893	··············································································network·management
2894	··············································································protocol·(SNMP)	2894	··············································································protocol·(SNMP)
2895	··············································································community·strings	2895	··············································································community·strings
2896	··············································································must·be·changed·to	2896	··············································································must·be·changed·to
2897	··································Edit·/etc/snmp/snmpd.conf,·remove·or·change·maintain·security.	2897	··································Edit·/etc/snmp/snmpd.conf,·remove·or·change·maintain·security.
2898	··································the·default·community·strings·of·public·and·If·the·service·is	2898	··································the·default·community·strings·of·public·and·If·the·service·is
2899	··································private.·This·profile·configures·new·read-··running·with·the	2899	··································private.·This·profile·configures·new·read-··running·with·the
2900	········N/·Ensure·Default·SNMP····only·community·string·to·changemero·and·····default·············var_snmpd_ro_string=changemero	2900	········N/·Ensure·Default·SNMP····only·community·string·to·changemero·and·····default·············var_snmpd_rw_string=changemerw
2901	IA-5(e)·A··Password·Is·Not·Used···read-write·community·string·to·changemerw.··authenticators,·····var_snmpd_rw_string=changemerw	2901	IA-5(e)·A··Password·Is·Not·Used···read-write·community·string·to·changemerw.··authenticators,·····var_snmpd_ro_string=changemero
2902	··································Once·the·default·community·strings·have·····then·anyone·can	2902	··································Once·the·default·community·strings·have·····then·anyone·can
2903	··································been·changed,·restart·the·SNMP·service:·····gather·data·about	2903	··································been·changed,·restart·the·SNMP·service:·····gather·data·about
2904	··································$·sudo·systemctl·restart·snmpd··············the·system·and·the	2904	··································$·sudo·systemctl·restart·snmpd··············the·system·and·the
2905	··············································································network·and·use·the	2905	··············································································network·and·use·the
2906	··············································································information·to	2906	··············································································information·to
2907	··············································································potentially	2907	··············································································potentially
2908	··············································································compromise·the	2908	··············································································compromise·the


Offset 8560, 19 lines modified		Offset 8560, 19 lines modified
000216f0:·6f72·6b0a·616e·6420·7573·6520·7468·6520··ork.and·use·the·		000216f0:·6f72·6b0a·616e·6420·7573·6520·7468·6520··ork.and·use·the·
00021700:·696e·666f·726d·6174·696f·6e20·746f·2070··information·to·p		00021700:·696e·666f·726d·6174·696f·6e20·746f·2070··information·to·p
00021710:·6f74·656e·7469·616c·6c79·2063·6f6d·7072··otentially·compr		00021710:·6f74·656e·7469·616c·6c79·2063·6f6d·7072··otentially·compr
00021720:·6f6d·6973·6520·7468·6520·696e·7465·6772··omise·the·integr		00021720:·6f6d·6973·6520·7468·6520·696e·7465·6772··omise·the·integr
00021730:·6974·7920·6f66·2074·6865·2073·7973·7465··ity·of·the·syste		00021730:·6974·7920·6f66·2074·6865·2073·7973·7465··ity·of·the·syste
00021740:·6d20·616e·640a·6e65·7477·6f72·6b28·7329··m·and.network(s)		00021740:·6d20·616e·640a·6e65·7477·6f72·6b28·7329··m·and.network(s)
00021750:·2e0a·2020·3c2f·7464·3e0a·2020·3c74·643e··..··</td>.··<td>		00021750:·2e0a·2020·3c2f·7464·3e0a·2020·3c74·643e··..··</td>.··<td>
00021760:·7661·725f·736e·6d70·645f·726f·5f73·7472··var_snmpd_ro_str		00021760:·7661·725f·736e·6d70·645f·7277·5f73·7472··var_snmpd_rw_str
00021770:·696e·673d·6368·616e·6765·6d65·726f·3c62··ing=changemero<b		00021770:·696e·673d·6368·616e·6765·6d65·7277·3c62··ing=changemerw<b
00021780:·722f·3e76·6172·5f73·6e6d·7064·5f72·775f··r/>var_snmpd_rw_		00021780:·722f·3e76·6172·5f73·6e6d·7064·5f72·6f5f··r/>var_snmpd_ro_
00021790:·7374·7269·6e67·3d63·6861·6e67·656d·6572··string=changemer		00021790:·7374·7269·6e67·3d63·6861·6e67·656d·6572··string=changemer
000217a0:·773c·2f74·643e·0a3c·2f74·723e·0a3c·7472··w</td>.</tr>.<tr		000217a0:·6f3c·2f74·643e·0a3c·2f74·723e·0a3c·7472··o</td>.</tr>.<tr
000217b0:·3e0a·2020·3c74·643e·5343·2d35·3c2f·7464··>.··<td>SC-5</td		000217b0:·3e0a·2020·3c74·643e·5343·2d35·3c2f·7464··>.··<td>SC-5</td
000217c0:·3e0a·2020·3c74·643e·4e2f·413c·2f74·643e··>.··<td>N/A</td>		000217c0:·3e0a·2020·3c74·643e·4e2f·413c·2f74·643e··>.··<td>N/A</td>
000217d0:·0a20·203c·7464·3e43·6f6e·6669·6775·7265··.··<td>Configure		000217d0:·0a20·203c·7464·3e43·6f6e·6669·6775·7265··.··<td>Configure
000217e0:·204b·6572·6e65·6c20·746f·2052·6174·6520···Kernel·to·Rate·		000217e0:·204b·6572·6e65·6c20·746f·2052·6174·6520···Kernel·to·Rate·
000217f0:·4c69·6d69·7420·5365·6e64·696e·6720·6f66··Limit·Sending·of		000217f0:·4c69·6d69·7420·5365·6e64·696e·6720·6f66··Limit·Sending·of
00021800:·2044·7570·6c69·6361·7465·2054·4350·2041···Duplicate·TCP·A		00021800:·2044·7570·6c69·6361·7465·2054·4350·2041···Duplicate·TCP·A
00021810:·636b·6e6f·776c·6564·676d·656e·7473·3c2f··cknowledgments</		00021810:·636b·6e6f·776c·6564·676d·656e·7473·3c2f··cknowledgments</


Offset 3343, 16 lines modified		Offset 3343, 16 lines modified
3343	··················································································································options,·which·can	3343	··················································································································options,·which·can
3344	··················································································································help·protect	3344	··················································································································help·protect
3345	··················································································································programs·which·use	3345	··················································································································programs·which·use
3346	··················································································································it.	3346	··················································································································it.
3347	·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in····By·decreasing·the	3347	·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in····By·decreasing·the
3348	·························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the····limit·based·on·the	3348	·························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the····limit·based·on·the
3349	········Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····amount·of·data·and	3349	········Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····amount·of·data·and
3350	·····N/·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·var_ssh_client_rekey_limit_time=1~~hou~~r	3350	·····N/·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·var_ssh_client_rekey_limit_size=1G
3351	·····A··renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·limit,·effects·of···var_ssh_client_rekey_limit_size=1G	3351	·····A··renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·limit,·effects·of···var_ssh_client_rekey_limit_time=1hour
3352	········for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order··potential·attacks	3352	········for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order··potential·attacks
3353	·························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf······against·encryption	3353	·························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf······against·encryption
3354	·························containing·definition·of·RekeyLimit.·····················································keys·are·limited.	3354	·························containing·definition·of·RekeyLimit.·····················································keys·are·limited.
3355	··················································································································Some·SSH	3355	··················································································································Some·SSH
3356	··················································································································implementations·use	3356	··················································································································implementations·use
3357	··················································································································the·openssl·library	3357	··················································································································the·openssl·library
3358	··················································································································for·entropy,·which	3358	··················································································································for·entropy,·which
Offset 3403, 16 lines modified		Offset 3403, 16 lines modified
3403	··················································································································generator·used·by	3403	··················································································································generator·used·by
3404	··················································································································SSH·would·be·known	3404	··················································································································SSH·would·be·known
3405	··················································································································to·potential	3405	··················································································································to·potential
3406	··················································································································attackers.	3406	··················································································································attackers.
3407	··················································································································By·decreasing·the	3407	··················································································································By·decreasing·the
3408	·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,·····limit·based·on·the	3408	·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,·····limit·based·on·the
3409	········Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············amount·of·data·and	3409	········Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············amount·of·data·and
3410	·····N/·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·var_rekey_limit_time=1~~hou~~r	3410	·····N/·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·var_rekey_limit_size=1G
3411	·····A··renegotiation····sshd_config:·············································································limit,·effects·of···var_rekey_limit_size=1G	3411	·····A··renegotiation····sshd_config:·············································································limit,·effects·of···var_rekey_limit_time=1hour
3412	·························RekeyLimit·1G·1hour······································································potential·attacks	3412	·························RekeyLimit·1G·1hour······································································potential·attacks
3413	··················································································································against·encryption	3413	··················································································································against·encryption
3414	··················································································································keys·are·limited.	3414	··················································································································keys·are·limited.
3415	··················································································································SSH·implementation	3415	··················································································································SSH·implementation
3416	··················································································································in·Oracle·Linux·8	3416	··················································································································in·Oracle·Linux·8
3417	··················································································································uses·the·openssl	3417	··················································································································uses·the·openssl
3418	··················································································································library,·which	3418	··················································································································library,·which


Offset 3418, 16 lines modified		Offset 3418, 16 lines modified
3418	······················································································································generator·used·by	3418	······················································································································generator·used·by
3419	······················································································································SSH·would·be·known	3419	······················································································································SSH·would·be·known
3420	······················································································································to·potential	3420	······················································································································to·potential
3421	······················································································································attackers.	3421	······················································································································attackers.
3422	······················································································································By·decreasing·the	3422	······················································································································By·decreasing·the
3423	·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,·····limit·based·on·the	3423	·····························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,·····limit·based·on·the
3424	·····CCE-···Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············amount·of·data·and	3424	·····CCE-···Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············amount·of·data·and
3425	·····82177-·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·var_rekey_limit_time=1~~hou~~r	3425	·····82177-·session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·var_rekey_limit_size=1G
3426	·····7······renegotiation····sshd_config:·············································································limit,·effects·of···var_rekey_limit_size=1G	3426	·····7······renegotiation····sshd_config:·············································································limit,·effects·of···var_rekey_limit_time=1hour
3427	·····························RekeyLimit·1G·1hour······································································potential·attacks	3427	·····························RekeyLimit·1G·1hour······································································potential·attacks
3428	······················································································································against·encryption	3428	······················································································································against·encryption
3429	······················································································································keys·are·limited.	3429	······················································································································keys·are·limited.
3430	······················································································································SSH·implementation	3430	······················································································································SSH·implementation
3431	······················································································································in·Red·Hat	3431	······················································································································in·Red·Hat
3432	······················································································································Enterprise·Linux·8	3432	······················································································································Enterprise·Linux·8
3433	······················································································································uses·the·openssl	3433	······················································································································uses·the·openssl